# IP Intelligence Briefing: 37.120.213.10/32
## Executive Summary
IP address 37.120.213.10 is classified as Low Risk (Risk Score: 25/100). This endpoint operates as a web server within the GLOBALAXS ZURICH NOC network infrastructure in Zurich, Switzerland. While the target IP presents minimal threat indicators, the /24 subnet shows elevated abuse density (0.5/1.0) with one neighboring endpoint exhibiting medium risk characteristics.
---
## Network Profile
| Attribute | Value |
|---|---|
| **ASN** | 9009 (GLOBALAXS ZURICH NOC) |
| **Organization** | GLOBALAXS ZURICH NOC |
| **Location** | Zurich, Switzerland (46.82°N, 8.23°E) |
| **CIDR Block** | 37.120.213.0/24 |
| **Network Classification** | Web Server |
| **Ownership Status** | Provider/Infrastructure |
---
## Threat Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Status: Listed on 1 of 8 DNSBLs
- Known Campaigns: None detected
- Abuse Confidence Score: Not available
- Risk Score: 25 (Low)
---
## Service Fingerprint
- Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
- TLS Certificate: Sectigo RSA Domain Validation Secure Server CA
- Subject: *.jumptoserver.com
- Server Banner: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
- HTTP Version: 1.1
- Status Code: 200
---
## Subnet Neighborhood Analysis
| Metric | Value |
|---|---|
| **Subnet** | 37.120.213.10/24 |
| **Abuse Density** | 0.50 (50%) |
| **Classification** | Mostly Clean |
| **Total Siblings** | 2 |
| **Active Siblings** | 2 |
| **Threat Siblings** | 1 |
Elevated-Risk Neighbor: 37.120.213.13 (Risk Score: 55, Authority Score: 50)
---
## Historical Observation
The IP has generated 21 signal observations over the monitoring period. Recent observations indicate consistent routing, service, and reputation signals with no significant degradation in risk profile. Ownership stability shows zero changes during the observation window.
---
## Network Relationships
The IP shares network infrastructure with 19 related entities, all identified as part of the M247-LTD-Zurich network segment. This indicates centralized hosting infrastructure under the GLOBALAXS operational domain.
---
## Recommended Actions
Current risk profile does not warrant immediate blocking. Recommended approach:
- Monitor the elevated-risk neighbor (37.120.213.13) separately
- No firewall rules generated based on current low-risk classification
- Continue baseline monitoring for service anomalies
---
## Intelligence Assessment
The target IP 37.120.213.10 represents legitimate web server infrastructure with standard hosting provider characteristics. The single DNSBL listing warrants periodic review but does not indicate active malicious behavior. Security teams should focus monitoring resources on the neighboring IP 37.120.213.13, which exhibits medium-risk characteristics within the same subnet.
Confidence Level: Medium-High (based on 21+ signal observations)
Last Updated: Current intelligence cycle
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | GLOBALAXS ZURICH NOC |
| ASN | AS9009 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | *.jumptoserver.comjumptoserver.com |
| Valid From | 2025-12-12T00:00:00+00:00 |
| Valid Until | 2026-12-12T23:59:59+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 00E9C2886244D3ECB371D2B6A6A66C1801 |
| Thumbprint | D26965E58EEEF6EDF71F892EEBDACA0316C9E958 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 23% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 19% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 10:13:48 UTC |
| Last Seen | 2026-06-26 01:00:12 UTC |
| Profile Built | 2026-06-26 01:07:01 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 20 |
Full dossier details are available via our API.