148.113.128.106
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 148.113.128.106
Date: 2026-06-13
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Owned by Ahrefs Pte Ltd (OVH ASN 16276).
- Geolocation: Registered to Singapore (CA), but geo-validation flags plausibility issues (RTT 25ms vs. expected 121.6ms for 6,082km distance).
- Network Role: CloudCompute infrastructure (OVH-hosted, no residential/mobile traffic).
- Services: No open ports or TLS certificates detected.
---
**2. Threat & Abuse Indicators**
- Threat Score: 0/100 (no malicious indicators).
- DNSBL Listings: 1 out of 8 DNSBL lists (potential abuse risk).
- Subnet Abuse Density: 37% (mixed classification, 93 threat siblings in 148.113.128.0/24).
- DNSSEC: Validated, but CAA records and DNSSEC configuration show partial coverage.
---
**3. Observation History**
- Stability: Unstable routing (route changes in last 30 days).
- RTT Anomalies: Consistently low RTT (25ms) for a geographically distant IP, suggesting spoofed geolocation or proxy usage.
- No Persistent Threats: No tracked malicious campaigns or long-term risk signals.
---
**4. Relationships & Neighbors**
- DNS Associations: Linked to proxy-ca014-san106.ahrefs.net (Ahrefs hostname).
- Subnet Neighbors: 251 IPs in 148.113.128.0/24, with 93 flagged as potential threats.
- Network Context: Part of OVHโs OVH-CUST-281059693 network block.
---
**5. Recommended Actions**
- Monitor Traffic: Track unusual DNS activity or unexpected traffic patterns to the associated hostname.
- Verify Geolocation: Investigate spoofed RTT anomalies to confirm legitimate usage.
- Subnet Review: Assess 148.113.128.0/24 for potential lateral movement or abuse.
- DNSSEC Compliance: Ensure CAA records and DNSSEC policies are fully configured to mitigate spoofing risks.
---
Summary: This IP is a low-risk cloud compute instance associated with Ahrefs, but its subnet contains a notable threat density. While no direct malicious activity is detected, anomalies in geolocation and DNSBL listings warrant further investigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca014-san106.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san106.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Claimed geolocation contradicts RTT physics measurement
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:44 UTC |
| Last Seen | 2026-06-26 23:35:58 UTC |
| Profile Built | 2026-06-27 19:49:57 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
๐ 21 signal types ยท 28 observations collected
This report is generated from 21+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.