# IPDEBRIEF INTELLIGENCE BRIEFING
Subject: 51.222.95.204/32
Classification: Moderate Risk โ Cloud Infrastructure
Date: 2026-06-20
---
## EXECUTIVE SUMMARY
IP 51.222.95.204 is a cloud compute endpoint associated with OVH SAS (ASN 16276) under the organization Dmytro, Ahrefs Pte Ltd. The address exhibits moderate risk characteristics (score: 40) with no active threat indicators but operates within a high-abuse density subnet (51.222.95.0/24). Recommended action: Monitor or block based on context.
---
## INFRASTRUCTURE PROFILE
- IP: 51.222.95.204
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH SAS)
- CIDR Block: 51.222.95.0/24
- Network Type: Cloud Compute (OVH hosting infrastructure)
- Service Status: Firewall/no services detected on this IP
- Reverse DNS: proxy-ca010-san204.ahrefs.net
- Forward Resolution: Not confirmed
---
## THREAT ASSESSMENT
| Indicator | Status |
|---|---|
| Risk Score | 40 / 100 (Moderate) |
| Known Attacker | No |
| Tor Exit Node | No |
| Spam Source | No |
| Active Campaigns | None |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Threat Persistence | 0 days |
---
## GEOLOCATION DISCREPANCY
โ ๏ธ ANOMALY DETECTED: Geolocation data shows conflicting indicators.
- Reported Country: Canada (CA)
- Reported City: Singapore
- Distance Violation: 5,598 km reported distance with 26ms RTT (minimum expected: 112ms)
- Assessment: RTT measurement indicates geolocation spoofing or data inconsistency. Source validation recommended.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 51.222.95.0/24
- Abuse Density: 0.7383 (High abuse classification)
- Total Siblings: 256
- Active Siblings: 234
- Threat Siblings: 189
- Inherited Risk: 29
Neighborhood exhibits elevated abuse activity with 189 of 256 IPs flagged as threats. This IP inherits moderate risk from subnet context.
---
## OBSERVATION HISTORY
- Total Observations: 23 signals
- Recent Activity: 2026-06-20
- Signal Types: DNS resolution, ASN attribution, operator score, profile assessment
- Persistence: No persistent malicious behavior detected
---
## RELATIONSHIP GRAPH
- Total Relationships: 45
- Primary Associations: Same Network (OVH-CUST-281059689)
- Network Stability: Route stable, BGP prefix 51.222.0.0/16
---
## RECOMMENDED ACTIONS
Risk Score: 40 โ Context-dependent blocking advised.
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 51.222.95.204 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.222.95.204 drop
# nginx
deny 51.222.95.204;
# AWS WAF
Addresses: ["51.222.95.204/32"]
Description: IPDebrief risk 40
```
SOC Guidance:
- Block if this IP appears in malicious activity context
- Monitor for lateral movement within the /24 subnet
- No immediate threat indicators present
- Consider geolocation discrepancy in incident correlation
---
## INTELLIGENCE NOTES
This IP operates within OVH's cloud infrastructure, specifically associated with Ahrefs services. The high neighborhood abuse density suggests potential for compromised or misconfigured endpoints in the subnet. The geolocation anomaly warrants inclusion in geolocation validation workflows. No active malicious campaigns or known attacker signatures detected.
Confidence Level: Medium (based on historical signals and network classification)
Last Updated: 2026-06-20
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san204.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san204.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 12 | 18 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 18:30:42 UTC |
| Last Seen | 2026-06-28 22:56:42 UTC |
| Profile Built | 2026-06-29 17:00:47 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 28 |
Full dossier details are available via our API.