15.235.96.223
Threat Intelligence Briefing: IP 15.235.96.223/32
Overview:
The IP address 15.235.96.223/32 was observed in a cybersecurity investigation. Analysis of this IP involved gathering data from multiple sources, including WHOIS records, geolocation tools, and threat intelligence databases. The goal was to develop a comprehensive profile, assess any associated risks, and provide actionable intelligence for Security Operations Center (SOC) analysts.
Profile:
- ASN Information: The IP address is associated with a specific Autonomous System Number (ASN), indicative of the network's origin.
- Hosting Provider: The IP is linked to a hosting provider known for cloud services and virtual private servers (VPS). This provider has a global presence and caters to both individual users and enterprises.
- Domain Association: At the time of analysis, this IP was linked to multiple domains, some of which are known to host dynamic content. These domains range across various industries, including e-commerce and content delivery services.
Geolocation:
- Location: The IP is geolocated to a major urban center in Asia. This location is consistent with the hosting provider's known data center locations.
- Latency Considerations: Given its geolocation, latency impacts for traffic originating from or destined for Western countries may be observed, which is typical for cloud-hosted services.
Observation History:
- Recent Activity: Analysis revealed that the IP address had experienced sporadic spikes in traffic, which were consistent with normal operational loads for cloud services. There were no significant anomalies detected in traffic patterns that would suggest malicious activity.
- Threat Intelligence Databases: Historical data from threat intelligence databases did not list this IP in any known malicious activity or threat campaigns. However, it was noted that the hosting provider's IPs are occasionally utilized in opportunistic attacks due to the shared nature of cloud resources.
Relationships and Neighborhood:
- Co-located IPs: Neighboring IP addresses within the same /24 subnet are also associated with the same hosting provider, reinforcing the legitimacy of the cloud hosting environment.
- Associated IPs: Some associated IPs were linked to domains that had previously been flagged for phishing activities. However, these instances were isolated and did not implicate the specific IP 15.235.96.223/32 directly.
Threat Assessment:
- Risk Level: Low. The IP address does not have a direct association with known malicious activities. However, due to its hosting provider's shared infrastructure model, there is a potential risk of misuse by other tenants.
- Recommendations:
- Monitoring: Continuous monitoring for unusual traffic patterns or access attempts from known threat actors is advised.
- Access Controls: Implement strict access controls and regularly review whitelisted IP ranges to minimize the risk of unauthorized access.
- Incident Response: Prepare to respond to any potential security incidents involving IP addresses from this provider by having an incident response plan in place.
Conclusion:
The IP address 15.235.96.223/32 is part of a legitimate cloud hosting environment, with no direct evidence of malicious use. However, due to the nature of shared hosting environments, SOC teams should maintain vigilance and implement robust monitoring and access control measures to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san223.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san223.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:46 UTC |
| Last Seen | 2026-06-27 00:13:12 UTC |
| Profile Built | 2026-06-27 14:25:53 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.