51.89.129.131
IP Intelligence Briefing: 51.89.129.131
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Registered to Ahrefs Pte Ltd (ASN 16276, OVH provider).
- Geolocation: London, England, UK (consistent with Ahrefs' infrastructure).
- Network Role: Cloud compute instance (OVH-hosted, no residential/mobile indicators).
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or DNS abuse).
---
**2. Observation History (30-Day Trend)**
- Stability: Stable with no significant changes in risk or network behavior.
- Key Signals:
- DNS resolution to `proxy-uk008-san131.ahrefs.net` (legitimate domain).
- Low operator risk score (0.2174, "Minimal" label).
- No Tor, VPN, or proxy indicators.
---
**3. Relationships & Network Context**
- Linked Entities:
- Subnet 51.89.129.0/24 (OVH-managed, mixed-risk environment).
- Associated with OVH_282347344 network (cloud infrastructure).
- Subnet Analysis:
- Abuse Density: 0.46 (moderate risk).
- Active Neighbors: 114 IPs (118 flagged as risky).
- Notable Neighbors: 91 "Medium" risk IPs, 9 "Low" risk IPs.
---
**4. Threat & Security Context**
- DNS Security: Valid DNSSEC, CAA records, and no DNSBL listings.
- TLS/Services: No open ports or TLS certificates detected.
- Behavioral Flags: No honeypot hits or enumeration activity.
---
**5. Recommendations**
- Monitor Subnet: Track the 51.89.129.0/24 subnet for rising abuse density.
- Verify Ownership: Confirm Ahrefs' legitimate use of the IP via RDAP.
- Network Segmentation: Ensure cloud instance isolation if handling sensitive data.
- Alert on Changes: Watch for abrupt shifts in risk scores or DNS behavior.
Conclusion: This IP is a legitimate OVH-hosted cloud server with no current threat indicators. However, its subnet exhibits moderate abuse density, warranting continued monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san131.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san131.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:06 UTC |
| Last Seen | 2026-06-28 11:24:10 UTC |
| Profile Built | 2026-06-29 05:28:02 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.