51.89.129.42

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

INTELLIGENCE BRIEFING: 51.89.129.42/32

OVERVIEW

IP 51.89.129.42 is a cloud infrastructure address hosted on OVH (ASN 16276) in London, England. The IP carries a moderate risk score of 40, with classification flags indicating hosted cloud compute infrastructure. No active services or open ports were detected during scanning.

OWNERSHIP & INFRASTRUCTURE

Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH)
Registration: RIR RIPE NCC, allocated 2001-02-15
Infrastructure Type: CloudCompute (OVH)
Network Role: Hosting provider with firewall protection
DNS Resolution: proxy-uk008-san42.ahrefs.net (ahrefs.net)

GEOLOCATION

Country: United Kingdom (GB)
Region: England
City: London
Geolocation Confidence: High (geo consensus confirmed, 5 probes)
Network Origin: BGP prefix 51.89.0.0/16, route stable

THREAT INDICATORS

Risk Score: 40 (Moderate)
DNSBL Status: Listed on 1 of 8 threat feeds
Known Campaigns: None identified
Campaign Likelihood: Not applicable
Tor/Proxy/VPN: Not detected
Malicious Activity: No known attacker or spam source indicators

NEIGHBORHOOD ANALYSIS

The /24 subnet (51.89.129.0/24) shows elevated abuse characteristics:

Abuse Density: 0.7344 (high abuse classification)
Total Siblings: 256 addresses
Active Siblings: 182
Threat Siblings: 188
Inherited Risk: 29
Network Classification: High abuse density subnet

Neighbor analysis indicates consistent risk scores (40) across the subnet with medium authority ratings.

OBSERVATION HISTORY

Total Observations: 24 signals
Latest Activity: 2026-06-20
Threat Persistence: 0 days (not persistently malicious)
Ownership Changes: 0
Route Changes (30d): 0
Threat Observation Count: 1

Historical signals confirm stable network assignment (prefix 51.89.0.0/16) and consistent ASN attribution to 16276.

NETWORK BEHAVIOR

Open Ports: None detected
TLS Certificates: None
HTTP Services: None (firewalled/no services)
Server Banner: None
HTTP Headers: No HSTS, CSP, or permissions policy headers

RECOMMENDED ACTIONS

Based on the moderate risk classification and hosted infrastructure nature:

Monitor for any service initiation or port opening
The IP is associated with Ahrefs infrastructure; verify against known Ahrefs IP ranges
DNSBL listing requires investigation but does not indicate active malicious use
Subnet-level abuse density suggests broader monitoring of 51.89.129.0/24 is warranted

ASSESSMENT

The IP represents standard cloud hosting infrastructure for Ahrefs services. While DNSBL listing exists and the subnet shows elevated abuse density, no active threat indicators were identified. The moderate risk score reflects the hosting provider context rather than confirmed malicious activity. SOC teams should maintain awareness of the subnet's abuse characteristics while treating the IP as legitimate cloud infrastructure unless contradictory intelligence emerges.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	ENG
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	51.89.0.0/16
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk008-san42.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk008-san42.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	36%	2	4
routing	33%	2	3
services	15%	2	2
ownership	37%	3	5
reputation	31%	1	3
geolocation	30%	2	3
Overall	30%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-21 21:00:59 UTC
Last Seen	2026-06-28 16:29:14 UTC
Profile Built	2026-06-29 10:36:09 UTC
Data Freshness	Live
Signal Types	25
Total Observations	29

🔍 25 signal types · 29 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.89.129.42📋 Copy