148.113.128.59
# IP Intelligence Briefing: 148.113.128.59/32
Classification: Moderate Risk (Score: 40/100)
Report Date: June 2026
Analyst: IPDebrief Intelligence Team
## Executive Summary
IP 148.113.128.59 is a cloud-based infrastructure address associated with OVH Canada operations. The IP exhibits moderate risk characteristics with no direct threat indicators but exists within a high-abuse-density subnet. The address resolves to proxy-ca014-san59.ahrefs.net, indicating association with Ahrefs services. Current firewall rules recommend blocking due to elevated neighborhood risk.
## Key Findings
Ownership & Infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network: OVH-CUST-281059693, 148.113.128.0/24
- Infrastructure Type: CloudCompute (hosting provider)
- Location: Beauharnois, Quebec, Canada
Network Classification
- Provider: OVH
- Infrastructure: Cloud-based hosting service
- Services: No open ports detected (firewalled/no services)
- DNS Resolution: proxy-ca014-san59.ahrefs.net (ahrefs.net)
- Status: Active but service-quiet
Threat Indicators
- Blacklist Status: Not listed on major threat feeds
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- DNSBL Listed: 1 of 8 lists (minor concern)
- Campaign Association: None detected
- Persistence: Single threat observation, not persistently malicious
Neighborhood Risk Assessment
- Subnet Abuse Density: 0.6836 (high abuse classification)
- Inherited Risk Score: 27
- Total /24 Siblings: 256
- Active Siblings: 208
- Threat Siblings: 175
- Risk Distribution: 100 medium-risk neighbors, 0 high, 0 low
- Control Plane Stability: Route changes detected, minimal operator score (0.2174)
Historical Observation
- Total Observations: 22
- Recent Classification: High abuse subnet
- Cloud Infrastructure: Confirmed OVH cloud environment
- Geolocation: Consistent Canada location reporting
- Threat Persistence: No persistent malicious behavior observed
## Risk Assessment
| Factor | Score | Assessment |
|---|---|---|
| Overall Risk | 40/100 | Moderate |
| Provider Risk | 0/100 | Neutral (OVH) |
| Authority Risk | 0/100 | Neutral |
| Neighborhood Risk | 27/100 | Elevated (high-abuse subnet) |
| Threat Indicators | None | Clean |
## Recommended Actions
Immediate Mitigation
The following firewall rules are recommended based on the IP's risk profile:
iptables:
```
iptables -A INPUT -s 148.113.128.59 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 148.113.128.59 drop
```
nginx:
```
deny 148.113.128.59;
```
pfSense:
```
148.113.128.59/32
```
Cloudflare WAF:
```json
{
"description": "Block 148.113.128.59 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 148.113.128.59"
}
}
```
AWS WAF:
```json
{
"Addresses": ["148.113.128.59/32"],
"Description": "IPDebrief risk 40"
}
```
SOC Analyst Considerations
1. Subnet Context: The 148.113.128.0/24 subnet shows elevated abuse density (0.6836) with 175 of 256 siblings classified as threats. Consider implementing broader subnet-level rules if traffic patterns warrant.
2. Legitimate Use: The DNS resolution to ahrefs.net indicates potential legitimate association with SEO/web analytics services. Evaluate against your organization's threat intelligence for Ahrefs-related activity.
3. Cloud Provider: OVH is a major cloud hosting provider; false positives may occur if the IP is used for legitimate hosting services.
4. Monitoring: No active campaigns or persistent malicious behavior detected. Monitor for changes in DNS resolution or new threat indicators.
## Conclusion
IP 148.113.128.59 presents moderate risk primarily due to its location within a high-abuse-density subnet. While no direct threat indicators are present, the neighborhood context (175 threat siblings) suggests elevated risk of misuse. The recommended block action provides reasonable protection, though SOC analysts should weigh this against potential legitimate traffic to Ahrefs-related services.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca014-san59.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san59.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 03:07:32 UTC |
| Last Seen | 2026-06-28 04:13:52 UTC |
| Profile Built | 2026-06-28 22:19:08 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.