51.222.95.194
IP INTELLIGENCE BRIEFING: 51.222.95.194/32
Classification: Moderate Risk | Risk Score: 40/100
Date of Report: June 2026
---
EXECUTIVE SUMMARY
IP address 51.222.95.194 is an OVH cloud compute infrastructure endpoint associated with Ahrefs Pte Ltd (ASN 16276). The IP is classified as moderate risk but resides within a high-abuse density subnet (51.222.95.0/24) exhibiting 71.88% abuse density with 184 identified threat siblings. No active services or threat indicators were detected on the target IP.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH SAS)
- Network: OVH-CUST-281059689
- CIDR Block: 51.222.95.0/24
- Infrastructure Type: CloudCompute (Hosting Provider)
- RIR Registration: ARIN
DNS Resolution:
- PTR Hostname: proxy-ca010-san194.ahrefs.net
- Forward Resolution: proxy-ca010-san194.ahrefs.net
- Domain: ahrefs.net
---
GEOLOCATION ANALYSIS
- Reported Location: Singapore (QC, CA)
- Claimed Coordinates: 45.5075°N, -73.5887°W (Montreal area)
- Validation Status: FAILED
- Issue: RTT measurements (26ms avg) are inconsistent with claimed geolocation (5598km distance would require minimum 112ms RTT)
- Assessment: Geolocation data is implausible; actual location likely North American
---
THREAT PROFILE
- Risk Score: 40/100 (Moderate)
- Abuse Confidence Score: Not assessed
- Blacklist Count: 0/8 DNSBL lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None identified
- Open Services: None detected (Firewalled/No Services)
- TLS Certificate: Not present
Control Plane:
- BGP Prefix: 51.222.0.0/16
- Route Stability: Stable
- RPKI State: Not validated
- DNSSEC: Valid
---
NEIGHBORHOOD CONTEXT (51.222.95.0/24)
- Total Subnet Siblings: 256
- Active Siblings: 232
- Identified Threat Siblings: 184
- Abuse Density: 0.7188 (HIGH)
- Inherited Risk Score: 28
- Risk Distribution: 100% medium risk neighbors (40-50 risk scores)
Assessment: The /24 subnet demonstrates sustained high-abuse characteristics with 184 threat-associated endpoints. This contextual risk factor suggests the subnet may be utilized for coordinated malicious activity or compromised infrastructure.
---
OBSERVATION HISTORY
Total Observations: 23 signals
Key Historical Signals:
- June 15, 2026: Geolocation validation failure (RTT discrepancy)
- June 20, 2026: High abuse classification confirmed; operator score 0.4348
- Recent Patterns: Persistent cloud infrastructure classification; no ownership changes
Threat Persistence: 0 days observed (not persistently malicious)
---
RECOMMENDED ACTIONS
Based on risk profile and contextual subnet abuse density, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 51.222.95.194 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 51.222.95.194 drop
```
nginx:
```
deny 51.222.95.194;
```
Cloudflare WAF: Block with expression `ip.src eq 51.222.95.194`
AWS WAF: Add to IPSet with CIDR 51.222.95.194/32
Note: These recommendations are probabilistic and should be combined with additional threat signals before enforcement.
---
ANALYST NOTES
1. Contextual Risk: While the individual IP shows moderate risk (40), the high-abuse subnet context (72% abuse density, 184 threat siblings) suggests elevated contextual threat.
2. Geolocation Discrepancy: The reported Singapore location is inconsistent with network measurements; actual infrastructure is likely North American.
3. Infrastructure Classification: Confirmed cloud hosting environment with no active services detected.
4. Ahrefs Association: Legitimate association with Ahrefs Pte Ltd infrastructure; may represent legitimate service or compromised hosting customer endpoint.
Recommendation: Monitor for activity patterns. Consider blocking if traffic exhibits malicious characteristics (ports, payloads, scan behavior).
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san194.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san194.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 28% | 12 | 18 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 08:44:34 UTC |
| Last Seen | 2026-06-28 02:12:29 UTC |
| Profile Built | 2026-06-28 20:17:17 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 28 |
Full dossier details are available via our API.