Threat Intelligence Briefing: IP 51.161.37.194/32
Entity Profile:
- IP Address: 51.161.37.194/32
- ASN: AS16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Role: CloudCompute (OVH-managed infrastructure)
- Geolocation: Registered to Singapore (CA), but geo-validation flags it as implausible.
Risk Assessment:
- Overall Risk Score: 25 (Low Risk)
- Subnet Abuse Density: 42.86% (moderate threat activity within the 51.161.37.0/24 subnet)
- Inherited Risk: 17 (substantial malicious activity in sibling IPs)
- Threat Indicators: No direct malicious activity detected (no indicators, blacklists, or campaigns).
Network Context:
- Subnet: 51.161.37.0/24
- Active Siblings: 145 IPs (108 flagged as threats)
- Neighbor Risk Distribution: 65 medium-risk, 35 low-risk IPs in the subnet.
DNS & Hosting:
- PTR Hostname: `proxy-ca005-san194.ahrefs.net` (linked to Ahrefs Pte Ltd)
- Hosting: No active services (open ports, TLS certs, or HTTP banners detected).
Behavioral & Observational Data:
- Observation History:
- Single observation (June 1, 2026) showing geolocation inconsistency (6,082km distance vs. claimed location).
- Subnet classification as "mixed" (combination of legitimate and malicious IPs).
- Route Stability: Unstable BGP route (routeChanges30d = 0, isRouteStable = false).
Recommendations:
1. Monitor Subnet: The 51.161.37.0/24 subnet contains 108 malicious IPs; prioritize monitoring for lateral movement or command-and-control activity.
2. Verify DNS Associations: Investigate the `proxy-ca005-san194.ahrefs.net` hostname for potential DNS hijacking or spoofing.
3. Geolocation Anomalies: The IPโs claimed location (Singapore) conflicts with its observed distance (6,082km). Validate if this is a spoofed geolocation or a misconfigured probe.
4. Network Segmentation: Ensure cloud infrastructure (OVH) is segmented to limit exposure from compromised sibling IPs.
Conclusion:
This IP is part of a cloud-hosted network with no direct malicious activity, but its subnet contains a significant number of risky IPs. SOC teams should focus on monitoring the broader subnet and verifying DNS integrity. No immediate mitigation is required, but ongoing surveillance is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca005-san194.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san194.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:07 UTC |
| Last Seen | 2026-06-28 17:39:33 UTC |
| Profile Built | 2026-06-29 05:42:42 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.