198.244.183.179📋 Copy

# IP INTELLIGENCE BRIEFING

Target: 198.244.183.179/32

Classification: Moderate Risk / Cloud Hosting Infrastructure

Date: 2026-06-20

Risk Score: 40/100

---

## Executive Summary

IP address 198.244.183.179 is a cloud hosting endpoint operated by OVH (ASN 16276) associated with organization Ahrefs Pte Ltd Dmytro. The IP resolves to proxy-uk004-san179.ahrefs.net and is geolocated to London, England. While individual threat indicators are absent, the IP operates within a high-abuse density subnet (0.7812), warranting defensive monitoring and potential blocking.

---

## Ownership and Infrastructure

The IP is classified as cloud-hosted infrastructure with a firewalled service posture. No open ports or active services detected on the endpoint. The hostname prefix "proxy-uk004-san179" indicates a proxy or service node within the UK datacenter.

---

## Threat Assessment

Current Risk Indicators:

• Risk Score: 40 (Moderate)
• Known Campaigns: None
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Blacklist Hits: 0
• DNSBL Listings: 1/8 lists

Control Plane:

• BGP Prefix: 198.244.128.0/17
• Operator Score: 0.2174 (Minimal)
• Route Stability: False
• RPKI State: Not assessed

Temporal Analysis:

• Ownership Changes: 0
• Threat Persistence Days: 0
• Persistently Malicious: False

---

## Neighborhood Analysis (198.244.183.0/24)

The /24 subnet exhibits elevated abuse characteristics:

• Abuse Density: 0.7812 (High Abuse Classification)
• Total Siblings: 256
• Active Siblings: 211
• Threat Siblings: 200
• Inherited Risk Score: 31

Risk Distribution in Subnet:

• High Risk: 0
• Medium Risk: 53
• Low Risk: 47

The subnet demonstrates a concentration of medium to low risk activity, though the high abuse density suggests infrastructure commonly leveraged for malicious purposes.

---

## Relationship Graph

38 Relationships Identified:

• Multiple "Same Network" relationships to network identifier OVH_282347340
• No direct associations to known malicious subnets or campaigns
• No certificate or hostname associations indicating command-and-control infrastructure

---

## Observation History

Total Observations: 19 signals tracked

Recent Observations (2026-06-20):

• 07:02:45 UTC: Subnet abuse classification recorded as high_abuse with 0.7812 density
• 07:02:33 UTC: Geolocation inference for GB with 0.28 confidence (55.38°N, 3.44°W)
• 07:02:07 UTC: Operator score 0.2174 (Minimal)
• 07:05:04 UTC: Cloud hosting infrastructure confirmed (OVH provider)

The IP has shown consistent behavior as cloud infrastructure with no escalation in threat signals.

---

## Recommended Actions

Immediate: Block at perimeter firewall

Firewall Rules Provided:

```bash

# iptables

iptables -A INPUT -s 198.244.183.179 -j DROP

# nftables

nft add rule inet filter input ip saddr 198.244.183.179 drop

# nginx

deny 198.244.183.179;

# pfSense

198.244.183.179/32

# Cloudflare WAF

Block 198.244.183.179 — IPDebrief risk score 40

# AWS WAF

Addresses: 198.244.183.179/32

Description: IPDebrief risk 40

```

Monitoring Recommendations:

1. Monitor for lateral movement within 198.244.183.0/24 subnet

2. Track for DNS query anomalies to ahrefs.net infrastructure

3. Observe for new threat indicators in related OVH network ranges

4. Review inbound connection patterns for automated scanning or brute force activity

---

## Analyst Notes

The IP presents moderate risk primarily due to neighborhood context rather than direct malicious activity. The association with Ahrefs infrastructure (legitimate SEO analytics company) suggests the endpoint may be part of a legitimate service, though the high-abuse subnet context warrants defensive blocking. No active threat indicators were observed, but the subnet-level risk profile supports a block recommendation.

Confidence Level: High (based on multiple data sources and temporal consistency)

Priority: Medium (block recommended but no active campaign correlation)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.