198.244.226.39
IP Intelligence Briefing: 198.244.226.39
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership:
- ASN: 16276
- Organization: Ahrefs Pte Ltd (Singapore)
- Geolocation: London, England, UK (ARIN-registered)
- Network Role:
- Provider: OVH (Cloud Compute Hosting)
- Subnet: 198.244.226.0/24
- Classification: Mixed (low/medium risk siblings in subnet)
---
**2. Threat Indicators**
- No malicious activity detected:
- No indicators of spam, attacker, or Tor exit node.
- Zero blacklist matches or campaign correlations.
- DNS Associations:
- Linked to `proxy-uk002-san39.ahrefs.net` (Ahrefs infrastructure).
---
**3. Observation History**
- First Seen: 2026-05-31
- Stability:
- No ownership changes; stable network role.
- Subnet abuse density: 43.5% (moderate risk).
- Behavioral Signals:
- DNSSEC valid, CAA records present.
- No honeypot hits or anomalous traffic patterns.
---
**4. Network Relationships**
- Key Associations:
- OVH Network: Part of OVH AS 16276 (cloud hosting).
- DNS: Resolves to `proxy-uk002-san39.ahrefs.net` (Ahrefs).
- Subnet Neighbors:
- 100 IPs in 198.244.226.0/24:
- 41 medium-risk IPs, 59 low-risk IPs.
- Abuse density: 43.5% (moderate risk).
---
**5. Actionable Insights**
- Monitor Subnet: The parent subnet (198.244.226.0/24) has a notable abuse density.
- Verify Hosting: Ahrefs is a legitimate entity, but ensure cloud configurations are secure.
- Baseline Traffic: No suspicious signals detected, but continuous monitoring is advised.
---
Conclusion: This IP is associated with Ahrefs' cloud infrastructure and shows no immediate malicious activity. However, the subnet's moderate abuse density warrants closer scrutiny. SOC teams should monitor traffic patterns and ensure access controls align with organizational policies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san39.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san39.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:22:28 UTC |
| Last Seen | 2026-06-28 06:15:07 UTC |
| Profile Built | 2026-06-29 00:21:09 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.