51.89.129.121
Threat Intelligence Briefing: IP 51.89.129.121/32
1. IP Profile
- Risk Score: 25 (Low Risk)
- Ownership: Registered to Ahrefs Pte Ltd (OVH ASN 16276).
- Geolocation: London, England, UK (plausible, high confidence).
- Network Role: CloudCompute infrastructure (OVH provider).
- Threat Indicators: No malicious activity detected (no malware, C2s, or abuse reports).
- DNS: Resolves to `proxy-uk008-san121.ahrefs.net` (no malicious domains).
- Services: No open ports or TLS certificates detected.
2. Observation History
- Recent Activity:
- Detected as a cloud server with no threat indicators (June 2026).
- Subnet (`51.89.129.121/24`) shows 48.83% abuse density (moderate risk).
- Geo-validation confirms London, UK (RTT: 96β98ms).
- Trend: No persistent malicious behavior; risk score remains stable.
3. Relationships
- Linked to OVH network (AS16276) and Ahrefs Pte Ltd.
- Subnet peers include 135 active IPs, 125 flagged as high/medium risk.
- No direct ties to known malicious campaigns or threat actors.
4. Neighborhood Analysis
- Subnet: `51.89.129.121/24`
- Risk Distribution: 61 medium-risk IPs, 39 low-risk IPs.
- Abuse Density: 48.83% (suggests potential exposure to compromised neighbors).
- Notable Neighbors:
- IPs with risk scores β₯40 (e.g., 51.89.129.0, 51.89.129.1).
5. Recommendations
- Monitor Subnet: Track high-risk neighbors for lateral movement or network compromise.
- Verify Ownership: Confirm Ahrefsβ infrastructure legitimacy (no IOC matches).
- Blocklist High-Risk Peers: Consider isolating IPs with β₯50 risk scores in the subnet.
- No Immediate Action: The IP itself is low risk, but subnet-level exposure warrants closer scrutiny.
Conclusion: This IP is part of a cloud infrastructure operated by Ahrefs, with no direct malicious activity. However, its subnet contains a moderate abuse density, suggesting potential indirect risks. SOC teams should prioritize monitoring the subnet and mitigating associated threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk008-san121.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san121.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-08 11:10:41 UTC |
| Last Seen | 2026-06-27 13:22:31 UTC |
| Profile Built | 2026-06-28 07:28:16 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.