15.235.27.180
# IP Intelligence Briefing: 15.235.27.180/32
## Executive Summary
IP 15.235.27.180 is a moderate-risk address (Risk Score: 50/100) hosted on OVH infrastructure under Ahrefs Pte Ltd ownership. The IP resolves to a proxy hostname on ares.net domain and operates within a high-abuse density subnet. No active threat indicators were observed, but the subnet context suggests elevated baseline risk.
## Profile Overview
- Risk Score: 50 (Moderate Risk)
- Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059692
- CIDR Block: 15.235.27.0/24
- Geolocation: Reported Singapore (CA country code); geographically implausible with 6082km distance from expected location
## Network Classification
- Infrastructure Type: CloudCompute (Cloud Hosted)
- Connection Type: Hosting Provider
- Services: No active services detected (Firewalled / No Services)
- DNS PTR: proxy-ca013-san180.ahrefs.net
- Forward Resolution: Confirmed (ahrefs.net domain)
- TLS/HTTP: No certificates or HTTP services observed
## Threat Indicators
- Blacklist Count: 0
- Known Attacker: No
- Known Spam Source: No
- Tor Exit Node: No
- Active Threat Campaigns: None
- DNSBL Listed: 2 of 8 total lists
## Subnet Context (15.235.27.0/24)
- Classification: High Abuse
- Abuse Density: 0.5156 (51.56%)
- Total Siblings: 256
- Active Siblings: 227
- Threat Siblings: 132
- Inherited Risk Score: 20
The subnet demonstrates elevated abuse activity, with approximately 51% of addresses flagged as threats. This contextual risk should factor into security decisions despite the individual IP's moderate classification.
## Observation History
- Total Observations: 21 signals recorded
- Threat Persistence: 0 days (not persistently malicious)
- Recent Signals: Multiple geolocation and ownership signals with confidence scores ranging from 0.18 to 0.85
- Temporal Stability: No ownership changes detected; threat observation count: 1
## Recommended Security Actions
Immediate Blocking Rules
```bash
# iptables
iptables -A INPUT -s 15.235.27.180 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.27.180 drop
# Nginx
deny 15.235.27.180;
# pfSense
15.235.27.180/32
# Cloudflare WAF
Expression: ip.src eq 15.235.27.180
Action: block
# AWS WAF
Addresses: 15.235.27.180/32
Description: IPDebrief risk 50
```
Analysis Notes
The IP resolves to Ahrefs infrastructure, a legitimate SEO analytics company. The moderate risk score combined with the high-abuse subnet classification suggests this address may be used for legitimate purposes but exists in a neighborhood with elevated malicious activity. Blocking is recommended based on risk score and subnet context, though verification of Ahrefs service legitimacy should be performed if legitimate operations are expected from this IP.
## Intelligence Assessment
This IP represents a moderate-risk asset on a high-density abuse subnet. The absence of active threat indicators and lack of blacklisting suggest the address itself is not directly malicious, but the subnet environment warrants defensive measures. Recommended action is to block at the perimeter while monitoring for any legitimate traffic patterns that may require whitelist exceptions.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san180.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san180.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 23% | 2 | 2 |
| reputation | 34% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:42:49 UTC |
| Last Seen | 2026-06-27 20:50:41 UTC |
| Profile Built | 2026-06-28 14:55:54 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.