148.113.130.54
# IP Intelligence Briefing: 148.113.130.54
Classification: Moderate Risk (Score: 40)
Date: 2026-06-14
Analyst: IPDebrief Intelligence
---
## Executive Summary
IP 148.113.130.54 is a cloud-hosted infrastructure address within the OVH-CUST-281059688 subnet, operating under ASN 16276. The IP resolves to proxy-ca009-san54.ahrefs.net and shows moderate risk characteristics with high-abuse density in its /24 neighborhood. The address demonstrates geographic inconsistencies and is listed on 1 of 8 DNSBLs.
---
## Network & Ownership Profile
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- CIDR Block: 148.113.130.0/24
- Infrastructure Type: Cloud Compute / Hosting
- DNS Resolution: proxy-ca009-san54.ahrefs.net (forward confirmed)
---
## Risk Assessment
Overall Risk Score: 40 (Moderate Risk)
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
- DNSBL Listed: 1 of 8 (dnsblListedCount)
Threat Indicators:
- No active threat campaigns detected
- No known attacker status
- No Tor exit node status
- No known spam source classification
- No open ports or services detected
---
## Geographic Validation
Claimed Location: Singapore, CA
Validation Status: โ GEOGRAPHIC INCONSISTENCY
- Distance Violation: 6,082 km claimed distance with 29ms RTT (minimum possible: 121.6ms)
- Average RTT: 36.4ms (5 probes)
- GeoConsensus: True
- GeoPlausible: False
This geographic discrepancy indicates potential spoofing or routing anomalies requiring investigation.
---
## Subnet Analysis (148.113.130.0/24)
Classification: HIGH ABUSE DENSITY
Abuse Density: 0.5117 (51.17% threat concentration)
Neighbor Statistics:
- Total Siblings: 256
- Active Siblings: 162
- Threat Siblings: 131 (51% of active IPs flagged as threats)
- Risk Distribution: 97 Medium, 3 Low, 0 High risk neighbors
Context: This subnet exhibits significant abuse density, indicating potential compromised infrastructure or botnet activity. The high concentration of threat siblings suggests coordinated malicious activity within the /24 block.
---
## Historical Signals (25 Observations)
Recent Activity:
- 2026-06-14 15:44:11 - High abuse density classification confirmed (0.5117)
- 2026-06-14 15:40:36 - Geographic validation failure detected
- 2026-06-14 15:48:01 - Network classification: OVH hosting infrastructure
- 2026-06-14 15:59:53 - DNS resolution to ahrefs.net confirmed
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: False
The IP shows recent activity patterns with no long-term malicious persistence, but the high-abuse environment remains a concern.
---
## Recommended Actions
Risk-Based Blocking: Yes (Risk Score 40, High-Abuse Subnet)
Firewall Rules:
- iptables: `iptables -A INPUT -s 148.113.130.54 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 148.113.130.54 drop`
- nginx: `deny 148.113.130.54;`
- pfSense: `148.113.130.54/32`
- Cloudflare WAF: Block IP 148.113.130.54 (Risk: 40)
- AWS WAF: Add 148.113.130.54/32 to IPSet for blocking
Monitoring: Consider blocking the entire /24 subnet (148.113.130.0/24) given the 51.17% abuse density and 131 threat-sibling count.
---
## Intelligence Notes
1. Subnet Context: The /24 block shows 131 out of 162 active IPs flagged as threats. Blocking the entire subnet may reduce false positives while maintaining security posture.
2. Geographic Anomaly: The claimed Singapore location contradicts network-level measurements (6,082 km distance with 29ms RTT). This warrants investigation for potential IP spoofing or proxy usage.
3. DNS Infrastructure: The IP resolves to an ahrefs.net proxy hostname, which may indicate legitimate CDN usage or potential abuse as an intermediary.
4. Control Plane: Route stability is flagged as false with RPKI state null, suggesting potential routing issues or BGP anomalies within the provider's infrastructure.
---
Recommendation: Block IP 148.113.130.54 at perimeter firewall. Consider evaluating the entire 148.113.130.0/24 subnet for additional malicious activity given the high abuse density. Investigate geographic discrepancy for potential spoofing indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san54.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san54.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:13:59 UTC |
| Last Seen | 2026-06-27 17:47:44 UTC |
| Profile Built | 2026-06-28 11:51:52 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 30 |
Full dossier details are available via our API.