148.113.130.127
# IP INTELLIGENCE BRIEFING
Target: 148.113.130.127/32
Classification: Moderate Risk
Date: 2026-06-28
---
## EXECUTIVE SUMMARY
IP address 148.113.130.127 operates from OVH cloud infrastructure under the "Dmytro, Ahrefs Pte Ltd" organization assignment. Risk assessment yields a score of 50/100 (Moderate Risk). The IP is associated with a high-abuse-density subnet (148.113.130.0/24) and exhibits geolocation inconsistencies that warrant further investigation.
---
## NETWORK INFRASTRUCTURE
- Organization: OVH (ASN 16276)
- CIDR Block: 148.113.130.0/24
- Infrastructure Type: CloudCompute / Hosting
- Connection Type: Firewalled / No Services Detected
- Geolocation Claim: Singapore (CA)
- Reverse DNS: proxy-ca009-san127.ahrefs.net
---
## THREAT INDICATORS
- Risk Score: 50/100 (Moderate)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 2 of 8 lists
- Threat Feeds: None associated
- Active Ports: None detected
---
## GEOLOCATION ANOMALY
Critical inconsistency detected in geolocation data:
- Claimed Location: Singapore (43.6319, -79.3716)
- Observed RTT: 26ms minimum
- Minimum Expected RTT: 121.6ms for Singapore distance
- Violation Status: RTT 26.0ms < minimum possible 121.6ms for 6082km
- GeoPlausible Flag: False
- Geolocation Consensus: False
This suggests either misconfigured geolocation data or the IP is being used in an unexpected geographic location.
---
## SUBNET ANALYSIS
- Subnet: 148.113.130.0/24
- Abuse Density: 0.5195 (High Abuse)
- Classification: high_abuse
- Active Siblings: 163 of 256 total
- Threat Siblings: 133
- Inherited Risk Score: 20
The subnet exhibits elevated abuse activity, with 51.95% abuse density. This contextualizes the target IP within a higher-risk environment.
---
## OBSERVATION HISTORY
- Total Observations: 19
- Threat Observation Count: 1
- Persistence Status: Not persistently malicious
- Recent Classifications:
- 2026-06-28: CloudCompute, OVH hosting
- 2026-06-20: OVH hosting, no CDN/proxy/Tor
The IP maintains consistent cloud infrastructure classification but shows minimal operator score (0.2174, labeled "Minimal").
---
## RELATIONSHIP GRAPH
- Total Relationships: 36
- Primary Association: OVH-CUST-281059688 (Same Network)
- Certificate Matches: 0
- Correlated IPs: 0
- Campaign Matches: 0
Limited relationship diversity; primarily network-level associations with no certificate or organizational links detected.
---
## RECOMMENDED ACTIONS
Based on the moderate risk score and subnet abuse density, the following firewall rules are recommended:
iptables
```bash
iptables -A INPUT -s 148.113.130.127 -j DROP
```
nftables
```bash
nft add rule inet filter input ip saddr 148.113.130.127 drop
```
nginx
```nginx
deny 148.113.130.127;
```
pfSense
```
148.113.130.127/32
```
Cloudflare WAF
```json
{
"description": "Block 148.113.130.127 โ IPDebrief risk score 50",
"action": "block",
"filter": {
"expression": "ip.src eq 148.113.130.127"
}
}
```
AWS WAF
```json
{
"Addresses": ["148.113.130.127/32"],
"Description": "IPDebrief risk 50"
}
```
---
## ANALYST NOTES
1. Geolocation Inconsistency: The significant RTT violation suggests either routing anomalies or potential location spoofing. Cross-reference with traffic logs if this IP is observed.
2. Subnet Context: The 148.113.130.0/24 subnet has high abuse density. Consider blocking the entire /24 if the risk threshold permits, though this may impact legitimate OVH customers.
3. Service Status: No open ports detected. If traffic is observed from this IP, it may be using non-standard ports or protocols.
4. AHREFS Association: The reverse DNS points to ahrefs.net infrastructure. Verify if this is legitimate use or potential credential stuffing/abuse of a known service.
5. Action Priority: Moderate risk with no direct threat indicators. Recommend monitoring rather than immediate blocking if traffic is legitimate. Escalate if geolocation discrepancies correlate with malicious activity.
---
Report Generated: IPDebrief Intelligence Platform
Analysis Methodology: Multi-source signal aggregation with cross-validation
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san127.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san127.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 03:21:49 UTC |
| Last Seen | 2026-06-28 05:59:25 UTC |
| Profile Built | 2026-06-29 00:04:57 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.