15.235.98.84
# INTELLIGENCE BRIEFING: 15.235.98.84/32
Date: 2026-06-29
IP Address: 15.235.98.84
Classification: Moderate Risk
Report Type: Initial Assessment
---
## Executive Summary
IP 15.235.98.84 operates under a moderate risk profile (risk score: 40) and is associated with OVH infrastructure. The IP resolves to the ahrefs.net domain network (proxy-ca019-san84.ahrefs.net) but presents as a firewalled endpoint with no active services detected. The subnet demonstrates elevated abuse activity, warranting defensive monitoring.
---
## Infrastructure Profile
Network Ownership:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 15.235.98.0/24
- Registration: ARIN
Geolocation Data:
- Reported Country: CA (Canada)
- Reported City: Singapore
- Accuracy Radius: 3000km
- GeoValidation: Inconsistent data observed (RTT discrepancy detected between reported and measured latency)
DNS Resolution:
- PTR Hostname: proxy-ca019-san84.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
Network Services:
- Open Ports: None detected
- Service Status: Firewalled / No Services
- Classification: Hosting infrastructure enabled
Control Plane:
- Route Stability: False
- DNSSEC Valid: True
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
---
## Threat Intelligence
Risk Assessment:
- Overall Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not available
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
Threat Indicators:
- Blacklist Count: 0
- Active Threat Campaigns: None identified
- Known Malware: None detected
Temporal Analysis:
- Threat Persistence Days: 0
- Ownership Changes: 0
- Is Persistently Malicious: False
---
## Neighborhood Analysis (15.235.98.0/24)
Subnet Characteristics:
- Classification: High Abuse
- Abuse Density: 0.7578 (Elevated)
- Total Siblings: 256
- Active Siblings: 247
- Threat Siblings: 194
Risk Distribution:
- High Risk: 0%
- Medium Risk: 100%
- Low Risk: 0%
The subnet exhibits a 75.78% abuse density with 194 identified threat siblings. This contextualizes the target IP within a high-abuse neighborhood requiring defensive posture.
---
## Historical Signals (Last 22 Observations)
Recent Signal Timeline:
- 2026-06-29 00:50:30 UTC: Operator score 0.2174 (Minimal), CAA signals present
- 2026-06-20 22:47:20 UTC: Subnet abuse classification confirmed (high_abuse)
- 2026-06-20 22:43:16 UTC: Geolocation signals detected (country: CA)
- 2026-06-20 22:42:14 UTC: Routing signals recorded
Observation Pattern: Consistent classification as high-abuse subnet with minimal operator risk scores. No escalation in threat indicators over observation period.
---
## Network Relationships
Identified Relationships:
- 42 total relationships detected
- Primary associations: Same Network (OVH-CUST-281059698)
- No unique hostname, organization, or certificate relationships distinguished
Network Context: IP operates within OVH customer network infrastructure, consistent with hosting provider classification.
---
## Recommended Actions
For SOC/Network Defense:
1. Monitor Closely: Despite moderate individual risk score, subnet context (high_abuse classification) warrants elevated monitoring.
2. Traffic Analysis: Review traffic patterns to/from 15.235.98.0/24 subnet. The 75.78% abuse density indicates significant malicious activity in neighborhood.
3. DNS Monitoring: The ahrefs.net association is legitimate infrastructure; however, verify traffic legitimacy given subnet abuse context.
4. Firewall Rules: No specific blocking recommended at this time, but consider monitoring for:
- Unusual outbound connections from this IP
- Connections to known malicious destinations
- Traffic patterns inconsistent with hosting infrastructure
5. Threat Intelligence Integration: Add to monitored lists for subnet-level threat detection.
---
## Conclusion
IP 15.235.98.84 represents a moderate-risk endpoint operating within a high-abuse OVH hosting subnet. While the individual IP shows no active threat indicators, the subnet context (0.7578 abuse density, 194 threat siblings) requires defensive monitoring. The IP resolves to legitimate ahrefs.net infrastructure but remains classified as hosting-capable with no active services. Recommend continued observation and contextual traffic analysis within the 15.235.98.0/24 network.
---
Data Sources: IPDebrief Intelligence Platform
Analysis Methodology: Multi-dimensional threat assessment including profile, history, relationships, and neighborhood analysis
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059698 |
| CIDR Block | 15.235.98.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca019-san84.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca019-san84.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mixed Signals (60%) โ 2 contradiction(s) |
| Attribution | Very Low (20%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Geo sources disagree on country: US, CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 00:40:19 UTC |
| Last Seen | 2026-06-29 00:50:49 UTC |
| Profile Built | 2026-06-29 06:53:00 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.