51.222.168.130
# IP Intelligence Briefing: 51.222.168.130/32
Classification: Moderate Risk / High-Abuse Infrastructure
Date: Analysis based on current observational data
IP Address: 51.222.168.130
---
## Executive Summary
IP address 51.222.168.130 is assigned to OVH (ASN 16276) within the 51.222.168.0/24 subnet under organization "Dmytro, Ahrefs Pte Ltd." The IP presents a moderate overall risk score of 40 but operates within a high-abuse density subnet (0.7812) with 200 of 256 sibling IPs classified as threats. Geographic data validation failed with RTT anomalies indicating distance inconsistencies. No direct threat indicators (Tor exit, known attacker, or spam source) were observed, but infrastructure is hosted on OVH cloud services with DNS PTR records pointing to Ahrefs infrastructure.
---
## Technical Profile
Ownership & Classification:
- Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 51.222.168.0/24
- Infrastructure Type: Cloud Hosting
- RIR: ARIN
Geolocation Discrepancy:
- Reported Country: Canada (CA)
- Actual Location: Singapore
- Validation Status: FAILED
- Distance Violation: RTT 26ms vs minimum possible 112ms for 5,598km separation
- Accuracy Radius: 3,000km (exceeds plausible bounds)
Network Role:
- Cloud Infrastructure: Yes
- CDN/VPN/Proxy: No
- Hosting: Yes
- Bogon: No
---
## Threat Indicators
Direct Threats: None observed
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
Subnet Threat Context:
- Abuse Density: 0.7812 (HIGH)
- Threat Siblings: 200 of 256 IPs in /24 subnet
- Neighborhood Classification: high_abuse
- Inherited Risk Score: 31
---
## DNS & Network Resolution
- PTR Hostname: proxy-ca018-san130.ahrefs.net
- Forward Resolution: 51.222.168.130 โ proxy-ca018-san130.ahrefs.net
- Hosted Domain: ahrefs.net
- Open Ports: None detected
- Active Services: Firewallled / No Services
---
## Historical Observations
Total signal observations: 31
- Recent Activity: 2026-06-25 (cloud infrastructure classification confirmed)
- Subnet Abuse Density: Recorded 2026-06-19 as high_abuse (0.7812)
- Certificate Scanning: Observed 2026-06-19 (0 certificates resolved)
- Threat Persistence: 0 days
- Is Persistently Malicious: No
---
## Recommended Security Actions
Firewall Rule Recommendations:
```bash
# iptables
iptables -A INPUT -s 51.222.168.130 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.168.130 drop
# nginx
deny 51.222.168.130;
```
Cloud WAF Integration:
- Cloudflare WAF: Block with expression `ip.src eq 51.222.168.130`
- AWS WAF: Add to block list with CIDR 51.222.168.130/32
---
## Intelligence Assessment
The IP should be treated with elevated caution despite moderate overall risk scoring. The high-abuse subnet classification (0.7812 density, 200 threat siblings) combined with geographic validation failure suggests potential misconfiguration, compromised hosting, or legitimate services operating in an abuse-prone environment. The Ahrefs-associated DNS records indicate this may be legitimate SEO/marketing infrastructure, but the subnet-level abuse context warrants monitoring.
Recommended Actions:
1. Implement blocking at perimeter firewall per rules above
2. Monitor for service activity on this IP
3. Consider subnet-level blocking (51.222.168.0/24) if lateral threat movement is suspected
4. Update geo-IP databases with validated Singapore location
---
Analysis Generated: IPDebrief Intelligence Platform
Data Sources: Full profile, neighborhood analysis, relationship graph, observation history
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san130.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san130.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 30% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 28% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 17:41:40 UTC |
| Last Seen | 2026-06-27 16:24:17 UTC |
| Profile Built | 2026-06-28 16:30:24 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 34 |
Full dossier details are available via our API.