15.235.96.20

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 15.235.96.20/32

Classification: Moderate Risk / High Abuse Subnet

Date: Analysis completed per available data

---

## Executive Summary

IP address 15.235.96.20 is associated with Ahrefs Pte Ltd infrastructure hosted on OVH Cloud. The IP exhibits moderate risk (score: 40) with elevated subnet-level threat activity. Listed on 8 DNSBLs including high-severity entries. No active services detected (firewalled/no services).

---

## Risk Profile

Attribute	Value
Risk Score	40 (Moderate Risk)
Provider Score	0
Authority Score	0
ASN	16276
Organization	Dmytro, Ahrefs Pte Ltd
CIDR Block	15.235.96.0/24

## Infrastructure Details

Hosting Provider: OVH (Cloud Compute infrastructure)
Network Role: CloudCompute / Hosting
DNS PTR Hostname: proxy-ca015-san20.ahrefs.net
Associated Domain: ahrefs.net
Service Status: No open ports detected (Firewalled / No Services)
Email Authentication: No SPF or DMARC records

## Threat Indicators

DNSBL Listings: 8 total lists (1 flagged as high severity)
Known Campaigns: None identified
Tor Exit Node: No
Known Attacker: No
Spam Source: No

## Geolocation Assessment

Reported Location: Singapore
Country Code: CA (Canada)
Confidence: Low (accuracy radius: 3000km)
Note: Significant geolocation inconsistency detected between reported city (Singapore) and country code (CA). Validation recommended.

## Subnet Analysis (15.235.96.0/24)

Metric	Value
Abuse Density	0.5352 (High Abuse)
Total Siblings	256
Active Siblings	221
Threat Siblings	137
Inherited Risk	21

The subnet exhibits elevated abuse activity with 137 of 221 active IP addresses showing threat indicators. Risk distribution among neighbors shows medium-level risk across the subnet.

## Observation History

Total Observations: 19
Recent Activity: Multiple DNSBL listings observed as of June 26, 2026
Operator Score: Minimal (0.1)
Threat Persistence: Single observation period
Ownership Stability: No ownership changes recorded

## Network Relationships

Total Relationships: 53
Primary Association: Same Network (OVH-CUST-281059694)
Classification: All relationships point to same OVH customer network

---

## Intelligence Assessment

The IP 15.235.96.20 belongs to Ahrefs corporate infrastructure but operates within a high-abuse subnet environment. The combination of:

1. High subnet abuse density (0.5352)

2. Multiple DNSBL listings (8 total, 1 high severity)

3. Geolocation inconsistencies

4. Lack of service exposure (firewalled)

Suggests this IP may be part of a larger infrastructure where legitimate and potentially malicious endpoints coexist. The subnet's 61% threat ratio (137/221 active siblings) indicates elevated risk context.

## Recommended Actions

1. Monitor for outbound connections from this IP to known malicious destinations

2. Validate geolocation data through independent sources

3. Review associated DNSBL listings for severity and recency

4. Consider subnet-level threat correlation for similar 15.235.96.x addresses

5. Block if specific threat indicators emerge; current risk level warrants monitoring rather than immediate blocking

---

Report Generated: IPDebrief Intelligence Platform

Status: Active Monitoring Recommended

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	—
City	Singapore
Timezone	—
Latitude	43.63
Longitude	-79.37

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059694
CIDR Block	15.235.96.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca015-san20.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca015-san20.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	4
routing	13%	1	1
services	12%	2	2
ownership	12%	2	2
reputation	28%	1	3
geolocation	23%	2	2
Overall	20%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-11 21:10:05 UTC
Last Seen	2026-06-27 19:54:37 UTC
Profile Built	2026-06-28 13:59:12 UTC
Data Freshness	Live
Signal Types	21
Total Observations	26

🔍 21 signal types · 26 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

15.235.96.20📋 Copy