51.161.65.61
## IP INTELLIGENCE BRIEFING
Target IP: 51.161.65.61/32
Classification: Moderate Risk / High Abuse Neighborhood
Date: 2026-06-28
---
EXECUTIVE SUMMARY
IP 51.161.65.61 is a cloud-hosted infrastructure address assigned to OVH under the netname OVH-CUST-281059690, registered to organization Dmytro, Ahrefs Pte Ltd. The IP presents moderate individual risk (40/100) but operates within a subnet exhibiting elevated abuse density (0.6914), with 177 of 256 total siblings classified as threats. No open services were detected; the address is configured as firewalled with no active HTTP/TLS services.
---
OWNERSHIP & INFRASTRUCTURE
| Field | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Provider | OVH |
| Network Block | 51.161.65.0/24 |
| RIR | ARIN |
| Geolocation | Canada, QC, Montreal |
| Infrastructure Type | CloudCompute / Hosting |
Network Role: Cloud-hosted infrastructure with firewalled configuration. No open ports detected.
---
THREAT INDICATORS
- Risk Score: 40 (Moderate Risk)
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 lists checked
- Abuse Confidence Score: Not calculated
- Known Campaigns: None identified
- Is Tor Exit/VPN/Proxy: No
Threat Feed Analysis: No indicators in threat feeds, Pulsedive risk not applicable.
---
NETWORK ACTIVITY PROFILE
DNS Configuration:
- PTR Record: proxy-ca011-san61.ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: SPF/DMARC not configured
Service Fingerprint:
- Open Ports: None detected
- HTTP/TLS: No active services
- Server Banner: None
- Status Code: Not detected
Control Plane:
- Route Stability: False
- BGP Prefix: 51.161.0.0/17
- RPKI State: Not validated
- Delegation Age: Unknown
---
GEOGRAPHIC VALIDATION
Validation Status: INVALID
- Reported Location: Canada (Montreal, QC)
- Observed RTT: 27ms
- Minimum Expected RTT: 121.6ms (for 6082km distance)
- Conclusion: Geolocation data inconsistent with network latency measurements.
---
OBSERVATION HISTORY (22 Signals)
Recent activity indicates stable provider assignment to OVH with confidence 0.85. Geolocation signals (Canada) show low confidence (0.18) across multiple observations. Operator score remains minimal (0.2174). No persistent malicious behavior detected in historical signals.
---
NEIGHBORHOOD ANALYSIS (51.161.65.0/24)
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 207 |
| Threat Siblings | 177 |
| Abuse Density | 0.6914 |
| Classification | **HIGH ABUSE** |
| Inherited Risk | 27 |
Risk Distribution Across Subnet:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
Assessment: The /24 subnet demonstrates concentrated threat activity with 177 threat siblings. Neighbor analysis shows uniform moderate-risk profiles (risk score 40, authority score 50) across sampled addresses. This indicates the subnet may be associated with coordinated hosting or abuse operations.
---
RELATIONSHIP GRAPH
Total relationships: 47
- Same Network: Multiple relationships to OVH-CUST-281059690
- Network ownership consistently attributed to the same netname
---
RECOMMENDATIONS FOR SOC ANALYSTS
1. MONITOR CLOSELY: The high abuse density (0.6914) and elevated threat sibling count (177) warrant enhanced monitoring. Treat this subnet as potentially compromised infrastructure.
2. BLOCK IF SUSPICIOUS: Consider blocking outbound traffic to 51.161.65.0/24 if:
- Inbound connections from this subnet are observed
- Outbound connections to this subnet contain suspicious payloads
- The subnet is not part of your legitimate cloud provider roster
3. INVESTIGATE ORIGIN: The RTT validation failure suggests potential spoofing or misreported geolocation. Correlate with known Ahrefs infrastructure to determine legitimacy.
4. NEIGHBOR CORRELATION: Analyze related IPs in the 51.161.65.0/24 range for coordinated behavior patterns. 207 active siblings suggest a concentrated operational environment.
5. EMAIL AUTHENTICATION: No SPF/DMARC records present. If this IP is used for email transmission, it lacks standard email authentication mechanisms.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059690 |
| CIDR Block | 51.161.65.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca011-san61.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca011-san61.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 21:00:52 UTC |
| Last Seen | 2026-06-28 16:13:44 UTC |
| Profile Built | 2026-06-29 04:18:04 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.