198.244.226.33
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 198.244.226.33/32
Classification: Moderate Risk / Cloud Infrastructure
Date: Current Analysis
Risk Score: 50/100
---
## EXECUTIVE SUMMARY
IP address 198.244.226.33 is a cloud compute infrastructure endpoint hosted on OVH (ASN 16276) in London, GB. The IP operates under the Ahrefs Pte Ltd Dmytro organization. While individual threat indicators are absent, the IP resides within a /24 subnet with elevated abuse density (0.6484) containing 166 identified threat siblings out of 256 total addresses. The endpoint is classified as cloud hosting infrastructure with no active services exposed.
---
## INFRASTRUCTURE PROFILE
Ownership & Registration:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- RIR: ARIN
- BGP Prefix: 198.244.128.0/17
- Route Stability: Unstable (false)
Geolocation:
- Country: United Kingdom (GB)
- Region: England
- City: London
- Coordinates: 55.38°N, -3.44°W
- Accuracy Radius: 750 km
Network Classification:
- Type: CloudCompute
- Hosting: Yes
- CDN: No
- Proxy/VPN/Tor: No
- Mobile/Residential: No
---
## DNS & SERVICE STATUS
DNS Configuration:
- PTR Hostname: proxy-uk002-san33.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Not confirmed
- DNSSEC: Valid
- CAA Records: Present
Service Exposure:
- Open Ports: None detected
- HTTP/TLS: No active services
- Banner Information: None available
---
## THREAT INDICATORS
Direct Threat Signals:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None
Reputation Metrics:
- Abuse Confidence Score: Not available
- Pulsedive Risk: Not available
- DNSBL Listed: 2 of 8 total lists
Control Plane Analysis:
- Operator Score: 0.2174 (Minimal)
- RPKI State: Not available
- IRR Consistency: Not available
---
## NEIGHBORHOOD ANALYSIS
Subnet: 198.244.226.0/24
- Total Siblings: 256
- Active Siblings: 199 (77.7% utilization)
- Threat Siblings: 166 (83.4% of active)
- Abuse Density: 0.6484 (High)
- Risk Distribution: High (0), Medium (62), Low (38)
Sample Neighbor Risk Scores:
- 198.244.226.0: 50
- 198.244.226.1: 40
- 198.244.226.2: 25
- 198.244.226.3: 50
- 198.244.226.4: 40
---
## OBSERVATION HISTORY
Signal Count: 22 observations recorded
Recent Activity:
- 2026-06-28T07:00:13Z: Geolocation signal (GB, confidence 0.28)
- 2026-06-28T06:59:58Z: DNS resolution via hackertarget (confidence 0.70)
- 2026-06-20T05:09:43Z: Port scanning activity detected (confidence 0.70)
- 2026-06-20T05:00:05Z: Provider identification (OVH, confidence 0.85)
---
## RELATIONSHIP GRAPH
Total Relationships: 38 identified
- Primary Classification: Same Network (OVH_282347338)
- Secondary Associations: Subnet-level relationships with related OVH infrastructure
---
## RECOMMENDED SECURITY ACTIONS
Firewall Rules (Risk Score: 50):
| Platform | Configuration |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.226.33 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.226.33 drop` |
| **nginx** | `deny 198.244.226.33;` |
| **pfSense** | `198.244.226.33/32` |
| **Cloudflare WAF** | Block IP with expression `ip.src eq 198.244.226.33` |
| **AWS WAF** | Add `198.244.226.33/32` to IP Set with description "IPDebrief risk 50" |
Assessment: The recommendations are probabilistic and should be combined with other signals before taking action.
---
## ANALYST NOTES
This IP represents cloud hosting infrastructure with moderate risk classification. While no direct malicious indicators are present, the high abuse density of the /24 subnet (166 threat siblings) suggests potential for coordinated misuse. The lack of open ports and services reduces immediate exploitability, but the neighborhood risk warrants monitoring of related infrastructure. The route instability may indicate dynamic provisioning or abuse mitigation measures.
Priority: LOW-MEDIUM
Action: Monitor neighborhood activity; consider blocking at edge firewall if traffic patterns indicate exploitation attempts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san33.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Hosted Domain | ip33.ip-198-244-226.eu |
| Forward Hostnames | proxy-uk002-san33.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 09:24:11 UTC |
| Last Seen | 2026-06-28 07:00:18 UTC |
| Profile Built | 2026-06-29 01:04:53 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.