## Intelligence Briefing: 51.222.168.106/32
Classification: Moderate Risk Cloud Infrastructure IP
Date: 2026-06-23
Analyst: IPDebrief Intelligence Team
---
Executive Summary
IP 51.222.168.106 is a moderate-risk (Score: 40) cloud compute address hosted on OVH infrastructure. While no direct threat indicators were identified, the IP resides in a high-abuse density subnet (51.222.168.0/24) with 78.12% abuse classification. Geolocation validation anomalies and network-level hosting characteristics warrant monitoring.
---
Asset Profile
- IP Address: 51.222.168.106/32
- Network: OVH-CUST-281059697 (51.222.168.0/24)
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Infrastructure Type: CloudCompute / Hosting
- Country Code: CA (validation flagged implausible)
- Risk Score: 40/100 (Moderate)
---
Observations
Geolocation Anomalies:
- Claimed location: Canada (QC/Singapore discrepancy)
- RTT validation violation: 26ms measured vs. 112ms minimum for 5,598km distance
- GeoPlausible flag: FALSE (5 probes)
- Distance from claimed coordinates: 5,597.9km
Network Characteristics:
- Service status: Firewalled / No services detected
- DNS PTR: proxy-ca018-san106.ahrefs.net
- Forward resolution: ahrefs.net domain (legitimate SEO analytics provider)
- Infrastructure: Cloud hosting environment
Threat Indicators:
- Known attacker status: FALSE
- Tor exit node: FALSE
- Blacklist count: 0
- Active campaigns: NONE
- Pulsedive risk: Not applicable
---
Neighborhood Context
Subnet 51.222.168.0/24 shows elevated risk patterns:
- Abuse density classification: HIGH ABUSE (0.7812)
- Inherited risk score: 31
- Active siblings in subnet: 229/256
- Neighbor risk distribution: 100 medium-risk IPs identified
- Classification: high_abuse
---
Historical Analysis
22 observations collected (most recent: 2026-06-23):
- Operator score trend: Minimal (0.2174)
- Threat persistence: 0 days
- Is persistently malicious: FALSE
- Ownership changes: 0
- Historical signals indicate stable cloud infrastructure usage with no escalating threat behavior
---
Recommended Actions
Immediate Mitigation:
```bash
# iptables
iptables -A INPUT -s 51.222.168.106 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.168.106 drop
```
WAF/Firewall Blocks:
- Cloudflare WAF: Block with expression `ip.src eq 51.222.168.106`
- AWS WAF: Add `51.222.168.106/32` to IP set with description "IPDebrief risk 40"
- pfSense: Block 51.222.168.106/32
Note: Actions are probabilistic and should be validated against additional signals before implementation.
---
Intelligence Assessment
The IP exhibits characteristics consistent with legitimate cloud hosting infrastructure (Ahrefs.net association) but operates within a subnet with high abuse density. The moderate risk score (40) reflects the neighborhood context rather than specific malicious activity on this address. No direct threat indicators (blacklists, campaigns, known attacker flags) were identified.
Priority: Monitor
Recommended Action: Block recommended due to subnet-level abuse classification, but maintain logging for potential false positive review.
---
*Report generated from IPDebrief intelligence platform data.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san106.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san106.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 06:48:24 UTC |
| Profile Built | 2026-06-28 00:54:52 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.