15.235.96.0
## IP Intelligence Briefing: 15.235.96.0
Classification: Moderate Risk Hosting Infrastructure
Analysis Date: Current
Risk Score: 40/100
---
Executive Summary
IP 15.235.96.0 is a cloud compute address registered under OVH network infrastructure (ASN 16276, netname OVH-CUST-281059694). The IP is associated with Dmytro, Ahrefs Pte Ltd and resolves to a DNS hostname proxy-ca015-san0.ahrefs.net. While directly showing no active threat indicators, the IP demonstrates geolocation inconsistencies and operates within a high-abuse-density subnet environment. No open services are currently detected on the IP.
---
Technical Profile
Ownership & Network:
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- CIDR Block: 15.235.96.0/24
- BGP Prefix: 15.235.0.0/17
- Infrastructure Type: Cloud Compute (OVH hosting)
- Network Role: Firewalled / No Services Detected
Geolocation Analysis:
- Claimed Country: Canada (CA)
- Inferred Location: Singapore (6082 km distance from claimed coordinates)
- RTT Violation: Observed RTT 28ms vs minimum possible 121.6ms for claimed distance
- Geolocation Consensus: False (plausibility flag set)
- Validation: 5 probes conducted, violations detected
DNS & Services:
- PTR Hostname: proxy-ca015-san0.ahrefs.net
- Forward Resolution: 1 confirmed hostname
- Email Authentication: No SPF or DMARC records configured
- Open Ports: None detected
- TLS Certificates: None
- Service Status: Firewalled / No Services
Threat Indicators:
- Direct Threat Indicators: None
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
- DNSBL Listed: 1 of 8 total lists
- Blacklist Count: 0
- Known Campaigns: None
---
Neighborhood Assessment
Subnet Analysis (15.235.96.0/24):
- Abuse Density: 0.5352 (High)
- Subnet Classification: High Abuse
- Inherited Risk: 21/100
- Total Siblings: 256
- Active Siblings: 221
- Threat Siblings: 137
Risk Distribution:
- High Risk Neighbors: 0
- Medium Risk Neighbors: 100
- Low Risk Neighbors: 0
Sample neighbor IPs (15.235.96.1 through 15.235.96.5) all demonstrate consistent risk scoring (40) with authority scores of 50.
---
Temporal Analysis
Observation History:
- Total Observations: 21
- Recent Signals Include:
- Network abuse density classification (high_abuse)
- Geolocation validation failures (RTT violations)
- Operator score: Minimal (0.1)
- Threat Observation Count: 1
- Persistent Malicious Activity: False
- Ownership Changes: 0
---
Intelligence Assessment
The IP exhibits characteristics typical of OVH cloud hosting infrastructure. The connection to Ahrefs (SEO analytics platform) suggests legitimate commercial use, though the IP shows operational inconsistencies:
1. Geolocation Inconsistencies: Claimed Canadian origin contradicts Singapore positioning with RTT violations
2. High-Abuse Subnet Environment: 137 threat siblings detected within the /24 subnet
3. DNSBL Presence: Listed on 1 of 8 DNS blacklists
4. No Active Services: Currently firewalled with no open ports detected
---
Recommended Actions
Firewall Recommendations:
```bash
# iptables
iptables -A INPUT -s 15.235.96.0 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.96.0 drop
# nginx
deny 15.235.96.0;
# pfSense
15.235.96.0/32
# Cloudflare WAF
{"description":"Block 15.235.96.0 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.96.0"}}
# AWS WAF
{"Addresses":["15.235.96.0/32"],"Description":"IPDebrief risk 40"}
```
Operational Recommendations:
1. Monitor for service activation on this IP address
2. Consider blocking given high-abuse subnet environment (137 threat siblings)
3. Investigate geolocation discrepancies for potential spoofing indicators
4. Evaluate related IPs in 15.235.96.0/24 subnet for potential lateral threats
---
Disclaimer: These recommendations are probabilistic and should be combined with other threat signals before taking action.
Analysis Complete.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san0.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san0.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:11:31 UTC |
| Last Seen | 2026-06-27 16:54:36 UTC |
| Profile Built | 2026-06-28 10:59:14 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.