15.235.27.36
# IP Intelligence Briefing: 15.235.27.36
Date: 2026-06-16
Analyst: Automated Threat Intelligence System
Classification: Moderate Risk
## Executive Summary
IP 15.235.27.36 operates on OVH cloud infrastructure in Quebec, Canada with a moderate risk score of 40. The IP is associated with ares.net domain infrastructure and operates within a high-abuse density subnet (0.6406). Historical signals indicate proxy/VPN-type behavior with elevated risk indicators from third-party threat feeds.
## Threat Profile
Risk Assessment
- Risk Score: 40 (Moderate Risk)
- Provider Score: 0 (No provider-specific threat indicators)
- Authority Score: 0 (No authority-level indicators)
- Abuse Confidence: Insufficient data
- Threat Persistence: Not persistently malicious
- Threat Observation Count: 1
Network Classification
- Infrastructure Type: CloudCompute
- Hosting Provider: OVH SAS (AS16276)
- Network Block: 15.235.27.0/24
- Geographic Location: Beauharnois, Quebec, Canada
- Connection Type: Cloud-based hosting environment
- Services: Firewalled / No active services detected
DNS & Hostname Analysis
- Primary Hostname: proxy-ca013-san36.ahrefs.net
- Resolved Domain: ahrefs.net
- DNSSEC: Valid
- Forward Confirmation: Inconsistent (forward resolution not confirmed)
- PTR Records: proxy-ca013-san36.ahrefs.net
Threat Indicators
- DNSBL Listings: 1 of 8 total lists
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- Campaign Matches: 0
## Neighborhood Analysis
The IP operates within subnet 15.235.27.0/24 showing elevated abuse characteristics:
| Metric | Value |
|---|---|
| Subnet Abuse Density | 0.6406 (High) |
| Total Siblings | 256 |
| Active Siblings | 211 |
| Threat Siblings | 164 |
| Subnet Classification | high_abuse |
| Inherited Risk | 25 |
Risk distribution across subnet neighbors:
- High Risk: 0
- Medium Risk: 46
- Low Risk: 54
## Historical Signal Analysis
18 observations collected with recent activity on 2026-06-16:
- Latest Routing Signal: Operator score 0.2174 (Minimal)
- ISP Classification: Proxy/VPN-type behavior identified
- Subnet Signal: Classified as high_abuse with 0.6406 density
- Third-Party Risk: proxycheck-io reports risk score of 66
- Ownership Stability: No ownership changes detected
## Network Relationships
- Network Relationships: 15+ associations to OVH-CUST-281059692
- DNS Associations: 15 hostname associations to proxy-ca013-san36.ahrefs.net
- Total Relationships: 29
## Recommended Security Actions
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 15.235.27.36 -j DROP
# nftables
nft add rule inet filter input ip saddr 15.235.27.36 drop
# nginx
deny 15.235.27.36;
# pfSense
15.235.27.36/32
# Cloudflare WAF
Action: Block
Expression: ip.src eq 15.235.27.36
# AWS WAF
Addresses: 15.235.27.36/32
Description: IPDebrief risk 40
```
Intelligence Notes
1. The subnet shows high abuse density (0.6406) with 164 identified threat siblings out of 211 active IPs
2. Third-party threat feeds classify this IP as proxy/VPN-type infrastructure
3. No active open ports or services detected on the IP
4. DNS associations point to ahrefs.net infrastructure (legitimate SEO tools company)
5. Consider blocking at perimeter if traffic patterns suggest abuse, as subnet-wide risk is elevated
Recommendation: Monitor inbound traffic from this IP for anomalous patterns. The moderate risk score (40) combined with high-abuse subnet context warrants defensive posture but does not indicate confirmed malicious activity.
---
*This intelligence briefing is generated from IPDebrief automated analysis. Validate findings with additional threat intelligence sources before implementing security controls.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059692 |
| CIDR Block | 15.235.27.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca013-san36.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca013-san36.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 00:49:41 UTC |
| Last Seen | 2026-06-29 02:19:44 UTC |
| Profile Built | 2026-06-29 02:27:11 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.