198.244.242.157

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 198.244.242.157

## Executive Summary

IP address 198.244.242.157 is registered to Ahrefs Pte Ltd and operates on OVH cloud infrastructure in London, GB. Current risk assessment indicates moderate risk (score: 50/100) with no active threat indicators but elevated neighborhood abuse density.

## Technical Profile

Ownership & Geolocation:

ASN: 16276 (OVH)
Organization: Ahrefs Pte Ltd Dmytro
Location: London, England, GB (accuracy: 750km radius)
RIR: ARIN

Network Role Classification:

Infrastructure Type: CloudCompute
Provider: OVH
Status: Cloud-hosted infrastructure with hosting services enabled
Service Status: Firewalled / No open ports detected

DNS Configuration:

PTR Hostname: proxy-uk007-san157.ahrefs.net
Forward Resolution: 1 hostname (forward confirmed: false)
CAA Records: Present
DNSSEC: Valid

## Threat Indicators

Current Status:

Blacklist Count: 0
Known Campaigns: None
Tor Exit Node: No
Known Attacker: No
Spam Source: No

Abuse Signals:

DNSBL Listings: 2 of 8 total lists (control plane data)
Abuse Confidence Score: Null
Historical high-severity DNSBL listing observed (June 28, 2026)

## Neighborhood Analysis

Subnet: 198.244.242.0/24

Abuse Density Classification: High abuse (0.6523)
Total Siblings: 256
Active Siblings: 219
Threat Siblings: 167
Inherited Risk Score: 26

Risk Distribution in /24:

High Risk: 0
Medium Risk: 53
Low Risk: 47

Control Plane:

BGP Prefix: 198.244.128.0/17
Route Stability: False
Route Changes (30d): 0
RPKI State: Not assessed

## Observation History

Total Observations: 22

Recent Signals:

June 28, 2026: Cloud infrastructure classification (OVH), DNSBL listings with high severity
June 20, 2026: High abuse density classification noted, DNS records confirmed for ahrefs.net

Temporal Analysis:

Ownership Changes: 0
Threat Persistence Days: 0
Is Persistently Malicious: No
Threat Observation Count: 1

## Recommended Security Actions

Immediate Recommendations:

System	Action
iptables	`iptables -A INPUT -s 198.244.242.157 -j DROP`
nftables	`nft add rule inet filter input ip saddr 198.244.242.157 drop`
nginx	`deny 198.244.242.157;`
pfSense	`198.244.242.157/32`
Cloudflare WAF	Block with expression: `ip.src eq 198.244.242.157`
AWS WAF	Add address `198.244.242.157/32` to whitelist/exclusion

Assessment Notes:

No open ports or services detected (infrastructure may be intentionally firewalled)
High neighborhood abuse density warrants monitoring of adjacent IPs in /24
Historical data indicates DNSBL activity requiring correlation with internal logs
Cloud infrastructure classification suggests legitimate hosting but requires baseline traffic analysis

## Conclusion

IP 198.244.242.157 presents moderate risk primarily due to elevated neighborhood abuse density rather than direct threat indicators. SOC teams should monitor traffic patterns from this IP and consider blocking based on organizational policy. Correlate with internal logs to determine if the IP represents legitimate Ahrefs traffic or potential abuse.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk007-san157.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk007-san157.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	4
routing	13%	1	1
services	12%	2	2
ownership	20%	2	3
reputation	28%	1	3
geolocation	33%	2	3
Overall	23%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-19 21:39:52 UTC
Last Seen	2026-06-28 09:55:11 UTC
Profile Built	2026-06-29 03:59:38 UTC
Data Freshness	Live
Signal Types	21
Total Observations	25

🔍 21 signal types · 25 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.242.157📋 Copy