198.244.168.12
# IP Intelligence Briefing: 198.244.168.12/32
## Executive Summary
Target IP 198.244.168.12 is classified as Moderate Risk (Risk Score: 50/100). The address is hosted on OVH infrastructure (ASN 16276) under the organizational registration "Ahrefs Pte Ltd Dmytro" with geolocation coordinates in London, England (GB). No active services or open ports were detected on the target.
## Technical Profile
Ownership & Classification:
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- RIR: ARIN
- Infrastructure Type: CloudCompute (Cloud-hosted environment)
- Network Role: Hosting provider with firewalled/no services status
- Connection Type: Cloud infrastructure
Geolocation:
- Country: United Kingdom (GB)
- Region: England
- City: London
- Geographic Accuracy: 750 km radius (consensus from 2 sources)
- Geographic Plausibility: True
DNS Analysis:
- PTR Hostnames: proxy-uk001-san12.ahrefs.net
- Forward Resolution: 1 hostname resolved
- Domain: ahrefs.net
- SPF/DMARC: Not configured
- DNSSEC: Valid
Network Services:
- Open Ports: None detected
- TLS Certificate: Not present
- HTTP Title: Not present
- Server Banner: None observed
## Threat Indicators
Risk Classification:
- Overall Risk Score: 50 (Moderate)
- Abuse Confidence Score: Not available
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0 (current)
- Pulsedive Risk: Not available
Control Plane:
- BGP Prefix: 198.244.128.0/17
- Route Stability: Unstable (route changes detected in last 30 days)
- DNSBL Listings: 2 out of 8 total lists
- DNSBL Status: Listed on multiple threat feeds
Behavioral:
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: False
## Observation History
Analysis of 19 historical observations reveals consistent cloud/hosting classification with OVH provider attribution. Recent signals (June 2026 timeframe) indicate:
- Cloud infrastructure classification
- Operator score: 0.2174 (Minimal)
- ASN attribution: AS16276 OVH SAS
- Geolocation signals: FR/London coordinates
- DNSBL activity: 2 listings with high severity severity noted
Temporal analysis shows no persistent malicious behavior patterns.
## Relationship Analysis
Network Relationships:
- 38 relationship records identified
- Primary association: Same Network (OVH_282347337)
- Multiple network-level connections to OVH infrastructure
Subnet Context:
- /24 Subnet: 198.244.168.0/24
- Subnet Abuse Classification: High abuse (0.6719 abuse density)
- Total Siblings: 256
- Active Siblings: 164
- Threat Siblings: 172
- Inherited Risk Score: 26
Neighbor Risk Distribution:
- High Risk: 0 neighbors
- Medium Risk: 63 neighbors
- Low Risk: 37 neighbors
- Sample Neighbor Risk Scores: 25-40
## Recommended Actions
Firewall Rules:
- No specific firewall rules recommended (actions recommendations: empty)
Monitoring Priorities:
- Monitor DNSBL listing changes (2 current listings)
- Track BGP route stability (unstable routing observed)
- Monitor subnet-level threat activity (172 threat siblings in /24)
- Watch for service emergence on previously closed ports
Threat Assessment:
The target IP presents moderate risk primarily due to its classification within a high-abuse density subnet (198.244.168.0/24). While the individual address shows no active malicious indicators, the subnet context suggests elevated threat presence. The OVH cloud hosting environment and lack of open services indicate this is likely a legitimate hosting address, though the high subnet abuse density warrants continued monitoring for potential compromise or abuse vectors.
Classification: MODERATE RISK โ MONITOR
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san12.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san12.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:22:27 UTC |
| Last Seen | 2026-06-28 06:04:17 UTC |
| Profile Built | 2026-06-29 00:08:26 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.