51.195.244.239
INTEL BRIEFING: 51.195.244.239/32
Classification: Moderate Risk (Risk Score: 40)
Classification Date: 2026-06-20
Provider: OVH (ASN: 16276)
Organization: Ahrefs Pte Ltd Dmytro
---
**Executive Summary**
IP 51.195.244.239 is a cloud hosting infrastructure address operating within the OVH network in London, GB. The IP resolves to a proxy hostname associated with ahrefs.net and exhibits moderate-risk characteristics. While no direct malicious activity was observed, the IP operates within a subnet characterized by high abuse density (0.8281), with 212 of 256 sibling IPs flagged as threats.
---
**Technical Profile**
Geolocation: London, England, GB (92ms avg RTT from probe location)
Network Classification: CloudCompute / Hosting
Infrastructure Type: Cloud (OVH infrastructure)
DNS Resolution: proxy-uk000-san239.ahrefs.net
Services: No open ports detected (Firewalled / No Services)
DNSBL Status: Listed on 1 of 8 monitored blacklists
Risk Indicators:
- Risk Score: 40/100 (Moderate)
- Operator Score: 0.2174 (Minimal)
- BGP Prefix: 51.195.0.0/16
- Route Stability: Unstable (false)
- DNSSEC Valid: true
---
**Neighborhood Analysis**
The IP resides in subnet 51.195.244.0/24, which presents elevated risk due to high abuse density:
| Metric | Value |
|---|---|
| Abuse Density | 0.8281 |
| Classification | high_abuse |
| Inherited Risk | 33 |
| Active Siblings | 226/256 |
| Threat Siblings | 212 |
| Risk Distribution | 62 Medium, 38 Low, 0 High |
Risk Assessment: The subnet exhibits concentrated abuse activity with 82.8% abuse density. While the target IP itself shows moderate risk, contextual risk is elevated due to neighbor relationships.
---
**Observation History**
21 total observations recorded with recent signals including:
- High abuse density classification (0.8281)
- DNS resolution to ahrefs.net (80% confidence)
- Geographic inference: GB (28% confidence)
- DNSBL listings detected with high severity categories
No persistent malicious behavior patterns observed over the observation window.
---
**Relationship Graph**
53 total relationships identified, primarily same-network relationships to OVH_282347336 network. No direct associations to known malicious entities or campaigns.
---
**Recommended Security Actions**
Block Recommendation: The IP should be blocked at the perimeter based on risk profile and neighborhood context.
Firewall Rules:
- iptables: `iptables -A INPUT -s 51.195.244.239 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 51.195.244.239 drop`
- nginx: `deny 51.195.244.239;`
- pfSense: `51.195.244.239/32`
- Cloudflare WAF: Block (risk score 40)
- AWS WAF: Block (51.195.244.239/32)
---
**SOC Analyst Notes**
1. Contextual Risk: While individual risk score is moderate (40), the subnet-level abuse density (0.8281) warrants attention. Monitor for lateral activity from neighboring IPs.
2. Legitimate Use Case: The IP resolves to ahrefs.net, a legitimate SEO analytics provider. This may be a legitimate hosting address.
3. Blocking Consideration: Recommended block based on:
- DNSBL listing presence
- High-abuse neighborhood context
- Cloud hosting infrastructure (commonly abused for proxying)
4. Monitoring: If allowing traffic, monitor for:
- Unusual connection patterns
- Requests to sensitive endpoints
- Anomalous traffic volumes
5. Subnet Consideration: The /24 subnet shows 212 threat siblings. Consider evaluating blocklist strategy at the /16 level (51.195.0.0/16) if threat volume warrants.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san239.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san239.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 09:25:03 UTC |
| Last Seen | 2026-06-28 07:15:13 UTC |
| Profile Built | 2026-06-29 01:19:41 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.