198.244.240.75
# IP Intelligence Briefing: 198.244.240.75/32
Classification: Moderate Risk
Report Date: June 2026
Analyst: SOC Intelligence Team
## Executive Summary
IP 198.244.240.75 is a cloud-hosted infrastructure address associated with Ahrefs Pte Ltd Dmytro, operating under ASN 16276 (OVH). The IP carries a risk score of 50 (Moderate Risk) and is located in London, England. While the IP itself shows no direct threat indicators, it resides within a high-abuse density subnet (0.832) with 213 malicious sibling IPs identified.
## Profile Details
| Attribute | Value |
|---|---|
| **Risk Score** | 50 (Moderate) |
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Provider** | OVH |
| **Network Role** | Firewalled / No Services |
| **DNS Domain** | ahrefs.net |
| **PTR Hostname** | proxy-uk006-san75.ahrefs.net |
## Threat Assessment
Direct Threat Indicators:
- No active threat indicators detected
- Not identified as Tor exit node, VPN, proxy, or known attacker
- Zero blacklist entries on current scan
- Two DNSBL listings among eight total lists (25% list density)
Risk Context:
The IP operates within subnet 198.244.240.75/24, classified as "high_abuse" with an abuse density of 0.832. Of 256 total sibling IPs:
- 199 active siblings
- 213 threat siblings (83% threat rate)
- Inherited risk score: 33
## DNS and Email Analysis
DNS Configuration:
- Forward resolution: proxy-uk006-san75.ahrefs.net
- Forward confirmation: False (potential DNS mismatch)
- Email authentication: SPF/DMARC not configured
Security Headers:
- No HSTS, CSP, or HTTP/2 detected
- No referrer policy or permissions policy headers
## Network Behavior
BGP Analysis:
- BGP Prefix: 198.244.128.0/17
- Origin ASN: 16276
- AS Path: 34549 โ 16276
- Route stability: Stable (0 route changes in 30 days)
- RIR Registry: RIPE
Historical Observations:
- 25 total signal observations recorded
- ASN allocated: 2010-02-15 (~9,256 days old)
- No ownership changes observed
- Threat observation count: 1
## Neighborhood Analysis
The surrounding /24 subnet shows significant abuse activity. Risk distribution across 100 sampled neighbors:
- High risk: 0 IPs
- Medium risk: 47 IPs (47%)
- Low risk: 53 IPs (53%)
Notable neighbor risk scores range from 25-40, indicating moderate baseline risk across the subnet.
## Recommended Actions
1. Monitor Closely: The IP shows no direct malicious activity but operates in a high-abuse-density environment. Implement enhanced logging and monitoring.
2. DNS Validation: Address forward resolution mismatch (forwardConfirmed: false). Verify DNS configuration with domain owner.
3. Email Authentication: Consider implementing SPF and DMARC records if this IP is used for email services.
4. Contextual Blocking: Evaluate whether to block or allow based on organizational policy. The moderate risk score (50) suggests traffic inspection rather than blanket blocking.
5. Related Infrastructure: Investigate associated ahrefs.net infrastructure. The PTR hostname indicates this is part of Ahrefs' UK proxy network.
## Conclusion
IP 198.244.240.75 represents legitimate hosting infrastructure for Ahrefs operating within a high-risk subnet. While no direct threat indicators are present, the high neighborhood abuse density warrants continued monitoring. The IP's cloud-hosted nature and lack of open services suggest it may be a backend or proxy endpoint. SOC analysts should evaluate traffic patterns and determine if additional context is needed before implementing firewall rules.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 198.244.128.0/17 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san75.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san75.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 33% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 37% | 3 | 6 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 29% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 23:49:36 UTC |
| Last Seen | 2026-06-28 10:34:53 UTC |
| Profile Built | 2026-06-29 04:40:50 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.