51.195.215.174

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.195.215.174/32

Classification: Moderate Risk | Provider: OVH | Location: London, GB

## Executive Summary

IP address 51.195.215.174 operates within OVH cloud infrastructure and is associated with ahrefs.net. The IP carries a moderate risk score (50/100) and resides in a high-abuse-density subnet (51.195.215.0/24) with 80% abuse density. No active threat indicators were identified, but the subnet's abuse characteristics warrant monitoring.

## Infrastructure Profile

Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH)
BGP Prefix: 51.195.0.0/16
Network Type: Cloud Compute / Hosting
DNS: proxy-uk009-san174.ahrefs.net
Services: No open ports detected (firewalled configuration)

## Geographic Analysis

Country: GB (London)
Geolocation Confidence: Validated with 5 probe measurements
RTT: 87.2ms average
Note: Historical ASN data indicates French allocation (OVH global infrastructure); current geolocation consensus points to London

## Threat Assessment

Risk Score: 50 (Moderate)
DNSBL Listings: 2 of 8 total lists
Threat Indicators: None (not Tor exit, not known attacker, not spam source)
Campaign Correlation: None detected
Stability: Route stable, not MOAS, 9,264 days ASN allocation

## Neighborhood Context

Subnet: 51.195.215.0/24

Abuse Density: 0.8008 (High Abuse Classification)
Total Siblings: 256
Active Siblings: 239
Threat Siblings: 205 (inherited risk score: 32)

The /24 subnet demonstrates significant abuse activity, which contextualizes the IP's moderate risk rating.

## Signal History

27 observations recorded with consistent patterns:

ASN 16276 observed across all recent measurements
Persistent ahrefs.net domain resolution
Consistent geolocation signals (London region)
Stable RTT measurements (~87ms)
No ownership changes detected

## Recommended Actions

Firewall Rules (Block Recommendation)

```bash

# iptables

iptables -A INPUT -s 51.195.215.174 -j DROP

# nftables

nft add rule inet filter input ip saddr 51.195.215.174 drop

# nginx

deny 51.195.215.174;

# pfSense

51.195.215.174/32

# Cloudflare WAF

{"description":"Block 51.195.215.174 — IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 51.195.215.174"}}

# AWS WAF

{"Addresses":["51.195.215.174/32"],"Description":"IPDebrief risk 50"}

```

Monitoring Priorities

1. Monitor subnet-level abuse trends (51.195.215.0/24)

2. Track DNS resolution patterns to ahrefs.net infrastructure

3. Watch for service enumeration attempts (currently no open ports)

4. Review connection logs for anomalous outbound traffic

## Intelligence Notes

The IP operates within legitimate hosting infrastructure but resides in a high-abuse-density subnet. The moderate risk score reflects DNSBL listings rather than active malicious behavior. SOC teams should consider contextual factors: if this IP is observed initiating connections to your infrastructure, the subnet's abuse density suggests potential for compromised peer IPs. Monitor for patterns of lateral movement or scanning activity from the broader /24 subnet.

Generated: 2026-06-28 | Data Sources: IPDebrief Intelligence Platform

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	ENG
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	51.195.0.0/16
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk009-san174.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk009-san174.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	24%	2	3
services	15%	2	2
ownership	35%	3	5
reputation	28%	1	3
geolocation	39%	2	3
Overall	29%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-19 23:50:41 UTC
Last Seen	2026-06-28 10:39:53 UTC
Profile Built	2026-06-29 04:44:16 UTC
Data Freshness	Live
Signal Types	27
Total Observations	33

🔍 27 signal types · 33 observations collected

This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.195.215.174📋 Copy