198.244.240.162

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 198.244.240.162

Classification: Moderate Risk | Report Date: 2026-06-23

## Executive Summary

IP 198.244.240.162 is a cloud-hosted infrastructure endpoint associated with Ahrefs Pte Ltd Dmytro, operating under OVH (ASN 16276). The IP resolves to proxy-uk006-san162.ahrefs.net and is geolocated to London, England. While the endpoint itself shows moderate risk (40), it resides in a subnet (198.244.240.0/24) with high abuse density (0.793) and 203 of 256 sibling IPs flagged as threats.

## Technical Profile

Attribute	Value
Risk Score	40 (Moderate Risk)
ASN	16276 (OVH)
Organization	Ahrefs Pte Ltd Dmytro
Geolocation	London, England, GB
Infrastructure	CloudCompute (OVH), Hosting
DNS	proxy-uk006-san162.ahrefs.net
Services	Firewalled / No Services
BGP Prefix	198.244.128.0/17

## Neighborhood Analysis

The /24 subnet (198.244.240.0/24) exhibits concerning characteristics:

Abuse Density: 0.793 (high_abuse classification)
Active Siblings: 165 of 256 addresses
Threat Siblings: 203 IPs flagged
Risk Distribution: 100 medium-risk neighbors, 0 high, 0 low

This indicates the subnet is heavily utilized for potentially malicious activity, though the specific IP maintains moderate risk.

## Threat Indicators

Blacklist Status: 0 lists
Tor Exit: False
Known Attacker: False
Spam Source: False
Abuse Confidence: Low/None
Campaign Likelihood: None
Threat Persistence: 0 days (not persistently malicious)

## Observation History

Total Observations: 26 signals
Recent Activity: June 2026 (last observed 2026-06-23T04:16:35Z)
Key Signals:

- DNS resolution to ahrefs.net domain (confidence: 0.80)

- Geolocation inference: GB (confidence: 0.28)

- Routing operator score: Minimal (0.087)

- RTT measurements: 94-101ms (geo-plausible)

## Network Relationships

Network Associations: 54 relationships to OVH infrastructure (OVH_282347342)
Control Plane: Route stability: false, RPKI: inconsistent
DNSSEC: Valid

## Recommended Actions

For SOC Teams:

1. Monitor Closely: The subnet's high abuse density warrants enhanced monitoring even though this IP shows moderate risk.

2. Contextual Assessment: Correlate traffic patterns with known Ahrefs infrastructure baseline.

3. Geographic Validation: Verify traffic origin aligns with London, GB geolocation.

4. Service Verification: Confirm no unauthorized services are running (endpoint is currently firewalled).

5. Subnet Intelligence: Consider broader investigation of 198.244.240.0/24 due to 203 threat-sibling IPs.

Firewall Recommendations:

No specific blocking rules recommended at this time
Monitor for service discovery attempts
Watch for behavioral anomalies given subnet abuse density

## Risk Assessment

This IP represents a cloud-hosted infrastructure endpoint with legitimate Ahrefs association but elevated contextual risk due to neighborhood abuse density. SOC teams should maintain awareness of the subnet's threat profile while treating this specific IP as moderate risk requiring normal monitoring protocols.

---

*Report generated from IPDebrief intelligence platform data. All data current as of 2026-06-23.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk006-san162.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk006-san162.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	12%	2	2
ownership	24%	2	3
reputation	31%	1	3
geolocation	35%	2	3
Overall	24%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:06 UTC
Last Seen	2026-06-27 02:48:21 UTC
Profile Built	2026-06-27 20:55:25 UTC
Data Freshness	Live
Signal Types	21
Total Observations	26

🔍 21 signal types · 26 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.240.162📋 Copy