51.161.37.86
# IP INTELLIGENCE BRIEFING
Target: 51.161.37.86/32
Classification: Moderate Risk / Cloud Infrastructure
Date: Analysis generated based on IPDebrief intelligence
---
## EXECUTIVE SUMMARY
IP 51.161.37.86 is a moderate-risk (risk score 40) cloud compute address hosted within OVH infrastructure. The IP is associated with Ahrefs Pte Ltd and resolves to ahrefs.net domain infrastructure. While no direct threat indicators were identified for this specific address, the subnet exhibits high abuse density (0.7422), indicating systemic risks in the /24 block.
---
## PROFILE ASSESSMENT
Ownership & Provider:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059684
- Infrastructure Type: Cloud Compute
- Classification: Firewalled / No Services Detected
Geolocation:
- Reported Country: CA (Canada)
- Geolocation Consensus: Inconsistent (coordinates suggest alternate location)
- Accuracy Radius: 3000km
- Status: GeoPlausible flag false
DNS Resolution:
- PTR Hostname: proxy-ca005-san86.ahrefs.net
- Forward Resolution: proxy-ca005-san86.ahrefs.net
- Domain: ahrefs.net
- Email Authentication: No SPF/DMARC records detected
Threat Indicators:
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- DNSBL Listed: 1 of 8 total lists
- Abuse Confidence Score: Not available
---
## OBSERVATION HISTORY
Signal Timeline: 18 total observations recorded
- Most Recent: 2026-06-15 15:40 UTC
- Observation Count: 1 (persistent malicious activity: No)
- Threat Persistence Days: 0
Key Historical Signals:
- 2026-06-15: Subnet abuse density recorded at 0.7422 (high_abuse classification), inherited risk score 29
- 2026-06-09: DNSBL listing detected (1 of 8 lists), max severity: high
- Routing: Route stability flag false, no route changes in 30 days
---
## SUBNET NEIGHBORHOOD ANALYSIS
Subnet: 51.161.37.0/24
- Total Siblings: 256
- Active Siblings: 198
- Threat Siblings: 190
- Abuse Density: 0.7422 (HIGH)
- Subnet Classification: high_abuse
Risk Distribution:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
- Inherited Risk: 29
Neighbor Assessment: All sampled neighbors (51.161.37.0-5) show identical risk profile (risk score: 40, authority score: 50), indicating consistent infrastructure behavior across the subnet.
---
## NETWORK RELATIONSHIPS
Total Relationships: 32
- Primary Relationship Type: Same Network (OVH-CUST-281059684)
- Correlated IPs: 0
- Campaign Certificates: 0
- Banner Matches: 0
---
## THREAT CORRELATION
Campaign Likelihood: None
- Known Campaigns: None
- Threat Feeds: None
- Cert Matches: 0
- Correlated IPs: 0
---
## RECOMMENDED SECURITY ACTIONS
Based on risk profile (score 40), the following blocking rules are recommended:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 51.161.37.86 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.161.37.86 drop
# nginx
deny 51.161.37.86;
```
Cloud Security Platforms:
- Cloudflare WAF: Block with expression `ip.src eq 51.161.37.86`
- AWS WAF: Add address `51.161.37.86/32` to rule set
- pfSense: Add `51.161.37.86/32` to firewall block list
---
## INTELLIGENCE NOTES
Risk Factors:
1. High abuse density in parent subnet (51.161.37.0/24) with 190 threat-sibling IPs
2. DNSBL listing detected (1 of 8 lists) with high severity
3. Geolocation inconsistencies between data sources
4. No direct threat indicators for this specific IP
Mitigating Factors:
1. No known campaigns or correlated IPs
2. No open ports or services detected
3. No direct threat indicators (not known attacker, not spam source)
Recommendation: Block at perimeter firewall level due to subnet-level abuse density. Monitor for any service activation or threat indicator emergence.
---
*Report generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059684 |
| CIDR Block | 51.161.37.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca005-san86.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca005-san86.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:07 UTC |
| Last Seen | 2026-06-28 17:40:33 UTC |
| Profile Built | 2026-06-29 05:44:57 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.