198.244.183.194
# IP INTELLIGENCE BRIEFING
Target: 198.244.183.194/32
Classification: Moderate Risk โ Cloud Infrastructure Node
Date: Current Intelligence Cycle
---
## EXECUTIVE SUMMARY
IP 198.244.183.194 is a cloud computing endpoint hosted within OVH infrastructure, operated by Ahrefs Pte Ltd. The IP shows moderate risk characteristics (Risk Score: 40) with no direct threat indicators. The address belongs to a high-abuse density subnet (198.244.183.0/24) requiring contextual monitoring. No immediate blocking actions recommended; maintain standard operational procedures.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Geolocation** | London, England, GB |
| **Infrastructure** | OVH Cloud Compute (Hosting) |
| **Network Class** | Cloud Infrastructure |
| **DNS Resolution** | proxy-uk004-san194.ahrefs.net |
| **Domain** | ahrefs.net |
The IP is part of Ahrefs' UK-based hosting infrastructure. The PTR hostname indicates this is a proxy or server endpoint within their distributed network architecture.
---
## THREAT ASSESSMENT
Risk Indicators
- Overall Risk Score: 40/100 (Moderate)
- Abuse Confidence: Not scored (null)
- Blacklist Status: 0 direct blacklists
- DNSBL Status: Listed on 1 of 8 DNSBL sources
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
Service Exposure
- Open Ports: None detected
- HTTP/HTTPS: No services running
- Status: Firewalled / No Services
The target is a passive infrastructure node with no active service exposure. This significantly reduces immediate threat potential despite subnet-level abuse characteristics.
---
## SUBNET CONTEXT (198.244.183.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7891 (High) |
| **Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 211 |
| **Threat Siblings** | 202 |
| **Inherited Risk** | 31/100 |
Analysis: The /24 subnet exhibits elevated abuse activity. Of 256 potential IPs, 202 are classified as threats and 211 are actively generating signals. This suggests coordinated infrastructure usage within the subnet. However, the target IP itself shows no direct malicious activity.
Neighboring IP Risk Distribution:
- High Risk: 0
- Medium Risk: 22
- Low Risk: 78
---
## OBSERVATION HISTORY
Signal Count: 22 observations recorded
Most Recent Activity: June 20, 2026
Key Historical Signals:
1. Subnet Classification: High abuse density (0.7891) โ consistent across recent observations
2. Provider Classification: OVH cloud infrastructure โ stable
3. Geolocation: London, GB โ with 750km accuracy radius
4. Network Path: 198.244.128.0/17 BGP prefix โ stable assignment
5. Operator Score: 0.2174 (Minimal) โ indicates low operator-level threat
The IP demonstrates persistent infrastructure characteristics with no evidence of behavior change or threat escalation.
---
## RELATIONSHIP ANALYSIS
Detected Relationships: 52 total
Primary Classification: Same Network (OVH_282347340)
All relationships indicate the IP belongs to OVH's broader network infrastructure. No associations with known malicious campaigns or campaign-related entities were identified.
---
## RECOMMENDED ACTIONS
Firewall Rules
Status: NO ACTION REQUIRED
No blocking rules recommended. The IP shows no active malicious behavior and is part of legitimate cloud infrastructure.
Monitoring Recommendations
1. Passive Monitoring: Continue standard passive scanning for this IP
2. Subnet Awareness: Monitor 198.244.183.0/24 for broader threat patterns
3. Threshold Monitoring: Flag any services opening on this IP that were previously firewalled
4. Correlation: Cross-reference with Ahrefs threat intelligence feeds if available
SOC Analyst Notes
- Do Not Block: Legitimate infrastructure endpoint
- Context: High-abuse subnet does not automatically indicate malicious activity on individual IPs
- Priority: Low โ no immediate threat
- Review Interval: Standard operational monitoring
---
## END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk004-san194.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk004-san194.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:56 UTC |
| Last Seen | 2026-06-28 15:45:35 UTC |
| Profile Built | 2026-06-29 03:49:18 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.