51.195.183.245
# IP Intelligence Briefing: 51.195.183.245/32
Classification: Moderate Risk (Score: 50) | Status: Active Cloud Infrastructure | Date: 2026-06-28
## Executive Summary
IP address 51.195.183.245 is a cloud-based infrastructure endpoint operated by Ahrefs Pte Ltd Dmytro within the OVH network (ASN 16276). The IP is geolocated to London, England, and resolves to a hostname in the ahrefs.net domain space. While the endpoint itself shows moderate risk characteristics with no direct threat indicators, it operates within a high-abuse density subnet (51.195.183.0/24) exhibiting elevated neighborhood threat activity.
## Infrastructure Profile
- Provider: OVH (CloudCompute infrastructure)
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276
- BGP Prefix: 51.195.0.0/16
- Geolocation: London, GB (Europe/London timezone)
- DNS: proxy-uk003-san245.ahrefs.net
- Network Role: Cloud hosting endpoint with firewall protection; no open services detected
## Risk Assessment
The endpoint carries a risk score of 50 (Moderate Risk) with the following characteristics:
- Abuse Confidence Score: Not flagged
- Blacklist Status: 0 entries
- DNSBL Listings: 2 out of 8 total lists
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
The IP shows operator score of 0.2174 (Minimal) with route stability flagged as false. Control plane analysis indicates RPKI state and IRR consistency data unavailable.
## Neighborhood Context
The /24 subnet (51.195.183.0/24) demonstrates elevated abuse density metrics:
- Abuse Density: 0.7695 (High)
- Classification: high_abuse
- Total Subnet IPs: 256
- Active Siblings: 225
- Threat Siblings: 197
This indicates approximately 77% of active neighbors in the subnet are classified as threats. The inherited risk score for this IP is 30, reflecting neighborhood influence despite individual endpoint scoring at 50.
## Historical Trends
Analysis of 24 signal observations reveals evolving subnet characteristics:
- Recent subnet abuse density: 0.3008 (mixed classification, inherited risk 12, threat siblings: 77)
- Current subnet state: 0.7695 abuse density (high_abuse, inherited risk 30, threat siblings: 197)
- Network infrastructure classification: Cloud hosting (confirmed across observations)
- Country attribution: GB (consistent)
The neighborhood abuse profile has deteriorated over the observation period, with threat sibling count increasing from 77 to 197 and inherited risk rising from 12 to 30.
## Relationships
The IP maintains 45 network relationships, predominantly classified as "Same Network" associations with OVH_282347339. No certificate, organization, or hostname relationships beyond the ahrefs.net domain were identified in the relationship graph.
## Security Recommendations
Based on the risk profile and neighborhood context, the following actions are recommended:
1. Monitoring Priority: Medium - Monitor for increased scanning or connection attempts from this subnet given the high neighborhood abuse density
2. Blocklist Decision: Do not block at this time; endpoint not directly blacklisted and associated with legitimate cloud infrastructure
3. Firewall Rules: Consider rate-limiting traffic from 51.195.183.0/24 if unusual connection patterns observed
4. Geolocation Filtering: Traffic legitimately originates from London, GB; no geo-blocking warranted
5. DNS Analysis: Forward resolution confirmed for proxy-uk003-san245.ahrefs.net; verify against internal DNS records
## Intelligence Notes
The IP appears to be part of legitimate cloud hosting infrastructure for Ahrefs, a SEO and web analytics company. The high neighborhood abuse density suggests this subnet may be utilized for various hosting purposes including potentially compromised endpoints. SOC teams should monitor for anomalous behavior patterns from this subnet while avoiding blanket blocking of the entire /24 prefix.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san245.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san245.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:13:26 UTC |
| Last Seen | 2026-06-28 18:49:31 UTC |
| Profile Built | 2026-06-29 06:53:01 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.