148.113.130.36

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 148.113.130.36

## Executive Summary

IP 148.113.130.36 is a cloud infrastructure address associated with Ahrefs Pte Ltd (ASN 16276, OVH provider). While the IP itself shows moderate risk (score: 40), the /24 subnet exhibits high abuse density (0.6055) with 155 of 256 sibling IPs flagged as threats. The IP is heavily firewalled with no detected open ports or services.

## Infrastructure Profile

Organization: Ahrefs Pte Ltd
Network: 148.113.130.0/24 (OVH-CUST-281059688)
ASN: 16276 (OVH)
Infrastructure Type: Cloud Compute / Hosting
DNS Resolution: proxy-ca009-san36.ahrefs.net
Service Status: No open ports detected; infrastructure appears heavily firewalled

## Threat Indicators

Risk Score: 40 (Moderate)
Abuse Confidence: Not explicitly flagged
Known Campaigns: None identified
Blacklist Count: 0
DNSBL Listed: 1 of 8 total lists
Tor Exit/Attacker/Spam Source: No

## Geolocation Anomalies

Geolocation validation shows significant inconsistencies:

Claimed Location: Singapore (based on DNS infrastructure)
Registration Country: CA (Canada)
RTT Validation: FAILED - 28ms RTT measured vs. 121.6ms minimum possible for 6082km distance
Conclusion: Location data is implausible; IP likely not physically located in claimed region

## Neighborhood Analysis

The /24 subnet (148.113.130.0/24) shows concerning abuse patterns:

Abuse Density: 0.6055 (high)
Total Siblings: 256
Active Siblings: 174
Threat Siblings: 155
Risk Distribution: 100 medium-risk IPs in subnet

## Observation History

19 observations recorded. Recent activity includes:

DNS resolution to ahrefs.net domains
No persistent threat indicators
No malware or campaign associations detected
Temporal analysis: 0 days of persistent malicious activity

## Security Recommendations

Based on risk profile and neighborhood context, the following defensive actions are recommended:

Recommended Firewall Rules:

iptables: `iptables -A INPUT -s 148.113.130.36 -j DROP`
nftables: `nft add rule inet filter input ip saddr 148.113.130.36 drop`
NGINX: `deny 148.113.130.36;`
Cloudflare WAF: Block with expression `ip.src eq 148.113.130.36`

SOC Analyst Notes:

1. While this IP is associated with Ahrefs, the high abuse density in the parent subnet warrants blocking for defensive purposes

2. Geolocation inconsistencies suggest potential routing manipulation or misattribution

3. Consider monitoring for lateral movement to/from other IPs in 148.113.130.0/24 subnet

4. No immediate active threat indicators detected, but neighborhood context suggests elevated risk posture

---

*Data generated by IPDebrief intelligence platform. All indicators based on current threat data and should be validated against internal threat intelligence.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	—
City	Singapore
Timezone	—
Latitude	43.63
Longitude	-79.37

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059688
CIDR Block	148.113.130.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca009-san36.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca009-san36.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	37%	2	4
routing	13%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	32%	1	3
geolocation	40%	2	3
Overall	26%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-24 06:32:27 UTC
Last Seen	2026-06-28 23:38:53 UTC
Profile Built	2026-06-29 05:40:27 UTC
Data Freshness	Live
Signal Types	20
Total Observations	22

🔍 20 signal types · 22 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

148.113.130.36📋 Copy