15.235.197.254
## INTELLIGENCE BRIEFING: 15.235.197.254/32
Classification: Moderate Risk Cloud Infrastructure
Analysis Date: 2026-06-26
Risk Score: 40/100
---
EXECUTIVE SUMMARY
IP address 15.235.197.254 is associated with OVH Singapore PTE. LTD (ASN 16276) and operates as cloud infrastructure in Canada. The IP presents moderate risk with no active threat indicators, limited neighborhood contamination, and a history of persistent cloud hosting patterns. Recommended defensive action: Block at perimeter unless traffic requires investigation.
---
INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Organization** | OVH Singapore PTE. LTD |
| **ASN** | 16276 |
| **Network** | VPS-SGP2 (SGP2) |
| **Country** | Canada (CA) |
| **Infrastructure Type** | CloudCompute |
| **Hosting Provider** | OVH |
| **IPv6 Support** | No (IPv4 only) |
| **DNS Resolution** | vps-d3632732.vps.ovh.ca |
Network Classification: Cloud hosting environment with no active services (firewalled/no services detected). No open ports, no TLS certificates, no HTTP services observed.
---
THREAT ASSESSMENT
Current Risk Level: Moderate (Score 40)
Threat Indicators:
- Blacklist Count: 0
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
- Known Campaigns: None
Abuse Confidence: No confidence score available (insufficient data)
DNSBL Listing: 2 out of 8 total lists
Operator Score: 0.2609 (Basic)
Behavioral Characteristics:
- Persistent malicious activity: False
- Threat observation count: 1
- Ownership changes: 0 (stable ownership)
- Threat persistence days: 0
---
NEIGHBORHOOD ANALYSIS (15.235.197.254/24)
Subnet Assessment: mostly_clean
- Abuse Density: 1/3 (low)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
Risk Distribution: High: 0, Medium: 0, Low: 0
The /24 subnet demonstrates minimal contamination with only one threat-adjacent IP in active use.
---
RELATIONSHIP GRAPH
DNS Associations:
- vps-d3632732.vps.ovh.ca (primary PTR)
- vps-48c61801.vps.ovh.ca (secondary forward resolution)
Network Relationships:
- Same Network: VPS-SGP2 (OVH Singapore datacenter)
- BGP Prefix: 15.235.128.0/17
Total Related Entities: 55 associations identified
---
OBSERVATION HISTORY
Total Historical Observations: 22
Recent Signals (2026-06-26):
- Geolocation: Canada (CA) - Confidence 0.35
- Operator Score: Minimal (0.1304) - Confidence 0.30
- Network Role: Cloud hosting confirmed - Confidence 0.90
Temporal Patterns:
- No persistent threat behavior detected
- Ownership stable (no changes observed)
- Single threat observation recorded
---
DEFENSIVE RECOMMENDATIONS
Recommended Action: BLOCK (Perimeter/IDS)
Risk Score: 40
Firewall Rules:
- iptables: `iptables -A INPUT -s 15.235.197.254 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 15.235.197.254 drop`
- nginx: `deny 15.235.197.254;`
- pfSense: `15.235.197.254/32`
- Cloudflare WAF: Block with expression `ip.src eq 15.235.197.254`
- AWS WAF: Address `15.235.197.254/32`
Risk-Based Decision Matrix:
| Risk Tolerance | Recommended Action |
|---|---|
| Low | Block immediately |
| Medium | Block; monitor for legitimate traffic |
| High | Allow with logging; investigate if suspicious activity detected |
---
INTELLIGENCE NOTES
1. Provider Context: OVH is a legitimate cloud hosting provider with minimal abuse density in this subnet.
2. Infrastructure Type: Cloud compute environment with strict firewalling (no services exposed).
3. Geographic Mismatch: Registered organization indicates Singapore; geolocation data indicates Canada. This discrepancy warrants monitoring but is not inherently suspicious for cloud hosting.
4. DNS Consistency: Stable PTR records with OVH infrastructure naming conventions.
5. Actionability: Moderate risk score (40) suggests blocking is appropriate for most defensive postures.
---
Analyst Assessment: This IP represents a cloud hosting endpoint with moderate risk scoring. No active threat indicators detected. The IP should be blocked at perimeter unless legitimate traffic requirements exist. The subnet shows minimal contamination, suggesting the IP operates as a legitimate cloud resource rather than compromised infrastructure.
Classification: UNCLASSIFIED
Distribution: SOC Team, Security Operations
Retention: 365 days
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Singapore PTE. LTD |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-d3632732.vps.ovh.ca |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-48c61801.vps.ovh.ca |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 10:13:14 UTC |
| Last Seen | 2026-06-27 17:22:43 UTC |
| Profile Built | 2026-06-28 11:27:49 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.