51.195.183.142
IPDEBRIEF THREAT INTELLIGENCE BRIEFING
IP Address: 51.195.183.142/32
Date: Current Analysis
---
EXECUTIVE SUMMARY
IP 51.195.183.142 presents moderate risk (score 40) with significant contextual threat indicators. The IP is hosted on OVH infrastructure in London, GB, and is associated with the ahrefs.net domain. While no direct threat indicators are present in the current profile, the subnet exhibits elevated abuse density (0.7695), with 197 out of 225 active sibling IPs classified as threats. System-generated firewall rules recommend blocking this address across major security platforms.
---
PROFILE CHARACTERISTICS
Network & Provider:
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Network Block: 51.195.0.0/16
- Infrastructure Type: Hosting environment
Geolocation:
- Country: Great Britain (GB)
- Region: England
- City: London
- Timezone: Europe/London
- Note: Geo data shows consensus inconsistency across sources
DNS Resolution:
- PTR Hostnames: proxy-uk003-san142.ahrefs.net
- Forward Resolution: ahrefs.net
- Forward Confirmation: Failed
- DNSSEC: Valid
- CAA Records: Present
Services:
- Open Ports: None detected
- TLS Certificate: Not present
- HTTP Title: Not present
- Classification: Firewalled / No Services
---
THREAT INDICATORS
Current Status:
- Risk Score: 40 (Moderate Risk)
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Campaigns: None
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
- Abuse Confidence Score: Not calculated
---
NEIGHBORHOOD ANALYSIS
Subnet: 51.195.183.0/24
Abuse Metrics:
- Abuse Density: 0.7695 (HIGH)
- Classification: high_abuse
- Total Siblings: 256
- Active Siblings: 225
- Threat Siblings: 197
- Inherited Risk Score: 30
Risk Distribution:
- High Risk: 0
- Medium Risk: 41
- Low Risk: 59
Key Finding: Despite the target IP's moderate risk score, the /24 subnet demonstrates high abuse density with nearly 200 threat siblings. This contextual signal elevates the threat posture.
---
OBSERVATION HISTORY
Total Observations: 22
Recent Signal Activity (June 2026):
- 2026-06-28: Threat signal detected via AlienVault OTX (confidence 0.85) with 7 associated threat pulses
- 2026-06-20: DNS CAA records observed for ahrefs.net
- 2026-06-20: Network classification confirmed as OVH hosting infrastructure
- 2026-06-20: Subnet abuse classification confirmed (high_abuse, 0.7695 density)
- 2026-06-20: Geolocation inference suggested GB (confidence 0.28)
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: No
---
RELATIONSHIP ANALYSIS
Total Relationships: 45
Network Relationships:
- Primary Network: OVH_282347339
- Relationship Type: Same Network (all 45 relationships)
- No external relationships to organizations, hostnames, or certificates identified
Campaign Correlation:
- Campaign Likelihood: None
- Certificate Matches: 0
- Correlated IPs: 0
---
RECOMMENDED ACTIONS
Block Recommendations:
Based on the IP's risk profile (40) and subnet context (high abuse density), the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 51.195.183.142 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 51.195.183.142 drop
```
nginx:
```
deny 51.195.183.142;
```
pfSense:
```
51.195.183.142/32
```
Cloudflare WAF:
```
{
"description": "Block 51.195.183.142 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 51.195.183.142"
}
}
```
AWS WAF:
```
{
"Addresses": ["51.195.183.142/32"],
"Description": "IPDebrief risk 40"
}
```
Note: These recommendations are probabilistic and should be combined with other signals before taking action.
---
INTELLIGENCE ASSESSMENT
This IP exhibits characteristics consistent with legitimate hosting infrastructure (ahrefs.net domain association), but operates within a high-abuse subnet. The presence of threat pulses in recent history and the subnet's 77% abuse density suggest potential for malicious activity from this address. While no direct attack indicators are present in the current profile, the contextual risk from the neighborhood warrants defensive posture.
Priority: Monitor / Block
Classification: Moderate Risk with High Contextual Threat
Recommended Action: Implement blocking rules across perimeter defenses; monitor for traffic patterns inconsistent with hosting services.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san142.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san142.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:03 UTC |
| Last Seen | 2026-06-28 11:17:17 UTC |
| Profile Built | 2026-06-29 05:22:21 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.