51.195.215.28
IP Intelligence Briefing: 51.195.215.28
Date: 2026-06-16
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Ahrefs Pte Ltd (AS16276, OVH provider)
- Geolocation: London, England (GB)
- Network Role: CloudCompute infrastructure (OVH)
- Threat Indicators: No direct malicious activity detected.
---
**2. Observation History**
- Recent Activity:
- DNS resolution to `proxy-uk009-san28.ahrefs.net` (June 15, 2026).
- Subnet abuse density analysis (51.195.215.28/24) showed 60.55% high-abuse classification (June 8, 2026).
- Geolocation inferred with 750km accuracy radius.
- Trends: No significant changes in risk scores or threat indicators over the last 30 days.
---
**3. Relationships**
- Network Associations:
- Linked to OVH network `OVH_282347345` (repeated 11 times).
- DNS association with `proxy-uk009-san28.ahrefs.net` (Ahrefsβ legitimate domain).
- Subnet Context:
- Subnet `51.195.215.28/24` has 256 IPs, with 155 flagged as threats.
---
**4. Neighborhood Analysis**
- Subnet Abuse Density: 60.55% (high-abuse classification).
- Neighbor Risk Distribution:
- 87 IPs: Medium risk (score 25β50).
- 13 IPs: Low risk.
- 0 IPs: High risk.
- Notable Neighbors:
- IPs like `51.195.215.0` and `51.195.215.1` share similar risk scores.
---
**5. Recommendations**
- Monitor Subnet: Due to high abuse density, investigate neighboring IPs for potential lateral movement or compromised hosts.
- Verify DNS: Confirm legitimacy of `proxy-uk009-san28.ahrefs.net` and ensure no DNS hijacking.
- Network Stability: Address unstable routing (BGP route changes) for improved resilience.
- Baseline Behavior: Establish baseline for cloud compute instance activity to detect anomalies.
---
Conclusion:
The IP is part of Ahrefsβ OVH cloud infrastructure, with no direct malicious signals. However, its subnet exhibits high abuse density, warranting closer scrutiny. SOC teams should prioritize monitoring the subnet and validating DNS/ownership ties to ensure no indirect compromise.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk009-san28.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk009-san28.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:23:25 UTC |
| Last Seen | 2026-06-28 06:37:58 UTC |
| Profile Built | 2026-06-29 00:43:09 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.