15.235.96.95
IP Intelligence Briefing: 15.235.96.95
*Generated via IPDebrief Analysis*
---
**Core Profile**
- Risk Rating: Moderate (Risk Score: 40/100)
- Ownership:
- ISP: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059694
- Geolocation:
- Claimed: Singapore (CA)
- Plausibility: False (RTT anomalies suggest spoofed location)
- Distance: 6,082 km (minimum possible RTT: 121.6ms vs. observed 32ms)
- Network Role:
- Type: Cloud Compute (OVH Hosting)
- Services: No open ports, no TLS certs, no HTTP services detected
---
**Threat Indicators**
- No direct malicious signals: No malware indicators, blacklists, or spam sources.
- Subnet Risk:
- Abuse Density: 58.82% (high risk)
- Threat Neighbors: 150/255 IPs in 15.235.96.0/24 flagged as threats.
- Inherited Risk: 23/100 (likely due to subnet exposure).
---
**Observation History**
- Latest Activity: June 13, 2026
- Abuse Classification: High-risk subnet (15.235.96.0/24)
- RTT Anomaly: Observed 32ms RTT vs. expected 121.6ms for 6,082km distance.
- Geolocation Mismatch: IP claims Singapore but RTT suggests closer geographic origin.
---
**Network Relationships**
- Primary Relationships:
- Linked to OVH network (OVH-CUST-281059694).
- Resolves to Ahrefs-related DNS (proxy-ca015-san95.ahrefs.net).
- Subnet Context:
- Total IPs: 255 (15.235.96.0/24)
- Active IPs: 181
- Threat IPs: 150 (58.82% abuse density).
---
**SOC Action Items**
1. Monitor Subnet: High abuse density in 15.235.96.0/24 suggests potential lateral movement or compromised infrastructure.
2. Verify Geolocation: Investigate RTT anomalies to confirm if the IP is spoofing location for evasion.
3. Check DNS Configuration: Validate Ahrefs-related DNS records for unexpected subdomains or misconfigurations.
4. Network Segmentation: Consider isolating this subnet if it contains sensitive assets, given the high threat exposure.
Note: No direct malicious activity detected, but the IPโs subnet is heavily compromised. Prioritize investigation into network segmentation and geolocation spoofing risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059694 |
| CIDR Block | 15.235.96.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca015-san95.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca015-san95.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:46 UTC |
| Last Seen | 2026-06-27 00:18:03 UTC |
| Profile Built | 2026-06-27 14:31:38 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.