# IP Intelligence Briefing: 198.244.240.30
## Executive Summary
IP 198.244.240.30 presents a moderate risk profile (risk score: 40) associated with OVH cloud infrastructure in London, GB. The IP resolves to proxy-uk006-san30.ahrefs.net and operates on OVH's 198.244.128.0/17 network block. While not directly flagged as malicious, the IP resides within a high-abuse-density subnet (0.7891 abuse density classification).
## Profile Details
- Risk Score: 40 (Moderate Risk)
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Geolocation: London, England, GB (Europe/London timezone)
- Infrastructure: CloudCompute, Hosting, Firewalled/No Services
- DNS: proxy-uk006-san30.ahrefs.net
- Services: No open ports detected (firewalled)
## Threat Indicators
- Blacklist Status: Listed on 1 of 8 threat feeds
- Campaigns: None correlated
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Abuse Confidence Score: Not available
## Neighborhood Analysis
The /24 subnet (198.244.240.30/24) exhibits elevated abuse characteristics:
- Abuse Density: 0.7891 (high_abuse classification)
- Total Siblings: 256
- Active Siblings: 163
- Threat Siblings: 202
- Inherited Risk Score: 31
All 100 sampled neighboring IPs scored risk level 40, indicating consistent risk distribution across the subnet.
## Historical Observations
Analysis of 21 historical observations reveals:
- Recent blacklist activity recorded on 2026-06-20 (high severity)
- DNS resolution to ahrefs.net confirmed with CAA records present
- No persistent malicious behavior detected
- Ownership changes: 0
## Network Relationships
- Connected to OVH network block (OVH_282347342)
- 38 relationship links detected, primarily network-level associations
- Control plane shows route instability (isRouteStable: false)
## Recommended Actions
Based on risk assessment, the following firewall rules are recommended:
```bash
# iptables
iptables -A INPUT -s 198.244.240.30 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.240.30 drop
# nginx
deny 198.244.240.30;
# pfSense
198.244.240.30/32
# Cloudflare WAF
{
"description": "Block 198.244.240.30 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 198.244.240.30"
}
}
# AWS WAF
{
"Addresses": ["198.244.240.30/32"],
"Description": "IPDebrief risk 40"
}
```
## Intelligence Assessment
The IP 198.244.240.30 operates on OVH cloud infrastructure with no open services, suggesting it may be part of a managed or residential proxy arrangement. While not directly associated with known threat campaigns, the high abuse density of its subnet warrants monitoring. The recent blacklist activity indicates potential use for unwanted purposes, though the IP itself shows no persistent malicious behavior.
Recommended Handling: Monitor inbound traffic from this IP. Consider blocking at perimeter if no legitimate business relationship exists with Ahrefs Pte Ltd or associated entities.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk006-san30.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk006-san30.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:59 UTC |
| Last Seen | 2026-06-28 15:49:17 UTC |
| Profile Built | 2026-06-29 03:53:51 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.