51.195.244.25
IP Intelligence Briefing: 51.195.244.25/32
Date: June 9, 2026
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Owned by *Ahrefs Pte Ltd Dmytro* (AS16276, OVH).
- Geolocation: London, England, UK.
- Network Role: CloudCompute instance (OVH hosting).
- Threat Indicators: No direct malicious activity detected (no known campaigns, spam, or abuse).
---
**2. Observation History**
- Recent Activity (Last 30 Days):
- Stable infrastructure with minimal routing changes.
- DNSSEC and CAA records validated, but no TLS certificate observed.
- No spikes in threat signals or DNS anomalies.
- Trend: Consistent low-risk behavior, no persistent malicious patterns.
---
**3. Relationships**
- Linked Hostname: `proxy-uk000-san25.ahrefs.net` (DNS association).
- Network Context: Part of OVHโs infrastructure, likely a legitimate cloud-hosted server.
- No Known Malicious Associations: No ties to Tor, VPNs, or CDN abuse.
---
**4. Neighborhood Analysis**
- Subnet: `51.195.244.25/24` (OVH network).
- Abuse Density: 55.34% (moderate risk).
- Neighbor Risk:
- 98% of subnet IPs rated low/medium risk.
- 2 IPs flagged as high risk (potential compromised hosts).
- Inherited Risk: 22% (subtle exposure to subnet-level threats).
---
**5. Recommendations**
- Monitor Subnet: The subnet shows moderate abuse density; investigate high-risk neighbors for potential lateral movement.
- Validate DNS: Confirm `proxy-uk000-san25.ahrefs.net` is legitimate (Ahrefs is a known SEO tool, but verify no phishing or malicious subdomains).
- Firewall Rules:
- Allow traffic from trusted sources.
- Block suspicious subnets with high abuse density (e.g., `51.195.244.0/24`).
- Log Analysis: Correlate with internal logs to detect unusual traffic patterns from this host.
---
Conclusion:
The IP is a legitimate cloud-hosted server operated by Ahrefs, with no direct malicious activity. However, its subnet exhibits moderate abuse, warranting closer scrutiny of neighboring IPs and associated DNS records. No immediate action required, but ongoing monitoring is advised.
Source: IPDebrief Threat Intelligence Platform.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san25.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san25.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:13:30 UTC |
| Last Seen | 2026-06-28 18:56:14 UTC |
| Profile Built | 2026-06-29 07:01:00 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.