51.195.244.234
# IP INTELLIGENCE BRIEFING
Target: 51.195.244.234/32
Date: Current Analysis
Classification: Moderate Risk - Hosting Infrastructure
---
## EXECUTIVE SUMMARY
IP 51.195.244.234 operates as a cloud hosting endpoint within the OVH network infrastructure (ASN 16276). The address is assigned to Ahrefs Pte Ltd Dmytro and resolves to the ahrefs.net domain. The IP demonstrates moderate risk characteristics with a risk score of 40/100. No active service ports are currently open, and the endpoint is classified as hosting infrastructure. The associated /24 subnet exhibits high abuse density, contextualizing the IP's observed risk profile.
---
## OWNERSHIP & GEOSpatial ATTRIBUTES
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276 (OVH SAS)
- Location: London, ENG, GB
- Geolocation Confidence: Plausible (750km accuracy radius)
- Registration Authority: ARIN
---
## NETWORK CLASSIFICATION
| Attribute | Status |
|---|---|
| Infrastructure Type | Cloud Compute |
| Hosting Provider | OVH |
| CDN | No |
| VPN/Proxy/Tor | Negative |
| Residential/ISP | No |
| Bogon Address | No |
---
## DNS & RESOLUTION DATA
- PTR Hostname: proxy-uk000-san234.ahrefs.net
- Forward Resolution: proxy-uk000-san234.ahrefs.net
- Domain: ahrefs.net
- Forward Confirmation: Inconsistent
- DNSSEC: Valid
- CAA Records: Present
---
## THREAT INTELLIGENCE
- Risk Score: 40 (Moderate)
- Abuse Confidence: Not quantified
- Blacklist Count: 0
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- DNSBL Listings: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
---
## NETWORK BEHAVIOR & SERVICES
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Service Banner: None
- Connection State: Firewalled / No Services
- HSTS/SPF/DMARC: Not configured
---
## OBSERVATION HISTORY (22 signals tracked)
- 2026-06-16: Cloud hosting classification (OVH provider), confidence 0.90
- 2026-06-15: Subnet abuse density 0.749, high_abuse classification, confidence 0.75
- 2026-06-15: Operator score 0.2174, confidence 0.60
- 2026-06-08: No ownership changes detected, no persistent malicious behavior
---
## NEIGHBORHOOD ANALYSIS (/24 SUBNET)
- Subnet: 51.195.244.0/24
- Total Siblings: 255
- Active Siblings: 203
- Threat Siblings: 191
- Abuse Density: 0.749 (High)
- Risk Distribution: 0 High, 100 Medium, 0 Low
- Inherited Risk: 29
The /24 subnet shows elevated threat activity with 191 of 203 active IPs classified as threats. This contextualizes the target IP's moderate risk profile within a higher-risk network segment.
---
## RELATIONSHIP GRAPH
- Total Relationships: 43
- Primary Association: Same Network (OVH_282347336) โ 38+ instances
- No additional organizational or certificate relationships detected
---
## SOC ACTIONABLE INTELLIGENCE
Classification: HOSTING INFRASTRUCTURE โ MONITORING RECOMMENDED
1. Block Recommendation: Not critical โ IP is associated with Ahrefs, a legitimate SEO/website analysis service. However, monitor for abuse patterns.
2. Firewall Policy: No immediate blocking required. Consider rate-limiting inbound connections if traffic patterns indicate abuse.
3. Threat Correlation: Monitor for correlation with other IPs in 51.195.244.0/24 subnet given elevated abuse density (0.749).
4. Investigation Priority: LOW-MEDIUM โ No active threat indicators, but high-abuse neighborhood warrants awareness.
Key Indicators:
- DNS name pattern suggests legitimate hosting (proxy-uk000-san234.ahrefs.net)
- No open service ports detected
- Single DNSBL listing requires review for specific blocklist
Recommended Monitoring: Track for emergence of open ports, service banners, or connection attempts indicative of abuse.
---
*End of Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san234.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san234.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 09:25:03 UTC |
| Last Seen | 2026-06-28 07:14:38 UTC |
| Profile Built | 2026-06-29 01:19:41 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.