198.244.226.11
# IP Intelligence Briefing: 198.244.226.11/32
Date: June 20, 2026
Classification: Moderate Risk
Threat Level: Medium
---
## Executive Summary
IP address 198.244.226.11 is a moderate-risk (score: 40) residential/proxy endpoint operated by OVH (ASN 16276) in London, United Kingdom. The IP resolves to aforementioned proxy hostname (proxy-uk002-san11.ahrefs.net) under the ahrefs.net domain. While no direct threat indicators are present against this specific IP, the parent subnet exhibits elevated abuse density requiring defensive attention.
---
## Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 198.244.226.11/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Location** | London, England, GB |
| **Network Type** | Hosting / Proxy Infrastructure |
| **DNS Target** | proxy-uk002-san11.ahrefs.net |
| **Services** | None detected (Firewalled) |
---
## Threat Assessment
Current Threat Indicators:
- No direct threat indicators detected
- Not flagged as known attacker, spam source, or Tor exit
- Zero blacklist counts
- One DNSBL listing (1/8 total lists)
- No known campaign affiliations
Risk Context:
- Risk score of 40 indicates moderate threat level
- IP is classified as hosting infrastructure with proxy characteristics
- No open ports or active services detected
- Network shows stable ownership (0 changes recorded)
---
## Subnet Analysis: 198.244.226.0/24
The parent /24 subnet demonstrates elevated abuse characteristics requiring consideration in network defense posture.
Subnet Metrics:
- Abuse Density: 0.6836 (High)
- Classification: high_abuse
- Inherited Risk Score: 27
- Total Sibling IPs: 256
- Active Sibling IPs: 214
- Threat Sibling IPs: 175
Risk Distribution in Subnet:
- High Risk: 0 IPs
- Medium Risk: 59 IPs
- Low Risk: 41 IPs
Assessment: Approximately 68% of the /24 subnet exhibits abuse characteristics, with 175 sibling IPs flagged as threats. This pattern suggests coordinated or shared infrastructure usage.
---
## Historical Observations
Observation Count: 22 signals recorded
Recent Activity: Data current as of June 20, 2026
Key Historical Signals:
1. Subnet Abuse Density: Consistent reporting of 0.6836 abuse density across /24
2. Geolocation: UK (GB) with multi-signal inference at 55.38°N, -3.44°E
3. Ownership Stability: No ownership changes detected
4. Operator Score: 0.2174 (Minimal)
5. Threat Persistence: Single observation, not persistently malicious
---
## Relationship Graph
Total Relationships: 41 entities
Primary Relationships:
- Network Affiliation: OVH_282347338 (41 occurrences)
- Classification: All relationships map to same OVH network infrastructure
---
## Defensive Recommendations
Based on risk score of 40 and subnet abuse context, the following firewall rules are recommended:
Core Action: Block or monitor traffic to/from 198.244.226.11/32
Implementation Rules:
- iptables: `iptables -A INPUT -s 198.244.226.11 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.226.11 drop`
- nginx: `deny 198.244.226.11;`
- pfSense: `198.244.226.11/32`
- Cloudflare WAF: Block via IP expression filter
- AWS WAF: Add 198.244.226.11/32 to block list
---
## Analyst Notes
1. Subnet Context: The high abuse density (0.6836) in the parent /24 subnet warrants consideration of blocking rules across the entire 198.244.226.0/24 range for enhanced protection.
2. Infrastructure Type: The IP operates as hosting/proxy infrastructure under OVH, commonly used for legitimate services but also frequently abused for malicious activities.
3. DNS Reputation: The IP resolves to a hostname under ahrefs.net, which may indicate legitimate use or co-hosted malicious infrastructure.
4. Monitoring: Despite no direct threat indicators, the subnet's abuse characteristics suggest monitoring for any changes in behavior or threat indicators emerging from related IPs.
---
Recommendation: Apply blocking rules for this IP and consider evaluating the broader 198.244.226.0/24 subnet for additional threat intelligence correlation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san11.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san11.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 03:35:40 UTC |
| Last Seen | 2026-06-28 08:22:11 UTC |
| Profile Built | 2026-06-29 02:26:05 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.