198.244.183.123
# THREAT INTELLIGENCE BRIEFING
## Target IP: 198.244.183.123/32
Date: 2026-06-20
Classification: Moderate Risk (Score: 40)
Provider: OVH (ASN 16276)
Location: London, England, GB
---
EXECUTIVE SUMMARY
IP address 198.244.183.123 resolves to cloud infrastructure operated by OVH in London, United Kingdom. While the individual IP shows no direct threat indicators (0 blacklist entries, no known campaigns), the IP resides within a subnet classified as "high_abuse" with 76.95% abuse density. The address is associated with the ahrefs.net domain and terminates with no open services.
---
RISK PROFILE
| Metric | Value |
|---|---|
| **Risk Score** | 40 (Moderate Risk) |
| **Abuse Confidence** | Not scored (blacklist count: 0) |
| **Stability Score** | 0 (Unstable) |
| **Provider Score** | 0 |
| **Authority Score** | 0 |
| **Is Cloud** | Yes (OVH) |
| **Is Hosting** | Yes |
| **Service Status** | Firewalled / No Services |
---
GEOLOCATION & OWNERSHIP
- Country: GB (United Kingdom)
- Region: England, London
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- BGP Prefix: 198.244.128.0/17
- CIDR Block: 198.244.183.123/24
- Registration: ARIN
---
NEIGHBORHOOD ANALYSIS โ CRITICAL FINDING
The /24 subnet (198.244.183.123/24) exhibits elevated abuse characteristics:
| Metric | Value |
|---|---|
| **Abuse Density** | 76.95% |
| **Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 190 |
| **Threat Siblings** | 197 |
| **Inherited Risk** | 30 |
| **Risk Distribution** | 100 Medium Risk, 0 High, 0 Low |
Assessment: The subnet shows statistically significant abuse prevalence. Of 100 sampled neighbors, all returned risk scores of 40. This contextual risk factor should be considered alongside the individual IP's moderate risk profile.
---
DNS & HOSTNAME RESOLUTION
| Field | Value |
|---|---|
| **PTR Hostnames** | proxy-uk004-san123.ahrefs.net |
| **Domain** | ahrefs.net |
| **Forward Resolution** | 1 hostname |
| **Forward Confirmed** | No |
| **DNSSEC Valid** | Yes |
| **CAA Records** | Yes |
| **Email Auth (SPF/DMARC)** | Not configured |
Note: The hostname pattern indicates this is an OVH-sanctioned proxy infrastructure endpoint for the ahrefs.net organization.
---
OBSERVATION HISTORY
Total observations: 19
Recent activity timeline:
- 2026-06-20: Threat listings observed (8 total, 2 listed, max severity: high)
- 2026-06-15: Subnet abuse classification confirmed (high_abuse), DNS resolution verified
- 2026-06-15: No attacker/Spam/Tor indicators
Threat Persistence: No persistent malicious activity detected.
---
NETWORK RELATIONSHIPS
- Same Network: Multiple OVH_282347340 network references (12 entries)
- DNS Association: proxy-uk004-san123.ahrefs.net (14 entries)
---
THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Threat Feeds** | Empty |
---
CONTROL PLANE ANALYSIS
| Metric | Value |
|---|---|
| **Operator Score** | 0.2174 (Minimal) |
| **DNSBL Listed** | 1 of 8 lists |
| **Route Stability** | False |
| **Route Changes (30d)** | 0 |
| **RPKI State** | Not applicable |
| **IRR Consistency** | Not applicable |
---
RECOMMENDED ACTIONS
Based on risk profile and neighborhood context, the following controls are recommended:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 198.244.183.123 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 198.244.183.123 drop` |
| **nginx** | `deny 198.244.183.123;` |
| pfSense | Block 198
198.244.183.123/32
| Platform | Recommended Action |
|---|---|
| **pfSense** | Block 198.244.183.123/32 |
| **Cloudflare WAF** | Block 198.244.183.123 (Risk Score 40) |
| **AWS WAF** | Allowlist deny: 198.244.183.123/32 |
---
CONCLUSION
This IP address presents a moderate risk profile (Score: 40) with contextual neighborhood risk. The subnet 198.244.183.0/24 demonstrates high abuse density (76.95%) with 197 of 256 sibling IPs flagged as threat-siblings. While this individual IP shows no direct malicious activity and no known threat indicators, the elevated neighborhood risk suggests the infrastructure is frequently utilized for abusive purposes.
SOC Analyst Guidance:
- Monitor for traffic patterns from this subnet
- Consider blocking at network perimeter if risk tolerance is low
- No immediate threat indicators require urgent response
- Review for correlation with other abuse indicators from OVH UK datacenter
---
END OF INTELLIGENCE BRIEFING
Source: IPDebrief Threat Intelligence Platform
Generated: 2026-06-20
Classification: SOC Internal Use Only
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk004-san123.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk004-san123.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 15:19:05 UTC |
| Last Seen | 2026-06-28 19:41:57 UTC |
| Profile Built | 2026-06-29 01:43:47 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.