15.235.27.206
# IP Intelligence Briefing: 15.235.27.206/32
## Executive Summary
IP 15.235.27.206 is a moderate-risk (score: 40) cloud infrastructure address hosted by OVH (ASN: 16276) under the organizational block "Dmytro, Ahrefs Pte Ltd". The IP resolves to the ahrefs.net domain via PTR record proxy-ca013-san206.ahrefs.net. Geolocation validation shows significant inconsistencies between claimed Singapore location and actual network measurements. The /24 subnet exhibits high abuse density (0.707) with 181 threat-identified sibling IPs.
## Technical Profile
- Owner: OVH-CUST-281059692 (ASN: 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 15.235.27.0/24
- Infrastructure: Cloud hosting environment (OVH)
- Service Status: Firewalled - no open ports detected
- DNS Resolution: proxy-ca013-san206.ahrefs.net (ahrefs.net)
- Email Security: No SPF or DMARC records configured
## Risk Assessment
Overall Risk Score: 40 (Moderate Risk)
Key Risk Factors:
- Subnet classification: high_abuse
- Abuse density: 0.707 (elevated)
- Threat siblings in /24: 181 out of 256 total IPs
- Inherited risk score: 28
- DNSBL listed: 1 of 8 total lists
Mitigating Factors:
- No specific threat indicators (no known campaigns, no known attacker flags)
- No Tor exit node association
- No proxy/VPN indicators
- Infrastructure appears to be legitimate cloud hosting
## Geolocation Anomalies
Critical Validation Issue: Geolocation data shows RTT inconsistency.
- Claimed location: Singapore
- Claimed coordinates: 56.13°N, -106.35°W
- Measured RTT: 28-31ms average
- Minimum possible RTT for claimed distance (6,082 km): 121.6ms
- Conclusion: Location spoofing or inaccurate geolocation data. IP may be routed through different infrastructure than claimed.
## Neighborhood Analysis
The /24 subnet (15.235.27.0/24) shows concerning patterns:
- Total IPs: 256
- Active IPs: 223 (87% utilization)
- Threat-identified IPs: 181 (70%)
- Risk Distribution: 69 medium-risk, 31 low-risk, 0 high-risk
Notable neighbor IPs include multiple addresses with risk scores ranging from 25-50, indicating widespread but variable risk within the block.
## Observation History
Recent monitoring (20 observations) reveals:
- Persistent high_abuse classification in subnet
- Consistent network role identification as OVH cloud hosting
- DNS/CAA record observations confirming domain association
- Geolocation data remains inconsistent across observations
## Threat Intelligence Indicators
- Blacklist Status: 0 entries
- Known Campaigns: None identified
- Associated Domains: ahrefs.net
- Certificate Matches: None
- Banner/Service Matches: None
## Recommended Actions
1. Monitor Closely: The subnet's high abuse density warrants ongoing surveillance despite this IP's moderate individual risk score
2. Block if Necessary: Consider blocking if traffic patterns indicate abuse, given the neighborhood's elevated risk
3. Verify Legitimacy: Confirm ahrefs.net ownership and authorization to use this IP range
4. Monitor for Change: Track whether this IP's risk profile escalates given surrounding threat activity
## Conclusion
IP 15.235.27.206 operates within a high-abuse OVH subnet but shows no immediate indicators of malicious activity. The geolocation inconsistencies and neighborhood risk profile suggest defensive monitoring is warranted. The association with ahrefs.net indicates potential legitimate use, but the operational context requires continued vigilance.
---
*Intel generated from IPDebrief analysis. Date: Current*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san206.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san206.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:20 UTC |
| Last Seen | 2026-06-28 15:25:04 UTC |
| Profile Built | 2026-06-29 03:29:47 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.