# IP INTELLIGENCE BRIEFING
Target: 15.235.98.187/32
Classification: Hosting Infrastructure (OVH)
Risk Level: Moderate (Score: 40)
Jurisdiction: Canada (CA)
Generated: 2026-06-28
---
## Executive Summary
IP 15.235.98.187 is a moderate-risk (40) hosting infrastructure IP assigned to OVH (ASN 16276, organization: Dmytro, Ahrefs Pte Ltd). The address resolves to proxy-ca019-san187.ahrefs.net and hosts firewalled services with no open ports. While the IP shows no direct threat indicators, it resides within a high-abuse subnet (15.235.98.0/24) exhibiting 71.48% abuse density and 183 threat-sibling IPs.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **IP Address** | 15.235.98.187/32 |
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059698 |
| **CIDR Block** | 15.235.98.0/24 |
| **Geolocation** | Canada (CA) |
| **Classification** | Hosting / Cloud |
| **DNS Target** | proxy-ca019-san187.ahrefs.net |
| **Open Ports** | None detected |
| **Tor Exit** | No |
| **Known Attacker** | No |
| **Blacklist Count** | 0 |
---
## Neighborhood Analysis
Subnet: 15.235.98.0/24
Abuse Density: 0.7148 (High Abuse Classification)
Total Siblings: 256
Active Siblings: 242
Threat Siblings: 183
Inherited Risk: 28
The /24 subnet demonstrates elevated abuse activity with 71.48% of sibling IPs classified as abuse sources. This contextual risk factor warrants defensive consideration despite the target IP's clean direct indicators.
---
## Threat Observation History
- Total Observations: 26
- Threat Persistence: 0 days (not persistently malicious)
- Recent Activity: Cloud hosting classification confirmed (OVH)
- Campaign Correlation: None detected
Observations indicate stable cloud hosting assignment with consistent OVH provider attribution. No escalation in threat signals observed.
---
## Related Entities
- Domain: ahrefs.net (proxy endpoint)
- Network: OVH-CUST-281059698 (multiple relationship entries)
- BGP Prefix: 15.235.0.0/17
- Origin ASN: 16276
- RPKI State: Valid
- DNSSEC: Valid
---
## Defensive Actions
Based on risk profile and neighborhood context, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 15.235.98.187 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 15.235.98.187 drop
```
nginx:
```
deny 15.235.98.187;
```
Cloudflare WAF:
```json
{
"description": "Block 15.235.98.187 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 15.235.98.187"
}
}
```
AWS WAF:
```json
{
"Addresses": ["15.235.98.187/32"],
"Description": "IPDebrief risk 40"
}
```
---
## Intelligence Narrative
IP 15.235.98.187 presents moderate-risk hosting infrastructure with clean direct threat indicators. The IP serves as a proxy endpoint for ahrefs.net and is assigned to OVH's cloud hosting services. While the IP itself shows no evidence of malicious activity, the /24 subnet exhibits high abuse density (71.48%) with 183 threat-sibling addresses. This neighborhood context suggests defensive blocking is prudent for high-value targets.
Recommended Action: Implement blocking firewall rules for inbound traffic. Monitor for lateral movement indicators if this IP appears in traffic logs. No immediate threat to infrastructure detected; however, the subnet's abuse classification warrants ongoing monitoring.
---
*Intelligence produced by IPDebrief. All data derived from active network observations and threat intelligence feeds.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san187.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san187.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 27% | 12 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:45:31 UTC |
| Last Seen | 2026-06-28 11:36:25 UTC |
| Profile Built | 2026-06-29 05:40:28 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 29 |
Full dossier details are available via our API.