198.244.240.173
IP Intelligence Briefing: 198.244.240.173
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: OVH (ASN 16276)
- Ownership: Ahrefs Pte Ltd (Hosting/Cloud provider)
- Geolocation: London, England, GB (plausibility: false)
- Threat Indicators: No direct malicious activity detected.
---
**2. Network & Hosting Role**
- Classification: CloudCompute (Hosting)
- Subnet: 198.244.240.173/24
- Subnet Abuse Density: 54.3% (High Abuse)
- Neighbor Risk: 100 IPs in subnet (84 medium/low risk, 16 high risk).
---
**3. Observed Threat Signals**
- DNSBL Listings: 1 of 8 DNSBLs (high severity).
- DNS Associations: Linked to `proxy-uk006-san173.ahrefs.net` (Ahrefs hostname).
- Historical Activity:
- Listed in 8 DNSBLs (June 2026).
- No persistent malicious activity detected.
---
**4. Relationships & Dependencies**
- Network Relationships:
- Same network: OVH_282347342 (ASN 16276).
- DNS: `proxy-uk006-san173.ahrefs.net` (Ahrefs).
- Subnet Neighbors: 100 IPs (139 flagged as threats).
---
**5. Recommended Actions**
- Block IP: Implement firewall rules to block 198.244.240.173 (see below).
- Monitor Subnet: Investigate high-risk neighbors (139/256 IPs flagged).
- DNS Monitoring: Watch `proxy-uk006-san173.ahrefs.net` for anomalies.
- Threat Feeds: Cross-reference with DNSBLs (e.g., Spamhaus, SpamRAT).
---
**Firewall Rules**
```bash
iptables: iptables -A INPUT -s 198.244.240.173 -j DROP
nftables: nft add rule inet filter input ip saddr 198.244.240.173 drop
Cloudflare WAF: {"action":"block","filter":{"expression":"ip.src eq 198.244.240.173"}}
AWS WAF: {"Addresses":["198.244.240.173/32"],"Description":"IPDebrief risk 50"}
```
---
Next Steps:
- Validate geolocation plausibility (discrepancy noted).
- Correlate with Ahrefs' infrastructure for context.
- Monitor subnet for emerging threats.
Risk Context: Moderate risk with potential for escalation. Prioritize based on DNSBL listings and subnet abuse density.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san173.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san173.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:59 UTC |
| Last Seen | 2026-06-28 15:48:07 UTC |
| Profile Built | 2026-06-29 09:53:23 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.