15.235.96.16
# IP INTELLIGENCE BRIEFING: 15.235.96.16
Classification: MODERATE RISK | Report Date: 2026-06-20
Analyst: IPDebrief Intelligence Team
Purpose: SOC Threat Assessment and Incident Response Support
---
## 1. EXECUTIVE SUMMARY
IP 15.235.96.16 is assigned to OVH hosting infrastructure under organization "Dmytro, Ahrefs Pte Ltd" (ASN 16276). The IP presents a Moderate Risk profile with a risk score of 40. While the IP itself shows no direct threat indicators, it resides within a subnet (15.235.96.0/24) characterized by high abuse density (0.7031), with 180 of 256 total sibling IPs flagged as threats. The IP is classified as cloud infrastructure with hosting services, currently operating in a firewalled state with no open ports detected.
---
## 2. NETWORK CLASSIFICATION
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 15.235.96.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Hosting** | Yes |
| **CDN** | No |
| **Proxy/VPN/Tor** | No |
| **Mobile/Residential** | No |
| **Bogon** | No |
| **Anycast** | No |
Service Status: No open ports detected. HTTP/TLS services unavailable. Banner analysis: No identifiable server fingerprint.
---
## 3. GEOLOCATION ANALYSIS
| Field | Value |
|---|---|
| **Country** | CA (Canada) |
| **City** | Singapore |
| **GeoConsensus** | True |
| **Accuracy Radius** | 3000 km |
| **GeoSourceCount** | 1 |
Note: Geolocation data shows inconsistency between country code (CA) and city (Singapore), indicating potential routing or hosting infrastructure complexity. GeoPlausible validation: Failed.
---
## 4. THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Abuse Confidence Score** | Not Available |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **DNSBL Listed** | 1 of 8 lists |
Campaign Assessment: No active campaigns detected. Likelihood: None. Correlated IPs: 0.
---
## 5. NEIGHBORHOOD RISK ASSESSMENT
Subnet: 15.235.96.0/24
Abuse Density: 0.7031 (High)
Classification: high_abuse
Inherited Risk Score: 28
Sibling IP Distribution:
- Total Siblings: 256
- Active Siblings: 218 (85.2% activity rate)
- Threat Siblings: 180 (70% threat ratio)
- Risk Distribution: 0 High, 90 Medium, 10 Low
Sample Neighbor Risk Scores:
- 15.235.96.0: Risk 40
- 15.235.96.1: Risk 50
- 15.235.96.2: Risk 40
- 15.235.96.3: Risk 40
- 15.235.96.4: Risk 40
Assessment: The subnet demonstrates elevated abuse activity. The target IP inherits a risk score of 28 from neighborhood context, suggesting correlated threat activity within the /24 block.
---
## 6. TEMPORAL BEHAVIOR
Observation History: 18 total observations
Most Recent: 2026-06-20
Threat Persistence Days: 0
Ownership Changes: 0
Is Persistently Malicious: No
Signal Timeline:
- Network classification signals: Active
- Geolocation signals: Inconsistent (CA/Singapore)
- Operator score: 0.2174 (Minimal)
- Control plane signals: Route stability: False
Assessment: No persistent malicious behavior detected. Ownership remains stable with no recent changes.
---
## 7. RELATIONSHIP GRAPH
Total Relationships: 47
Primary Associations:
- Multiple "Same Network" relationships to OVH-CUST-281059694
- No certificate or hostname relationships detected
Assessment: IP primarily associates with network infrastructure rather than external threat actors or compromised hostnames.
---
## 8. RECOMMENDED ACTIONS
Firewall/Block Rules:
- Recommended: Monitor with limited blocking due to moderate risk score (40) and no direct threat indicators
- Blocking Rationale: Consider blocking based on subnet-level abuse density if threat intelligence correlates with the /24 block
Action Items:
1. Monitor Traffic: Implement IDS/IPS monitoring for the /24 subnet given 70% threat sibling ratio
2. Review Connections: Investigate any inbound/outbound connections from/to this IP
3. Update Blocklists: Add to monitoring blocklists due to DNSBL presence (1/8 lists)
4. Subnet Assessment: Evaluate blocking or rate-limiting for 15.235.96.0/24 if organization policy permits
5. Geolocation Verification: Validate actual physical location for compliance logging
---
## 9. CONCLUSION
IP 15.235.96.16 operates as OVH cloud hosting infrastructure with moderate risk characteristics. While the IP itself shows no direct malicious indicators, the high-abuse density of its /24 subnet warrants monitoring and potentially enhanced filtering controls. No immediate blocking is required, but traffic should be logged and reviewed for suspicious patterns.
Priority: LOW-MEDIUM
Action Required: MONITOR
---
*Report generated by IPDebrief Intelligence Platform. All data sourced from live IP reputation and threat intelligence feeds.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san16.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san16.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 18:28:45 UTC |
| Last Seen | 2026-06-28 22:30:01 UTC |
| Profile Built | 2026-06-29 04:32:50 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.