51.89.129.223
IP Intelligence Briefing: 51.89.129.223
Date: 2026-06-11
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd (Dmytro)
- Subnet: 51.89.129.0/24
- Geolocation: London, England, UK (GeoPlausible: Yes)
- Network Role: CloudCompute infrastructure (OVH-hosted, firewalled).
- Threat Indicators: No direct malicious activity detected (no blacklists, spam, or known attacker flags).
---
**2. Observation History**
- Recent Activity:
- Moderate risk score observed (6/11/2026).
- Subnet abuse density: 0.4688 (mixed risk environment).
- DNS resolution linked to `proxy-uk008-san223.ahrefs.net` (Ahrefs infrastructure).
- Stability: Route stability: No (fluctuations detected).
---
**3. Relationships**
- Network Associations:
- Same network: OVH_282347344 (51.89.129.0/24).
- DNS: Linked to proxy-uk008-san223.ahrefs.net (Ahrefs subdomain).
- Subnet Context:
- 256 IPs in subnet (133 active, 120 flagged as threats).
- Abuse Density: 46.88% (high-risk neighbors dominate).
---
**4. Neighborhood Risk**
- Subnet Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 51 IPs
- Low Risk: 49 IPs
- Inherited Risk: 18 (moderate threat exposure due to neighbors).
---
**5. Actionable Insights**
- Monitor:
- Track subnet activity for lateral movement or increased threat sibling counts.
- Verify DNS associations with Ahrefs to ensure legitimacy.
- Mitigate:
- Apply network segmentation to isolate cloud compute resources.
- Consider rate-limiting or blocking high-risk neighbors in the 51.89.129.0/24 subnet.
- Investigate:
- Confirm if the IPβs cloud compute role aligns with Ahrefsβ infrastructure.
- Validate DNSSEC and CAA records for potential spoofing risks.
---
Conclusion:
The IP is part of a mixed-risk subnet associated with Ahrefsβ cloud infrastructure. While no direct malicious activity is detected, the subnetβs high abuse density and presence of threat siblings necessitate ongoing monitoring. SOC teams should prioritize subnet-level analysis and verify the IPβs role within Ahrefsβ network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | OVH_282347344 |
| CIDR Block | 51.89.129.0/24 |
| RIR | ARIN |
| Country | GB |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk008-san223.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san223.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-28 23:51:57 UTC |
| Last Seen | 2026-06-29 06:02:57 UTC |
| Profile Built | 2026-06-29 06:13:41 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 23 |
Full dossier details are available via our API.