51.89.129.189
## IP INTELLIGENCE BRIEFING: 51.89.129.189
Classification: Moderate Risk (Score: 40)
Date of Analysis: June 2026
---
**OVERVIEW**
IP address 51.89.129.189 is a cloud hosting endpoint operated by OVH (ASN 16276) within the 51.89.0.0/16 prefix. The endpoint resolves to the PTR hostname proxy-uk008-san189.ahrefs.net and is associated with the organization Ahrefs Pte Ltd Dmytro. Geographic attribution indicates London, England, GB, though geolocation confidence is low (accuracy radius: 750km).
---
**INFRASTRUCTURE PROFILE**
- Network Role: Cloud compute infrastructure with hosting services
- Infrastructure Type: CloudCompute
- Service Status: Firewalled / No services actively responding
- Open Ports: None detected
- TLS Certificate: None detected
- ISP/Provider: OVH (providerScore: 0)
Control Plane Indicators:
- BGP Prefix: 51.89.0.0/16
- Origin ASN: 16276
- Route Stability: Unstable (isRouteStable: false)
- DNSSEC: Valid
- RPKI State: Not applicable
- DNSBL Listings: 1 of 8 total lists
---
**THREAT ASSESSMENT**
Risk Indicators:
- Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not available
- Known Campaigns: None identified
- Is Tor Exit: False
- Is Known Attacker: False
- Is Spam Source: False
- Blacklist Count: 0
Behavioral Indicators:
- Honeypot Hits: 0
- Threat Observation Count: 0
- Persistent Malicious Activity: No
- Threat Persistence Days: 0
---
**NETWORK ENVIRONMENT ANALYSIS**
Subnet Neighborhood (51.89.129.0/24):
- Subnet Classification: High Abuse
- Abuse Density: 0.6328 (63.28%)
- Total Siblings: 256
- Active Siblings: 154
- Threat Siblings: 162
- Inherited Risk Score: 25
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 97
- Low Risk: 3
The subnet exhibits elevated abuse characteristics with 63% abuse density, indicating the endpoint operates within a high-density hosting environment.
---
**OBSERVATION HISTORY**
Total observations recorded: 22
Recent Activity Timeline:
- 2026-06-19 18:25 UTC: Operator score 0.2174, label "Minimal", confidence 0.60
- 2026-06-14 18:32 UTC: Network classification confirmed as OVH hosting infrastructure, confidence 0.85
- 2026-06-14 18:28 UTC: Geolocation inference (GB, London region), confidence 0.28
- 2026-06-14 18:24 UTC: Operator score 0.2174, label "Minimal"
Historical Trend: Consistent minimal threat posture with persistent hosting infrastructure characteristics. No escalation in risk signals observed.
---
**RELATIONSHIP GRAPH**
Total relationships: 46
Primary Relationship Types:
- Same Network: 41 relationships (OVH_282347344)
- Additional network-level relationships: 5
No significant cross-network or organizational relationships identified beyond the OVH infrastructure footprint.
---
**RECOMMENDED SECURITY ACTIONS**
Firewall/Network Policy:
1. Monitor for outbound connections to 51.89.0.0/16 prefix
2. Consider blocking if traffic patterns indicate abuse consistent with high-abuse subnet
3. No specific block recommendation based on current risk profile (score: 40)
Detection Signatures:
- No active threat indicators detected
- No malware/hash signatures associated
- No known campaign correlation
Additional Context:
- The IP is associated with legitimate hosting infrastructure (Ahrefs)
- No active malicious activity observed
- Consider monitoring rather than blocking due to moderate risk score and hosting infrastructure role
---
**SUMMARY**
IP 51.89.129.189 is a cloud hosting endpoint operating within a high-abuse density subnet. The endpoint shows moderate risk characteristics with no active threat indicators. While the subnet environment exhibits elevated abuse metrics (63.28% abuse density), this specific IP demonstrates consistent, non-malicious hosting behavior. Recommended approach: Monitor traffic patterns rather than implement blocking rules, as the IP serves legitimate infrastructure purposes and maintains minimal threat posture throughout observation history.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san189.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san189.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 21% | 1 | 2 |
| geolocation | 37% | 2 | 3 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:44:42 UTC |
| Last Seen | 2026-06-27 20:30:57 UTC |
| Profile Built | 2026-06-28 14:36:19 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.