148.113.128.223
# IPDEBRIEF INTELLIGENCE BRIEFING
IP Address: 148.113.128.223/32
Report Date: 2026-06-15
## EXECUTIVE SUMMARY
IP 148.113.128.223 is a cloud infrastructure endpoint operated by OVH (ASN 16276) under organization Dmytro, Ahrefs Pte Ltd. The IP carries a moderate risk score of 40 and is associated with the ahrefs.net domain. Geographic location indicators show Beauharnois, Quebec, Canada, though RTT validation anomalies suggest possible misattribution or proxy usage. The IP resides within a high-abuse subnet (148.113.128.0/24) with 60.55% abuse density and 155 out of 204 active sibling IPs flagged as threats. No active threat indicators were observed, but the neighborhood context warrants defensive caution.
## NETWORK PROFILE
Ownership & Classification:
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 148.113.128.0/24
- RIR: ARIN
- Infrastructure Type: CloudCompute (Hosting enabled)
Geolocation:
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Beauharnois
- Geographic Plausibility: FALSE
- RTT Violation: Observed 31ms vs minimum expected 121.6ms for 6082km distance
Network Services:
- Open Ports: None detected
- HTTP Title/Server Banner: None
- TLS Certificate: None
- Status: Firewalled / No Services
## THREAT INDICATORS
Current Risk Assessment:
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Is Known Attacker: FALSE
- Is Tor Exit: FALSE
- Is Spam Source: FALSE
- Is Proxy: FALSE
Control Plane Signals:
- DNSBL Listed Count: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Route Stability: UNSTABLE
- BGP Prefix: 148.113.128.0/17
- Route Changes (30d): 0
## NEIGHBORHOOD ANALYSIS
Subnet: 148.113.128.0/24
- Total Siblings: 256
- Active Siblings: 204
- Threat Siblings: 155
- Abuse Density: 60.55%
- Classification: HIGH_ABUSE
- Inherited Risk: 24
Risk Distribution in Subnet:
- High Risk: 0 IPs
- Medium Risk: 97 IPs
- Low Risk: 3 IPs
## HISTORICAL OBSERVATIONS
Observation Count: 18 signals recorded
Most Recent Activity: 2026-06-15T13:20:13 UTC
Key Historical Signals:
- 2026-06-15T13:20:13: Subnet abuse density observed at 60.55%
- 2026-06-15T13:11:19: Geolocation validation failed (RTT anomaly)
- 2026-06-15T13:11:12: Control plane operator score recorded at 0.2174
- 2026-06-09T14:05:33: DNS resolution to ahrefs.net observed
## RELATIONSHIP GRAPH
Total Relationships: 28
Network Associations: OVH-CUST-281059693 (multiple entries)
DNS Associations: proxy-ca014-san223.ahrefs.net (16 occurrences)
Associated Domain: ahrefs.net
- Forward Resolution: 1 hostname
- Reverse PTR: proxy-ca014-san223.ahrefs.net
- Forward Confirmed: FALSE
- Email Authentication (SPF/DMARC): Not configured
## RECOMMENDED ACTIONS
Immediate Mitigation:
| System | Recommended Action |
|---|---|
| iptables | `iptables -A INPUT -s 148.113.128.223 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 148.113.128.223 drop` |
| nginx | `deny 148.113.128.223;` |
| pfSense | `148.113.128.223/32` |
| Cloudflare WAF | Block IP with expression: `ip.src eq 148.113.128.223` |
| AWS WAF | Block `148.113.128.223/32` |
Rationale: Despite moderate risk score and lack of direct threat indicators, the IP resides within a high-abuse subnet with 76% of active siblings flagged as threats. The RTT geolocation violation and DNSBL listing suggest potential abuse patterns warranting blocking.
## ANALYST NOTES
1. Domain Association: IP resolves to ahrefs.net proxy hostname. Verify legitimate use case with asset owner.
2. Subnet Context: Consider blocking entire /24 subnet if traffic volume justifies it, given 76% threat sibling ratio.
3. Geolocation Anomaly: RTT violation (31ms vs 121.6ms minimum) indicates potential proxy, CDN, or datacenter location misattribution.
4. No Active Services: No open ports or HTTP responses detectedβlikely firewalled hosting infrastructure.
5. Historical Persistence: 18 observations over recent period indicate consistent monitoring activity.
Classification: MODERATE RISK / MONITOR
Priority: MEDIUM
---
*Generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca014-san223.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san223.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 20:59:17 UTC |
| Last Seen | 2026-06-28 15:17:26 UTC |
| Profile Built | 2026-06-29 09:22:07 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 25 |
Full dossier details are available via our API.