198.244.226.94
Threat Intelligence Briefing for IP 198.244.226.94
Overview
- Risk Profile: Moderate risk (40/100) with no direct malicious indicators.
- Ownership: Registered to Ahrefs Pte Ltd (ASN 16276), a legitimate cloud hosting provider.
- Geolocation: London, UK.
- Network Role: Cloud compute infrastructure (OVH) with no open services detected.
Threat Indicators
- DNS Associations: Linked to `proxy-uk002-san94.ahrefs.net`, a legitimate hostname under Ahrefs.
- Route Stability: BGP route is unstable (`isRouteStable`: false), but no active scanning or exploitation observed.
- Subnet Abuse: Part of a /24 subnet with abuse density 0.5977 (moderate risk). Neighbors show 94 medium-risk IPs and 6 low-risk IPs.
Observation History
- One recent observation (June 9, 2026) noted 1 DNSBL listing (out of 8 total lists) with low confidence. No persistent malicious activity detected.
Relationships
- Network: Connected to OVH network (ASN 16276).
- DNS: Direct association with `ahrefs.net`, no email authentication records (SPF/DMArC).
- Subnet: Shares a /24 subnet with 100 sibling IPs, 94% of which have medium-low risk scores.
Recommendations
1. Monitor Subnet: The IP resides in a subnet with moderate abuse density. Continuously monitor for suspicious activity.
2. Verify DNS: Confirm legitimacy of `proxy-uk002-san94.ahrefs.net` and ensure no unauthorized subdomains are registered.
3. Route Stability: Investigate OVH BGP route instability to prevent potential DDoS or misrouting risks.
4. Access Control: Consider blocking the subnet in firewalls if the network is deemed high-risk, but prioritize legitimate traffic from Ahrefs.
Conclusion
This IP is associated with a legitimate cloud provider but is part of a subnet with mixed risk. No direct malicious activity is observed, but its network environment warrants further scrutiny.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san94.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san94.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:58 UTC |
| Last Seen | 2026-06-28 13:59:14 UTC |
| Profile Built | 2026-06-29 08:06:08 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.