51.195.244.223

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.195.244.223/32

Classification: Moderate Risk | Date: 2026-06-20 | Source: IPDebrief Intelligence Platform

---

## Executive Summary

IP address 51.195.244.223 presents a moderate risk profile (score: 40/100) associated with OVH cloud infrastructure in London, UK. The IP is classified as hosting infrastructure with a PTR hostname mapping to the ahrefs.net domain. While no active threat indicators were detected, the IP resides within a subnet exhibiting high abuse density (0.8438) with 216 out of 256 sibling IPs flagged as threats.

---

## Technical Profile

Attribute	Value
IP Address	51.195.244.223/32
Reputation	Moderate Risk (40/100)
Provider	OVH (ASN 16276)
Organization	Ahrefs Pte Ltd Dmytro
Geolocation	GB, England, London
Infrastructure Type	Cloud Compute (Hosting)
DNS PTR	proxy-uk000-san223.ahrefs.net
Network Role	Firewalled / No Active Services

---

## Threat Assessment

Current Threat Indicators: None detected

No known attacker reputation
No spam source classification
No Tor exit node activity
Zero blacklist entries

Control Plane Signals:

DNSBL Listed: 1 of 8 total lists
Operator Score: 0.2174 (Minimal)
RPKI State: Not verified
Route Stability: False

---

## Neighborhood Analysis (51.195.244.0/24)

The /24 subnet demonstrates elevated threat activity:

Total Siblings: 256
Active Siblings: 228
Threat Siblings: 216
Abuse Density: 0.8438 (High)
Inherited Risk: 33/100

Risk distribution within the subnet shows 69 low-risk, 31 medium-risk, and 0 high-risk neighboring IPs, indicating concentrated threat activity rather than widespread abuse.

---

## Historical Observations

Recent signal history (2026-06-20) reveals consistent classification patterns:

Abuse density maintained at 0.8438
Provider consistently identified as OVH
Geolocation signals consistently point to GB (London)
Operator classification stable at "Minimal"
No observed threat persistence patterns

---

## Related Entities

Network Relationships:

40 relationships identified to OVH network infrastructure (OVH_282347336)
Same network associations indicate shared infrastructure footprint

Associated Domain:

ahrefs.net (PTR: proxy-uk000-san223.ahrefs.net)

---

## Recommended Actions

Based on the moderate risk profile and hosting infrastructure classification:

1. Monitor Traffic: Implement passive monitoring for outbound connections to this IP

2. Block if Needed: No immediate blocking required; apply allow-deny rules based on your organization's threat tolerance

3. Subnet Awareness: Monitor the 51.195.244.0/24 subnet due to high abuse density (0.8438)

4. DNS Verification: Verify legitimate ahrefs.net traffic patterns against observed activity

Firewall Rule Example (iptables):

```bash

iptables -A OUTPUT -d 51.195.244.223/32 -m state --state NEW,ESTABLISHED -j ACCEPT

```

---

## Analyst Notes

The IP address appears to be legitimate hosting infrastructure associated with Ahrefs (SEO analytics platform). While the subnet shows elevated abuse density, this is characteristic of OVH cloud hosting environments with multiple tenants. No active malicious indicators were detected. SOC teams should monitor for anomalous traffic patterns rather than applying blanket blocking policies.

---

*Report generated from IPDebrief intelligence data. Last updated: 2026-06-20*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk000-san223.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk000-san223.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	15%	2	2
ownership	20%	2	3
reputation	28%	1	3
geolocation	39%	2	3
Overall	24%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 03:10:14 UTC
Last Seen	2026-06-28 17:47:53 UTC
Profile Built	2026-06-29 05:50:42 UTC
Data Freshness	Live
Signal Types	20
Total Observations	23

🔍 20 signal types · 23 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.195.244.223📋 Copy