51.222.95.68
# IP INTELLIGENCE BRIEFING: 51.222.95.68/32
Date: Analysis completed June 2026
Classification: MODERATE RISK / HIGH ABUSE SUBNET
Provider: OVH SAS (AS16276)
---
## EXECUTIVE SUMMARY
IP 51.222.95.68 is a cloud hosting infrastructure address registered to OVH-CUST-281059689 (Dmytro, Ahrefs Pte Ltd). The IP presents moderate risk (score 40) but operates within a subnet exhibiting high abuse density (0.7266). Geolocation data shows conflicting signals with RTT anomalies, and the IP is listed on 1 DNSBL feed. The address hosts no open services and appears firewalled.
---
## TECHNICAL PROFILE
Ownership & Classification:
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 51.222.95.0/24
- Infrastructure Type: CloudCompute / Hosting
- Route Stability: Unstable (route changes observed)
Geolocation Discrepancies:
- Reported Countries: CA (Canada) / Singapore
- RTT Violation: Observed RTT 26ms < minimum possible 112ms for 5,598km distance
- Resolution Count: 5 probes, geo-plausibility: false
Network Services:
- Open Ports: None detected (firewalled)
- DNS PTR: proxy-ca010-san68.ahrefs.net
- Forward Resolution: Unconfirmed
- TLS/HTTP: No services exposed
---
## THREAT INDICATORS
Risk Metrics:
- Overall Risk Score: 40 (Moderate)
- Provider Score: 0
- Authority Score: 0
- DNSBL Listings: 1 of 8 total lists
- Abuse Confidence Score: Not reported
Control Plane:
- Route Stability: False
- DNSSEC: Valid
- RPKI State: Not reported
- IRR Consistency: Not reported
Temporal Indicators:
- Threat Observation Count: 1
- Is Persistently Malicious: False
- Ownership Changes: 0
---
## SUBNET ANALYSIS (51.222.95.0/24)
Abuse Density Metrics:
- Abuse Density: 0.7266 (High)
- Subnet Classification: high_abuse
- Inherited Risk Score: 29
- Total Siblings: 256
- Active Siblings: 232 (90.6% utilization)
- Threat Siblings: 186 (74.2% of active IPs)
Risk Distribution:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
---
## OBSERVATION HISTORY
Recent Signal Activity (June 2026):
- 20 total observations recorded
- 2026-06-18: Multiple threat-related signals detected
- AlienVault OTX: Threat indicators present
- Operator Score: 0.2174 (Minimal)
- DNSSEC and CAA records present
- 2026-06-14: Port scanning activity observed
- Multiple ports scanned
- No service banners captured
Temporal Pattern:
- Single threat observation event
- No persistent malicious behavior detected
---
## RELATIONSHIP GRAPH
Identified Relationships (42 total):
- Primary Network: OVH-CUST-281059689 (repeated multiple times)
- No certificate matches or campaign correlations detected
- No correlated IPs identified in relationship graph
---
## RECOMMENDED ACTIONS
Immediate Mitigation:
1. Block at Perimeter:
```bash
# iptables
iptables -A INPUT -s 51.222.95.68 -j DROP
```
```bash
# nftables
nft add rule inet filter input ip saddr 51.222.95.68 drop
```
```nginx
# nginx
deny 51.222.95.68;
```
2. Subnet-Level Consideration:
- Given 74.2% of active subnet IPs flagged as threats, consider blocking entire /24 if risk tolerance permits
- Inherited risk score of 29 suggests elevated threat likelihood in this subnet
3. Monitoring:
- Monitor for port scanning or service enumeration attempts
- Track DNS query patterns for ahrefs.net subdomains
- Watch for changes in geolocation signals
---
## INTELLIGENCE ASSESSMENT
This IP operates within a high-abuse OVH hosting subnet where 186 of 232 active IPs are flagged as threats. The conflicting geolocation data and RTT anomalies suggest potential spoofing or proxy usage. Despite no open services, the presence on DNSBL feeds and proximity to known malicious activity warrant defensive blocking. The IP is likely associated with hosting infrastructure rather than direct command-and-control or C2 operations.
Threat Level: MODERATE
Action Required: BLOCK
Confidence: 75%
---
*Analysis generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059689 |
| CIDR Block | 51.222.95.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca010-san68.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca010-san68.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 07:10:31 UTC |
| Profile Built | 2026-06-28 01:16:27 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.