51.222.168.117
## IP INTELLIGENCE BRIEFING: 51.222.168.117/32
Date: June 2026
Classification: Moderate Risk / High-Abuse Subnet
Analyst: IPDebrief Intelligence Team
---
EXECUTIVE SUMMARY
IP 51.222.168.117 is a cloud infrastructure endpoint operated by OVH (ASN 16276) within a high-abuse density subnet. The IP presents a moderate risk profile (score: 40) with significant contextual indicators pointing to potential abuse activity. The endpoint is associated with the Ahrefs.net domain but shows no active services, suggesting it may be a dormant or firewalled resource.
---
OWNERSHIP & NETWORK CLASSIFICATION
- Provider: OVH SAS (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 51.222.168.0/24
- Infrastructure Type: CloudCompute / Hosting Provider
- Geolocation: Canada (QC region, coordinates 56.13°N, -106.35°W)
- DNS PTR: proxy-ca018-san117.ahrefs.net
- Forward Resolution: proxy-ca018-san117.ahrefs.net
---
THREAT INDICATORS
| Metric | Value |
|---|---|
| Risk Score | 40 (Moderate) |
| DNSBL Listings | 1 of 8 lists |
| Abuse Confidence | Not scored |
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Blacklist Count | 0 |
Key Concern: The IP carries a DNSBL listing on one of eight monitored lists, indicating prior reputation issues despite current lack of active threat indicators.
---
SUBNET CONTEXT (51.222.168.0/24)
The IP operates within a high-risk neighborhood requiring heightened scrutiny:
- Abuse Density: 0.6211 (High)
- Classification: high_abuse
- Active Siblings: 231 of 256 addresses
- Threat Siblings: 159 out of 256 total IPs flagged
- Inherited Risk: 24
Assessment: The /24 subnet exhibits concentrated abuse activity with approximately 62% of active IPs classified as threats. This contextual data elevates the risk profile despite the individual IP's moderate scoring.
---
NETWORK SERVICES & BEHAVIOR
- Open Ports: None detected
- HTTP Services: No active web presence
- TLS Certificates: None observed
- Status: Firewalled / No Services
- Control Plane: BGP prefix 51.222.0.0/16, route stability flagged as false
The endpoint shows no active service exposure, suggesting defensive configuration or dormant status. However, the lack of observable services does not eliminate threat potential within a high-abuse subnet.
---
OBSERVATION HISTORY
Recent monitoring indicates:
- Total Observations: 23 signals tracked
- Latest Classification: High abuse density subnet (0.6211)
- Ownership Changes: None detected
- Threat Persistence: Single observation event
The IP demonstrates stability in ownership with consistent subnet-level abuse patterns.
---
RELATED ENTITIES
- Network Associations: OVH-CUST-281059697 (65 relationship entries)
- Campaign Correlation: None detected
- Certificate Matches: Zero
- Correlated IPs: Zero
---
RECOMMENDED ACTIONS
Based on the moderate risk score and high-abuse subnet context, implement the following controls:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 51.222.168.117 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 51.222.168.117 drop` |
| NGINX | `deny 51.222.168.117;` |
| pfSense | `51.222.168.117/32` |
| Cloudflare WAF | Block IP (risk score: 40) |
| AWS WAF | Add to IP set: 51.222.168.117/32 |
Note: Consider blocking the entire /24 subnet (51.222.168.0/24) given the 0.6211 abuse density and 159 threat-sibling count.
---
INTELLIGENCE ASSESSMENT
This IP represents a contextual threat rather than an active attacker. The moderate individual risk score is elevated by the high-abuse density of its parent subnet. The Ahrefs.net domain association suggests legitimate hosting, but the presence of 159 threat siblings within the /24 indicates compromised or misconfigured infrastructure sharing.
Priority: Monitor for inbound traffic patterns. If no legitimate traffic is expected from this IP range, implement subnet-level blocking. If business operations require access, maintain IP-level controls with enhanced logging.
Threat Level: MODERATE (contextually elevated)
Action Required: Yes (firewall rule implementation)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san117.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san117.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 17:18:08 UTC |
| Last Seen | 2026-06-27 14:00:46 UTC |
| Profile Built | 2026-06-28 08:04:43 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.