198.244.168.128
# IP Intelligence Briefing: 198.244.168.128
## Executive Summary
IP address 198.244.168.128 was classified as Moderate Risk (Risk Score: 40) with ownership attributed to Ahrefs Pte Ltd Dmytro under ASN 16276 (OVH). The IP operates within an OVH cloud infrastructure environment in London, England, resolving to a proxy hostname for the ahrefs.net domain. While the IP itself showed no open services, the associated /24 subnet exhibited high abuse density, warranting network-level defensive measures.
## Technical Profile
Ownership & Infrastructure:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- RIR: ARIN
- Network Role: CloudCompute (OVH), Hosting infrastructure
- Geolocation: London, England, GB (GeoPlausible: true)
- BGP Prefix: 198.244.128.0/17
DNS & Resolution:
- PTR Hostname: proxy-uk001-san128.ahrefs.net
- Forward Resolution: proxy-uk001-san128.ahrefs.net
- Domain: ahrefs.net
- Forward Confirmed: No
Security Posture:
- DNSBL Listed: 1 of 8 total lists
- Open Ports: None detected
- TLS Certificate: None
- HTTP Services: None active
## Neighborhood Intelligence
The IP resides within subnet 198.244.168.128/24, which demonstrated elevated threat characteristics:
- Subnet Classification: High Abuse
- Abuse Density: 0.8047
- Total Siblings: 256 IPs
- Active Siblings: 191
- Threat Siblings: 206
- Inherited Risk Score: 32
Risk distribution across the /24 showed 100 medium-risk IPs, 0 high-risk, and 0 low-risk. This indicates systemic risk within the broader subnet allocation.
## Historical Observations
Signal history recorded 23 observations over the monitoring period. Key signals included:
- Consistent DNS resolution to ahrefs.net with CAA records present
- Neighborhood abuse classification signals showing persistent high-abuse categorization
- ASN-level reputation data from AlienVault OTX showing France-based attribution for AS16276
- Operator score of 0.2174 with "Minimal" classification
Route stability assessment indicated the BGP prefix was not stable. No persistent malicious activity was observed over time.
## Relationship Graph
The IP maintained 38 relationships, predominantly classified as Same Network relationships to OVH_282347337. No external entity relationships (hostnames, organizations, certificates) were identified beyond the network-level associations.
## Recommended Actions
Based on the risk profile, the following firewall rules were generated:
iptables:
```
iptables -A INPUT -s 198.244.168.128 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 198.244.168.128 drop
```
nginx:
```
deny 198.244.168.128;
```
pfSense:
```
198.244.168.128/32
```
Cloudflare WAF:
```json
{"description":"Block 198.244.168.128 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 198.244.168.128"}}
```
AWS WAF:
```json
{"Addresses":["198.244.168.128/32"],"Description":"IPDebrief risk 40"}
```
## Assessment
IP 198.244.168.128 presented moderate risk with no active services and no threat indicators. The primary concern stemmed from the high-abuse density of the parent /24 subnet. No evidence of active malicious campaigns, known attacker status, or spam source designation was found. The IP resolves to legitimate infrastructure (ahrefs.net proxy) but the neighborhood context suggests compromised or misconfigured peers within the same subnet.
Recommendation: Apply blocking rules at perimeter firewalls and WAF layers for the specific IP. Monitor subnet 198.244.168.0/24 for additional compromise indicators given the 80%+ abuse density.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san128.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san128.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:55 UTC |
| Last Seen | 2026-06-28 15:42:25 UTC |
| Profile Built | 2026-06-29 03:45:50 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.