198.244.242.18
# IP Intelligence Briefing: 198.244.242.18/32
Classification: Moderate Risk (Score: 40)
Date: June 2026
Analyst: IPDebrief Intelligence
---
## EXECUTIVE SUMMARY
IP 198.244.242.18 is a cloud compute endpoint operated by OVH (ASN 16276) in London, England, with infrastructure attributed to Ahrefs Pte Ltd Dmytro. The IP hosts no active services and is firewall-protected. While the IP itself shows moderate risk characteristics, it operates within a high-abuse density subnet (198.244.242.0/24) with 159 threat-sibling IPs, indicating the broader network segment warrants monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 (OVH) |
| Organization | Ahrefs Pte Ltd Dmytro |
| Country | GB (London, England) |
| RIR | ARIN |
| Infrastructure Type | CloudCompute |
| Hosting Provider | OVH |
| Service Status | Firewalled / No Services |
---
## THREAT ASSESSMENT
Current Risk Profile:
- Risk Score: 40 (Moderate Risk)
- Abuse Confidence: Not flagged as known attacker, spam source, or Tor exit node
- DNSBL Status: Listed on 1 of 8 threat feeds
- Operator Score: 0.2174 (Minimal)
- ISP Classification: Cloud hosting provider
Threat Indicators:
- No active threat indicators detected
- No known campaigns associated
- No persistent malicious activity flagged
---
## NETWORK CONTEXT & NEIGHBORHOOD ANALYSIS
Subnet Profile (198.244.242.0/24):
- Abuse Density: 0.6211 (High Abuse)
- Inherited Risk: 24
- Total Subnet IPs: 256
- Active Siblings: 206
- Threat Siblings: 159 (62% of active IPs)
- Risk Distribution: 100 medium-risk neighbors, 0 high-risk neighbors
Key Observations:
- The subnet demonstrates elevated threat concentration with 159 IPs flagged as threat-related
- Neighbor risk scores cluster at 40-50, consistent with the subject IP
- High sibling threat count suggests infrastructure reuse or compromised cloud environment
---
## DNS & NETWORK BEHAVIOR
| Component | Details |
|---|---|
| PTR Hostnames | proxy-uk007-san18.ahrefs.net |
| Forward Resolution | proxy-uk007-san18.ahrefs.net (1 record) |
| Reverse DNS Confirmed | No |
| Domain | ahrefs.net |
| TLS Certificate | None |
| HTTP Services | None detected |
DNSSEC: Valid
CAA Records: Present
---
## OBSERVATION HISTORY ANALYSIS
Temporal Trends (24 Observations):
| Date | Abuse Density | Inherited Risk | Threat Siblings |
|---|---|---|---|
| 2026-06-19 22:00 | 0.6367 | 25 | 163 |
| 2026-06-14 22:05 | 0.6211 | 24 | 159 |
Analysis:
- Metrics remain stable with minor fluctuations
- No escalation in threat activity observed over 5-day window
- No ownership changes detected
- Not classified as persistently malicious
---
## RECOMMENDED ACTIONS
For SOC Analysts:
1. MONITOR - Given moderate risk score (40) and high-abuse subnet context, maintain observation on this IP
2. BLOCK IF - If traffic exhibits malicious payload patterns or matches known threat indicators
3. ALLOW - Traffic from established Ahrefs domains (ahrefs.net) appears legitimate for business operations
4. CONTEXTUALIZE - Correlate with subnet-level intelligence; 159 threat siblings may indicate broader infrastructure compromise
Firewall Recommendation:
- No immediate blocking required
- Implement connection rate limiting if unusual traffic patterns emerge
- Monitor for outbound connections to known malicious destinations
---
## INTELLIGENCE NOTES
- This IP is part of OVH cloud infrastructure serving Ahrefs, a legitimate SEO analytics company
- High threat sibling count in subnet does not necessarily indicate individual IP compromise
- DNSBL listing appears to be a minor factor; investigate specific blacklist sources if traffic is blocked
- Network shows stable operational patterns with no degradation in service availability
Threat Level: MODERATE
Action Required: MONITOR
Confidence: HIGH
---
*Report generated from IPDebrief intelligence platform data. All metrics based on real-time signal analysis and historical observation data.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san18.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san18.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 01:09:28 UTC |
| Last Seen | 2026-06-28 00:06:20 UTC |
| Profile Built | 2026-06-28 18:11:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.