51.89.129.75
# INTELLIGENCE BRIEFING: 51.89.129.75/32
Classification: Moderate Risk | Status: Under Investigation
## Executive Summary
IP 51.89.129.75 belongs to Ahrefs Pte Ltd Dmytro (ASN 16276, OVH provider) with geolocation in London, England. The IP resolves to a proxy hostname (proxy-uk008-san75.ahrefs.net) and operates within a high-abuse subnet (51.89.129.0/24) exhibiting significant neighbor risk concentration.
## Threat Profile
- Risk Score: 40 (Moderate)
- Abuse Confidence: DNSBL listed on 1 of 8 threat feeds
- Operator Score: 0.2174 (Minimal)
- Infrastructure Type: CloudCompute (OVH hosting)
- Network Role: Firewalled / No Services (no open ports detected)
## Neighborhood Analysis
Subnet 51.89.129.0/24 demonstrates elevated abuse characteristics:
- Abuse Density: 0.668 (high_abuse classification)
- Threat Siblings: 171 of 256 total IPs
- Active Siblings: 158 currently operational
- Inherited Risk: 26
- Risk Distribution: 100 medium-risk neighbors observed
## Historical Observations
Signal history indicates 21 observations across multiple dimensions. Recent probes (2026-06-15) confirmed:
- DNS resolution to ahrefs.net domain
- CAA and DNSSEC validation present
- No banner matches or campaign correlations detected
- Route stability flagged as false despite 30-day route changes showing zero modifications
## Relationship Graph
34 relationships identified, primarily network-level associations (OVH_282347344). No organizational or certificate-level relationships beyond the established ahrefs.net domain.
## Recommended Actions
1. Monitor subnet 51.89.129.0/24 for lateral movement due to high abuse density
2. Block if observed in threat contexts (DNSBL listing present)
3. Validate legitimate business justification for connection requests
4. Log all traffic for forensic analysis given moderate risk classification
Assessment: This IP represents a legitimate enterprise host (Ahrefs) within a high-risk hosting environment. Treat inbound connections with caution but allow legitimate business traffic after validation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk008-san75.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk008-san75.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:40:49 UTC |
| Last Seen | 2026-06-28 10:17:54 UTC |
| Profile Built | 2026-06-29 04:22:34 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.