51.89.129.196
# IP Intelligence Briefing: 51.89.129.196/32
Classification: Moderate Risk (Score: 50)
Date: 2026-06-28
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP 51.89.129.196 is a cloud computing infrastructure address hosted by OVH in London, England. The IP maintains moderate risk characteristics with a risk score of 50 and operates as a hosting provider within the 51.89.0.0/16 CIDR block. The subnet demonstrates elevated abuse density (0.75) with 192 of 256 sibling IPs flagged as threats. No active malicious indicators were detected against this specific address, though the neighborhood context warrants monitoring.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH |
| **Location** | London, England, GB |
| **Infrastructure Type** | Cloud Compute |
| **Hosting** | Yes |
| **Network Role** | Firewalled / No Services |
The IP resolved to hostname proxy-uk008-san196.ahrefs.net via reverse DNS. No open ports, TLS certificates, or active services were observed. The IP is classified as cloud infrastructure and is not associated with Tor, VPN, CDN, or proxy networks.
---
## Threat Assessment
Current Risk Score: 50 (Moderate Risk)
Threat Indicators:
- No active threat indicators detected
- Not listed as known attacker or spam source
- Blacklist count: 0
- DNSBL listed: 2 of 8 total lists
- No associated threat campaigns or certificates
Control Plane Data:
- BGP Prefix: 51.89.0.0/16
- Origin ASN: 16276
- Route stability: Not stable
- DNSSEC valid: Yes
---
## Neighborhood Analysis
Subnet: 51.89.129.196/24
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 194 |
| Threat Siblings | 192 |
| Abuse Density | 0.75 (High) |
| Classification | High Abuse |
| Inherited Risk | 30 |
Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 40 IPs
- Low Risk: 60 IPs
The subnet exhibits elevated abuse density with 75% abuse classification. This IP inherits 30% risk from neighborhood context.
---
## Historical Observations
Total Observations: 19 signals
Key historical signals:
- 2026-06-28: Cloud infrastructure classification (OVH, confidence 0.90)
- 2026-06-20: Port scanning activity detected; subnet abuse density confirmed at 0.75
- 2026-06-20: DNS resolution to ahrefs.net domain confirmed
The IP has demonstrated persistence as cloud hosting infrastructure with consistent OVH provider attribution.
---
## Network Relationships
Relationship Count: 36 total relationships
Primary relationship type: Same Network (OVH_282347344)
All relationships indicate shared network infrastructure within the OVH provider network.
---
## Recommended Actions
Firewall Recommendations:
- iptables: `iptables -A INPUT -s 51.89.129.196 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 51.89.129.196 drop`
- nginx: `deny 51.89.129.196;`
- pfSense: `51.89.129.196/32`
- Cloudflare WAF: Block IP with expression `ip.src eq 51.89.129.196`
- AWS WAF: Block address `51.89.129.196/32`
Note: These recommendations are probabilistic and should be combined with other signals before taking action.
---
## Intelligence Conclusion
IP 51.89.129.196 presents moderate risk as part of a high-abuse-density cloud hosting subnet. While the specific IP shows no active threat indicators, the neighborhood context (192 threat siblings, 0.75 abuse density) suggests elevated risk exposure. The IP is associated with legitimate hosting infrastructure (ahrefs.net reverse DNS), but the subnet's abuse profile warrants defensive monitoring. No immediate blocking is required absent additional contextual signals, though the provided firewall rules may be applied based on organizational policy.
Recommendation: Monitor subnet-level activity; apply blocking rules if organizational risk tolerance permits.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san196.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san196.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:07 UTC |
| Last Seen | 2026-06-28 11:25:12 UTC |
| Profile Built | 2026-06-29 05:28:02 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.