51.195.244.125
IP Intelligence Briefing: 51.195.244.125
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Ownership: Ahrefs Pte Ltd (OVH network, ASN 16276)
- Geolocation: London, England, UK (GeoPlausibility: False)
- Network Role: CloudCompute (OVH infrastructure, hosting services)
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or abuse reports).
---
**2. Observation History (Last 30 Days)**
- Stability: Low (route stability score: 0.2174).
- Risk Trends: Moderate risk score (40) with no significant changes.
- Geolocation: Consistent with London, UK, but geo-validation failed (accuracy radius: 750km).
---
**3. Relationships**
- Network Associations:
- Linked to OVH_282347336 (same network).
- DNS: proxy-uk000-san125.ahrefs.net (likely part of Ahrefs' infrastructure).
- No malicious relationships detected.
---
**4. Neighborhood Analysis**
- Subnet: 51.195.244.125/24
- Abuse Density: High (69.02% of subnet IPs flagged as abusive).
- Neighbor Risk: 100% of siblings in the subnet have risk scores (average: 40).
- Threat Siblings: 176/255 IPs in subnet are flagged as abusive.
---
**5. Recommended Actions**
- Block IP: Implement firewall rules to block traffic from 51.195.244.125/32 (see below).
- Monitor Subnet: Given the high abuse density, investigate potential lateral movement or compromised hosts in the 51.195.244.0/24 subnet.
- Verify Ownership: Confirm Ahrefs' awareness of this IP's activity, as it may be a legitimate server but resides in a risky network.
---
**Firewall Rules (Sample)**
- iptables:
```bash
iptables -A INPUT -s 51.195.244.125 -j DROP
```
- nftables:
```bash
nft add rule inet filter input ip saddr 51.195.244.125 drop
```
- Cloudflare WAF:
```json
{
"action": "block",
"filter": {
"expression": "ip.src eq 51.195.244.125"
}
}
```
---
**Conclusion**
The IP 51.195.244.125 is associated with Ahrefs Pte Ltd and resides in a subnet with high abuse density. While the IP itself shows no direct malicious indicators, the surrounding network warrants further investigation. SOC teams should monitor this subnet for potential lateral movement or compromised hosts and consider blocking the IP if it is not critical to operations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san125.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san125.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:13:29 UTC |
| Last Seen | 2026-06-28 18:54:34 UTC |
| Profile Built | 2026-06-29 06:58:42 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.