198.244.240.94
# IP Intelligence Briefing: 198.244.240.94/32
Classification: Moderate Risk β Cloud Infrastructure
Date: 2026-06-20
Prepared: IPDebrief Intelligence
## Executive Summary
IP 198.244.240.94 is a cloud-compute infrastructure endpoint registered to Ahrefs Pte Ltd Dmytro, hosted on OVH network infrastructure in London, GB. The IP is associated with the ahrefs.net domain and presents a moderate risk profile (score: 40/100) with operational characteristics consistent with a firewalled cloud service. While the IP itself shows no active threat indicators, it resides in a high-abuse-density subnet (0.8359) with 214 threat siblings out of 199 active neighbors, suggesting neighborhood-level risk considerations.
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Country** | GB (England, London) |
| **Provider** | OVH |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **CIDR Block** | 198.244.128.0/17 |
| **Network Role** | Firewalled / No Services |
## Threat Assessment
Risk Score: 40/100 (Moderate Risk)
Threat Indicators: None detected
- Not a known attacker
- Not a spam source
- Not a Tor exit node
- Blacklist count: 0
- Known campaigns: None
DNSBL Status: Listed on 1 of 8 total lists (dnsblListedCount: 1)
Operator Score: 0.2174 (Minimal)
## Network Behavior and Services
Service State: No open ports detected (firewalled)
- HTTP: No title/banner
- TLS: No certificates detected
- Service purpose: Firewalled / No Services
DNS Resolution:
- PTR Hostname: proxy-uk006-san94.ahrefs.net
- Forward Resolution: proxy-uk006-san94.ahrefs.net
- Domain: ahrefs.net
- Forward Confirmed: No
## Neighborhood Analysis
Subnet: 198.244.240.94/24
- Classification: High Abuse
- Abuse Density: 0.8359
- Active Siblings: 199
- Threat Siblings: 214
- Inherited Risk: 33/100
Risk Distribution in Neighbors:
- High: 0%
- Medium: 35%
- Low: 65%
## Historical Observations
16 total signal observations recorded. Key temporal signals include:
- Geolocation: GB (confidence: 0.28) via multi-signal inference
- Abuse Classification: High abuse (confidence: 0.75) with density 0.8359
- Operator Score: Minimal (confidence: 0.60)
- DNS Resolution: ahrefs.net (confidence: 0.80)
- Overall Profile Confidence: 0.1788
## Relationship Graph
28 total relationships identified:
- Network: Multiple Same Network relationships to OVH_282347342
- DNS: 16 DNS associations to proxy-uk006-san94.ahrefs.net
## Security Recommendations
For SOC Teams:
1. Monitor, Do Not Block: This IP represents legitimate cloud infrastructure for Ahrefs. Blocking is not recommended absent specific malicious activity.
2. Neighborhood Awareness: The /24 subnet shows high abuse density. Monitor traffic patterns for anomalous behavior from related IPs.
3. DNSBL Watch: IP is listed on 1 DNSBL. Investigate the specific list(s) for context.
4. Geolocation Consistency: Confirm traffic origin aligns with London, GB expectations.
Firewall Rules: No immediate blocking rules recommended. Allow filtered traffic with logging for baseline analysis.
Investigative Priority: LowβMedium. Investigate only if specific malicious activity is observed or if this IP appears in threat intelligence feeds unrelated to Ahrefs operations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk006-san94.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san94.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:57:00 UTC |
| Last Seen | 2026-06-28 14:01:27 UTC |
| Profile Built | 2026-06-29 08:07:19 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 22 |
Full dossier details are available via our API.