148.113.128.20
# IP INTELLIGENCE BRIEFING
Target: 148.113.128.20/32
Risk Assessment: Moderate Risk (Score: 40/100)
Analysis Date: [Current Date]
---
## EXECUTIVE SUMMARY
IP address 148.113.128.20 is assigned to OVH SAS (ASN 16276) and registered to Dmytro, Ahrefs Pte Ltd under network block 148.113.128.0/24. The IP resolves to proxy-ca014-san20.ahrefs.net and is classified as cloud hosting infrastructure. While currently showing no active threat indicators, the IP resides within a high-abuse-density subnet (0.5898) with 151 of 256 sibling IPs flagged as threats.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Provider | OVH SAS |
| Network Block | 148.113.128.0/24 |
| Location | Canada (QC, Beauharnois) |
| Infrastructure Type | CloudCompute |
| Classification | Cloud Hosting |
Geolocation Validation: Geovalidation flags indicate inconsistencyβreported location (Beauharnois, QC) shows RTT violation (29ms observed vs. 121.6ms minimum required for 6,082km distance). Multiple geolocation sources provide conflicting data with consensus not achieved.
---
## THREAT POSTURE
Current Status: No active threat indicators detected
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Threat Feeds: None populated
- Pulsedive Risk: Null
- DNSBL Listings: 1 of 8 lists (dnsblListedCount: 1)
DNS Configuration:
- PTR Hostname: proxy-ca014-san20.ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: No SPF/DMARC records detected
- CAA Records: Present
---
## OBSERVATION HISTORY
Analysis of 21 historical observations reveals temporal volatility:
- June 20, 2026: High-severity listing detected on 1 of 8 threat lists
- June 28, 2026: Recent DNS resolution to ahrefs.net confirmed with valid CAA records
- Network Classification: Stable as OVH cloud infrastructure
- Ownership: No changes detected
- Threat Persistence: Single observation (0 persistence days)
- Status: Not persistently malicious
---
## NEIGHBORHOOD ANALYSIS
Subnet: 148.113.128.0/24
Abuse Density: 0.5898 (High)
Inherited Risk: 23/100
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 204 |
| Threat Siblings | 151 |
| Risk Distribution | Medium: 100 / Low: 0 / High: 0 |
The subnet shows elevated abuse activity, with approximately 59% of IPs flagged as threats. This context warrants heightened monitoring despite the target IP's current clean status.
---
## NETWORK RELATIONSHIPS
35 relationships identified, primarily:
- Same Network: 30+ relationships to OVH-CUST-281059693 network block
- No relationships to external organizations, hostnames, or certificates detected
---
## SECURITY RECOMMENDATIONS
Risk Score: 40/100 (Moderate)
Recommendation: Monitor with optional blocking based on operational requirements
Recommended Firewall Rules:
```
iptables: iptables -A INPUT -s 148.113.128.20 -j DROP
nftables: nft add rule inet filter input ip saddr 148.113.128.20 drop
nginx: deny 148.113.128.20;
```
Cloud Platform Rules:
- Cloudflare WAF: Block with expression `ip.src eq 148.113.128.20`
- AWS WAF: Add rule for `148.113.128.20/32`
---
## ANALYST NOTES
1. Subnet Context: The high abuse density in 148.113.128.0/24 (151 threat siblings) suggests this IP block is frequently abused. Blocking may reduce lateral movement risk.
2. Ahrefs Association: DNS resolution to ahrefs.net indicates legitimate use case, but the hosting provider (OVH) is known for high-abuse density.
3. Temporal Signals: Historical data shows transient threat listings, suggesting the IP has been reused or reassigned previously.
4. Action Threshold: At Risk Score 40, this IP falls in the moderate-risk category. Blocking is recommended if the organization has strict threat posture requirements.
5. Monitoring Priority: Mediumβmaintain logging and monitor for service activity or reputation changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca014-san20.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san20.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 20:59:17 UTC |
| Last Seen | 2026-06-28 15:17:18 UTC |
| Profile Built | 2026-06-29 03:21:45 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.