198.244.226.174
IP INTELLIGENCE BRIEFING: 198.244.226.174/32
Classification: Moderate Risk / Cloud Infrastructure
Date: Current Analysis
Executive Summary
IP address 198.244.226.174 is a cloud compute infrastructure endpoint owned by Ahrefs Pte Ltd Dmytro, hosted on OVH's cloud platform in London, England. The IP carries a risk score of 40 and is classified as moderate risk. The address is associated with the domain ahrefs.net and resolves to the hostname proxy-uk002-san174.ahrefs.net.
Ownership and Geolocation
The IP is registered to ASN 16276 (OVH) with organizational attribution to Ahrefs Pte Ltd Dmytro. Geolocation analysis confirms placement in London, England (GB), with geo-validation scoring plausible. The IP is confirmed as cloud infrastructure (is_cloud: true) and hosting infrastructure (is_hosting: true), operating within OVH's network (OVH_282347338).
Network Characteristics
The IP resides in subnet 198.244.226.0/24, which exhibits high abuse density (0.6836). The /24 subnet contains 256 total siblings with 214 active endpoints, of which 175 were flagged as threats. Risk distribution across the subnet shows 58 medium-risk and 42 low-risk neighbors. No high-risk siblings were identified in the sample set. The parent BGP prefix is 198.244.128.0/17 with origin ASN 16276.
DNS and Service Profile
DNS resolution confirmed the hostname proxy-uk002-san174.ahrefs.net with forward resolution count of 1. The domain ahrefs.net was identified, though forward confirmation was not established. No open ports were detected, and the service profile indicates "Firewalled / No Services." The IP is not classified as a proxy, Tor exit node, VPN, or CDN.
Threat Indicators
Threat indicators returned empty with no known campaigns, blacklist count of 0, and no identified known attacker status. However, the control plane data indicates the IP is listed on 1 DNSBL out of 8 total lists evaluated. Operator score was recorded at 0.2174 with a label of "Minimal." No threat feeds or reputation sources were flagged as active.
Observation History
The IP has generated 23 historical observations across multiple signal types including routing, services, ownership, reputation, geolocation, and operator scoring. Recent observations from 2026-06-20 through 2026-06-28 captured network classification, geolocation validation, and operator scoring metrics. The IP shows no persistent malicious behavior over the observation period.
Recommended Security Actions
Based on risk profile analysis, the following firewall rules are recommended:
- iptables: `iptables -A INPUT -s 198.244.226.174 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.226.174 drop`
- nginx: `deny 198.244.226.174;`
- pfSense: `198.244.226.174/32`
- Cloudflare WAF: Block with expression `ip.src eq 198.244.226.174`
- AWS WAF: Add address `198.244.226.174/32` with description "IPDebrief risk 40"
Intelligence Assessment
This IP represents moderate-risk cloud infrastructure in a high-abuse-density subnet. The endpoint is associated with legitimate hosting services but operates within an environment with significant abuse density. Recommended action is to block at the firewall level given the subnet-level abuse context. SOC teams should monitor for related activity from the 198.244.226.0/24 subnet, which contains 175 threat-sibling IPs.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san174.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san174.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:39:49 UTC |
| Last Seen | 2026-06-28 09:50:11 UTC |
| Profile Built | 2026-06-29 03:53:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.