51.222.95.251
# IP INTELLIGENCE BRIEFING
Target: 51.222.95.251/32
Date: 2026-06-20
Classification: Moderate Risk - Cloud Infrastructure
---
## EXECUTIVE SUMMARY
IP 51.222.95.251 presents a moderate-risk profile (risk score: 40/100) operating within an OVH Cloud hosting infrastructure. The IP resolves to ahrefs.net and demonstrates geographic inconsistencies between registered data (Canada) and geolocation signals. The subnet exhibits elevated abuse density (0.7344), requiring enhanced monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | OVH-CUST-281059689 (Dmytro, Ahrefs Pte Ltd) |
| Provider | OVH (Cloud Compute/Hosting) |
| CIDR Block | 51.222.95.0/24 |
| Infrastructure Type | Cloud Hosting |
| Connection Type | Firewalled / No Services |
The IP is assigned to OVH cloud infrastructure. The hostname `proxy-ca010-san251.ahrefs.net` indicates association with the SEO analytics platform ahrefs.net, though no active web services are detected on this specific address.
---
## GEOLOCATION ANALYSIS
Registered Location: Canada (CA)
Reported City: Singapore (data inconsistency noted)
Accuracy Radius: 3,000 km
GeoConsensus: True (1 source)
Geographic data shows significant variance with a 3,000 km accuracy radius, suggesting either misconfigured geolocation databases or actual deployment across multiple regions. The large error margin warrants cautious interpretation.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Risk Score | 40 (Moderate) |
| Abuse Confidence | Not scored |
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Proxy Service | No |
| DNSBL Listings | 1 of 8 total lists |
| Blacklist Count | 0 |
Observation History:
- 20 total signal observations recorded
- Recent abuse density signals: 0.7344 (high_abuse classification)
- Inherited risk from subnet: 29/100
- Threat persistence: Single observation (0 threat observation days)
- No persistent malicious activity detected
---
## SUBNET CONTEXT (51.222.95.0/24)
| Metric | Value |
|---|---|
| Classification | high_abuse |
| Abuse Density | 0.7344 |
| Total Siblings | 256 |
| Active Siblings | 234 |
| Threat Siblings | 188 |
| Risk Distribution (Sampled) | 100 medium, 0 high, 0 low |
The /24 subnet demonstrates elevated abuse activity. Of 100 sampled neighbors, all showed medium risk scores (40-50), with no high-risk endpoints identified in the immediate neighborhood.
---
## NETWORK RELATIONSHIPS
- 50 relationship entries identified
- Primary relationship type: Same Network (OVH-CUST-281059689)
- No cross-organizational or certificate relationships detected
- No associated campaign indicators
---
## SERVICE & PORT ANALYSIS
- Open Ports: None detected
- TLS Certificate: Not applicable
- HTTP Title: Not applicable
- Server Banner: Not applicable
The IP presents as a firewalled endpoint with no active services exposed.
---
## RECOMMENDED ACTIONS
1. Monitor for Service Activation: IP shows no active services but should be monitored for port opens or service changes.
2. Subnet-Level Monitoring: Given the high abuse density (0.7344) of the /24 subnet, apply broader monitoring to adjacent IPs.
3. Geographic Verification: The Canada/Singapore geolocation inconsistency warrants additional validation before deployment in geo-restricted contexts.
4. DNSBL Review: Single DNSBL listing detected; verify specific listing and assess impact on reputation.
5. Standard Cloud Infrastructure Handling: Treat as legitimate cloud hosting with moderate risk profileβno immediate blocking required unless specific threat activity is observed.
---
Status: Active Monitoring Recommended
Confidence Level: Moderate
Last Updated: 2026-06-20
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca010-san251.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san251.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:57:58 UTC |
| Last Seen | 2026-06-28 14:26:45 UTC |
| Profile Built | 2026-06-29 02:30:37 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.