# IP INTELLIGENCE BRIEFING
Target: 51.195.183.222/32
Classification: Moderate Risk (Score: 40)
Generated: Current Session
Analysis Level: Full Profile with Historical Context
---
## EXECUTIVE SUMMARY
IP 51.195.183.222 is a cloud-compute infrastructure endpoint owned by Ahrefs Pte Ltd Dmytro, hosted on OVH infrastructure in London, England. While the IP itself shows no direct threat indicators (no blacklisting, no known attacks, no Tor/VPN/proxy classification), it is situated within a /24 subnet (51.195.183.0/24) classified as HIGH ABUSE with an abuse density score of 0.6797. The subnet contains 195 active sibling IPs out of 256 total, with 174 marked as threat-related.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 51.195.183.222/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Location** | London, England, GB |
| **Infrastructure Type** | CloudCompute |
| **Hosting** | Yes |
| **DNS Hostname** | proxy-uk003-san222.ahrefs.net |
| **Services** | None Detected (Firewalled) |
---
## THREAT INDICATORS
Direct Threat Assessment:
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Proxy/VPN: No
- Abuse Confidence Score: Not Available
Control Plane:
- DNSBL Listed Count: 1
- DNSBL Total Lists: 8
- RPKI State: Not Available
- Route Stability: False
- Route Changes (30d): 0
---
## NEIGHBORHOOD ANALYSIS
Subnet: 51.195.183.0/24
Abuse Density: 0.6797 (High)
Classification: high_abuse
Sibling Distribution:
- Total Siblings: 256
- Active Siblings: 195
- Threat Siblings: 174
- Inherited Risk Score: 27
Risk Distribution in Subnet:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
This subnet demonstrates elevated abuse potential, suggesting shared infrastructure usage patterns. The target IP inherits contextual risk from its neighbors.
---
## RELATIONSHIP MAPPING
Direct Associations (29 total):
- Network Relationships: Multiple "Same Network" entries linked to OVH_282347339
- DNS Associations: 16+ DNS entries pointing to proxy-uk003-san222.ahrefs.net
- Hostname: proxy-uk003-san222.ahrefs.net (Ahrefs corporate domain)
The IP resolves to Ahrefs-branded infrastructure, indicating legitimate hosting within the Ahrefs ecosystem. Multiple DNS associations suggest the IP may serve as part of a distributed proxy or caching infrastructure.
---
## OBSERVATION HISTORY
Total Observations: 21 signals tracked
Recent Activity (2026-06-15):
- Operator Score: 0.2174 (Minimal)
- Geolocation Signal: Confirmed (London, GB)
- Subnet Abuse Signal: High abuse classification maintained
- Service Scan: No open ports detected
- Banner/Campaign Scan: No matches
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: False
The IP has shown stable behavior with no recent malicious activity escalation.
---
## RECOMMENDED ACTIONS
Based on risk score (40) and neighborhood context (high_abuse), the following firewall rules are recommended:
Firewall Blocking Rules:
```bash
# iptables
iptables -A INPUT -s 51.195.183.222 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.195.183.222 drop
# nginx
deny 51.195.183.222;
# pfSense
51.195.183.222/32
# Cloudflare WAF
{"description":"Block 51.195.183.222 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 51.195.183.222"}}
# AWS WAF
{"Addresses":["51.195.183.222/32"],"Description":"IPDebrief risk 40"}
```
Decision Guidance:
- Block: Recommended due to high-abuse neighborhood context (0.6797 abuse density, 174 threat siblings)
- Monitor: Alternative if blocking disrupts legitimate Ahrefs services
- Allow: Not recommended without additional context; neighborhood risk warrants caution
---
## INTELLIGENCE ASSESSMENT
The IP 51.195.183.222 presents a contextual risk profile. While the endpoint itself shows no direct malicious indicators, its location within a high-abuse OVH subnet (51.195.183.0/24) creates elevated risk for compromise or misuse. The infrastructure is branded to Ahrefs (legitimate SEO tools company), which suggests legitimate enterprise use, but the subnet's abuse density indicates potential for shared infrastructure exploitation.
Risk Level: Moderate
Action Priority: Medium-High (due to neighborhood context)
Monitoring Recommendation: Enable logging and periodic re-assessment if traffic patterns change.
---
*Report prepared by IPDebrief Intelligence Analysis System*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san222.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san222.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 15:39:17 UTC |
| Last Seen | 2026-06-28 09:24:32 UTC |
| Profile Built | 2026-06-29 03:29:48 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.