198.244.168.132

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 198.244.168.132/32

Classification: Moderate Risk | Date: Current | Source: IPDebrief Intelligence Platform

---

## EXECUTIVE SUMMARY

Target IP 198.244.168.132 is a cloud compute infrastructure address hosted under OVH (ASN 16276) with moderate risk classification. The IP resolves to the ahrefs.net domain, indicating enterprise hosting for Ahrefs Pte Ltd operations in London, United Kingdom. While individual threat indicators are minimal, the IP operates within a high-abuse density subnet requiring contextual monitoring.

---

## INFRASTRUCTURE PROFILE

Attribute	Value
IP Address	198.244.168.132/32
Risk Score	50 (Moderate)
Provider	OVH (ASN 16276)
Organization	Ahrefs Pte Ltd Dmytro
Location	London, England, GB
Network Type	Cloud Compute / Hosting
BGP Prefix	198.244.128.0/17
DNS Resolution	proxy-uk001-san132.ahrefs.net

---

## THREAT ASSESSMENT

Individual IP Indicators:

No detected open ports or active services
Not listed as known attacker, spam source, or Tor exit node
Blacklist count: 0 (individual IP)
DNSBL listings: 2 of 8 total lists
No known malware campaigns or threat feeds associated
TLS certificates: None detected (firewalled/no services)

Neighborhood Context (198.244.168.0/24):

Abuse Density: 0.75 (High)
Classification: high_abuse
Active Siblings: 164 out of 256 total
Threat Siblings: 192
Inherited Risk Score: 30
Risk Distribution: 100 medium, 0 high, 0 low

Key Finding: Despite clean individual indicators, the IP resides in a subnet with elevated abuse activity. The high threat sibling count (192) indicates potential lateral threat exposure within the /24 network.

---

## OBSERVATION HISTORY

Total Observations: 19 signals recorded

Recent Activity (2026-06-15):

Port scanning activity detected (confidence: 70%)
DNS resolution confirmed to ahrefs.net
Subnet abuse classification: high_abuse (confidence: 75%)
Network routing stable with minimal control plane changes
No persistent malicious behavior confirmed

Temporal Analysis:

Ownership stability: No changes recorded
Threat persistence: Single observation only
Not classified as persistently malicious

---

## RELATIONSHIP NETWORK

Detected Relationships: 35

Primary association: OVH_282347337 network infrastructure
Network classification: CloudCompute hosting environment
No cross-organizational or inter-provider relationships identified

---

## RECOMMENDED ACTIONS

Immediate:

1. Monitor subnet 198.244.168.0/24 for correlated threat activity

2. Implement rate limiting on connections from this /24 subnet

3. Validate ahrefs.net DNS resolution patterns against known baselines

Firewall Rules:

Allow: Established connections only (existing ahrefs.net relationships)
Block: New connections from 198.244.168.0/24 if abuse patterns emerge
Monitor: DNS queries to proxy-uk001-san132.ahrefs.net

Threat Hunting:

Investigate 192 threat siblings in the 198.244.168.0/24 subnet
Correlate any inbound connections with known Ahrefs services
Track subnet-level traffic anomalies

---

## CONCLUSION

IP 198.244.168.132 represents legitimate enterprise infrastructure (Ahrefs) with moderate individual risk. However, the high-abuse density of its /24 subnet (0.75) warrants contextual monitoring. The IP is not currently flagged as malicious, but SOC teams should monitor subnet-level activity and be prepared for potential abuse campaigns leveraging the shared hosting environment.

Priority: Medium | Action: Monitor

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.50
Longitude	-0.12

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk001-san132.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk001-san132.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	39%	2	3
routing	13%	1	1
services	15%	2	2
ownership	24%	2	3
reputation	31%	1	3
geolocation	33%	2	3
Overall	26%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-18 03:22:27 UTC
Last Seen	2026-06-28 06:04:14 UTC
Profile Built	2026-06-29 00:08:26 UTC
Data Freshness	Live
Signal Types	21
Total Observations	26

🔍 21 signal types · 26 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.168.132📋 Copy