51.195.244.168
## IP INTELLIGENCE BRIEFING: 51.195.244.168/32
Classification: Low Risk | Report Date: Current | Status: Active Monitoring
---
EXECUTIVE SUMMARY
Target IP 51.195.244.168 is a low-risk cloud compute resource hosted within OVH infrastructure in London, United Kingdom. The IP resolves to a legitimate ahrefs.net domain (SEO analytics provider) with no active services detected. Neighborhood analysis indicates moderate abuse density within the /24 subnet, warranting contextual awareness but no immediate blocking action.
---
OWNERSHIP & NETWORK CLASSIFICATION
- IP Address: 51.195.244.168/32
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Country/Region: GB / ENG (London)
- Infrastructure Type: Cloud Compute / Hosting
- Provider Classification: OVH Cloud Network
- BGP Prefix: 51.195.0.0/16
- Route Stability: Stable (0 route changes in 30 days)
- RPKI State: Valid
---
THREAT ASSESSMENT
- Risk Score: 10/100 (Low Risk)
- Reputation: Low Risk
- Abuse Confidence Score: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None identified
---
DNS & RESOLUTION ANALYSIS
- PTR Record: proxy-uk000-san168.ahrefs.net
- Forward Resolution: ahrefs.net (1 hostname)
- Domain: ahrefs.net
- Email Authentication: SPF/DMARC not configured
- TLS Certificate: No active certificates detected
- Service Banner: No open services detected (Firewalled/No Services)
---
NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 51.195.244.0/24
- Abuse Density: 0.4766 (Moderate)
- Classification: Mixed
- Total Siblings: 256
- Active Siblings: 230 (89.8% active rate)
- Threat Siblings: 122 (47.6% of total)
- Inherited Risk Score: 19/100
Risk Distribution in /24:
- High Risk: 0 IPs
- Medium Risk: 78 IPs
- Low Risk: 22 IPs
---
OBSERVATION HISTORY
Total Observations: 30 signals
Recent Signal Summary (2026-06-25):
- Geolocation: London, GB (confidence: 0.28)
- Subnet Abuse Density: 0.4766 (confidence: 0.75)
- Routing Operator Score: 0.6087, label: Moderate (confidence: 0.85)
- Domain Resolution: ahrefs.net (confidence: 0.80)
- Overall Profile Confidence: 0.2655 (multi-dimensional assessment)
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: No
---
RELATIONSHIP GRAPH
Total Relationships: 51
- Primary Network Association: OVH_282347336 (multiple instances)
- No certificate or hostname relationships beyond ahrefs.net domain
- No correlated malicious IP clusters identified
---
RECOMMENDED ACTIONS
Current Risk Level: LOW
Action Required: No immediate blocking recommended
Monitoring Recommendations:
1. Allow List: Consider allowing traffic from this IP (legitimate hosting provider)
2. Contextual Awareness: Monitor subnet 51.195.244.0/24 for emerging threats (47.6% threat sibling rate)
3. Baseline Comparison: Establish baseline for ahrefs.net domain traffic
4. Historical Tracking: Continue monitoring for reputation score changes
Firewall Rules: None generated (low risk profile)
---
INTELLIGENCE CONCLUSION
Target IP 51.195.244.168 represents a legitimate cloud hosting resource associated with a known analytics provider (ahrefs.net). No malicious indicators detected. The subnet exhibits moderate abuse density typical of large cloud provider environments. SOC analysts should monitor for any deviation from established baseline behavior but no immediate defensive action is warranted.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.195.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san168.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san168.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 2 โ Moderate operator sophistication with routing hygiene |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 27% | 4 | 5 |
| services | 20% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 26% | 14 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | High (80%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:12:09 UTC |
| Last Seen | 2026-06-27 17:10:51 UTC |
| Profile Built | 2026-06-28 11:15:16 UTC |
| Data Freshness | Live |
| Signal Types | 29 |
| Total Observations | 35 |
Full dossier details are available via our API.