198.244.168.109
# IP INTELLIGENCE BRIEFING: 198.244.168.109/32
Classification: MODERATE RISK (Score: 40/100)
Date: Current
Status: Active Monitoring Recommended
---
## EXECUTIVE SUMMARY
IP address 198.244.168.109 operates within OVH cloud infrastructure and resolves to proxy-uk001-san109.ahrefs.net, indicating association with Ahrefs domain infrastructure. The IP presents moderate risk (score 40) with one DNSBL listing across eight total lists. While the IP itself shows no active threat indicators, the /24 subnet exhibits high abuse density (0.5508) with 141 threat-sibling IPs identified.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 198.244.168.109 |
| **ASN** | AS16276 (OVH SAS) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | Cloud Compute (OVH) |
| **Network Role** | Firewalled / No Services Detected |
| **DNS Record** | proxy-uk001-san109.ahrefs.net |
| **Hosted Domain** | ahrefs.net |
---
## THREAT INDICATORS
- Abuse Confidence: DNSBL listed (1/8 lists)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Affiliation: None detected
- Threat Feeds: 7 pulse associations (severity: high)
- Blacklist Count: 1 confirmed listing
---
## OBSERVATION HISTORY ANALYSIS
Total Observations: 22 signals tracked
Key Temporal Events:
- 2026-06-28: IP flagged on 7 threat pulses with high severity listings
- 2026-06-20: Listed across 8 blacklist sources (max severity: high)
- Geolocation Discrepancy: Conflicting origin signals between FR (France) and GB (UK) with low-to-moderate confidence scores (0.28-0.85)
Risk Trajectory: Single threat observation recorded. IP not classified as persistently malicious.
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 198.244.168.0/24
Classification: High Abuse Density
Abuse Density Score: 0.5508
Sibling IP Risk Distribution:
- High Risk: 0
- Medium Risk: 55
- Low Risk: 45
- Active Siblings: 141 out of 256 total
Notable Neighbor Risk Scores:
- 198.244.168.0: Risk 40, Authority 50
- 198.244.168.1: Risk 40, Authority 50
- 198.244.168.2: Risk 25, Authority 50
---
## RELATIONSHIP GRAPH
Direct Associations: 33 relationships identified
Primary Connection: OVH Network (OVH_282347337)
Connection Type: Same Network (repeated across 28+ entries)
---
## CONTROL PLANE DATA
| Metric | Value |
|---|---|
| **BGP Prefix** | 198.244.128.0/17 |
| **Origin ASN** | 16276 |
| **Route Stability** | False |
| **RPKI State** | Not Available |
| **IRR Consistency** | Not Available |
| **Route Changes (30d)** | 0 |
| **DNSSEC Valid** | True |
| **CAAA Records** | Present |
---
## SECURITY RECOMMENDATIONS
Blocking Recommendations (Based on Risk Score 40):
```bash
# iptables
iptables -A INPUT -s 198.244.168.109 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.168.109 drop
# nginx
deny 198.244.168.109;
# pfSense
198.244.168.109/32
# Cloudflare WAF
{"description":"Block 198.244.168.109 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 198.244.168.109"}}
# AWS WAF
{"Addresses":["198.244.168.109/32"],"Description":"IPDebrief risk 40"}
```
Note: Recommendations are probabilistic and should be combined with additional threat intelligence before implementing blocking rules.
---
## ANALYST NOTES
1. Contextual Risk: While individual IP risk score is moderate (40), the high abuse density in the /24 subnet warrants monitoring of adjacent IPs.
2. Infrastructure Legitimacy: DNS resolution to ahrefs.net suggests potential legitimate use case (Ahrefs is a known SEO analytics provider). However, DNSBL listing indicates some reputation compromise.
3. Cloud Hosting Pattern: The IP operates in a cloud compute environment with no open services detected, typical of residential proxy or web scraper infrastructure.
4. Geolocation Uncertainty: Conflicting origin signals (FR vs GB) with low confidence suggests potential IP geolocation spoofing or multi-region hosting.
5. Action Priority: Monitor for pattern escalation. Consider blocking if additional threat signals emerge or if internal traffic patterns indicate abuse.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san109.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san109.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 21:27:56 UTC |
| Last Seen | 2026-06-28 07:53:05 UTC |
| Profile Built | 2026-06-29 01:57:36 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.