148.113.128.102
# IP Intelligence Briefing: 148.113.128.102/32
Date: 2026-06-20
Classification: MODERATE RISK / HIGH ABUSE SUBNET
Analyst: IPDebrief Intelligence
---
## Executive Summary
IP 148.113.128.102 is a cloud-hosted infrastructure address assigned to Ahrefs Pte Ltd via OVH (ASN 16276). The IP is currently firewalled with no active services and demonstrates a moderate overall risk score (50). However, the parent /24 subnet exhibits elevated abuse characteristics, with 175 threat-sibling addresses identified within the network block. The IP was recently listed on 8 DNSBLs, indicating active reputation degradation.
---
## Ownership & Geolocation
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 148.113.128.0/24
- Registered RIR: ARIN
- Geolocation: Canada (CA) / Singapore (reported)
- Service Type: Hosting / Cloud Infrastructure
- Status: Firewalled / No Open Services
---
## Threat Assessment
- Risk Score: 50 (Moderate)
- Threat Indicators: None directly associated with this IP
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- DNSBL Listings: 8 total (2 active listings)
- Operator Score: 0.2174 (Minimal)
- Persistent Malicious Activity: No (single observation only)
---
## Subnet Intelligence (148.113.128.0/24)
- Abuse Density: 0.6836 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 208
- Threat Siblings: 175
- Inherited Risk Score: 27
The subnet demonstrates concentrated threat activity, with approximately 68% of active addresses flagged as potentially malicious. This contextual risk factor should be considered when evaluating traffic from this network block.
---
## Relationship Network
- Total Relationships: 37
- Primary Association: OVH-CUST-281059693 network block
- Hosted Domain: ahrefs.net (proxy-ca014-san102.ahrefs.net)
- Forward Resolution: Confirmed to ahrefs.net DNS infrastructure
- Connection Type: Proxy CA014-SAN102
The IP is integrated into the Ahrefs proxy infrastructure, with multiple same-network relationships indicating shared hosting environment.
---
## Behavioral History
- Total Observations: 22
- Most Recent Signal: 2026-06-20 02:41:31 UTC
- Threat Observation Count: 1
- Ownership Changes: None
- Route Stability: Not Stable (route changes detected in last 30 days)
Historical data indicates minimal persistent malicious behavior. The IP was recently listed across multiple threat feeds, suggesting temporary reputation issues rather than established malicious operations.
---
## Recommended Actions
Immediate Mitigation
1. Monitor Inbound Traffic: Implement rate limiting for connections from 148.113.128.0/24 subnet
2. DNSBL Verification: Confirm current DNSBL listing status and evaluate delisting options
3. Geolocation Consistency: Investigate CA vs. Singapore geolocation discrepancy
Firewall Rules (Recommended)
```bash
# Block or rate-limit subnet due to high abuse density
iptables -A INPUT -s 148.113.128.0/24 -j DROP
# OR for monitoring:
iptables -A INPUT -s 148.113.128.0/24 -j LOG --log-prefix "HIGH_ABUSE:"
```
Observation Priority
- Monitor: Subnet-level traffic patterns from 148.113.128.0/24
- Correlate: Check for related IPs in the same /24 block
- Contextualize: Evaluate against Ahrefs proxy infrastructure baseline
---
## Conclusion
IP 148.113.128.102 presents moderate risk within a high-abuse hosting environment. While the specific address shows no direct threat indicators, the subnet's elevated abuse density (68%) warrants defensive monitoring. Traffic from this network block should be evaluated with increased scrutiny, particularly given the recent DNSBL listings and unstable routing characteristics.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca014-san102.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san102.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 09:09:34 UTC |
| Last Seen | 2026-06-28 04:48:13 UTC |
| Profile Built | 2026-06-28 22:53:22 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.