54.37.74.179
# INTELLIGENCE BRIEFING: 54.37.74.179/32
Date: Current
Classification: Moderate Risk Cloud Infrastructure Asset
Report Type: Defensive Threat Intelligence
---
## EXECUTIVE SUMMARY
IP 54.37.74.179 is a cloud-hosted VPS infrastructure endpoint operated by OVH GmbH (OVH-CLOUD-LIM) in Saarbrücken, Germany. The IP maintains a moderate risk score of 65 with no active threat campaigns currently observed. Historical data indicates intermittent proxy/VPN classification flags, though current threat activity is minimal. No malicious neighbors detected in immediate /24 subnet.
---
## INFRASTRUCTURE PROFILE
Ownership & Network:
- Organization: OVH GmbH
- Network: OVH-CLOUD-LIM (54.37.72.0/21)
- ASN: AS16276 (OVH)
- Location: Saarbrücken, Saarland, Germany (48.86°N, 6.6°E)
- Registration: ARIN
Network Role:
- Infrastructure Type: CloudCompute
- Classification: Cloud Hosting
- Connection Type: Hosted Infrastructure
Services:
- Port 80/TCP: HTTP (nginx/1.26.3 Ubuntu)
- Port 443/TCP: HTTPS (nginx/1.26.3 Ubuntu)
- Port 22/TCP: SSH (OpenSSH_9.9p1 Ubuntu-3ubuntu3.2)
DNS Configuration:
- PTR Hostname: vps-928bc5d2.vps.ovh.net
- Forward Resolution: Confirmed (1 hostname)
- SSL Certificate: Let's Encrypt (platin-agency.com)
- SPF: Present; DMARC: Absent
---
## THREAT INTELLIGENCE
Current Threat Status:
- Risk Score: 65 (Moderate)
- Abuse Confidence Score: Not Available
- Known Campaigns: None
- Threat Indicators: Empty
- Blacklist Count: 0 active blocks
- DNSBL Status: Listed on 3 of 8 available lists
Historical Signals (Last 25 Observations):
- Recent HTTP/HTTPS fingerprinting confirms nginx/1.26.3 Ubuntu deployment
- RTT measurements indicate geographic distance ~500km from claimed location
- Historical proxy detection flags from proxycheck-io (2026-06-21) classified as VPN proxy
- Risk scores historically fluctuated between 0-66, trending toward moderate levels
- No persistent malicious activity detected
---
## RELATIONSHIP ANALYSIS
Identified Relationships (58 total):
- Primary DNS Association: vps-928bc5d2.vps.ovh.net (repeated)
- Network Association: OVH-CLOUD-LIM subnet
- No certificate authority matches
- No correlated IPs in threat campaigns
SSL Certificate:
- Issuer: CN=E7, O=Let's Encrypt, C=US
- Subject: CN=platin-agency.com
- SANs: platin-agency.com, www.platin-agency.com
- Self-Signed: No
---
## SUBNET ANALYSIS
Neighborhood: 54.37.74.179/24
- Abuse Density: 0 (Clean)
- Threat Siblings: 0
- Active Siblings: 1
- High-Risk Neighbors: 0
- Classification: Clean Subnet
---
## RECOMMENDED ACTIONS
Immediate:
1. Monitor SSH port 22 exposure for brute-force attempts
2. Review DMARC policy absence for platin-agency.com domain
3. Track DNSBL listing status on remaining 5 lists
Firewall Rules (Recommended):
- Allow traffic to ports 80/443 from trusted sources
- Rate-limit SSH (port 22) access
- Block known malicious IPs attempting connection
Long-term:
- Implement DMARC records for hosted domains
- Consider SSH key-based authentication over password
- Monitor for changes in certificate issuance patterns
---
## CONCLUSION
IP 54.37.74.179 represents standard cloud hosting infrastructure with moderate risk characteristics. No active threat indicators warrant immediate blocking. The IP maintains legitimate web hosting services with proper SSL configuration but lacks DMARC protection. Historical proxy classifications suggest possible VPN/forwarding use cases but current threat activity is minimal. Continue standard monitoring practices for cloud VPS endpoints in the OVH ecosystem.
Risk Rating: MODERATE
Action Required: MONITOR
---
*Generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH GmbH |
| ASN | AS16276 |
| Network Name | OVH-CLOUD-LIM |
| CIDR Block | 54.37.72.0/21 |
| RIR | ARIN |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-928bc5d2.vps.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-928bc5d2.vps.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.26.3 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.2 |
๐ TLS Certificate
| SANs | platin-agency.comwww.platin-agency.com |
| Valid From | 2026-05-10T18:58:05+00:00 |
| Valid Until | 2026-08-08T18:58:04+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06D9CBDB23D47D08DD062EF0E2C195E3C28B |
| Thumbprint | FC82AE1DBF3BD38B2EA808D57BD5C8BF3742B5DF |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-27 07:17:55 UTC |
| Last Seen | 2026-06-29 04:09:40 UTC |
| Profile Built | 2026-06-29 04:16:56 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 27 |
Full dossier details are available via our API.