51.161.37.213
## IP Intelligence Briefing: 51.161.37.213/32
Date: 2026-06-19
Classification: Moderate Risk โ High-Abuse Subnet
---
Executive Summary
IP address 51.161.37.213 is a cloud-hosted address registered to OVH's customer network (ASN 16276). While the IP itself shows no direct threat indicators, it resides within a subnet (51.161.37.0/24) with high abuse density (0.7422), where 190 of 206 active sibling IPs are flagged as threats. The address resolves to an Ahrefs-branded hostname but exhibits no active services.
---
Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 51.161.37.213/32 |
| **Risk Score** | 40 (Moderate) |
| **Provider** | OVH (CloudCompute) |
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059684 |
| **Geolocation** | Montreal, QC, CA (validation inconclusive) |
| **Infrastructure Type** | Cloud Hosting |
| **DNS Hostname** | proxy-ca005-san213.ahrefs.net |
---
Threat Assessment
- Direct Threat Indicators: None observed
- Blacklist Status: 0 direct listings
- Known Campaigns: None correlated
- Tor/Proxy/VPN: Negative (not classified as any proxy type)
- Abuse Confidence Score: Not applicable (no active threat signals)
- Threat Persistence: 0 days (no persistent malicious activity)
Subnet Context: The /24 subnet is classified as "high_abuse" with an inherited risk score of 29. Of 206 active sibling IPs, 190 are flagged as threats, indicating this is a high-density hosting environment.
---
DNS & Hostname Analysis
- PTR Record: proxy-ca005-san213.ahrefs.net
- Forward Resolution: Unconfirmed
- Associated Domain: ahrefs.net
- Email Auth: SPF and DMARC records not configured
- DNSSEC: Valid
- CAA Records: Present
---
Observed Services
No open ports detected. The IP shows as "Firewalled / No Services" with no TLS certificates or HTTP banner information. This is consistent with cloud infrastructure that may be behind additional network layers.
---
Historical Observations
22 observations recorded, with the most recent on 2026-06-19. Key historical signals include:
- Operator score: 0.2174 (minimal risk classification)
- Subnet abuse density: 0.7422 (consistently high)
- Domain association: ahrefs.net
- Geolocation: Canada (with RTT validation anomalies)
---
Recommended Security Actions
Due to the high-abuse subnet context and moderate risk profile, the following rules are recommended:
Firewall/IPS:
```bash
# iptables
iptables -A INPUT -s 51.161.37.213 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.161.37.213 drop
# nginx
deny 51.161.37.213;
# pfSense
51.161.37.213/32
# Cloudflare WAF
{
"action": "block",
"description": "Block 51.161.37.213 โ IPDebrief risk score 40",
"filter": {
"expression": "ip.src eq 51.161.37.213"
}
}
# AWS WAF
{
"Addresses": ["51.161.37.213/32"],
"Description": "IPDebrief risk 40"
}
```
Note: These recommendations are probabilistic and should be evaluated alongside other threat signals before enforcement. The subnet's high abuse density suggests consider implementing subnet-level blocking (51.161.37.0/24) if operational requirements permit.
---
SOC Analyst Notes
- This IP represents legitimate cloud infrastructure (OVH hosting) with legitimate domain association (ahrefs.net)
- The primary concern is subnet-level abuse density rather than direct threat indicators
- Consider evaluating traffic patterns against baseline; no services currently exposed
- Monitor for changes in subnet classification or emergence of direct threat indicators
- Subnet blocking may be warranted if organizational policy tolerates potential collateral impact on legitimate traffic
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca005-san213.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san213.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:38:40 UTC |
| Last Seen | 2026-06-27 22:55:04 UTC |
| Profile Built | 2026-06-28 17:00:30 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.