148.113.130.155
## INTELLIGENCE BRIEFING: 148.113.130.155/32
Classification: Moderate Risk / Cloud Infrastructure
Date: June 2026
Analyst: IPDebrief SOC Intelligence
---
EXECUTIVE SUMMARY
IP 148.113.130.155 is a cloud infrastructure endpoint hosted by OVH (ASN 16276) under organization Ahrefs Pte Ltd. The IP presents a moderate risk score of 40 with no direct threat indicators, though it resides within a high-abuse density subnet (0.6055). The endpoint is firewalled with no active services and no open ports detected. No campaigns or known malicious activity has been attributed to this specific address.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Ahrefs Pte Ltd (Dmytro)
- ASN: 16276 (OVH)
- Network Block: 148.113.130.0/24
- Infrastructure Type: Cloud Compute (OVH)
- Geolocation: Singapore (CA region assignment, 3000km accuracy radius)
- Contact: No abuse contact listed
---
THREAT ASSESSMENT
Risk Score: 40 / 100 (Moderate Risk)
Direct Indicators:
- Blacklist Count: 0
- Is Known Attacker: No
- Is Spam Source: No
- Is Tor Exit: No
- Is Proxy: No
Control Plane:
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Route Stability: Not stable
- DNSSEC: Valid
- RPKI State: Not evaluated
---
NEIGHBORHOOD CONTEXT
Subnet: 148.113.130.0/24
Abuse Density Metrics:
- Subnet Classification: High Abuse
- Abuse Density Score: 0.6055
- Inherited Risk Score: 24
- Total Siblings: 256
- Active Siblings: 168
- Threat Siblings: 155
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
---
NETWORK ROLE & SERVICES
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Server Banner: None
---
DNS & HOSTNAMES
- PTR Hostname: proxy-ca009-san155.ahrefs.net
- Forward Resolution: proxy-ca009-san155.ahrefs.net
- Forward Confirmed: No
- Associated Domain: ahrefs.net
- Email Auth: SPF: No, DMARC: No
---
OBSERVATION HISTORY
Total Observations: 21
Recent Activity Timeline:
- 2026-06-20: Operator score 0.2174, confidence 0.60-0.21
- 2026-06-15: Subnet abuse density 0.6055 confirmed, classification: high_abuse
- Threat Persistence: 0 days
- Ownership Changes: 0
Temporal Analysis: No persistent malicious behavior observed. Risk signals remain stable across observation period.
---
RELATIONSHIP MAPPING
29 relationships identified:
- Network Relationships: Multiple associations to OVH-CUST-281059688
- DNS Associations: 16+ entries for proxy-ca009-san155.ahrefs.net
Key Entities:
- Network: OVH-CUST-281059688
- Hostname: proxy-ca009-san155.ahrefs.net
---
RECOMMENDED SECURITY ACTIONS
Blocking Rules:
```bash
# iptables
iptables -A INPUT -s 148.113.130.155 -j DROP
# nftables
nft add rule inet filter input ip saddr 148.113.130.155 drop
# nginx
deny 148.113.130.155;
# pfSense
148.113.130.155/32
# Cloudflare WAF
{
"description": "Block 148.113.130.155 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 148.113.130.155"
}
}
# AWS WAF
{
"Addresses": ["148.113.130.155/32"],
"Description": "IPDebrief risk 40"
}
```
---
INTELLIGENCE ANALYSIS & RECOMMENDATIONS
Key Findings:
1. Clean Endpoint: No direct threat indicators despite moderate risk score
2. High-Abuse Subnet Context: The /24 subnet shows elevated abuse density (0.6055) with 155 threat siblings out of 256 total IPs
3. Legitimate Infrastructure: DNS hostname indicates association with Ahrefs (legitimate SEO/analytics platform)
4. Firewalled State: No services running; endpoint appears dormant or non-responsive
Assessment:
This IP represents a cloud compute endpoint within a high-abuse subnet environment. The moderate risk score (40) combined with zero direct threat indicators suggests the IP itself is not actively malicious. However, the subnet context (0.6055 abuse density, 155 threat siblings) warrants monitoring and consideration of blocking, particularly if the IP has been observed in malicious contexts.
Recommended Actions:
1. Monitor for activity on this IP
2. Consider blocking at perimeter if traffic observed
3. Investigate any incoming/outgoing connections to/from this IP
4. Review related IPs in the /24 subnet for additional context
Confidence Level: Medium โ Risk assessment based on subnet-level abuse patterns rather than direct threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san155.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san155.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 06:21:09 UTC |
| Last Seen | 2026-06-28 20:26:57 UTC |
| Profile Built | 2026-06-29 08:31:45 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.