51.195.183.76

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 51.195.183.76/32

Executive Summary

IP address 51.195.183.76 is a cloud-hosted infrastructure endpoint associated with OVH (ASN 16276) and the ahrefs.net domain. The IP demonstrates moderate risk characteristics (score: 40) with elevated neighborhood abuse density (0.668). The address is classified within a high-abuse subnet (51.195.183.0/24) with 171 of 256 total siblings flagged as threats.

Ownership and Infrastructure

Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH)
Country: GB (United Kingdom)
Infrastructure Type: CloudCompute / Hosting
PTR Hostname: proxy-uk003-san76.ahrefs.net
Registration RIR: ARIN
Control Plane: Route stable, RPKI state unknown, DNSSEC valid

Threat Indicators

Risk Score: 40 (Moderate Risk)
DNSBL Status: Listed on 1 of 8 threat feeds
Known Campaigns: None detected
Threat Feeds: No known attacker or spam source indicators
Tor Exit Node: No
Abuse Confidence Score: Not available

Network Context

The IP resides in subnet 51.195.183.0/24, which exhibits high abuse density (0.668). Of 256 total siblings in the subnet, 195 are active with 171 flagged as threat sources. Risk distribution within the neighborhood shows 99 medium-risk peers and 1 low-risk peer. Multiple network relationships trace back to OVH infrastructure cluster OVH_282347339.

Historical Observations (28 Signals)

Recent signal history indicates temporal geolocation inconsistencies with records showing France (2026-06-20) and UK locations. Network classification consistently identifies the endpoint as cloud/hosting infrastructure from OVH. One observation recorded a high-severity DNSBL listing with multiple associated threat categories.

Recommended Actions

1. Monitor Traffic Patterns: The IP's moderate risk score combined with high-abuse neighborhood context warrants traffic monitoring rather than immediate blocking

2. DNSBL Verification: Validate current blacklist status across all 8 listed feeds

3. Contextual Analysis: Investigate any traffic to/from ahrefs.net domain in conjunction with this IP

4. Subnet Awareness: Apply broader subnet-level policies for 51.195.183.0/24 given the 66.8% abuse density

Intelligence Classification

This IP represents a cloud-hosted service endpoint with elevated neighborhood risk. While not definitively malicious, the context of high-abuse subnet placement and DNSBL presence suggests potential for abuse. SOC teams should maintain monitoring while avoiding blanket blocking based on this IP alone.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	51.195.0.0/16
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk003-san76.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk003-san76.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	27%	2	3
services	24%	2	3
ownership	24%	3	4
reputation	28%	1	3
geolocation	25%	2	2
Overall	26%	12	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: FR, GB

📅 Observation Timeline 🔄 Live

First Seen	2026-05-16 21:01:16 UTC
Last Seen	2026-06-28 04:02:50 UTC
Profile Built	2026-06-28 22:08:49 UTC
Data Freshness	Live
Signal Types	27
Total Observations	31

🔍 27 signal types · 31 observations collected

This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.195.183.76📋 Copy