198.244.168.52
# IP Intelligence Briefing: 198.244.168.52
## Executive Summary
IP 198.244.168.52 is classified as Moderate Risk (Score: 50) and is associated with hosting infrastructure operated by OVH in London, UK. The IP resolves to proxy-uk001-san52.ahrefs.net and operates within a high-abuse density subnet (198.244.168.0/24). While no active threat indicators are present, the IP is listed on 2 of 8 DNSBLs and should be blocked at the perimeter due to its subnet-level abuse classification.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH (CloudCompute/Hosting) |
| **Geolocation** | London, England, GB |
| **CIDR Block** | 198.244.128.0/17 |
| **Infrastructure Type** | Cloud hosting |
| **Network Role** | Firewalled / No Services |
DNS Analysis:
- PTR Hostname: proxy-uk001-san52.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: SPF/DMARC not configured
---
## Threat Assessment
Current Risk Level: Moderate (Score: 50)
Threat Indicators:
- Blacklist Count: 0 (direct blacklist)
- DNSBL Listings: 2 of 8 total lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Data:
- Operator Score: 0.3913 (Basic)
- Route Stability: False
- IRR Consistency: Match
- DNSSEC Valid: Yes
---
## Neighborhood Analysis (198.244.168.0/24)
Subnet Classification: High Abuse
| Metric | Value |
|---|---|
| Abuse Density | 0.8438 |
| Inherited Risk | 33 |
| Total Siblings | 256 |
| Active Siblings | 208 |
| Threat Siblings | 216 |
Risk Distribution:
- High Risk: 0
- Medium Risk: 44
- Low Risk: 56
The subnet shows elevated abuse density with 216 threat-sibling IPs. This contextualizes the moderate-risk classification for 198.244.168.52.
---
## Observation History
Total Observations: 23 signals recorded
Recent activity (June 2026) indicates:
- Hosting infrastructure classification confirmed
- High-abuse subnet classification persisting
- DNSBL listings active (severity: high)
- Geographic inference: GB (confidence: 0.28)
- Operator scoring: Basic
No evidence of ownership changes or persistent malicious behavior.
---
## Relationships
- Total Relationships: 45
- Primary Link: Same Network (OVH_282347337)
- No correlated certificates or external domains identified
---
## Recommended Actions
Action: Block at perimeter
Firewall Rules:
```
# iptables
iptables -A INPUT -s 198.244.168.52 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.168.52 drop
# nginx
deny 198.244.168.52;
# pfSense
198.244.168.52/32
# Cloudflare WAF
{"description":"Block 198.244.168.52 โ IPDebrief risk score 50","action":"block"}
# AWS WAF
{"Addresses":["198.244.168.52/32"],"Description":"IPDebrief risk 50"}
```
---
## Intelligence Notes
1. False Positive Consideration: The IP resolves to a legitimate ahrefs.net proxy hostname. If traffic is inbound and appears to originate from this subnet during legitimate business hours, consider whitelisting based on observed patterns.
2. Subnet Context: The high abuse density (0.8438) and 216 threat siblings suggest this /24 may be shared hosting or misconfigured infrastructure. Blocking at the /24 level may be warranted if abuse is confirmed.
3. Monitoring: Continue monitoring for pattern changes. The IP shows no persistent malicious behavior but carries moderate risk due to subnet context and DNSBL listings.
Prepared by: IPDebrief Intelligence Team
Classification: Defensive Security Intelligence
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san52.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san52.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 19% | 2 | 2 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:44:18 UTC |
| Last Seen | 2026-06-28 10:54:41 UTC |
| Profile Built | 2026-06-29 04:59:31 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.