15.235.96.53
INTELLIGENCE BRIEFING: 15.235.96.53/32
Classification: MODERATE RISK | Date: Current | Status: Active Monitoring
---
EXECUTIVE SUMMARY
IP address 15.235.96.53 operates within a high-abuse density subnet (15.235.96.0/24) associated with OVH infrastructure. The IP resolves to Ahrefs corporate hosting with no active services detected. Despite legitimate corporate ownership, the subnet context warrants defensive attention due to elevated abuse density and DNS blacklist listings.
---
PROFILE DATA
Risk Assessment
- Overall Risk Score: 40/100 (Moderate)
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
- Reputation Label: Moderate Risk
Network Attribution
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 15.235.96.0/24
- Infrastructure Type: Cloud Compute / Hosting
- Connection Type: Firewalled / No Services
Geolocation
- Reported Country: Canada (CA)
- City: Singapore (geo-inconsistent)
- Distance Anomaly: 6,082 km from probe location
- RTT Violation: 30ms observed vs. 121.6ms minimum expected
- Status: Geographic data flagged as implausible
---
THREAT INDICATORS
DNS Reputation
- DNS Blacklist Listings: 1 of 8 total lists
- Listed Count: 1
- Maximum Severity: High
- PTR Hostname: proxy-ca015-san53.ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- DNSSEC: Valid
Service Exposure
- Open Ports: None detected
- TLS Certificate: None
- HTTP Service: None
- Status: No active services
Campaign Correlation
- Known Campaigns: None
- Cert Matches: 0
- Correlated IPs: 0
- Campaign Likelihood: None
---
SUBNET CONTEXT (15.235.96.0/24)
Abuse Metrics
- Abuse Density: 0.6992 (High)
- Classification: high_abuse
- Inherited Risk: 27
- Total Siblings: 256
- Active Siblings: 218
- Threat Siblings: 179
Risk Distribution Among Neighbors
- High Risk: 0
- Medium Risk: 87
- Low Risk: 13
Risk Assessment: The subnet exhibits elevated abuse density despite legitimate corporate ownership, suggesting compromised or misused resources within the customer block.
---
OBSERVATION HISTORY
Recent signals (2026-06-20):
- Network Classification: Hosting provider (OVH), Cloud infrastructure
- Geolocation Signals: Multiple sources (CA/Singapore) with conflicting data
- Abuse Density: Consistent high-abuse classification
- DNSSEC: Valid
- Blacklist Status: Active listing with high severity
Temporal Analysis: No evidence of persistent malicious behavior. Ownership changes: 0. Threat observation count: 0.
---
RELATIONSHIP GRAPH
Identified Relationships: 45
- Primary: Same network (OVH-CUST-281059694)
- Secondary: Limited to network-level associations
- No organizational, hostname, or certificate relationships detected beyond network scope
---
RECOMMENDED ACTIONS
Immediate Defensive Posture:
1. Monitor for outbound connections from 15.235.96.53
2. Review firewall rules for any existing blocks on this IP
3. Validate DNS blacklist listings (1 high-severity list)
4. Assess if legitimate Ahrefs traffic should be permitted or if blocking is warranted
Firewall Recommendations:
- Consider blocking if inbound connections are not expected from Ahrefs infrastructure
- Log all traffic for forensic analysis
- Monitor for C2 patterns given subnet abuse density
---
ANALYST NOTES: While the IP is legitimately associated with Ahrefs (SEO/traffic analysis provider), the high-abuse subnet context combined with DNS blacklist listings suggests potential compromise of neighboring resources or shared infrastructure misuse. SOC teams should weigh legitimate business use cases against subnet-level risk indicators when determining blocking policy.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san53.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san53.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 40% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mixed Signals (60%) โ 2 contradiction(s) |
| Attribution | Very Low (20%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Geo sources disagree on country: US, CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:31:19 UTC |
| Last Seen | 2026-06-28 23:14:27 UTC |
| Profile Built | 2026-06-29 05:15:30 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.