51.195.183.230

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 51.195.183.230

Classification: Moderate Risk | Risk Score: 50/100

Reporting Period: 2026-06-15

Analysis Date: 2026-06-15

---

Ownership and Geolocation

The IP address is registered to OVH SAS (ASN 16276) under the organization "Ahrefs Pte Ltd Dmytro". Geolocation data places the endpoint in London, England, United Kingdom (GB) with a 750km accuracy radius. The infrastructure operates on the BGP prefix 51.195.0.0/16 and maintains route stability with no observed route changes over the past 30 days.

Network Role and Infrastructure

The endpoint is classified as CloudCompute infrastructure with a "Firewalled / No Services" designation. No open ports or active services were detected during scanning. DNS resolution confirms the address maps to `proxy-uk003-san230.ahrefs.net` within the ahrefs.net domain space. CAA records are present and DNSSEC validation is confirmed.

Threat Indicators and Reputation

The IP is listed on 2 of 8 DNSBLs, indicating prior abuse associations. Proxy detection signals from multiple sources (proxycheck-io) classify the endpoint as a VPN/proxy with 85% confidence. No Tor exit node activity, known attacker patterns, or spam source indicators were observed. The threat observation count is 1, with no persistent malicious behavior detected.

Neighborhood and Contextual Risk

The /24 subnet (51.195.183.230/24) demonstrates high_abuse classification with an abuse density of 0.668. Of 256 total siblings, 195 are active with 171 classified as threat siblings, yielding an inherited risk score of 26. The neighborhood risk distribution shows 99 medium-risk neighbors and only 1 low-risk neighbor.

Observational History

Twenty-six observations were recorded, with the most recent signal (2026-06-15) confirming:

High-abuse subnet classification (0.668 density)
Proxy/VPN characteristics from proxycheck-io
Domain resolution for ahrefs.net with valid CAA records
Operator score of 0.4348 (labeled "Basic")

---

SOC Actionable Recommendations

Immediate Actions:

1. Monitor closely due to high-abuse neighborhood context (171 threat siblings in /24)

2. Consider rate-limiting or blocking inbound connections given proxy/VPN classification

3. Review DNSBL listings for the 2 known listings to determine severity

Firewall/Policy Rules:

Add to watchlist for traffic correlation
Implement connection rate limiting for outbound traffic from this range
Consider geo-blocking if policy permits for non-business purposes

Threat Hunting Indicators:

Correlate traffic with known Ahrefs service patterns
Monitor for abuse of proxy characteristics
Investigate any outbound connections to non-standard destinations

---

Summary: 51.195.183.230 is a moderate-risk cloud endpoint with proxy characteristics operating in a high-abuse neighborhood. While no direct malicious activity was observed, the contextual risk from neighborhood abuse density warrants defensive monitoring and policy consideration.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	51.195.0.0/16
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk003-san230.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk003-san230.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	27%	2	3
services	15%	2	2
ownership	24%	3	4
reputation	28%	1	3
geolocation	39%	2	3
Overall	28%	12	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-15 08:44:34 UTC
Last Seen	2026-06-28 02:11:05 UTC
Profile Built	2026-06-28 20:17:17 UTC
Data Freshness	Live
Signal Types	26
Total Observations	29

🔍 26 signal types · 29 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.195.183.230📋 Copy