15.235.98.115
# IP INTELLIGENCE BRIEFING: 15.235.98.115/32
Classification: Moderate Risk Cloud Infrastructure
Report Date: Current
Risk Score: 50/100
---
## EXECUTIVE SUMMARY
IP 15.235.98.115 is a cloud-hosted infrastructure address under OVH (ASN 16276) with moderate risk indicators. The IP resolves to Ahrefs Pte Ltd domain infrastructure (ahrefs.net) but exhibits geolocation inconsistencies and operates within a high-abuse density subnet. No active services or open ports detected. Recommended action: Block at perimeter.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059698 |
| **CIDR Block** | 15.235.98.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Hosting** | Yes |
| **CDN/VPN/Tor** | None |
The IP is part of OVH's cloud infrastructure, identified as hosting infrastructure. No proxy, VPN, or Tor exit node indicators present.
---
## GEOLOCATION ANALYSIS
| Field | Value | Status |
|---|---|---|
| **Country** | CA (Canada) | โ ๏ธ Flagged |
| **City** | Singapore | โ ๏ธ Flagged |
| **Distance** | 6,082 km | โ ๏ธ Flagged |
| **Minimum Possible RTT** | 121.6 ms | |
| **Observed RTT** | 26 ms | โ ๏ธ Violation |
| **GeoValidation** | Invalid |
CRITICAL: Geolocation data shows significant anomalies. The reported 26ms RTT is impossible for the claimed 6,082km distance (minimum possible RTT: 121.6ms). This indicates either spoofed geolocation data or significant measurement error. The Canada-Singapore designation is inconsistent with the actual network path.
---
## THREAT INDICATORS
| Indicator | Status | Details |
|---|---|---|
| **Blacklist Count** | 0 | - |
| **DNSBL Listed** | 2/8 lists | Listed on 2 of 8 DNSBLs |
| **Known Attacker** | No | - |
| **Spam Source** | No | - |
| **Tor Exit** | No | - |
| **Campaigns** | None | No associated campaigns |
| **Threat Persistence** | 0 days | Not persistently malicious |
No active threat indicators or campaign associations detected. However, DNSBL listings indicate prior reputation issues.
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 15.235.98.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7188 (High) |
| **Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 240 |
| **Threat Siblings** | 184 |
| **Inherited Risk** | 28 |
The /24 subnet exhibits high abuse density with 184 of 240 active sibling IPs flagged as threats. This IP inherits significant neighborhood risk despite its individual moderate score.
---
## OBSERVATION HISTORY
Total Observations: 22 signals
Recent observations (June 2026) consistently show:
- Cloud infrastructure classification
- OVH provider identification
- Hosting infrastructure role
- No residential or mobile indicators
- No Tor/VPN/proxy characteristics
One observation recorded high abuse density classification. All observations maintain consistent infrastructure characterization with no evidence of identity changes.
---
## DOMAIN & DNS ANALYSIS
| Field | Value |
|---|---|
| **PTR Hostnames** | proxy-ca019-san115.ahrefs.net |
| **Forward Hostnames** | proxy-ca019-san115.ahrefs.net |
| **Forward Resolution** | Unconfirmed |
| **Domain** | ahrefs.net |
| **Forward Resolution Count** | 1 |
DNS records indicate association with ahrefs.net infrastructure. PTR hostname suggests proxy service naming convention. Forward resolution not fully confirmed.
---
## SERVICES & PORTS
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Server Banner: None
No active services or listening ports identified. Infrastructure appears to be firewalled or behind NAT.
---
## RECOMMENDED ACTIONS
Perimeter Blocking Rules
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 15.235.98.115 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 15.235.98.115 drop` |
| **nginx** | `deny 15.235.98.115;` |
| **pfSense** | `15.235.98.115/32` |
| **Cloudflare WAF** | Block IP (Expression: `ip.src eq 15.235.98.115`) |
| **AWS WAF** | Add `15.235.98.115/32` to rule set |
SOC Analysis Recommendations
1. Block at perimeter โ Moderate risk score combined with high-abuse neighborhood
2. Monitor for lateral movement โ High sibling threat count (184/240 active)
3. Investigate geolocation anomalies โ RTT violations suggest potential data manipulation
4. Review DNSBL history โ 2 DNSBL listings indicate prior reputation issues
5. Consider subnet-level blocking โ High abuse density (0.7188) in parent /24
---
## ASSESSMENT
IP 15.235.98.115 presents moderate risk through a combination of factors: high-abuse neighborhood, DNSBL listings, geolocation inconsistencies, and cloud-hosting infrastructure. While no active threat indicators or campaign associations are present, the operational environment and historical reputation warrant defensive blocking. The geolocation violations (impossible RTT for claimed distance) suggest potential data manipulation attempts or infrastructure misconfiguration.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san115.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san115.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 09:23:34 UTC |
| Last Seen | 2026-06-28 06:53:47 UTC |
| Profile Built | 2026-06-29 00:59:12 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.