198.244.168.71
# IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 198.244.168.71/32
Date: 2026-06-20
Classification: MODERATE RISK โ Cloud Infrastructure Host
---
## EXECUTIVE SUMMARY
IP 198.244.168.71 is a cloud-hosted address in the OVH infrastructure (ASN 16276) located in London, England. The IP presents a moderate risk profile (score: 50) with elevated neighborhood-level abuse density and multiple DNS blacklist associations. No active threat campaigns or known attacker indicators were identified.
---
## OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH |
| **Infrastructure Type** | CloudCompute |
| **Geolocation** | London, England, GB |
| **CIDR Block** | 198.244.128.0/17 |
| **Network Role** | Host (Firewalled / No Services) |
The IP resolves to forward hostname `proxy-uk001-san71.ahrefs.net` under domain `ahrefs.net`. No open ports or active services were detected. TLS certificates are not in use.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Risk Score** | 50 (Moderate) |
| **Abuse Confidence** | Listed on 2 of 8 DNS blacklists |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Campaign Matches** | 0 |
| **Correlated IPs** | 0 |
The IP is listed on 2 DNS blacklist feeds with maximum severity rating of "high." No known malicious campaigns or threat feed indicators were associated with this address.
---
## NEIGHBORHOOD ANALYSIS
The IP resides within the 198.244.168.0/24 subnet, which demonstrates significantly elevated abuse characteristics:
| Metric | Value |
|---|---|
| **Abuse Density** | 0.8398 (High) |
| **Subnet Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 208 |
| **Threat Siblings** | 215 |
| **Inherited Risk** | 33 |
The subnet contains 215 threat-sibling IPs among 208 active addresses, indicating systemic abuse patterns within this address block. Risk inheritance from neighborhood context is moderate (33).
---
## OBSERVATION HISTORY
Analysis of 19 signal observations reveals consistent patterns:
- Recent Classification: High-abuse subnet with moderate inherited risk
- Infrastructure Status: OVH cloud provider confirmed across multiple observations
- Geographic Consistency: London, GB location maintained
- Blacklist Status: Persistent DNS blacklist listings (8 total lists, 2 active)
- Risk Persistence: No persistent malicious behavior detected
The IP has demonstrated temporal stability with no ownership changes observed.
---
## RELATIONSHIP GRAPH
The relationship analysis identified 42 associated entities, predominantly:
- Network Relationships: Multiple links to OVH_282347337 network segment
- Shared Infrastructure: Cloud provider networking associations
No additional organizational or certificate relationships were documented.
---
## RECOMMENDED ACTIONS
Based on risk profile analysis, the following firewall and mitigation rules are recommended:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.168.71 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.168.71 drop` |
| **nginx** | `deny 198.244.168.71;` |
| **pfSense** | `198.244.168.71/32` |
| **Cloudflare WAF** | Block IP 198.244.168.71 (risk score 50) |
| **AWS WAF** | Add 198.244.168.71/32 to block list |
---
## ANALYST NOTES
This IP operates within a high-abuse subnet environment but lacks direct malicious indicators. The moderate risk score (50) combined with DNS blacklist associations suggests potential for abuse or association with compromised infrastructure. Given the high-abuse neighborhood context (0.8398 abuse density), consider implementing subnet-level monitoring or blocking the broader 198.244.168.0/24 range if threat correlation is observed.
Recommendation: Monitor for activity patterns; consider blocking based on operational requirements and threat correlation with other indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san71.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san71.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 2 |
| geolocation | 34% | 2 | 3 |
| Overall | 22% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:31:56 UTC |
| Last Seen | 2026-06-28 23:18:55 UTC |
| Profile Built | 2026-06-29 05:20:02 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.