198.244.242.209

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# Intelligence Briefing: IP 198.244.242.209

## Executive Summary

The IP address 198.244.242.209 was classified as Moderate Risk (Risk Score: 40) with ownership attributed to OVH infrastructure (ASN 16276). The address resolved to ahostname proxy-uk007-san209.ahrefs.net under the ahrefs.net domain, with geolocation data indicating London, England. No active services were detected on the host, with the network role classified as CloudCompute/Hosting infrastructure.

## Profile Analysis

Ownership & Infrastructure:

ASN: 16276 (OVH)
Organization: Ahrefs Pte Ltd Dmytro
Network Role: CloudCompute, Hosting, Firewall
Geolocation: London, England, GB (Europe/London timezone)
PTR Record: proxy-uk007-san209.ahrefs.net
DNS: Single forward resolution confirmed

Threat Indicators:

Blacklist Count: 1 DNSBL listing detected
DNSBL Total Lists: 8
Abuse Confidence Score: Not applicable
Known Campaigns: None
IsTorExit: False
IsKnownAttacker: False
IsSpamSource: False

Network Classification:

Cloud: True
CDN: False
VPN: False
Proxy: False
Hosting: True
Mobile: False
Residential: False
Bogon: False

## Neighborhood Assessment

The /24 subnet (198.244.242.0/24) exhibited high abuse density with an abuse density score of 0.6367. Analysis identified 256 total sibling IPs with 207 active siblings and 163 threat siblings. Risk distribution across the subnet showed 100 medium-risk IPs with zero high-risk classifications. The inherited risk score for this address was 25.

## Historical Observations

Twenty-seven signal observations were recorded. Key historical signals included:

Operator classification: Minimal (0.1 raw score)
Geolocation validation: Passed (geoPlausible: true, distance: 473.7 km, average RTT: 94ms)
Subnet classification: High abuse density (0.6367)
Threat observation count: 1
No persistent malicious behavior detected

## Related Entities

Sixty-one relationships were identified, with multiple entries classified as Same Network relationships to OVH_282347343. The BGP origin ASN was 16276 with bgpPrefix 198.244.128.0/17.

## Recommended Actions

Based on the risk profile, the following firewall rules were generated:

iptables: DROP traffic from 198.244.242.209
nftables: DROP rule for source address 198.244.242.209
nginx: Deny directive for the IP address
pfSense: Block rule for 198.244.242.209/32
Cloudflare WAF: Block with expression ip.src eq 198.244.242.209
AWS WAF: Block rule for 198.244.242.209/32

No specific security action recommendations were generated beyond the default block rule.

## Assessment Notes

The address demonstrates characteristics of a hosted proxy/infrastructure endpoint associated with ahrefs.net. While the individual risk score was moderate (40), the subnet context indicates elevated abuse density. No evidence of active malicious campaigns or persistent threat behavior was observed. The absence of open ports and services suggests the address may be reserved or actively managed with restrictive firewall rules.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk007-san209.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk007-san209.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	20%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	30%	2	3
Overall	23%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:06 UTC
Last Seen	2026-06-27 02:54:23 UTC
Profile Built	2026-06-27 21:01:22 UTC
Data Freshness	Live
Signal Types	23
Total Observations	29

🔍 23 signal types · 29 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.242.209📋 Copy