# IP INTELLIGENCE BRIEFING: 51.222.95.182
Classification: Moderate Risk | Provider: OVH SAS | Risk Score: 40/100
Date: Current Analysis | Data Source: IPDebrief Intelligence Platform
---
## EXECUTIVE SUMMARY
IP 51.222.95.182 operates within a high-abuse density subnet (51.222.95.0/24) hosted by OVH cloud infrastructure. The IP presents moderate risk (score 40) with mixed reputation signals. No active threat indicators detected, but geolocation inconsistencies and DNSBL listings warrant monitoring. The subnet shows elevated abuse activity with 72.66% abuse density and 186 of 256 sibling IPs flagged as threats.
---
## OWNERSHIP & INFRASTRUCTURE
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network: OVH-CUST-281059689
- Infrastructure Type: CloudCompute / Hosting
- Registration: ARIN (RIR)
The IP is provisioned within OVH's cloud hosting environment, not as a provider network. DNS resolution points to proxy-ca010-san182.ahrefs.net, indicating association with the ahrefs.net domain.
---
## GEOLOCATION ANALYSIS
Consensus Location: Singapore, QC, CA
Geolocation Validity: INVALID
- Geolocation shows Singapore but country code reports CA (Canada)
- RTT validation failure: 27ms observed vs 112ms minimum possible for 5,598km distance
- 5 probe attempts confirmed geolocation discrepancy
- Accuracy radius: 3,000km indicates significant confidence issues
This geolocation inconsistency suggests potential misattribution or proxy usage.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| IsTorExit | No |
| IsKnownAttacker | No |
| IsSpamSource | No |
| Blacklist Count | 0 |
| Known Campaigns | None |
DNSBL Status: Listed on 1 of 8 blacklist sources (partial listing detected)
No active threat feed matches or campaign correlations identified.
---
## NETWORK BEHAVIOR
- Open Ports: None detected
- Service Banner: No services responding
- HTTP Title: None
- TLS Certificate: None
- Connection State: Firewalled / No Services
The IP presents as a firewalled host with no active services, consistent with cloud infrastructure usage.
---
## SUBNET ANALYSIS (51.222.95.0/24)
- Abuse Density: 72.66% (HIGH ABUSE)
- Classification: High Abuse
- Inherited Risk Score: 29
- Total Siblings: 256
- Active Siblings: 232
- Threat Siblings: 186 (72.3% of active addresses)
- Risk Distribution: 100 medium risk, 0 high, 0 low
The /24 subnet exhibits elevated abuse patterns. Neighbor analysis sampled 100 addresses, all showing medium risk scores (40) with authority scores of 50, indicating systematic abuse potential.
---
## OBSERVATION HISTORY
Total Observations: 25
Recent signal history (June 2026) shows consistent risk signals:
- Routing signals: Confidence 24-60%
- Ownership signals: Confidence 24-60%
- Reputation signals: Confidence 60%
- Operator score: 0.2174 (Minimal)
- Threat persistence: 0 days
No clear escalation pattern detected in observation history.
---
## RELATIONSHIP GRAPH
56 relationships identified, primarily:
- Same Network: OVH-CUST-281059689 (repeated associations)
Relationships indicate the IP is part of the broader OVH customer infrastructure with multiple related network associations.
---
## RECOMMENDED ACTIONS
Immediate Recommendations:
1. Block at perimeter firewalls โ Risk score 40 with high-abuse subnet association
2. Monitor DNSBL activity โ IP listed on 1 of 8 blacklist sources
3. Validate geolocation claims โ Significant inconsistencies require investigation
4. Subnet-level monitoring โ Consider blocking or rate-limiting entire 51.222.95.0/24 subnet
Firewall Rules (Ready for Deployment):
iptables: `iptables -A INPUT -s 51.222.95.182 -j DROP`
nftables: `nft add rule inet filter input ip saddr 51.222.95.182 drop`
nginx: `deny 51.222.95.182;`
Cloudflare WAF: Block with expression `ip.src eq 51.222.95.182`
AWS WAF: Add to IP set 51.222.95.182/32 with description "IPDebrief risk 40"
---
## THREAT ASSESSMENT
Risk Level: MODERATE (40/100)
Key Risk Factors:
- High-abuse subnet density (72.66%)
- Geolocation inconsistencies
- DNSBL partial listing
- Cloud hosting with no active services
Mitigating Factors:
- No active threat indicators
- No known campaigns
- Moderate risk score (not high-risk tier)
- No blacklist hits
Recommended Action: Monitor with blocking recommended for high-security environments. The subnet-level abuse density suggests this may be part of compromised infrastructure, though individual threat indicators remain absent.
---
Intelligence Report Generated: IPDebrief Platform
Data Currency: Real-time analysis
Analyst Notes: No evidence of persistent malicious activity, but subnet characteristics warrant continued monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san182.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san182.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 07:05:40 UTC |
| Profile Built | 2026-06-28 01:13:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.