15.235.96.211
# IP INTELLIGENCE BRIEFING: 15.235.96.211/32
## EXECUTIVE SUMMARY
IP address 15.235.96.211 is classified as Moderate Risk (Risk Score: 40). The IP is hosted on OVH infrastructure (ASN 16276) under customer registration OVH-CUST-281059694. The address resolves to the Ahrefs domain (proxy-ca015-san211.ahrefs.net) but shows geographic inconsistency with RTT data indicating a 6,082 km distance from reported Singapore location.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **AS Number** | 16276 (OVH) |
| **CIDR Block** | 15.235.96.0/24 |
| **Registration** | ARIN |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Geolocation** | CA (reported), Singapore (detected) |
---
## THREAT ASSESSMENT
Current Risk Score: 40 / 100
Threat Indicators:
- No known attack campaigns
- Not classified as Tor exit node, VPN, or proxy
- Zero blacklist listings
- No active threat indicators
Geolocation Anomaly:
- Reported country: Canada (CA)
- Detected RTT distance: 6,082 km (minimum possible: 121.6ms)
- Actual RTT: 28-32ms (indicates Asian location, likely Singapore)
- This discrepancy warrants attention for fraud detection
Control Plane:
- DNSSEC: Valid
- CAA: Present
- RPKI State: Not evaluated
- Route Stability: UNSTABLE (isRouteStable: false)
- DNSBL Listed: 1 of 8 total lists
---
## SUBNET ANALYSIS (15.235.96.0/24)
Abuse Classification: HIGH ABUSE
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7031 (70.31%) |
| **Total Siblings** | 256 |
| **Active Siblings** | 218 |
| **Threat Siblings** | 180 |
| **Inherited Risk** | 28 |
Neighbor Risk Distribution (sampled 100 IPs):
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
The /24 subnet exhibits elevated abuse density, with approximately 70% of addresses showing abuse indicators. This contextualizes the IP within a high-risk cloud hosting environment.
---
## NETWORK SERVICES
- Open Ports: None detected
- Service Status: Firewalled / No Services
- TLS Certificate: None
- HTTP Title: None
- Banner: None
The IP shows no active service signatures, consistent with a cloud hosting environment or dormant address.
---
## DNS RESOLUTION
- PTR Hostname: proxy-ca015-san211.ahrefs.net
- Forward Resolution: proxy-ca015-san211.ahrefs.net
- Domain: ahrefs.net
- Email Authentication: SPF/DMARC not configured
- Forward Resolution Count: 1
---
## OBSERVATION HISTORY
Total Observations: 19
Recent Activity: 2026-06-20
Key observations include:
- Subnet abuse density: 0.7031 (high_abuse classification)
- Provider classification: OVH hosting infrastructure
- Control plane operator score: 0.2174 (Minimal)
- No persistent malicious behavior detected
---
## RECOMMENDED ACTIONS
Based on the risk profile, the following blocking rules are recommended:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 15.235.96.211 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.96.211 drop
# nginx
deny 15.235.96.211;
# pfSense
15.235.96.211/32
# Cloudflare WAF
{"description":"Block 15.235.96.211 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.96.211"}}
# AWS WAF
{"Addresses":["15.235.96.211/32"],"Description":"IPDebrief risk 40"}
```
---
## INTELLIGENCE ASSESSMENT
This IP resides within a high-abuse-density cloud hosting subnet. While no direct attack indicators are present, the geographic inconsistency between reported and detected locations, combined with the subnet's abuse profile, warrants defensive blocking. The IP is not actively malicious but represents elevated contextual risk.
Recommended Action: BLOCK โ Due to high abuse subnet classification and geographic verification failure
---
*Report generated from IPDebrief intelligence platform data. All findings are based on observed signals and should be corroborated with additional threat intelligence sources.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san211.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san211.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mixed Signals (60%) โ 2 contradiction(s) |
| Attribution | Very Low (20%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Geo sources disagree on country: US, CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:21 UTC |
| Last Seen | 2026-06-28 15:28:14 UTC |
| Profile Built | 2026-06-29 03:32:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.