148.113.128.160

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 148.113.128.160

Date: 2026-06-06

---

1. Core Profile

Risk Score: Low (25/100)
Provider: OVH (ASN 16276)
Organization: Ahrefs Pte Ltd (OVH-CUST-281059693)
Geolocation: Singapore (CA), but geoPlausible is false (RTT anomaly detected).
Network Role: Cloud-hosted server (no residential/mobile/mobile).
Threat Indicators: No malicious activity detected (no abuse lists, spam, or campaigns).

---

2. Observation History

Consistent Behavior:

- Flagged as a cloud-hosted server with no exposed services (openPorts: empty).

- TLS scan detected but no certificates found.

- DNS resolution to `proxy-ca014-san160.ahrefs.net` (likely CDN/proxy).

Subnet Analysis:

- Part of 148.113.128.0/24 subnet.

- Subnet abuse density: 28.6% (71/248 IPs flagged as threats).

- Recent activity: No changes in risk profile over 30 days.

---

3. Relationships

Network Connections:

- Linked to OVH-CUST-281059693 (same provider/organization).

- No direct ties to known malicious entities or campaigns.

DNS:

- Resolves to `ahrefs.net` with CAA records but no SPF/DMArc.

- No email reputation data available.

---

4. Neighborhood Analysis

Subnet Risks:

- 71/248 IPs in the subnet are flagged as threats (28.6% abuse density).

- 131 active IPs in the subnet, with 71 showing threat indicators.

Neighbors:

- Mixed risk scores (0–50). Notable:

- IPs with high risk scores (e.g., 50) in the same subnet.

- Potential lateral movement risk due to subnet-wide threats.

---

5. Recommendations

Monitor Subnet: The subnet has a high abuse density; investigate potential lateral movement or compromised hosts.
Secure DNS: Ensure DNS records (`ahrefs.net`) are properly configured with SPF/DMArc to mitigate email risks.
Block High-Risk Neighbors: Consider blocking IPs with high risk scores in the 148.113.128.0/24 subnet to mitigate exposure.
Verify GeoPlausibility: The IP’s RTT anomaly suggests potential misconfiguration or spoofing; validate geolocation data.

Note: This IP is currently low risk, but its subnet warrants closer scrutiny due to the presence of malicious activity in the same network.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	—
City	Singapore
Timezone	—
Latitude	43.63
Longitude	-79.37

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059693
CIDR Block	148.113.128.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca014-san160.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca014-san160.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	15%	2	2
ownership	12%	2	2
reputation	28%	1	3
geolocation	31%	2	3
Overall	21%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-12 03:42:48 UTC
Last Seen	2026-06-27 20:48:45 UTC
Profile Built	2026-06-28 14:54:47 UTC
Data Freshness	Live
Signal Types	21
Total Observations	25

🔍 21 signal types · 25 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

148.113.128.160📋 Copy

**1. Core Profile**

**2. Observation History**

**3. Relationships**

**4. Neighborhood Analysis**

**5. Recommendations**