198.244.242.167

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## Threat Intelligence Briefing: 198.244.242.167/32

Summary:

The IP address 198.244.242.167 was associated with moderate-risk activity (risk score: 40) during observation. The address resided within OVH cloud infrastructure (ASN 16276) in London, England, operating under the Ahrefs organization entity. No active malicious indicators were present at the time of assessment.

Infrastructure Profile:

The address operated as a cloud compute resource with DNS resolution to proxy-uk007-san167.ahrefs.net under the ahrefs.net domain. No open ports or active services were detected, indicating the resource was either firewalled or inactive during scanning. The infrastructure operated as hosting infrastructure within the 198.244.128.0/17 BGP prefix.

Threat Assessment:

Threat indicators remained absent during the assessment period. The address did not appear on blacklists (blacklist count: 0), was not classified as a known attacker or spam source, and showed no association with Tor exit nodes. No known threat campaigns were correlated. The operator score was minimal (0.2174), suggesting limited network-level threat activity.

Subnet Context:

The 198.244.242.0/24 subnet exhibited high-abuse classification with an abuse density of 0.6484. Analysis of neighboring IPs revealed 166 threat-sibling addresses out of 256 total siblings, with 206 active siblings. Risk distribution across the subnet showed 100 medium-risk neighbors and 0 high-risk addresses. This suggests the subnet hosts legitimate infrastructure alongside compromised or misconfigured endpoints.

Observation History:

Twenty signal observations were recorded, with the most recent subnet abuse classification observed on 2026-06-15T09:08:59 UTC. DNS and operator signals were consistently observed alongside the subnet abuse classification. No ownership changes or persistent malicious behavior patterns were detected.

Relationship Analysis:

The IP maintained relationships with 13 instances of the same network (OVH_282347343) and 18 DNS associations to the proxy-uk007-san167.ahrefs.net hostname.

Recommended Actions:

No specific security actions or firewall rules were recommended based on the risk profile. The moderate-risk classification combined with the high-abuse subnet context suggests monitoring rather than blocking. The legitimate enterprise association (Ahrefs) and absence of direct threat indicators support maintaining connectivity while monitoring for changes in behavior.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk007-san167.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk007-san167.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	12%	2	2
ownership	20%	2	3
reputation	28%	1	3
geolocation	25%	2	2
Overall	21%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-20 05:44:21 UTC
Last Seen	2026-06-28 11:07:24 UTC
Profile Built	2026-06-29 05:14:20 UTC
Data Freshness	Live
Signal Types	21
Total Observations	25

🔍 21 signal types · 25 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.242.167📋 Copy