15.235.96.52
# IP Intelligence Briefing: 15.235.96.52
## Executive Summary
IP 15.235.96.52 is a moderate-risk cloud infrastructure endpoint hosted on OVH's global network. The IP resolves to ahostname associated with Ahrefs (ahrefs.net), operates within a high-abuse-density subnet, and exhibits geolocation inconsistencies that warrant operational monitoring.
---
## Network Ownership & Classification
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 15.235.96.0/24
- Infrastructure Type: CloudCompute / Hosting
- Provider Classification: OVH (Cloud provider)
- BGP Prefix: 15.235.0.0/17
---
## Threat Indicators
| Indicator | Status |
|---|---|
| Blacklist Count | 0 |
| Known Attacker | No |
| Tor Exit Node | No |
| Known Spam Source | No |
| Campaign Association | None |
| Overall Risk Score | 40 (Moderate) |
No active threat indicators or blacklist entries were identified. The IP shows no current malicious activity patterns.
---
## Infrastructure Details
- DNS PTR Hostname: proxy-ca015-san52.ahrefs.net
- Domain Association: ahrefs.net
- Open Ports: None detected
- TLS/HTTP Services: None exposed
- DNSSEC Valid: Yes
- Route Stability: Stable (no route changes in 30 days)
---
## Geolocation Analysis
- Claimed Location: Singapore
- Country Code: CA
- Status: โ ๏ธ Geolocation Violation Detected
- Issue: Observed RTT (26ms) is 79% below minimum possible RTT (121.6ms) for the claimed distance (6,082km)
- Probe Count: 5
- Validation: GeoPlausible = False
The geolocation data is inconsistent with observed network measurements, suggesting either routing anomalies or data inaccuracies.
---
## Neighborhood Analysis
- Subnet: 15.235.96.0/24
- Abuse Density: 0.5352 (High Abuse)
- Classification: high_abuse
- Active Siblings: 221 / 256 total
- Threat Siblings: 137
- Neighbor Risk Distribution: 100 medium-risk endpoints
The /24 subnet exhibits elevated abuse density with approximately 53% of active neighbors flagged as threats. This indicates the broader network block warrants defensive consideration.
---
## Relationship Graph
- Total Relationships: 52
- Primary Association: Same Network (OVH-CUST-281059694)
- Network Type: Cloud infrastructure cluster
The IP is embedded within a dense OVH network infrastructure with multiple peer connections.
---
## Historical Observations
- Total Observations: 26
- Recent Activity: 2026-06-26
- Threat Persistence: 0 days (non-persistent)
- Ownership Changes: 0
- Operator Score: 0.4783 (Basic)
Historical data indicates no persistent malicious behavior, though the IP has been observed within a high-abuse environment.
---
## Recommended Actions
Based on the moderate risk profile and neighborhood abuse density:
1. Monitor Closely: Track for any escalation in threat indicators
2. Subnet-Level Awareness: The /24 subnet shows 53% abuse density; consider broader network policies
3. Geolocation Validation: Implement RTT-based location validation to detect routing anomalies
4. DNS Monitoring: Watch for any changes to ahrefs.net hostname resolution
5. Firewall Rules: No immediate blocking required, but consider rate-limiting or geo-fencing if applicable
---
## Intelligence Conclusion
IP 15.235.96.52 is a cloud infrastructure endpoint associated with Ahrefs' network infrastructure on OVH. While the individual IP shows no direct threat indicators, the high-abuse-density neighborhood and geolocation inconsistencies suggest operational vigilance is warranted. The endpoint is currently classified as moderate risk with no active malicious indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san52.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san52.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 28% | 12 | 18 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 22:44:28 UTC |
| Last Seen | 2026-06-27 20:40:12 UTC |
| Profile Built | 2026-06-28 14:46:41 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 32 |
Full dossier details are available via our API.