198.244.226.111
IP Intelligence Briefing: 198.244.226.111
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Core Profile**
- Reputation: Moderate Risk (Risk Score: 40)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd (Singapore-based SEO tool provider)
- Geolocation: London, England, UK (55.38°N, -3.44°E)
- Network Role:
- Cloud compute infrastructure (OVH-hosted)
- No public services (open ports/tls/http): 0
- DNS: Resolves to `proxy-uk002-san111.ahrefs.net` (no abuse indicators)
---
**2. Threat & Abuse Indicators**
- Threat Signals:
- No malicious indicators (no malware, phishing, or exploit activity)
- Not listed in DNSBLs or threat feeds
- No Tor/VPN/proxy associations
- Subnet Abuse:
- /24 subnet (198.244.226.0/24) has 50.39% abuse density
- 129 of 256 sibling IPs flagged as high-risk
---
**3. Temporal Observations (Last 30 Days)**
- Stability:
- BGP route stability: Unstable (route changes detected)
- Geolocation consistency: London, UK (473.7 km from probe, 95ms RTT)
- Risk Trend:
- No persistent malicious activity
- Inherited risk from subnet: 20/100
---
**4. Relationships & Network Context**
- Network Affiliations:
- Part of OVH ASN 16276 (cloud infrastructure)
- Linked to 41+ sibling IPs in the same /24 subnet
- No Direct Threat Links:
- No correlations to known malicious campaigns, C2 servers, or botnets
---
**5. Recommendations**
- Monitoring:
- Track subnet abuse density (high-risk neighbors may indicate compromised hosts).
- Monitor for unexpected DNS changes or new services.
- Mitigation:
- No immediate firewall rules required (no malicious indicators).
- Consider rate-limiting or blocking high-risk neighbors if they represent a threat vector.
---
Conclusion:
This IP is part of a legitimate cloud infrastructure used by Ahrefs, a reputable SEO tool provider. While its /24 subnet has a moderate abuse density, no direct malicious activity is linked to this specific IP. SOC teams should monitor for anomalies in the subnet but do not require immediate action against this IP.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san111.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san111.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 23:18:23 UTC |
| Last Seen | 2026-06-27 14:28:16 UTC |
| Profile Built | 2026-06-28 08:33:22 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.