IP Intelligence Briefing: 51.161.65.20/32
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Registered to Ahrefs Pte Ltd (OVH ASN 16276).
- Geolocation: Montreal, Canada (subtly inferred via DNS).
- Network Role: Cloud compute infrastructure (OVH-hosted, no open services).
- Threat Indicators: No direct malicious activity detected.
---
**2. Subnet Analysis**
- Subnet: 51.161.65.0/24
- Abuse Density: 58% (high abuse classification).
- Neighbor Risk:
- 96 IPs flagged as medium-risk (score 40β50).
- 4 low-risk IPs.
- 0 high-risk IPs.
- Key Neighbor: 51.161.65.0 (score 40) and 51.161.65.1 (score 40).
---
**3. Observational History**
- Recent Activity:
- No detected threats, spam, or malicious campaigns.
- Subnet abuse density has remained stable at 58% over 30 days.
- DNS resolution linked to proxy-ca011-san20.ahrefs.net (Ahrefs infrastructure).
---
**4. Relationships**
- DNS Associations:
- Linked to proxy-ca011-san20.ahrefs.net (Ahrefs Pte Ltd).
- Network Affiliation:
- Part of OVHβs 51.161.0.0/17 block, classified as "high_abuse" by IPDebrief.
---
**5. Recommendations**
- Monitoring:
- Watch the 51.161.65.0/24 subnet for unusual traffic patterns due to high abuse density.
- Investigate Ahrefsβ infrastructure for potential misconfigurations or compromised endpoints.
- Mitigation:
- Block the IP via firewall rules (see below) as a precaution.
- Tools:
- Use IPDebriefβs compare function to analyze high-risk neighbors.
---
**6. Firewall Actions**
- iptables:
```bash
iptables -A INPUT -s 51.161.65.20 -j DROP
```
- nftables:
```bash
nft add rule inet filter input ip saddr 51.161.65.20 drop
```
- Cloudflare/WAF:
```json
{
"action": "block",
"filter": {
"expression": "ip.src eq 51.161.65.20"
}
}
```
---
Conclusion: The IP is part of a cloud infrastructure with no direct malicious activity, but its subnet exhibits high abuse density. SOC teams should monitor the subnet and consider blocking the IP to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059690 |
| CIDR Block | 51.161.65.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca011-san20.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca011-san20.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 23% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 12 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 18:30:33 UTC |
| Last Seen | 2026-06-28 22:53:00 UTC |
| Profile Built | 2026-06-29 04:57:03 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.