15.235.27.227
# IP Intelligence Briefing: 15.235.27.227/32
Classification: Moderate Risk / Cloud Infrastructure
Generated: 2026-06-20
Risk Score: 40/100
---
## Executive Summary
IP address 15.235.27.227 is classified as Moderate Risk (40/100) and operates within a high-abuse cloud infrastructure environment. The IP is hosted by OVH (ASN 16276) under the Ahrefs organization and resolves to the ahrefs.net domain. While no active threat indicators were identified, the subnet demonstrates elevated abuse density with 181 of 256 sibling IPs flagged as threats.
---
## Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 15.235.27.227/32 |
| **Provider** | OVH (ASN 16276) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059692 / 15.235.27.0/24 |
| **Infrastructure Type** | CloudCompute / Hosting |
| **DNS Resolution** | proxy-ca013-san227.ahrefs.net |
## Geolocation Assessment
Reported Location: Singapore
Validation Status: โ ๏ธ IMPLAUSIBLE
- Distance Discrepancy: 6,082 km from probe origin
- RTT Violation: 27.0ms observed vs 121.6ms minimum possible
- Geo Plausibility: Failed validation across 5 probe attempts
---
## Threat Assessment
Current Threat Indicators
- Active Threats: None detected
- Known Campaigns: 0 matches
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Analysis
- DNSBL Listed: 1 of 8 total lists (minimal impact)
- Route Stability: False (routing instability detected)
- RPKI State: Not validated
- IRR Consistency: Not verified
---
## Neighborhood Analysis: 15.235.27.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.707 (High) |
| **Total Siblings** | 256 |
| **Active Siblings** | 223 |
| **Threat Siblings** | 181 |
| **Subnet Classification** | High Abuse |
| **Sampled Risk Distribution** | 78 Medium, 22 Low, 0 High |
The /24 subnet exhibits significant abuse characteristics with 181 threat-identified IPs and sustained activity across 223 active siblings.
---
## Observation History (Last 18 Signals)
Recent observations indicate:
- Abuse Density: Consistent at 0.707 (high_abuse classification)
- Network Classification: OVH hosting infrastructure (is_cloud: true, is_hosting: true)
- Geolocation Signals: Multiple conflicting country reports (primary: CA)
- Operator Score: 0.2174 (Minimal operator reputation)
No persistent malicious behavior detected; threat observation count remains at 0.
---
## Recommended Security Actions
Firewall Rules (Immediate Implementation)
```bash
# iptables
iptables -A INPUT -s 15.235.27.227 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.27.227 drop
# nginx
deny 15.235.27.227;
# pfSense
15.235.27.227/32
# Cloudflare WAF
{"description":"Block 15.235.27.227 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 15.235.27.227"}}
# AWS WAF
{"Addresses":["15.235.27.227/32"],"Description":"IPDebrief risk 40"}
```
Risk-Based Recommendations
1. Block at perimeter: Moderate risk score (40) warrants blocking in most defensive postures
2. Monitor subnet: 15.235.27.0/24 demonstrates elevated abuse density; consider subnet-level filtering
3. Geolocation validation: False geolocation data may indicate misconfiguration or spoofing attempts
4. DNS monitoring: Monitor ahrefs.net for associated reputation changes
---
## Intelligence Conclusion
This IP represents a moderate-risk cloud infrastructure address within an elevated-abuse subnet. No active threat indicators were observed, but the high abuse density environment warrants defensive blocking and continued monitoring. The subnet's classification as "high_abuse" with 181 threat siblings suggests systemic abuse patterns that may impact broader security operations.
Recommended Action: Block at perimeter firewall with monitoring for subnet-level activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san227.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san227.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:16 UTC |
| Last Seen | 2026-06-28 13:43:04 UTC |
| Profile Built | 2026-06-29 07:49:48 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.