15.235.98.101
# IP INTELLIGENCE BRIEFING: 15.235.98.101
## Executive Summary
This IP address is hosted on OVH infrastructure and resolves to ahrefs.net, indicating legitimate association with the SEO analytics company. However, the subnet exhibits elevated abuse characteristics with 64.8% abuse density and 166 malicious siblings. The IP presents moderate risk (score: 50) with no active threat indicators, but requires monitoring due to DNSBL presence and geolocation inconsistencies.
---
## Ownership & Infrastructure
- ASN: AS16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 15.235.98.0/24
- Infrastructure Type: Cloud Compute / Hosting
- Status: Firewalled / No Services Detected
- Provider Score: 0.2174 (Operator: Minimal)
---
## Geolocation Validation
- Reported Location: Singapore (CA)
- Geolocation Confidence: Inconsistent (geoPlausible: false, geoConsensus: false)
- Validation Issue: RTT measurement violation detected. Measured 27ms against minimum possible 121.6ms for 6082km distance from probe location, indicating potential geolocation spoofing or routing anomalies.
- IP Reputation Score: 0
---
## Threat Intelligence
- Risk Score: 50 (Moderate Risk)
- Blacklist Status: Listed on 2 of 8 DNSBL feeds
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Threat Indicators: None detected
- Campaign Affiliation: None identified
- Threat Persistence: 0 days (not persistently malicious)
---
## Network Classification & Services
- Cloud Provider: OVH (CloudCompute)
- Infrastructure: Hosting enabled
- Open Ports: None detected
- TLS Certificate: Not detected
- HTTP Services: None responding
- Anycast: No
---
## Subnet Analysis (15.235.98.0/24)
- Subnet Classification: High Abuse
- Abuse Density: 64.8%
- Total Siblings: 256
- Active Siblings: 239
- Threat Siblings: 166
- Inherited Risk Score: 25
- Neighbor Risk Distribution: 96 medium, 4 low, 0 high
---
## Historical Observations
- Total Observations: 22 signals recorded
- Latest Activity: 2026-06-17T13:32:41
- Key Signals:
- Subnet abuse classification consistently marked as "high_abuse"
- Operator score maintained at 0.2174 across observations
- DNS resolution to ahrefs.net confirmed
- Routing signals from alienvault-otx showing threat correlation
---
## Relationships & Connectivity
- Total Relationships: 53
- Network Associations: Multiple "Same Network" relationships to OVH-CUST-281059698
- DNS PTR Hostname: proxy-ca019-san101.ahrefs.net
- Domain Association: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
---
## Security Assessment & Recommendations
Risk Profile
This IP represents a moderate-risk infrastructure asset with legitimate business association (ahrefs.net) but elevated neighborhood abuse characteristics. The presence of DNSBL listings and high-abuse subnet environment warrants defensive measures.
Recommended Actions
1. Monitor Traffic Patterns: Despite no open ports, implement connection rate limiting given the hosting nature
2. DNSBL Monitoring: Investigate the 2 DNSBL listings for specific feed details
3. Geolocation Validation: Consider blocking or flagging traffic with inconsistent RTT/geolocation data
4. Subnet-Aware Policy: Apply defensive controls to adjacent IPs in 15.235.98.0/24 due to 64.8% abuse density
5. Firewall Rules: No immediate blocking recommended, but prepare rules for:
- Rate limiting outbound connections
- Logging all connection attempts
- Alerting on unusual port scans from related IPs
Intelligence Notes
- The subnet shows correlation with multiple threat siblings (166 out of 256)
- Geolocation inconsistencies suggest potential routing manipulation
- No evidence of active malicious campaigns
- DNS resolution to ahrefs.net indicates legitimate use case potential
---
Briefing Date: 2026-06-17
Analyst Classification: Moderate Risk - Monitor
Confidence Level: Medium (supported by 22 historical observations)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san101.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san101.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:46 UTC |
| Last Seen | 2026-06-27 00:18:43 UTC |
| Profile Built | 2026-06-27 14:31:38 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.