168.100.149.216📋 Copy

# IP INTELLIGENCE BRIEFING

Target: 168.100.149.216/32

Date: 2026-06-25

Classification: DEFENSIVE INTELLIGENCE

---

## EXECUTIVE SUMMARY

The target IP 168.100.149.216 belongs to Ahrefs Pte Ltd (AS140577) and maintains a low-risk profile (score: 25/100). While the IP is part of a legitimate Ahrefs infrastructure network, recent observations indicate blacklist listings and geolocation inconsistencies. No active services are running; the IP is firewalled with no open ports.

---

## OWNERSHIP & INFRASTRUCTURE

• Organization: Ahrefs Pte Ltd administrator
• ASN: 140577
• Network Block: 168.100.144.0/20
• Registration RIR: ARIN
• DNS PTR Host: proxy-us004-san16.ahrefs.net
• Forward Resolution: ahrefs.net domain confirmed

---

## GEOLOCATION ANALYSIS

Primary geolocation reports Ashburn, VA, US with 3750 km accuracy radius. However, historical signal data shows conflicting geolocation reports from Singapore (SG). This inconsistency warrants monitoring. Multiple geo sources were consulted but consensus was not achieved.

---

## THREAT INDICATORS

• Overall Risk Score: 25/100 (Low Risk)
• DNS Blacklist Status: Listed on 8 DNS blacklists with 1 active listing (high severity)
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Recent Threat Signals: 2 pulses detected (names redacted in source data)

---

## NEIGHBORHOOD CONTEXT

Subnet: 168.100.149.0/24

• Total Siblings: 240 (85 active)
• Threat Siblings: 64
• Abuse Density: 26.67%
• Classification: Mixed
• Risk Distribution: 0 high-risk, 17 medium-risk, 83 low-risk IPs

The subnet shows elevated threat activity relative to the broader network, though the target IP maintains a low individual risk score.

---

## OBSERVATION HISTORY (20 RECORDS)

Recent signals (2026-06-25) include:

• Threat indicators with high-severity blacklist listings
• DNS validation for ahrefs.net domain (CAA records present)
• Operator score: 0.087 (minimal)
• Routing and ownership data collected from 6 sources
• Some signals indicate threat persistence, though not consistently malicious

---

## NETWORK BEHAVIOR

• Services: No open ports detected (firewalled)
• TLS Certificate: None
• HTTP Services: None
• Connection Type: Not identified as CDN, cloud, VPN, or proxy
• BGP Route Status: Is route stable: No (route changes detected in 30-day period)
• RPKI State: Not validated
• DNSSEC: Valid

---

## RELATIONSHIP MAPPING

• DNS Associations: proxy-us004-san16.ahrefs.net (multiple records)
• Network Associations: AHREFS-US (same network)
• Total Relationships: 33 entities linked
• Campaign Correlation: No known campaign matches detected

---

## RECOMMENDED ACTIONS

Based on the low-risk profile (score 25), no immediate blocking or filtering is recommended. However, the following observations suggest ongoing monitoring:

1. Monitor DNS Blacklist Status: IP is listed on 8 blacklists despite low overall risk. Verify if listings are false positives or indicate legitimate service issues.

2. Track Geolocation Consistency: Resolve US vs SG discrepancy to determine if this indicates routing anomalies or multi-region infrastructure.

3. Subnet Context: Monitor subnet 168.100.149.0/24 for correlated activity; 64 threat siblings may indicate broader network activity.

4. Service Verification: Confirm no services should be running on this IP; if it's expected to be firewalled, current behavior is correct.

---

## CONCLUSION

IP 168.100.149.216 is part of Ahrefs' legitimate US infrastructure but exhibits some anomalous characteristics including blacklist presence and geolocation inconsistencies. The low risk score and lack of active services suggest this is a passive, firewalled infrastructure IP rather than an active threat source. Continue monitoring the subnet and blacklist status for context.

Threat Level: LOW

Recommended Action: MONITOR (no immediate blocking required)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.