148.113.130.176
# IP Intelligence Briefing: 148.113.130.176
Classification: Moderate Risk Cloud Infrastructure IP
Date: June 2026
Prepared For: SOC Operations Team
---
## Executive Summary
IP address 148.113.130.176 was analyzed as a moderate-risk cloud infrastructure endpoint associated with OVH hosting services. The IP resolved to a hostname under the ahrefs.net domain but presents no confirmed malicious indicators. The endpoint operates within a high-abuse-density subnet (148.113.130.0/24) with 176 threat-identified siblings out of 209 active addresses.
---
## Profile Data
Risk Assessment:
- Overall Risk Score: 40 (Moderate)
- Provider Score: 0
- Authority Score: 0
- Abuse Confidence Score: Not assigned
Ownership & Network:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 148.113.130.0/24 (OVH-CUST-281059688)
- Infrastructure Type: Cloud Compute / Hosting
- Classification: Cloud hosting provider
Geolocation:
- Country: Singapore (City-level designation)
- Note: Country code CA indicated in control plane data
DNS & Services:
- PTR Record: proxy-ca009-san176.ahrefs.net
- Forward Resolution: proxy-ca009-san176.ahrefs.net
- Forward Confirmation: Inconsistent (forwardConfirmed: false)
- Open Ports: None detected
- TLS Certificate: None detected
- HTTP Title: None detected
- Email Authentication: SPF and DMARC records absent
Threat Indicators:
- Known Campaigns: None
- Known Attacker Status: False
- Tor Exit Node: False
- Spam Source: False
- Blacklist Count: 0
- DNSBL Lists: 1 of 8 lists (dnsblListedCount: 1)
---
## Observation History
Total Observations: 21 signals
Temporal Activity:
- Most Recent: 2026-06-28 (21:05:14 UTC)
- Previous: 2026-06-20 (18:58:57 UTC)
Signal Evolution:
- June 28, 2026: Operator score 0.087, label "Minimal" (confidence 0.30)
- June 20, 2026: Operator score 0.2174, label "Minimal" (confidence 0.60)
- Network classification consistent: OVH cloud/hosting (isHosting: true)
- No persistence of malicious behavior observed (threatPersistenceDays: 0)
- Not classified as persistently malicious
---
## Neighborhood Analysis
Subnet: 148.113.130.0/24
Total Siblings: 256 (IPv4 /24 block)
Active Siblings: 209
Threat Siblings: 176
Abuse Density: 0.6875 (High abuse classification)
Inherited Risk Score: 27
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 100 (100% of sampled neighbors)
- Low Risk: 0
- Sample neighbor risk scores range from 40-50
Interpretation: The /24 subnet demonstrates elevated abuse density with 68.75% abuse classification. This indicates the subnet is heavily utilized for hosting services and may attract abuse.
---
## Relationship Graph
Total Relationships: 33
Relationship Types: Same Network
Targets: OVH-CUST-281059688 (repeated 33 times)
No relationships detected to external hostnames, certificates, or organizations beyond the network assignment.
---
## Recommended Actions
Risk-Based Recommendation: Block/Drop traffic
Firewall Rules Generated:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 148.113.130.176 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 148.113.130.176 drop` |
| nginx | `deny 148.113.130.176;` |
| pfSense | `148.113.130.176/32` |
| Cloudflare WAF | Block with expression `ip.src eq 148.113.130.176` |
| AWS WAF | Address: 148.113.130.176/32 |
Note: Recommendations are probabilistic and should be combined with other signals before taking action.
---
## Analyst Notes
The IP presents a moderate-risk profile typical of cloud hosting infrastructure. While no active threat indicators were detected, the subnet context (high abuse density) suggests heightened scrutiny is warranted. The ahrefs.net DNS association indicates legitimate SEO/analytics tooling usage, but the absence of email authentication records and the subnet's abuse profile warrant blocking in defensive contexts. Continuous monitoring is recommended given the neighborhood's elevated abuse classification.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san176.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san176.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:22:05 UTC |
| Last Seen | 2026-06-28 21:05:31 UTC |
| Profile Built | 2026-06-29 03:07:05 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.