51.89.129.96📋 Copy

## IP Intelligence Briefing: 51.89.129.96/32

Classification: Moderate Risk (Score: 40)

Date: Intelligence generated based on available observation data

Scope: Full profile, historical signals, relationships, and neighborhood analysis

---

EXECUTIVE SUMMARY

IP 51.89.129.96 is a cloud compute infrastructure address associated with OVH SAS (ASN 16276), located in London, GB. The address resolves to Ahrefs network infrastructure (proxy-uk008-san96.ahrefs.net). While no active threat indicators are present, the IP operates within a high-abuse density subnet (0.707 abuse density) with significant risk inheritance from neighboring addresses.

---

OWNERSHIP & GEOLOCATION

---

THREAT ASSESSMENT

Current Risk Profile:

• Overall Risk Score: 40/100 (Moderate)
• Provider Score: 0
• Authority Score: 0
• Stability Score: 0

Threat Indicators:

• Not a Tor exit node
• Not classified as known attacker
• Not a spam source
• DNSBL Status: Listed on 1 of 8 DNSBL feeds
• Abuse Confidence Score: Not available

Network Behavior:

• No open ports detected (firewalled/no services)
• TLS/HTTP services not actively probing
• Route stability: Stable (isRouteStable: true)
• DNSSEC: Valid

---

HISTORICAL SIGNALS

Observation Count: 26 historical signals recorded

Key Historical Observations:

• June 2026: Operator score 0.3043, basic routing classification
• June 19, 2026: Subnet abuse density signal (0.707 abuse density, high_abuse classification, 181 threat siblings in /24)
• June 14, 2026: Geolocation inference (GB, 55.38°N, -3.44°W, 750km accuracy radius)
• June 14, 2026: DNS resolution to ahrefs.net with CAA records present

Temporal Analysis: No persistent malicious behavior detected. Ownership changes: 0. Threat persistence days: 0.

---

NETWORK RELATIONSHIPS

Total Relationships: 62

• Network Associations: Multiple Same Network relationships to OVH_282347344
• Organization Links: Ahrefs domain infrastructure
• Subnet: 51.89.0.0/16 (OVH origin ASN 16276)

---

NEIGHBORHOOD ANALYSIS

Subnet: 51.89.129.0/24

• Abuse Density: 0.707 (High Abuse Classification)
• Total Siblings: 256 IPs
• Active Siblings: 194
• Threat Siblings: 181

Risk Distribution in /24:

• High Risk: 0
• Medium Risk: 70
• Low Risk: 30

Notable Neighbor Addresses:

• 51.89.129.0 (Risk: 40, Authority: 50)
• 51.89.129.1 (Risk: 50, Authority: 50)
• 51.89.129.2 (Risk: 40, Authority: 50)
• 51.89.129.3 (Risk: 40, Authority: 50)
• 51.89.129.4 (Risk: 40, Authority: 50)

---

RECOMMENDED SECURITY ACTIONS

Risk-Based Recommendation: Block (Risk Score: 40)

Firewall Rule Templates:

---

INTELLIGENCE NOTES FOR SOC ANALYSTS

1. Context: This is legitimate cloud infrastructure for Ahrefs (SEO analytics platform), but operates within an OVH data center subnet with elevated abuse activity.

2. Risk Factors: The high abuse density (0.707) in the /24 subnet indicates potential for compromised or misconfigured neighbors. The 181 threat siblings suggest significant abuse activity in this network segment.

3. DNSBL Presence: Single DNSBL listing suggests potential reputation issues, though not currently classified as active spam/threat source.

4. Recommendation: Apply firewall blocking rules as recommended, but maintain awareness that this is legitimate hosting infrastructure. Consider whitelist exceptions if legitimate Ahrefs traffic is expected.

5. Monitoring: Continue monitoring for changes in threat indicators. The subnet's high abuse density warrants periodic reassessment of traffic patterns from 51.89.129.0/24.

---

Status: Intelligence complete. Recommended actions generated for immediate implementation.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.