198.244.226.183📋 Copy

# INTELLIGENCE BRIEFING: 198.244.226.183

Classification: MODERATE RISK

Date Generated: 2026-06-20

Analyst: IPDebrief SOC Intelligence Unit

---

## EXECUTIVE SUMMARY

IP address 198.244.226.183 resolved to a moderate-risk cloud infrastructure host associated with Ahrefs Pte Ltd. The IP is hosted on OVH infrastructure in London, England, and operates as a cloud computing resource with hosting services enabled. No open ports or active services were detected during service enumeration. The IP exhibits a risk score of 40/100 with minimal operator reputation.

---

## OWNERSHIP & GEOLOCATION

• ASN: 16276 (OVH)
• Organization: Ahrefs Pte Ltd Dmytro
• Country: United Kingdom (GB)
• Region: England
• City: London
• Geolocation Confidence: Low (2 sources, consensus false, plausible false)
• Timezone: Europe/London

The IP address is registered to Ahrefs, a legitimate SEO and web analytics platform. However, geolocation validation failed across multiple probe attempts.

---

## NETWORK INFRASTRUCTURE

• Infrastructure Type: Cloud Compute
• Hosting Status: Active
• Network Classification: Not a CDN, proxy, VPN, or Tor exit node
• IP Type: Public, non-bogon
• Subnet: 198.244.226.183/24
• BGP Prefix: 198.244.128.0/17
• Route Stability: Unstable

Service enumeration returned no open ports, indicating the host is either non-interactive or heavily firewalled. The PTR hostname resolves to proxy-uk002-san183.ahrefs.net, consistent with Ahrefs proxy infrastructure.

---

## THREAT INDICATORS

• Abuse Confidence Score: Not calculated
• Blacklist Status: Listed on 1 of 8 DNSBLs
• Known Attacker: No
• Known Spam Source: No
• Tor Exit Node: No
• Associated Threat Campaigns: None detected

No active threat indicators were identified. The IP does not appear in major threat feeds or known campaign databases.

---

## NEIGHBORHOOD ANALYSIS

The /24 subnet (198.244.226.0/24) exhibits elevated abuse activity:

• Abuse Density: 0.6211 (high_abuse classification)
• Total Subnet Size: 256 addresses
• Active Siblings: 174
• Threat Siblings: 159
• Inherited Risk Score: 24

The subnet contains 100 sampled neighbors with medium-risk classifications (risk scores 40-50). This pattern suggests the subnet is part of a shared hosting environment with multiple active users.

---

## OBSERVATION HISTORY

Signal observation history from June 15-20, 2026, indicates:

• Threat Persistence: 0 days (transient)
• Observation Count: 20 signals recorded
• Recent Activity: Multiple scans and geolocation probes
• Operator Score: 0.2174 (minimal)
• Geolocation Validation: Successful London coordinates (51.5081, -0.1278) with 473.7km distance from probe location
• Network Latency: Average 89.6ms RTT, min 85ms, max 95ms

The IP has been observed sporadically with no persistent malicious behavior detected across the observation window.

---

## RECOMMENDED ACTIONS

Based on the moderate risk profile and high-abuse neighborhood context:

1. Allow with Monitoring: The IP is associated with a legitimate organization (Ahrefs) with no active threat indicators

2. Rate Limiting: Implement connection rate limits to mitigate potential abuse from the shared hosting environment

3. DNSBL Monitoring: Monitor DNSBL listing status; currently listed on 1 of 8 lists

4. Log Analysis: Correlate traffic with known Ahrefs proxy patterns if this IP appears in threat feeds

5. Subnet Awareness: Be aware of elevated abuse activity in the /24 subnet when evaluating related IP traffic

---

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.