92.222.104.217
# IP Intelligence Briefing: 92.222.104.217/32
Classification: Moderate Risk | Risk Score: 40/100 | Generated: 2026-06-14
---
## Executive Summary
IP address 92.222.104.217 is a cloud computing infrastructure endpoint operated by OVH, located in Paris, France. The IP is associated with Ahrefs Pte Ltd (ASN 16276) and resolves to hostname proxy-fr006-san217.ahrefs.net. The endpoint exhibits moderate risk characteristics with one DNSBL listing and no active open ports or services. The immediate /24 subnet demonstrates elevated abuse density with uniformly moderate-risk profiles across all peer addresses.
---
## Network Profile
| Attribute | Value |
|---|---|
| **Owner** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 (OVH) |
| **CIDR Block** | 92.222.0.0/16 |
| **Geolocation** | Paris, France (IDF) |
| **Infrastructure** | CloudCompute / Hosting |
| **DNS Resolution** | proxy-fr006-san217.ahrefs.net |
---
## Threat Assessment
Current Risk Score: 40/100 (Moderate)
Threat Indicators:
- DNSBL Listed: 1 of 8 total lists
- Abuse Confidence Score: Not calculated
- Known Campaigns: None detected
- Is Tor Exit/Attacker/Spam Source: No
- Open Ports/Services: None detected (firewalled/no services)
Operator Score: 0.2174 (Minimal)
---
## Subnet Analysis (92.222.104.0/24)
Abuse Density: High (0.9062)
| Metric | Value |
|---|---|
| Total Siblings | 32 |
| Active Siblings | 28 |
| Threat Siblings | 29 |
| Inherited Risk | 36/100 |
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 31
- Low Risk: 0
All 31 analyzed neighbors in the /24 subnet maintain risk scores between 40-50, indicating a consistently utilized OVH cloud infrastructure block with no outliers.
---
## Observation History
Total Observations: 23 signals
Recent Activity (2026-06-14):
- Geolocation signals confirm Paris, FR placement (500km accuracy radius)
- Operator scoring signals indicate minimal threat profile
- DNSBL listing detected with high severity classification
- Network classification consistently identifies as cloud hosting infrastructure
Temporal Indicators:
- Ownership Changes: 0 (stable)
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Threat Observation Count: 1
---
## Relationship Graph
Total Relationships: 68
Primary associations:
- Network: OVH_282114231 (repeated 68 times - indicates network-wide grouping)
- Organization: Ahrefs Pte Ltd (via ASN 16276)
- DNS: ahrefs.net domain ecosystem
The relationship graph shows strong network-level connectivity within OVH infrastructure without significant cross-organization or campaign-level associations.
---
## Recommended Actions
Immediate Mitigation:
Due to DNSBL listing and elevated subnet abuse density, the following controls are recommended:
Firewall Rules:
- iptables: `iptables -A INPUT -s 92.222.104.217 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 92.222.104.217 drop`
- nginx: `deny 92.222.104.217;`
- pfSense: `92.222.104.217/32`
- Cloudflare WAF: Block with filter expression `ip.src eq 92.222.104.217`
- AWS WAF: Address `92.222.104.217/32` with description "IPDebrief risk 40"
Extended Mitigation:
Consider implementing subnet-level blocking for 92.222.104.0/24 given the 0.9062 abuse density and uniform moderate-risk profiles across all sibling addresses.
---
## Intelligence Conclusions
1. Infrastructure Context: This is legitimate cloud hosting infrastructure associated with Ahrefs, but the subnet shows elevated abuse density typical of high-density cloud hosting providers.
2. Risk Profile: Moderate risk score of 40 with one DNSBL listing warrants defensive blocking in high-security environments.
3. Subnet Correlation: All 31 neighbors in the /24 subnet share similar risk profiles (40-50), suggesting systemic risk at the subnet level rather than isolated endpoint behavior.
4. Actionability: The empty recommendation list in the profile indicates no specific threat indicators were detected, but the DNSBL listing and subnet abuse density support defensive blocking decisions.
Recommendation: Implement firewall rules to drop traffic from 92.222.104.217. Consider broader subnet-level controls for 92.222.104.0/24 if threat context permits.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr006-san217.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr006-san217.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 17% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:42 UTC |
| Last Seen | 2026-06-27 09:39:00 UTC |
| Profile Built | 2026-06-28 03:44:35 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 31 |
Full dossier details are available via our API.