# IP Intelligence Briefing: 148.113.130.204/32
## Executive Summary
IP address 148.113.130.204 is classified as Moderate Risk (risk score: 40) and operates within an OVH cloud compute infrastructure. The IP resolves to ahosted domain (ahrefs.net) but presents several anomalous indicators, including geographic inconsistencies and blacklist listings. The broader /24 subnet exhibits high abuse density, suggesting potential network-wide risk.
## Ownership and Infrastructure
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059688
- CIDR Block: 148.113.130.0/24
- Infrastructure Type: CloudCompute
- Classification: Cloud Hosting (isCloud: true, isHosting: true)
- Geolocation: Country code CA, reported city Singapore (3000km accuracy radius)
## DNS and Service Profile
- PTR Hostname: proxy-ca009-san204.ahrefs.net
- Forward Resolution: proxy-ca009-san204.ahrefs.net (ahrefs.net domain)
- Open Ports: None detected (firewalled/no services)
- TLS Certificate: Not configured
- Email Authentication: No SPF or DMARC records present
- HTTP Services: No active web services detected
## Threat Indicators
- Abuse Confidence Score: Not directly assigned
- Blacklist Status: Listed on 1 of 8 DNSBLs checked
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Threat Feeds: No active indicators
- Campaigns: None correlated
## Geographic Anomalies
- RTT Violation: Measured 24ms RTT with 6082km distance reportedβminimum possible RTT should be 121.6ms for this distance
- Distance Discrepancy: 6082km reported distance creates implausible latency profile
- Probe Count: 5 probes performed with conflicting geolocation data
- GeoPlausible: False
## Neighborhood Analysis
The /24 subnet (148.113.130.0/24) shows elevated risk characteristics:
- Abuse Density: 0.6094 (high_abuse classification)
- Total Siblings: 256 IPs in subnet
- Active Siblings: 211
- Threat Siblings: 156
- Inherited Risk: 24
- Risk Distribution: 100 medium-risk, 0 high, 0 low risk neighbors
- Route Stability: Unstable (route changes observed in last 30 days)
- BGP Prefix: 148.113.128.0/17
## Observation History
Recent signals show:
- Subnet Classification: Consistently marked as high_abuse with 0.6094 abuse density
- DNS Signals: Resolved to ahrefs.net domain with CAA records present
- Blacklist Activity: Listed on one blacklist with "high" severity rating
- Threat Persistence: Zero threat persistence days, not persistently malicious
- Threat Observation Count: 1
## Related Entities
- Relationship Count: 61 total relationships
- Primary Association: Same Network (OVH-CUST-281059688)
- Campaign Correlation: 0 correlated IPs, 0 certificate matches
- Organization Links: No direct organizational relationships beyond network association
## Recommended Actions
Firewall Rules
- iptables: `iptables -A INPUT -s 148.113.130.204 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 148.113.130.204 drop`
- nginx: `deny 148.113.130.204;`
- pfSense: `148.113.130.204/32`
- Cloudflare WAF: Block with expression `ip.src eq 148.113.130.204`
- AWS WAF: Add address `148.113.130.204/32`
Risk Assessment
The IP presents moderate risk with notable anomalies:
1. Geographic implausibility (24ms RTT for 6082km distance)
2. Single DNSBL listing among 8 checks
3. High-abuse subnet context (156 threat siblings in /24)
4. No active services detected (reduces exploitation risk)
Mitigation Strategy
- Block at perimeter firewall level
- Monitor for lateral movement attempts from associated subnet
- Consider subnet-level blocking if threat persists
- Validate business legitimacy of ahrefs.net domain association
## Conclusion
IP 148.113.130.204 operates within a high-density abuse cloud infrastructure with multiple indicators of concern. While no direct malicious activity is confirmed on this specific IP, the combination of geographic anomalies, blacklist presence, and neighborhood risk warrants defensive blocking. The absence of open services reduces immediate exploitation risk, but the subnet context suggests this IP should be treated with elevated scrutiny.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca009-san204.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san204.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mixed Signals (60%) β 2 contradiction(s) |
| Attribution | Very Low (20%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β Geo sources disagree on country: US, CA
π Observation Timeline π Live
| First Seen | 2026-05-12 09:40:14 UTC |
| Last Seen | 2026-06-27 21:10:50 UTC |
| Profile Built | 2026-06-28 15:16:31 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.