# INTELLIGENCE BRIEFING: 198.244.168.126/32
Classification: MODERATE RISK โ SUBNET ABUSE EVIDENCE
Date: 2026-06-21
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 198.244.168.126 operates within OVH cloud infrastructure (ASN 16276) and resolves to Ahrefs proxy hostnames. While the individual IP presents moderate risk (score: 40), the associated /24 subnet demonstrates high abuse density (82.81%), indicating systemic hosting environment compromise or misconfiguration. No direct threat indicators identified on the target IP.
---
## OWNERSHIP & GEOLOCATION
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276 (OVH)
- Country: England, GB (London)
- CIDR Block: 198.244.128.0/17
- Infrastructure Type: CloudCompute (OVH hosting)
- Registration: ARIN
---
## THREAT INDICATORS
- Risk Score: 40/100 (Moderate)
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 threat feeds
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Associations: None detected
- Threat Persistence: 0 days (transient activity)
- Open Ports: None (service firewalled)
---
## NETWORK ENVIRONMENT ANALYSIS
Subnet Profile: 198.244.168.0/24
- Abuse Density: 0.8281 (82.81% โ HIGH)
- Active Siblings: 197 of 256 IPs
- Threat Siblings: 212 IPs flagged
- Risk Distribution: 100% medium risk (score: 40)
- Classification: high_abuse
The target IP shares a subnet with 212 threat-sibling addresses, suggesting systematic infrastructure abuse within the hosting environment.
---
## OBSERVATION HISTORY
- Total Signals: 21 observations
- Latest Signal: 2026-06-21 (geolocation inference: GB, confidence 0.28)
- Ownership Changes: 0
- Route Stability: Unstable (route changes detected within 30 days)
- Threat Status: Not persistently malicious
---
## RELATIONSHIP GRAPH
- Network Affiliations: 32 relationships identified (OVH_282347337)
- DNS Resolutions: proxy-uk001-san126.ahrefs.net (ahrefs.net)
- Email Authentication: SPF/DMARC not configured
---
## RECOMMENDED ACTIONS
SOC Analyst Actions:
1. Allow with Monitoring: No immediate blocking recommended; IP lacks direct threat indicators
2. Subnet Awareness: Monitor 198.244.168.0/24 subnet for lateral movement patterns
3. Email Filtering: Exercise caution with email sources; SPF/DMARC not configured
4. Firewall Rules: No specific iptables/nftables rules required at this time
Recommended Signature Pattern:
```
# Monitor subnet abuse (198.244.168.0/24)
ipset add subnet-ovh-abuse 198.244.168.0/24
```
---
## CONCLUSION
IP 198.244.168.126 represents a low-risk endpoint within a high-abuse hosting environment. While the IP itself shows no malicious activity, the subnet context warrants continued monitoring for coordinated abuse campaigns. No immediate defensive action required beyond standard logging and subnet-level awareness.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san126.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san126.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 21:46:40 UTC |
| Last Seen | 2026-06-29 03:33:58 UTC |
| Profile Built | 2026-06-29 09:37:19 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.