51.195.183.52
IP Intelligence Briefing: 51.195.183.52
*Generated for SOC Analysts*
---
**Overview**
- Risk Score: 40 (Moderate Risk)
- Ownership: Owned by Ahrefs Pte Ltd (AS16276, OVH provider).
- Geolocation: Located in London, England (GB), inferred via multi-signal geolocation.
- Network Role: Cloud compute instance (OVH infrastructure), hosted by Ahrefs.
---
**Threat Indicators**
- No malicious activity: No indicators of spam, attacks, or blacklisted status.
- Services: No open ports, TLS certificates, or HTTP services detected.
- DNS: Linked to proxy-uk003-san52.ahrefs.net (Ahrefs domain).
---
**Network Relationships**
- Associated Entities:
- Ahrefs Pte Ltd (AS16276).
- DNS: Proxy hostname proxy-uk003-san52.ahrefs.net.
- Subnet: Part of 51.195.183.52/24, with high abuse density (0.6367).
---
**Neighborhood Analysis**
- Subnet: 51.195.183.52/24.
- Risk Distribution:
- 100 neighbors scanned.
- 96 IPs flagged as medium risk, 4 as low risk.
- Abuse density: 63.67% (high-risk subnet).
---
**Observation History**
- Scans: Detected on June 1st and June 9th, 2026.
- Geolocation: Inferred as London, GB (750km accuracy).
- Network Stability: Subnet shows unstable routing (route changes in 30 days).
---
**Actionable Insights**
1. Monitor Subnet: High abuse density in the 51.195.183.52/24 subnet; investigate neighboring IPs.
2. Verify Ahrefs Infrastructure: Confirm legitimacy of Ahrefs' cloud compute environment.
3. Geolocation Validation: Cross-check inferred location with other sources due to potential inaccuracies.
4. Block High-Risk Neighbors: Consider blocking IPs in the subnet with elevated risk scores.
Conclusion: The IP is likely a legitimate Ahrefs server, but its subnet exhibits high abuse density. SOC teams should prioritize monitoring the subnet and ensuring Ahrefs' infrastructure is secure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk003-san52.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk003-san52.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:57 UTC |
| Last Seen | 2026-06-28 11:56:13 UTC |
| Profile Built | 2026-06-29 06:00:59 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.