51.195.183.168
# IP Intelligence Briefing: 51.195.183.168/32
Classification: Moderate Risk (Score: 40/100)
Analysis Date: 2026-06-20
Report Type: Single-IP Threat Intelligence Assessment
---
## Executive Summary
IP 51.195.183.168 operates within a high-abuse OVH CloudCompute infrastructure environment. While the individual IP shows no direct threat indicators, it resides in a subnet with significant compromise activity, warranting defensive monitoring and selective blocking.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Registry** | RIPE NCC |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Network Role** | Firewalled / No Services |
DNS Resolution: proxy-uk003-san168.ahrefs.net (ahrefs.net)
BGP Route: 51.195.0.0/16 โ AS1403 โ AS16276
---
## Threat Assessment
Individual IP Signals
- Risk Score: 40 (Moderate)
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- Open Ports: None detected (firewalled)
- Threat Indicators: None identified
Subnet Environment (51.195.183.0/24)
- Abuse Density: 0.7695 (High)
- Classification: high_abuse
- Total Siblings: 256
- Active Siblings: 225
- Threat Siblings: 197
Critical Finding: The subnet exhibits elevated abuse density with 87.5% of active IPs flagged as threats. This indicates a compromised cloud hosting environment with widespread infrastructure abuse.
---
## Temporal Analysis
Observation History: 26 signals tracked
- Recent routing stability confirmed (route changes: 0 in 30 days)
- BGP path consistent with origin AS16276
- DNSBL listed on 1 of 8 total lists
- Operator classification: Basic (score: 0.4348)
---
## Recommended Security Actions
Immediate Mitigation
Block traffic from this IP using the following rules:
```bash
# iptables
iptables -A INPUT -s 51.195.183.168 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.195.183.168 drop
# pfSense
51.195.183.168/32
# nginx
deny 51.195.183.168;
```
Cloud Provider Implementation
Cloudflare WAF:
```json
{
"description": "Block 51.195.183.168 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 51.195.183.168"
}
}
```
AWS WAF:
```json
{
"Addresses": ["51.195.183.168/32"],
"Description": "IPDebrief risk 40"
}
```
---
## Intelligence Notes
1. Infrastructure Context: The IP is associated with Ahrefs domain infrastructure but operates as a firewalled cloud hosting resource. The subnet's high abuse density suggests this may be a compromised shared hosting environment.
2. Risk Mitigation Strategy: While this specific IP shows no active threat indicators, the subnet-level abuse density warrants broader monitoring. Consider implementing subnet-level rate limiting or blocking if business risk permits.
3. False Positive Consideration: The individual IP has no direct threat indicators. Blocking may be justified based on subnet reputation alone, but this should be weighed against potential legitimate use cases.
4. Relationship Graph: 42 relationships identified, all pointing to OVH network infrastructure. No external threat actor affiliations detected.
---
Analyst Note: This IP represents a moderate-risk infrastructure address within a high-abuse cloud environment. Defensive blocking is recommended, but investigate potential business justifications before implementation. Monitor for subnet-level activity escalation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.195.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san168.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san168.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 35% | 3 | 6 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 23:50:40 UTC |
| Last Seen | 2026-06-28 10:38:04 UTC |
| Profile Built | 2026-06-29 04:43:05 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.