198.244.168.1
# IP INTELLIGENCE BRIEFING
Target: 198.244.168.1/32
Classification: Moderate Risk / Cloud Infrastructure
Date: Current
Source: IPDebrief Intelligence Platform
---
## EXECUTIVE SUMMARY
IP 198.244.168.1 is a cloud-compute instance hosted within OVH infrastructure, associated with the Ahrefs Pte Ltd organization. The IP presents a moderate risk profile (Score: 40) with no active threat indicators. However, the /24 subnet demonstrates elevated abuse density (0.7695), suggesting potential collateral risk from neighboring addresses. No direct malicious activity observed; the IP serves as a firewalled endpoint with no open services.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Infrastructure Type** | CloudCompute |
| **Network Role** | Hosting / Cloud Provider |
| **BGP Origin** | 198.244.128.0/17 |
| **AS Path** | 57866 โ 16276 |
| **Route Stability** | Stable (0 changes in 30 days) |
Note: Control plane data indicates RPKI state and IRR consistency pending validation. Delegation age: 9,251 days.
---
## GEOLOCATION & DNS
| Attribute | Value |
|---|---|
| **Country** | GB (England) |
| **City** | London |
| **Timezone** | Europe/London |
| **PTR Hostname** | proxy-uk001-san1.ahrefs.net |
| **Domain** | ahrefs.net |
| **Forward Resolution** | Unconfirmed |
| **Geo Consensus** | False (Inconsistent data sources) |
| **DNSSEC** | Valid |
Geographic Discrepancy: ASN registry indicates FR (France) allocation (2001-02-15), while geolocation data points to England. This inconsistency warrants monitoring.
---
## THREAT ANALYSIS
| Indicator | Status |
|---|---|
| **Risk Score** | 40 / 100 (Moderate) |
| **Abuse Confidence** | Not Available |
| **Known Attacker** | False |
| **Spam Source** | False |
| **Tor Exit Node** | False |
| **Blacklist Count** | 0 |
| **DNSBL Listings** | 1 / 8 lists |
| **Campaign Correlation** | None detected |
Behavioral Status: No persistent malicious activity. Threat observation count: 1. Stability score: 0.
---
## NEIGHBORHOOD CONTEXT
| Metric | Value |
|---|---|
| **Subnet** | 198.244.168.0/24 |
| **Total Siblings** | 256 |
| **Active Siblings** | 191 |
| **Threat Siblings** | 197 |
| **Abuse Density** | 0.7695 (High) |
| **Classification** | High Abuse |
| **Inherited Risk** | 30 |
Critical Finding: The /24 subnet shows significant abuse density with 197 of 256 total IPs flagged as threats. This elevated neighborhood risk suggests compromised infrastructure sharing. Neighboring IPs (198.244.168.0-5) all show risk scores of 40 with authority scores of 50.
---
## SERVICES & NETWORK ROLE
| Attribute | Value |
|---|---|
| **Open Ports** | None detected |
| **Service Purpose** | Firewalled / No Services |
| **TLS Certificate** | None |
| **HTTP Banner** | None |
| **CDN** | False |
| **Proxy** | False |
| **Mobile** | False |
| **Residential** | False |
Analysis: The target IP appears to be a backend or management endpoint with no exposed services. This is consistent with cloud infrastructure hosting.
---
## OBSERVATION HISTORY
Total Observations: 23
Recent Activity: June 2026
Key Historical Signals:
- ASN allocation: 9,251 days (legacy infrastructure)
- Route stability: Confirmed stable
- BGP communities: 16276:421, 16276:40001, 16276:42101, 57866:200, 65102:41441, 65103:1, 65104:31
- No ownership changes recorded
- No threat persistence patterns detected
Temporal Assessment: The IP demonstrates stable network behavior over the observation period. No escalation in risk profile observed.
---
## RELATIONSHIP GRAPH
| Relationship Type | Target | Count |
|---|---|---|
| **Same Network** | OVH_282347337 | Multiple |
| DNS Association | proxy-uk
| **Same Network** | OVH_282347337 | Multiple |
|---|---|---|
| **DNS Association** | proxy-uk001-san1.ahrefs.net | 16 |
---
## ACTIONABLE RECOMMENDATIONS
Immediate Actions
1. Block at Edge: Apply firewall rules for traffic from 198.244.168.1/32. Recommended ruleset:
- iptables: `iptables -A INPUT -s 198.244.168.1 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.168.1 drop`
- Cloudflare WAF: Block with expression `ip.src eq 198.244.168.1`
2. Monitor Neighbors: Track adjacent IPs in 198.244.168.0/24 range. High abuse density (0.7695) indicates potential lateral threat vectors.
3. Validate DNS Records: Forward resolution unconfirmed for proxy-uk001-san1.ahrefs.net. Investigate DNS propagation status.
Long-Term Considerations
- Subnet Risk Assessment: The /24 subnet contains 197 threat-siblings. Consider broader segmentation policies for this OVH prefix.
- Geolocation Verification: Discrepancy between ASN registry (FR) and geolocation data (GB) requires validation.
- Reputation Monitoring: DNSBL listing count (1/8) suggests potential takedown or abuse history.
---
## RISK ASSESSMENT SUMMARY
| Category | Rating |
|---|---|
| **Direct Threat** | Low |
| **Infrastructure Risk** | Moderate |
| **Neighborhood Risk** | High |
| **Action Priority** | Medium |
Assessment Rationale: The target IP itself shows no active malicious indicators. However, the high-abuse neighborhood classification and 197 threat-siblings create contextual risk that warrants defensive posture. Recommend blocking while continuing surveillance for neighborhood correlation.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 198.244.128.0/17 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san1.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san1.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 33% | 2 | 3 |
| services | 8% | 1 | 1 |
| ownership | 37% | 3 | 6 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 29% | 11 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 23:49:32 UTC |
| Last Seen | 2026-06-28 10:27:49 UTC |
| Profile Built | 2026-06-29 04:32:51 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.