51.68.247.222
IP Intelligence Briefing: 51.68.247.222
Date: 2026-06-06
---
**Key Risk Indicators**
- Risk Score: Moderate (50/100)
- Threat Observations: Listed in 8 threat intelligence sources (high severity) as of June 6, 2026.
- Network Subnet: 51.68.247.222/24, with 23/32 IPs flagged as threats (abuse density: 71.88%).
- Hosting Provider: OVH, associated with Ahrefs Pte Ltd (France).
---
**Geolocation & Ownership**
- Country: France (FR)
- ASN: 16276 (Ahrefs Pte Ltd)
- Network Role: Hosting infrastructure (OVH-managed).
- DNS: Linked to `proxy-fr003-san222.ahrefs.net` (Ahrefs subdomain).
---
**Threat Observations**
- Recent Activity:
- Flagged in 8 threat feeds (June 6, 2026), including DNSBL listings.
- No direct malware or attack indicators detected, but high-risk association with abusive subnets.
- Historical Trends:
- First observed in late May 2026; no prior malicious activity noted.
- Subnet abuse density has increased over the past 30 days.
---
**Network Relationships**
- Subnet Peers:
- 10 active IPs in the 51.68.247.0/24 subnet.
- 23 IPs flagged as threats (high abuse density).
- Shared Infrastructure:
- Connected to OVH network (ASN 16276).
- Potential for lateral movement or shared hosting compromises.
---
**Recommended Actions**
1. Monitor Traffic:
- Investigate traffic patterns between this IP and neighboring IPs in the 51.68.247.0/24 subnet.
- Check for DNS tunneling or C2 activity using the associated Ahrefs subdomain.
2. Blocklist Consideration:
- Add to internal blocklists due to high abuse density in the subnet.
3. Subnet Analysis:
- Prioritize monitoring of other IPs in the 51.68.247.0/24 range, as 72% are flagged as threats.
4. Verify Ownership:
- Confirm Ahrefs' compliance with hosting security standards, given the IP's association with a known threat feed.
---
Conclusion:
This IP is part of a high-risk subnet with significant abuse activity. While no direct malicious activity is observed, its association with threat feeds and hosting infrastructure warrants close monitoring. SOC teams should prioritize subnet-level analysis and consider mitigating risks within the OVH network.
Source: IPDebrief Threat Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr003-san222.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr003-san222.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:38:43 UTC |
| Last Seen | 2026-06-27 22:56:13 UTC |
| Profile Built | 2026-06-28 17:02:49 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.