51.195.183.170
# IP INTELLIGENCE BRIEFING: 51.195.183.170/32
Classification: MODERATE RISK | Status: ACTIVE OBSERVATION
---
## EXECUTIVE SUMMARY
IP 51.195.183.170 is a hosting infrastructure endpoint operated by Ahrefs Pte Ltd Dmytro through OVH (ASN 16276). The IP resolves to a firewall-backed ahrefs.net endpoint with no open services. Geographic positioning indicates London, England. While the IP carries a moderate risk score of 40, the broader /24 subnet exhibits elevated abuse density (0.707) with 181 of 256 sibling IPs classified as threats.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | 16276 (OVH) |
| RIR | RIPE NCC |
| CIDR Block | 51.195.0.0/16 |
| Network Type | Hosting Infrastructure |
| Registration | Legacy (9,231 days) |
Network Role: The IP is classified as hosting infrastructure with "Firewalled / No Services" designation. No open ports or TLS certificates detected.
---
## GEOLOCATION & NETWORK CLASSIFICATION
- Country: Great Britain (GB)
- Region: England, London
- Coordinates: 55.38°N, -3.44°W (inference)
- Accuracy: 750 km radius
- Reverse DNS: proxy-uk003-san170.ahrefs.net
- Forward DNS: ahrefs.net
- DNSSEC: Valid
- BGP Origin: 57866 โ 16276 (OVH)
- Route Stability: Stable (0 route changes in 30 days)
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Campaign Association | None |
| Abuse Confidence | Not Available |
DNSBL Evidence: IP appears on 1 of 8 DNS blacklist feeds, indicating potential reputation issues despite being a legitimate hosting endpoint.
---
## SUBNET NEIGHBORHOOD ANALYSIS (51.195.183.0/24)
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 208 |
| Threat Siblings | 181 |
| Abuse Density | 0.707 (High) |
| Inherited Risk | 28 |
Neighbor Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 99 IPs
- Low Risk: 1 IP
Key Observations: The /24 subnet demonstrates concentrated abuse activity. 181 of 208 active IPs are classified as threats. The target IP (170) carries a risk score of 40, aligning with the subnet's elevated threat profile.
---
## OBSERVATION HISTORY (30 RECENT SIGNALS)
Latest Activity: 2026-06-23
| Signal Type | Confidence | Observation |
|---|---|---|
| DNS Resolution | 80% | ahrefs.net |
| Geolocation | 28% | GB (England) |
| Network Provider | 85% | OVH |
| Operator Score | 60% | Basic (0.35) |
| Overall Profile | 26% | 17 total observations |
Persistence Assessment: No persistent malicious behavior detected. Single threat observation recorded.
---
## RELATIONSHIP GRAPH
- Total Relationships: 55
- Primary Association: OVH Network (OVH_282347339)
- Network Relationships: 50+ duplicate network associations
- Hostname/Org Links: Not explicitly enumerated
---
## RECOMMENDED ACTIONS
1. Monitoring: Flag for enhanced monitoring due to high-abuse subnet context (0.707 density)
2. DNSBL Review: Investigate DNSBL listing cause (1 of 8 lists)
3. Contextual Analysis: Correlate with other IPs in 51.195.183.0/24 subnet exhibiting similar threat patterns
4. Traffic Policy: Consider rate limiting if inbound connections exceed thresholds
5. Reputation Baseline: Monitor for changes in abuse confidence score
---
## THREAT ASSESSMENT
This IP represents a moderate-risk hosting endpoint operating within a high-abuse density subnet. While the IP itself is associated with legitimate ahrefs.net infrastructure, the elevated subnet abuse rate (0.707) suggests potential compromise of neighboring addresses or shared infrastructure risks. No direct malicious indicators detected at the IP level, but contextual risk warrants continued observation.
Priority Level: MEDIUM | SOC Action: Monitor, Correlate, Contextualize
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.195.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san170.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san170.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 24% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 25% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:25 UTC |
| Last Seen | 2026-06-27 06:33:20 UTC |
| Profile Built | 2026-06-28 06:42:16 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 31 |
Full dossier details are available via our API.