51.195.244.162📋 Copy

# INTELLIGENCE BRIEFING: 51.195.244.162/32

Date: Current Analysis

Classification: Moderate Risk (Score: 40/100)

Status: ACTIVE MONITORING

---

## EXECUTIVE SUMMARY

The IP address 51.195.244.162 is a cloud hosting infrastructure node operated by OVH SAS (ASN 16276) in London, United Kingdom. The address resolves to the Ahrefs domain infrastructure (proxy-uk000-san162.ahrefs.net) and currently presents no open services. Despite the absence of active threat indicators, the IP resides within a high-abuse density subnet (51.195.244.0/24) with an abuse density score of 0.8516, indicating significant neighboring IP risk.

---

## IP PROFILE & OWNERSHIP

Address: 51.195.244.162/32

Organization: Ahrefs Pte Ltd Dmytro

ASN: 16276 (OVH SAS)

Location: London, England, GB (51.5095°N, 0.0955°W)

Geolocation Accuracy: 750km radius (consensus: 2 sources)

Infrastructure Type: CloudCompute (hosting provider)

Network Role: Firewalled / No Services Detected

Timezone: Europe/London

DNS Resolution:

• PTR Hostname: proxy-uk000-san162.ahrefs.net
• Domain: ahrefs.net
• Forward Resolution: 1 hostname confirmed
• DNSSEC: Valid
• CAA Records: Present

---

## THREAT INDICATOR ANALYSIS

Current Risk Profile:

• Risk Score: 40 (Moderate)
• Abuse Confidence Score: Not applicable
• Blacklist Count: 0
• Pulsedive Risk: Not available
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Known Campaigns: None identified

Control Plane Data:

• DNSBL Listed: 1 of 8 total lists
• Operator Score: 0.2174 (Minimal)
• BGP Prefix: 51.195.0.0/16
• Route Stability: False
• RPKI State: Not available
• IRR Consistency: Not available

Network Classification Flags:

• Cloud Infrastructure: Yes
• CDN: No
• VPN: No
• Proxy: No
• Tor Network: No
• Hosting Service: Yes
• Mobile: No
• Residential: No
• Bogon: No
• Anycast: No

---

## OBSERVATION HISTORY

Total Observations: 22 signals recorded

Recent Activity Timeline:

• 2026-06-28 18:55:07 UTC: Cloud compute infrastructure confirmed (OVH provider, confidence 0.90)
• 2026-06-20 16:55:43 UTC: Subnet abuse density classified as high_abuse (0.8516)
• 2026-06-20 16:54:04 UTC: OVH cloud infrastructure detected
• 2026-06-20 16:52:00 UTC: Geographic validation confirmed London location (473.7km distance, 96.8ms avg RTT)
• 2026-06-20 16:47:55 UTC: Alienvault OTX pulse activity detected (5 pulses)

Temporal Indicators:

• Threat Observation Count: 1
• Threat Persistence Days: 0
• Is Persistently Malicious: No
• Ownership Changes: 0

---

## NEIGHBORHOOD ANALYSIS

Subnet: 51.195.244.0/24

Abuse Density: 0.8516 (High)

Classification: high_abuse

Inherited Risk Score: 34

Total Sibling IPs: 256

Active Siblings: 228

Threat Siblings: 218

Risk Distribution Among Neighbors:

• High Risk: 0 IPs
• Medium Risk: 28 IPs
• Low Risk: 72 IPs

Sample Neighbor Risk Scores:

• 51.195.244.1: Risk 40, Authority 50
• 51.195.244.0: Risk 25, Authority 50
• 51.195.244.2: Risk 25, Authority 50
• 51.195.244.3: Risk 25, Authority 50
• 51.195.244.4: Risk 25, Authority 50

Analysis: The target IP resides within a highly active abuse subnet. Of 256 total sibling IPs, 218 are classified as threats, representing an 85.16% abuse density. This contextualizes the moderate risk score of the target IP.

---

## RELATIONSHIP GRAPH

Total Relationships: 43 entities linked

Primary Relationship Type: Same Network (OVH_282347336)

• 43 duplicate entries indicate multiple relationships to the same network entity

Relationship Categories:

• Networks: OVH_282347336
• Subnets: 51.195.244.0/24
• Organizations: OVH SAS
• Hostnames: proxy-uk000-san162.ahrefs.net

---

## SERVICES & PORTS

Open Ports: None detected

HTTP Title: None

Server Banner: None

TLS Certificate: None

Certificate Authority: None

Status: The IP appears to be firewalled or configured without exposed services. This aligns with the network role classification of "Firewalled / No Services."

---

## GEOGRAPHIC VALIDATION

Claimed Location: London, GB (51.5081°N, -0.1278°W)

Actual Distance: 473.7km from claimed origin

Minimum Possible RTT: 9.5ms

Observed RTT: 96.8ms average (92-101ms range)

Probe Count: 5

Geo Plausible: Yes

Violation: None detected

---

## RECOMMENDED SECURITY ACTIONS

Risk Score: 40/100

Recommendation Level: Block/Restrict

Firewall Rules:

iptables:

```

iptables -A INPUT -s 51.195.244.162 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr

```

51.195.244.162 drop

```

nginx:

```

deny 51.195.244.162;

```

pfSense:

```

51.195.244.162/32

```

Cloudflare WAF:

```json

{

"description": "Block 51.195.244.162 — IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 51.195.244.162"

}

}

```

AWS WAF:

```json

{

"Addresses": ["51.195.244.162/32"],

"Description": "IPDebrief risk 40"

}

```

---

## CAMPAIGN CORRELATION

Campaign Likelihood: None

CERT Matches: 0

Banner Matches: 0

Correlated IPs: 0

CERT Subjects: None

No active threat campaigns or coordinated attack activity associated with this IP address.

---

## EMAIL REPUTATION

Email Reputation: Not applicable

Has Score: No

Sender Score: Not available

SPF Record: Not configured

DMARC Record: Not configured

TXT Record Count: 0

No email authentication records detected for this IP address.

---

## TRACEROUTE ANALYSIS

Hop Count: 0 (No traceroute data collected)

First Hop RTT: Not available

Last Hop RTT: Not available

Timed Out Hops: 0

Transit Networks: None identified

---

## BEHAVIORAL ANALYSIS

Honeypot Hits: 0

Threat Persistence: 0 days

Behavioral Classification: Standard cloud hosting infrastructure

No anomalous behavioral patterns detected in recent observations.

---

## FINAL ASSESSMENT

Overall Risk Level: MODERATE (40/100)

Key Findings:

1. Infrastructure node within high-abuse density subnet (0.8516)

2. No open services or exposed ports detected

3. Resolves to Ahrefs domain infrastructure

4. No active threat indicators or campaign associations

5. 1 DNSBL listing detected

6. 218 threat siblings identified within /24 subnet

Recommended Action:

Block at perimeter firewall level due to high neighborhood abuse density. Monitor for behavioral changes if services are discovered. No immediate threat indicators require immediate escalation.

---

Report Generated: IPDebrief Intelligence Platform

Analysis Timestamp: Current Session

Data Sources: IPDebrief, RDAP, Multiple Threat Feeds

Confidence Level: 0.90 (Cloud infrastructure classification)

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.