51.222.168.167

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.222.168.167/32

## Executive Summary

IP 51.222.168.167 is a moderate-risk cloud computing address assigned to OVH SAS (ASN 16276) under customer allocation OVH-CUST-281059697. The IP resolved to hostname proxy-ca018-san167.ahrefs.net, indicating association with aresnet.com/ahrefs.net infrastructure. Current risk assessment scores 40 (Moderate Risk), with neighborhood context revealing significant abuse concentration within the parent /24 subnet.

## Risk Assessment

Overall Risk Score: 40 (Moderate Risk)
Provider/Authority Scores: 0 (neutral baseline)
Operator Score: 0.2174 (Minimal threat classification)
DNSBL Status: Listed on 1 of 8 total blacklist databases
Infrastructure Type: CloudCompute (OVH hosting)

## Network Context

Organization: Dmytro, Ahrefs Pte Ltd / OVH-CUST-281059697
ASN: 16276 (OVH)
Registered CIDR: 51.222.168.0/24
Geolocation: Canada (QC), with geolocation consensus indicators
Network Role: Cloud hosting infrastructure with firewall/no active services detected

## Neighborhood Analysis

The parent subnet 51.222.168.0/24 demonstrates elevated abuse characteristics:

Abuse Density Score: 0.832 (high_abuse classification)
Active Siblings: 227 of 256 total addresses
Threat Siblings: 213 identified as potentially malicious
Inherited Risk Score: 33

## Historical Observations

Analysis of 19 historical signals reveals:

Consistent threat indicators across multiple observation periods
ASN 16276 flagged with threat pulses in recent observations
Persistent operator score signals maintaining minimal threat classification
Subnet abuse density classification remained stable at high_abuse

## DNS Intelligence

Primary Hostname: proxy-ca018-san167.ahrefs.net
Domain: ahrefs.net
Forward Resolution: Confirmed (1 hostname)
PTR Record: proxy-ca018-san167.ahrefs.net
Forward Confirmation: Pending validation

## Service Analysis

Open Ports: None detected
HTTP Services: No active HTTP title or banner
TLS Certificates: None detected
Network Classification: No CDNs, VPNs, or proxy services identified

## Recommended Actions

Monitor for lateral movement within 51.222.168.0/24 subnet
Review firewall rules for cloud hosting infrastructure from OVH
Consider enhanced monitoring given high-abuse neighborhood context
Validate DNS resolution patterns for ahrefs.net infrastructure

## Key Indicators

Risk Classification: Moderate Risk
Subnet Classification: High Abuse
Provider: OVH Cloud Computing
Primary Association: ahrefs.net DNS infrastructure

---

*Data compiled from IPDebrief intelligence platform. All observations based on real-time threat intelligence feeds.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059697
CIDR Block	51.222.168.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca018-san167.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca018-san167.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	19%	2	2
routing	13%	1	1
services	13%	1	1
ownership	19%	2	2
reputation	13%	1	2
geolocation	24%	2	3
Overall	17%	9	11

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-29 12:05:22 UTC
Last Seen	2026-06-29 06:31:28 UTC
Profile Built	2026-06-29 06:35:31 UTC
Data Freshness	Live
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.222.168.167📋 Copy