198.244.240.195
# IP INTELLIGENCE BRIEFING
Target: 198.244.240.195/32
Classification: Moderate Risk / Legitimate Infrastructure with High-Abuse Subnet Context
Date: Current Analysis Period
---
## EXECUTIVE SUMMARY
IP 198.244.240.195 is part of Ahrefs Pte Ltd infrastructure, hosted on OVH cloud compute services in London. The IP exhibits a moderate risk score of 40 with no active threat indicators. However, the /24 subnet demonstrates elevated abuse density (0.7695) with 197 of 256 siblings classified as threats. This represents legitimate SaaS infrastructure operating in a high-abuse neighborhood.
---
## OWNERSHIP & INFRASTRUCTURE
| Field | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Registration Date** | 2001-02-15 (ASN), 9,251 days allocated |
| **RIR** | RIPE NCC |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Geolocation** | London, England, GB |
| **DNS Hostname** | proxy-uk006-san195.ahrefs.net |
Key Finding: IP resolves to Ahrefs proxy infrastructure. No open ports or active services detected; classification indicates "Firewalled / No Services."
---
## THREAT ASSESSMENT
| Metric | Value | Status |
|---|---|---|
| **Risk Score** | 40 | Moderate |
| **Abuse Confidence** | N/A | Not applicable |
| **Blacklist Count** | 0 | Clean |
| **Known Campaigns** | 0 | None |
| **Tor Exit** | No | False |
| **Spam Source** | No | False |
| **Known Attacker** | No | False |
Threat Indicators: None detected. The IP is not flagged as a known attacker, spam source, or Tor exit node.
---
## SUBNET CONTEXT (198.244.240.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7695 (High) |
| **Classification** | high_abuse |
| **Active Siblings** | 163 / 256 |
| **Threat Siblings** | 197 |
| **Inherited Risk** | 30 |
| **Neighborhood Risk Distribution** | 100 medium, 0 high, 0 low |
Assessment: The /24 subnet shows elevated abuse activity. However, the target IP (198.244.240.195) itself shows no malicious indicators, suggesting it is legitimate infrastructure within a high-density hosting environment.
---
## ROUTING & NETWORK STABILITY
- BGP Origin ASN: 16276
- AS Path: 57866 โ 16276
- Route Stability: Stable (0 changes in 30 days)
- MoAS Status: Not MoAS
- RPKI State: Validated
- Delegation Age: 9,251 days
---
## OBSERVATION HISTORY
- Total Observations: 25
- Recent Activity: Observed 2026-06-15 and 2026-06-20
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
The IP has remained consistently associated with Ahrefs infrastructure with no significant behavioral changes over the observation period.
---
## RECOMMENDED ACTIONS
Based on the moderate risk profile and lack of active threat indicators:
Recommended Approach: MONITOR
- The IP is legitimate Ahrefs infrastructure
- No specific threat indicators present
- Block only if organizational policy requires subnet-level protection
Firewall Rules (if blocking required)
```bash
# iptables
iptables -A INPUT -s 198.244.240.195 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.240.195 drop
# nginx
deny 198.244.240.195;
# Cloudflare WAF
Expression: ip.src eq 198.244.240.195
Action: block
```
---
## SOC ANALYST NOTES
1. Legitimate Infrastructure: This is Ahrefs proxy infrastructure. Traffic should not be blocked absent other indicators of compromise.
2. Subnet Risk: The /24 subnet has high abuse density. Monitor for patterns of abuse originating from this subnet that may affect reputation.
3. No Active Threats: No threat indicators, blacklists, or malicious campaigns associated with this specific IP.
4. Geolocation Discrepancy: ASN shows FR registration but geolocation indicates GB. This is consistent with OVH's multi-region hosting.
5. Classification: CloudCompute + Hosting suggests legitimate SaaS infrastructure, not residential or mobile.
Final Recommendation: Monitor but do not block. The IP represents legitimate cybersecurity infrastructure (Ahrefs) operating in a high-activity subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 198.244.128.0/17 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san195.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san195.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 33% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 35% | 3 | 6 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 23:49:36 UTC |
| Last Seen | 2026-06-28 10:33:52 UTC |
| Profile Built | 2026-06-29 04:38:32 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 30 |
Full dossier details are available via our API.