198.244.168.169
# IP INTELLIGENCE BRIEFING: 198.244.168.169
Classification: Moderate Risk / Cloud Hosting Infrastructure
Date of Analysis: 2026-06-19
Intel Source: IPDebrief Threat Intelligence Platform
---
## EXECUTIVE SUMMARY
Target IP 198.244.168.169 is a cloud-hosted server in London, England, associated with Ahrefs Pte Ltd operating infrastructure under ASN 16276. The asset maintains a moderate risk profile (score: 40) and is currently firewalled with no active services exposed. The IP belongs to a subnet exhibiting high abuse density, warranting contextual monitoring.
---
## ASSET PROFILE
Network Classification: CloudCompute / Hosting Infrastructure
ISP/Provider: OVH (Network Provider)
Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH SAS)
Geolocation: London, England, GB
Timezone: Europe/London
CIDR Block: 198.244.128.0/17
IP Classification: Bogon: No | Tor Exit: No | Known Attacker: No | Spam Source: No
DNS Resolution:
- PTR Hostname: proxy-uk001-san169.ahrefs.net
- Forward Hostname: proxy-uk001-san169.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
---
## THREAT INDICATORS
Current Threat Status: No active threat indicators detected
- Abuse Confidence Score: Not calculated
- Blacklist Count: 0 (current)
- Known Campaigns: None
- Threat Feeds: None
DNSBL Status: Listed on 1 of 8 total DNSBL sources
- Operator Score: 0.2174 (Minimal)
- RPKI State: Not evaluated
- Route Stability: Unstable (0 route changes in 30 days)
---
## NETWORK CONTEXT & NEIGHBORHOOD
Subnet Analysis: 198.244.168.0/24
- Abuse Density: 0.5273 (High Abuse Classification)
- Inherited Risk Score: 21
- Total Siblings: 256
- Active Siblings: 136
- Threat Siblings: 135
Risk Distribution in Subnet: All 100 sampled neighbors report medium risk (score: 40)
The target IP resides in a subnet with significant abuse activity, though the specific IP itself shows no active malicious indicators.
---
## SERVICE EXPOSURE
Open Ports: None detected
TLS Certificate: Not available
HTTP Banner: Not available
Service Purpose: Firewalled / No Services
HTTP/2 Support: No
HSTS: No
CSP: No
The asset is fully firewalled with no active services exposed to the internet.
---
## OBSERVATION HISTORY
Total Observations: 24
Recent Activity Window: 2026-06-14 through 2026-06-19
Ownership Changes: 0
Threat Persistence Days: 0
Is Persistently Malicious: No
Historical Signals:
- June 14, 2026: Provider classified as OVH hosting; minimal operator score (0.2174); consistent DNSSEC validation
- June 19, 2026: Continued minimal operator score; 6-dimension data sufficiency maintained
The IP has demonstrated stable ownership and consistent provider classification over the observation period with no evidence of risk escalation.
---
## RELATIONSHIP GRAPH
Total Relationships: 43
Primary Relationship Type: Same Network (OVH_282347337)
- 40+ relationships mapped to the same network infrastructure
- Indicates shared hosting infrastructure with multiple related assets
---
## RECOMMENDED ACTIONS
SOC Monitoring Priority: Medium
Blocking Recommendation: Do not block (legitimate infrastructure)
Monitoring Recommendations:
- Monitor for DNSBL listing updates
- Watch for service exposure changes
- Monitor subnet-wide activity given high abuse density context
- Correlate with known Ahrefs infrastructure if relevant to investigation
Firewall Rules:
- No immediate blocking rules recommended
- Consider monitoring for anomalous outbound connections
- Maintain awareness of subnet-level abuse patterns
---
INTEL NOTES: This IP represents legitimate cloud hosting infrastructure for Ahrefs (SEO analytics platform). The moderate risk score and DNSBL listing are not indicative of active malicious activity. However, the high abuse density in the /24 subnet suggests monitoring contextual activity is warranted for threat hunting operations.
Data Sources: IPDebrief Profile, History, Relationships, Neighbors
Confidence Level: Medium-High (based on 24 observations)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san169.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san169.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 17% | 2 | 3 |
| ownership | 17% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 15:47:38 UTC |
| Last Seen | 2026-06-27 21:37:58 UTC |
| Profile Built | 2026-06-28 15:43:08 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.