198.244.226.85
IP Intelligence Briefing: 198.244.226.85
Date: 2026-05-31
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership:
- ASN: AS16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- Geolocation: London, England, UK (GeoPlausible: Yes)
- Network Role:
- Cloud compute instance (OVH infrastructure)
- Hosting: Yes | CDN: No | Mobile: No | Residential: No
- Services:
- No open ports detected.
- DNS: Linked to `proxy-uk002-san85.ahrefs.net` (Ahrefs).
---
**2. Threat & Behavior**
- Threat Indicators:
- No active threats, malware, or spam sources.
- No DNSBL listings.
- Historical Observations (30d):
- Consistent network classification (OVH).
- Geolocation validated with RTT (90ms avg) and proximity to London.
- DNS records tied to Ahrefs, a legitimate SEO company.
- Behavioral Flags:
- No honeypot hits or suspicious activity.
---
**3. Relationships & Network**
- Key Associations:
- DNS: `proxy-uk002-san85.ahrefs.net` (Ahrefs).
- Network: Part of OVHβs `198.244.128.0/17` subnet.
- Subnet Analysis (198.244.226.85/24):
- Total IPs: 256
- Abuse Density: 0.21 (low risk)
- High-Risk Neighbors: 52 (52%)
- Active IPs: 75 (29.4%)
- Threat-Linked Neighbors: 52 IPs with elevated risk scores.
---
**4. Recommendations**
- Monitoring:
- Track neighbor IPs with high risk scores for potential lateral movement.
- Monitor DNS queries to `proxy-uk002-san85.ahrefs.net` for anomalies.
- Firewall:
- Consider allowing traffic to this IP if itβs part of legitimate Ahrefs infrastructure.
- Block high-risk neighbors identified in the subnet.
- Investigation:
- Verify if the IP is part of a larger Ahrefs infrastructure or a compromised node.
---
**5. Summary**
The IP 198.244.226.85 is part of OVHβs cloud infrastructure and linked to Ahrefs, a legitimate SEO company. While no direct threats are detected, the subnet contains a mix of low- and high-risk IPs. SOC teams should focus on monitoring neighboring IPs and ensuring DNS activity aligns with expected Ahrefs operations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk002-san85.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san85.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-20 05:44:20 UTC |
| Last Seen | 2026-06-28 11:02:52 UTC |
| Profile Built | 2026-06-29 05:07:34 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.