198.244.242.251
# IP Intelligence Briefing: 198.244.242.251/32
Classification: MODERATE RISK - Cloud Infrastructure Asset
Date: June 15, 2026
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP address 198.244.242.251 is a cloud computing infrastructure endpoint owned by Ahrefs Pte Ltd Dmytro, operating through OVH SAS infrastructure in London, England. While the IP itself shows no direct threat indicators, it resides within a subnet exhibiting elevated abuse density. The endpoint is associated with Ahrefs legitimate proxy infrastructure and presents moderate risk primarily due to neighborhood context.
---
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 (OVH) |
| **Country** | GB (London) |
| **Infrastructure Type** | CloudCompute |
| **Registration** | ARIN |
Geolocation Note: Location consensus shows GB with 750km accuracy radius. One historical signal from Alienvault OTX indicated FR origin (Paris coordinates), suggesting multi-jurisdictional cloud routing.
---
## Network Classification
- Provider Score: 0.2174 (Minimal operator risk)
- Infrastructure Type: Cloud-based (isCloud: true)
- Services: None actively open (Firewalled / No Services)
- DNS Resolutions: proxy-uk007-san251.ahrefs.net
- Reverse DNS: Confirmed for Ahrefs domain (ahrefs.net)
---
## Threat Assessment
| Metric | Value |
|---|---|
| **Risk Score** | 40/100 (Moderate Risk) |
| **Abuse Confidence** | N/A (No direct threat indicators) |
| **Threat Indicators** | None |
| **Blacklist Count** | 1 DNSBL list |
| **Tor Exit/Proxy** | No |
| **Known Campaign** | None |
Direct Threat Status: LOW. The IP shows no active exploitation indicators, no known campaigns, and no direct threat feeds associations.
---
## Neighborhood Analysis (198.244.242.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.6523 (High) |
| **Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 206 |
| **Threat Siblings** | 167 |
| **Inherited Risk** | 26 |
| **Risk Distribution** | 100 Medium, 0 High, 0 Low |
Critical Finding: The /24 subnet exhibits elevated abuse activity with 167 of 206 active siblings flagged as threats. This context elevates the risk profile despite the target IP showing no direct malicious behavior.
---
## Historical Observations (19 Records)
- Most Recent: June 15, 2026
- Observation Types:
- Subnet abuse density monitoring (continuous)
- Geolocation signals (FR and GB)
- Routing and control plane metrics
- DNS and ownership verification
Persistence: Threat observation count: 1. Not classified as persistently malicious.
---
## Relationship Graph
Network: OVH_282347343 (26 same-network relationships)
DNS: proxy-uk007-san251.ahrefs.net (15 DNS association records)
External: No additional organizational or certificate relationships detected
---
## Recommended Actions
Defensive Posture: MONITOR
Justification: IP is associated with legitimate Ahrefs infrastructure but operates in a high-abuse-density cloud subnet. No immediate blocking required.
Recommended Firewall Rules:
- Allow inbound traffic only on expected Ahrefs ports
- Monitor outbound connections to associated DNS (ahrefs.net)
- Log all connections to this subnet for 7-day retention
- No immediate block recommendations (risk score 40, no direct threats)
SOC Analyst Actions:
1. Whitelist or monitor at perimeter firewall
2. Correlate with known Ahrefs traffic patterns
3. Flag any unusual outbound behavior to this subnet
4. No immediate incident response required
---
## Risk Summary
| Factor | Assessment |
|---|---|
| **Direct Threat** | LOW |
| **Infrastructure Risk** | MODERATE (Cloud/Shared) |
| **Neighborhood Risk** | ELEVATED (High abuse density) |
| **Operational Risk** | LOW (Legitimate provider) |
| **Recommended Action** | MONITOR |
Conclusion: IP 198.244.242.251 represents a legitimate cloud infrastructure asset within a high-abuse neighborhood. SOC teams should monitor for anomalous behavior but no immediate defensive actions required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san251.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san251.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 17:47:51 UTC |
| Last Seen | 2026-06-28 12:12:51 UTC |
| Profile Built | 2026-06-29 06:18:12 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.