51.222.95.172
## IP Intelligence Briefing: 51.222.95.172/32
Classification: MODERATE RISK WITH HIGH-ABUSE SUBNET CONTEXT
Date: Current intelligence cycle
Provider: OVH SAS (AS16276)
---
Executive Summary
IP address 51.222.95.172 operates within OVH cloud infrastructure under network OVH-CUST-281059689, associated with organization Dmytro, Ahrefs Pte Ltd. The IP presents moderate risk (score: 40) but resides within a high-abuse density subnet (51.222.95.0/24), containing 186 threat-sibling IPs out of 256 total addresses. The target resolves to aforementioned ahrefs.net hostname (proxy-ca010-san172.ahrefs.net) but lacks open service ports, presenting as a firewalled/cloud-hosting resource.
---
Network and Ownership Profile
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: AS16276 (OVH SAS)
- CIDR Block: 51.222.95.0/24
- Infrastructure Type: CloudCompute (OVH hosting)
- PTR Hostname: proxy-ca010-san172.ahrefs.net
- DNS Classification: Forward confirmed, valid DNSSEC, CAA records present
---
Threat Indicators
- Risk Score: 40 (Moderate)
- Abuse Confidence: Not explicitly scored; listed on 1 DNSBL of 8 total
- Threat Classification: Not flagged as Tor exit, known attacker, spam source, or proxy
- Known Campaigns: None identified
- Blacklist Status: Single DNSBL listing
---
Subnet Context (51.222.95.0/24)
- Abuse Density: 0.7266 (High abuse classification)
- Threat Siblings: 186 IPs with observed abuse activity
- Active Siblings: 232 IPs currently generating traffic
- Neighboring Risk Distribution: 100 medium-risk IPs, 0 high-risk IPs observed in sample
- Inherited Risk: 29 (subnet-level risk assessment)
---
Geolocation Validation
Geolocation data shows inconsistencies requiring analyst attention:
- Reported Location: Canada (QC region)
- Observed Location: Singapore
- RTT Validation: 22ms average RTT recorded against 5,598km claimed distance; minimum possible RTT for that distance is 112ms
- Conclusion: Geolocation data unreliable; physical location may not match reported coordinates
---
Historical Observations
Signal history indicates 23 observations over recent monitoring period:
- Operator score: 0.2174 (Minimal)
- Subnet abuse density consistently observed at 0.7266
- ASN AS16276 OVH SAS confirmed across multiple observations
- No persistent malicious behavior detected (threatPersistenceDays: 0)
- Ownership stability maintained (0 ownership changes)
---
Recommended Actions
Based on risk profile and subnet abuse context, defensive measures recommended:
| Platform | Configuration |
|---|---|
| iptables | `iptables -A INPUT -s 51.222.95.172 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 51.222.95.172 drop` |
| nginx | `deny 51.222.95.172;` |
| pfSense | `51.222.95.172/32` (block rule) |
| Cloudflare WAF | Block with filter expression: `ip.src eq 51.222.95.172` |
| AWS WAF | Address: `51.222.95.172/32` |
Note: These rules are probabilistic recommendations. Correlate with local threat intelligence and business context before deployment.
---
Intelligence Narrative
This IP represents a cloud-hosted infrastructure component within OVH's enterprise network, associated with Ahrefs Pte Ltd. While the individual IP lacks direct malicious indicators, its placement within a high-abuse subnet (0.7266 density) necessitates heightened scrutiny. The geolocation inconsistencies suggest potential for spoofed location data or complex routing configurations common in cloud environments. The absence of open ports indicates the IP may serve as a backend or management address rather than a public-facing service endpoint.
SOC analysts should monitor this IP for anomalous traffic patterns, especially given the subnet's elevated abuse density. Consider implementing subnet-level monitoring (51.222.95.0/24) to capture correlated activity from the 186 threat-sibling IPs. The ahrefs.net domain association warrants review for potential reputation implications if this IP appears in security logs.
---
Report Generated: Current cycle
Data Source: IPDebrief Intelligence Platform
Classification: Unrestricted - SOC Use
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san172.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san172.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 07:04:39 UTC |
| Profile Built | 2026-06-28 01:10:50 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.