51.89.129.160
# INTELLIGENCE BRIEFING: 51.89.129.160/32
Classification: MODERATE RISK
Date of Analysis: Current
Intel Source: IPDebrief Threat Intelligence Platform
Primary ASN: AS16276 (OVH SAS)
---
## EXECUTIVE SUMMARY
IP 51.89.129.160 is a cloud-hosted infrastructure address belonging to OVH SAS (ASN 16276) with moderate risk scoring. The address is associated with the ahrefs.net domain infrastructure and demonstrates firewalled network behavior. The IP resides within a high-abuse-density subnet (51.89.129.0/24) exhibiting elevated threat sibling activity.
---
## OWNERSHIP & INFRASTRUCTURE
Network Classification:
- ISP/Provider: OVH SAS (AS16276)
- Organization: Ahrefs Pte Ltd Dmytro
- Infrastructure Type: CloudCompute
- Geolocation: London, England, GB (Europe/London timezone)
- CIDR Block: 51.89.0.0/16
- Registration RIR: ARIN
Network Role Indicators:
- Cloud hosting environment confirmed
- Network services firewalled (no open ports detected)
- DNSSEC validation: Valid
- CAA records present
---
## THREAT ASSESSMENT
Risk Profile:
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not available
- Blacklist Status: Listed on 1 of 8 DNSBL feeds
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
Temporal Analysis:
- Threat persistence duration: 0 days
- Persistently malicious: No
- Ownership changes: 0
- Historical threat observation count: 1
---
## NETWORK CONTEXT & NEIGHBORHOOD
Subnet Analysis (51.89.129.0/24):
- Abuse Density: 0.7461 (High)
- Subnet Classification: high_abuse
- Inherited Risk: 29
- Active Siblings: 194 of 256 total IPs
- Threat Siblings: 191
Peer IP Risk Distribution:
- High Risk: 0 neighbors
- Medium Risk: 59 neighbors
- Low Risk: 41 neighbors
Sample Neighbor Risk Scores:
- 51.89.129.0: Risk 40, Authority 50
- 51.89.129.1: Risk 50, Authority 50
- 51.89.129.2: Risk 50, Authority 50
- 51.89.129.3: Risk 40, Authority 50
- 51.89.129.4: Risk 40, Authority 50
Network Relationships:
- 42 total relationships identified
- Primary network association: OVH_282347344 (multiple instances)
---
## OBSERVATION HISTORY
Signal Count: 22 historical observations
Recent Signal Types:
1. DNS Resolution: ahrefs.net with CAA records present (2026-06-20T05:19:19 UTC)
2. Subnet Abuse: High abuse density classification (2026-06-20T05:12:13 UTC)
3. Certificate Records: 0 certificates via crt-sh (2026-06-20T05:12:01 UTC)
4. Geolocation: GB inferred via multi-signal inference, accuracy 750km (2026-06-20T05:11:49 UTC)
5. ASN Reputation: AS16276 OVH SAS with 8 threat pulses detected (2026-06-20T05:11:48 UTC)
---
## DNS & SERVICE ANALYSIS
DNS Records:
- PTR Hostname: proxy-uk008-san160.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: 1 confirmed hostname
Email Authentication:
- SPF Record: Not configured
- DMARC Record: Not configured
- TXT Record Count: 0
Services:
- Open Ports: None (firewalled)
- TLS Certificate: Not detected
- HTTP Title: Not detected
- Server Banner: Not detected
---
## RECOMMENDED ACTIONS
Firewall Configuration:
- Monitor for inbound connection attempts from 51.89.129.0/24 subnet
- Implement rate limiting for connections to cloud infrastructure endpoints
- Consider blocking if suspicious scanning behavior observed
SOC Monitoring:
- Track DNS query patterns to ahrefs.net infrastructure
- Monitor for anomalous outbound connections from internal systems to this IP
- Alert on any service enumeration attempts targeting the subnet
Threat Intelligence Integration:
- Correlate with 191 threat sibling IPs in 51.89.129.0/24
- Monitor 8 DNSBL blacklist sources for updates
- Track ASN 16276 threat pulse activity
---
ANALYST NOTES: This IP operates within a high-abuse cloud hosting environment. While the specific IP shows no active threat indicators, the subnet context suggests elevated risk. Recommend ongoing monitoring of associated infrastructure and correlation with broader threat intelligence on OVH SAS hosting environments.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san160.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san160.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 09:25:05 UTC |
| Last Seen | 2026-06-28 07:16:53 UTC |
| Profile Built | 2026-06-29 01:22:03 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.