198.244.226.40
# IP Intelligence Briefing: 198.244.226.40/32
Classification: Moderate Risk โ Cloud Hosting Infrastructure
Date: 2026-06-28
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 198.244.226.40 is a cloud computing address associated with OVH infrastructure in London, England. The IP operates under the ahrefs.net domain but exhibits moderate risk characteristics with elevated neighborhood abuse density. The address shows no direct threat indicators but resides within a high-abuse subnet (198.244.226.0/24) where 191 of 256 sibling addresses are classified as threats.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 198.244.226.40/32 |
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | CloudCompute (Hosting) |
| **Network Classification** | Firewalled / No Services |
| **DNS PTR** | proxy-uk002-san40.ahrefs.net |
Risk Score: 50/100 (Moderate Risk)
Provider Score: 0 | Authority Score: 0
---
## THREAT ASSESSMENT
Direct Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Proxy/VPN: No
- Threat Feeds: None detected
- Known Campaigns: None
Blacklist Status
- DNSBL Listings: 2 of 8 total lists
- Blacklist Count: 0 (IP-level), 2 (DNS-level)
- Max Severity: High
DNS Reputation
- SPF Record: Not configured
- DMARC Record: Not configured
- CAA Records: Present (1 issuer)
- Forward Resolution: Confirmed (ahrefs.net)
---
## NETWORK CONTEXT
Subnet Analysis (198.244.226.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7461 (High) |
| **Subnet Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 214 |
| **Threat Siblings** | 191 |
| **Inherited Risk** | 29 |
Risk Distribution in Subnet:
- High Risk: 0
- Medium Risk: 33
- Low Risk: 67
Infrastructure Context
- BGP Prefix: 198.244.128.0/17
- Route Stability: False
- RPKI State: Unvalidated
- DNSSEC: Valid
---
## OBSERVATION HISTORY
Monitoring Period: June 20, 2026 โ June 28, 2026
Key Observations:
- June 28, 2026: Cloud compute classification confirmed (OVH), no CDN/Tor/VPN activity
- June 20, 2026: Subnet abuse density recorded at 0.7461; DNSBL listings with high severity
- Consistent Classification: Hosting infrastructure with no service exposure
Threat Persistence: 0 days (not persistently malicious)
Ownership Changes: 0
---
## RELATIONSHIP ANALYSIS
Total Relationships: 41
Primary Association: OVH_282347338 (network identifier)
All relationships indicate same-network connectivity with OVH infrastructure. No correlated external threat entities identified.
---
## SECURITY RECOMMENDATIONS
Immediate Actions Required
Recommended: Block traffic from this address at network perimeter.
Firewall Rule Implementation
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.226.40 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.226.40 drop` |
| **nginx** | `deny 198.244.226.40;` |
| **pfSense** | `198.244.226.40/32` |
| **Cloudflare WAF** | `ip.src eq 198.244.226.40` โ Action: Block |
| **AWS WAF** | `Addresses: ["198.244.226.40/32"]` |
Additional Considerations
- Monitor adjacent subnet (198.244.226.0/24) for additional threat activity
- Implement egress filtering if this IP appears in outbound traffic
- Verify whether the ahrefs.net association is legitimate for your organization's use case
---
## INTELLIGENCE SUMMARY
IP 198.244.226.40 represents moderate risk from cloud hosting infrastructure. While the IP itself shows no direct threat indicators, the high-abuse neighborhood classification warrants defensive blocking. The address resolves to ahrefs.net but operates within a subnet with significant malicious activity (74.61% abuse density). No evidence of active exploitation or campaign association.
Priority Level: Medium โ Implement blocking rules and monitor for subnet-level threats.
---
*Report generated via IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san40.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san40.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 9 | 12 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:58 UTC |
| Last Seen | 2026-06-28 15:47:27 UTC |
| Profile Built | 2026-06-29 03:51:36 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.