51.89.129.94

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.89.129.94/32

## Executive Summary

IP 51.89.129.94 is a cloud-based infrastructure endpoint operated by OVH (ASN 16276) on behalf of Ahrefs Pte Ltd Dmytro. The IP is located in London, England and resolves to aresolves to the hostname proxy-uk008-san94.ahrefs.net. Current risk assessment indicates Moderate Risk (Score: 40). No active threat indicators, campaigns, or malicious activity observed.

## Ownership and Infrastructure

ASN: 16276 (OVH SAS)
Organization: Ahrefs Pte Ltd Dmytro
Infrastructure Type: CloudCompute (OVH hosting)
Geolocation: London, England, GB (GeoSource: 1, Consensus: True, Plausible: True)
Network Classification: Cloud infrastructure, Hosting service
DNS: proxy-uk008-san94.ahrefs.net (Forward confirmed: Yes)
Services: No open ports detected (Firewalled/No Services)

## Threat Assessment

Risk Score: 40 (Moderate Risk)
Abuse Confidence Score: Not available
Blacklist Status: 0 blacklist hits
Known Campaigns: None detected
Threat Indicators: None
Tor Exit Node: No
Known Attacker: No
Spam Source: No

## Control Plane Analysis

BGP Prefix: 51.89.0.0/16
Route Stability: Not stable (route changes observed)
DNSSEC Valid: Yes
DNSBL Listings: 1 of 8 lists (dnsblListedCount)
Operator Score: 0.2174 (Minimal)

## Neighborhood Analysis (51.89.129.0/24)

Abuse Density: 0.7422 (High Abuse classification)
Inherited Risk: 29
Subnet Siblings: 256 total, 194 active, 190 threat siblings
Risk Distribution: 0 High, 64 Medium, 36 Low risk neighbors
Note: The subnet exhibits elevated abuse activity, though this IP specifically shows no malicious indicators.

## Observation History (22 Signals)

Most Recent: 2026-06-28T06:45:52 - Subnet analysis: abuse_density 0.4023, classification: mixed
Previous: 2026-06-20T04:42:04 - Subnet analysis: abuse_density 0.7422, classification: high_abuse
Geolocation Confirmed: GB (confidence: 0.28)
Threat Persistence Days: 0
Is Persistently Malicious: No

## Relationships

Network Relationships: 46 relationships identified (same network: OVH_282347344)
No Correlated Campaigns: 0 correlated IPs, 0 cert matches, 0 banner matches

## Recommended Actions

1. Standard Monitoring: Monitor for unusual outbound patterns from this endpoint

2. Subnet Awareness: Be aware that the /24 subnet (51.89.129.0/24) shows elevated abuse density (0.7422)

3. No Block Required: No immediate blocking recommended; IP is legitimate cloud infrastructure

4. DNS Verification: Forward resolution confirmed to ahrefs.net domain

5. Firewall Rule: No specific firewall rules generated (no threat indicators)

## Conclusion

This IP represents legitimate cloud infrastructure for Ahrefs. While the hosting subnet demonstrates elevated abuse characteristics, this specific endpoint shows no malicious activity. SOC teams should monitor the subnet generally but treat the IP as benign unless new threat indicators emerge. No immediate defensive action required.

Classification: Moderate Risk - Cloud Infrastructure Endpoint

Priority: Low

Action: Monitor

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk008-san94.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk008-san94.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	3
routing	13%	1	1
services	21%	2	2
ownership	24%	2	3
reputation	31%	1	3
geolocation	39%	2	3
Overall	27%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-18 03:23:27 UTC
Last Seen	2026-06-28 06:45:53 UTC
Profile Built	2026-06-29 00:51:14 UTC
Data Freshness	Live
Signal Types	22
Total Observations	26

🔍 22 signal types · 26 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

51.89.129.94📋 Copy