51.89.129.225
IP Intelligence Briefing: 51.89.129.225
*Generated from IPDebrief analysis*
---
**Key Findings**
- Ownership:
- Owned by Ahrefs Pte Ltd Dmytro (AS16276).
- Registered with ARIN, no abuse contact listed.
- Geolocation: London, England (GB).
- Risk Profile:
- Moderate Risk (Risk Score: 40).
- No direct threat indicators (no malware, spam, or known attacker associations).
- Subnet 51.89.129.225/24 shows high abuse density (0.61), with 157 of 256 IPs flagged as threats.
- Network Role:
- Cloud compute instance (OVH provider).
- No services (open ports, TLS certs, or HTTP banners) detected.
- DNS records link to proxy-uk008-san225.ahrefs.net (Ahrefs infrastructure).
- Behavioral Insights:
- Subnet has 154 active IPs, with 157 threat-sibling IPs.
- No recent route changes (stable BGP prefix: 51.89.0.0/16).
- DNSSEC and CAA records are valid, but DNSBL listings suggest potential abuse.
---
**Actionable Recommendations**
1. Monitor Subnet Activity:
- The subnetβs high abuse density (0.61) indicates potential lateral movement or compromised hosts. Prioritize monitoring traffic patterns and anomalies.
2. Verify Ahrefs Infrastructure:
- The IP is tied to Ahrefsβ proxy network. Confirm if this aligns with expected infrastructure (e.g., proxy servers).
3. Check Neighbor IPs:
- 96% of subnet neighbors have medium risk scores. Investigate high-risk siblings for potential compromise or malicious activity.
4. DNS Analysis:
- Validate DNS associations with proxy-uk008-san225.ahrefs.net. Ensure no unauthorized subdomain or email spoofing activity.
---
**Conclusion**
This IP is part of a high-risk subnet linked to Ahrefsβ cloud infrastructure. While no direct malicious activity is detected, the subnetβs abuse density warrants closer scrutiny. Focus on neighbor IPs and DNS relationships to identify potential threats.
*Data sourced from IPDebrief threat intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk008-san225.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san225.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-24 00:33:11 UTC |
| Last Seen | 2026-06-28 23:29:30 UTC |
| Profile Built | 2026-06-29 05:32:34 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.