148.113.130.144
# IP INTELLIGENCE BRIEFING
Target IP: 148.113.130.144/32
Analysis Date: Current Session
Classification: Moderate Risk (Score: 40/100)
---
## EXECUTIVE SUMMARY
IP address 148.113.130.144 is registered to OVH (ASN 16276) under organization "Dmytro, Ahrefs Pte Ltd" and operates within a high-abuse subnet (148.113.130.0/24). The IP presents as a cloud compute infrastructure asset with proxy-style hostname characteristics. Significant geolocation validation anomalies and high subnet abuse density warrant defensive consideration.
---
## TECHNICAL PROFILE
Ownership & Registration
| Field | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 148.113.130.0/24 |
| **RIR** | ARIN |
| **Infrastructure Type** | CloudCompute / Hosting |
Geolocation Analysis
| Parameter | Finding |
|---|---|
| **Claimed Location** | Singapore |
| **Reported Country** | CA (Canada) |
| **Distance Discrepancy** | 6,082 km |
| **RTT Violation** | 27ms observed vs. 121.6ms minimum required for claimed distance |
| **Geo Validation** | FAILED - RTT implausibly low for geographic claim |
Assessment: Geolocation data is inconsistent and unreliable. The RTT violation indicates the IP's claimed location does not match network path characteristics.
---
## NETWORK BEHAVIOR
Subnet Characteristics
| Metric | Value |
|---|---|
| **Abuse Density** | 0.668 (High) |
| **Subnet Classification** | High Abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 209 |
| **Threat Siblings** | 171 |
Assessment: The /24 subnet exhibits elevated abuse activity with 66.8% abuse density. The IP operates within a high-risk network environment.
DNS & Hostname Analysis
- PTR Hostname: proxy-ca009-san144.ahrefs.net
- Forward Resolution: proxy-ca009-san144.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution Confirmed: No
- Observation: "Proxy" naming convention in PTR record is consistent with proxy/scraper infrastructure.
Service Exposure
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Infrastructure Status: Firewalled / No Services
---
## OBSERVATION HISTORY
Total observations: 21 (June 2026 window)
Key Observations:
1. Infrastructure Classification: Consistent cloud compute classification across observations
2. Abuse Classification: Persistent "high_abuse" subnet classification
3. Geolocation Signals: Multiple conflicting geolocation reports including Canada (CA) and Singapore claims
4. RTT Violations: Recurrent RTT anomalies suggesting location spoofing or inaccurate database entries
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Threat Observation Count: 1
---
## RELATIONSHIP GRAPH
Total Relationships: 48
- Primary Type: Same Network (OVH-CUST-281059688)
- Associated Networks: Multiple OVH customer network identifiers
Assessment: Extensive network relationships within OVH customer infrastructure. All connections indicate same-network peer relationships rather than external threat associations.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Known Attacker** | No |
| **Spam Source** | No |
| **Tor Exit Node** | No |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Abuse Confidence Score** | Not Available |
Control Plane:
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Route Stability: False
- RPKI State: Not Available
---
## DEFENSIVE ACTIONS
Recommended Firewall Rules
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 148.113.130.144 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 148.113.130.144 drop` |
| **nginx** | `deny 148.113.130.144;` |
| **pfSense** | `148.113.130.144/32` |
| **Cloudflare WAF** | Block with description: "IPDebrief risk score 40" |
| **AWS WAF** | Add address: 148.113.130.144/32 |
Recommended Actions
- Monitor: Subnet 148.113.130.0/24 for elevated activity
- Correlate: Review connected network peers for coordinated behavior
- Context: Evaluate against known Ahrefs/scraper tool infrastructure patterns
---
## ANALYST NOTES
1. Risk Level: The IP presents moderate risk (40/100) primarily due to subnet-level abuse density rather than confirmed malicious activity.
2. False Positive Consideration: The "proxy" hostname and cloud infrastructure placement suggest this may be legitimate proxy/scraper service infrastructure. The organization "Ahrefs" is a legitimate SEO tool provider.
3. Geolocation Anomaly: The RTT violation (27ms for 6,082km distance) represents a clear data quality issue that should be flagged for database correction.
4. Subnet Context: With 171 threat siblings in the /24, blocking the single IP may be justified for risk containment, but subnet-level monitoring is recommended.
5. Action Priority: MEDIUM โ No active threat indicators detected, but elevated subnet context warrants defensive blocking with monitoring.
---
Classification: UNCLASSIFIED
Distribution: SOC/Security Operations
Prepared By: IPDebrief Intelligence Analysis
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san144.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san144.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:15 UTC |
| Last Seen | 2026-06-28 13:39:16 UTC |
| Profile Built | 2026-06-29 07:42:48 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.