# IP Intelligence Briefing: 198.244.226.62
Date: 2026-06-28
Classification: Moderate Risk
Risk Score: 40/100
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP 198.244.226.62 is a firewalled hosting endpoint registered to Ahrefs Pte Ltd Dmytro under ASN 16276 (OVH SAS). While the IP currently shows no active blacklist listings, historical signals indicate threat activity and the associated /24 subnet demonstrates elevated abuse density. The IP resolves to ares.net infrastructure proxy hostname with no exposed services, suggesting defensive hardening but potential abuse as a proxy or relaying endpoint.
---
## Technical Profile
Ownership & Infrastructure:
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276 (OVH SAS)
- RIR: ARIN
- Location: London, England, GB
- Infrastructure Type: Cloud Hosting (OVH)
- Geolocation Consensus: Inconsistent across sources (geoPlausible: true, geoConsensus: false)
Network Classification:
- Provider: OVH
- Network Role: Hosting / Cloud Infrastructure
- Connection Type: Cloud Compute
- Firewall Status: Active (no open ports detected)
- DNS: proxy-uk002-san62.ahrefs.net (forward resolution confirmed)
Threat Indicators:
- Current Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None identified
- Historical Threat Observations: 1 signal
---
## Network Neighborhood Assessment
Subnet: 198.244.226.0/24
- Abuse Density: 0.7383 (High Abuse Classification)
- Inherited Risk Score: 29/100
- Total Subnet Siblings: 256
- Active Siblings: 214
- Threat Sibling Count: 189
- Risk Distribution: High (0), Medium (43), Low (57)
The parent subnet exhibits significant abuse concentration with 73% of active endpoints flagged as threat indicators. This contextualizes 198.244.226.62 within a compromised network segment.
---
## Observation History
Total Observations: 25 signals
Most Recent Activity: 2026-06-28
Key Historical Signals:
1. Threat Indicators: Multiple pulse feed detections observed on 2026-06-28
2. Provider Classification: OVH cloud hosting confirmed with high confidence (0.90)
3. Subnet Classification: High abuse density (0.7383) documented on 2026-06-20
4. Operator Score: 0.2174 (Minimal label)
---
## Relationship Graph
Total Relationships: 53
- Network Relationships: Multiple connections to OVH network OVH_282347338
- Infrastructure Linkage: Strong correlation to OVH hosting infrastructure
The IP demonstrates extensive network-level relationships consistent with OVH hosting infrastructure, with no evidence of organizational separation from parent network.
---
## Recommended Actions
Risk Threshold: 40/100 (Moderate Risk)
Blocking Recommendations:
```bash
# iptables
iptables -A INPUT -s 198.244.226.62 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.226.62 drop
# nginx
deny 198.244.226.62;
# pfSense
198.244.226.62/32
# Cloudflare WAF
ip.src eq 198.244.226.62 (action: block)
# AWS WAF
Addresses: ["198.244.226.62/32"]
```
---
## Intelligence Assessment
Threat Level: Moderate
Action Required: Block recommended pending additional context
Key Findings:
1. Subnet Context: The /24 subnet (198.244.226.0/24) demonstrates high abuse density with 189 threat-sibling IPs, indicating potential infrastructure compromise or abuse of legitimate hosting resources
2. Current Status: No active blacklist listings or service exposure detected
3. Historical Signals: Threat activity documented in recent observation window
4. Infrastructure: Legitimate hosting infrastructure (ahrefs.net) but deployed in high-risk network segment
Recommendation: Apply blocking rules as recommended. Monitor for changes in threat profile or emergence of active services. Consider subnet-level filtering if traffic patterns warrant broader restrictions.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san62.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san62.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:16 UTC |
| Last Seen | 2026-06-28 11:43:28 UTC |
| Profile Built | 2026-06-29 05:47:17 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.