15.235.98.232
# IPDebrief Intelligence Briefing
Target: 15.235.98.232/32
Date: 2026-06-27
Classification: Moderate Risk (Score: 40)
---
## Executive Summary
IP address 15.235.98.232 is a cloud compute resource hosted on OVH infrastructure (ASN 16276) with association to ahrefs.net. The IP presents moderate risk (score 40) within a high-abuse density subnet (15.235.98.0/24). No active services or open ports detected. Geolocation data contains validation anomalies requiring operational awareness.
---
## Technical Profile
Ownership & Infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 15.235.98.0/24
- CIDR Block: 15.235.0.0/17 (BGP prefix)
- Provider: OVH (CloudCompute)
- Infrastructure Type: Cloud Hosting
- Classification: Cloud infrastructure, not CDN/proxy/Tor
Network Role
- Connection Type: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: None
- Service Status: No active HTTP/HTTPS services
DNS Analysis
- PTR Record: proxy-ca019-san232.ahrefs.net
- Forward Resolution: proxy-ca019-san232.ahrefs.net
- Hosted Domain: ahrefs.net
- Email Authentication: SPF and DMARC not configured
---
## Geolocation Assessment
- Reported Country: CA (Canada)
- Reported City: Singapore
- Geographic Validation: FAIL
- Reported distance: 6,082 km
- Observed RTT: 31 ms
- Minimum possible RTT for distance: 121.6 ms
- Conclusion: Geolocation data is geographically implausible
---
## Threat Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Threat Feeds: None matched
- Campaign Correlation: None detected
---
## Neighborhood Context (15.235.98.0/24)
- Total Siblings: 256
- Active Siblings: 248
- Threat Siblings: 151
- Abuse Density: 0.5898 (High abuse classification)
- Inherited Risk: 23
- Risk Distribution: 100 medium-risk IPs, 0 high-risk
*Note: The target IP resides in a subnet with elevated abuse activity. The IP's moderate risk score is consistent with neighborhood context.*
---
## Relationship Graph
- Total Relationships: 57
- Primary Association: Same Network (OVH-CUST-281059698)
- No external entity correlations
---
## Observation History (24 signals observed)
Recent observations indicate:
- DNS Signals: ahrefs.net CAA records observed (2026-06-26)
- Infrastructure: Cloud compute classification confirmed (OVH)
- Operator Score: 0.087 (Minimal risk)
- Signal Count: 1 of 8 maximum signals
- Ownership: Stable with no recorded changes
---
## Recommended Actions
Immediate
1. Monitor traffic patterns due to high-abuse neighborhood context
2. Verify geolocation anomalies in threat detection systems
3. Review connection logs for legitimate ahrefs.net usage vs. potential abuse
Firewall Rules
- No specific firewall rules recommended at this time
- Consider blocking if traffic patterns indicate non-business use
Threat Intelligence
- Add to watchlist pending geolocation validation
- Monitor subnet 15.235.98.0/24 for correlated malicious activity
---
## Risk Assessment
| Metric | Score | Status |
|---|---|---|
| Overall Risk | 40 | Moderate |
| Provider Risk | 0 | Neutral |
| Authority Risk | 0 | Neutral |
| Stability | N/A | N/A |
| Neighborhood Risk | 23 | Elevated |
Final Assessment: This IP represents a legitimate cloud resource (ahrefs.net) operating within a high-abuse density subnet. The geolocation validation failure should be noted in threat detection systems but does not indicate active malicious behavior. Continue monitoring for changes in traffic patterns or new threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san232.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san232.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 12% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Mixed Signals (60%) โ 2 contradiction(s) |
| Attribution | Very Low (20%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Geo sources disagree on country: US, CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:42:49 UTC |
| Last Seen | 2026-06-27 20:52:06 UTC |
| Profile Built | 2026-06-28 20:58:19 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.