## THREAT INTELLIGENCE BRIEFING
Target: 15.235.98.235/32
Classification: Moderate Risk / Cloud Infrastructure
EXECUTIVE SUMMARY:
The IP address 15.235.98.235 belongs to OVH cloud infrastructure (ASN 16276, organization "Dmytro, Ahrefs Pte Ltd") and presents a moderate risk profile with a risk score of 40. The address operates within a high-abuse-density subnet (15.235.98.0/24) with an abuse density of 0.5391. Geovalidation anomalies and DNSBL listings warrant monitoring, though no active malicious services were detected during analysis.
OWNERSHIP & INFRASTRUCTURE:
The address is allocated to OVH under customer block 15.235.98.0/24. DNS PTR records indicate association with "proxy-ca019-san235.ahrefs.net" under the ahrefs.net domain. Infrastructure classification confirms cloud compute hosting with firewall protection in place. No active services or open ports were detected.
GEOLOCATION VALIDATION:
Geolocation data indicates Singapore, but RTT measurements reveal significant validation anomalies. The observed RTT of 25ms is substantially below the minimum possible 121.6ms for a 6082km distance, triggering geovalidation violations. This discrepancy suggests either routing anomalies or potentially inaccurate geolocation reporting.
THREAT INDICATORS:
- DNSBL listings: 1 out of 8 total lists
- Abuse confidence score: Not available
- Known attacker flag: False
- Tor exit node: False
- Spam source: False
- Blacklist count: 0
- No known active threat campaigns
NETWORK CONTEXT & NEIGHBORHOOD:
The subnet 15.235.98.0/24 exhibits high abuse density with 217 active sibling IPs out of 256 total. Of these, 138 are classified as threats, while 96 show medium risk and only 4 show low risk. The inherited risk score for the subnet is 21. Control plane analysis shows the IP is not a route stable address (isRouteStable: false).
HISTORICAL OBSERVATIONS:
Analysis of 21 historical observations from June 2026 shows consistent network classification (OVH hosting) throughout the observation period. Abuse density classification remained stable at "high_abuse" with 0.5391 density. No persistent malicious behavior was detected across the observation window. Operator score of 0.2174 was classified as "Minimal."
RECOMMENDED ACTIONS:
Given the moderate risk score (40), DNSBL listing, and high-abuse neighborhood context, the following controls are recommended:
- Firewall: DROP all traffic from 15.235.98.235
- Cloudflare WAF: Block IP with expression `ip.src eq 15.235.98.235`
- AWS WAF: Add address 15.235.98.235/32 to block list
- nginx: `deny 15.235.98.235;`
RISK ASSESSMENT:
The IP presents moderate risk primarily due to neighborhood abuse density and DNSBL presence. No direct threat indicators (active campaigns, known attacker status) were identified. The geovalidation anomaly and persistent firewalling suggest limited visibility into actual traffic patterns. Recommended action is defensive blocking, particularly in contexts where the IP was previously observed in suspicious communications.
---
Prepared by: IPDebrief Intelligence Platform
Data Timestamp: 2026-06-19
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san235.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san235.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 02:50:22 UTC |
| Last Seen | 2026-06-27 18:47:41 UTC |
| Profile Built | 2026-06-28 18:54:17 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.