51.222.95.154
# INTELLIGENCE BRIEFING: 51.222.95.154/32
## EXECUTIVE SUMMARY
IP 51.222.95.154 is a cloud compute endpoint hosted on OVH infrastructure with a moderate risk score of 40. The IP resolves to Ahrefs-related domains and exhibits geographic inconsistencies. While no active threat indicators are present, the parent subnet (51.222.95.0/24) demonstrates high abuse density with 141 identified threat siblings.
---
## OWNERSHIP & INFRASTRUCTURE
- Network Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 51.222.95.0/24
- Infrastructure Type: Cloud Compute / Hosting
- DNS PTR Hostnames: proxy-ca010-san154.ahrefs.net
- Forward Resolution: proxy-ca010-san154.ahrefs.net
## GEOLOCATION ANALYSIS
- Reported Location: Canada (QC) / Singapore
- Geographic Validation: INVALID
- Measured Distance: 5,597.9 km
- Minimum Possible RTT: 112.0 ms
- Observed RTT: 27.0 ms
- VIOLATION: RTT 27.0ms < minimum possible 112.0ms for 5598km distance
- Control Plane: BGP prefix 51.222.0.0/16, route stability flags indicate false
## THREAT INDICATORS
- Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not calculated
- Known Attacker: False
- Spam Source: False
- Tor Exit: False
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None detected
- Threat Persistence: 0 days
## NETWORK BEHAVIOR
- Service Status: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: None
- Infrastructure Classification: Cloud hosting environment
## SUBNET ANALYSIS (51.222.95.0/24)
- Total Siblings: 256
- Active Siblings: 237
- Threat Siblings: 141
- Abuse Density: 0.5508 (High Abuse Classification)
- Inherited Risk: 22
- Neighbor Risk Distribution: 100 medium-risk IPs (0 high, 0 low)
- Sample Neighbor Risk Scores: 40-50 range across subnet
## OBSERVATION HISTORY
- Total Observations: 23
- Recent Activity: DNS resolution signals (ahrefs.net), geolocation probes
- Threat Observation Count: 1
- Is Persistently Malicious: False
## RELATIONSHIP GRAPH
- Total Relationships: 66
- Primary Associations: Multiple "Same Network" relationships to OVH-CUST-281059689
- No correlated campaign IPs or certificates identified
---
## RECOMMENDED ACTIONS
Firewall Rules (Block)
iptables:
```
iptables -A INPUT -s 51.222.95.154 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 51.222.95.154 drop
```
nginx:
```
deny 51.222.95.154;
```
pfSense:
```
51.222.95.154/32
```
Cloudflare WAF:
```json
{
"description": "Block 51.222.95.154 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 51.222.95.154"
}
}
```
AWS WAF:
```json
{
"Addresses": ["51.222.95.154/32"],
"Description": "IPDebrief risk 40"
}
```
---
## ANALYST NOTES
1. Geographic Inconsistency: The IP's reported location shows significant validation errors. This may indicate misconfigured DNS or spoofed geolocation data.
2. Subnet Context: The parent /24 subnet shows elevated abuse density (141 threat siblings). Consider evaluating additional IPs in the 51.222.95.0/24 range for similar patterns.
3. Ahrefs Association: DNS resolution to ahrefs.net suggests the IP may be part of web infrastructure for Ahrefs services. Legitimate traffic from this network should be expected in normal operations.
4. No Active Threats: Current profile shows no active threat indicators or campaign associations. Blocking recommendation is based on moderate risk score and subnet abuse density rather than confirmed malicious activity.
5. Recommendation: Implement monitoring rather than immediate blocking. The moderate risk score (40) combined with the subnet's abuse density warrants continued observation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san154.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san154.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 22:11:21 UTC |
| Last Seen | 2026-06-27 16:43:56 UTC |
| Profile Built | 2026-06-28 10:49:56 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.