# IP INTELLIGENCE BRIEFING
Target: 198.244.168.231/32
Classification: Moderate Risk (Score: 40)
Date: 2024-01-15
Prepared for: SOC Operations
## EXECUTIVE SUMMARY
IP 198.244.168.231 is a cloud-hosted address registered to OVH infrastructure (ASN 16276) with moderate risk posture. While the individual IP lacks direct threat indicators, it resides within a subnet exhibiting high abuse density (0.8438), suggesting elevated operational risk through lateral association.
## INFRASTRUCTURE PROFILE
- Organization: Ahrefs Pte Ltd Dmytro / OVH SAS
- ASN: 16276 (OVH)
- Location: GB (London) / FR (Paris) โ geolocation consensus inconsistent across sources
- Infrastructure Type: CloudCompute (OVH hosting)
- Network Role: Hosting provider with firewalled/no services exposure
- DNS Resolution: proxy-uk001-san231.ahrefs.net
- Services: None detected (ports closed/firewalled)
## THREAT INDICATORS
- Risk Score: 40 (Moderate)
- Abuse Confidence: None reported
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- DNSBL Listings: 1 of 8 total lists
- Campaign Correlation: None detected
## NEIGHBORHOOD CONTEXT (198.244.168.0/24)
- Abuse Density: 0.8438 (High Abuse Classification)
- Subnet Statistics:
- Active Siblings: 208 of 256
- Threat Siblings: 216
- Risk Distribution: 0 high-risk, 22 medium-risk, 78 low-risk
- Inherited Risk Score: 33
- Assessment: Subnet demonstrates significant abuse activity, indicating elevated operational risk through network association.
## OBSERVATION HISTORY (22 Signals)
Recent multi-signal observations reveal:
- Consistent cloud infrastructure classification (OVH)
- Geolocation variance between FR and GB (750km accuracy radius)
- DNSSEC valid with CAA records present
- Minimal operator score (0.2174)
- Route stability: Not stable (route changes detected)
## RECOMMENDED ACTIONS
IMMEDIATE FIREWALL RULES
```bash
# iptables
iptables -A INPUT -s 198.244.168.231 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.168.231 drop
# nginx
deny 198.244.168.231;
# pfSense
198.244.168.231/32
```
WAF INTEGRATION
- Cloudflare WAF: Block with expression `ip.src eq 198.244.168.231`
- AWS WAF: Add address `198.244.168.231/32` with description "IPDebrief risk 40"
## INTELLIGENCE ASSESSMENT
This IP represents moderate risk with no direct malicious activity detected. However, the high-abuse-density subnet context warrants defensive measures. The combination of cloud hosting, DNSBL listing, and neighborhood abuse patterns suggests potential for opportunistic misuse. SOC teams should monitor for outbound connections and implement egress filtering to contain any potential lateral movement from this subnet.
Priority: LOW-MEDIUM
Action: Implement firewall rules and monitor for suspicious activity patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san231.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san231.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:12:26 UTC |
| Last Seen | 2026-06-28 18:23:59 UTC |
| Profile Built | 2026-06-29 12:29:27 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.