198.244.168.75
IPDEBRIEF THREAT INTELLIGENCE BRIEFING
Subject: 198.244.168.75/32
Classification: MODERATE RISK - Cloud Infrastructure with High-Abuse Neighborhood
Date: Current Intelligence Cycle
---
EXECUTIVE SUMMARY
IP 198.244.168.75 is a cloud-based hosting resource associated with OVH infrastructure in London, UK. The IP presents a moderate risk score of 40/100. While the IP itself shows no active malicious indicators, it resides within a /24 subnet exhibiting high-abuse density (0.8125) with 208 threat-identified siblings out of 256 total. The PTR hostname indicates association with Ahrefs proxy infrastructure (proxy-uk001-san75.ahrefs.net), though forward DNS resolution remains unconfirmed.
---
OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH (CloudCompute) |
| **Geolocation** | London, England, GB |
| **Infrastructure** | Cloud Hosting (Firewalled / No Services) |
| **Network Role** | Hosting Provider |
The IP is classified as cloud infrastructure with no detected services on open ports. The BGP prefix 198.244.128.0/17 demonstrates unstable routing, while DNSSEC validation and CAA records are properly configured.
---
THREAT INDICATOR ANALYSIS
Active Threats: NONE DETECTED
- No known attacker indicators
- No spam source classification
- Not a Tor exit node
- No active threat feeds matched
- No known campaign associations
Blacklist Status:
- DNSBL listings: 1/8 total lists
- Abuse confidence score: Not applicable
- No Pulsedive risk indicators
Email Reputation:
- No SPF, DMARC, or TXT authentication records
- Forward DNS resolution unconfirmed
---
NEIGHBORHOOD INTELLIGENCE
Subnet: 198.244.168.0/24
Abuse Density: 0.8125 (HIGH)
Total Siblings: 256
Active Siblings: 202
Threat Siblings: 208
Risk Distribution in /24:
- High Risk: 0 IPs
- Medium Risk: 62 IPs
- Low Risk: 38 IPs
- Inherited Risk Score: 32/100
The subnet exhibits elevated abuse density consistent with OVH cloud hosting patterns. While the target IP shows no individual malicious activity, the neighborhood context warrants defensive awareness.
---
OBSERVATION HISTORY (23 Signals)
Recent observations confirm consistent cloud infrastructure classification with OVH provider. Historical signals indicate:
- Continuous cloud hosting designation
- Persistent PTR record association with ahrefs.net
- Geolocation inference consistently pointing to UK region
- No ownership changes detected
Temporal analysis shows no persistent malicious behavior patterns. Threat persistence days: 0. Is persistently malicious: false.
---
DEFENSIVE RECOMMENDATIONS
Recommended Actions:
1. Monitor - No immediate blocking required given clean threat profile
2. Log - Monitor for unusual outbound connections or port scans
3. Rate Limit - Consider rate limiting given high-abuse neighborhood context
4. Geo-Filtration - Evaluate policy requirements for UK-origin traffic
Firewall Rules (Suggested):
```
# Allow established connections, deny new from high-risk subnet
# Priority: LOW - Based on moderate risk profile
iptables -A INPUT -s 198.244.168.0/24 -m state --state NEW -j LOG --log-prefix "198.244.168.0/24: "
iptables -A INPUT -s 198.244.168.0/24 -m state --state ESTABLISHED -j ACCEPT
```
Cloudflare/AWS WAF: Consider geo-based rules for UK traffic with rate limiting thresholds based on organizational policy.
---
INTELLIGENCE CONFIDENCE
- Data Quality: HIGH (Multiple signal sources, geo consensus confirmed)
- Risk Assessment: MODERATE (Clean IP with high-abuse neighborhood context)
- Action Priority: MONITOR (No immediate threat, but neighborhood warrants awareness)
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san75.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san75.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:22:27 UTC |
| Last Seen | 2026-06-28 06:07:21 UTC |
| Profile Built | 2026-06-29 00:13:01 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.