15.235.96.15
# IP INTELLIGENCE BRIEFING: 15.235.96.15/32
Classification: Moderate Risk | Date: 2026-06-26
Scope: Full Profile, History, Relationships, Neighborhood Analysis
---
## EXECUTIVE SUMMARY
IP 15.235.96.15 is a cloud-hosted infrastructure asset under OVH's cloud computing infrastructure (ASN 16276), registered to Dmytro, Ahrefs Pte Ltd. The IP resolves to a single PTR hostname (proxy-ca015-san15.ahrefs.net) and is currently firewalled with no active services. While the IP itself shows no direct threat indicators, the /24 subnet exhibits elevated abuse density (0.5352) with 137 threat siblings out of 256 total IPs. Geographic validation inconsistencies suggest data quality concerns requiring verification.
---
## ASSET PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 15.235.96.15/32 |
| **Risk Score** | 50 (Moderate Risk) |
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **CIDR Block** | 15.235.96.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Service Status** | Firewalled / No Services |
---
## GEOLOCATION ANALYSIS
| Field | Value |
|---|---|
| **Country** | CA (Canada) |
| **Reported City** | Singapore |
| **Geo Plausible** | FALSE |
| **Distance** | 6,082 km |
| **Avg RTT** | 31.2ms |
| **Minimum RTT** | 30ms |
| **Validation Status** | VIOLATION โ RTT inconsistent with distance |
Note: Geographic data shows significant inconsistency. Reported Singapore location is geographically implausible for a Canadian IP assignment, with RTT measurements failing distance validation (30ms << 121.6ms minimum required for 6,082km).
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Is Tor Exit Node** | False |
| **Is Known Attacker** | False |
| **Is Spam Source** | False |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Threat Feeds** | Empty |
| **Pulsedive Risk** | N/A |
Direct Threat Indicators: None observed. The IP does not appear in any known threat feeds or campaigns.
---
## NETWORK ROLE & CLASSIFICATION
| Classification | Status |
|---|---|
| **Is Cloud** | TRUE |
| **Is CDN** | FALSE |
| **Is VPN** | FALSE |
| **Is Proxy** | FALSE |
| **Is Hosting** | TRUE |
| **Is Residential** | FALSE |
| **Is Mobile** | FALSE |
| **Is Bogon** | FALSE |
| **Is Anycast** | FALSE |
Service Status: No open ports detected. Infrastructure is firewalled with no active services responding.
---
## DNS RESOLUTION
| Field | Value |
|---|---|
| **PTR Hostname** | proxy-ca015-san15.ahrefs.net |
| **Forward Resolution** | proxy-ca015-san15.ahrefs.net |
| **Forward Confirmed** | FALSE |
| **Domain** | ahrefs.net |
| **Hosted Domain Count** | 0 |
Note: Forward confirmation failed, indicating potential DNS issues or misconfiguration.
---
## SUBNET ANALYSIS (15.235.96.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.5352 (High Abuse) |
| **Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 221 |
| Threat Siblings | 1
| **Threat Siblings** | **137** |
|---|---|
| **Abuse Density** | **0.5352** |
| **Inherited Risk** | **21** |
---
## NEIGHBORHOOD ANALYSIS
Subnet: 15.235.96.0/24
Total Neighbors Analyzed: 100
| Risk Level | Count | Percentage |
|---|---|---|
| **High** | 0 | 0% |
| **Medium** | 100 | 100% |
| **Low** | 0 | 0% |
Neighbor Risk Distribution: All analyzed neighbors show medium risk (Risk Score: 40, Authority Score: 50). No high-risk neighbors detected within immediate subnet proximity.
---
## TEMPORAL OBSERVATIONS
Total Observations: 19 signals recorded
Latest Observation: 2026-06-26T08:12:23.227689+00:00
Key Timeline Events:
- 08:12:23 โ Subnet abuse density classification (High Abuse, 0.5352)
- 08:08:21 โ Geolocation data inconsistency detected (CA/Singapore mismatch)
- 08:06:34 โ Cloud infrastructure classification confirmed (OVH)
- 08:05:37 โ Operator score assessment (Minimal, 0.1)
Threat Persistence: Not persistently malicious. No sustained threat campaign indicators observed.
---
## RELATIONSHIP MAPPING
Total Relationships: 53
Primary Relationship Type: Same Network (OVH-CUST-281059694)
All detected relationships map to the same customer network within OVH's infrastructure. No external threat actor associations or campaign-related connections identified.
---
## CONTROL PLANE ANALYSIS
| Metric | Value |
|---|---|
| **Origin ASN** | 16276 |
| **BGP Prefix** | 15.235.0.0/17 |
| **Route Stability** | Unstable |
| **Route Changes (30d)** | 0 |
| **DNSSEC Valid** | TRUE |
| **CAA Records** | Present |
| **DNSBL Listed** | 2 of 8 total lists |
| **Operator Score** | 0.2174 (Minimal) |
---
## THREAT ASSESSMENT
| Factor | Rating | Justification |
|---|---|---|
| **Direct Threat** | Low | No active attack indicators, no blacklisting |
| **Infrastructure Risk** | Medium | High abuse density in /24 subnet |
| **Geolocation Risk** | Medium | Data inconsistencies present |
| **Campaign Association** | None | No CERT matches or campaign correlation |
---
## ACTIONS & RECOMMENDATIONS
SOC Analyst Actions:
1. Monitor โ Track traffic patterns from subnet 15.235.96.0/24 given elevated abuse density
2. Verify โ Confirm geographic data accuracy through secondary sources
3. Correlate โ Review historical logs for any outbound connections from this IP
4. Block/Allow โ No immediate blocking required; maintain visibility only
Risk Mitigation:
- No direct threat indicators require immediate remediation
- Monitor subnet-level activity for potential lateral movement indicators
- Update geolocation intelligence with verified data
---
Report Generated: 2026-06-26
Data Sources: IPDebrief Intelligence Platform
Confidence Level: Medium (Geographic validation inconsistencies present)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san15.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san15.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 37% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:57:44 UTC |
| Last Seen | 2026-06-27 19:08:03 UTC |
| Profile Built | 2026-06-28 13:13:58 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.