## INTELLIGENCE BRIEFING: 198.244.183.10
Classification: Moderate Risk | Date: 2026-06-20
Executive Summary
IP 198.244.183.10 operates as cloud infrastructure (OVH, ASN 16276) in London, UK. The IP resolves to ahosts.net domain (proxy-uk004-san10.ahrefs.net) and exhibits moderate risk (score: 40) with elevated neighborhood abuse density. While not flagged as a known attacker, the subnet shows significant malicious activity correlation requiring defensive monitoring.
Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Provider** | OVH (Cloud Compute) |
| **Geolocation** | London, England, GB |
| **ASN** | 16276 |
| **DNS** | proxy-uk004-san10.ahrefs.net |
| **Infrastructure** | Cloud hosting, no open services detected |
Threat Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
- Campaign Correlation: None identified
Neighborhood Analysis (198.244.183.0/24)
- Abuse Density: 0.793 (High Abuse Classification)
- Threat Siblings: 203 of 256 active IPs
- Inherited Risk: 31
- Medium Risk Neighbors: 27 of 100 sampled neighbors
Control Plane Status
- Route Stability: False (instability detected)
- BGP Prefix: 198.244.128.0/17
- DNSSEC: Valid
- CAA Records: Present
Observations History
20 signal observations tracked. Recent signals confirm cloud hosting infrastructure classification. Control plane indicators show route changes over the past 30 days, suggesting potential infrastructure reconfiguration.
Recommended Actions
Based on risk profile and neighborhood context, the following defensive measures are recommended:
```bash
# iptables
iptables -A INPUT -s 198.244.183.10 -j DROP
# nftables
nft add rule inet filter input ip saddr 198.244.183.10 drop
# nginx
deny 198.244.183.10;
# pfSense
198.244.183.10/32
# Cloudflare WAF
{
"description": "Block 198.244.183.10 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 198.244.183.10"
}
}
# AWS WAF
{
"Addresses": ["198.244.183.10/32"],
"Description": "IPDebrief risk 40"
}
```
Analyst Notes
The IP should be blocked at the perimeter due to elevated neighborhood abuse density and DNSBL listings. The subnet exhibits high malicious activity correlation, making continued traffic from this IP potentially associated with compromised or abusive operations. Monitor for related IPs from the same /24 subnet. The moderate risk score combined with high neighborhood density suggests this IP may be part of broader infrastructure used for coordinated attacks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk004-san10.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk004-san10.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:14 UTC |
| Last Seen | 2026-06-28 11:40:46 UTC |
| Profile Built | 2026-06-29 05:44:57 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.