15.235.98.82
# IP INTELLIGENCE BRIEFING: 15.235.98.82/32
Date: 2026-06-20
Classification: MODERATE RISK
Risk Score: 40/100
## Executive Summary
IP address 15.235.98.82 is a cloud-hosted infrastructure endpoint belonging to OVH (ASN 16276) under the network prefix OVH-CUST-281059698. While the IP itself shows moderate risk indicators, the entire /24 subnet demonstrates elevated abuse density (0.7578) with 194 threat-sibling IPs identified. Geographic validation discrepancies and DNSBL listings warrant monitoring, though no active malicious indicators or persistent campaigns were observed.
## Ownership and Infrastructure
- Provider: OVH (CloudCompute)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 15.235.98.0/24
- Infrastructure Type: Cloud hosting environment
- Network Classification: Hosted infrastructure (isHosting=true)
## Geolocation Analysis
- Claimed Location: Singapore (geoSourceCount: 1)
- Validation Status: GEOGRAPHIC INCONSISTENCY DETECTED
- Observed Distance: 6,082 km
- Minimum Possible RTT: 121.6 ms
- Actual RTT: 23 ms
- Conclusion: Geographic data validation failed (geoPlausible=false). The IP appears to be claimed from Canada (CA) in one signal while geolocation data points to Singapore with implausible RTT metrics, suggesting potential misconfiguration or data pollution.
## DNS and Host Resolution
- PTR Hostname: proxy-ca019-san82.ahrefs.net
- Associated Domain: ahrefs.net
- Forward Resolution: 1 hostname (proxy-ca019-san82.ahrefs.net)
- Email Authentication: SPF and DMARC records not configured
- HTTP Services: No open ports detected; service banner unavailable (firewalled/no services)
## Threat Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listed: 1/8 lists
- Active Threat Indicators: None observed
- Campaign Correlation: None
## Neighborhood Risk Assessment
The parent subnet 15.235.98.0/24 demonstrates significant abuse activity:
- Subnet Abuse Density: 0.7578 (HIGH)
- Total Siblings: 256
- Active Siblings: 247 (96.5% active)
- Threat Siblings: 194 (75.8% threat rate)
- Inherited Risk Score: 30
- Risk Distribution: 100 medium-risk IPs, 0 high-risk, 0 low-risk
This subnet-level risk profile indicates systemic abuse patterns requiring contextual awareness when evaluating traffic from 15.235.98.0/24.
## Observation History
Analysis of 20 recent observations (2026-06-20) reveals:
- Recent Signals: Domain resolution (ahrefs.net), subnet classification (high_abuse), cloud infrastructure confirmation
- Threat Persistence: 0 days; no persistently malicious activity detected
- Ownership Changes: 0 (stable ownership)
- Trend: No escalation in risk profile observed
## Recommended Security Actions
Based on risk score 40 and neighborhood context, the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 15.235.98.82 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 15.235.98.82 drop` |
| nginx | `deny 15.235.98.82;` |
| pfSense | `15.235.98.82/32` |
| Cloudflare WAF | Block IP with description "IPDebrief risk score 40" |
| AWS WAF | Address: 15.235.98.82/32, Description: "IPDebrief risk 40" |
## Intelligence Narrative
This IP address represents a cloud-hosted endpoint within a high-abuse-density subnet. The combination of DNSBL listing, geographic inconsistencies, and neighborhood risk metrics suggests elevated probability of abuse involvement. However, the IP itself lacks direct threat indicators (no known attacker status, no Tor exit node, no active campaigns). The absence of open services indicates the IP is likely firewalled or used for backend infrastructure rather than direct user-facing services.
SOC Analyst Guidance: Monitor inbound traffic from this IP for suspicious patterns. Consider implementing block rules at the perimeter while maintaining awareness of the broader subnet risk context. Correlate with other signals from 15.235.98.0/24 to identify coordinated activity patterns.
---
*Report generated using IPDebrief intelligence platform. All data sourced from authorized defensive security analysis.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san82.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san82.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 34% | 2 | 3 |
| Overall | 21% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 18:39:59 UTC |
| Last Seen | 2026-06-29 00:21:51 UTC |
| Profile Built | 2026-06-29 06:23:56 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.