# IP INTELLIGENCE BRIEFING
IP Address: 51.222.168.1/32
Date: 2026-06-14
Classification: Moderate Risk
Risk Score: 40/100
---
## EXECUTIVE SUMMARY
IP 51.222.168.1 is an OVH CloudCompute infrastructure IP with moderate risk (40). The address resolves to ahrefs.net with PTR hostname proxy-ca018-san1.ahrefs.net. While no active threat indicators are present, the IP resides in a high-abuse subnet (51.222.168.0/24) with 67.19% abuse density and 172 of 256 sibling IPs flagged as threats. Geolocation data shows inconsistencies between reported Canadian coordinates and Singapore city assignment.
---
## OWNERSHIP & INFRASTRUCTURE
| Field | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059697 |
| **Provider** | OVH |
| **Infrastructure Type** | CloudCompute |
| **CIDR Block** | 51.222.168.0/24 |
| **RIR** | ARIN |
Network Role: Cloud hosting infrastructure with firewall protection. No open services detected.
---
## GEOLOCATION ANALYSIS
| Field | Value |
|---|---|
| **Country** | CA (Canada) |
| **Region** | QC (Quebec) |
| **City** | Singapore |
| **Accuracy Radius** | 3000 km |
| **GeoConsensus** | True |
| **GeoPlausible** | False |
| **RTT Validation** | Violation detected (28ms vs 112ms minimum for 5598km distance) |
Note: Geographic data inconsistency suggests potential routing anomalies or misattribution.
---
## DNS & SERVICE ANALYSIS
| Field | Value |
|---|---|
| **PTR Hostname** | proxy-ca018-san1.ahrefs.net |
| **Domain** | ahrefs.net |
| **Forward Confirmed** | False |
| **Forward Hostnames** | proxy-ca018-san1.ahrefs.net |
| **Open Ports** | None detected |
| **HTTP Title** | None detected |
| **TLS Certificate** | None detected |
| **DNSSEC Valid** | True |
| **Has CAA** | True |
Security Posture: DNSSEC and CAA records present. SPF/DMARC not configured.
---
## THREAT INTELLIGENCE
| Indicator | Status |
|---|---|
| **Abuse Confidence Score** | Not available |
| **Is Tor Exit** | No |
| **Is Known Attacker** | No |
| **Is Spam Source** | No |
| **Blacklist Count** | 0 |
| **DNSBL Listed** | 1/8 lists |
| **Known Campaigns** | None |
| **Threat Feeds** | None |
Recent Signal History: 24 observations recorded. No persistent malicious activity detected.
---
## NEIGHBORHOOD ANALYSIS (51.222.168.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 67.19% |
| **Classification** | High Abuse |
| **Inherited Risk** | 26 |
| **Total Siblings** | 256 |
| **Active Siblings** | 217 |
| **Threat Siblings** | 172 |
Neighbor Risk Distribution: 99 medium risk, 1 low risk, 0 high risk
---
## SECURITY ACTIONS & RECOMMENDATIONS
Risk Assessment: Moderate (40/100). No immediate blocking required, but monitoring recommended.
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 51.222.168.1 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.168.1 drop
# nginx
deny 51.222.168.1;
# pfSense
51.222.168.1/32
# Cloudflare WAF
{"description": "Block 51.222.168.1 โ IPDebrief risk score 40", "action": "block", "filter": {"expression": "ip.src eq 51.222.168.1"}}
# AWS WAF
{"Addresses":["51.222.168.1/32"],"Description":"IPDebrief risk 40"}
```
---
## THREAT INTELLIGENCE NARRATIVE
IP 51.222.168.1 belongs to OVH cloud infrastructure associated with ahrefs.net. The address demonstrates moderate risk characteristics with no active threat indicators. However, contextual analysis reveals the IP operates within a high-abuse subnet (51.222.168.0/24) where 67% of sibling IPs show abuse patterns.
Key intelligence points:
- Geographic anomaly between Canada and Singapore assignments warrants investigation
- DNSSEC and CAA records indicate basic infrastructure hardening
- No open services detected, suggesting firewall protection
- Single DNSBL listing among 8 total lists indicates some reputation issues
- 172 threat siblings in the /24 subnet suggest elevated risk environment
Operational Recommendation: Monitor inbound connections from this subnet. Consider blocking if legitimate traffic from ahrefs.net cannot be verified. No immediate action required for outbound connections from internal networks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san1.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san1.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 15% | 2 | 2 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 31% | 2 | 3 |
| Overall | 21% | 11 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:12:09 UTC |
| Last Seen | 2026-06-27 17:10:45 UTC |
| Profile Built | 2026-06-28 11:15:16 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.