37.120.213.10

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 37.120.213.10/32

## Executive Summary

IP address 37.120.213.10 is classified as Low Risk (Risk Score: 25/100). This endpoint operates as a web server within the GLOBALAXS ZURICH NOC network infrastructure in Zurich, Switzerland. While the target IP presents minimal threat indicators, the /24 subnet shows elevated abuse density (0.5/1.0) with one neighboring endpoint exhibiting medium risk characteristics.

---

## Network Profile

Attribute	Value
ASN	9009 (GLOBALAXS ZURICH NOC)
Organization	GLOBALAXS ZURICH NOC
Location	Zurich, Switzerland (46.82°N, 8.23°E)
CIDR Block	37.120.213.0/24
Network Classification	Web Server
Ownership Status	Provider/Infrastructure

---

## Threat Indicators

Known Attacker: No
Tor Exit Node: No
Spam Source: No
Blacklist Status: Listed on 1 of 8 DNSBLs
Known Campaigns: None detected
Abuse Confidence Score: Not available
Risk Score: 25 (Low)

---

## Service Fingerprint

Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
TLS Certificate: Sectigo RSA Domain Validation Secure Server CA
Subject: *.jumptoserver.com
Server Banner: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
HTTP Version: 1.1
Status Code: 200

---

## Subnet Neighborhood Analysis

Metric	Value
Subnet	37.120.213.10/24
Abuse Density	0.50 (50%)
Classification	Mostly Clean
Total Siblings	2
Active Siblings	2
Threat Siblings	1

Elevated-Risk Neighbor: 37.120.213.13 (Risk Score: 55, Authority Score: 50)

---

## Historical Observation

The IP has generated 21 signal observations over the monitoring period. Recent observations indicate consistent routing, service, and reputation signals with no significant degradation in risk profile. Ownership stability shows zero changes during the observation window.

---

## Network Relationships

The IP shares network infrastructure with 19 related entities, all identified as part of the M247-LTD-Zurich network segment. This indicates centralized hosting infrastructure under the GLOBALAXS operational domain.

---

## Recommended Actions

Current risk profile does not warrant immediate blocking. Recommended approach:

Monitor the elevated-risk neighbor (37.120.213.13) separately
No firewall rules generated based on current low-risk classification
Continue baseline monitoring for service anomalies

---

## Intelligence Assessment

The target IP 37.120.213.10 represents legitimate web server infrastructure with standard hosting provider characteristics. The single DNSBL listing warrants periodic review but does not indicate active malicious behavior. Security teams should focus monitoring resources on the neighboring IP 37.120.213.13, which exhibits medium-risk characteristics within the same subnet.

Confidence Level: Medium-High (based on 21+ signal observations)

Last Updated: Current intelligence cycle

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇭 Switzerland
Region	Zurich
City	Zurich
Timezone	Europe/Zurich
Latitude	46.82
Longitude	8.23

🏢 Ownership & Registration

Organization	GLOBALAXS ZURICH NOC
ASN	AS9009
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	—
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
HTTP Title	—

🔐 TLS Certificate

🔒

CN=*.jumptoserver.com

Issued by CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB

Self-signed: No

SANs	*.jumptoserver.comjumptoserver.com
Valid From	2025-12-12T00:00:00+00:00
Valid Until	2026-12-12T23:59:59+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	00E9C2886244D3ECB371D2B6A6A66C1801
Thumbprint	D26965E58EEEF6EDF71F892EEBDACA0316C9E958

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	23%	2	2
routing	13%	1	1
services	30%	2	4
ownership	20%	2	3
reputation	19%	1	2
geolocation	35%	2	3
Overall	23%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 10:13:48 UTC
Last Seen	2026-06-26 01:00:12 UTC
Profile Built	2026-06-26 01:07:01 UTC
Data Freshness	Live
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

Metric	Value
Subnet	37.120.213.10/24
Abuse Density	0.50 (50%)
Classification	Mostly Clean
Total Siblings	2
Active Siblings	2
Threat Siblings	1

37.120.213.10📋 Copy