15.235.98.136
# IPDEBRIEF THREAT INTELLIGENCE BRIEFING
## Target: 15.235.98.136/32
Classification: Moderate Risk (Score: 40) | Date: 2026-06-20
---
EXECUTIVE SUMMARY
IP 15.235.98.136 is a cloud-hosted infrastructure address operated by OVH (AS16276) on behalf of Ahrefs Pte Ltd. The IP shows moderate risk characteristics with no direct malicious indicators but operates within a high-abuse density subnet. Recommended action: Monitor with defensive blocking if required.
---
OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059698 |
| **CIDR Block** | 15.235.98.0/24 |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Service Status** | Firewalled / No Services |
Note: DNS PTR record resolves to `proxy-ca019-san136.ahrefs.net`, indicating association with Ahrefs web infrastructure.
---
GEOLOCATION ANALYSIS
| Field | Value |
|---|---|
| **Country** | CA (Geolocation Consensus Inconsistent) |
| **City** | Singapore |
| **Accuracy Radius** | 3000 km |
| **GeoPlausible** | False |
| **GeoSource Count** | 2 |
Assessment: Geolocation data shows inconsistency between sources. IP resolves to Singapore regionally but reported as CA in some feeds.
---
THREAT POSTURE
| Indicator | Status |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Abuse Confidence** | Not Calculated |
| **Blacklist Count** | 0 |
| **DNSBL Listed** | 1 of 8 lists |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Campaign Correlation** | None |
| **Threat Persistence** | 0 days |
Operator Score: 0.2174 (Minimal Risk)
---
NEIGHBORHOOD ANALYSIS
Subnet: 15.235.98.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.625 (High Abuse) |
| **Inherited Risk** | 25 |
| **Total Siblings** | 256 |
| **Active Siblings** | 230 |
| **Threat Siblings** | 160 |
Neighbor Risk Distribution: 100 Medium Risk, 0 High/Low
Assessment: The /24 subnet shows elevated abuse density. 160 of 230 active siblings flagged as threat-related. This suggests the subnet may host compromised endpoints or be used for bulk malicious operations.
---
OBSERVATION HISTORY (Last 20 Signals)
Most Recent (2026-06-20):
- Provider: OVH
- Infrastructure: Cloud Compute
- Hosting: Confirmed
2026-06-15:
- Subnet Classification: High Abuse (0.625 density)
- AlienVault OTX: US-based, 1 threat pulse detected
- Operator Score: Minimal (0.25)
Temporal Analysis: No ownership changes detected. Threat observation count: 1. Not persistently malicious.
---
SECURITY ACTIONS
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 15.235.98.136 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.98.136 drop
# nginx
deny 15.235.98.136;
# pfSense
15.235.98.136/32
```
Cloud Provider Recommendations:
- Cloudflare WAF: Block with expression `ip.src eq 15.235.98.136`
- AWS WAF: Add address `15.235.98.136/32` with description "IPDebrief risk 40"
---
INTELLIGENCE ASSESSMENT
Risk Level: Moderate-Actionable
Key Findings:
1. No direct evidence of malicious activity from this specific IP
2. High-abuse subnet context warrants monitoring
3. Ahrefs infrastructure association suggests legitimate web traffic potential
4. DNSBL listing indicates some reputation issues
Recommendation: Implement defensive blocking if the IP is observed in threat intelligence feeds or generating suspicious traffic. Consider blocking the entire /24 subnet if operational risk tolerance permits, given the 0.625 abuse density.
---
Report Generated: IPDebrief Intelligence Platform
Data Sources: 6 dimensions, 12 total observations
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san136.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san136.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 18:47:08 UTC |
| Last Seen | 2026-06-29 01:56:14 UTC |
| Profile Built | 2026-06-29 07:59:05 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.