51.222.95.152
IP Intelligence Briefing: 51.222.95.152
*Generated using IPDebrief threat intelligence tools*
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Provider: OVH (AS16276)
- Organization: Ahrefs Pte Ltd (OVH-CUST-281059689)
- Geolocation:
- Country: Canada (CA)
- City: Singapore (geolocation inconsistency noted)
- Accuracy Radius: 3000 km
- RTT Anomaly: 25ms observed vs. expected minimum 112ms for 5598km distance (potential misconfiguration or proxy).
- Network Role: CloudCompute (OVH infrastructure, no residential/mobile traffic).
- DNS:
- PTR hostname: `proxy-ca010-san152.ahrefs.net`
- Domain: `ahrefs.net` (no email auth records detected).
---
**2. Threat Indicators**
- No Malicious Activity: Zero threat indicators, abuse confidence score, or blacklist entries.
- Subnet Analysis:
- Subnet: `51.222.95.152/24`
- Abuse Density: 0.5 (moderate risk in sibling IPs).
- Threat Siblings: 125/250 IPs in subnet show risk.
- Inherited Risk: 20 (linked to higher-risk subnets).
---
**3. Observation History**
- Last 30 Days:
- Stable network role (CloudCompute).
- Geolocation anomalies persist (RTT vs. distance mismatch).
- No changes in threat signals or DNS resolution.
---
**4. Relationships**
- Linked Entities:
- Network: OVH-CUST-281059689 (same provider).
- Domain: `ahrefs.net` (no malicious certificates or banners).
- Subnet Neighbors: 100 IPs in `51.222.95.152/24` (mix of low/medium risk).
---
**5. Recommendations**
- Monitor Subnet: Track neighboring IPs with medium risk (e.g., `51.222.95.1`, `51.222.95.4`).
- Validate Geolocation: Investigate RTT anomalies; consider proxy or misconfigured routing.
- Check Domain Activity: Monitor `ahrefs.net` for unexpected DNS changes or new subdomains.
- Firewall Rules: Allow traffic based on OVH infrastructure patterns (no blocking required).
---
Conclusion: 51.222.95.152 is a low-risk cloud instance operated by OVH on behalf of Ahrefs. While no direct threats are detected, the subnetβs moderate abuse density and geolocation anomalies warrant ongoing monitoring. No immediate action required.
*Data sourced from IPDebrief threat intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca010-san152.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san152.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 07:03:29 UTC |
| Profile Built | 2026-06-28 07:09:59 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
Full dossier details are available via our API.