148.113.130.82
# IP INTELLIGENCE BRIEFING
Target IP: 148.113.130.82/32
Date: 2024-01-15
Classification: Moderate Risk - Cloud Infrastructure
## EXECUTIVE SUMMARY
IP 148.113.130.82 is a cloud hosting endpoint operated by Ahrefs Pte Ltd (AS16276) through OVH infrastructure. The IP demonstrates moderate risk characteristics (Score: 40/100) with active DNS resolution to afirewall proxy hostname. No direct threat indicators were identified, but neighborhood analysis indicates elevated abuse density within the /24 subnet.
## OWNERSHIP & INFRASTRUCTURE
- Organization: Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- CIDR Block: 148.113.130.0/24
- Infrastructure Type: CloudCompute
- Provider: OVH
- Registration: ARIN (RIR)
## GEOLOCATION DATA
- Reported Country: CA (Canada)
- Reported City: Singapore
- Accuracy Radius: 3000km
- GeoConsensus: True (1 source)
- GeoPlausible: False
ANALYST NOTE: Geolocation data shows conflicting country indicators (CA vs Singapore reporting). This discrepancy is common for cloud hosting environments with distributed infrastructure and should not be used as sole location evidence.
## NETWORK CLASSIFICATION
- Is Cloud: Yes
- Is Hosting: Yes
- Is CDN: No
- Is VPN/Proxy/Tor: No
- Is Anycast: No
- Open Ports: None detected
- Service Status: Firewalled / No Services
## THREAT INDICATORS
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None
## DNS ANALYSIS
- PTR Hostname: proxy-ca009-san82.ahrefs.net
- Forward Resolved: proxy-ca009-san82.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution Count: 1
- Email Auth: SPF/DMARC not configured
## NEIGHBORHOOD ANALYSIS
- Subnet: 148.113.130.0/24
- Total Siblings: 256 IPs
- Active Siblings: 209 IPs
- Threat Siblings: 176 IPs
- Abuse Density: 0.6875 (High Abuse Classification)
- Inherited Risk: 27/100
- Subnet Classification: high_abuse
ANALYST NOTE: The /24 subnet shows significant abuse density with 176 threat siblings out of 209 active IPs. This suggests the network is heavily utilized and may host both legitimate and compromised endpoints.
## OBSERVATION HISTORY
- Total Observations: 21 signals
- Latest Signal: 2026-06-28 (Cloud infrastructure, OVH provider)
- Previous Signal: 2026-06-20 (Cloud hosting, OVH provider)
- Operator Score: 0.2174 (Minimal)
- Route Stability: False (Route changes detected in 30 days)
- Threat Persistence: 0 days (Not persistently malicious)
## RELATIONSHIP GRAPH
- Total Relationships: 39
- Primary Relationship: Same Network (OVH-CUST-281059688)
- Network Affiliation: Multiple connections to OVH customer subnet
## RECOMMENDED ACTIONS
Based on the moderate risk profile and neighborhood context:
1. Monitoring: Continue monitoring for outbound scanning activity from this IP range
2. Allow/Block Decision: Default allow based on legitimate cloud hosting, but monitor for abuse patterns
3. Subnet Context: Be aware that 148.113.130.0/24 has high abuse density; correlate with other threat indicators before blocking
4. DNS Monitoring: Watch for changes in forward resolution patterns to proxy-ca009-san82.ahrefs.net
## CONCLUSION
IP 148.113.130.82 represents legitimate cloud infrastructure (Ahrefs/OVH) with moderate risk characteristics. While no direct threat indicators were identified, the high-abuse neighborhood context warrants continued monitoring. The IP is currently firewalled with no open services, which reduces immediate attack surface. Recommend allowing traffic but logging for forensic correlation purposes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059688 |
| CIDR Block | 148.113.130.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca009-san82.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca009-san82.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 06:21:10 UTC |
| Last Seen | 2026-06-28 20:27:30 UTC |
| Profile Built | 2026-06-29 02:30:37 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.