# IP Intelligence Briefing: 198.244.240.191
Classification: Moderate Risk Cloud Infrastructure Asset
Date: Current Analysis
Risk Score: 40/100
---
## Executive Summary
IP 198.244.240.191 is a cloud-hosted infrastructure endpoint registered to OVH SAS (ASN 16276), operating from London, England. The IP resolves to a proxy hostname (proxy-uk006-san191.ahrefs.net) associated with ahrefs.net. While the IP itself shows moderate risk characteristics, it operates within a subnet exhibiting high abuse density (0.793), with 203 out of 256 sibling addresses flagged as threats.
---
## Ownership & Network Classification
| Attribute | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro / OVH |
| **ASN** | 16276 |
| **Country** | United Kingdom (GB) |
| **City** | London |
| **Infrastructure Type** | CloudCompute |
| **Hosting Provider** | OVH |
| **Connection Type** | Cloud (Firewalled/No Services) |
---
## Threat Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None identified
- DNSBL Listed: 1 of 8 total lists
The IP does not exhibit active threat indicators but operates in a high-abuse environment.
---
## Neighborhood Risk Assessment
Subnet: 198.244.240.0/24
Abuse Density: 0.793 (High)
Classification: High Abuse
Threat Siblings: 203 of 256 total addresses
Inherited Risk Score: 31/100
The /24 subnet shows elevated abuse characteristics. Sample neighboring addresses (198.244.240.0-5) exhibit risk scores of 40-50, suggesting systemic risk across the subnet.
---
## Historical Observations
Analysis of 25 historical observations reveals:
- Signal Persistence: 25 observations recorded
- Ownership Stability: No ownership changes observed
- Route Stability: Stable (0 route changes in 30 days)
- Recent Classifications: Consistently classified as "high_abuse" subnet
- Provider Classification: OVH hosting infrastructure confirmed
No significant degradation or escalation in risk profile detected over observation period.
---
## DNS & Service Profile
| Field | Value |
|---|---|
| **PTR Hostnames** | proxy-uk006-san191.ahrefs.net |
| **Domain** | ahrefs.net |
| **Forward Resolution** | Confirmed (1 hostname) |
| **Open Ports** | None detected |
| **TLS Certificate** | None detected |
| **HTTP Services** | None detected |
No open ports or active services detected. The IP appears firewalled with no exposed endpoints.
---
## Recommended Actions
Based on risk profile and neighborhood analysis, the following controls are recommended:
```bash
# iptables
iptables -A INPUT -s 198.244.240.191 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.240.191 drop
# nginx
deny 198.244.240.191;
# pfSense
198.244.240.191/32
# Cloudflare WAF
{"description":"Block 198.244.240.191 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 198.244.240.191"}}
# AWS WAF
{"Addresses":["198.244.240.191/32"],"Description":"IPDebrief risk 40"}
```
---
## Intelligence Narrative
The target IP operates within a compromised or high-abuse subnet under OVH cloud infrastructure. Despite lacking direct threat indicators on the endpoint itself, the subnet's high abuse density (0.793) and 203 flagged threat siblings suggest systemic compromise of the hosting environment. The ahrefs.net association indicates potential use for proxy services, which is consistent with the proxy hostname resolution.
Threat Level: Moderate (40/100)
Action Priority: Medium โ Block at perimeter due to neighborhood risk context
Monitoring Recommendation: Continue monitoring for any changes in service exposure or threat indicators. Consider subnet-level filtering given the high abuse density.
---
*Report generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 198.244.128.0/17 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san191.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san191.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 30% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 27% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 22:23:34 UTC |
| Last Seen | 2026-06-27 20:35:00 UTC |
| Profile Built | 2026-06-28 14:39:47 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 31 |
Full dossier details are available via our API.