51.75.236.152
# IP Intelligence Briefing: 51.75.236.152/32
Classification: Moderate Risk
Risk Score: 50/100
Date: 2026-06-28
---
## Executive Summary
IP 51.75.236.152 is a cloud-based infrastructure address belonging to OVH (ASN 16276) with ownership attributed to Ahrefs Pte Ltd Dmytro. The IP resolves to the ahrefs.net domain with PTR hostname proxy-fr001-san152.ahrefs.net. While the IP shows no direct threat indicators or known campaign associations, it operates within a high-abuse-density subnet (51.75.236.0/24) with 23 of 32 sibling IPs flagged as threats. The IP is listed on 2 of 8 DNSBLs with high severity ratings.
---
## Technical Profile
Network Classification:
- Provider: OVH (ASN 16276)
- Infrastructure Type: CloudCompute
- Connection Type: Cloud-hosted
- Geographic Location: France (FR)
- RTT Average: 94.2ms
- Geo Plausibility: Confirmed
DNS Configuration:
- Forward Resolution: ahrefs.net
- PTR Record: proxy-fr001-san152.ahrefs.net
- CAA Records: Present
- DNSSEC: Valid
- Forward Resolution Count: 1
- Hosted Domain Count: 0
Service Status: No open ports detected; classification indicates "Firewalled / No Services"
Control Plane:
- BGP Prefix: 51.75.0.0/16
- Route Stability: False
- RPKI State: Not configured
- Operator Score: 0.2174 (Minimal)
- DNSBL Listings: 2 of 8 total lists
---
## Threat Intelligence Assessment
Direct Threat Indicators:
- No known attacker patterns
- No Tor exit node activity
- No spam source classification
- No known campaign associations
- No threat feed matches
- Blacklist Count: 0
Abuse Context:
- DNSBL Listings: 2 lists with high severity ratings
- Neighborhood Abuse Density: 0.7188 (High)
- Inherited Risk Score: 28
Behavioral Analysis:
- No persistent malicious activity observed
- Threat Persistence Days: 0
- Ownership Changes: 0
- Is Persistently Malicious: False
---
## Neighborhood Analysis
The IP resides in subnet 51.75.236.0/24 with the following characteristics:
- Total Sibling IPs: 32
- Active Siblings: 30
- Threat Classifications: 23 high/medium risk
- Risk Distribution: 8 medium, 23 low
- Abuse Classification: High Abuse
Multiple sibling IPs show consistent risk scores of 25-50, indicating a pattern of coordinated hosting activity within this OVH subnet.
---
## Observation History
23 signal observations recorded since 2026-06-20. Key observations include:
- Cloud infrastructure classification confirmed (OVH)
- Multiple DNS blacklist listings detected
- Geographic inference pointing to France (52% confidence, 500km accuracy)
- CAA record presence confirmed
- No service enumeration or honeypot hits detected
---
## Recommended Security Actions
Risk-Based Recommendation: BLOCK
Firewall Rules:
- iptables: `iptables -A INPUT -s 51.75.236.152 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 51.75.236.152 drop`
- nginx: `deny 51.75.236.152;`
- pfSense: `51.75.236.152/32`
- Cloudflare WAF: Block with expression `ip.src eq 51.75.236.152`
- AWS WAF: Addresses `["51.75.236.152/32"]`
Rationale: While no direct threat indicators are present, the IP operates within a high-abuse-density subnet and is listed on multiple DNSBLs. The moderate risk score (50) combined with neighborhood abuse patterns suggests blocking as a precautionary measure.
---
## Conclusion
IP 51.75.236.152 represents a moderate-risk cloud-hosted address within a high-abuse OVH subnet. The absence of direct threat indicators is offset by neighborhood abuse patterns and DNSBL listings. SOC teams should consider blocking the IP, particularly if it appears in connection logs from protected assets. Monitoring the subnet 51.75.236.0/24 for additional suspicious activity is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr001-san152.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr001-san152.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:23 UTC |
| Last Seen | 2026-06-28 17:53:09 UTC |
| Profile Built | 2026-06-29 05:57:32 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.