148.113.128.174
# INTELLIGENCE BRIEFING: 148.113.128.174/32
## EXECUTIVE SUMMARY
IP 148.113.128.174 operates within OVH's cloud infrastructure (AS16276) under the Ahrefs Pte Ltd organization. The IP presents a moderate risk profile (risk score: 50) with active DNSBL listings and is situated in a high-abuse density subnet (148.113.128.0/24) containing 171 identified threat siblings. No open services were detected; the IP is classified as "Firewalled / No Services."
## INFRASTRUCTURE PROFILE
- Network: OVH-CUST-281059693 (148.113.128.0/24)
- Organization: Ahrefs Pte Ltd (Dmytro)
- ASN: 16276 (OVH SAS)
- Geolocation: Reported as Canada (CA), though geo validation showed implausible RTT measurements (26ms for 6082km distance)
- Infrastructure Type: CloudCompute
- Hosting Classification: True (isHosting: true)
## THREAT INDICATORS
- Risk Score: 50 (Moderate Risk)
- Blacklist Count: 8 total DNSBL listings, 2 active with high severity ratings
- Abuse Confidence Score: Not available
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
The IP was observed on 2026-06-26 with port scanning activity and was attributed to AS16276 OVH. DNS records resolved to proxy-ca014-san174.ahrefs.net with forward confirmation pending.
## NETWORK CONTEXT
The /24 subnet (148.113.128.0/24) exhibits high abuse density (0.668) with the following distribution:
- Active Siblings: 208
- Threat Siblings: 171
- Total Siblings: 256
- Subnet Classification: high_abuse
Neighbor analysis across 100 sampled IPs showed uniform medium-risk classification. Control plane data indicated route changes within the past 30 days with an operator score of 0.2174 (Minimal).
## OBSERVATION HISTORY
Analysis of 19 historical observations captured on 2026-06-26 revealed:
- Multiple port scanning events with nested scan data
- Geographic attribution inconsistencies between Canada and Singapore sources
- DNS resolution to ahrefs.net domain with CAA record validation
- Blacklist enumeration showing 8 total listings with 2 active high-severity entries
The IP is not classified as persistently malicious (threatPersistenceDays: 0, threatObservationCount: 1).
## RELATIONSHIP MAPPING
The IP maintains 52 documented relationships, predominantly within the same network (OVH-CUST-281059693). No external entity correlations were identified beyond the hosting infrastructure.
## RECOMMENDED SECURITY ACTIONS
Based on the risk profile, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 148.113.128.174 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 148.113.128.174 drop
```
nginx:
```
deny 148.113.128.174;
```
pfSense:
```
148.113.128.174/32
```
Cloudflare WAF:
```json
{"description":"Block 148.113.128.174 โ IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 148.113.128.174"}}
```
AWS WAF:
```json
{"Addresses":["148.113.128.174/32"],"Description":"IPDebrief risk 50"}
```
## CONCLUSION
IP 148.113.128.174 is a cloud-computing resource within OVH's infrastructure associated with the Ahrefs domain. While no open services were detected and the IP is not flagged as a known attacker, the high-abuse subnet context and active DNSBL listings warrant defensive blocking. The moderate risk score (50) combined with 171 threat siblings in the /24 subnet suggests this IP should be treated with caution in security operations.
---
*Report generated using IPDebrief intelligence tools. Recommendations are probabilistic and should be combined with other signals before taking action.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca014-san174.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san174.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 02:50:20 UTC |
| Last Seen | 2026-06-27 18:47:14 UTC |
| Profile Built | 2026-06-28 12:53:09 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.