54.37.252.36

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF INTELLIGENCE BRIEFING

## Target: 54.37.252.36/32

EXECUTIVE SUMMARY

The IP address 54.37.252.36 is a cloud compute infrastructure endpoint owned by OVH SAS, located in France. The asset carries a moderate risk score (50/100) with no active threat indicators. The IP hosts an SSH service on port 22 and resolves to hostname ns3114111.ip-54-37-252.eu. While the individual IP shows no malicious activity, its /24 subnet exhibits elevated abuse density (0.5714), indicating potential collateral risk from neighboring addresses.

---

NETWORK OWNERSHIP & GEOGRAPHY

Organization: OVH SAS
ASN: 16276
Country: France (FR)
Infrastructure Type: Cloud Compute / Hosting
BGP Prefix: 54.37.0.0/16
Route Stability: Unstable (isRouteStable: false)

THREAT ASSESSMENT

Metric	Value	Assessment
Risk Score	50	Moderate
Provider Score	0	Neutral
Authority Score	0	Neutral
Known Attacker	No	Clear
Tor Exit Node	No	Clear
Spam Source	No	Clear
Blacklist Count	0	Clean

Threat Indicators: None detected. No known campaigns, threat feeds, or abuse confidence scores associated with this IP.

NETWORK SERVICES & FINGERPRINT

Open Ports: TCP/22 (SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
DNS: ns3114111.ip-54-37-252.eu (forward resolved)
TLS Certificate: None
HTTP Content: None
Email Auth: SPF configured, DMARC absent

NEIGHBORHOOD ANALYSIS (54.37.252.0/24)

The /24 subnet shows elevated abuse characteristics requiring contextual monitoring:

Abuse Density: 0.5714 (High)
Subnet Classification: high_abuse
Total Siblings: 14
Active Siblings: 10
Threat Siblings: 8

Neighbor Risk Distribution:

High Risk (50+): 1 IP (54.37.252.231)
Medium Risk (25-49): 9 IPs
Low Risk (<25): 4 IPs

Key neighboring addresses requiring attention: 54.37.252.231 (risk 50), 54.37.252.46/59/118/119/130/152/153/229 (risk 40).

OBSERVATION HISTORY

Total Observations: 23 signals
Threat Persistence: 0 days
Recent Activity: Neighborhood classification observed 2026-06-19
Status: Not persistently malicious

RELATIONSHIP GRAPH

The IP maintains 50 recorded relationships, primarily:

DNS associations to ns3114111.ip-54-37-252.eu
Network membership: SD-1G-GRA2
No certificate or hostname correlation beyond DNS

RECOMMENDED ACTIONS

Based on risk profile (50), the following defensive measures are recommended:

Platform	Action
iptables	`iptables -A INPUT -s 54.37.252.36 -j DROP`
nftables	`nft add rule inet filter input ip saddr 54.37.252.36 drop`
nginx	`deny 54.37.252.36;`
pfSense	`54.37.252.36/32`
Cloudflare WAF	Block with expression: `ip.src eq 54.37.252.36`
AWS WAF	Add 54.37.252.36/32 to block list

Note: These recommendations are probabilistic. Correlate with additional signals before enforcement.

SOC ANALYST NOTES

1. Low Immediate Threat: The IP itself shows no active malicious behavior. Blocking may impact legitimate OVH cloud services.

2. Subnet Context: The 54.37.252.0/24 subnet shows high abuse density. Consider evaluating 54.37.252.231 (risk 50) for additional threat context.

3. Infrastructure Type: As a cloud hosting endpoint, this IP may be legitimately used for web hosting, development, or legitimate services.

4. SSH Exposure: Port 22 is open; ensure SSH traffic is not being abused for lateral movement attempts.

5. DNSBL Listings: 2 of 8 total lists flag this IP; investigate specific list contents if receiving complaints.

---

*Report generated: 2026-06-26 | Source: IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	—
City	—
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	OVH SAS
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ns3114111.ip-54-37-252.eu
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ns3114111.ip-54-37-252.eu`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	45%	2	5
routing	13%	1	1
services	12%	2	2
ownership	24%	2	3
reputation	31%	1	3
geolocation	23%	2	2
Overall	25%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 16:14:41 UTC
Last Seen	2026-06-27 18:05:51 UTC
Profile Built	2026-06-28 12:10:21 UTC
Data Freshness	Live
Signal Types	21
Total Observations	28

🔍 21 signal types · 28 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

54.37.252.36📋 Copy