198.244.168.105
INTELLIGENCE BRIEFING: 198.244.168.105/32
ASSIGNED RISK RATING: MODERATE (40/100)
---
EXECUTIVE SUMMARY
IP 198.244.168.105 is a cloud hosting infrastructure address owned by Ahrefs Pte Ltd Dmytro (ASN 16276), located in London, England. While the IP shows no active threat indicators, the associated /24 subnet demonstrates high-abuse characteristics with 216 of 256 sibling IPs flagged as threats. Current observation shows firewalled status with no open services.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276
- Geolocation: London, England, GB (750km accuracy radius)
- Infrastructure Type: CloudCompute, Hosting
- Provider: OVH (origin ASN 16276, BGP prefix 198.244.128.0/17)
- DNS Records: proxy-uk001-san105.ahrefs.net (ahrefs.net)
- Status: No open ports detected; HTTP services inactive
---
THREAT INDICATORS
- Risk Score: 40 (Moderate)
- DNSBL Listings: 1 of 8 total blacklists
- Known Campaigns: None identified
- Tor Exit/Attacker/Spam Source: Negative
- Abuse Confidence: Not elevated
---
SUBNET ENVIRONMENT ANALYSIS
- Subnet: 198.244.168.0/24
- Abuse Density: 0.8438 (high_abuse classification)
- Total Siblings: 256
- Threat Siblings: 216 (84% threat ratio)
- Active Siblings: 208
- Risk Distribution: 45 medium-risk, 55 low-risk neighbors
Context: This IP resides in a subnet with significant abuse concentration. The high sibling threat ratio suggests either compromised infrastructure or shared hosting with abused peers.
---
OBSERVATION HISTORY (30 signals)
- Most Recent: 2026-06-28 (confidence 0.30)
- Subnet Classification: Consistently flagged as high_abuse since 2026-06-20
- Geolocation Signals: Inference points to London, GB (confidence 0.28)
- Threat Persistence: No persistent malicious behavior detected
- Stability: Ownership changes: 0; Route changes (30d): 0
---
RELATIONSHIP GRAPH (46 relationships)
- Primary connections: Same network (OVH_282347337)
- No additional organizational or certificate relationships identified
- Network-level associations only
---
RECOMMENDED ACTIONS
Immediate Mitigation (Probabilistic - combine with other signals):
| Platform | Recommended Rule |
|---|---|
| iptables | `iptables -A INPUT -s 198.244.168.105 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 198.244.168.105 drop` |
| nginx | `deny 198.244.168.105;` |
| pfSense | Block 198.244.168.105/32 |
| Cloudflare WAF | Block with expression: `ip.src eq 198.244.168.105` |
| AWS WAF | Add address 198.244.168.105/32 to blocklist |
Strategic Considerations:
1. Subnet-level blocking may be warranted given 84% threat sibling ratio
2. Monitor for service activation on this IP
3. Cross-reference with organizational threat intelligence for Ahrefs-related campaigns
4. Consider implementing geolocation-based filtering (GB region) if abuse patterns correlate with this subnet
---
ASSESSMENT: This IP represents moderate risk primarily due to neighborhood contamination. Current state shows no active exploitation, but the subnet environment suggests defensive posture monitoring is appropriate. No immediate threat indicators detected for this specific address.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 198.244.128.0/17 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san105.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san105.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 22% | 3 | 4 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 13 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:44:17 UTC |
| Last Seen | 2026-06-28 10:52:57 UTC |
| Profile Built | 2026-06-29 04:57:03 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 32 |
Full dossier details are available via our API.