IPDebrief

15.235.96.35

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 15.235.96.35/32

Date: 2026-06-17

Classification: Moderate Risk / High-Abuse Neighborhood

Source: IPDebrief Threat Intelligence Platform

---

## Executive Summary

IP 15.235.96.35 is a cloud hosting endpoint operated by OVH (ASN 16276) under the organization Dmytro, Ahrefs Pte Ltd. The IP presents a moderate risk profile (score: 40) but operates within a high-abuse density subnet (abuse density: 0.6719). The endpoint is associated with the ahrefs.net domain infrastructure and is currently firewalled with no active services.

---

## Network & Ownership Profile

AttributeValue
**ASN**16276
**Organization**Dmytro, Ahrefs Pte Ltd
**Network Block**15.235.96.0/24
**Provider**OVH (CloudCompute)
**Infrastructure Type**Cloud Hosting
**IP Classification**Cloud Endpoint
**Risk Score**40 (Moderate)
**Status**Active, Firewalled

---

## Threat Indicators

---

## Neighborhood Analysis (15.235.96.0/24)

MetricValue
**Total Subnet IPs**256
**Active Siblings**213
**Threat Siblings**172
**Abuse Density**0.6719 (High)
**Risk Distribution**0 High, 98 Medium, 2 Low

The subnet exhibits significant abuse activity with 67% abuse density. The target IP is surrounded by 172 known threat-sibling endpoints, indicating this is a shared cloud infrastructure block with elevated malicious activity.

---

## DNS & Infrastructure

AttributeValue
**PTR Hostname**proxy-ca015-san35.ahrefs.net
**Domain**ahrefs.net
**Forward Resolution**Confirmed (1 hostname)
**Open Ports**None (Firewalled)
**TLS Certificate**None
**HTTP Service**None
**SPF Record**Not configured
**DMARC Record**Not configured

---

## Geolocation

AttributeValue
**Country**Singapore (CA with 3000km radius)
**City**Singapore
**Accuracy Radius**3000km
**Geo Plausibility**True
**Minimum Possible RTT**121.6ms
**Observed RTT**~485-545ms

*Note: Geographic discrepancy detected between reported CA and plausible Singapore location. 3000km accuracy radius indicates geolocation uncertainty.*

---

## Temporal Analysis & History

- Subnet abuse density maintained at 0.6719

- Operator score stable at 0.2174

- Geographic signals show CA reporting with 35% confidence

---

## Relationship Graph

---

## Security Recommendations

1. Allow/Block Decision: Given moderate risk score (40) and association with legitimate ahrefs.net infrastructure, default action should be ALLOW unless specific malicious activity is observed.

2. Neighborhood Context: Monitor traffic patterns due to high-abuse density (0.6719) in parent subnet. 172 threat siblings indicate elevated risk environment.

3. Traffic Analysis: Apply behavioral analysis for outbound connections from this subnet. Cloud hosting environments in this block show mixed legitimate and malicious use.

4. DNS Policy: Monitor for DNS queries to proxy-ca015-san35.ahrefs.net for potential credential harvesting or proxy abuse.

5. GeoValidation: Investigate geographic reporting discrepancies between CA and Singapore data for potential spoofing or data center misreporting.

---

Analyst Notes: This endpoint represents legitimate cloud infrastructure with moderate risk. However, the high-abuse neighborhood context warrants ongoing monitoring. No immediate blocking recommended without additional threat intelligence correlation.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ฆ Canada
Regionโ€”
CitySingapore
Timezoneโ€”
Latitude43.63
Longitude-79.37

๐Ÿข Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059694
CIDR Block15.235.96.0/24
RIRARIN
CountrySingapore
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTRproxy-ca015-san35.ahrefs.net
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca015-san35.ahrefs.net

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting โ€” Infrastructure provider without advanced routing
Hosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
29%
24
routing
13%
11
services
12%
22
ownership
19%
22
reputation
31%
13
geolocation
39%
23
Overall24%1015
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) โ€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
โš  Claimed geolocation contradicts RTT physics measurement

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-07 23:03:46 UTC
Last Seen2026-06-27 00:15:52 UTC
Profile Built2026-06-27 14:29:20 UTC
Data FreshnessLive
Signal Types21
Total Observations28
๐Ÿ” 21 signal types ยท 28 observations collected
This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.