15.235.98.45📋 Copy

# IP Threat Intelligence Briefing: 15.235.98.45/32

Classification: Moderate Risk | Provider Score: N/A | Authority Score: N/A | Stability Score: N/A

## Executive Summary

IP address 15.235.98.45 is associated with OVH cloud infrastructure (ASN 16276, Organization: Dmytro, Ahrefs Pte Ltd). The IP presents a moderate risk profile (score 40) with no active threat indicators. However, the parent subnet exhibits elevated abuse density (0.668), suggesting contextual risk from neighboring IPs. No open services detected on the target IP.

## Ownership and Infrastructure

• ASN: 16276
• Organization: Dmytro, Ahrefs Pte Ltd
• Netname: OVH-CUST-281059698
• RIR: ARIN
• CIDR Block: 15.235.98.0/24
• Infrastructure Type: CloudCompute
• Hosting Status: Yes
• Cloud Provider: OVH

## Geolocation Analysis

• Reported Country: CA (Canada)
• Reported City: Singapore
• Status: ⚠️ GEOLOCATION DISCREPANCY DETECTED
• RTT Violation: Measured RTT 31ms vs minimum possible 121.6ms for claimed 6082km distance
• Assessment: Geolocation data reliability questionable; actual location may differ from reported values.

## DNS and Hostnames

• PTR Hostnames: proxy-ca019-san45.ahrefs.net
• Domain: ahrefs.net
• Forward Resolution Confirmed: No
• Status: Reverse DNS present but forward resolution not confirmed, indicating potential dynamic or temporary assignment.

## Service and Port Analysis

• Open Ports: None detected
• HTTP/HTTPS Services: No services running
• TLS Certificate: None
• Server Banner: None
• Assessment: IP appears firewalled or inactive; no direct service enumeration possible.

## Threat Indicators

• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Blacklist Count: 0
• DNSBL Listed: 1 of 8 lists
• Known Campaigns: None
• Abuse Confidence Score: Not available

## Neighborhood Risk Assessment (15.235.98.0/24)

• Abuse Density: 0.668 (High)
• Subnet Classification: high_abuse
• Total Siblings: 256
• Active Siblings: 239
• Threat Siblings: 171
• Inherited Risk Score: 26
• Assessment: Subnet shows elevated abuse activity. While target IP shows minimal individual risk, the neighborhood context suggests potential for related malicious activity.

## Observed Relationships

• Relationship Count: 47
• Primary Associations: Multiple same-network relationships to OVH-CUST-281059698
• Network Stability: Route not stable (isRouteStable: false)

## Historical Signal Analysis

• Observations: 24 total
• Risk Trend: Stable moderate risk
• Recent Subnet Classification: Consistently high_abuse (0.668 abuse density)
• Persistence: Threat observation count: 1; not persistently malicious

## Control Plane Metrics

• Origin ASN: 16276
• BGP Prefix: 15.235.0.0/17
• RPKI State: Not available
• DNSSEC Valid: Yes
• Operator Score: 0.2174 (Minimal)
• Route Changes (30d): 0

## Recommended Security Actions

Firewall Rules

```bash

# iptables

iptables -A INPUT -s 15.235.98.45 -j DROP

# nftables

nft add rule inet filter input ip saddr 15.235.98.45 drop

# nginx

deny 15.235.98.45;

# pfSense

15.235.98.45/32

```

Cloud WAF Rules

Cloudflare WAF:

```json

{

"description": "Block 15.235.98.45 — IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 15.235.98.45"

}

}

```

AWS WAF:

```json

{

"Addresses": ["15.235.98.45/32"],

"Description": "IPDebrief risk 40"

}

```

## Intelligence Assessment

IP 15.235.98.45 is a cloud-hosted address with moderate individual risk but operating within a high-abuse subnet. The geolocation discrepancy and reverse DNS confirmation issues warrant monitoring. While the target IP itself shows no active threat indicators, the neighborhood abuse density suggests potential for related malicious activity from adjacent IPs. SOC analysts should monitor for patterns of activity from other IPs in the 15.235.98.0/24 subnet.

Priority: Medium | Recommendation: Block at perimeter; monitor neighborhood for coordinated activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.