198.244.242.59
## IP Intelligence Briefing: 198.244.242.59/32
Classification: Moderate Risk (Score: 50)
Report Generated: Based on comprehensive IP intelligence data
Target: 198.244.242.59
Executive Summary
The target IP address 198.244.242.59 operates within OVH cloud infrastructure (ASN 16276) in London, England. The IP resolved to proxy-uk007-san59.ahrefs.net, indicating association with Ahrefs Pte Ltd Dmytro. Despite the legitimate domain association, the IP exhibits elevated risk characteristics including high-abuse subnet classification, multiple blacklistings, and control plane inconsistencies.
Network Infrastructure
- Provider: OVH Cloud
- ASN: 16276
- Geolocation: London, England, GB (accuracy radius: 750km)
- Infrastructure Type: CloudCompute
- Network Role: Hosting provider with firewalled/no services status
- BGP Prefix: 198.244.128.0/17
Threat Indicators
Risk Profile:
- Overall Risk Score: 50 (Moderate Risk)
- Abuse Confidence Score: Not determined
- Blacklist Count: 2 active listings out of 8 total
- DNSBL Listed: Yes (2/8 lists)
Threat Feed Analysis:
- No known campaigns correlated
- No threat indicators in feeds
- Not identified as Tor exit node or known attacker
- Reputation sources: Multiple sources indicate moderate risk
Control Plane:
- Route stability: Inconsistent (isRouteStable: false)
- RPKI State: Not evaluated
- IRR Consistency: Not evaluated
- Route changes in 30 days: 0
Subnet Analysis (198.244.242.0/24)
- Abuse Density: 0.6758 (High abuse classification)
- Total Siblings: 256
- Active Siblings: 206
- Threat Siblings: 173 (67.6% threat ratio)
- Inherited Risk Score: 27
- Subnet Classification: High abuse
Historical Observations
Signal observation history indicates 19 total observations with the following timeline:
- 2026-06-17 00:42: Multiple blacklistings detected (8 total lists, 2 active with high severity)
- 2026-06-15 16:41: High abuse subnet classification confirmed
- 2026-06-15 16:34-16:32: Geolocation inference and operator scoring conducted
Recent observations show persistent blacklist presence with high-severity classifications.
DNS Analysis
- PTR Hostnames: proxy-uk007-san59.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed
- Email Authentication: No SPF or DMARC records detected
- TXT Records: 0
- Forward Hostnames: proxy-uk007-san59.ahrefs.net
Network Relationships
The IP maintains relationships with:
- Network: OVH_282347343 (multiple associations)
- Hostnames: proxy-uk007-san59.ahrefs.net (16+ DNS associations)
Recommended Security Actions
Based on the IP's risk profile, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 198.244.242.59 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 198.244.242.59 drop
```
nginx:
```
deny 198.244.242.59;
```
pfSense:
```
198.244.242.59/32
```
Cloudflare WAF:
```
Block 198.244.242.59 โ IPDebrief risk score 50
```
AWS WAF:
```
Addresses: ["198.244.242.59/32"]
Description: IPDebrief risk 50
```
Analysis Notes
The IP address presents moderate risk primarily due to subnet-level abuse characteristics. While the DNS resolves to a legitimate ahrefs.net hostname, the high-abuse subnet classification (0.6758 density) and 173 threat siblings suggest the IP may be misused within the hosting environment. The route stability issues and DNSBL listings indicate ongoing reputation concerns.
Recommendation: Implement blocking rules while monitoring for legitimate traffic patterns. Consider geolocation-based filtering if legitimate operations require access from this subnet.
---
*This intelligence briefing is based on IPDebrief analysis. All data presented is derived from observed network signals and threat intelligence sources.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san59.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san59.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:12:39 UTC |
| Last Seen | 2026-06-28 18:38:58 UTC |
| Profile Built | 2026-06-29 06:42:38 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.