# IP INTELLIGENCE BRIEFING
Target IP: 148.113.130.114/32
Date: 2026-06-20
Classification: Moderate Risk (Score: 40/100)
---
## EXECUTIVE SUMMARY
IP 148.113.130.114 is a moderate-risk (40/100) cloud hosting address assigned to OVH infrastructure under organization Dmytro, Ahrefs Pte Ltd (ASN 16276). The address belongs to a high-abuse density subnet (148.113.130.0/24) with 70.31% abuse density and 180 threat siblings among 256 total addresses. No direct threat indicators were observed, but the hosting environment warrants defensive monitoring.
---
## OWNERSHIP & NETWORK CLASSIFICATION
| Field | Value |
|---|---|
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | 16276 |
| Provider | OVH |
| Network | 148.113.130.0/24 (OVH-CUST-281059688) |
| Infrastructure Type | CloudCompute / Hosting |
| Country Registration | CA (Canada) |
Note: Geolocation validation flagged inconsistencies. The IP's registered location (Canada) shows 6,082km distance from expected coordinates with only 27ms RTT, well below the minimum possible 121.6ms for that distance. This discrepancy suggests unreliable geolocation data.
---
## THREAT ANALYSIS
Direct Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
Campaign Intelligence
- Campaign Likelihood: None
- Certificate Matches: 0
- Correlated IPs: 0
- Threat Feeds: No active threat feed matches
Network Role
- Cloud Infrastructure: Yes
- CDN: No
- Proxy: No
- VPN: No
- Hosting: Yes
- Open Ports: None detected
- Services: Firewalled / No Services
---
## NEIGHBORHOOD ANALYSIS
Subnet: 148.113.130.0/24
Abuse Density: 0.7031 (High)
Threat Classification: high_abuse
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 209 |
| Threat Siblings | 180 |
| Inherited Risk Score | 28 |
Risk Distribution: 100 medium-risk neighbors, 0 high-risk, 0 low-risk. The subnet represents a high-density hosting environment commonly utilized for both legitimate cloud services and abuse campaigns.
---
## OBSERVATION HISTORY
Total observations: 18 signals tracked
Recent activity patterns indicate:
- Consistent subnet classification as high-abuse
- Persistent hosting infrastructure designation
- Geo-validation failures on multiple probes
- No evidence of service banner changes or campaign emergence
---
## RELATIONSHIP MAPPING
41 relationships identified, predominantly "Same Network" associations pointing to OVH-CUST-281059688. No unique hostname-to-IP correlations beyond the primary DNS resolution.
DNS Resolution: proxy-ca009-san114.ahrefs.net (ahrefs.net domain)
- Forward confirmed: No
- Email authentication (SPF/DMARC): Not configured
- TXT records: 0
---
## RECOMMENDED ACTIONS
Based on risk profile (40/100) and high-abuse neighborhood context:
Firewall Recommendations
```bash
# iptables
iptables -A INPUT -s 148.113.130.114 -j DROP
# nftables
nft add rule inet filter input ip saddr 148.113.130.114 drop
# pfSense
148.113.130.114/32
```
WAF/CDN Rules
- Cloudflare WAF: Block IP (expression: `ip.src eq 148.113.130.114`)
- AWS WAF: Add 148.113.130.114/32 to IP Set with description "IPDebrief risk 40"
Monitoring Recommendations
1. Monitor for service activation on previously closed ports
2. Track for any DNS resolution changes to ahrefs.net variants
3. Implement subnet-level filtering for 148.113.130.0/24 if traffic patterns warrant
4. Correlate with threat intelligence feeds for emerging campaign indicators
---
## CONCLUSION
IP 148.113.130.114 presents moderate risk within a high-abuse hosting environment. The address lacks direct malicious indicators but operates in a subnet with significant abuse density (70.31%). The geo-location inconsistency and hosting classification suggest this is a cloud infrastructure address potentially used for legitimate services (ahrefs.net) or as a compromise platform.
Recommended Priority: Monitor or block based on organizational risk tolerance and traffic patterns. The inherited subnet risk score of 28 combined with moderate individual risk (40) suggests defensive filtering is prudent.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san114.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san114.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 40% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 06:32:26 UTC |
| Last Seen | 2026-06-28 23:38:31 UTC |
| Profile Built | 2026-06-29 05:40:27 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.