51.89.129.114
IP Intelligence Briefing: 51.89.129.114
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: OVH (ASN 16276)
- Organization: Ahrefs Pte Ltd (Singapore)
- Geolocation: London, England, UK (IP registered to a UK entity but managed by OVH)
- Network Role: Cloud Compute (OVH infrastructure, no residential/mobile indicators)
- Threat Indicators: No malicious activity detected (no spam, known attackers, or blacklists).
---
**2. Observation History**
- Latest Activity: June 1, 2026 (1 observation).
- Signal Consistency: Low confidence (0.21) in threat assessment.
- Temporal Trends: No persistent malicious behavior; single observation with minimal risk.
---
**3. Relationships & Dependencies**
- DNS Associations: Linked to `proxy-uk008-san114.ahrefs.net` (Ahrefs proxy hostname).
- Network Affiliation: Part of OVH network (ASN 16276), shared with 256 IPs in the 51.89.129.0/24 subnet.
- Subnet Risk: Abuse density of 46.48% (mixed classification). 119/256 IPs in subnet flagged as risky.
---
**4. Neighborhood Analysis**
- Subnet: 51.89.129.0/24
- Risk Distribution:
- 32 IPs with medium risk (score โฅ 50).
- 68 IPs with low risk.
- Notable Neighbors:
- 51.89.129.0/24 (OVH-managed, mixed risk).
- 51.89.129.114 (target IP) has minimal risk but resides in a subnet with elevated abuse density.
---
**5. Actions & Recommendations**
- Monitoring:
- Track traffic patterns in the 51.89.129.0/24 subnet for anomalies.
- Verify DNS associations with Ahrefs to ensure legitimacy.
- Security Posture:
- No immediate mitigation required for the IP itself, but subnet-level monitoring is advised.
- Consider blocking high-risk neighbors if they are unrelated to the organization.
---
Conclusion:
The IP 51.89.129.114 is associated with a legitimate cloud infrastructure (OVH) used by Ahrefs. While the IP itself shows no malicious activity, its subnet has a significant presence of risky IPs. SOC teams should monitor the subnet for lateral movement or compromise risks, and validate the Ahrefs proxy service to ensure it aligns with expected operational behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.89.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san114.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san114.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 24% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 21:00:58 UTC |
| Last Seen | 2026-06-28 16:28:14 UTC |
| Profile Built | 2026-06-29 10:33:49 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 27 |
Full dossier details are available via our API.