198.244.240.9
Threat Intelligence Briefing: IP 198.244.240.9/32
Overview
- Risk Score: 25 (Low Risk)
- Ownership: Owned by Ahrefs Pte Ltd (ASN 16276, OVH provider).
- Geolocation: London, England, GB (residential/business).
- Network Role: CloudCompute infrastructure (OVH-hosted, no public services).
- Threat Indicators: No malicious activity, blacklists, or campaigns detected.
Key Observations
1. DNS Associations: Linked to proxy-uk006-san9.ahrefs.net (legitimate Ahrefs subdomain).
2. Network Behavior:
- Subnet 198.244.240.0/24 contains 100 IPs, with 81 medium-risk and 19 low-risk neighbors.
- Abuse density in the subnet is 0, but 81% of neighbors show medium risk.
3. Historical Activity:
- DNS resolution for ahrefs.net observed (no malicious domains).
- No TLS certificates or open ports detected.
- Minor DNSBL listing (1 of 8 lists), likely false positive.
Recommended Actions
- Monitor Subnet: The IPโs subnet has a high concentration of medium-risk neighbors. Investigate if shared infrastructure or lateral movement could impact this IP.
- Verify DNS Security: Ensure DNSSEC and CAA records are properly configured for ahrefs.net to prevent spoofing.
- Baseline Traffic: Confirm no unexpected traffic patterns or port activity, as the IP is otherwise dormant.
Conclusion
This IP is associated with a legitimate entity (Ahrefs) and shows no direct malicious activity. However, its subnet contains a significant number of medium-risk IPs, warranting closer scrutiny to mitigate potential indirect risks. No immediate mitigation is required, but ongoing monitoring is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san9.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san9.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:44:21 UTC |
| Last Seen | 2026-06-28 11:06:23 UTC |
| Profile Built | 2026-06-29 05:12:01 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.