# IP INTELLIGENCE BRIEFING
Target IP: 51.89.129.163/32
Date: 2026-06-19
Classification: Moderate Risk (Score: 40/100)
---
## EXECUTIVE SUMMARY
IP address 51.89.129.163 is a cloud compute endpoint operated by OVH (ASN 16276) in London, England, registered to Ahrefs Pte Ltd. The IP resolves to proxy-uk008-san163.ahrefs.net and presents moderate risk (40/100). While no active threat indicators or known attack campaigns are associated with this specific address, the IP resides within a high-abuse density subnet (51.89.129.0/24) where 70% of sibling IPs exhibit medium risk and 30% exhibit low risk.
---
## OWNERSHIP & GEOLOCATION
- Organization: Ahrefs Pte Ltd Dmytro
- ASN: 16276 (OVH)
- Country: GB (London, England)
- Geolocation Confidence: High (5 probe sources, consensus confirmed)
- Infrastructure Type: Cloud Compute / Hosting
- Network Classification: Not residential, proxy, CDN, or Tor
---
## NETWORK ENVIRONMENT ANALYSIS
The IP is embedded in subnet 51.89.129.0/24 with the following characteristics:
| Metric | Value |
|---|---|
| Subnet Abuse Density | 0.707 (High Abuse) |
| Total Sibling IPs | 256 |
| Active Siblings | 194 |
| Threat-Associated Siblings | 181 |
| Inherited Risk Score | 28/100 |
Risk Distribution in /24: 70% medium risk, 30% low risk, 0% high risk (sample of 100 neighbors analyzed).
The high abuse density indicates this subnet contains significant malicious activity, though the target IP itself shows no active threat indicators.
---
## THREAT INTELLIGENCE
Current Threat Status:
- Threat Indicators: None detected
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0 (direct)
- DNSBL Listed: 1/8 lists
Control Plane Data:
- Route Stability: False
- DNSSEC Valid: Yes
- RPKI State: Not evaluated
- IRR Consistency: Not evaluated
---
## OBSERVATION HISTORY
Recent signals (June 2026) indicate:
- 2026-06-19 20:52: Operator score 0.2174 (Minimal)
- 2026-06-19 21:00: Subnet classification updated to "high_abuse" with 0.707 abuse density
- 2026-06-14 20:56: DNS resolution confirmed for ahrefs.net domain with CAA records present
- 2026-06-14 20:54: Geolocation confirmed in GB with 750km accuracy radius
No persistent malicious behavior detected. Ownership changes: 0. Threat persistence: 0 days.
---
## INFRASTRUCTURE RELATIONSHIPS
The IP maintains 53 documented relationships, primarily with network infrastructure entities (OVH_282347344). No connections to known malicious campaigns, certificates, or related threat actors identified.
---
## RECOMMENDED ACTIONS
Based on risk profile and neighborhood analysis, the following firewall rules are recommended:
```bash
# iptables
iptables -A INPUT -s 51.89.129.163 -j DROP
# nftables
nft add rule inet filter input ip saddr 51.89.129.163 drop
# pfSense
51.89.129.163/32
```
Platform-Specific Rules:
- Cloudflare WAF: Block IP with expression `ip.src eq 51.89.129.163`
- AWS WAF: Add to blocked addresses list: 51.89.129.163/32
- nginx: `deny 51.89.129.163;`
---
## ANALYST NOTES
1. Context: While the IP itself shows no active threat indicators, the parent subnet exhibits high abuse density. Consider blocking the entire /24 if acceptable for your threat model.
2. Legitimate Use: The IP resolves to a legitimate ahrefs.net domain, suggesting potential legitimate use. However, the high abuse neighborhood warrants caution.
3. Recommendation: Implement rate limiting or connection throttling as an intermediate measure before full blocking. Monitor for any changes in behavior from this IP or adjacent addresses in the /24 subnet.
4. Related Subnet: Consider analyzing adjacent subnets (51.89.128.0/24, 51.89.130.0/24) for additional threat intelligence.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san163.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san163.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:38:43 UTC |
| Last Seen | 2026-06-27 22:57:10 UTC |
| Profile Built | 2026-06-28 17:02:49 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.