198.244.226.238
# IP Intelligence Briefing: 198.244.226.238/32
Classification: Moderate Risk / Cloud Infrastructure IP
Date: Current Intelligence Cycle
Analysis Method: Full Profile Assessment
---
## Executive Summary
IP 198.244.226.238 was identified as a cloud computing infrastructure endpoint assigned to Ahrefs Pte Ltd Dmytro under ASN 16276. The IP resolved to London, England geolocation and demonstrated moderate risk scoring of 50. No active threat indicators were detected, though the IP was listed on 2 of 8 DNSBL sources. The subnet (198.244.226.0/24) exhibited high abuse density of 0.6602 with 169 threat siblings among 199 active addresses.
---
## Infrastructure Profile
Ownership:
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276 (OVH)
- RIR: ARIN
- CIDR Block: 198.244.128.0/17 (origin)
Network Classification:
- Infrastructure Type: CloudCompute
- Provider: OVH
- Hosting Service: Active
- Connection Type: Cloud infrastructure
DNS Resolution:
- Forward Hostname: proxy-uk002-san238.ahrefs.net
- PTR Record: proxy-uk002-san238.ahrefs.net
- Forward Resolution: ahrefs.net (confirmed)
- CAA Records: Present
- DNSSEC: Valid
- HTTP/HTTPS: No services detected (firewalled)
Email Security:
- SPF Record: Not configured
- DMARC Record: Not configured
- TXT Records: 0
---
## Threat Assessment
Risk Metrics:
- Overall Risk Score: 50 (Moderate)
- Provider Score: 0
- Authority Score: 0
- Abuse Confidence Score: Not applicable
- DNSBL Listings: 2 of 8 total lists
Threat Indicators:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Known Campaigns: None identified
- Threat Feeds: No matches
Control Plane:
- Route Stability: False
- RPKI State: Not evaluated
- IRR Consistency: Not evaluated
- Operator Score: 0.2174 (Minimal)
---
## Neighborhood Analysis
Subnet Context (198.244.226.0/24):
- Abuse Density: 0.6602 (high_abuse classification)
- Total Siblings: 256
- Active Siblings: 199
- Threat Siblings: 169
- Inherited Risk: 26
Risk Distribution (Sampled 100 Neighbors):
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
The subnet demonstrates consistent medium-level risk across sampled addresses, with no low-risk neighbors detected in the sample set.
---
## Observation History
Signal Timeline (Recent 5 Observations):
- 2026-06-20: Blacklist listings detected (high severity)
- 2026-06-20: DNS records validated for ahrefs.net with CAA records
- 2026-06-15: Geographic validation confirmed London, England (473.7 km claimed distance)
- 2026-06-15: Subnet abuse classification as high_abuse
- 2026-06-15: Operator score registered as minimal
Behavioral Indicators:
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Persistently Malicious: No
- Ownership Changes: 0
---
## Recommended Actions
Firewall Rules:
- iptables: `iptables -A INPUT -s 198.244.226.238 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 198.244.226.238 drop`
- nginx: `deny 198.244.226.238;`
WAF Configuration:
- pfSense: Block 198.244.226.238/32
- Cloudflare WAF: Block with expression `ip.src eq 198.244.226.238`
- AWS WAF: Block address 198.244.226.238/32
---
## Intelligence Notes
The IP address demonstrates characteristics consistent with cloud infrastructure hosting. While no direct threat indicators were observed, the high subnet abuse density and DNSBL listings warrant defensive blocking. The IP's association with Ahrefs Pte Ltd Dmytro suggests legitimate infrastructure use, but the high abuse density context indicates potential for compromised or misconfigured endpoints within the broader subnet.
Recommendation: Apply blocking rules at network perimeter with continued monitoring of related IPs in the 198.244.226.0/24 subnet for correlated activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san238.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san238.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 9 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:57 UTC |
| Last Seen | 2026-06-28 15:46:36 UTC |
| Profile Built | 2026-06-29 09:53:23 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.