51.89.129.168
# IP INTELLIGENCE BRIEFING: 51.89.129.168/32
Date: 2026-06-20
Classification: Moderate Risk
Risk Score: 50/100
---
## EXECUTIVE SUMMARY
IP 51.89.129.168 is a hosting infrastructure address operated by OVH (ASN 16276) in London, United Kingdom. The address belongs to Ahrefs Pte Ltd Dmytro and resolves to proxy-uk008-san168.ahrefs.net. While the IP itself shows no active threat indicators, its /24 subnet (51.89.129.0/24) exhibits elevated abuse density (0.6406), requiring contextual monitoring.
---
## OWNERSHIP & GEOLOCATION
| Field | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 |
| **RIR** | ARIN |
| **Country** | GB (England, London) |
| **Infrastructure Type** | Hosting Provider |
| **Service Status** | Firewalled / No Services |
---
## THREAT ASSESSMENT
Current Risk Profile:
- Risk Score: 50 (Moderate)
- Operator Score: 0.2174 (Minimal)
- Abuse Confidence Score: Not available
- Known Campaigns: None detected
- Blacklist Status: 0 entries
Threat Indicators:
- Not a Tor exit node
- Not flagged as known attacker
- Not identified as spam source
- No active threat indicators in current profile
DNSBL Status: Listed on 2 of 8 total DNSBL feeds
---
## NETWORK CONTEXT
Subnet Analysis (51.89.129.0/24):
- Classification: High Abuse
- Abuse Density: 0.6406
- Total Siblings: 256
- Active Siblings: 156
- Threat Siblings: 164
- Inherited Risk Score: 25
Key Finding: The immediate subnet shows elevated abuse density, indicating potential shared infrastructure risks despite this specific IP's clean profile.
---
## OBSERVATION HISTORY
Total Observations: 19 signals recorded
Recent Activity:
- 2026-06-20: Minimal operator score (0.2174), 6-dimension coverage
- 2026-06-15: High abuse subnet classification maintained, consistent operator score
Temporal Analysis: No ownership changes detected. Threat persistence days: 0. The IP is not classified as persistently malicious.
---
## RELATIONSHIPS
Total Relationships Identified: 38
- Primary association: Same Network (OVH_282347344)
- No certificate or hostname relationships detected in graph
---
## RECOMMENDED SECURITY ACTIONS
Based on risk profile, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 51.89.129.168 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 51.89.129.168 drop
```
nginx:
```
deny 51.89.129.168;
```
Cloudflare WAF:
```json
{
"description": "Block 51.89.129.168 โ IPDebrief risk score 50",
"action": "block",
"filter": {"expression": "ip.src eq 51.89.129.168"}
}
```
AWS WAF:
```json
{
"Addresses": ["51.89.129.168/32"],
"Description": "IPDebrief risk 50"
}
```
Note: These recommendations are probabilistic and should be combined with other contextual signals before implementation.
---
## ANALYST NOTES
1. Infrastructure vs. Threat: The IP hosts legitimate services (Ahrefs proxy) but operates in a high-abuse-density subnet. This suggests shared hosting infrastructure risks rather than direct compromise.
2. Monitoring Recommendation: Implement subnet-level monitoring (51.89.129.0/24) given the 0.6406 abuse density. Monitor for any changes in DNS resolution or service banners.
3. Action Threshold: Current risk score (50) warrants blocking if the IP is not in an allowlist. No immediate escalation needed absent additional threat correlation.
4. Historical Context: 19 observations over recent periods show stable behavior with no degradation trends.
---
Generated by IPDebrief Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san168.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san168.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:23:26 UTC |
| Last Seen | 2026-06-28 06:42:50 UTC |
| Profile Built | 2026-06-29 00:46:38 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.