15.235.27.212
# IP INTELLIGENCE BRIEFING: 15.235.27.212/32
Classification: Moderate Risk (Score: 40) | Status: Active Cloud Infrastructure
---
## EXECUTIVE SUMMARY
IP 15.235.27.212 is a cloud-compute resource hosted on OVH infrastructure (ASN 16276), operating within a high-abuse density subnet (15.235.27.0/24). The IP shows no active open services or ports but is associated with proxy infrastructure under the ahrefs.net domain. Geographic data indicates a Canada-based location with geolocation validation discrepancies.
---
## INFRASTRUCTURE PROFILE
Ownership & Provider:
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Name: OVH-CUST-281059692
- CIDR Block: 15.235.27.0/24
- Provider: OVH (CloudCompute infrastructure)
Network Classification:
- Infrastructure Type: CloudCompute, Hosting
- Connection Type: Cloud-based
- Status: Firewalled / No Services Exposed
- Tor/Proxy/Vpn: Negative indicators
---
## GEOLOCATION ANALYSIS
- Reported Location: Singapore (CA country code)
- Geographic Validation: FAILED β RTT 27ms violates minimum expected 121.6ms for stated distance (6,082km)
- Data Quality: Geo consensus not established; 2 geo sources with conflicting data
- Assessment: Location data unreliable; infrastructure physically positioned inconsistent with reported geolocation
---
## THREAT INDICATORS
Current Threat Status:
- Blacklist Count: 0
- Known Campaigns: None identified
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Signals:
- BGP Prefix: 15.235.0.0/17
- DNSBL Listings: 1 out of 8 total lists (dnsblListedCount: 1)
- Operator Score: 0.2174 (Minimal)
- Route Stability: False (isRouteStable: false)
---
## SUBNET ANALYSIS (15.235.27.0/24)
Abuse Density: 0.6406 (High Abuse Classification)
Subnet Statistics:
- Total Siblings: 256 IPs
- Active Siblings: 211
- Threat Siblings: 164
- Inherited Risk Score: 25
Neighborhood Risk Profile:
- Sampled Neighbors: 100 IPs analyzed
- Risk Distribution: 0 high, 100 medium, 0 low
- Assessment: Subnet exhibits elevated threat concentration; 64% abuse density indicates coordinated infrastructure usage
---
## OBSERVATION HISTORY
Recent Activity (2026-06-15):
- Abuse Density: 0.6406 (High Abuse)
- Control Operator Score: Minimal (0.2174)
- Confidence Levels: 0.60β0.75 across observation types
Temporal Patterns:
- Threat Persistence Days: 0
- Threat Observation Count: 0
- Ownership Changes: 0
- Status: Not persistently malicious; intermittent signal activity
Service Discovery:
- Open Ports: None detected
- HTTP/TLS: No services responding
- SSL Certificates: 0 certificates
---
## DNS & HOSTNAME ANALYSIS
PTR Resolution: proxy-ca013-san212.ahrefs.net
Domain Association: ahrefs.net
Forward Resolution: Confirmed (1 hostname)
Email Authentication: SPF and DMARC records not detected
---
## RECOMMENDED ACTIONS
Firewall/IPS Rules:
```
# Block inbound traffic to this IP
iptables -A INPUT -s 15.235.27.212 -j DROP
# Block related subnet if policy allows
iptables -A INPUT -s 15.235.27.0/24 -j DROP
# Monitor for outbound connections
iptables -A OUTPUT -d 15.235.27.212 -j LOG
```
WAF/Proxy Recommendations:
- Monitor for connections from this subnet to internal resources
- Flag outbound traffic to ahrefs.net subdomains
- Implement rate limiting for subnet 15.235.27.0/24
Monitoring Priorities:
1. Track subnet activity patterns (164 threat siblings indicate coordinated behavior)
2. Monitor for DNS tunneling or C2 communications to ahrefs.net infrastructure
3. Investigate geographic inconsistenciesβpotential spoofing or misconfiguration
---
## ANALYST NOTES
The IP operates within a high-abuse OVH subnet with significant threat concentration. While this specific endpoint shows no active malicious indicators, the subnet-level risk warrants defensive posture maintenance. Geographic validation failures and DNSBL associations suggest potential abuse infrastructure, though currently dormant. Monitor for activity resumption and consider blocking at perimeter if threat intelligence correlates with ongoing campaigns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca013-san212.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san212.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 40% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 18:28:43 UTC |
| Last Seen | 2026-06-28 22:28:07 UTC |
| Profile Built | 2026-06-29 04:30:36 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.