15.235.98.34
# IP INTELLIGENCE BRIEFING: 15.235.98.34/32
## Executive Summary
IP 15.235.98.34 is a cloud infrastructure address hosted by OVH with moderate risk classification (Risk Score: 40). The IP shows no active threat indicators but is associated with a high-abuse-density subnet and exhibits geolocation inconsistencies requiring validation.
---
## Asset Profile
| Attribute | Value |
|---|---|
| **IP Address** | 15.235.98.34/32 |
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059698 |
| **CIDR Block** | 15.235.98.0/24 |
| **Infrastructure** | CloudCompute (OVH Hosting) |
| **Reputation** | Moderate Risk |
---
## Geolocation Analysis
Flagged Anomaly: Significant geolocation inconsistencies detected.
- Reported Location: CA (Canada) / Singapore
- Validation Failure: RTT violation (28ms observed vs. 121.6ms minimum possible for 6,082km distance)
- 5 Probes: All returned implausible results (geo_plausible: false)
- Recommendation: Treat geolocation data with low confidence; do not rely on country/region for blocking decisions
---
## Network Classification
- Provider: OVH
- Type: Cloud Hosting
- Open Ports: None detected
- DNS Resolution: proxy-ca019-san34.ahrefs.net (forward_unconfirmed)
- Email Auth: No SPF/DMARC configured
- DNSBL Status: Listed on 1 of 8 major lists
---
## Neighborhood Risk Assessment
Subnet: 15.235.98.0/24
- Abuse Density: 0.6797 (High Abuse Classification)
- Active Siblings: 248 / 256 total IPs
- Threat Siblings: 174 (68% of active IPs)
- Risk Distribution: 100 medium-risk IPs, 0 high/low-risk IPs
Context: This IP resides in a subnet with elevated abuse activity. While 15.235.98.34 shows no direct threat indicators, the neighborhood context suggests heightened scrutiny is warranted.
---
## Threat Indicators
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Known Campaigns: None
- Abuse Confidence: Not available
---
## Observation History
19 observations recorded (as of 2026-06-22). No persistent malicious behavior detected. Threat observation count: 0. The IP has maintained consistent cloud infrastructure classification across observations.
---
## Recommended Actions
Immediate Mitigation
| System | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 15.235.98.34 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 15.235.98.34 drop` |
| **nginx** | `deny 15.235.98.34;` |
| **Cloudflare WAF** | Block 15.235.98.34 β IPDebrief risk score 40 |
| **AWS WAF** | Block 15.235.98.34/32 |
Strategic Considerations
1. Block with caution: Moderate risk score (40) suggests balanced approachβblock if receiving malicious traffic patterns
2. Monitor subnet activity: Consider blocking entire /24 if legitimate traffic not verified
3. Validate geolocation: Do not use reported country/region for policy decisions
4. Review DNSBL listings: Investigate why listed on 1 DNSBL; may indicate prior abuse
---
## Intelligence Assessment
This IP represents a moderate-risk cloud infrastructure address with no current active threat indicators. The primary concerns are:
1. Geolocation data is inconsistent and should be treated as unreliable
2. Resides in high-abuse-density subnet requiring contextual monitoring
3. No open services detected (firewalled/no services)
Action Priority: MEDIUM β Monitor for malicious activity patterns; implement blocking if threat behavior observed.
---
*Generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca019-san34.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san34.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 25% | 2 | 2 |
| reputation | 36% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:46 UTC |
| Last Seen | 2026-06-27 00:28:16 UTC |
| Profile Built | 2026-06-27 14:41:50 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.