51.222.95.117
## IP Intelligence Briefing: 51.222.95.117/32
Classification: Moderate Risk
Date: Current
Executive Summary
IP 51.222.95.117 is a cloud infrastructure endpoint within OVH's hosting network (ASN 16276), associated with Ahrefs Pte Ltd. The address operates within a high-abuse subnet (51.222.95.0/24) with an abuse density of 0.7344. While the endpoint itself shows no active services and is currently firewalled, the subnet context warrants defensive monitoring.
Profile Details
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (CloudCompute infrastructure)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 51.222.95.0/24
- Infrastructure Type: Cloud Hosting
- Status: No open ports detected (Firewalled/No Services)
Geolocation Analysis
Location data presents inconsistencies: geolocation databases report the address as located in Singapore with a country code discrepancy (CA/Canada), with accuracy radius of 3,000 km. This incongruence between the Singapore city designation and Canadian country code code suggests potential data quality issues in geolocation sources.
DNS and Hostname Intelligence
The reverse DNS pointer resolves to proxy-ca010-san117.ahrefs.net, confirming association with Ahrefs infrastructure. Forward resolution confirms the ahrefs.net domain. No email authentication records (SPF/DMARC) are configured for the associated domain.
Threat Indicators
- Threat Classification: No active threat indicators (not known attacker, not Tor exit, not spam source)
- Blacklist Status: 1 of 8 DNSBL listings detected
- Operator Score: 0.2174 (Minimal)
- Campaign Correlation: No known campaigns matched
Neighborhood Analysis (51.222.95.0/24)
The /24 subnet exhibits elevated abuse activity:
- Abuse Density: 0.7344 (High Abuse classification)
- Total Siblings: 256
- Active Siblings: 234
- Threat Siblings: 188
- Risk Distribution: Neighbor scan of 100 samples shows all medium-risk ratings (score range 40-50)
- Inherited Risk: 29
The high concentration of threat siblings (73% of active siblings) within the subnet indicates systemic abuse patterns in this hosting block.
Historical Observations
19 observations recorded. Subnet abuse density classification has remained consistently "high_abuse" across all observations. Ownership has shown 0 changes, indicating stable infrastructure assignment.
Recommended Actions
Given the moderate risk profile and high-abuse neighborhood context, the following defensive measures are recommended:
Firewall/Network Rules:
- `iptables -A INPUT -s 51.222.95.117 -j DROP`
- `nft add rule inet filter input ip saddr 51.222.95.117 drop`
- `nginx: deny 51.222.95.117;`
Cloud/CDN Protection:
- Cloudflare WAF: Block with expression `ip.src eq 51.222.95.117`
- AWS WAF: Add 51.222.95.117/32 to deny list
Analyst Notes
While the individual IP shows no active malicious services, the subnet-level abuse density of 0.7344 and 188 threat siblings suggest this IP may be associated with compromised infrastructure. The Ahrefs hostname association indicates the address may be part of legitimate search engine optimization infrastructure that has been repurposed. Monitoring is recommended for any service activation on this endpoint.
---
*Intel generated via IPDebrief. Recommendations are probabilistic and should be validated against additional threat intelligence before enforcement.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san117.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san117.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:57:58 UTC |
| Last Seen | 2026-06-28 14:25:10 UTC |
| Profile Built | 2026-06-29 02:28:22 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.