IP Intelligence Briefing: 198.244.240.143
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (cloud infrastructure)
- Ownership: Ahrefs Pte Ltd (legitimate hosting provider)
- Geolocation: London, England (GB), consistent with DNS records.
- Threat Indicators: No malicious activity detected (no malware, phishing, or exploit campaigns).
---
**2. Network Context**
- Subnet: 198.244.240.143/24
- Subnet Abuse Density: 54.69% (high abuse classification).
- Neighbor Risk: 140/256 IPs in subnet show elevated risk (median score 50).
- Network Role: Cloud compute instance (OVH infrastructure), no CDN/VPN/proxy indicators.
---
**3. Observation History (30-Day Trend)**
- Geolocation Stability: Consistent (London, GB) with minimal RTT variance (93β104ms).
- DNS Activity: Resolves to `proxy-uk006-san143.ahrefs.net` (Ahrefs domain).
- Routing: Stable BGP prefix (198.244.128.0/17), no recent route changes.
- DNSSEC: Validated, with CAA records present.
---
**4. Relationships & Associations**
- Linked Entities:
- Subnet: 198.244.240.0/24 (OVH network).
- Hostname: `proxy-uk006-san143.ahrefs.net` (Ahrefs domain).
- No Known Malicious Associations: No ties to C2 servers, phishing domains, or botnets.
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor subnet for unusual traffic patterns due to high abuse density.
- Validate DNSSEC and CAA records for domain integrity.
- No immediate mitigation required for this IP, but maintain contextual awareness of the subnet.
- Firewall Rules:
- Allow traffic based on Ahrefsβ infrastructure (OVH network).
- Block anomalous outbound connections from the subnet if suspicious activity emerges.
---
Conclusion: 198.244.240.143 is a legitimate cloud compute instance operated by Ahrefs, with no direct malicious indicators. However, its subnet exhibits elevated abuse risk, warranting closer monitoring for potential lateral movement or compromised hosts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk006-san143.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san143.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:06 UTC |
| Last Seen | 2026-06-27 02:47:40 UTC |
| Profile Built | 2026-06-27 20:55:25 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.