IP Intelligence Briefing: 51.89.129.181
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd (Singapore)
- Geolocation: London, UK (geolocated via 51.5081, -0.1278)
- Network Role:
- Cloud compute instance (OVH infrastructure)
- No open ports or TLS certificates detected
- Hosted domain: `ahrefs.net` (PTR hostname: `proxy-uk008-san181.ahrefs.net`)
---
**2. Threat Indicators**
- No direct threats detected (no malware, spam, or known attacker associations).
- Subnet Risk:
- 51.89.129.181/24 has high abuse density (0.59), with 96/100 IPs classified as medium/high risk.
- 152/154 active siblings in the subnet are flagged as threats.
- DNS:
- Resolves to `proxy-uk008-san181.ahrefs.net` (no email auth records).
- DNSBL listings: 1/8 total lists (low priority).
---
**3. Observation History**
- Stability:
- Route stability: Unstable (BGP route changes in past 30 days).
- Geolocation consistency: Plausible (RTT ~93ms, 5 probes).
- Signal Trends:
- No significant changes in risk score or threat indicators over 20 days.
- Subnet abuse density remains high.
---
**4. Relationships & Network Context**
- Linked Entities:
- OVH ASN 16276 (same provider as 96% of subnet).
- Ahrefs Pte Ltd (owner of `ahrefs.net` domain).
- Subnet Analysis:
- 100 neighbors in 51.89.129.0/24.
- 96 IPs flagged as medium/high risk (abuse density: 0.59).
- 152 threat siblings (154 active IPs in subnet).
---
**5. Recommended Actions**
- Monitor Subnet: High abuse density in 51.89.129.0/24 warrants closer scrutiny.
- Block IP Temporarily:
- Use firewall rules to block traffic from 51.89.129.181/32 (see below).
- Verify Ownership: Confirm Ahrefs Pte Ltdβs use of this IP (e.g., via RDAP or WHOIS).
- Investigate Anomalies: Check for unexpected DNS activity or traffic patterns.
---
**6. Firewall Rules (Sample)**
```bash
iptables: iptables -A INPUT -s 51.89.129.181 -j DROP
nftables: nft add rule inet filter input ip saddr 51.89.129.181 drop
Cloudflare WAF: {"action":"block","expression":"ip.src eq 51.89.129.181"}
AWS WAF: {"Addresses":["51.89.129.181/32"],"Description":"IPDebrief risk 40"}
```
---
**Conclusion**
The IP is part of a high-risk subnet (OVH, abuse density 0.59) but shows no direct malicious activity. While the owner (Ahrefs) is legitimate, the subnetβs poor security hygiene suggests potential for compromise. Monitor for anomalies and consider blocking the IP to mitigate risk.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk008-san181.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san181.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:58:00 UTC |
| Last Seen | 2026-06-28 14:28:51 UTC |
| Profile Built | 2026-06-29 08:34:06 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.