51.195.183.181

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.195.183.181

## Executive Summary

The IP address 51.195.183.181 presents as a moderate-risk infrastructure endpoint hosted on OVH's cloud compute network in London, GB. While the IP itself shows no active threat indicators, it resides within a high-abuse-density subnet (0.6836) with 175 classified threat siblings, warranting enhanced monitoring.

## Infrastructure Profile

Network Identity:

ASN: 16276 (OVH)
Organization: Ahrefs Pte Ltd Dmytro
CIDR: 51.195.0.0/16
Classification: CloudCompute / Hosting Infrastructure

Geolocation:

Country: GB (England, London)
Accuracy Radius: 750km
GeoConsensus: Validated across multiple sources

DNS Resolution:

PTR Hostname: proxy-uk003-san181.ahrefs.net
Forward Resolved: proxy-uk003-san181.ahrefs.net
Domain: ahrefs.net
DNSSEC: Valid
DNSBL Listed: 1 of 8 lists

## Risk Assessment

Current Risk Score: 40 (Moderate Risk)

Risk Breakdown:

Provider Score: 0
Authority Score: 0
Stability Score: 0

Threat Indicators:

Known Attacker: No
Tor Exit Node: No
Spam Source: No
Active Blacklist Campaigns: None
Abuse Confidence Score: Not applicable

Network Role: Firewalled / No Services (no open ports detected)

## Neighborhood Analysis

Subnet: 51.195.183.0.0/24

Abuse Metrics:

Abuse Density: 0.6836 (High Abuse Classification)
Inherited Risk: 27
Total Siblings: 256
Active Siblings: 195
Threat Siblings: 175

Risk Distribution Across Subnet:

High Risk: 0
Medium Risk: 99
Low Risk: 1

The subnet exhibits significant abuse density, with 68% of siblings classified as threat-adjacent. This contextual risk factor suggests the infrastructure may host compromised endpoints or be co-located with malicious activity.

## Historical Observations

Observation Count: 19 signals

Most Recent: 2026-06-15

Key Historical Signals:

Cloud hosting infrastructure classification (confidence: 0.85)
Operator score: 0.2174 (Minimal operator reputation risk)
Geolocation inference: GB with 0.28 confidence
Routing stability: Not route-stable

No persistent malicious behavior patterns detected over observation window.

## Threat Intelligence Context

Campaign Likelihood: None
CERT Matches: 0
Correlated IPs: 0
Known Malware Families: None

## Recommended Actions

For SOC Analysts:

1. Monitor for outbound connections from this IP to known malicious destinations

2. Flag any traffic attempting to establish reverse shells or C2 connections

3. Consider subnet-level monitoring due to high abuse density (0.6836)

4. Review firewall rules for proxy-uk003-san181.ahrefs.net hostnames

5. Alert on any unexpected service openings on this IP (currently firewalled)

Classification: Moderate Risk - Infrastructure Endpoint with High-Abuse Neighborhood Context

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk003-san181.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk003-san181.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	12%	2	2
ownership	20%	2	3
reputation	22%	1	2
geolocation	25%	2	2
Overall	20%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-20 11:46:57 UTC
Last Seen	2026-06-28 11:55:12 UTC
Profile Built	2026-06-29 05:58:41 UTC
Data Freshness	Live
Signal Types	19
Total Observations	23

🔍 19 signal types · 23 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.195.183.181📋 Copy