15.235.96.156
IP Intelligence Briefing: 15.235.96.156
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership: Owned by Dmytro, Ahrefs Pte Ltd (OVH ASN 16276).
- Geolocation: Registered to Singapore (CA), but geolocation validation is not plausible.
- Network Role: CloudCompute infrastructure (OVH-hosted).
- Threat Indicators: No malicious activity detected (no indicators, campaigns, or blacklists).
---
**2. Observation History**
- Recent Signals (2026-06-07):
- DNS validation confirmed for `proxy-ca015-san156.ahrefs.net`.
- Subnet abuse density: 0.33 (moderate risk).
- Geolocation inferred as Singapore (CA) with 3000km accuracy radius.
- Historical Trends: No persistent malicious activity; threat observation count is zero.
---
**3. Network Relationships**
- Connected Entities:
- Same network: OVH-CUST-281059694 (15.235.96.0/24).
- DNS association: `proxy-ca015-san156.ahrefs.net` (Ahrefs subdomain).
- Subnet Analysis:
- 15.235.96.156/24 has 248 IPs, with 82 threat siblings (moderate abuse density).
---
**4. Neighborhood Risk**
- Subnet Risk Distribution:
- Low risk: 71 IPs (28.7%).
- Medium risk: 28 IPs (11.3%).
- High risk: 0 IPs.
- Abuse Density: 0.33 (moderate).
---
**5. Recommended Actions**
- Firewall Blocking:
- `iptables`: `iptables -A INPUT -s 15.235.96.156 -j DROP`
- `nftables`: `nft add rule inet filter input ip saddr 15.235.96.156 drop`
- Cloud Providers: Add to Cloudflare WAF/AWS WAF as `15.235.96.156/32`.
- Monitoring:
- Track subnet activity due to moderate abuse density.
- Validate geolocation anomalies (Singapore vs. inferred CA).
---
**6. Summary**
The IP is associated with Ahrefs, a legitimate entity, but resides in a subnet with moderate risk. While no direct malicious indicators exist, the networkβs abuse density and geolocation inconsistencies warrant monitoring. Block the IP to mitigate potential risks, and verify if it aligns with known Ahrefs infrastructure.
Next Steps: Confirm if the IP is part of Ahrefsβ legitimate operations and monitor subnet activity for emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca015-san156.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san156.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-16 14:57:55 UTC |
| Last Seen | 2026-06-28 03:34:14 UTC |
| Profile Built | 2026-06-28 21:39:49 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.