198.244.226.95
# THREAT INTELLIGENCE BRIEFING
Target IP: 198.244.226.95/32
Classification: Low Risk - Cloud Infrastructure
Report Date: 2026-06-27
---
## EXECUTIVE SUMMARY
IP 198.244.226.95 is a low-risk residential proxy endpoint (Risk Score: 25) operating within OVH cloud infrastructure in London, England. The IP belongs to Ahrefs Pte Ltd and resolves to a firewall endpoint for the ahrefs.net domain. While the IP itself shows minimal threat activity, it resides in a subnet with elevated abuse density (0.4102), requiring contextual monitoring.
---
## NETWORK PROFILE
Ownership & Registration:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- Location: London, England, GB (750km accuracy)
- Infrastructure Type: CloudCompute / Hosting
- CIDR Block: 198.244.128.0/17
DNS & Resolution:
- PTR Hostname: proxy-uk002-san95.ahrefs.net
- Forward Resolution: proxy-uk002-san95.ahrefs.net
- Email Authentication: No SPF/DMARC records configured
- DNSSEC: Valid
- CAA Records: Present
Network Services:
- Open Ports: None detected
- Service Status: Firewalled / No Services
- TLS/Certificates: None
---
## THREAT INDICATORS
Current Risk Assessment:
- Overall Risk Score: 25 (Low Risk)
- Abuse Confidence: Not available
- Blacklist Status: Listed on 1 of 8 DNSBLs
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane:
- Route Stability: Not stable
- Operator Score: 0.087 (Minimal)
- IRR Consistency: Not available
- RPKI State: Not available
---
## OBSERVATION HISTORY (24 Signals)
Temporal Analysis:
- Recent Activity: Observations recorded 2026-06-26 through 2026-06-27
- Threat Persistence: 0 days
- Ownership Changes: 0
- Signal Types: Routing, ownership, reputation, DNS
Key Signals:
- 2026-06-27: Operator score 0.087 (Minimal), confidence 0.30
- 2026-06-26: Subnet abuse density 0.4102 (mixed classification), confidence 0.75
- 2026-06-26: DNS CAA records resolved for ahrefs.net, confidence 0.80
Trend Assessment: IP has shown stable operational parameters with minimal threat evolution over the observation window.
---
## NETWORK RELATIONSHIPS
Identified Connections:
- Same Network: 52 relationships to OVH_282347338
- Infrastructure: OVH cloud network
- Campaign Correlations: 0
- Cert Matches: 0
---
## SUBNET ANALYSIS (198.244.226.0/24)
Abuse Density Metrics:
- Total Siblings: 256
- Active Siblings: 216
- Threat Siblings: 105
- Abuse Density: 0.4102 (41%)
- Classification: Mixed
Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 77 IPs
- Low Risk: 23 IPs
Notable Neighbors:
- 198.244.226.0 (Risk: 50)
- 198.244.226.1 (Risk: 40)
- 198.244.226.2 (Risk: 40)
- 198.244.226.3 (Risk: 50)
- 198.244.226.4 (Risk: 40)
Context: The subnet exhibits mixed usage patterns with 41% abuse density. The target IP (198.244.226.95) maintains a risk score of 25, significantly lower than subnet average, indicating legitimate operational use.
---
## RECOMMENDED ACTIONS
Current Recommendations: None (probabilistic)
Suggested Monitoring:
1. Subnet Context: Monitor 198.244.226.0/24 for coordinated activity given 41% abuse density
2. Baseline Establishment: Track normal traffic patterns for proxy-uk002-san95.ahrefs.net
3. Reputation Validation: Confirm DNSBL listing status across 8 total lists
4. Threat Correlation: Monitor for any association with known Ahrefs-related campaigns
Firewall Rules: No immediate blocking recommended. Standard logging and rate limiting advised.
---
## INTELLIGENCE CONCLUSIONS
Threat Level: LOW
Assessment: The IP 198.244.226.95 represents legitimate cloud infrastructure hosting for Ahrefs. The low risk score (25) and absence of direct threat indicators suggest benign operational use. The IP should be treated as a known infrastructure endpoint rather than a threat source.
Action Priority: MONITOR
Contextual Warning: While the individual IP shows minimal risk, the subnet's 41% abuse density warrants awareness. Network defenders should correlate traffic patterns with known ahrefs.net service endpoints to distinguish legitimate from anomalous traffic.
---
*Data Source: IPDebrief Intelligence Platform*
*Classification: Defensive Security Intelligence*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk002-san95.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk002-san95.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:10:47 UTC |
| Last Seen | 2026-06-27 20:01:06 UTC |
| Profile Built | 2026-06-28 14:04:55 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.