# IP INTELLIGENCE BRIEFING
Subject: 51.195.215.124/32
Classification: Moderate Risk
Date: June 2026
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 51.195.215.124 is a cloud-based infrastructure endpoint registered to OVH (ASN 16276) with geolocation data placing it in London, England. The IP exhibits moderate risk (score: 40) with significant neighborhood-level abuse activity. Historical data indicates escalating threat activity within the /24 subnet, with abuse density increasing from 0.3828 to 0.793 over a 10-day period.
---
## NETWORK PROVENANCE
- IP Address: 51.195.215.124/32
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- RIR: ARIN
- Geolocation: London, England, United Kingdom (GB)
- Infrastructure Type: CloudCompute
- Network Classification: Cloud/Hosting
---
## THREAT ASSESSMENT
Risk Profile
- Overall Risk Score: 40/100 (Moderate Risk)
- Provider Score: 0/100
- Authority Score: 0/100
- DNSBL Listings: 1/8 total lists
Threat Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Matches: 0
- Active Threat Feeds: None
DNS Analysis
- PTR Hostname: proxy-uk009-san124.ahrefs.net
- Forward Resolution: Confirmed (ahrefs.net)
- Email Authentication: SPF/DMARC not configured
- DNSSEC: Valid
---
## SUBNET ENVIRONMENT ANALYSIS
Scope: 51.195.215.0/24
- Total Siblings: 256
- Active Siblings: 238
- Threat Siblings: 203
- Abuse Density: 0.793 (High Abuse Classification)
- Inherited Risk: 31/100
Risk Distribution in /24:
- High Risk: 0%
- Medium Risk: 66%
- Low Risk: 34%
---
## OBSERVATION HISTORY
Total Observations: 21 signals over monitoring period
Key Temporal Changes:
- June 20, 2026: Subnet classification escalated to "high_abuse" with 203 threat siblings and 0.793 abuse density
- June 28, 2026: Classification temporarily recoded to "mixed" with 98 threat siblings and 0.3828 abuse density
- Geolocation Inference: Multi-signal inference placed coordinates at 55.38°N, -3.44°W (confidence: 0.28)
- Network Classification: Confirmed as cloud/hosting infrastructure (OVH)
---
## NETWORK RELATIONSHIPS
Total Relationships Identified: 42
Primary Network Associations:
- Multiple Same Network relationships to OVH_282347345
- Route stable: No (route changes observed in 30-day period)
- BGP Prefix: 51.195.0.0/16
- Origin ASN: 16276
---
## SECURITY ACTIONS & RECOMMENDATIONS
Recommended Mitigations
Based on risk profile and neighborhood abuse patterns, the following actions are recommended:
| Platform | Action |
|---|---|
| iptables | `iptables -A INPUT -s 51.195.215.124 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 51.195.215.124 drop` |
| nginx | `deny 51.195.215.124;` |
| pfSense | Block 51.195.215.124/32 |
| Cloudflare WAF | Block (filter: ip.src eq 51.195.215.124) |
| AWS WAF | Block addresses: 51.195.215.124/32 |
Implementation Notes
- The IP is part of a high-abuse subnet (0.793 density) with 203 threat-sibling IPs
- No open ports detected; service banner indicates "Firewalled / No Services"
- Historical trend shows increasing threat activity; consider blocking entire /24 subnet if operational impact permits
- Provider contact: Abuse contact available via RDAP
---
## INTELLIGENCE CONCLUSION
IP 51.195.215.124 represents a moderate-risk cloud endpoint with no direct threat indicators but situated in a high-abuse neighborhood. The escalation in subnet-level threat activity (from 98 to 203 threat siblings) suggests coordinated abuse within the hosting infrastructure. Recommend defensive blocking with awareness of operational impact on legitimate Ahrefs infrastructure sharing the same provider space.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk009-san124.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk009-san124.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:23:24 UTC |
| Last Seen | 2026-06-28 06:35:59 UTC |
| Profile Built | 2026-06-29 00:40:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.