148.113.209.179
# IP INTELLIGENCE BRIEFING
Target: 148.113.209.179/32
Classification: Low Risk VPS Hosting Infrastructure
Generated: Current
Status: ACTIVE
---
## EXECUTIVE SUMMARY
IP 148.113.209.179 is a low-risk (Score: 25) VPS infrastructure node operated by OVH Hosting, Inc. (ASN 16276). The address is registered in Canada (CA) within cloud compute infrastructure. While the IP maintains a clean overall reputation, it exhibits one DNSBL listing and shows historical DNS blacklist activity with high-severity classifications. The neighborhood contains one threat sibling, warranting contextual awareness.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH Hosting, Inc.) |
| **Organization** | OVH Hosting, Inc. |
| **Country** | Canada (CA) |
| **Infrastructure Type** | Cloud Compute / VPS |
| **CIDR Block** | 148.113.128.0/17 (BGP Origin) |
| **Route Stability** | False |
---
## NETWORK SERVICES & FINGERPRINTING
| Port | Protocol | Service | Status |
|---|---|---|---|
| 80 | TCP | HTTP | OPEN |
| 443 | TCP | HTTPS | OPEN |
| 22 | TCP | SSH | OPEN |
Server Banner: nginx/1.26.0 (Ubuntu)
TLS Certificate: Let's Encrypt (Issuer: CN=E8, O=Let's Encrypt, C=US)
Subject CN: bahastore.tn
PTR Record: vps-7b96cc0f.vps.ovh.ca
HTTP Response: Status code 303 (Redirect)
HTTP Version: 1.1
---
## THREAT INDICATORS
| Indicator | Status | Details |
|---|---|---|
| **Known Attacker** | CLEAR | No indicators |
| **Spam Source** | CLEAR | No indicators |
| **Tor Exit Node** | CLEAR | False |
| **Blacklist Count** | CLEAR | 0 |
| **DNSBL Listed** | ACTIVE | 1 of 8 total lists |
| **Abuse Confidence Score** | NULL | Not applicable |
Historical DNS Blacklisting: 26 observations recorded. Most recent observation (2026-06-19) shows 8 total DNSBL listings with 2 listed at high severity.
---
## NEIGHBORHOOD ANALYSIS
| Metric | Value |
|---|---|
| **Subnet** | 148.113.209.0/24 |
| **Abuse Density** | 0 (Clean) |
| **Total Siblings** | 1 |
| **Active Siblings** | 0 |
| **Threat Siblings** | 1 |
Classification: mostly_clean
Inherited Risk: 2
---
## OBSERVATION HISTORY (26 RECORDS)
Latest Activity: 2026-06-19T14:48:16 UTC
Key Signals:
- Subnet classification consistently "mostly_clean"
- DNS association with bahastore.tn domain (has SPF, no DMARC)
- HTTP fingerprinting indicates nginx/1.26.0 on Ubuntu
- Status code 303 redirects observed
---
## RELATIONSHIP GRAPH
Primary Associations (36 total records):
- Hostname: vps-7b96cc0f.vps.ovh.ca
- Network: VPS-BHS6 (OVH hosting network)
- DNS: Forward confirmed to ovh.ca domain
---
## RECOMMENDED ACTIONS
Current Risk Score: 25 (Low Risk)
Recommended Security Actions: None automatically generated due to low risk profile.
Manual Considerations:
1. Monitor DNSBL listing activity for potential reputation degradation
2. Investigate the one threat sibling in the 148.113.209.0/24 subnet
3. Standard VPS traffic monitoring applies (SSH, HTTP, HTTPS)
4. No immediate blocking recommended; allowlist for legitimate OVH traffic
---
## CONCLUSION
IP 148.113.209.179 represents a standard OVH-hosted VPS with low-risk characteristics. The single DNSBL listing and historical blacklist activity require monitoring but do not indicate active malicious behavior. The presence of one threat sibling in the immediate subnet suggests potential co-location of malicious activity, which should be tracked for correlation. Routine SOC monitoring and traffic analysis are sufficient; no aggressive blocking measures recommended at this time.
Classification: LOW RISK
Priority: STANDARD
Action: MONITOR
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Hosting, Inc. |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-7b96cc0f.vps.ovh.ca |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-7b96cc0f.vps.ovh.ca |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/3 domains |
| DMARC | 1/3 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 3 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.26.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.7p1 Ubuntu-7ubuntu4.3 |
๐ TLS Certificate
| SANs | bahastore.tn |
| Valid From | 2026-04-24T01:47:17+00:00 |
| Valid Until | 2026-07-23T01:47:16+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0697CDEE43C1628CC4D5ACA38CF36A564441 |
| Thumbprint | DC7897E1881CD8A0BF30FEF40A8194CCA24344EA |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:11:31 UTC |
| Last Seen | 2026-06-27 16:53:38 UTC |
| Profile Built | 2026-06-28 10:59:14 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 30 |
Full dossier details are available via our API.