IP Intelligence Briefing: 198.244.240.203
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership:
- Organization: Ahrefs Pte Ltd (Singapore)
- ASN: 16276 (OVH)
- Geolocation: London, England, UK (GeoPlausible: Yes)
- Network Role:
- Provider: OVH (CloudCompute Hosting)
- Subnet: 198.244.240.0/24
- Classification: High Abuse Subnet (abuse density: 54.69%)
---
**2. Threat Indicators**
- No malicious activity detected:
- No indicators of spam, attacker, or Tor exit nodes.
- Zero DNSBL listings and no known campaigns.
- DNS Associations:
- Linked to `proxy-uk006-san203.ahrefs.net` (Ahrefsβ proxy hostname).
- No email authentication records (SPF/DKIM/DMA).
---
**3. Observation History**
- Stability:
- BGP route stability: Unstable (route changes detected).
- No persistent malicious behavior (threat persistence: 0 days).
- Signal Trends:
- Minimal risk signals over time (confidence: 0.23β0.85).
- No spikes in threat or abuse activity.
---
**4. Network Relationships**
- Subnet Context:
- Part of 198.244.240.0/24, a high-abuse subnet with 256 IPs.
- 140 of 256 siblings flagged as threats (abuse density: 54.69%).
- Connected Entities:
- OVH Network: Same ASN (16276) as 282347342.
- Ahrefs DNS: Direct association with `proxy-uk006-san203.ahrefs.net`.
---
**5. Neighborhood Analysis**
- Subnet Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 88 IPs
- Low Risk: 12 IPs
- Notable Neighbors:
- IPs like `198.244.240.0` and `198.244.240.1` show moderate risk (score: 40β50).
- Subnet abuse density: 54.69% (high risk).
---
**6. Recommendations**
- Monitor:
- Track DNS and network behavior for anomalies, given the high-abuse subnet context.
- Validate Ahrefsβ proxy hostname (`proxy-uk006-san203.ahrefs.net`) for legitimate traffic.
- Firewall Rules:
- Allow traffic from OVH ASN (16276) but restrict unassociated IPs in the 198.244.240.0/24 subnet.
- Use IPDebriefβs [actions tool](#) for specific rule templates (e.g., iptables, Cloudflare WAF).
---
Conclusion:
This IP is a legitimate cloud-hosted proxy server operated by Ahrefs, part of a high-abuse subnet. While no direct threats are detected, the subnetβs elevated risk suggests closer monitoring. SOC teams should focus on validating DNS associations and isolating suspicious subnets.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk006-san203.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san203.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:06 UTC |
| Last Seen | 2026-06-27 02:49:21 UTC |
| Profile Built | 2026-06-27 20:54:18 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
Full dossier details are available via our API.