54.37.252.131

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 54.37.252.131

Classification: MODERATE RISK

Report Date: 2026-06-18

Intel Level: SOC-DEFENSIVE

---

## EXECUTIVE SUMMARY

IP address 54.37.252.131 is a cloud infrastructure address hosted by OVH SAS (ASN 16276) in France. The IP exhibits moderate risk characteristics with a score of 40/100. The address is associated with a /24 subnet (54.37.252.0/24) showing elevated abuse density (57.14%), with 8 of 14 sibling IPs flagged as threats. No active services were detected on the target IP, and no known malware campaigns or threat indicators were identified.

---

## OWNERSHIP & GEOLOCATION

Organization: OVH SAS (ASN 16276)
Country: France (FR)
Network Range: 54.37.0.0/16
Infrastructure Type: Cloud Compute / Hosting Provider
DNS Hostname: ns3113530.ip-54-37-252.eu
Geographic Accuracy: ±500km (multi-signal inference)

---

## THREAT ASSESSMENT

Risk Profile: MODERATE RISK (Score: 40/100)

Positive Indicators:

Not identified as Tor exit node, VPN, or residential proxy
No active open ports or services detected
No known attacker signatures in threat feeds
No blacklist matches in major reputation databases

Negative Indicators:

Listed on 1 of 8 DNSBL checks
Subnet classified as "high_abuse" with 57.14% abuse density
BGP route stability flagged as FALSE
Operator score: 0.2609 (Basic classification)
8 sibling IPs in same /24 subnet flagged as threats

Neighborhood Analysis:

The 54.37.252.0/24 subnet contains 14 sibling IPs with 10 currently active. Risk distribution shows 4 medium-risk and 9 low-risk addresses. Sibling IPs with highest risk scores:

54.37.252.130: Risk 50
54.37.252.152: Risk 50
54.37.252.118: Risk 40
54.37.252.192: Risk 40

---

## OBSERVATION HISTORY

The IP has accumulated 23 signal observations since tracking began. Recent observations (2026-06-18) confirm:

Subnet abuse density: 57.14%
Geographic location: France
Operator classification: Basic
Route changes: 0 in last 30 days

No significant threat persistence indicators observed.

---

## RELATIONSHIP GRAPH

The IP maintains 38 identified relationships including:

DNS associations with ns3113530.ip-54-37-252.eu
Network associations to SD-1G-GRA2 infrastructure

No certificate matches or correlated campaign IPs identified.

---

## RECOMMENDED ACTIONS

Based on risk profile and neighborhood analysis:

1. Monitored Traffic: Implement logging for inbound/outbound traffic to/from 54.37.252.0/24 subnet

2. Firewall Rules: Consider rate-limiting or blocking if traffic patterns indicate abuse

3. Threat Monitoring: Monitor sibling IPs 54.37.252.130 and 54.37.252.152 (highest risk scores)

4. DNSBL Verification: Confirm current DNSBL listing status via RDAP abuse contact

---

## ANALYST NOTES

The moderate risk classification reflects the IP's hosting provider status (OVH) and elevated neighborhood abuse density rather than direct malicious activity. The lack of open services and threat indicators suggests this address may be underutilized or temporarily inactive. Continued monitoring of the /24 subnet is recommended due to the 57% abuse density rate.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	—
City	New York
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	OVH SAS
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ns3113530.ip-54-37-252.eu
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ns3113530.ip-54-37-252.eu`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	3
routing	13%	1	1
services	8%	1	1
ownership	20%	2	3
reputation	28%	1	3
geolocation	21%	2	2
Overall	20%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:27 UTC
Last Seen	2026-06-27 07:49:59 UTC
Profile Built	2026-06-28 01:55:16 UTC
Data Freshness	Live
Signal Types	22
Total Observations	28

🔍 22 signal types · 28 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

54.37.252.131📋 Copy