51.222.168.158
# IP INTELLIGENCE BRIEFING
Target: 51.222.168.158/32
Classification: Moderate Risk Cloud Infrastructure
Date: 2026-06-26
---
## EXECUTIVE SUMMARY
IP 51.222.168.158 is a cloud compute endpoint hosted within OVH infrastructure (ASN 16276) with moderate risk characteristics (Score: 40/100). The IP is associated with the ahrefs.net domain and resolves to proxy-ca018-san158.ahrefs.net. While the IP shows no active threat indicators or open services, it resides within a subnet exhibiting elevated abuse density (0.7812), containing 200 threat-adjacent siblings out of 229 active addresses.
---
## OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 (OVH) |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| Infrastructure Type | Cloud Compute |
| Hosting Provider | OVH |
---
## GEOLOCATION ANALYSIS
| Attribute | Value | Status |
|---|---|---|
| Country | CA (Canada) | โ ๏ธ Flagged |
| Region | QC (Quebec) | |
| City | Singapore | โ ๏ธ Inconsistent |
| Distance Validation | 5,598 km from claimed location | โ ๏ธ Invalid |
| RTT Plausibility | 28ms vs 112ms minimum possible | โ ๏ธ Violation |
| Geo Source Consensus | 1 source | Limited |
Note: Geolocation data contains contradictions between country code (CA) and city (Singapore), with RTT measurements indicating significant distance discrepancies.
---
## NETWORK ROLE AND SERVICES
- Connection Type: No services detected
- Open Ports: None identified
- TLS Certificate: None detected
- HTTP Title: None detected
- Classification: Cloud Compute (firewalled/no services)
- Proxy/VPN/Tor: Negative across all categories
---
## THREAT INTELLIGENCE
| Metric | Value |
|---|---|
| Risk Score | 40/100 |
| Abuse Confidence Score | Not calculated |
| Blacklist Count | 0 |
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Known Campaigns | None |
| Threat Indicators | Empty |
Control Plane:
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Route Stability: False
- DNSSEC Valid: Yes
---
## NEIGHBORHOOD ANALYSIS
Subnet: 51.222.168.0/24
- Abuse Density: 0.7812 (HIGH)
- Classification: high_abuse
- Total Siblings: 256
- Active Siblings: 229
- Threat Siblings: 200
- Inherited Risk: 31/100
Risk Distribution (Neighbor IPs):
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
Notable Neighbor IPs (Sample):
- 51.222.168.0/32: Risk 40, Authority 50
- 51.222.168.1/32: Risk 40, Authority 50
- 51.222.168.2/32: Risk 40, Authority 50
- 51.222.168.3/32: Risk 40, Authority 50
- 51.222.168.4/32: Risk 40, Authority 50
---
## OBSERVATION HISTORY
Total Observations: 21
Recent Signal Activity:
- 2026-06-26: RTT anomaly detected (28ms observed vs 112ms minimum possible for 5,598 km distance)
- 2026-06-19: Abuse density classified as "high_abuse" (0.7812)
- 2026-06-19: Operator score minimal (0.2174)
- 2026-06-14: No campaigns detected
- Overall: Single threat observation recorded
Temporal Profile:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: No
---
## RELATIONSHIP ANALYSIS
Total Relationships: 60
Primary Relationship Type: Same Network (OVH-CUST-281059697)
Associated Entities: Multiple network-level relationships to OVH-CUST-281059697
---
## RECOMMENDED ACTIONS
Based on the moderate risk profile and elevated neighborhood abuse density, the following defensive measures are recommended:
1. Monitoring: Implement enhanced logging for this IP and monitor for behavioral changes
2. Firewall: Consider rate-limiting or monitoring for unusual outbound connections
3. Subnet Awareness: Given the high abuse density (0.7812) in the 51.222.168.0/24 subnet, treat all traffic from this range with elevated scrutiny
4. Geolocation Validation: Flag geolocation inconsistencies in security operations; validate source claims before allowing access
5. Threat Intel Integration: Add to watchlist for subnet-based monitoring due to 200 threat-adjacent siblings
---
Report Generated: IPDebrief Intelligence Platform
Analysis Status: Complete
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san158.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san158.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 12% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:11:20 UTC |
| Last Seen | 2026-06-27 20:09:49 UTC |
| Profile Built | 2026-06-28 14:15:27 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 29 |
Full dossier details are available via our API.