51.195.244.64
IP Intelligence Briefing: 51.195.244.64/32
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (CloudCompute)
- Ownership: Registered to Ahrefs Pte Ltd (legitimate entity).
- Geolocation: London, England, UK (latitude 55.38, longitude -3.44).
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or spam).
---
**2. Network & Infrastructure**
- Network Role: Cloud-hosted infrastructure (OVH), not a residential or mobile IP.
- Subnet: 51.195.244.64/24
- Subnet Abuse Density: 69% (high abuse risk in the broader subnet).
- Neighbors: 255 IPs in the subnet, with 176 flagged as malicious. The IP itself is not directly compromised.
---
**3. Observation History**
- Geolocation: Consistent with London, UK.
- Network Stability: Route stability is unstable (likely due to OVHโs infrastructure).
- Threat Trends: No observed changes in threat indicators over time.
---
**4. Relationships & Context**
- Linked Entities:
- OVH_282347336 (same network segment).
- Ahrefs.net (PTR hostname: `proxy-uk000-san64.ahrefs.net`).
- DNS: Resolves to a legitimate domain with no email authentication (SPF/DKIM missing).
---
**5. Actionable Recommendations**
1. Monitor Subnet Activity: The /24 subnet has high abuse density. Investigate neighboring IPs (e.g., 51.195.244.0โ255) for potential lateral movement or compromised hosts.
2. Verify Cloud Provider Context: Confirm OVHโs infrastructure is legitimate and not repurposed for malicious use.
3. No Immediate Action Required: The IP itself shows no malicious signals, but its subnet warrants closer scrutiny.
---
Conclusion: This IP is part of a legitimate cloud infrastructure but resides in a subnet with elevated abuse risk. SOC teams should prioritize monitoring the broader network segment for suspicious activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk000-san64.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk000-san64.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:13:30 UTC |
| Last Seen | 2026-06-28 18:56:45 UTC |
| Profile Built | 2026-06-29 07:01:00 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.