15.235.98.56
# IP Intelligence Briefing: 15.235.98.56/32
Classification: Moderate Risk | Risk Score: 40/100
Date: 2026-06-20
Analyst: SOC Intelligence Division
---
## Executive Summary
IP 15.235.98.56 is a cloud infrastructure address assigned to OVH SAS (ASN 16276) within customer network OVH-CUST-281059698. The IP resolves to ahosted domain under ahrefs.net but shows geolocation discrepancies and operates within a high-abuse subnet environment. No active services are exposed; the IP is firewalled.
---
## Technical Profile
Ownership & Registration
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH SAS)
- Network: 15.235.98.0/24 (OVH-CUST-281059698)
- RIR: ARIN
Geolocation Analysis
- Claimed Location: Singapore
- GeoValidation: FAILED โ RTT discrepancy detected. Measured RTT: 27ms; minimum possible for 6,082km distance: 121.6ms. Distance violation indicates potential spoofing or routing anomaly.
- IPGeolocation Confidence: Low (0.18 on most recent observation)
Network Services & DNS
- Service Status: No open ports detected (Firewalled / No Services)
- DNS PTR: proxy-ca019-san56.ahrefs.net
- Forward Resolution: proxy-ca019-san56.ahrefs.net
- Domain: ahrefs.net
- DNSSEC: Valid
- DNSBL Status: Listed on 1 of 8 threat feeds
---
## Threat Indicators
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Tor Exit Node | No |
| Spam Source | No |
| Blacklist Count | 0 |
| Campaign Associations | None |
| Threat Persistence | 0 days observed |
Control Plane
- BGP Prefix: 15.235.0.0/17
- Route Stability: Unstable
- Operator Score: 0.2174 (Minimal)
- RPKI State: Not evaluated
- IRR Consistency: Not evaluated
---
## Neighborhood Context
Subnet Analysis: 15.235.98.0/24
- Classification: High Abuse
- Abuse Density: 0.6172 (61.72%)
- Total Siblings: 256
- Active Siblings: 229
- Threat Siblings: 158
- Inherited Risk Score: 24/100
Risk Distribution (Sample Neighbors)
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 15.235.98.0 | 40 | 50 |
| 15.235.98.1 | 50 | 50 |
| 15.235.98.2 | 50 | 50 |
| 15.235.98.3 | 40 | 50 |
| 15.235.98.4 | 40 | 50 |
---
## Historical Observations
Total Observations: 19
Recent Timeline:
- 2026-06-20 19:06:56: Geo location signal (CA, confidence 0.18)
- 2026-06-15 19:13:38: RTT violation flagged (27ms vs 121.6ms minimum)
- 2026-06-15 19:12:04: Subnet abuse density: 0.6172 (high_abuse)
- 2026-06-15 19:09:21: Operator score: 0.2174 (Minimal)
---
## Relationship Graph
- Same Network: OVH-CUST-281059698 (multiple entries)
- DNS Associations: proxy-ca019-san56.ahrefs.net (10+ entries)
---
## Recommended Actions
Immediate Mitigation
The IP exhibits moderate risk characteristics within a high-abuse subnet. Implement blocking rules based on the following:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 15.235.98.56 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 15.235.98.56 drop` |
| nginx | `deny 15.235.98.56;` |
| pfSense | `15.235.98.56/32` |
| Cloudflare WAF | Block IP with expression: `ip.src eq 15.235.98.56` |
| AWS WAF | Add address `15.235.98.56/32` with description: "IPDebrief risk 40" |
Additional Context for Decision Making
- No active services detected; blocking will not impact legitimate service availability
- Subnet-level abuse density suggests broader risk environment
- DNS associations indicate legitimate hosting infrastructure (ahrefs.net)
- Geolocation data is unreliable; do not base blocking decisions solely on geo signals
Recommended Strategy
Block at perimeter due to moderate risk score (40) combined with high-abuse subnet context. Monitor for traffic patterns consistent with scanning or abuse. Given the subnet's 61.72% abuse density, consider subnet-wide blocking if business impact permits.
---
**
Appendix: Data Sources & Validation
| Source | Signal Type | Status |
|---|---|---|
| IPDebrief Profile | Risk Assessment | Active |
| IPDebrief History | Observation Log | 19 records |
| IPDebrief Relationships | Network/DNS | 21 records |
| IPDebrief Neighbors | Subnet Analysis | 100 neighbors |
| IPDebrief Actions | Mitigation Rules | Generated |
Report Generated: 2026-06-20
Analyst: Automated Threat Intelligence Engine
Platform: IPDebrief v2026.06
---
*End of Intelligence Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san56.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san56.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:22:11 UTC |
| Last Seen | 2026-06-28 21:15:39 UTC |
| Profile Built | 2026-06-29 03:19:28 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.