15.235.27.136
# IP Intelligence Briefing: 15.235.27.136/32
Classification: Moderate Risk
Risk Score: 50/100
Date: 2026-06-20
---
## Executive Summary
IP address 15.235.27.136 is a cloud infrastructure endpoint hosted on OVH infrastructure (ASN 16276) with moderate risk indicators. The IP resolves to hostnames associated with ahrefs.net, indicating potential legitimate use as a proxy or caching infrastructure. The address demonstrates inconsistent geolocation reporting (Canada/Singapore with 3,000km accuracy radius) and is hosted within a high-abuse-density subnet.
---
## Network Classification & Ownership
- Infrastructure Type: Cloud Compute (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 15.235.27.0/24
- BGP Prefix: 15.235.0.0/17
- Network Role: Hosting provider, firewalled endpoint with no open services detected
---
## Geolocation Analysis
Primary Classification: CA (Canada)
Secondary Classification: Singapore
Accuracy Radius: 3,000 km
Status: GeoInconsistent
The IP exhibits inconsistent geolocation reporting across multiple sources, with one source reporting Singapore coordinates (56.13°N, -106.35°E) and another reporting Canada. This inconsistency is typical of cloud infrastructure and may indicate CDN or proxy services operating across multiple geographic regions.
---
## Threat Indicators
| Indicator | Status |
|---|---|
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Blacklist Count | 0 |
| DNSBL Listed | Yes (2 of 8 lists) |
| Honeypot Hits | 0 |
Operator Score: 0.2174 (Minimal)
ISP Label: Operator Score indicates minimal operator reputation impact.
---
## Neighborhood Analysis
Subnet: 15.235.27.0/24
Total Siblings: 256
Active Siblings: 220
Threat Siblings: 173
Abuse Density: 0.6758 (High Abuse)
The /24 subnet demonstrates elevated abuse activity with 173 of 220 active sibling IPs flagged as threats. Risk distribution within the subnet: 81 medium risk, 19 low risk, 0 high risk. This suggests the subnet hosts a mix of legitimate and potentially compromised infrastructure.
---
## DNS & Service Analysis
- PTR Hostnames: proxy-ca013-san136.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed
- Open Ports: None detected
- TLS Certificates: None detected
- HTTP Services: None detected
The DNS records indicate this IP is associated with ahrefs.net infrastructure, which is a legitimate SEO and web analytics platform. However, the PTR hostname naming convention (proxy-*) suggests this may be a proxy or caching endpoint.
---
## Historical Observations
Total Observations: 17 signals
Observation Window: 2026-06-20
Recent observations indicate:
- Network classification consistent (cloud/hosting)
- Abuse density patterns stable
- No new threat indicators emerging
No significant changes in risk profile observed within the observation window.
---
## Recommended Security Actions
Based on the IP's risk profile and neighborhood context, the following firewall rules are recommended:
iptables:
```bash
iptables -A INPUT -s 15.235.27.136 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 15.235.27.136 drop
```
Cloudflare WAF:
```json
{
"description": "Block 15.235.27.136 โ IPDebrief risk score 50",
"action": "block",
"filter": {
"expression": "ip.src eq 15.235.27.136"
}
}
```
AWS WAF:
```json
{
"Addresses": ["15.235.27.136/32"],
"Description": "IPDebrief risk 50"
}
```
---
## Intelligence Assessment
The IP 15.235.27.136 presents a moderate risk profile with no direct threat indicators. While the DNS records point to legitimate ahrefs.net infrastructure, the high-abuse-density neighborhood context warrants attention. The subnet contains 173 identified threat siblings, suggesting potential for compromised neighbors.
Recommended Actions:
- Monitor for connection attempts from this IP
- Implement IP-based blocking if traffic patterns are suspicious
- Continue monitoring neighborhood abuse trends
- Evaluate connection legitimacy before allowing traffic
Confidence Level: Medium โ Risk assessment based on neighborhood context and DNS reputation, with no active threat indicators present.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san136.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san136.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 03:35:01 UTC |
| Last Seen | 2026-06-28 08:15:16 UTC |
| Profile Built | 2026-06-29 02:20:21 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.