198.244.226.26
# IP Intelligence Briefing: 198.244.226.26/32
Classification: Moderate Risk | Date: Current Analysis | Priority: MEDIUM
## Executive Summary
IP 198.244.226.26 is a cloud infrastructure endpoint belonging to Ahrefs Pte Ltd Dmytro, operated on OVH infrastructure within London, GB. The IP serves as a firewalled proxy endpoint with no active services exposed. While the IP itself demonstrates moderate risk characteristics, its immediate /24 subnet exhibits elevated abuse density, warranting contextual awareness.
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Ahrefs Pte Ltd Dmytro |
| Provider | OVH Cloud |
| Geolocation | London, England, GB |
| Infrastructure Type | CloudCompute / Hosting |
| CIDR Block | 198.244.128.0/17 |
The IP resolves to hostname proxy-uk002-san26.ahrefs.net under the ahrefs.net domain, consistent with legitimate cloud infrastructure operations.
## Risk Assessment
| Metric | Value | Severity |
|---|---|---|
| Risk Score | 40 | Moderate |
| Abuse Confidence | Not Detected | Low |
| Blacklist Count | 0 | Low |
| Known Campaigns | None | Low |
| Tor Exit Node | No | Low |
No active threat indicators were identified. The IP is not classified as a known attacker, spam source, or proxy service.
## Network Context
Neighborhood Analysis (198.244.226.0/24):
- Total Active Siblings: 204
- Threat Siblings: 170
- Abuse Density: High (0.6641)
- Risk Classification: High Abuse
The parent subnet exhibits elevated abuse activity. While 198.244.226.26 itself shows no malicious indicators, 66% of active neighbors in the /24 subnet carry medium to high risk scores.
Related Network: Multiple relationships map to OVH_282347338, confirming the IP operates within OVH's broader cloud network.
## Observed Behavior
Service Exposure: None
- No open ports detected
- No HTTP/TLS services running
- Firewall configured (no service banner responses)
DNS Resolution: Single PTR record (proxy-uk002-san26.ahrefs.net) with forward resolution confirmed. No SPF/DMARC records observed.
Control Plane:
- BGP Prefix: 198.244.128.0/17
- Route Stability: False (indicates prefix changes)
- DNSBL Listed: 1 of 8 total lists
- RPKI State: Not Reported
## Historical Signals
25 observations recorded over the assessment period. Key temporal patterns:
- Consistent ownership attribution to Ahrefs infrastructure
- Persistent GB geolocation signals
- Subnet abuse density signals stable at high classification
- No evidence of persistent malicious activity
## Recommended Actions
| Priority | Action |
|---|---|
| MEDIUM | Monitor subnet 198.244.226.0/24 for correlated malicious activity |
| LOW | Allow traffic from IP 198.244.226.26 (legitimate Ahrefs infrastructure) |
| LOW | No blocking required based on current risk profile |
Firewall Rule Recommendation:
```
# Allow Ahrefs proxy endpoint (monitor for abuse)
ACCEPT tcp dpt:80 src:198.244.226.26
ACCEPT tcp dpt:443 src:198.244.226.26
# Monitor subnet for correlated threats
LOG tcp src:198.244.226.0/24
```
## Assessment Notes
This IP represents legitimate cloud hosting infrastructure for a known SEO analytics provider (Ahrefs). The moderate risk score and single DNSBL listing likely relate to the high-abuse neighborhood context rather than direct malicious behavior. SOC teams should treat the IP as benign but monitor the parent subnet for coordinated abuse campaigns. No immediate blocking or defensive action is warranted against this specific endpoint.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san26.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san26.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 21:00:16 UTC |
| Last Seen | 2026-06-28 03:54:24 UTC |
| Profile Built | 2026-06-29 03:59:38 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.