# IP Intelligence Briefing: 51.68.107.141
Classification: Moderate Risk / Hosting Infrastructure
Date: 2026-06-26
Analyst: IPDebrief Intelligence Unit
---
## Executive Summary
IP 51.68.107.141 is a moderate-risk (score: 50/100) hosting infrastructure address operated by OVH SAS (ASN: 16276) in France. The IP resolves to a web server associated with the domain mj12bot.com and exhibits mixed-risk characteristics within its /24 subnet neighborhood. No active threat indicators or known malicious activity detected at this IP, though neighborhood analysis indicates elevated abuse density (0.5).
---
## Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 51.68.107.141/32 |
| **Organization** | OVH SAS |
| **ASN** | 16276 |
| **Country** | France (FR) |
| **Risk Score** | 50 (Moderate) |
| **Network Role** | Cloud Hosting Infrastructure |
| **Service Type** | Multi-Service Host |
---
## Technical Observations
DNS & Hostnames:
- Reverse DNS: crawl-zeka2a.mj12bot.com
- Forward resolution: mj12bot.com
- No SPF or DMARC records configured
Open Services:
- TCP/80 (HTTP) - Apache/2.4.62
- TCP/22 (SSH) - OpenSSH_8.7
Web Fingerprint:
- Server: Apache/2.4.62 (Rocky Linux)
- HTTP/1.1 only
- No HSTS or CSP headers
- TTFB: 186ms
Control Plane:
- BGP Prefix: 51.68.0.0/16
- Route stability: False (route changes in last 30 days)
- DNSBL Listed: 2 of 8 total lists
---
## Neighborhood Analysis (/24: 51.68.107.0/24)
- Total Siblings: 16
- Active Siblings: 8
- Threat Siblings: 8
- Abuse Density: 0.5 (Moderate)
- Classification: Mixed
Neighbor Risk Distribution:
- Medium Risk: 8 IPs (scores 25-50)
- Low Risk: 7 IPs
- High Risk: 0 IPs
Notable neighbor risk scores include 51.68.107.137, 51.68.107.139, 51.68.107.144, 51.68.107.150, 51.68.107.151, 51.68.107.157, 51.68.107.159, and 51.68.107.161 (all scoring 50).
---
## Observation History (24 Signals)
Recent observations (June 2026) confirm:
- Cloud infrastructure classification (OVH)
- Hosting provider designation
- Apache web server persistence
- Subnet classification: Mixed with 50% abuse density
- No ownership changes detected
---
## Threat Intelligence Assessment
Current Risk Indicators:
- No known attacker reputation
- No spam source designation
- No Tor exit node association
- Zero blacklist entries
- No known malicious campaigns
Risk Factors:
- Moderate neighborhood abuse density (0.5)
- Half of /24 neighbors flagged as threats
- Route instability in BGP prefix
- No email authentication (SPF/DMARC)
Mitigating Factors:
- No direct threat indicators on this IP
- Established hosting provider infrastructure
- No evidence of malicious activity in recent history
---
## Recommendations
For SOC/Defense Teams:
1. Monitor the mj12bot.com domain and associated infrastructure for potential abuse
2. Block outbound connections to 51.68.107.141 if inbound threats observed
3. Correlate with neighbor IPs 51.68.107.137, 51.68.107.139, 51.68.107.144, 51.68.107.150, 51.68.107.151, 51.68.107.157, 51.68.107.159, and 51.68.107.161
4. Implement rate limiting on SSH (port 22) and HTTP (port 80) services if receiving traffic
5. Track BGP route changes for the 51.68.0.0/16 prefix
Priority Level: MEDIUM
Action Required: Monitoring recommended
Threat Status: No active malicious activity detected
---
*Report generated via IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH SAS |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | crawl-zeka2a.mj12bot.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | crawl-zeka2a.mj12bot.com |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.62 (Rocky Linux) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 28% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:26 UTC |
| Last Seen | 2026-06-27 07:12:21 UTC |
| Profile Built | 2026-06-28 01:18:45 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.