# IP INTELLIGENCE BRIEFING
IP Address: 51.161.65.119/32
Report Date: 2026-06-29
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 51.161.65.119 presents as a moderate-risk address (risk score 40) hosted on OVH infrastructure in Montreal, Quebec. The IP resolves to aresolvable hostname for ahrefs.net and operates within a high-abuse subnet with elevated threat density. While no active malicious indicators were detected at the time of analysis, the neighborhood context warrants defensive monitoring.
---
## NETWORK OWNERSHIP & CLASSIFICATION
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: AS16276 (OVH SAS)
- CIDR Block: 51.161.65.0/24
- Infrastructure Type: CloudCompute / Hosting
- Geolocation: Montreal, QC, CA
- DNS Hostname: proxy-ca011-san119.ahrefs.net
The IP is classified as a cloud-hosted infrastructure resource with no open ports or active services observed.
---
## RISK PROFILE
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence: Not quantified
- Blacklist Status: Clean (0 lists)
- Threat Feeds: No indicators
- Campaign Association: None detected
The IP maintains a moderate risk posture with no evidence of direct malicious activity. However, the subnet classification and neighborhood context contribute to elevated overall risk assessment.
---
## SUBNET ANALYSIS (51.161.65.0/24)
- Abuse Density: 0.75 (High)
- Classification: High Abuse
- Total Subnet IPs: 256
- Active IPs: 213
- Threat IPs: 192
The /24 subnet exhibits high abuse density with approximately 75% of active addresses flagged for malicious activity. This contextual risk significantly influences the IP's overall threat assessment.
---
## OBSERVATION HISTORY
Analysis of 22 historical observations reveals consistent geolocation to Montreal, CA, with the high-abuse classification persisting across multiple observation periods. The operator score remained minimal (0.2174) throughout the observation window, indicating stable but elevated neighborhood risk.
---
## RELATIONSHIP GRAPH
37 relationships identified, primarily network-level associations within the OVH-CUST-281059690 customer block. No external threat actor associations or campaign-level indicators were detected.
---
## RECOMMENDED ACTIONS
Based on the risk profile and neighborhood context, the following defensive measures are recommended:
| Platform | Action |
|---|---|
| iptables | `iptables -A INPUT -s 51.161.65.119 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 51.161.65.119 drop` |
| nginx | `deny 51.161.65.119;` |
| Cloudflare WAF | Block IP with expression: `ip.src eq 51.161.65.119` |
| AWS WAF | Add IP 51.161.65.119/32 to block list |
---
## ANALYST NOTES
The IP resolves to a legitimate ahrefs.net hostname but operates within a high-abuse OVH subnet. While direct malicious indicators were absent, the 192 threat-sibling addresses in the neighborhood suggest potential for abuse. SOC teams should monitor for outbound connections to this subnet and consider blocking at the perimeter, particularly for untrusted traffic sources.
---
Classification: Threat Intelligence
Status: Moderate Risk - Monitor/Block
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059690 |
| CIDR Block | 51.161.65.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca011-san119.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca011-san119.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 00:50:58 UTC |
| Last Seen | 2026-06-29 02:32:37 UTC |
| Profile Built | 2026-06-29 08:36:25 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.