198.244.226.200
IP Intelligence Briefing: 198.244.226.200
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership: Ahrefs Pte Ltd Dmytro (ASN 16276, OVH provider)
- Geolocation: London, England, GB (cloud-hosted, no residential/mobile indicators)
- Network Role: CloudCompute infrastructure (OVH, hosting services)
- Threat Indicators: No malicious signals, no known attacker/spam/abuse associations.
---
**2. Observation History**
- Stability: Stable over 30 days (no abrupt risk spikes).
- Signals:
- Minimal DNSSEC/CAA validation risks.
- No TLS/HTTP service anomalies.
- Subnet (198.244.226.0/24) shows mixed abuse density (45.31% abuse rate).
- No Tor/VPN/proxy associations.
---
**3. Relationships & Context**
- DNS Associations: Linked to `proxy-uk002-san200.ahrefs.net` (Ahrefs infrastructure).
- Network Relationships:
- Same subnet (OVH ASN 16276).
- No overlapping malicious activity with neighbors.
- Subnet Analysis:
- 100 IPs in 198.244.226.0/24.
- 50% of neighbors flagged as high/medium risk.
- Abuse Density: 45.31% (moderate risk exposure).
---
**4. Security Recommendations**
- Firewall Actions:
- Block via iptables: `iptables -A INPUT -s 198.244.226.200 -j DROP`
- Cloudflare/AWS WAF rules provided in tool response.
- Monitoring:
- Track subnet activity due to mixed abuse density.
- Validate DNS records for `proxy-uk002-san200.ahrefs.net` for consistency.
---
**5. Summary**
The IP is a legitimate cloud-hosted asset under Ahrefs, with no direct malicious signals. However, its subnet exhibits moderate risk due to 50% of neighbors being flagged. While the IP itself is clean, network-level monitoring is advised to mitigate potential lateral movement risks.
Next Steps: Confirm DNS integrity, monitor subnet activity, and apply firewall rules based on organizational risk tolerance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san200.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san200.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:16 UTC |
| Last Seen | 2026-06-28 11:42:47 UTC |
| Profile Built | 2026-06-29 05:47:17 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.