198.244.240.25
IP INTELLIGENCE BRIEFING
Target: 198.244.240.25/32
Classification: Moderate Risk
Date: 2026-06-28
---
EXECUTIVE SUMMARY
IP 198.244.240.25 is a cloud-hosted infrastructure address operated by Ahrefs Pte Ltd Dmytro through OVH cloud infrastructure in London, UK. The IP resolves to the ahrefs.net domain and is associated with proxy-uk006-san25.ahrefs.net. While the IP itself shows moderate risk characteristics (score: 40), it operates within a high-abuse-density subnet (198.244.240.0/24) with 211 threat siblings out of 256 active addresses.
---
TECHNICAL PROFILE
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Location: London, England, GB (750km accuracy radius)
- Network Type: CloudCompute / Hosting Infrastructure
- Infrastructure Classification: Firewalled / No Services Detected
- DNS Resolution: proxy-uk006-san25.ahrefs.net (forward resolution confirmed)
- Port Status: No open ports detected
- TLS/HTTP: No certificates or web services detected
- ISP Classification: Not CDN, VPN, Proxy, Tor, or Residential
---
THREAT INDICATORS
- Risk Score: 40/100 (Moderate Risk)
- Abuse Confidence Score: Not reported
- Blacklist Status: Listed on 1 of 8 DNSBLs
- Known Campaigns: None identified
- Known Attacker Status: False
- Spam Source Status: False
- Tor Exit Node: False
- Operator Score: 0.2174 (Minimal)
- Is Persistently Malicious: False
---
HISTORICAL OBSERVATION ANALYSIS
IPDebrief recorded 23 signal observations for this address. Key historical signals include:
- 2026-06-28: Cloud hosting infrastructure confirmed, OVH provider identified, proxy/VPN/Tor services not detected
- 2026-06-20: DNS resolution to ahrefs.net domain, port scanning activity detected
- No evidence of persistent malicious behavior or campaign correlation
- Single threat observation recorded in observation history
---
NEIGHBORHOOD CONTEXT (198.244.240.0/24)
The target IP resides in a subnet with elevated abuse characteristics:
- Abuse Density: 0.8242 (High Abuse Classification)
- Total Subnet Capacity: 256 IPs
- Active Siblings: 199
- Threat Siblings: 211
- Inherited Risk Score: 32
Risk Distribution within subnet: High (0), Medium (25), Low (75)
---
RELATIONSHIP GRAPH
40 relationships identified, all categorized as "Same Network" relationships to OVH network identifier OVH_282347342. No organization, hostname, or certificate cross-relationships beyond the OVH cloud infrastructure.
---
RECOMMENDED ACTIONS
Based on the risk profile and neighborhood context, the following actions are recommended for SOC teams:
1. Monitor Closely: Due to high-abuse-density neighborhood (211 threat siblings), monitor traffic patterns from this subnet
2. Allow with Scrutiny: The IP itself shows no direct threat indicators, but the subnet context warrants logging and anomaly detection
3. Geo-Filter Consideration: London-based infrastructure; verify this matches expected traffic patterns
4. DNSBL Review: Address is listed on 1 DNSBL; investigate which list and whether false positive
5. Network Segmentation: Consider blocking entire /24 if abuse threshold is exceeded, or implement rate limiting
---
INTELLIGENCE CONCLUSION
198.244.240.25 is legitimate hosting infrastructure for Ahrefs, not directly malicious. However, the subnet shows significant abuse density, suggesting potential lateral movement or shared infrastructure abuse. SOC teams should monitor traffic from this subnet for anomalous behavior while maintaining the IP as allow-listed unless specific malicious activity is observed. The lack of persistent malicious indicators and clear organizational attribution support cautious permitting with enhanced logging.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san25.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san25.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:09:22 UTC |
| Last Seen | 2026-06-28 17:24:19 UTC |
| Profile Built | 2026-06-29 05:25:44 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.