51.89.129.107
Threat Intelligence Briefing: IP 51.89.129.107/32
Overview
- Risk Profile: Low risk (25/100) with no malicious indicators.
- Ownership: Registered to Ahrefs Pte Ltd (ASN 16276) under OVH.
- Geolocation: London, England, UK (plausible, 750km accuracy radius).
- Network Role: Hosting infrastructure (OVH), no CDN/VPN/proxy flags.
- DNS: Linked to `proxy-uk008-san107.ahrefs.net` (PTR record).
Observation History
- Recent Activity (30 days):
- Stable network role (no changes).
- Geolocation consistency with London, UK.
- No spikes in threat signals or scan activity.
- Threat Indicators: Zero malicious activity, no blacklist listings, no known campaigns.
Relationships
- Network: Part of OVH subnet 51.89.0.0/16, shared with 256 IPs.
- DNS: Directly tied to ahrefs.net (CAA records present).
- Subnet: Mixed-risk /24 subnet (19 medium-risk, 81 low-risk siblings).
Neighborhood Analysis
- Subnet: 51.89.129.107/24, abuse density 0.46 (moderate risk).
- Neighbors: 100 IPs in subnet, 19 flagged as medium-risk.
- Inherited Risk: 18/100 (low), but subnet activity warrants monitoring.
Actionable Insights
1. Monitor Subnet: The /24 subnet has mixed risk; investigate neighbors for anomalies.
2. Verify DNS: Confirm `proxy-uk008-san107.ahrefs.net` is legitimate, as itβs a critical link.
3. Firewall Rules: No immediate restrictions needed, but consider rate-limiting if unusual traffic emerges.
4. Contextualize: Ahrefs is a legitimate hosting provider, but proxy IPs may mask trafficβmonitor for unexpected behavior.
Conclusion
This IP is part of a legitimate hosting infrastructure with no direct malicious activity. However, its association with a proxy and the subnetβs moderate abuse density suggest vigilance. SOC teams should focus on monitoring the subnet for lateral movements or unexpected traffic patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk008-san107.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san107.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 09:25:05 UTC |
| Last Seen | 2026-06-28 07:16:08 UTC |
| Profile Built | 2026-06-29 01:22:03 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.