# IP Intelligence Briefing: 51.89.129.237
## Executive Summary
IP address 51.89.129.237 operates as a cloud hosting infrastructure asset within OVH's network infrastructure in London, England. The IP presents a moderate risk profile (score: 40) with no active threat indicators. However, the /24 subnet demonstrates elevated abuse density (0.668) with 171 of 256 sibling IPs classified as threats.
## Technical Profile
Ownership & Provider:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- Registration: ARIN
- Network: 51.89.0.0/16
Geolocation:
- Country: GB (England)
- City: London
- Accuracy: 750km radius (multi-source inference)
- GeoConsensus: True
Network Infrastructure:
- Infrastructure Type: CloudCompute
- Classification: Hosting / Cloud
- Service Status: Firewalled / No Services Open
- DNS PTR: proxy-uk008-san237.ahrefs.net
## Risk Assessment
Overall Risk Score: 40 (Moderate)
Key Risk Factors:
- Subnet abuse density: 0.668 (high_abuse classification)
- 171 threat siblings in /24 subnet
- DNSBL listed on 1 of 8 threat feeds
- Inherited risk score: 26 from subnet context
Mitigating Factors:
- No active threat indicators (not known attacker, not Tor exit, not spam source)
- No open services detected
- Zero active honeypot hits
- Operator score: 0.2174 (Minimal)
## Historical Observations
Analysis of 19 signal observations reveals:
- Recent operator score fluctuations between 0.2174-0.25
- Consistent geolocation inference to GB region
- DNS records consistently resolve to ahrefs.net
- No significant ownership changes observed
- Threat observation count: 0 (not persistently malicious)
## Network Relationships
The IP maintains 37 relationship connections, including multiple "Same Network" associations to OVH infrastructure identifier OVH_282347344. The subnet contains 170 active sibling IPs with 171 classified as threat actors.
## Recommended Security Actions
Firewall Rules:
```
iptables -A INPUT -s 51.89.129.237 -j DROP
nft add rule inet filter input ip saddr 51.89.129.237 drop
nginx: deny 51.89.129.237;
```
Cloud Platform Actions:
- Cloudflare WAF: Block rule with expression `ip.src eq 51.89.129.237`
- AWS WAF: Block IP 51.89.129.237/32
Analysis Notes:
While individual risk score (40) suggests moderate concern, the high-abuse subnet classification warrants blocking. However, the absence of active threat indicators and lack of open services suggests this may be defensive hosting infrastructure rather than active malicious activity. SOC analysts should correlate with additional threat intelligence before implementing permanent blocks.
Classification: Cloud hosting infrastructure with elevated neighborhood risk profile
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san237.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san237.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 17:48:43 UTC |
| Last Seen | 2026-06-28 12:25:28 UTC |
| Profile Built | 2026-06-29 06:29:44 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 25 |
Full dossier details are available via our API.