92.222.108.99
# IP Intelligence Briefing: 92.222.108.99/32
Classification: Moderate Risk | Risk Score: 40/100
Reporting Time: Current | Data Sources: IPDebrief Intelligence Platform
---
## Executive Summary
IP 92.222.108.99 is a cloud-hosted infrastructure endpoint operated by OVH SAS (ASN 16276) from Paris, France. The IP demonstrates moderate risk characteristics with no currently detected active threat indicators. However, it resides within a high-abuse-density subnet (92.222.108.0/24) with 77.4% abuse density, where 24 of 31 active sibling IPs are flagged as threats. No services are currently open on the target IP.
---
## Technical Profile
Network Classification:
- Provider: OVH (Cloud Compute Infrastructure)
- ASN: AS16276
- CIDR Block: 92.222.0.0/16
- Infrastructure Type: Cloud Hosting
Geolocation:
- Country: France (FR)
- Region: Île-de-France (IDF)
- City: Paris
- Accuracy Radius: 500 km
- Validation: Plausible (confirmed via RTT analysis)
DNS Resolution:
- PTR Hostname: proxy-fr002-san99.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Unconfirmed
- DNSSEC: Valid
- DNSBL Lists: 1 listing (8 total lists monitored)
Service Exposure:
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Connection Type: Firewalled / No Services
---
## Neighborhood Analysis
Subnet 92.222.108.0/24 exhibits elevated threat characteristics:
| Metric | Value |
|---|---|
| Total Siblings | 31 |
| Active Siblings | 27 |
| Threat Siblings | 24 |
| Abuse Density | 0.7742 (High) |
| Inherited Risk | 30 |
Neighbor Risk Distribution: 30 medium-risk IPs identified, with risk scores ranging from 40-50. No high-risk neighbors detected in immediate vicinity.
---
## Relationship Graph
The IP maintains associations with:
- Network: OVH_282114227 (multiple relationship entries)
- No external hostnames, organizations, or certificate associations identified
- Same network relationships dominate the relationship graph (47 total entries)
---
## Observation History
Total Observations: 24 signals recorded over monitoring period
Key Historical Signals:
- 2026-06-20: Operator score 0.2174, DNSSEC validation active, minimal control plane activity
- 2026-06-15: Geolocation confirmed to Paris (avg RTT: 95.8ms, min RTT: 90ms, distance: 500.2km), subnet abuse density classified as "high_abuse"
- Threat Persistence: 0 days (not persistently malicious)
Temporal Stability:
- Ownership Changes: 0
- Threat Observation Count: 1
- Route Changes (30d): 0
- Route Stability: False
---
## Threat Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- Known Campaigns: None
- Campaign Likelihood: None
---
## Recommended Security Actions
Firewall Blocking Rules:
```bash
# iptables
iptables -A INPUT -s 92.222.108.99 -j DROP
# nftables
nft add rule inet filter input ip saddr 92.222.108.99 drop
# nginx
deny 92.222.108.99;
# pfSense
92.222.108.99/32
```
Cloud WAF Recommendations:
- Cloudflare WAF: Block IP with expression `ip.src eq 92.222.108.99`
- AWS WAF: Add to block list with CIDR `92.222.108.99/32`
---
## Intelligence Assessment
Threat Posture: MODERATE
The target IP exhibits characteristics consistent with cloud-based infrastructure hosting. While no active malicious activity is currently detected, the subnet's high abuse density warrants monitoring. The IP is associated with ahrefs.net domain infrastructure, suggesting legitimate web presence, but the subnet-level threat context increases risk of compromise or misuse.
Priority: LOW-MEDIUM
Recommended Action: Monitor subnet traffic patterns; consider blocking at perimeter if inbound threats observed. No immediate block required absent specific threat correlation.
---
Data Source: IPDebrief Intelligence Platform
Confidence Level: Medium (24 historical observations)
Analysis Complete: [Current Time]
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr002-san99.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr002-san99.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 17:49:14 UTC |
| Last Seen | 2026-06-28 12:30:11 UTC |
| Profile Built | 2026-06-29 06:34:20 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.