51.222.168.137
# IP INTELLIGENCE BRIEFING
Target: 51.222.168.137/32
Classification: Moderate Risk
Date: Current Intelligence Cycle
---
## EXECUTIVE SUMMARY
IP 51.222.168.137 is a cloud-compute endpoint hosted on OVH infrastructure with a risk score of 40 (Moderate Risk). The IP resolves to Ahrefs proxy infrastructure but exhibits significant geolocation anomalies and operates within a subnet classified as high-abuse density. No active threat indicators are currently present, but the network context warrants defensive monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Provider | OVH |
| Infrastructure Type | CloudCompute |
| CIDR Block | 51.222.168.0/24 |
| Network Role | Firewalled / No Services |
The IP operates on OVH hosting infrastructure. DNS records resolve to `proxy-ca018-san137.ahrefs.net`, indicating association with Ahrefs proxy services. No open ports or active services were detected.
---
## GEOLOCATION VALIDATION
Status: FAILED
- Claimed Location: Singapore (city), Canada (country code: CA)
- RTT Measurement: 27ms average
- Claimed Distance: 5,597.9 km
- Minimum Possible RTT: 112.0ms
The geolocation data is geographically implausible. The measured RTT (27ms) is less than 25% of the minimum physically possible RTT (112ms) for the claimed distance, indicating spoofed or unreliable location metadata.
---
## THREAT ASSESSMENT
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Tor Exit Node | No |
| Spam Source | No |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Risk Score | 40 (Moderate) |
| Provider Score | 0 |
| Authority Score | 0 |
No active threat indicators detected. However, the IP appears on 1 of 8 DNSBL lists. The subnet 51.222.168.0/24 exhibits high abuse density (0.7812) with 200 threat siblings among 256 total addresses.
---
## NETWORK CONTEXT
- Subnet: 51.222.168.0/24
- Abuse Density: 0.7812 (High Abuse)
- Active Siblings: 229 of 256 IPs
- Threat Siblings: 200
- Inherited Risk Score: 31
- Control Plane: BGP prefix 51.222.0.0/16 (Origin ASN 16276)
The subnet demonstrates significant abuse prevalence. Over 78% of addresses in the /24 block are associated with abuse activity.
---
## OBSERVATION HISTORY
- Total Observations: 23
- Threat Persistence: 0 days
- Persistent Malicious: No
- Recent Signals: Multiple observations from June 2026 showing consistent subnet abuse classification
Historical data indicates no persistent malicious behavior, but recurring subnet abuse classification is consistent.
---
## RECOMMENDED ACTIONS
Given the moderate risk score, geolocation anomalies, and high-abuse subnet context, the following defensive measures are recommended:
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 51.222.168.137 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.168.137 drop
```
WAF Rules
```json
// Cloudflare WAF
{
"description": "Block 51.222.168.137 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 51.222.168.137"
}
}
```
---
## INTELLIGENCE NOTES
1. Ahrefs Association: DNS hostname indicates proxy infrastructure for Ahrefs, a legitimate SEO tools company. However, the geolocation discrepancy and subnet abuse density suggest the IP may be repurposed for proxy services.
2. Subnet Context: The /24 block shows 78% abuse density. This IP should be treated as part of a potentially compromised subnet environment.
3. Monitoring Priority: Moderate. While not actively malicious, the IP warrants continued monitoring due to subnet-level abuse patterns and geolocation spoofing.
4. Action Threshold: Current risk score (40) suggests blocking is defensible but should be combined with additional signals before enforcement.
---
*Intelligence generated via IPDebrief® platform. Data accuracy subject to continuous verification.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san137.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san137.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 06:49:44 UTC |
| Profile Built | 2026-06-28 00:55:59 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.