198.244.240.225
# IP Intelligence Briefing: 198.244.240.225/32
## Executive Summary
Threat Level: Moderate Risk (Score: 40/100)
Classification: Cloud Infrastructure / Hosting Environment
Recommended Action: Monitor with selective blocking based on organizational policy
---
## Profile Overview
The IP address 198.244.240.225 is registered to Ahrefs Pte Ltd Dmytro under AS16276 (OVH SAS). Geolocation data indicates placement in London, England, GB with an accuracy radius of 750 km. The infrastructure operates on OVH's cloud compute platform and is classified as hosting infrastructure.
Ownership & Registration:
- ASN: 16276
- Organization: Ahrefs Pte Ltd Dmytro
- RIR: ARIN
- BGP Prefix: 198.244.128.0/17
Network Classification:
- Cloud Compute: Yes
- Hosting: Yes
- CDN: No
- Proxy/Tor: No
- Residential: No
---
## DNS & Service Analysis
DNS Records:
- PTR Hostname: proxy-uk006-san225.ahrefs.net
- Forward Resolution: proxy-uk006-san225.ahrefs.net (forward confirmed: false)
- Forward Resolution Count: 1
- Email Authentication: SPF/DMARC not configured
Service Detection:
- No open ports detected
- No TLS certificate or HTTP content identified
- Service purpose: Firewalled / No Services
---
## Threat Indicators
Current Threat Profile:
- Abuse Confidence Score: Not calculated
- Blacklist Count: 0
- Pulsedive Risk: Not reported
- Known Campaigns: None identified
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane:
- DNSBL Listed Count: 1 of 8 total lists
- DNSSEC Valid: Yes
- Has CAA: Yes
- Route Stability: False
- Operator Score: 0.2174 (Minimal)
- Threat Persistence Days: 0
---
## Neighborhood Assessment
Subnet: 198.244.240.225/24
- Subnet Classification: High Abuse
- Abuse Density: 0.793 (High)
- Inherited Risk Score: 31
- Total Siblings: 256
- Active Siblings: 168
- Threat Siblings: 203
Risk Distribution in /24:
- High Risk: 0 IPs
- Medium Risk: 70 IPs
- Low Risk: 30 IPs
The subnet exhibits elevated abuse density with over 79% of active IPs flagged as threats. This contextualizes the IP within a higher-risk operational environment.
---
## Observation History (21 Signals)
Recent Activity Timeline:
- 2026-06-28: Geolocation signal (GB, London) - Confidence: 28%
- 2026-06-20: Subnet abuse density classification (High Abuse, 0.793) - Confidence: 75%
- 2026-06-19: Operator score (Minimal, 0.2174) - Confidence: 60%
- 2026-06-19: Full profile signal - Confidence: 23%
- 2026-06-15: Geolocation signal (GB, London) - Confidence: 28%
Temporal Analysis:
- Ownership Changes: 0
- Threat Observation Count: 1
- Persistently Malicious: No
- Historical signals indicate persistent geolocation to GB with low-to-moderate confidence across multiple observation periods.
---
## Relationships Network
Total Relationships: 53
Relationship Types: Same Network (OVH_282347342) - 48+ instances
All relationships map to the same OVH network identifier, confirming the IP resides within OVH's managed infrastructure.
---
## Recommended Security Actions
Firewall Rules:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 198.244.240.225 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 198.244.240.225 drop` |
| nginx | `deny 198.244.240.225;` |
| pfSense | `198.244.240.225/32` |
| Cloudflare WAF | Block 198.244.240.225 (Risk Score: 40) |
| AWS WAF | `Addresses: ["198.244.240.225/32"]` |
Operational Recommendations:
1. Block at perimeter: Implement immediate blocking at network perimeter devices using provided firewall rules
2. Monitor subnet trends: The /24 subnet (198.244.240.0/24) shows 79% abuse density; monitor for correlated activity
3. Contextual assessment: The IP operates in a cloud hosting environment with no open services detected; blocking may reduce noise without impacting legitimate operations
4. Geolocation correlation: Persistent GB/London geolocation with low confidence suggests infrastructure may be distributed; verify against actual threat intelligence
---
Report Generated: IPDebrief Intelligence Platform
Data Sources: 21 historical observations, 53 relationship entities, full profile analysis
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san225.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san225.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 08:43:56 UTC |
| Last Seen | 2026-06-28 02:03:43 UTC |
| Profile Built | 2026-06-28 20:09:15 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.