198.244.183.249
# IP INTELLIGENCE BRIEFING: 198.244.183.249
Classification: Moderate Risk | Last Updated: 2026-06-28
Prepared for: SOC Operations
---
## EXECUTIVE SUMMARY
IP 198.244.183.249 is a cloud hosting address in the London, GB data center operated by OVH (ASN 16276) for Ahrefs Pte Ltd. The IP presents a moderate risk score (40) with no active threat indicators but resides in a high-abuse density subnet (0.7969). The address is associated with legitimate DNS infrastructure (ahrefs.net) but shows minimal service exposure.
---
## NETWORK OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 (OVH) |
| **Country/Region** | London, England, GB |
| **CIDR Block** | 198.244.128.0/17 |
| **Infrastructure Type** | CloudCompute / Hosting |
The IP is associated with the legitimate SaaS provider Ahrefs, operating within OVH's UK data center infrastructure.
---
## THREAT INDICATORS
Risk Assessment: Moderate (Score: 40)
Threat Indicators: None detected
Blacklist Status: Listed on 1 of 8 DNSBL sources
Campaign Association: No known campaign matches
Network Classification:
- Cloud Infrastructure: Yes
- Hosting Service: Yes
- CDN/VPN/Proxy/Tor: No
- Residential: No
---
## SUBNET ANALYSIS: 198.244.183.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7969 (High) |
| **Subnet Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 211 |
| **Threat Siblings** | 204 |
| **Risk Distribution** | 0 High, 19 Medium, 81 Low |
The /24 subnet exhibits elevated abuse density with 80% of active IPs flagged as threats. This contextual factor elevates the risk posture of the target IP despite its clean individual profile.
---
## OBSERVATION HISTORY (22 Signals)
Recent Signal Timeline:
- 2026-06-28 18:27: Operator score 0.087 (Minimal), overall confidence 0.30
- 2026-06-20 16:25: Subnet abuse density 0.7969, classification high_abuse
- 2026-06-20 16:23: Network classification: OVH hosting infrastructure
- 2026-06-20 16:18: Operator score 0.2174 (Minimal)
Temporal Assessment: No persistent malicious behavior detected. The IP shows stable ownership with minimal threat persistence.
---
## DNS & SERVICES
| Attribute | Value |
|---|---|
| **PTR Hostname** | proxy-uk004-san249.ahrefs.net |
| **Domain** | ahrefs.net |
| **Open Ports** | None detected |
| **Services** | Firewalled / No Services |
| **TLS Certificate** | Not observed |
| **Email Auth (SPF/DMARC)** | Not configured |
The IP resolves to a proxy hostname within Ahrefs' UK infrastructure but shows no active service exposure.
---
## RELATIONSHIP GRAPH
- Network Associations: OVH_282347340 (multiple entries)
- DNS Associations: proxy-uk004-san249.ahrefs.net (multiple entries)
- Organization/Certificate: None detected beyond primary association
---
## CONTROL PLANE & ROUTING
| Attribute | Value |
|---|---|
| **Origin ASN** | 16276 |
| **BGP Prefix** | 198.244.128.0/17 |
| **Route Stability** | Unstable |
| **Route Changes (30d)** | 0 |
| **RPKI State** | Not evaluated |
| **DNSSEC** | Valid |
| **CNAME** | Present |
---
## RECOMMENDED ACTIONS
Based on risk profile and subnet context, the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.183.249 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.183.249 drop` |
| **nginx** | `deny 198.244.183.249;` |
| **pfSense** | `198.244.183.249/32` |
| **Cloudflare WAF** | Block โ expression: `ip.src eq 198.244.183.249` |
| **AWS WAF** | `Addresses: ["198.244.183.249/32"]` |
Note: These recommendations are probabilistic. Consider combining with additional threat intelligence signals before implementing blocking measures.
---
## ANALYST NOTES
1. Contextual Risk: While the IP itself shows minimal individual threat indicators, its residence in a high-abuse subnet (0.7969 density) warrants heightened scrutiny.
2. Legitimate Infrastructure: DNS associations indicate legitimate Ahrefs hosting infrastructure. Blocking may impact legitimate business communications.
3. Recommended Approach: Implement allow-listing for known Ahrefs IP ranges where possible, or apply rate-limiting rather than outright blocking to balance security and operational continuity.
4. Monitoring: Track for any changes in service exposure or threat indicators that may warrant more aggressive response.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk004-san249.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk004-san249.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:12:29 UTC |
| Last Seen | 2026-06-28 18:27:12 UTC |
| Profile Built | 2026-06-29 06:29:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.