148.113.130.164
## IP INTELLIGENCE BRIEFING
Target: 148.113.130.164/32
Classification: Moderate Risk (Score: 40)
Date: 2026-06-21
Analyst: IPDebrief Intelligence Division
---
EXECUTIVE SUMMARY
IP address 148.113.130.164 is associated with OVH hosting infrastructure (ASN: 16276) and resolves to a hostname under the ahrefs.net domain. The IP shows moderate risk characteristics with a score of 40/100. The subnet (148.113.130.0/24) exhibits elevated abuse density (0.6094) and is classified as high_abuse, with 156 of 256 active siblings flagged as threats. The IP is currently firewalled with no open services detected.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 148.113.130.0/24
- Provider: OVH (OVH-CUST-281059688)
- Infrastructure Type: CloudCompute/Hosting
- Geolocation: Reported as Canada (CA) with 3000km accuracy radius; Singapore coordinates also detected in some signals
- Geo Validation Anomaly: Significant discrepancy observedβ6082km distance reported with 27ms RTT, violating minimum possible RTT of 121.6ms for that distance
---
NETWORK CLASSIFICATION
| Attribute | Status |
|---|---|
| Provider | OVH |
| Hosting | Yes |
| Cloud | Yes |
| CDN | No |
| VPN/Proxy | No |
| Tor Exit | No |
| Mobile | No |
| Residential | No |
| Bogon | No |
| Anycast | No |
- Service State: Firewalled/No Services Detected
- Open Ports: None observed
- TLS Certificate: Not detected
---
DNS & IDENTIFIERS
- PTR Hostname: proxy-ca009-san164.ahrefs.net
- Forward Resolved: proxy-ca009-san164.ahrefs.net
- DNSSEC Valid: Yes
- CAA Records: Present
- DNSBL Listed: 1 of 8 total lists (dnsblListedCount: 1)
---
THREAT INDICATORS
- Abuse Confidence Score: Not reported
- Known Campaigns: None identified
- Threat Feeds: No matches
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
---
SUBNET CONTEXT (148.113.130.0/24)
- Abuse Density: 0.6094 (High)
- Total Siblings: 256
- Active Siblings: 183
- Threat Siblings: 156
- Subnet Classification: high_abuse
- Inherited Risk: 24/100
- Risk Distribution: All sampled neighbors (100) show medium risk (Score: 40)
---
OBSERVATION HISTORY
- Total Observations: 21
- Latest Activity: 2026-06-21
- Threat Persistence Days: 0
- Observation Count: 1
Key historical signals:
- Cloud infrastructure classification (OVH) detected with 0.90 confidence
- Port scanning activity recorded on 2026-06-16
- Subnet abuse density flagged as high (0.6094)
- Operator score: 0.2174 (Minimal risk)
- Geolocation signals inconsistent across probes
---
CONTROL PLANE DATA
- Origin ASN: 16276
- BGP Prefix: 148.113.128.0/17
- Route Stability: False
- RPKI State: Not reported
- IRR Consistency: Not reported
- Route Changes (30d): 0
---
ASSOCIATED ENTITIES
- Network: OVH-CUST-281059688 (28 relationships)
- Hostname: proxy-ca009-san164.ahrefs.net (14 DNS associations)
---
RECOMMENDATIONS
1. Monitor subnet 148.113.130.0/24 for malicious activity given high abuse density and 60%+ threat sibling ratio
2. Investigate geovalidation discrepancyβreported location (Canada/Singapore) does not match RTT data; potential spoofing or routing anomaly
3. DNS reputation checkβhostname proxy-ca009-san164.ahrefs.net should be evaluated for campaign association
4. Traffic analysisβno open services detected, but verify firewall rules are active and not being bypassed
5. Correlationβ156 threat siblings in subnet warrant cross-reference for potential campaign linkage
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca009-san164.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san164.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 24% | 2 | 3 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-29 18:14:14 UTC |
| Last Seen | 2026-06-29 06:35:20 UTC |
| Profile Built | 2026-06-29 06:43:50 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.