51.222.168.175
# IP INTELLIGENCE BRIEFING: 51.222.168.175
Classification: Moderate Risk / High Abuse Subnet
Date of Analysis: 2026-06-20
Analyst: IPDebrief SOC Intelligence
---
## EXECUTIVE SUMMARY
IP 51.222.168.175 is a cloud-compute infrastructure address assigned to OVH hosting under the Ahrefs organization. The IP carries a moderate risk score of 40 and operates within a high-abuse subnet (51.222.168.0/24) with 80.47% abuse density. Geographic inconsistencies and hostname patterns suggest potential hosting of proxy infrastructure for web analytics services.
---
## OWNERSHIP & NETWORK ATTRIBUTES
| Attribute | Value |
|---|---|
| IP Address | 51.222.168.175/32 |
| ASN | 16276 (OVH) |
| Organization | Dmytro, Ahrefs Pte Ltd |
| CIDR Block | 51.222.168.0/24 |
| Infrastructure Type | CloudCompute / Hosting |
| PTR Hostname | proxy-ca018-san175.ahrefs.net |
| Associated Domain | ahrefs.net |
---
## GEOLOCATION ANALYSIS
Discrepancy Detected:
- Reported Country: CA (Canada)
- Reported City: Singapore
- Geolocation Plausibility: FALSE
- RTT Violation: 23ms observed vs 112ms minimum expected for 5,598km distance
Assessment: The geolocation data contains significant inconsistencies. The RTT violation indicates the reported location is implausible, suggesting either misconfigured geolocation databases or intentional obfuscation.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Known Attacker | Not Listed |
| Tor Exit Node | No |
| Spam Source | No |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Active Campaigns | None Identified |
| Threat Persistence | Low (0 days) |
Risk Score: 40 / 100 (Moderate)
---
## SUBNET ABUSE CONTEXT
51.222.168.0/24 Neighborhood Analysis:
- Classification: High Abuse
- Abuse Density: 80.47%
- Total Subnet IPs: 256
- Active IPs: 229
- Threat IPs: 206
- Inherited Risk: 32
All sampled neighboring IPs show identical risk profiles (40), indicating systematic abuse patterns across the entire /24 block.
---
## OBSERVATION HISTORY
- Total Historical Observations: 23
- Threat Observation Count: 1
- Ownership Changes: 0
- Stability: High (consistent over time)
- Recent signals indicate persistent geolocation inconsistencies
---
## SERVICE ENUMERATION
- Open Ports: None detected
- HTTP Services: None detected
- TLS Certificates: None detected
- Reverse DNS: proxy-ca018-san175.ahrefs.net
- Forward Resolution: Unconfirmed
Note: The PTR hostname pattern suggests the IP is designated as a proxy within the Ahrefs network infrastructure.
---
## RECOMMENDED ACTIONS
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 51.222.168.175 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.168.175 drop
```
WAF/CDN Recommendations:
- Cloudflare WAF: Block IP
- AWS WAF: Add 51.222.168.175/32 to block list
- pfSense: Block /32 subnet
---
## INTELLIGENCE NARRATIVE
The IP 51.222.168.175 operates on OVH cloud infrastructure within the Ahrefs organization. The PTR hostname "proxy-ca018-san175.ahrefs.net" strongly indicates this address serves as a proxy endpoint for web analytics traffic. The subnet exhibits high abuse density with 206 out of 256 IPs classified as threats, suggesting coordinated abuse activity across the entire /24 block.
Geolocation validation failures (RTT violations) indicate the reported Singapore location is inconsistent with network measurements, which may reflect either database errors or intentional location masking.
The moderate risk score (40) combined with the high-abuse neighborhood context warrants defensive blocking, particularly for organizations receiving unsolicited web traffic from this infrastructure. The lack of known malicious campaigns and zero blacklist hits suggests the IP is not currently associated with active threat operations, but rather serves as compromised proxy infrastructure.
Priority Level: Medium
Recommended Action: Block at perimeter firewall with monitoring for subsequent activity
Monitoring Recommendation: Track subnet 51.222.168.0/24 for emerging threat patterns
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059697 |
| CIDR Block | 51.222.168.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca018-san175.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca018-san175.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 12 | 18 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 18:30:41 UTC |
| Last Seen | 2026-06-28 22:54:49 UTC |
| Profile Built | 2026-06-29 04:57:03 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.