37.187.5.192
IP Intelligence Briefing: 37.187.5.192
Date: 2026-06-15
---
**1. Risk Profile**
- Risk Score: 59 (Moderate Risk)
- Threat Indicators:
- Identified as a Tor exit node (high-risk association).
- Listed in 2 threat feeds (blacklist count: 1).
- Network Role: Tor Exit Node (provider: Octave Klaba).
- Geolocation: France (FR), plausible geolocation with 500km accuracy radius.
---
**2. Ownership & Infrastructure**
- ASN: 16276 (Octave Klaba).
- Network Type: Tor Exit Node (BGP prefix: `37.187.0.0/16`, AS path: `34549 16276`).
- Services:
- Open ports: HTTP (80), HTTPS (443).
- Server banner: nginx.
- TLS certificate: Self-signed, issuer `www.xjnd7zjtyeeg6g6qz7.com`.
---
**3. Threat Observations (Last 30 Days)**
- Active Signals:
- 2 threat feed listings (high/medium severity).
- DNS validation confirmed (DNSSEC valid, 5 probes).
- Stability:
- Route stability: Stable (no recent changes).
- Operator score: 0.4783 (Basic risk label).
---
**4. Relationships & Neighbors**
- Linked Entities:
- DNS hostname: `ns3126614.ip-37-187-5.eu` (OVH network).
- Subnet: `37.187.5.192/24` (abuse density: 0, no malicious neighbors).
- Network Context:
- No active siblings in subnet (neighbor count: 0).
---
**5. Recommendations**
1. Monitor Traffic:
- Block or monitor traffic originating from this Tor exit node, as it may be used for covert activities.
2. Inspect Services:
- Investigate the open HTTP/HTTPS services (nginx) for potential misuse.
3. Threat Feed Checks:
- Verify the IP against updated threat intelligence sources (2 listings identified).
---
Conclusion:
This IP is a Tor exit node with moderate risk, linked to OVH infrastructure. While geolocation and DNS validation are plausible, its Tor association and threat feed listings warrant closer monitoring. No immediate action is required unless traffic patterns align with malicious behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Octave Klaba |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 37.187.0.0/16 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ns3126614.ip-37-187-5.eu |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ns3126614.ip-37-187-5.eu |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-03-13T00:00:00+00:00 |
| Valid Until | 2026-09-30T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 201 days |
| Serial Number | 6206E76DF2360D0E |
| Thumbprint | 523F0F3AD635DC9809C002722E4E8297F99F3950 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 5 |
| routing | 20% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 19% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 28% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:37 UTC |
| Last Seen | 2026-06-28 19:09:39 UTC |
| Profile Built | 2026-06-29 07:14:44 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 51 |
Full dossier details are available via our API.