51.161.65.175
# IP Intelligence Briefing: 51.161.65.175
## Executive Summary
IP 51.161.65.175 is a cloud infrastructure endpoint operated by OVH under Ahrefs Pte Ltd (ASN 16276). The IP exhibits moderate risk (score 40) with geolocation validation anomalies and operates within a high-abuse-density subnet. No active threat indicators or blacklist entries were observed.
---
## Infrastructure Profile
Ownership & Registration:
- Organization: Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- CIDR Block: 51.161.65.0/24
- Infrastructure Type: Cloud Compute (OVH)
- Network Classification: Hosting/Cloud Infrastructure
DNS Resolution:
- PTR Hostname: proxy-ca011-san175.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: No SPF, DMARC, or TXT records detected
Service Status:
- Open Ports: None detected
- Service State: Firewalled / No Services
- TLS Certificate: None
---
## Geolocation Analysis
Reported Location: Singapore (3000km accuracy radius)
Validation Status: INVALID
Geolocation Anomalies:
- Geolocation consensus marked as plausible: false
- RTT violation: Observed 30ms vs. minimum possible 121.6ms for 6082km claimed distance
- Probe count: 5 probes from multiple sources
- Inferred location discrepancy indicates geolocation spoofing or inaccurate provider data
Conclusion: The claimed Singapore location is geographically implausible. The actual physical location likely differs significantly, suggesting either data manipulation or provider reporting errors.
---
## Subnet Abuse Assessment
Subnet: 51.161.65.0/24
Abuse Density: 0.7383 (High Abuse)
Classification: high_abuse
Statistics:
- Total Siblings: 256
- Active Siblings: 213
- Threat Siblings: 189
- Risk Inheritance: 29
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
Assessment: The /24 subnet exhibits elevated abuse activity with 73.83% abuse density. This context suggests the IP may be part of a larger infrastructure shared by multiple tenants, with a significant portion of sibling IPs flagged for abuse.
---
## Threat Intelligence Status
Threat Indicators:
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Threat Feeds: None detected
- Known Campaigns: None
Campaign Correlation:
- Campaign Likelihood: None
- Cert Matches: 0
- Banner Matches: 0
- Correlated IPs: 0
Risk Metrics:
- Overall Risk Score: 40 (Moderate)
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
---
## Historical Observations (21 Total)
Temporal Stability:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Threat Observation Count: 1
Consistent Signals:
- Provider consistently reported as OVH
- Cloud infrastructure characteristics maintained
- No significant behavioral changes observed
---
## Recommended Actions
For SOC/SIEM Teams:
1. Monitor for Anomalies: Despite no current threat indicators, monitor for unusual traffic patterns given the high-abuse subnet context
2. Geolocation Verification: Do not trust reported Singapore location; verify actual endpoint location through additional means
3. Contextual Awareness: Recognize this IP as part of Ahrefs cloud infrastructure, a legitimate SEO tool provider
4. Threshold Consideration: Moderate risk score (40) warrants monitoring but not immediate blocking
Firewall Recommendations:
- No immediate block required
- Consider allowing established traffic patterns
- Monitor for unusual outbound connections from this IP
---
## Conclusion
IP 51.161.65.175 is a legitimate cloud infrastructure endpoint operated by Ahrefs through OVH. The primary concerns are geolocation validation failures and the high-abuse density of the hosting /24 subnet. No active malicious activity or threat indicators were detected. The IP should be treated with contextual awarenessβallowing legitimate Ahrefs services while monitoring for anomalies consistent with the broader subnet abuse patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059690 |
| CIDR Block | 51.161.65.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca011-san175.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca011-san175.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 21:00:51 UTC |
| Last Seen | 2026-06-28 16:12:06 UTC |
| Profile Built | 2026-06-29 04:15:50 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.