198.244.240.10
IP INTELLIGENCE BRIEFING: 198.244.240.10/32
Classification: Moderate Risk (Score: 40/100)
Asset Overview
The target IP 198.244.240.10 is an IPv4 address registered under ASN 16276 (OVH SAS), operating within the Ahrefs Pte Ltd Dmytro organizational infrastructure. The address resolves to proxy-uk006-san10.ahrefs.net, indicating it is a proxy service endpoint for the Ahrefs web analytics platform. Current geolocation data points to London, England, though hosting infrastructure is provided by OVH with signals originating from both UK and French datacenters.
Network Classification & Infrastructure
The IP is classified as a hosting service with firewall configuration in place (no open ports detected). The address operates on the 198.244.240.0/24 subnet under OVH's network infrastructure (OVH_282347342). Control plane data indicates route stability issues with the BGP prefix 198.244.128.0/17, showing 0 route changes in the past 30 days. DNSSEC validation is active, and the operator risk score is rated as minimal (0.2174).
Threat Assessment
Current threat indicators show no active malicious behavior:
- No known attacker or spam source indicators
- Zero blacklist enumerations
- No Tor exit node activity
- No correlation with known threat campaigns
- Zero active threat observations in the past observation period
However, the IP operates within a high-abuse density subnet (0.8359 abuse density classification). The subnet analysis reveals 214 threat siblings out of 256 total addresses, with 199 active siblings. This contextual risk factor should be considered alongside the individual IP's moderate risk score.
Temporal Analysis
Observation history indicates 19 recorded signals as of June 2026. The IP has demonstrated 0 ownership changes and is not classified as persistently malicious. One threat observation was recorded during the observation window. Geographic signals show multi-source consensus with reasonable accuracy (750km radius).
Recommended Security Actions
Based on the risk profile and subnet abuse context, the following defensive measures are recommended:
Firewall/Access Control:
- iptables: `iptables -A INPUT -s 198.244.240.10 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.240.10 drop`
- nginx: `deny 198.244.240.10;`
- pfSense: `198.244.240.10/32`
- Cloudflare WAF: Block with expression `ip.src eq 198.244.240.10`
- AWS WAF: Block address `198.244.240.10/32`
Operational Considerations:
- The IP represents a legitimate proxy service for Ahrefs; consider whitelisting if traffic from this endpoint is expected for business operations
- Monitor for traffic patterns consistent with web scraping or reconnaissance activities
- The high-abuse subnet context warrants heightened scrutiny of all traffic from this /24 range
- No immediate threat indicators present, but subnet-level risk suggests proactive monitoring is warranted
Conclusion
The target IP presents a moderate risk profile with no active threat indicators. However, the high-abuse density of the parent subnet and hosting infrastructure on OVH warrants continued monitoring. Recommended actions focus on access control while maintaining awareness of the subnet's overall threat landscape.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san10.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san10.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:44:20 UTC |
| Last Seen | 2026-06-28 11:03:26 UTC |
| Profile Built | 2026-06-29 05:09:47 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.