51.89.129.218
# IP INTELLIGENCE BRIEFING
Subject: 51.89.129.218/32
Classification: Cloud Infrastructure / Hosting
Date: 2026-06-26
Analyst: IPDebrief Intelligence
---
## EXECUTIVE SUMMARY
51.89.129.218 is a cloud-compute infrastructure IP assigned to Ahrefs Pte Ltd Dmytro, operated through OVH network infrastructure (ASN 16276). The IP resolves to a legitimate ahrefs.net hostname but exhibits DNSBL listings and moderate neighborhood abuse density. No active services detected on the target IP.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Risk Score** | 25/100 (Low Risk) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 (OVH SAS) |
| **Network** | 51.89.0.0/16 |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **DNS Resolution** | proxy-uk008-san218.ahrefs.net |
---
## THREAT INDICATORS
DNSBL Status: Listed on 1 of 8 threat feeds
Active Threat Indicators: None detected
Known Campaigns: No matches
Tor Exit/Proxy: Negative
Spam/Attacker Source: Negative
Notable: The IP maintains a forward resolution count of 1 but shows no forward-confirmed status, indicating potential DNS inconsistency.
---
## NEIGHBORHOOD ANALYSIS (51.89.129.0/24)
- Total Active Siblings: 207 / 256 IPs
- Abuse Density: 0.4141 (Mixed Classification)
- Risk Distribution: 0 High, 74 Medium, 26 Low
- Inherited Risk Score: 16
Observation: The target resides in a subnet with elevated abuse activity. While this specific IP shows low individual risk, 106 sibling IPs are classified as threats.
---
## OBSERVATION HISTORY
Total signals: 19 observations
Recent Signals (2026-06-26):
- Geolocation: GB (confidence: 0.28)
- Subnet abuse density: 0.4141 (confidence: 0.75)
- DNSBL listings: 1 high-severity listing (confidence: 0.85)
- DNS CAA records: Present (confidence: 0.80)
- Operator score: 0.087 (Minimal)
Temporal Indicators: No ownership changes detected. Threat persistence: 0 days.
---
## NETWORK RELATIONSHIPS
- Total Relationships: 58
- Network Affiliations: OVH_282347344 (multiple entries)
- Control Plane: BGP prefix 51.89.0.0/16 stable
- Route Changes (30d): 0
---
## RECOMMENDED ACTIONS
Firewall Rules:
```bash
# Block inbound connections to this IP
iptables -A INPUT -s 51.89.129.218 -j DROP
# Log and block subnet if false positives persist
iptables -A INPUT -s 51.89.129.0/24 -j LOG --log-prefix "BLOCK_AHREFS_NET: "
```
WAF Rules (Cloudflare/AWS):
```
# Block IP with 51.89.129.0/24 subnet
ip: 51.89.129.218, 51.89.129.0/24
action: block
```
Monitoring Recommendations:
1. Monitor for new services opening on this IP
2. Watch for DNSBL listing additions/removals
3. Correlate with other ahrefs.net infrastructure for lateral threat assessment
---
## ASSESSMENT
This IP represents legitimate Ahrefs infrastructure hosted on OVH cloud. However, the subnet exhibits moderate-to-high abuse density (0.4141), and the target IP carries one DNSBL listing. While individual risk is low (25), the neighborhood context suggests potential for abuse-related traffic. Recommend monitoring rather than immediate blocking unless specific threat activity is observed.
Confidence Level: High
Threat Priority: Low/Medium
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san218.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san218.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 21% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:44:42 UTC |
| Last Seen | 2026-06-27 20:31:43 UTC |
| Profile Built | 2026-06-28 20:37:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.