51.161.37.38
# IP Intelligence Briefing: 51.161.37.38/32
## Executive Summary
IP address 51.161.37.38 is registered to OVH infrastructure under customer OVH-CUST-281059684. The IP presents a Moderate Risk profile (risk score: 40) and operates within a subnet exhibiting high abuse density. A critical geolocation discrepancy detectedβlisted country CA (Canada) with city Singaporeβsuggests potential configuration inconsistencies or anonymization techniques.
## Infrastructure Profile
Ownership:
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Netname: OVH-CUST-281059684
- CIDR Block: 51.161.37.0/24
- Registration: ARIN
Network Role:
- Infrastructure Type: CloudCompute
- Classification: Hosting enabled
- Service Status: Firewalled / No Services Detected
- Infrastructure Flags: Cloud (yes), CDN/VPN/Proxy/Tor (no)
DNS Resolution:
- PTR Hostname: proxy-ca005-san38.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: 1 hostname confirmed
## Threat Assessment
Direct Threat Indicators:
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Likelihood: None
Control Plane:
- DNSBL Listed: 1 of 8 lists
- Route Stability: False
- Operator Score: 0.2174 (Minimal)
- DNSSEC Valid: Yes
## Neighborhood Analysis
Subnet: 51.161.37.0/24
- Abuse Density: 0.7461 (High)
- Classification: High Abuse
- Total Siblings: 256
- Active Siblings: 206
- Threat Siblings: 191
Risk Distribution:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
- Inherited Risk Score: 29
The subnet demonstrates elevated abuse activity, with approximately 74.6% of addresses flagged as threat-related.
## Observation History
Total Observations: 22
Recent Activity: Multiple signals observed through 2026-06-28
Key Historical Signals:
- 2026-06-20: Subnet-level threat classification confirmed (abuse density: 0.7461)
- 2026-06-20: Ownership stability confirmed (0 changes)
- 2026-06-20: Threat lists clearance confirmed (0 blacklists)
- 2026-06-28: Minimal operator score (0.087)
No persistent malicious activity detected. Threat observation count: 1.
## Geolocation Anomaly
Reported Location: Singapore
Listed Country: CA (Canada)
Distance Validation: 6,082 km
Minimum Possible RTT: 121.6ms
Observed RTT: 27.0ms
Violation: RTT significantly below geographic minimum
This discrepancy indicates either:
- Misconfigured geolocation data
- Use of proxy/anonymization services
- Potential false attribution
## Relationships
Total Relationships: 46
Primary Associations: Same Network (OVH-CUST-281059684) - 41+ instances
No unique organizational or hostname relationships beyond network-level associations.
## Recommended Actions
1. Monitor Subnet Activity: Given the 74.6% abuse density in the /24 subnet, implement monitoring for related addresses in 51.161.37.0/24.
2. Validate Geolocation: The Canada/Singapore discrepancy warrants investigation. Cross-reference with known Ahrefs infrastructure locations.
3. Traffic Analysis: Review inbound/outbound traffic patterns for potential C2 or data exfiltration indicators.
4. DNS Reputation: Monitor ahrefs.net domain for associated malicious activity, given the PTR hostname association.
5. Block Decision: Consider blocking based on subnet-level risk profile if internal policy permits, or at minimum monitor closely for suspicious outbound connections.
## Risk Conclusion
IP 51.161.37.38 presents moderate risk primarily due to high-abuse neighborhood context and geolocation inconsistencies. While no direct threat indicators are present for this specific address, the subnet's 74.6% abuse density suggests elevated risk environment. SOC teams should monitor related subnet activity and validate infrastructure location claims.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca005-san38.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san38.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:23:23 UTC |
| Last Seen | 2026-06-28 06:31:12 UTC |
| Profile Built | 2026-06-29 06:36:41 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.