51.89.129.220
Threat Intelligence Briefing: IP 51.89.129.220/32
Summary
The IP address 51.89.129.220/32 is associated with Ahrefs Pte Ltd (OVH network) and classified as low risk (risk score: 25). It resides in London, UK, and operates as a cloud-hosted server with no direct indicators of malicious activity. However, its subnet (51.89.129.0/24) exhibits moderate abuse density (46% of siblings flagged as threats), warranting closer scrutiny.
Key Findings
1. Ownership & Network
- Owned by Ahrefs Pte Ltd, part of OVH's infrastructure (ASN 16276).
- Classified as a cloud compute node with no residential/mobile/mobile characteristics.
- Subnet 51.89.129.0/24 contains 256 IPs, 118 of which are flagged as threats.
2. Threat Indicators
- No direct malware, C2, or phishing indicators detected.
- No DNS-based threats or email authentication issues.
- Geo-located in the UK, but RTT data suggests potential latency anomalies.
3. Network Behavior
- No open ports or TLS services detected.
- Subnet abuse density is moderate (46%), with 114 active IPs.
- Route stability is flagged as unstable (control plane data).
4. Relationships
- Strong ties to OVH network and the hostname proxy-uk008-san220.ahrefs.net.
- No known connections to malicious domains or organizations.
Recommendations
- Monitor the subnet for unusual traffic patterns, given the moderate abuse density.
- Verify the IPโs role in the network, as its cloud-hosted nature could mask hidden activity.
- Cross-check with internal threat feeds for any correlations with known malicious campaigns.
- Consider implementing network segmentation to isolate high-risk subnets.
Conclusion
While 51.89.129.220 itself is low risk, its association with a subnet containing multiple threats necessitates contextual analysis. SOC teams should prioritize monitoring this subnet for potential lateral movement or indirect compromise vectors.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san220.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san220.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:07 UTC |
| Last Seen | 2026-06-28 11:25:40 UTC |
| Profile Built | 2026-06-29 05:30:16 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.