202.8.42.197
IP Intelligence Briefing: 202.8.42.197
Date: 2026-06-10
---
**1. Core Profile**
- Reputation: Moderate Risk (Risk Score: 50)
- Ownership:
- ASN: 140577
- Organization: Ahrefs Pte Ltd (crawler infrastructure)
- Network: AHREFS-CRAWLER-B-USA (202.8.42.0/23)
- Geolocation:
- Country: United States (VA, Ashburn)
- Coordinates: 39.05°N, -77.49°E
- Threat Indicators:
- No direct malicious activity detected (no spam, attacks, or blacklists).
- High-severity threat listings observed in 8 feeds (confidence: 0.85).
---
**2. Network Behavior**
- Services:
- No open ports or TLS services detected.
- DNS records point to `sardine709.ahrefs.net` (likely crawler infrastructure).
- BGP/Network:
- Part of 202.8.42.0/23 subnet (ASN 140577).
- Operator Risk: "Basic" (score: 0.3478).
- Route Stability: Unstable (0 route changes in 30 days).
---
**3. Observation History**
- Recent Activity:
- Threat Listings: 14 observations (1 high-severity, 8 medium).
- DNS Security: Valid DNSSEC, CAA records present.
- Routing: No RPKI validity issues.
- Trend: No persistent malicious behavior; risk score stable.
---
**4. Relationships & Neighborhood**
- Linked Entities:
- DNS: `sardine709.ahrefs.net` (same hostname repeated).
- Network: Shared subnet with Ahrefs infrastructure.
- Subnet Analysis:
- /24 Subnet (202.8.42.0/24): 100 IPs.
- Abuse Density: 0% (low risk overall).
- High-Risk Neighbors: 24 IPs (medium risk).
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor Ahrefs crawler infrastructure for unusual traffic patterns (e.g., data exfiltration).
- Validate DNSSEC and CAA records for `sardine709.ahrefs.net`.
- Investigate high-severity threat listings (e.g., malware, phishing).
- Firewall Rules:
- Consider blocking outbound traffic to `sardine709.ahrefs.net` if crawling is unauthorized.
- Allow inbound traffic only on necessary ports (none detected).
---
Conclusion:
This IP is part of Ahrefs' crawler network and shows no direct malicious activity. However, its association with high-severity threat listings and shared subnet risks warrants further investigation. Monitor for anomalous behavior and validate DNS/security configurations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd administrator |
| ASN | AS140577 |
| Network Name | AHREFS-CRAWLER-B-USA |
| CIDR Block | 202.8.42.0/23 |
| RIR | APNIC |
| Country | US |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | sardine709.ahrefs.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | sardine709.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 14% | 6 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:23:16 UTC |
| Last Seen | 2026-06-10 07:55:39 UTC |
| Profile Built | 2026-06-10 08:00:09 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.