51.89.129.2
INTEL BRIEFING: 51.89.129.2/32
SUMMARY
IP 51.89.129.2 is a moderate-risk (40) cloud hosting address registered to OVH SAS (AS16276) in London, England. The IP resolves to proxy-uk008-san2.ahrefs.net and is classified as cloud infrastructure with hosting capabilities. The address is associated with high-abuse subnet 51.89.129.0/24 (abuse density 0.6406) containing 155 active sibling IPs and 164 threat-siblings.
OWNERSHIP & GEOLOCATION
- ASN: AS16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Location: London, England, GB (750 km accuracy radius)
- Infrastructure: CloudCompute, Hosting service
- RIR: RIPE NCC
THREAT INDICATORS
- DNSBL listings: 1 of 8 total lists
- Proxy detection: Multiple signals indicate VPN/proxy behavior (OVH SAS, proxy type: VPN)
- Risk classification: Moderate Risk (40)
- No Tor exit node, no known attacker designation, no spam source designation
NETWORK CONTEXT
The /24 subnet 51.89.129.0/24 shows elevated abuse patterns with 256 total siblings and 155 active IPs. Risk distribution within the subnet is concentrated in medium-risk territory. The address shares network relationships with multiple OVH infrastructure blocks (OVH_282347344).
OBSERVATION HISTORY
24 signals observed as of June 15, 2026. Recent activity includes:
- Cloud/hosting infrastructure confirmation
- Proxy/VPN behavior indicators
- Blacklist listings across 8 threat feeds
- DNS resolution to ahrefs.net domain with CAA records present
SOC ACTIONS
Recommended actions based on risk profile:
- Block at perimeter firewall: `iptables -A INPUT -s 51.89.129.2 -j DROP`
- Cloudflare WAF: Block via expression `ip.src eq 51.89.129.2`
- AWS WAF: Add `51.89.129.2/32` to block list
- Consider subnet-level monitoring for 51.89.129.0/24 given high abuse density
ASSESSMENT
The IP presents moderate risk through proxy/VPN hosting behavior in a high-abuse OVH subnet. No direct attack indicators detected, but the subnet classification warrants defensive blocking and monitoring. Correlate with any observed malicious traffic patterns before implementing firewall rules.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.89.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san2.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san2.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 2 |
| routing | 27% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 26% | 12 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 21:01:17 UTC |
| Last Seen | 2026-06-28 04:04:41 UTC |
| Profile Built | 2026-06-28 22:12:16 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.