198.244.242.101
# INTELLIGENCE BRIEFING: 198.244.242.101/32
Classification: Moderate Risk | Risk Score: 40 | Date: 2026-06-20
---
## EXECUTIVE SUMMARY
IP 198.244.242.101 is a cloud hosting endpoint associated with OVH infrastructure (ASN 16276), registered to Ahrefs Pte Ltd Dmytro. The IP resolves to the ahrefs.net domain and is classified as cloud hosting with firewalled/no active services. While no direct threat indicators are present, the IP resides within a high-abuse subnet (198.244.242.0/24) with 0.6523 abuse density and 167 malicious sibling IPs. Route instability is noted with the BGP prefix 198.244.128.0/17.
---
## OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Country** | United Kingdom (GB) |
| **City** | London, England |
| **RIR** | ARIN |
| **CIDR Block** | 198.244.128.0/17 |
---
## NETWORK ROLE & INFRASTRUCTURE
- Infrastructure Type: Cloud Compute
- Hosting Provider: OVH
- Cloud Classification: Yes (Cloud)
- CDN/VPN/Proxy: No
- Tor Exit: No
- Mobile/Residential: No
- Anycast: No
- Bogon: No
DNS Resolution:
- PTR Hostname: proxy-uk007-san101.ahrefs.net
- Forward Resolution: proxy-uk007-san101.ahrefs.net
- Forward Confirmed: No
- Domain: ahrefs.net
---
## THREAT ASSESSMENT
Threat Indicators: None detected
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None
- Is Known Attacker: No
- Is Spam Source: No
Control Plane Status:
- Route Stable: No (Route instability detected)
- DNSSEC: Valid
- CAA Records: Present
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
---
## NEIGHBORHOOD ANALYSIS
Subnet: 198.244.242.0/24
| Metric | Value |
|---|---|
| **Total Siblings** | 256 |
| **Active Siblings** | 219 |
| **Threat Siblings** | 167 |
| **Abuse Density** | 0.6523 (High Abuse) |
| **Inherited Risk** | 26 |
| **Classification** | High Abuse |
Risk Distribution:
- High Risk: 0
- Medium Risk: 56
- Low Risk: 44
The subnet shows elevated abuse activity with 65.2% abuse density. 167 of 256 total IPs are classified as threats, indicating a hosting environment with mixed legitimate and malicious activity.
---
## OBSERVATION HISTORY
Total Observations: 18
Key Signals (Recent):
- 2026-06-20 07:05:04 - Cloud hosting classification (OVH), confidence 0.85
- 2026-06-20 07:04:10 - Operator score 0.2174 (Minimal), confidence 0.60
- 2026-06-20 07:04:10 - Comprehensive signal analysis (6/6 dimensions covered), confidence 0.24
- 2026-06-20 07:03:15 - DNS resolution to ahrefs.net, CAA records present, confidence 0.80
- 2026-06-20 07:02:44 - Subnet abuse analysis: 198.244.242.101/24, classification: high_abuse, confidence 0.75
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 0
- Persistently Malicious: No
---
## RELATIONSHIPS
Total Relationships: 33
- Primary Relationship: Same Network (OVH_282347343) - 28+ occurrences
- Network associations indicate strong OVH infrastructure grouping
---
## SERVICES & PORTS
- Open Ports: None detected
- HTTP Title: None
- TLS Certificate: None
- Server Banner: None
- Status: Firewalled / No Services
---
## RECOMMENDED ACTIONS
Risk Score: 40 (Moderate)
Recommended Firewall Rules:
- iptables: `iptables -A INPUT -s 198.244.242.101 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.242.101 drop`
- nginx: `deny 198.244.242.101;`
- pfSense: `198.244.242.101/32`
- Cloudflare WAF: Block IP with risk score 40
- AWS WAF: Add 198.244.242.101/32 to block list
Assessment: The IP should be blocked at perimeter defenses. While the IP resolves to a legitimate domain (ahrefs.net), the high-abuse subnet context and route instability warrant blocking. Consider allowing only specific ports if business requirements demand connectivity.
---
Analyst Notes: This IP represents a legitimate hosting endpoint within a compromised hosting environment. The abuse density of the subnet suggests shared infrastructure abuse. No direct malicious activity detected from this IP, but neighborhood contamination is significant. Monitor for any service activation or port opening.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san101.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san101.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 15:38:29 UTC |
| Last Seen | 2026-06-28 09:10:07 UTC |
| Profile Built | 2026-06-29 03:15:00 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.