198.244.168.14
# IP Intelligence Briefing: 198.244.168.14/32
Date: 2026-06-28
Classification: MODERATE RISK
Risk Score: 40/100
---
## Executive Summary
IP 198.244.168.14 is hosted on OVH cloud infrastructure in London, England, with a moderate risk profile. The IP operates as a firewalled cloud compute resource with no open services. While the target IP shows no direct threat indicators, its /24 subnet exhibits high abuse density (0.8125), suggesting potential lateral risk from neighboring addresses.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH (CloudCompute) |
| **Location** | London, England, GB |
| **CIDR Block** | 198.244.128.0/17 |
| **PTR Hostname** | proxy-uk001-san14.ahrefs.net |
| **Domain** | ahrefs.net |
Network Role: Cloud hosting infrastructure with no active services (firewalled). Not identified as CDN, VPN, proxy, Tor exit, or residential IP.
---
## Threat Assessment
Direct Threat Indicators: None detected
- Threat indicators: Empty
- Known campaigns: None
- Is known attacker: No
- Is spam source: No
- Is Tor exit: No
Blacklist Status: Listed on 1 of 8 DNSBLs
Risk Score Components:
- Overall Risk: 40 (Moderate)
- Provider Score: 0
- Authority Score: 0
- Operator Score: 0.2174 (Minimal)
---
## Neighborhood Analysis (198.244.168.0/24)
Abuse Density: 0.8125 (HIGH ABUSE CLASSIFICATION)
- Total siblings: 256
- Active siblings: 191
- Threat siblings: 208
- Inherited risk score: 32
Risk Distribution in Subnet:
- High risk: 0 IPs
- Medium risk: 27 IPs
- Low risk: 73 IPs
*Note: While the target IP shows moderate risk, the /24 subnet exhibits elevated abuse activity from 208 threat-identified siblings.*
---
## Observation History
Total Observations: 21 signals recorded
Recent Infrastructure Signals:
- 2026-06-28: Confirmed cloud compute infrastructure (OVH), confidence 0.90
- 2026-06-20: Cloud hosting classification, confidence 0.85
- Geographic inference points to GB region (28% confidence)
- Multiple routing and control plane signals observed
Temporal Indicators:
- Ownership changes: 0
- Threat observation count: 1
- Persistent malicious activity: False
- Threat persistence days: 0
---
## Control Plane Data
- Origin ASN: 16276
- BGP Prefix: 198.244.128.0/17
- Route Stability: False (not stable)
- RPKI State: Not available
- DNSSEC: Valid
- CAA Records: Present
- DNSBL Lists: 1 of 8 total
---
## Security Recommendations
Firewall Rules (Block Recommended):
```bash
# iptables
iptables -A INPUT -s 198.244.168.14 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.168.14 drop
# nginx
deny 198.244.168.14;
# pfSense
198.244.168.14/32
# Cloudflare WAF
{"description":"Block 198.244.168.14 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 198.244.168.14"}}
# AWS WAF
{"Addresses":["198.244.168.14/32"],"Description":"IPDebrief risk 40"}
```
Contextual Considerations:
- Recommended due to moderate risk score (40) combined with high-abuse neighborhood
- No active services detected; blocking will not disrupt legitimate hosting services
- Monitor for related activity from neighboring IPs in 198.244.168.0/24 subnet
- Evaluate correlation with ahrefs.net domain reputation
---
## Intelligence Notes
The IP appears to be part of OVH hosting infrastructure associated with Ahrefs Pte Ltd. While the target address itself shows no active threat indicators, the elevated abuse density in the /24 subnet suggests this IP may have been flagged for anomalous behavior warranting defensive blocking. Monitor for related indicators from the subnet and maintain awareness of the broader neighborhood risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san14.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san14.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:09:17 UTC |
| Last Seen | 2026-06-28 17:17:29 UTC |
| Profile Built | 2026-06-29 05:20:02 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.