51.195.183.226
# IP INTELLIGENCE BRIEFING
Target: 51.195.183.226/32
Classification: Moderate Risk (Score: 40)
Report Generated: 2026-06-20
---
## EXECUTIVE SUMMARY
IP 51.195.183.226 is a cloud hosting infrastructure endpoint operated by Ahrefs Pte Ltd (OVH Network, ASN 16276) with a moderate risk score of 40. The IP is geolocated to London, England and resolves to the ahrefs.net domain. No active threat indicators were detected; however, the IP operates within a high-abuse density subnet (51.195.183.0/24) with 66.8% abuse density and 171 threat-identified sibling IPs out of 256 total addresses.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 (OVH) |
| **Country/Region** | GB / England, London |
| **Infrastructure Type** | CloudCompute / Hosting |
| **DNS Resolution** | proxy-uk003-san226.ahrefs.net |
| **Services** | Firewalled / No Services Detected |
| **Route Stability** | Stable (BGP prefix: 51.195.0.0/16) |
---
## THREAT INDICATORS
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Status: Listed on 1 of 8 DNSBL providers
While the IP itself carries no active threat indicators, the subnet exhibits elevated abuse characteristics with 171 threat-sibling IPs.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 51.195.183.0/24
Abuse Density: 0.668 (High)
Total Siblings: 256
Active Siblings: 195
Threat Siblings: 171
The /24 subnet shows concentrated abuse activity. Risk distribution across siblings: 69 medium-risk, 31 low-risk, 0 high-risk IPs. This suggests the subnet is actively utilized for hosting services but with mixed compliance profiles.
---
## OBSERVATION HISTORY
25 signal observations recorded over recent monitoring period. Most recent signals (2026-06-20):
- Routing Classification: Basic (Operator Score: 0.4)
- Geolocation Confidence: 0.25 (Multi-signal inference)
- DNS Records: CAA records present, domain ahrefs.net confirmed
- Network Classification: Cloud/Hosting (OVH provider)
Route stability confirmed with no observed changes in the past 9244 days. DNSSEC valid with CAA records present.
---
## RELATED ENTITIES
82 relationships identified, primarily network-level associations (OVH_282347339). No correlated malicious campaigns or shared certificate subjects observed.
---
## RECOMMENDED ACTIONS
Based on risk profile and neighborhood context, the following mitigations are recommended:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 51.195.183.226 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 51.195.183.226 drop` |
| **nginx** | `deny 51.195.183.226;` |
| **pfSense** | Block 51.195.183.226/32 |
| **Cloudflare WAF** | Block with expression: `ip.src eq 51.195.183.226` |
| **AWS WAF** | Add 51.195.183.226/32 to block list |
Note: These recommendations are probabilistic and should be combined with other signals before taking action.
---
## ANALYST NOTES
The IP exhibits typical cloud hosting behavior with no evidence of malicious activity. However, the high-abuse-density subnet warrants monitoring. Consider implementing subnet-level rate limiting or geolocation filtering if broader threat patterns emerge. The ahrefs.net association suggests legitimate SEO analytics infrastructure, but the subnet's abuse profile requires ongoing surveillance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.195.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san226.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san226.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 17% | 2 | 3 |
| ownership | 24% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 24% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 21:01:16 UTC |
| Last Seen | 2026-06-28 04:02:30 UTC |
| Profile Built | 2026-06-29 04:07:40 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.