51.161.37.122
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 51.161.37.122/32
Date: Current Analysis
Classification: Moderate Risk
---
## EXECUTIVE SUMMARY
IP 51.161.37.122 is registered to OVH-CUST-281059684 under organization "Dmytro, Ahrefs Pte Ltd" (ASN 16276). The address resolves to ahrefs.net with hostname proxy-ca005-san122.ahrefs.net. Risk assessment scores Moderate Risk (40/100) with no active threat indicators. However, the IP resides within a high-abuse-density subnet (51.161.37.0/24) with 191 threat siblings out of 256 total addresses.
---
## OWNERSHIP & INFRASTRUCTURE
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 51.161.37.0/24
- Infrastructure Type: CloudCompute
- Connection Type: Hosting
- Geolocation: Listed as Singapore (geolocation validation flagged as implausible per RTT analysis)
---
## THREAT ASSESSMENT
- Risk Score: 40 (Moderate Risk)
- Abuse Confidence: Not scored
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 1/8 total lists
- Active Threat Indicators: None detected
---
## NETWORK CONTEXT & NEIGHBORHOOD ANALYSIS
The target IP operates within subnet 51.161.37.0/24 classified as high_abuse with abuse density of 0.7461.
Subnet Statistics:
- Total Siblings: 256
- Active Siblings: 198
- Threat Siblings: 191
- Inherited Risk Score: 29
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
This high abuse density indicates the subnet is being leveraged by multiple entities with varying risk profiles. The target IP's risk score (40) aligns with neighborhood characteristics.
---
## DNS & SERVICES
- Reverse DNS: proxy-ca005-san122.ahrefs.net
- Forward Resolution: proxy-ca005-san122.ahrefs.net
- Open Ports: None detected
- HTTP Services: None detected
- TLS Certificates: None detected
- Email Authentication: SPF/DMARC not configured (0 TXT records)
---
## OBSERVATION HISTORY
Total observations: 18
Recent Signals:
- 2026-06-20: DNS resolution to ahrefs.net (confidence 0.80)
- 2026-06-15: Subnet classification as high_abuse (confidence 0.75)
- 2026-06-15: Operator score minimal (0.2174) (confidence 0.60)
- 2026-06-10: Ownership stability confirmed (confidence 0.85)
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Persistently Malicious: False
- Threat Observation Count: 1
---
## RELATIONSHIP GRAPH
31 relationships identified:
- Network Associations: Multiple entries for OVH-CUST-281059684
- DNS Associations: 17 entries for proxy-ca005-san122.ahrefs.net
No cross-organization or cross-network relationships detected. All associations confirm legitimate ahrefs.net infrastructure.
---
## RECOMMENDED ACTIONS
Firewall Rules
| System | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 51.161.37.122 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 51.161.37.122 drop` |
| nginx | `deny 51.161.37.122;` |
| pfSense | `51.161.37.122/32` |
| Cloudflare WAF | Block IP โ Risk score 40 |
| AWS WAF | Block CIDR 51.161.37.122/32 |
---
## ANALYST NOTES
While the IP resolves to legitimate ahrefs.net infrastructure, the high-abuse-density neighborhood warrants cautious monitoring. No active malicious indicators were detected. The geolocation discrepancy (Singapore listing with implausible RTT metrics) suggests potential reputation data contamination. Recommend blocking based on neighborhood risk profile, but verify against actual traffic patterns before enforcement.
Status: Monitor/Block Pending SOC Validation
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca005-san122.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san122.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 25% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:23:57 UTC |
| Last Seen | 2026-06-28 21:32:56 UTC |
| Profile Built | 2026-06-29 03:35:28 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.