INTELLIGENCE BRIEFING: 198.244.242.111/32
Subject: Cloud Computing Infrastructure IP Address
Classification: Moderate Risk (Score: 40)
Date: Current Observation Period
Source: IPDebrief Intelligence Platform
---
EXECUTIVE SUMMARY
IP address 198.244.242.111 is a cloud-hosted infrastructure endpoint operated by OVH in London, United Kingdom. The asset is associated with Ahrefs Pte Ltd Dmytro and registered under ASN 16276. While no active threat indicators were detected, the IP operates within a subnet characterized by elevated abuse density (64.06%), requiring contextual monitoring and defensive posture consideration.
OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Ahrefs Pte Ltd Dmytro |
| Provider | OVH |
| Location | London, England, GB |
| Infrastructure Type | CloudCompute |
| Hosting Status | Active |
| CIDR Block | 198.244.128.0/17 |
The IP resolves to hostname proxy-uk007-san111.ahrefs.net, consistent with Ahrefs proxy infrastructure naming conventions. No open ports were detected; the service classification indicates firewalled/no services active.
THREAT ASSESSMENT
| Metric | Value |
|---|---|
| Risk Score | 40 (Moderate) |
| Abuse Confidence | Not Reported |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Known Campaigns | None Detected |
| Tor Exit Node | False |
| Known Attacker | False |
| Spam Source | False |
No active threat indicators were observed. The IP is not listed as a Tor exit node, known attacker, or spam source. However, the single DNSBL listing warrants awareness.
NEIGHBORHOOD ANALYSIS
The /24 subnet (198.244.242.0/24) demonstrates elevated risk characteristics:
| Metric | Value |
|---|---|
| Abuse Density | 64.06% |
| Classification | High Abuse |
| Total Siblings | 256 |
| Active Siblings | 206 |
| Threat Siblings | 164 |
| Inherited Risk | 25 |
The neighborhood risk distribution shows predominantly medium-risk classifications among neighbors. This elevated context suggests the subnet is heavily utilized for cloud services, with a significant proportion of addresses exhibiting malicious activity patterns.
TEMPORAL ANALYSIS
Historical observations indicate stable ownership with zero recorded ownership changes. Recent activity detected on 2026-06-15 shows consistent classification patterns, with the subnet maintaining high-abuse designation across multiple observation points. The IP has demonstrated persistent cloud hosting characteristics without evidence of persistent malicious behavior.
RELATIONSHIP GRAPH
The relationship graph identifies 31 associations, primarily:
- Network Relations: Multiple entries mapping to OVH_282347343 (same network infrastructure)
- DNS Associations: 18 entries mapping to proxy-uk007-san111.ahrefs.net
All DNS associations confirm consistent reverse DNS resolution to the Ahrefs proxy hostname, indicating legitimate cloud infrastructure operation rather than spoofed or compromised endpoints.
DEFENSIVE RECOMMENDATIONS
No specific security actions were automatically generated due to the moderate risk classification and lack of confirmed malicious indicators. However, the following firewall rules are recommended for proactive defense:
iptables:
```
iptables -A INPUT -s 198.244.242.111 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 198.244.242.111 drop
```
Cloudflare WAF:
```json
{"description":"Block 198.244.242.111 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 198.244.242.111"}}
```
AWS WAF:
```json
{"Addresses":["198.244.242.111/32"],"Description":"IPDebrief risk 40"}
```
INTELLIGENCE CONTEXT
This IP represents legitimate cloud hosting infrastructure within a high-abuse subnet. The combination of moderate risk score, zero active threat indicators, and consistent DNS resolution to Ahrefs proxy infrastructure suggests benign operational activity. However, the neighborhood-level abuse density (64.06%) warrants defensive awareness, particularly if this IP is observed communicating with other addresses in the same subnet.
Monitoring Priority: LOW-MEDIUM
Action Required: None unless additional threat signals emerge
Recommendation: Monitor for correlation with other subnet addresses if observed in suspicious traffic patterns
---
*Intelligence produced by IPDebrief Platform. Data reflects observations as of current analysis period.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san111.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san111.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:39:52 UTC |
| Last Seen | 2026-06-28 09:54:14 UTC |
| Profile Built | 2026-06-29 03:59:38 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.