51.161.37.107
# IP Intelligence Briefing: 51.161.37.107/32
Classification: Moderate Risk Hosting Infrastructure
Date: Current Analysis
Risk Score: 40/100
Analyst Notes: This IP requires monitoring due to elevated neighborhood abuse density despite moderate individual risk scoring.
---
## Executive Summary
IP address 51.161.37.107 is a moderate-risk (40) hosting infrastructure endpoint associated with OVH hoster OVH-CUST-281059684 under organization "Dmytro, Ahrefs Pte Ltd" (ASN 16276). The endpoint is currently firewalled with no open services. The parent /24 subnet exhibits high abuse density (0.7383) with 189 of 256 total IPs classified as threat siblings, indicating coordinated hosting abuse patterns in this network block.
---
## Technical Profile
Ownership & Routing:
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network Block: 51.161.37.0/24
- BGP Prefix: 51.161.0.0/17
- AS Path: 34549 โ 16276
- Route Stability: Stable (0 route changes in 30 days)
- RIR Registry: RIPE
Service Classification:
- Infrastructure Type: Hosting
- Open Ports: None (firewalled)
- CDN/Proxy/Vpn/Tor: Not detected
DNS Resolution:
- PTR Hostname: proxy-ca005-san107.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Unconfirmed
Geolocation Anomalies:
- Reported Country: CA (Canada)
- Reported City: Singapore
- Distance/RTT Discrepancy: 6082 km distance with 28ms RTT violates minimum possible RTT of 121.6ms for that distance. This geographic inconsistency suggests potential data spoofing or measurement error requiring validation.
---
## Threat Indicators
Current Threat Profile:
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None identified
Temporal Analysis:
- Threat Persistence: Not persistently malicious
- Threat Observation Count: 1
- Ownership Changes: 0 (stable)
- Total Historical Observations: 27
---
## Neighborhood Analysis
The parent subnet 51.161.37.0/24 demonstrates significant abuse activity:
- Abuse Density: 0.7383 (High)
- Total IPs: 256
- Active IPs: 205
- Threat IPs: 189
- Classification: High Abuse
Risk Distribution in Neighboring IPs:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
- Inherited Risk Score: 29
This indicates the subnet is operating in a high-abuse environment, though the target IP (51.161.37.107) itself shows moderate individual risk scoring.
---
## Recommended Security Actions
Based on the IP's risk profile and neighborhood context, implement the following blocking measures:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 51.161.37.107 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.161.37.107 drop
```
Web Application Protection:
```nginx
# nginx
deny 51.161.37.107;
```
Enterprise Security Platforms:
- pfSense: Block 51.161.37.107/32
- Cloudflare WAF: Configure block rule with expression `ip.src eq 51.161.37.107`
- AWS WAF: Add rule for addresses `51.161.37.107/32`
---
## Intelligence Assessment
This IP represents low immediate threat but warrants monitoring due to:
1. High-abuse density parent subnet requiring potential subnet-level blocking
2. Geolocation inconsistencies suggesting potential spoofing capability
3. Hosting infrastructure classification in a high-risk network block
Recommended Actions:
- Monitor for increased threat indicators
- Consider subnet-level filtering for 51.161.37.0/24 if abuse patterns escalate
- Validate geolocation data through additional triangulation
- Correlate with any observed attack patterns from related IPs in the same /24
Threat Level: Monitor - Low Immediate Risk but Elevated Contextual Risk
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca005-san107.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san107.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 20% | 2 | 3 |
| ownership | 29% | 3 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 28% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:25 UTC |
| Last Seen | 2026-06-27 06:07:30 UTC |
| Profile Built | 2026-06-28 00:21:47 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.