15.235.96.77📋 Copy

## IP Intelligence Briefing: 15.235.96.77/32

Classification: Moderate Risk | Infrastructure: Cloud Compute (OVH) | Report Date: 2026-06-29

Executive Summary

IP 15.235.96.77 is a cloud-hosted address associated with OVH infrastructure under ASN 16276 (Dmytro, Ahrefs Pte Ltd). The address maintains a moderate risk profile (score: 50) with DNS resolution to proxy-ca015-san77.ahrefs.net. Recent signal observations indicate blacklist listings with high severity ratings. The /24 subnet (15.235.96.0/24) exhibits high abuse density (0.7031), with 180 of 256 sibling IPs flagged as threats.

Risk Assessment

Threat Indicators: No active threat feeds matched. No known attacker or spam source classification. Blacklist count: 0 in current profile. However, history shows 8 total blacklist listings with high severity observed.

Infrastructure Profile

• Organization: Dmytro, Ahrefs Pte Ltd
• ASN: 16276 (OVH)
• Network: OVH-CUST-281059694
• Registration: RIR: RIPE (delegation age: 9,247 days)
• Infrastructure Type: Cloud Compute (OVH hosting)
• Network Role: Hosting infrastructure (firewalled/no services exposed)
• DNS: proxy-ca015-san77.ahrefs.net (forward resolution confirmed)

Geolocation Analysis

Note: Significant geolocation inconsistency detected. IP reports Singapore location but RTT measurements indicate actual distance of 6,082 km from probe origin, suggesting potential location spoofing or data center misreporting.

Neighborhood Analysis (15.235.96.0/24)

• Total Siblings: 256
• Active Siblings: 220
• Threat Siblings: 180
• Abuse Density: 0.7031 (High)
• Subnet Classification: High Abuse

Neighbor Risk Distribution:

• High Risk: 0
• Medium Risk: 80
• Low Risk: 20

Sample Neighbor Risk Scores:

• 15.235.96.0: Risk 40, Authority 50
• 15.235.96.1: Risk 50, Authority 50
• 15.235.96.2-4: Risk 40, Authority 50

Historical Signal Analysis

Observation Count: 25 signals tracked

Recent Activity (June 2026):

• 2026-06-29: Multiple blacklist listings detected with high severity
• 2026-06-29: Operator score maintained at 0.4348 (Basic classification)
• 2026-06-21: Subnet abuse density confirmed at 0.7031
• 2026-06-21: No campaign correlations detected

Temporal Indicators:

• Ownership changes: 0
• Threat persistence days: 0
• Threat observation count: 0
• Persistently malicious: No

Network Relationships

Total relationships identified: 34

• Primary relationship type: Same Network (OVH-CUST-281059694)
• No external organization or certificate relationships detected
• No correlated IP campaigns

Recommended Defensive Actions

Based on current risk profile and neighborhood abuse density, the following firewall rules are recommended:

iptables:

```

iptables -A INPUT -s 15.235.96.77 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 15.235.96.77 drop

```

nginx:

```

deny 15.235.96.77;

```

pfSense:

```

15.235.96.77/32

```

Cloudflare WAF:

```json

{"description":"Block 15.235.96.77 — IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 15.235.96.77"}}

```

AWS WAF:

```json

{"Addresses":["15.235.96.77/32"],"Description":"IPDebrief risk 50"}

```

Analyst Assessment

This IP resides on OVH cloud infrastructure with legitimate DNS hosting for Ahrefs domain. However, the following risk factors warrant defensive consideration:

1. High Subnet Abuse Density: The /24 subnet shows 70.31% abuse density with 180 threat siblings

2. Recent Blacklist Activity: High-severity blacklist listings observed in late June 2026

3. Geolocation Inconsistencies: Significant RTT discrepancy suggests potential data integrity issues

4. Cloud Infrastructure Context: Hosting infrastructure with no exposed services may indicate compromised or misconfigured cloud assets

Recommendation: Implement blocking at network perimeter. Monitor for related IPs in the same /24 subnet. Correlate with threat intelligence feeds for any additional context on abuse patterns.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.