198.244.242.243
# IP INTELLIGENCE BRIEFING: 198.244.242.243
## Executive Summary
IP address 198.244.242.243 is a moderate-risk (risk score: 50/100) infrastructure IP assigned to OVH cloud infrastructure (ASN 16276) operated by Ahrefs Pte Ltd Dmytro. The IP is geolocated to London, England, with DNS resolution to proxy-uk007-san243.ahrefs.net. The address operates as a cloud hosting endpoint with no active open ports detected and no known open services.
## Risk Assessment
Overall Risk Score: 50/100 (Moderate Risk)
| Metric | Value | Assessment |
|---|---|---|
| Provider Score | 0 | Baseline provider classification |
| Authority Score | 0 | No authoritative reputation signals |
| Stability Score | 0 | Insufficient historical data |
| Abuse Confidence | N/A | No definitive abuse attribution |
| Blacklist Count | 0 | Not currently listed |
| Known Campaigns | None | No campaign correlations |
## Technical Profile
- Infrastructure Type: CloudCompute (OVH hosting provider)
- Network Role: Hosting / Firewalled
- DNS Classification: proxy-uk007-san243.ahrefs.net
- Connection Type: Cloud infrastructure
- Service Status: No open ports or services detected
- TLS/HTTP Services: Not responding or no services running
## Geolocation Data
- Country: United Kingdom (GB)
- Region: England
- City: London
- ASN: 16276 (OVH SAS)
- CIDR Block: 198.244.128.0/17 (origin)
- Geographic Consensus: True (1 source)
## Threat Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- IP Reputation: Moderate Risk
- Control Plane: 2 DNSBL listings out of 8 total lists
- Route Stability: Unstable (route changes detected in 30-day window)
- RPKI State: Not reported
- DNSSEC Valid: True
## Neighborhood Analysis (198.244.242.0/24)
The /24 subnet exhibits elevated abuse characteristics:
- Abuse Density: 0.6484 (High Abuse Classification)
- Total Siblings: 256 IPs
- Active Siblings: 206
- Threat Siblings: 166
- Neighbor Risk Distribution: 100% medium-risk neighbors (risk scores 40-50)
- Inherited Risk Score: 25/100
This subnet shows a pattern of elevated activity consistent with hosting infrastructure but with notable abuse density in the neighborhood.
## Historical Signals (22 Observations)
Recent observation history indicates:
- Latest Signal (2026-06-17): Operator score 0.2174 (Minimal), confidence 0.60
- DNSBL Activity: Listed on 2026-06-17 with 2 out of 8 lists at high severity
- Subnet Classification: High abuse density confirmed in observations from 2026-06-15
- Threat Persistence: No persistent malicious behavior detected (0 threat persistence days)
- Ownership Changes: 0 changes observed
## Relationship Graph
- Total Relationships: 46 detected
- Primary Relationship Type: Same Network (OVH_282347343)
- External Entity Links: Limited; primarily infrastructure-based relationships
## Recommended Security Actions
Based on the moderate risk profile and observed characteristics:
1. Monitoring: Implement passive monitoring for traffic patterns from this subnet
2. Blocking: Not recommended for immediate blocking due to moderate risk classification and lack of active threat indicators
3. Alert Thresholds: Configure alerts for unusual connection volumes or protocol anomalies from 198.244.242.0/24
4. Whitelisting: Consider whitelisting if traffic is legitimate business-related (Ahrefs infrastructure)
## Conclusion
IP 198.244.242.243 represents a legitimate cloud infrastructure endpoint with moderate risk characteristics. The IP is associated with Ahrefs hosting infrastructure and shows no active malicious indicators. However, the parent subnet (198.244.242.0/24) demonstrates elevated abuse density with 166 threat-identified siblings, warranting continued monitoring. No immediate blocking action is recommended, but traffic should be monitored for anomalous behavior patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san243.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san243.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:18 UTC |
| Last Seen | 2026-06-28 11:45:08 UTC |
| Profile Built | 2026-06-29 05:48:25 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.