198.244.168.89
# IP Intelligence Briefing: 198.244.168.89/32
Classification: Moderate Risk (Score: 40)
Date of Analysis: 2026-06-14
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP 198.244.168.89 is a cloud compute infrastructure address hosted by OVH in London, GB. The IP resolves to ahrefs.net and is associated with Ahrefs Pte Ltd Dmytro. While the individual IP shows no direct malicious indicators, it resides within a subnet exhibiting high abuse density (0.6445). The asset is currently firewalled with no open services detected.
---
## Technical Profile
Ownership & Registration
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- Location: London, England, GB (RIR: ARIN)
- BGP Prefix: 198.244.128.0/17
Network Classification
- Infrastructure Type: CloudCompute
- Hosting Provider: OVH
- Connection Type: Cloud
- Service Status: Firewalled / No Services Detected
- Anycast: No
- Bogon: No
DNS Analysis
- PTR Hostname: proxy-uk001-san89.ahrefs.net
- Forward Resolution: ahrefs.net
- CAA Records: Present
- DNSSEC Valid: Yes
---
## Threat Indicators
Direct Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Abuse Confidence Score: Not Available
Control Plane Assessment
- Operator Score: 0.2174 (Minimal)
- Route Stability: False
- IRR Consistency: Not Evaluated
- RPKI State: Not Evaluated
---
## Neighborhood Analysis (198.244.168.0/24)
Subnet Risk Profile
- Abuse Density: 0.6445 (High)
- Classification: high_abuse
- Total Siblings: 256
- Active Siblings: 152
- Threat Siblings: 165
- Inherited Risk: 25
Risk Distribution
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
All neighbors in the /24 subnet consistently display risk scores of 40 with authority scores of 50, indicating uniform risk characteristics across the shared hosting environment.
---
## Temporal Analysis
Observation History
- Total Observations: 22
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Is Persistently Malicious: No
Recent signals indicate network abuse classification updates and DNS resolution changes. The IP has shown no persistent malicious behavior over the observation period.
---
## Recommended Actions
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 198.244.168.89 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.168.89 drop
# nginx
deny 198.244.168.89;
```
WAF/Cloud Rules
- Cloudflare WAF: Block with description "IPDebrief risk score 40"
- AWS WAF: Add 198.244.168.89/32 to blacklist
- pfSense: Block 198.244.168.89/32
---
## Intelligence Assessment
Risk Mitigation Status: LOW-MEDIUM
This IP presents moderate risk primarily due to subnet-level abuse density rather than direct malicious activity. The infrastructure belongs to Ahrefs, a legitimate SEO analytics company. However, the high abuse density of the /24 subnet suggests potential for abuse by other tenants in the shared hosting environment.
Recommended Monitoring Actions
1. Monitor for new threat indicators in the 198.244.168.0/24 subnet
2. Consider blocking the entire /24 subnet if business justification exists
3. Monitor for lateral movement patterns from related OVH infrastructure
4. Review recent scan activity and service enumeration attempts
Threat Level: Moderate - Monitor with existing controls
Action Priority: Low-Medium - Block if business case supports full subnet filtering
---
*Report generated by IPDebrief Intelligence Team. All data sourced from IPDebrief platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk001-san89.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san89.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 11:10:16 UTC |
| Last Seen | 2026-06-27 13:07:35 UTC |
| Profile Built | 2026-06-28 13:13:59 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.