198.244.183.165
Threat Intelligence Briefing for IP 198.244.183.165
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (AS16276)
- Ownership: Ahrefs Pte Ltd (registered with ARIN)
- Geolocation: London, England, UK (plausible, 473.7 km from probe, 94 ms avg RTT)
- Network Role: CloudCompute (OVH-hosted, no public services)
- Threat Indicators: No malicious activity detected; no spam, Tor, or known attacker flags.
---
**2. Observation History**
- Subnet Abuse Density: 67.97% (high abuse classification).
- Neighbor Risk: 27% inherited risk from subnet; 174 threat siblings in /24 range.
- Geolocation Consistency: Plausible (London, UK) with 5 probes.
- Network Stability: Route instability detected (0.2174 operator score, "Minimal" label).
---
**3. Relationships & Context**
- Linked Entities:
- Network: OVH_282347340 (same /24 subnet).
- DNS: Points to `proxy-uk004-san165.ahrefs.net` (Ahrefs infrastructure).
- Subnet: 198.244.183.165/24 with 256 total IPs, 138 active, 174 flagged as threats.
- DNSSEC: Valid; CAA record present.
---
**4. Neighborhood Analysis**
- Subnet Risk: High abuse density (0.6797), 27% inherited risk.
- Neighbor IPs: 100+ IPs in range; 100% risk distribution (medium/high).
- Abuse Classification: Subnet labeled "high_abuse" with 174 threat siblings.
---
**5. Recommended Actions**
- Block IP:
- `iptables -A INPUT -s 198.244.183.165 -j DROP`
- `nft add rule inet filter input ip saddr 198.244.183.165 drop`
- Cloudflare/WAF/AWS rules available in full profile.
- Monitor Subnet: High abuse density suggests potential lateral movement or compromised hosts.
- Verify DNS: Confirm `proxy-uk004-san165.ahrefs.net` is legitimate (Ahrefs infrastructure).
---
**6. Summary**
This IP is part of a high-risk subnet (198.244.183.165/24) with 68% abuse density. While the IP itself shows no direct malicious activity, its network context warrants closer scrutiny. Monitor for unusual traffic patterns and consider isolating the subnet to mitigate potential threats.
Next Steps: Cross-check with Ahrefs for network legitimacy; enhance subnet monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk004-san165.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk004-san165.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:56 UTC |
| Last Seen | 2026-06-28 15:45:05 UTC |
| Profile Built | 2026-06-29 09:51:06 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.