15.235.27.113📋 Copy

# IP INTELLIGENCE BRIEFING

Target: 15.235.27.113/32

Date: Current

Classification: Moderate Risk

---

## Executive Summary

IP address 15.235.27.113 is assigned to OVH hosting infrastructure under customer organization Ahrefs Pte Ltd (ASN 16276). The IP carries a moderate risk score of 40 and is part of a high-abuse density subnet (15.235.27.0/24) with a 0.7109 abuse density rating. The IP shows no active threat indicators in current profiles but operates within a neighborhood containing 182 identified threat siblings.

---

## Network Profile

---

## Geolocation Analysis

• Reported Country: CA (Canada)
• Reported City: Singapore
• Validation Status: ⚠️ GEOLOCATION INCONSISTENT
• RTT Anomaly: 26ms measured RTT violates minimum possible RTT of 121.6ms for 6082km distance to Singapore
• Accuracy Radius: 3000km

The geolocation data contains contradictory signals with country code "CA" conflicting with city "Singapore," and RTT measurements indicate the data is unreliable.

---

## DNS and Hostname Intelligence

The PTR record resolves to a hostname associated with Ahrefs infrastructure. Forward confirmation failed.

---

## Threat Indicators

• Abuse Confidence Score: Not available
• Blacklist Count: 0
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Known Campaigns: None detected
• Threat Feeds: Empty

Current Threat Posture: No active threat indicators present in the IP profile.

---

## Network Neighborhood Assessment

The IP resides in subnet 15.235.27.0/24 with the following characteristics:

Risk distribution among neighbors: 0 high-risk, 59 medium-risk, 41 low-risk.

---

## Service Exposure

• Open Ports: None detected
• TLS Certificate: Not available
• HTTP Title: Not available
• Service Purpose: Firewalled / No Services

The IP shows no active services and appears firewalled.

---

## Historical Observations

• Total Observations: 23
• Recent Signal Types:

- Cloud infrastructure classification (2026-06-28)

- High-abuse subnet classification (2026-06-20)

- Geolocation signals (2026-06-20)

• Threat Persistence Days: 0
• Ownership Changes: 0

The IP has been consistently classified within a high-abuse subnet with no ownership changes.

---

## Recommended Actions

Based on the moderate risk score and high-abuse subnet environment, the following firewall rules are recommended:

```bash

# iptables

iptables -A INPUT -s 15.235.27.113 -j DROP

# nftables

nft add rule inet filter input ip saddr 15.235.27.113 drop

# Cloudflare WAF

{"description":"Block 15.235.27.113 — IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.27.113"}}

# AWS WAF

{"Addresses":["15.235.27.113/32"],"Description":"IPDebrief risk 40"}

```

---

## Intelligence Notes

1. Subnet Risk: The /24 subnet (15.235.27.0/24) is classified as high_abuse with 182 threat siblings out of 223 active IPs. This suggests the entire subnet warrants elevated scrutiny.

2. Geolocation Reliability: The geolocation data is unreliable due to RTT violations and country/city mismatches. Do not rely on country or city for threat correlation.

3. Infrastructure Context: The IP is hosted on OVH cloud infrastructure with no active services detected. The PTR hostname indicates association with Ahrefs.net infrastructure.

4. Action Threshold: While the IP carries no active threat indicators, the high-abuse density of its subnet (0.7109) and the presence of 182 threat siblings suggest defensive blocking is warranted as a precautionary measure.

---

Analyst: IPDebrief Intelligence Team

Status: Complete

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.