51.68.111.218
IP Intelligence Briefing: 51.68.111.218
Date: June 7, 2026
---
**1. Risk Profile**
- Overall Risk: Low (Risk Score: 25)
- Provider: OVH SAS (ASN: 16276)
- Geolocation: France (FR), latitude 46.23, longitude 2.21
- Network Role: CloudCompute infrastructure (OVH-hosted, no residential/mobile signals)
- Threat Indicators: No active malicious indicators (no malware, spam, or known attacker associations).
---
**2. Observation History**
- Recent Activity:
- Detected as a cloud compute instance (OVH) with no open ports or TLS services.
- DNSSEC validation confirmed, but no certificate or HTTP services observed.
- Historical data shows consistent low-risk behavior with no persistent threats.
- Key Signals:
- BGP prefix: `51.68.0.0/16` (OVH-controlled).
- DNS association with `crawl-8opytm.mj12bot.com` (potentially botnet/crawler activity).
---
**3. Relationships & Dependencies**
- DNS Associations:
- Linked to `crawl-8opytm.mj12bot.com` (hostname) via PTR records.
- No email authentication (SPF/DKIM) detected for associated domains.
- Network Connections:
- Part of OVH's `51.68.111.218/24` subnet.
- No direct connections to known malicious subnets or CDNs.
---
**4. Neighborhood Analysis**
- Subnet: `51.68.111.218/24` (OVH-owned).
- Neighbor Risk:
- 19 IPs with medium risk (score: 40โ50), 4 low-risk (score: 25).
- Abuse density: 37.5% (mixed risk profile).
- Notable Neighbors:
- IPs with risk scores up to 50 (e.g., `51.68.111.199`, `51.68.111.202`).
- No high-risk IPs identified in the subnet.
---
**5. Actionable Insights**
- Monitor:
- Track DNS activity for `crawl-8opytm.mj12bot.com` for signs of botnet or scraping behavior.
- Watch neighboring IPs (especially those with medium risk) for unusual traffic patterns.
- Mitigation:
- No immediate firewall rules required due to low risk.
- Consider implementing DNS filtering for `mj12bot.com` if botnet activity is confirmed.
---
Summary: 51.68.111.218 is a low-risk OVH-hosted cloud instance with no direct malicious indicators. However, its DNS association with `mj12bot.com` and the presence of medium-risk neighbors warrant further monitoring. No immediate defensive action is required, but continued observation is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH SAS |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | crawl-8opytm.mj12bot.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | crawl-8opytm.mj12bot.com |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.62 (Rocky Linux) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:27 UTC |
| Last Seen | 2026-06-27 07:15:12 UTC |
| Profile Built | 2026-06-28 01:21:02 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.