198.244.242.96
# IP Intelligence Briefing: 198.244.242.96/32
Classification: Moderate Risk (Score: 50/100)
Analysis Date: 2026-06-20
Status: Active Threat Indicators Present
---
## Executive Summary
IP 198.244.242.96 is a cloud infrastructure address hosted by OVH (ASN 16276) in London, GB. The IP is associated with Ahrefs Pte Ltd Dmytro and is part of a high-abuse subnet with significant threat activity. While currently showing no open services, the address carries moderate risk due to neighborhood abuse density, DNSBL listings, and control plane instability.
---
## Key Indicators
| Parameter | Value |
|---|---|
| **Risk Score** | 50/100 (Moderate) |
| **ASN** | 16276 (OVH) |
| **Location** | London, England, GB |
| **Infrastructure** | CloudCompute (Hosted) |
| **DNS/Hostname** | proxy-uk007-san96.ahrefs.net |
| **DNSBL Listed** | 2 of 8 total lists |
| **Route Stability** | Unstable |
| **Subnet Abuse Density** | 0.6641 (High) |
---
## Threat Assessment
The IP exhibits moderate risk characteristics consistent with cloud infrastructure hosting potentially malicious activity:
- Neighborhood Context: The /24 subnet (198.244.242.0/24) shows high abuse density (0.6641) with 170 of 256 sibling IPs identified as threats. This IP inherits a risk score of 26 from neighborhood context.
- Control Plane: Route instability detected; BGP prefix 198.244.128.0/17 shows 0 route changes in 30 days but is classified as not stable. RPKI state and IRR consistency data unavailable.
- Network Role: Firewalled with no open services. No TLS certificates, HTTP banners, or scanable ports detected.
- Geolocation: Inferred location London, GB with 750km accuracy radius based on multi-signal inference (confidence: 0.28).
---
## Historical Observations
Recent signal history (last 20 observations) indicates:
- Persistent subnet abuse classification (0.6641 density, high_abuse)
- Consistent OVH provider identification
- Minimal operator score (0.2174)
- Operator label: "Minimal"
- No persistent malicious activity detected over observation period
---
## Related Entities
- Network: OVH_282347343 (41 relationships identified)
- Subnet: 198.244.242.96/24 (256 total siblings, 219 active)
- Threat Siblings: 170 IPs in subnet flagged as threats
- Risk Distribution in /24: High (0), Medium (24), Low (76)
---
## Recommended Actions
Based on risk profile, the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.242.96 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.242.96 drop` |
| **nginx** | `deny 198.244.242.96;` |
| **pfSense** | `198.244.242.96/32` |
| **Cloudflare WAF** | Block: `ip.src eq 198.244.242.96` |
| **AWS WAF** | Address: `198.244.242.96/32` |
---
## SOC Analyst Notes
- Block Recommendation: Moderate priority. IP is part of a high-abuse subnet with multiple threat indicators.
- Context: Hosted on OVH cloud infrastructure under Ahrefs Pte Ltd Dmytro. PTR hostname suggests proxy service.
- Monitoring: Subnet-wide abuse density warrants monitoring of additional /24 addresses.
- False Positive Consideration: DNSBL listings (2/8) and operator score may indicate some legitimate use cases. Evaluate against business requirements before permanent blocking.
---
Data Source: IPDebrief Intelligence Platform
Confidence Level: Moderate (risk score 50)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk007-san96.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk007-san96.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:09:24 UTC |
| Last Seen | 2026-06-28 17:26:04 UTC |
| Profile Built | 2026-06-29 05:28:02 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.