198.244.240.205
# IP Intelligence Briefing: 198.244.240.205
Classification: Moderate Risk | Date: 2026-06-20
---
## Executive Summary
IP 198.244.240.205 presents a moderate risk profile (risk score: 50) associated with Ahrefs Pte Ltd Dmytro infrastructure hosted on OVH cloud compute networks in London, England. The IP is assigned a PTR hostname of proxy-uk006-san205.ahrefs.net but shows no active services or open ports. Despite the moderate risk classification, the IP resides within a subnet exhibiting high abuse density (0.832) with 213 out of 256 active sibling IPs flagged as threats.
---
## Network Attribution & Infrastructure
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Location** | London, England, GB |
| **Infrastructure Type** | Cloud Compute |
| **Hosting Provider** | OVH |
| **BGP Prefix** | 198.244.128.0/17 |
| **DNS** | proxy-uk006-san205.ahrefs.net |
The IP is classified as cloud-hosted infrastructure with no evidence of proxy, VPN, Tor, or residential characteristics. No TLS certificates or HTTP services were detected, suggesting the endpoint may be firewalled or used for upstream network functions rather than direct client-facing services.
---
## Threat Assessment
Threat Indicators:
- No active threat indicators detected
- No blacklist listings (blacklist count: 0)
- Not identified as known attacker, spam source, or Tor exit node
- DNSBL listed on 2 of 8 total threat feeds
Risk Components:
- Provider Risk Score: 0
- Authority Risk Score: 0
- Operator Score: 0.2174 (Minimal)
- Stability Score: 0
---
## Neighborhood Analysis
The IP belongs to subnet 198.244.240.0/24, which demonstrates concerning abuse patterns:
- Abuse Density: 0.832 (High)
- Threat Siblings: 213 of 256 total IPs
- Active Siblings: 199
- Inherited Risk: 33
Risk distribution across sibling IPs shows 50 medium-risk and 50 low-risk addresses, with no high-risk siblings detected in the sampled set. This suggests the subnet may serve legitimate infrastructure purposes while hosting compromised or misconfigured endpoints.
---
## Historical Observation
Analysis of 21 historical observations (most recent: 2026-06-20T07:55:21) reveals consistent network characteristics with no significant behavioral changes. The IP has demonstrated persistent infrastructure presence without evidence of escalating malicious activity or ownership transitions.
---
## Recommended Actions
Based on risk profile and neighborhood context, the following mitigations are recommended:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 198.244.240.205 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.240.205 drop
# Cloudflare WAF
ip.src eq 198.244.240.205 โ BLOCK
```
AWS WAF Configuration:
```json
{
"Addresses": ["198.244.240.205/32"],
"Description": "IPDebrief risk score 50"
}
```
---
## Analyst Notes
- No actionable recommendations were generated by the actions engine, suggesting the IP may not require immediate blocking but should be monitored given neighborhood context
- The high abuse density in the /24 subnet warrants consideration of broader subnet-level filtering policies
- PTR hostname association with ahrefs.net suggests legitimate organizational use, but the high abuse density of the subnet indicates potential infrastructure compromise or abuse
- Route stability is flagged as false; investigate BGP prefix 198.244.128.0/17 for potential route hijacking or instability
---
Generated: 2026-06-20
Toolset: IPDebrief Intelligence Platform
Classification: SOC Intelligence Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san205.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san205.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:39:51 UTC |
| Last Seen | 2026-06-28 09:53:18 UTC |
| Profile Built | 2026-06-29 03:58:29 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.