51.222.95.151
# IP Intelligence Briefing: 51.222.95.151/32
Classification: MODERATE RISK | Provider: OVH SAS (Hosting)
Date: 2026-06-29
Analyst: IPDebrief SOC
---
## Executive Summary
IP address 51.222.95.151 is a moderate-risk infrastructure host registered to OVH SAS (ASN 16276) in Beauharnois, Quebec, Canada. The IP resolves to proxy-ca010-san151.ahrefs.net under the ahrefs.net domain. Recent observations indicate proxy/VPN activity, though the IP is primarily classified as cloud hosting infrastructure.
---
## Technical Profile
Ownership & Infrastructure:
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 51.222.95.0/24
- Infrastructure Type: Cloud Computing
- Classification: Hosting Provider (not CDN, Tor, VPN, or proxy)
Geolocation:
- Country: Canada (CA)
- Region: Quebec
- City: Beauharnois
- Geo Consensus: True (2 sources)
DNS Resolution:
- PTR Hostnames: proxy-ca010-san151.ahrefs.net
- Forward Hostnames: proxy-ca010-san151.ahrefs.net
- Email Auth: No SPF/DMARC records configured
---
## Risk Assessment
Overall Risk Score: 40 (Moderate Risk)
- Risk Breakdown: Provider/Authority scores at baseline
- DNSBL Status: Listed on 1 of 8 threat feeds
- Reputation Sources: Multiple feeds indicate mixed signals
Control Plane:
- BGP Prefix: 51.222.0.0/16
- Route Stability: False (route changes detected)
- DNSSEC: Valid
- RPKI State: Pending
Network Services:
- Open Ports: None detected
- TLS Certificate: Not active
- HTTP Banner: Not available
- Service Purpose: Firewalled / No Services
---
## Neighborhood Analysis
Subnet: 51.222.95.0/24
- Total Siblings: 256 IPs
- Active Siblings: 234 (91.4% utilization)
- Threat Siblings: 189 (75.6% threat ratio)
- Abuse Density: 73.83% (HIGH)
- Subnet Classification: high_abuse
- Inherited Risk Score: 29
Risk Distribution in Subnet:
- High Risk: 0
- Medium Risk: 94
- Low Risk: 6
---
## Observation History
Total Observations: 23 signals recorded
Recent Activity (2026-06-29):
- ASN: AS16276 (OVH SAS) โ Risk: 66, Confidence: 85%
- Infrastructure: Cloud hosting (OVH) โ Confidence: 90%
- Domain: ahrefs.net โ CAA records present โ Confidence: 80%
- Proxy Detection: Some signals indicate proxy activity
Temporal Indicators:
- Threat Persistence: 0 days
- Ownership Changes: 0
- Is Persistently Malicious: False
- Threat Observation Count: 1
---
## Relationship Graph
Total Relationships: 54
- Primary Network: OVH-CUST-281059689 (repeated 54 times)
- Target Types: Network infrastructure only
- No external entity links detected (certificates, hostnames, campaigns)
---
## Recommended Security Actions
SOC Analyst Guidance:
1. Monitor for Anomalies: The subnet exhibits high abuse density (73.83%). Monitor traffic patterns from this /24 for suspicious activity.
2. Review Proxy Signals: Recent observations indicate proxy/VPN activity. Evaluate if this aligns with legitimate business use cases for the organization.
3. DNSBL Monitoring: The IP is listed on 1 DNSBL. Investigate the specific blacklist and remediation requirements.
4. Email Reputation: No SPF/DMARC records configured. If this domain receives email, ensure proper authentication is implemented.
5. Cloud Infrastructure: No open ports detected. If this IP should serve traffic, investigate why services are not exposed.
Firewall Rules (Recommended):
- Allow traffic only if business justification exists
- Monitor for outbound connections from this IP
- Block if confirmed malicious activity detected
---
Conclusion: The IP represents legitimate hosting infrastructure within a high-abuse subnet. While the IP itself shows moderate risk, the surrounding neighborhood context warrants heightened monitoring. No immediate blocking required, but continued observation recommended due to proxy detection signals and high subnet abuse density.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san151.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san151.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 12:35:22 UTC |
| Last Seen | 2026-06-29 00:14:49 UTC |
| Profile Built | 2026-06-29 06:18:11 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.