15.235.96.139
## Intelligence Briefing: IP 15.235.96.139/32
Classification: Moderate Risk β Cloud Infrastructure Host
Date: 2026-06-14
Analysis Status: Complete
---
Executive Summary
IP address 15.235.96.139 is a cloud-hosted infrastructure endpoint associated with OVH network infrastructure. The IP exhibits a moderate risk score (40) with no direct threat indicators but operates within a high-abuse subnet environment. The endpoint shows DNS association with ahrefs.net but presents geolocation inconsistencies and lacks active open services.
---
Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059694 |
| **CIDR Block** | 15.235.96.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Hosting Status** | Active |
| **Geolocation** | CA (Singapore coordinates) |
| **PTR Record** | proxy-ca015-san139.ahrefs.net |
---
Threat Assessment
Direct Indicators:
- No known attack campaigns identified
- No active Tor exit node behavior
- No confirmed spam source classification
- Zero blacklist count at time of analysis
- One DNS blacklist listing detected (of 8 total DNSBL checks)
Neighborhood Risk Profile:
The /24 subnet 15.235.96.0/24 demonstrates elevated abuse characteristics:
- Abuse Density: 0.5882 (high_abuse classification)
- Threat Siblings: 150 out of 255 total addresses
- Inherited Risk Score: 23
- Active Siblings: 203
Service Status:
- No open ports detected
- No active TLS certificates
- Infrastructure marked as "Firewalled / No Services"
- HTTP services: Inactive
---
Historical Observations
Analysis of 22 signal observations reveals:
- Persistent DNS resolution to ahrefs.net domain
- Consistent subnet abuse classification signals
- Geolocation discrepancies between country code (CA) and coordinates (Singapore)
- No persistent malicious threat pattern identified
- Threat persistence days: 0
---
Relationship Graph
The IP maintains 49 documented relationships, predominantly network-level associations with the OVH-CUST-281059694 network block. No certificate-based or organization-level relationships beyond the hosting provider were identified.
---
Recommended Actions
Immediate Mitigation:
```bash
# iptables
iptables -A INPUT -s 15.235.96.139 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.96.139 drop
# nginx
deny 15.235.96.139;
# pfSense
15.235.96.139/32
# Cloudflare WAF
{"description":"Block 15.235.96.139 β IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.96.139"}}
# AWS WAF
{"Addresses":["15.235.96.139/32"],"Description":"IPDebrief risk 40"}
```
Additional Considerations:
1. Subnet-level Analysis: Consider evaluating the entire 15.235.96.0/24 subnet given the high abuse density (0.5882).
2. DNSBL Verification: The IP shows 1 DNS blacklist listingβverify relevance to your threat context.
3. Geolocation Discrepancy: Investigate the CA/Singapore geolocation inconsistency; may indicate routing anomalies or data source conflicts.
4. a hrefs.net Association: Legitimate domain ownership requires verification against known ahrefs infrastructure patterns.
---
Intelligence Confidence
Data Quality: Moderate
- 22 historical observations provide temporal context
- Multiple data source consensus on cloud hosting classification
- Geolocation data shows confidence variance (35% on country-level)
Action Priority: Medium
- Block recommended but contextual validation advised
- Consider subnet-level risk correlation
---
*Report generated by IPDebrief Intelligence Platform*
*Analysis based on real-time network intelligence data*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca015-san139.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san139.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 10:13:15 UTC |
| Last Seen | 2026-06-27 17:22:31 UTC |
| Profile Built | 2026-06-28 11:27:49 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.