141.94.123.106

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 141.94.123.106/32

Classification: Moderate Risk | Date: Current | Analyst: IPDebrief SOC

## Executive Summary

IP address 141.94.123.106 is a cloud VPS endpoint hosted by OVH SAS (ASN 16276) in Roubaix, France. The IP exhibits moderate risk characteristics with a risk score of 55 and demonstrates multiple DNSBL listings across three of eight monitored lists. Open RDP connectivity and neighborhood threat indicators warrant monitoring and potential firewall restriction.

## Infrastructure Profile

Organization: OVH SAS (OVH SAS)
Network: VPS-EU-WEST-RBX-VPS-1 (141.94.123.0/24)
Geolocation: Roubaix, France (FR)
Infrastructure Type: CloudCompute / VPS Hosting
DNS Resolution: vps-a77076d6.vps.ovh.net
Network Classification: Cloud, Hosting, Non-Residential

## Risk Assessment

Metric	Value	Assessment
Risk Score	55	Moderate Risk
Provider Score	0	N/A
Authority Score	0	N/A
DNSBL Listings	3/8	Listed
Operator Score	0.2609	Basic
GeoConsensus	Yes	Validated

## Threat Indicators

Blacklist Status: Listed on 3 of 8 threat feeds
Maximum Severity: High
Tor/Proxy: No
Known Attacker: No
Spam Source: No
Campaign Association: None detected

## Network Exposure

Open Ports: TCP/3389 (RDP)
Service Purpose: Single-Service Host
DNSSEC: Valid
IPv4/IPv6: IPv4 Only

## Temporal Analysis

Observation Count: 18 historical signals
Ownership Changes: None
Threat Persistence: 0 days
Route Stability: Unstable (route changes detected)
Recent Activity: Multiple observations confirm persistent cloud hosting classification

## Neighborhood Analysis (141.94.123.0/24)

Subnet Abuse Density: 0.3333 (33%)
Subnet Classification: Mostly Clean
Total Siblings: 3
Active Siblings: 2
Threat Siblings: 1
Neighbor Risk Distribution: 2 Medium, 0 High, 0 Low
Identified Neighbors:

- 141.94.123.104 (Risk: 55, Authority: 60)

- 141.94.123.108 (Risk: 55, Authority: 60)

## Intelligence Relationships

DNS Associations: vps-a77076d6.vps.ovh.net (multiple records)
Network Association: VPS-EU-WEST-RBX-VPS-1
Total Relationships: 21

## Recommended Actions

Based on the risk profile and exposure analysis, the following actions are recommended:

1. Block RDP Access: Restrict or monitor TCP/3389 inbound traffic to mitigate remote access exploitation risk

2. Monitor DNSBL Listings: Investigate the three blacklist listings to determine source of reputation degradation

3. Subnet-Level Monitoring: Correlate traffic patterns with neighbor IPs (141.94.123.104, 141.94.123.108) due to shared abuse density

4. Traffic Analysis: Implement logging for outbound connections to understand potential command-and-control or lateral movement patterns

## SOC Analyst Notes

This IP represents a shared OVH VPS infrastructure with elevated risk indicators. The open RDP port combined with DNSBL listings suggests potential misconfiguration or compromise. While no active attacks were identified, the neighborhood abuse density of 33% indicates this subnet warrants continued monitoring. Recommend blocking unsolicited inbound connections and implementing egress filtering.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	—
City	Roubaix
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	OVH SAS
ASN	AS16276
Network Name	VPS-EU-WEST-RBX-VPS-1
CIDR Block	141.94.123.0/24
RIR	RIPE
Country	FR
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vps-a77076d6.vps.ovh.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vps-a77076d6.vps.ovh.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
3389	rdp	tcp	—
Closed Ports	22, 25, 80, 443, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	45%	2	3
routing	8%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	22%	1	2
geolocation	25%	2	2
Overall	24%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-25 12:41:29 UTC
Last Seen	2026-06-29 01:29:20 UTC
Profile Built	2026-06-29 07:33:24 UTC
Data Freshness	Live
Signal Types	19
Total Observations	21

🔍 19 signal types · 21 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

141.94.123.106📋 Copy