51.195.215.111
# INTELLIGENCE BRIEFING: 51.195.215.111/32
Classification: MODERATE RISK
Date: 2026-06-15
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP address 51.195.215.111 is a cloud infrastructure address belonging to OVH hosting provider (ASN 16276), located in London, England. The IP resolves to hostname proxy-uk009-san111.ahrefs.net, associated with domain ahrefs.net. Current risk assessment indicates Moderate Risk (Score: 40) with no active threat indicators. However, the surrounding /24 subnet demonstrates high abuse density (0.8086), warranting enhanced monitoring.
---
## OWNERSHIP & GEOLOCATION
Provider: OVH (ASN 16276)
Organization: Ahrefs Pte Ltd Dmytro
Geolocation: London, England, GB
Infrastructure Type: Cloud Compute / Hosting
Registration: RIR ARIN
The IP is assigned to OVH, a major European cloud hosting provider, and is associated with the SEO analytics service Ahrefs. The infrastructure classification indicates cloud-based hosting services.
---
## TECHNICAL PROFILE
DNS Resolution:
- PTR Record: proxy-uk009-san111.ahrefs.net
- Forward Resolution: proxy-uk009-san111.ahrefs.net
- Forward Confirmed: FALSE
- Domain: ahrefs.net
Network Services:
- Open Ports: None detected
- Service Status: Firewalled / No Services
- HTTP/HTTPS: No active web services detected
Control Plane Indicators:
- BGP Prefix: 51.195.0.0/16
- Route Stability: FALSE
- Operator Score: 0.2174 (Minimal)
- DNSBL Listings: 0 active listings
- DNSSEC: Not Valid
---
## THREAT ASSESSMENT
Current Risk Score: 40/100 (Moderate)
Abuse Confidence Score: Not Calculated
Known Campaigns: None Identified
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Threat Indicators: None currently active. The IP does not appear on known threat feeds or blacklist databases.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 51.195.215.0/24
- Total Siblings: 256
- Active Siblings: 211
- Threat Siblings: 207
- Abuse Density: 0.8086 (HIGH)
- Inherited Risk: 32
Risk Distribution Across /24:
- High Risk: 0
- Medium Risk: 100 (100% of scanned neighbors)
- Low Risk: 0
All 100 sampled neighbors in the subnet exhibit identical risk scoring (40), indicating coordinated infrastructure deployment. The high abuse density suggests this subnet hosts multiple active services, with 207 out of 211 active siblings flagged for threat activity.
---
## OBSERVATION HISTORY
Total Observations: 18
Threat Persistence: 0 days
Ownership Changes: 0
Recent observations (June 2026) show:
- Consistent high abuse density (0.8086)
- DNSSEC validation failures
- Minimal operator scoring
- No route changes in 30-day period
- No persistent malicious activity detected
---
## RELATIONSHIP MAPPING
Identified Relationships: 33
- Same Network: OVH_282347345 (multiple instances)
- No certificate relationships detected
- No cross-network associations identified
---
## RECOMMENDED ACTIONS
Based on the moderate risk assessment and high neighborhood abuse density:
1. Firewall Policy: Monitor inbound traffic from 51.195.215.0/24 subnet
2. Threat Intelligence: Add subnet to monitored watchlist due to 0.8086 abuse density
3. Log Analysis: Review historical logs for connections to 51.195.215.x range
4. DNS Filtering: Block or monitor proxy-uk009-san111.ahrefs.net if not legitimate business requirement
5. Periodic Review: Reassess quarterly given subnet-level risk concentration
Note: While the individual IP shows no active threats, the high-abuse neighborhood warrants proactive monitoring. The IP may be part of a legitimate Ahrefs infrastructure deployment but is situated in a high-risk hosting environment.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk009-san111.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk009-san111.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 2 |
| geolocation | 40% | 2 | 3 |
| Overall | 25% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:33:01 UTC |
| Last Seen | 2026-06-28 23:27:19 UTC |
| Profile Built | 2026-06-29 05:30:15 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.