198.244.226.49

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 198.244.226.49/32

Classification: MODERATE RISK (Score: 50/100)

Date: Current Analysis

---

## EXECUTIVE SUMMARY

The target IP 198.244.226.49 is a cloud-hosted infrastructure node operated by OVH (ASN 16276) with legitimate ownership under Ahrefs Pte Ltd. While the IP itself shows no direct threat indicators, it resides within a high-abuse density subnet where 74.6% of sibling addresses are classified as malicious. The IP is currently firewalled with no active services detected.

---

## OWNERSHIP & GEOLOCATION

Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH)
Location: London, England, GB (750km accuracy radius)
Infrastructure: CloudCompute (OVH hosting environment)
Network Classification: Not bogon, not CDN, not proxy/Tor

---

## THREAT INDICATORS

Direct Threats: None detected
Tor Exit Node: False
Known Attacker: False
Spam Source: False
Blacklist Count: 0
Campaign Association: None identified
Threat Persistence: 0 days (not persistently malicious)

---

## NETWORK ENVIRONMENT ANALYSIS

Subnet Context (198.244.226.0/24):

Abuse Density: 0.7461 (HIGH ABUSE CLASSIFICATION)
Total Siblings: 256
Active Siblings: 214
Threat Siblings: 191 (74.6% malicious)
Inherited Risk Score: 29/100

Network Relationships:

42 relationship entries identified
Primary association: Same network (OVH_282347338)
BGP Prefix: 198.244.128.0/17

---

## DNS & SERVICE PROFILE

PTR Hostname: proxy-uk002-san49.ahrefs.net
Forward Hostname: proxy-uk002-san49.ahrefs.net
Resolved Domain: ahrefs.net
Open Ports: None detected
Services: Firewalled / No Services Running
TLS Certificate: Not present
HTTP Banner: Not detected

---

## OBSERVATION HISTORY

Total Observations: 22 signals over observation period

Recent Activity:

2026-06-28: Confirmed cloud infrastructure (OVH) classification
2026-06-20: Geolocation signals (GB), DNS resolution (ahrefs.net), subnet abuse data collected
Pattern: Consistent cloud hosting profile with no behavioral shifts

---

## RISK ASSESSMENT

Factor	Assessment
Direct IP Risk	Moderate (50/100)
Subnet Risk	High (74.6% abuse density)
Provider Risk	Neutral (OVH enterprise hosting)
Service Risk	Low (firewalled/no services)
Threat Correlation	None

Overall: The IP shows legitimate enterprise hosting characteristics but operates in a high-risk subnet environment. Risk is primarily inherited from neighborhood activity rather than direct malicious behavior.

---

## RECOMMENDED ACTIONS

Immediate: Block at perimeter firewall to prevent lateral movement from compromised subnet neighbors

Firewall Rules:

iptables: `iptables -A INPUT -s 198.244.226.49 -j DROP`
nftables: `nft add rule inet filter input ip saddr 198.244.226.49 drop`
Cloudflare WAF: Block with description "IPDebrief risk 50"
AWS WAF: Add 198.244.226.49/32 to blacklist

Contextual Note: While this specific IP shows no malicious indicators, the subnet abuse density warrants consideration of broader subnet-level blocking or enhanced monitoring for the 198.244.226.0/24 range.

---

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk002-san49.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk002-san49.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	13%	1	1
services	15%	2	2
ownership	20%	2	3
reputation	28%	1	3
geolocation	39%	2	3
Overall	25%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 09:12:32 UTC
Last Seen	2026-06-28 18:31:00 UTC
Profile Built	2026-06-29 06:34:20 UTC
Data Freshness	Live
Signal Types	22
Total Observations	24

🔍 22 signal types · 24 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.226.49📋 Copy