15.235.96.59
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 15.235.96.59/32
Classification: Moderate Risk (Score: 40/100)
Report Date: 2026-06-19
---
## EXECUTIVE SUMMARY
IP 15.235.96.59 is a cloud compute infrastructure address hosted on OVH network (ASN 16276) under Ahrefs Pte Ltd. The IP is currently classified as high_abuse within its /24 subnet with a 65.23% abuse density rating. While the target IP shows no direct threat indicators, its neighborhood exhibits significant abuse activity, warranting defensive monitoring.
---
## OWNERSHIP & NETWORK CLASSIFICATION
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| Infrastructure Type | CloudCompute |
| Service Provider | OVH |
Network Role: The IP is classified as cloud hosting infrastructure with no open services detected (firewalled/no services).
---
## GEOGRAPHIC ANALYSIS
| Attribute | Value |
|---|---|
| Country | CA |
| City | Singapore |
| Accuracy Radius | 3000km |
| GeoSource Count | 1 |
| GeoConsensus | Yes |
Note: RTT validation shows discrepancy (28ms observed vs. 121.6ms minimum possible for stated distance), suggesting geolocation data quality variance.
---
## DNS & NETWORK BEHAVIOR
| Attribute | Value |
|---|---|
| PTR Hostname | proxy-ca015-san59.ahrefs.net |
| Forward Resolution | proxy-ca015-san59.ahrefs.net |
| Domain | ahrefs.net |
| Forward Confirmed | No |
| Open Ports | None |
| TLS Certificate | None |
Observation: The IP resolves to a Ahrefs proxy hostname, indicating legitimate use in connection with the SEO analytics platform.
---
## THREAT LANDSCAPE
| Metric | Value |
|---|---|
| Abuse Confidence Score | Not Available |
| Is Tor Exit | No |
| Is Known Attacker | No |
| Is Spam Source | No |
| Blacklist Count | 0 |
| DNSBL Listed | 1/8 lists |
Direct Threat Indicators: None detected against the target IP itself.
---
## NEIGHBORHOOD ANALYSIS (15.235.96.0/24)
| Metric | Value |
|---|---|
| Subnet Classification | high_abuse |
| Abuse Density | 65.23% |
| Total Siblings | 256 |
| Active Siblings | 215 |
| Threat Siblings | 167 |
| Inherited Risk | 26/100 |
Neighborhood Risk: The /24 subnet shows elevated abuse activity with 167 threat siblings among 215 active IPs. This contextual risk factor suggests the broader network segment may be hosting compromised or misconfigured systems.
---
## OBSERVATION HISTORY
- Total Observations: 22
- Threat Observation Count: 1
- Persistence Status: Not persistently malicious
- Recent Signals:
- 2026-06-19: Subnet abuse density 65.23% (high_abuse classification)
- 2026-06-19: Operator score 0.2174 (minimal)
- 2026-06-14: DNS resolution to ahrefs.net confirmed
---
## RECOMMENDED SECURITY ACTIONS
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 15.235.96.59 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.96.59 drop
```
WAF Rules
```
# Cloudflare WAF
{
"description": "Block 15.235.96.59 โ IPDebrief risk score 40",
"action": "block",
"filter": {"expression": "ip.src eq 15.235.96.59"}
}
# AWS WAF
{
"Addresses": ["15.235.96.59/32"],
"Description": "IPDebrief risk 40"
}
```
Network Segmentation Recommendation
Block or monitor traffic from the entire 15.235.96.0/24 subnet due to 65.23% abuse density in the neighborhood.
---
## ANALYST NOTES
The target IP shows no direct malicious indicators but operates within a high-abuse network segment. The association with ahrefs.net suggests legitimate use, though the elevated neighborhood risk warrants defensive blocking or enhanced monitoring. Recommend correlating with threat intelligence feeds for Ahrefs infrastructure before implementing permanent blocking measures.
Risk Level: MODERATE
Action Priority: MEDIUM
Confidence: HIGH (based on neighborhood context)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san59.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san59.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 13:23:40 UTC |
| Last Seen | 2026-06-28 00:42:33 UTC |
| Profile Built | 2026-06-28 18:47:25 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.