148.113.130.55
# IP Intelligence Briefing: 148.113.130.55/32
## Executive Summary
IP address 148.113.130.55 is a cloud computing host within the OVH infrastructure (ASN 16276) allocated to "Dmytro, Ahrefs Pte Ltd." The asset presents moderate risk (score 50) with a moderate-high abuse density context within its /24 subnet. The IP is currently classified as "Firewalled / No Services" with no active open ports detected.
## Network Attribution & Infrastructure
- Provider: OVH (CloudCompute infrastructure)
- Organization: Dmytro, Ahrefs Pte Ltd (netname: OVH-CUST-281059688)
- CIDR Block: 148.113.130.0/24
- Geolocation: Canada (QC, Beauharnois) with 3000km accuracy radius
- PTR Record: proxy-ca009-san55.ahrefs.net (resolves to ahrefs.net)
- Infrastructure Type: Cloud hosting with hosting capabilities enabled
- BGP Prefix: 148.113.128.0/17
## Threat Assessment
- Risk Score: 50 (Moderate Risk)
- DNSBL Listings: 2 out of 8 total lists
- Known Campaigns: None detected
- Tor Exit/Proxy/VPN: Negative on all checks
- Threat Indicators: None in current threat feeds
- Abuse Confidence Score: Not reported
## Behavioral Context
- Service Status: No open ports detected; firewall appears to block all inbound traffic
- Route Stability: BGP routing is unstable (isRouteStable: false)
- Ownership Stability: No ownership changes observed
- Historical Signals: 23 observations collected, with DNSBL listings recorded on 2026-06-16
## Neighborhood Analysis
The /24 subnet (148.113.130.0/24) demonstrates elevated abuse context:
- Subnet Classification: high_abuse
- Abuse Density: 0.5195 (51.95% of IPs flagged)
- Active Siblings: 163 out of 256 total IPs
- Threat Siblings: 133 IPs with threat indicators
- Risk Distribution: 98 medium-risk, 2 low-risk, 0 high-risk neighbors
- Inherited Risk: 20 (from subnet context)
## Intelligence Narrative
IP 148.113.130.55 operates as a provisioned cloud host within the OVH ecosystem, associated with a reseller/infrastructure entity (Dmytro, Ahrefs Pte Ltd). The PTR hostname mapping to ahrefs.net suggests potential association with search engine marketing or web analytics infrastructure. Despite no active open ports, the IP maintains a moderate risk profile driven primarily by DNSBL presence and subnet-level abuse patterns.
The subnet context is significant: over 50% of addresses in 148.113.130.0/24 have been flagged for abuse, with 133 threat-sibling IPs. This elevated neighborhood risk warrants contextual correlation when evaluating traffic from this range.
## Recommended Actions
The following firewall rules are recommended for implementation:
| System | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 148.113.130.55 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 148.113.130.55 drop` |
| nginx | `deny 148.113.130.55;` |
| pfSense | `148.113.130.55/32` (block rule) |
| Cloudflare WAF | Block IP 148.113.130.55 |
| AWS WAF | Add 148.113.130.55/32 to blocklist |
## Monitoring Recommendations
1. Correlate subnet traffic: Monitor additional IPs in 148.113.130.0/24 for similar patterns
2. DNSBL monitoring: Track the 2 blacklist listings for changes
3. BGP monitoring: Watch for route changes on 148.113.128.0/17 prefix
4. Historical review: Review the 2026-06-16 DNSBL listing event for campaign indicators
---
*Intelligence generated from IPDebrief platform data. Rules are probabilistic and should be combined with other signals before operational deployment.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san55.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san55.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 03:07:32 UTC |
| Last Seen | 2026-06-28 04:13:45 UTC |
| Profile Built | 2026-06-28 22:19:08 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.