15.235.27.223
# IP Intelligence Briefing: 15.235.27.223/32
## Executive Summary
IP 15.235.27.223 presents moderate risk (score: 40) associated with OVH cloud infrastructure. The address resolves to Ahrefs Pte Ltd customer network and exhibits characteristics consistent with legitimate cloud hosting operations. However, the parent subnet demonstrates elevated abuse density requiring contextual monitoring.
## Risk Assessment
| Metric | Value |
|---|---|
| Overall Risk Score | 40 (Moderate) |
| Provider Score | 0 |
| Authority Score | 0 |
| Reputation | Moderate Risk |
## Infrastructure Profile
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Netblock: 15.235.27.0/24
- Infrastructure Type: CloudCompute
- Connection State: Firewalled / No Services Detected
- Cloud Provider: OVH (confirmed)
## DNS Intelligence
- PTR Record: proxy-ca013-san223.ahrefs.net
- Forward Resolution: proxy-ca013-san223.ahrefs.net
- Domain: ahrefs.net
- HTTP/HTTPS: No active services detected
- TLS Certificates: None observed
## Geographic Data
- Consensus Location: Singapore (CA)
- Accuracy Radius: 3000 km
- Geo Consensus: Validated across multiple sources
## Neighborhood Analysis
Subnet: 15.235.27.0/24
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 223 |
| Threat Siblings | 182 |
| Abuse Density | 0.7109 (High) |
| Classification | High Abuse |
| Inherited Risk | 28 |
The parent subnet exhibits elevated abuse activity with 71% abuse density. This contextualizes the moderate risk score for the target IP as part of a broader high-abuse environment.
## Threat Indicators
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Correlation: None detected
- Cert Matches: 0
## Historical Observation
19 observations recorded over monitoring period. Consistent classification as cloud hosting infrastructure with stable provider attribution (OVH). No significant reputation degradation or escalation in threat indicators observed.
## Recommended Actions
Block List: Add 15.235.27.223/32 to deny rulesets
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 15.235.27.223 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.27.223 drop
# nginx
deny 15.235.27.223;
# Cloudflare WAF
{"description":"Block 15.235.27.223 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.27.223"}}
# AWS WAF
{"Addresses":["15.235.27.223/32"],"Description":"IPDebrief risk 40"}
```
## Intelligence Context
This IP represents legitimate cloud infrastructure (OVH/Ahrefs) operating within a high-abuse subnet environment. The moderate risk score reflects subnet-level contamination rather than individual IP malicious activity. Monitor for behavioral changes correlating with neighborhood abuse patterns.
---
*Report generated: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san223.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san223.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 40% | 2 | 3 |
| Overall | 26% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:22:08 UTC |
| Last Seen | 2026-06-28 21:09:39 UTC |
| Profile Built | 2026-06-29 03:12:46 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.