51.222.95.132
# INTELLIGENCE BRIEFING: 51.222.95.132/32
## Executive Summary
Target IP 51.222.95.132 operates within OVH hosting infrastructure (ASN 16276, organization: Ahrefs Pte Ltd). The IP carries a moderate risk score (40/100) with no active threat indicators detected. However, the subnet exhibits elevated abuse density characteristics warranting continued monitoring.
---
## Ownership and Infrastructure
- Network Assignment: 51.222.95.0/24
- Provider: OVH (Cloud hosting provider)
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276
- RIR: ARIN
The IP is assigned to a customer subnet under OVH's infrastructure with registration data indicating enterprise hosting classification.
---
## Network Classification and Services
- Infrastructure Type: Cloud hosting (OVH)
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- TLS/HTTP Services: No active services observed
- DNS Resolution: proxy-ca010-san132.ahrefs.net
The target IP shows no exposed services, indicating either proper firewall configuration or non-public-facing deployment.
---
## Geolocation Analysis
- Claimed Location: Canada (QC region)
- Network Position: Distance discrepancy of 5,597.9km from claimed location
- Geolocation Plausibility: FALSE
- RTT Analysis: 30ms measured RTT significantly below minimum possible 112ms for claimed distance
- Accuracy: 3000km radius
The geolocation data contains a critical validation failure. The RTT metrics indicate the IP does not physically reside in the claimed Canadian location, suggesting either misconfiguration or intentional obfuscation.
---
## Threat Assessment
- Reputation: Moderate Risk
- Risk Score: 40/100
- Known Threats: None detected
- Blacklist Status: 0 blacklist entries
- Tor/VPN/Proxy: Not identified as any of these types
- Campaign Correlation: No known campaign associations
No active malicious activity was observed during the analysis period.
---
## Neighborhood and Subnet Analysis
- Subnet: 51.222.95.0/24
- Abuse Density: 0.7539 (High Abuse Classification)
- Total Siblings: 256 IPs
- Active Siblings: 213
- Threat Siblings: 193
- Inherited Risk Score: 30
The /24 subnet demonstrates significant abuse activity. Nearly 75% of active IPs in the subnet show threat indicators, suggesting either compromised infrastructure, shared hosting abuse, or systemic misconfiguration within the customer network.
---
## Historical Observations
Analysis of 20 signal observations reveals:
- Consistent high-abuse classification across the subnet
- Persistent geolocation validation failures
- Operator score: 0.2174 (Minimal)
- No ownership changes observed
- Threat persistence duration: 0 days
The target maintains a stable profile with no escalation in observed threats over the monitoring period.
---
## Relationship Graph
- Total Relationships: 34
- Primary Association: Same Network (OVH-CUST-281059689)
- Network Classification: Customer subnet
---
## Security Recommendations
Immediate Actions
1. Monitor Closely: While no active threats detected, the high-abuse subnet requires enhanced monitoring
2. Geolocation Validation: Investigate the discrepancy between claimed and actual network location
3. DNS Verification: Validate that proxy-ca010-san132.ahrefs.net resolution is legitimate for expected traffic patterns
Firewall Considerations
- No blocking recommended at this time due to lack of active threat indicators
- Consider rate limiting if the IP exhibits unusual traffic patterns
- Monitor for service emergence given the firewalled state
Intelligence Notes
- Subnet abuse density suggests compromised or misconfigured customer infrastructure
- OVH hosting environment with Ahrefs customer organization
- No evidence of current malicious activity, but elevated neighborhood risk warrants continued observation
---
Classification: MONITOR
Date of Analysis: Current
Analyst Notes: Target represents low immediate risk but elevated contextual risk due to subnet abuse patterns. Recommended for continued passive monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san132.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san132.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:24:14 UTC |
| Last Seen | 2026-06-28 21:41:50 UTC |
| Profile Built | 2026-06-29 03:45:50 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.