92.222.108.105
# INTELLIGENCE BRIEFING: 92.222.108.105
## Executive Summary
IP address 92.222.108.105 presents a MODERATE RISK profile (Risk Score: 50) operating within a high-abuse density subnet (92.222.108.0/24). The address is associated with OVH cloud infrastructure in Paris, France, and resolves to an Ahrefs-hosted proxy hostname. No active threat indicators were detected for this specific IP, but the subnet exhibits elevated abuse characteristics requiring defensive monitoring.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **IP Address** | 92.222.108.105/32 |
| **Risk Score** | 50 (Moderate Risk) |
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ISP/Provider** | OVH |
| **Geolocation** | Paris, France (FR) |
| **Infrastructure Type** | CloudCompute (Hosted) |
| **DNS PTR** | proxy-fr002-san105.ahrefs.net |
| **DNS Domain** | ahrefs.net |
| **Network Role** | Hosting/Cloud |
---
## Threat Assessment
Active Threat Indicators: None detected
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None matched
- DNSBL Listings: 2 of 8 lists
Risk Mitigating Factors:
- Operator score rated "Minimal" (0.2174)
- No service banners or open ports detected
- Forward DNS resolution confirmed
- DNSSEC valid with CAA records present
---
## Network Environment Analysis
Subnet: 92.222.108.0/24
- Abuse Density: 0.7742 (High)
- Classification: High Abuse
- Total Sibling IPs: 31
- Active Sibling IPs: 27
- Threat Sibling IPs: 24
- Inherited Risk Score: 30
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 30
- Low Risk: 0
All 30 sampled neighboring IPs exhibit risk scores of 40-50, indicating consistent medium-risk classification across the subnet. This suggests the subnet is actively used for hosting services, potentially with varying levels of legitimate and potentially compromised endpoints.
---
## Historical Trend Analysis
Observation Period: 2026-06-15 to 2026-06-20
- Total Observations: 23
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
- Route Stability: False (routing changes detected)
Signal Trends:
- Operator scores remained consistently "Minimal" (0.2174) across all observations
- Subnet abuse density signals maintained "high_abuse" classification
- No degradation or escalation of threat signals observed
- Stability remains low due to route instability
---
## Relationship Graph
Total Relationships: 44
- Network Relationships: 39+ entries pointing to OVH_282114227
- All relationships indicate same-network association within OVH infrastructure
- No direct links to organizations, hostnames, or certificates beyond network-level associations
---
## Defensive Recommendations
Recommended Actions:
1. Block at perimeter if traffic patterns indicate suspicious behavior
2. Monitor subnet 92.222.108.0/24 for elevated activity given high abuse density
3. Implement rate limiting for the /24 subnet rather than individual IP blocking
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 92.222.108.105 -j DROP
# nftables
nft add rule inet filter input ip saddr 92.222.108.105 drop
# Cloudflare WAF
{"description":"Block 92.222.108.105 โ IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 92.222.108.105"}}
# AWS WAF
{"Addresses":["92.222.108.105/32"],"Description":"IPDebrief risk 50"}
```
---
## Operational Context
This IP is part of a shared cloud infrastructure environment. The PTR hostname (proxy-fr002-san105.ahrefs.net) suggests legitimate hosting use, likely related to SEO or web analytics services provided by Ahrefs. However, the high-abuse subnet classification indicates the IP space is frequently associated with security incidents.
Assessment: Monitor rather than block immediately. The moderate risk score combined with cloud hosting context suggests this may be legitimate traffic. Implement logging and behavioral analysis to identify if specific sessions exhibit malicious patterns before applying blocking measures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr002-san105.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr002-san105.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 22:14:07 UTC |
| Last Seen | 2026-06-28 12:50:39 UTC |
| Profile Built | 2026-06-29 06:56:26 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.