195.154.200.208

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 195.154.200.208/32

## Executive Summary

IP 195.154.200.208 is a low-risk cloud-hosted web server operated by SCALEWAY (ASN 12876) infrastructure in Paris, France. The IP presents minimal threat indicators with a risk score of 25 and no active blacklist listings. Standard web services (HTTP, HTTPS, SSH) are exposed with nginx web server.

## Infrastructure Profile

Attribute	Value
Organization	SCALEWAY (ASN 12876)
Geolocation	Paris, Île-de-France, France
Risk Score	25 (Low Risk)
Infrastructure Type	Cloud Compute (Scaleway hosting)
Network Classification	Web Server

## Network Services

Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
Web Server: nginx
TLS Certificate: Issued by "XC_VM" (Moscow, Russia) — self-signed certificate with subject CN=XC_VM

## DNS & Resolution

PTR Record: 195-154-200-208.rev.poneytelecom.eu
Forward Resolution: Confirmed
Email Authentication: No SPF or DMARC records configured
DNSSEC: Valid

## Threat Indicators

Blacklist Status: 0/8 lists (clean)
Known Campaigns: None detected
Tor/Proxy/VPN: Not identified
Abuse Confidence: Low
DNSBL Listings: 1 out of 8 total lists

## Neighborhood Analysis

Subnet: 195.154.200.208/24
Abuse Density: 0 (clean subnet)
Classification: Mostly clean
Risk Distribution: No high or medium risk neighbors detected

## Historical Observations

23 observations recorded over the monitoring period:

Infrastructure consistently classified as cloud/hosting
Geographic validation consistent (Paris location with plausible RTT: avg 108ms)
HTTP server fingerprint (nginx) confirmed with status code 200
No ownership changes detected

## Relationships

Multiple DNS associations to PTR hostname: 195-154-200-208.rev.poneytelecom.eu
SCALEWAY network associations confirmed

## Recommended Actions

No immediate firewall or blocking actions recommended. The IP presents minimal threat indicators and operates within a clean subnet environment. Standard monitoring practices apply.

Classification: LOW RISK — Cloud-hosted web server with standard exposure. No active threat indicators.

---

*Report generated: IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	Île-de-France
City	Paris
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.35

🏢 Ownership & Registration

Organization	SCALEWAY
ASN	AS12876
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	195-154-200-208.rev.poneytelecom.eu
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`195-154-200-208.rev.poneytelecom.eu`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=XC_VM, OU=XC_VM, O=XC_VM, L=Moscow, S=Moscow, C=RU

Issued by CN=XC_VM, OU=XC_VM, O=XC_VM, L=Moscow, S=Moscow, C=RU

Self-signed: Yes

SANs	XC_VM
Valid From	2025-10-27T18:38:43+00:00
Valid Until	2035-10-25T18:38:43+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	3DC7C9385CDE567479D19E69993B85B971AC396B
Thumbprint	C653FE301C57A48E760F5025C12B50A00271C8F8

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	28%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	37%	2	3
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: FR, RU
⚠ TLS certificate claims RU but primary geo says FR

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 23:18:22 UTC
Last Seen	2026-06-27 14:26:56 UTC
Profile Built	2026-06-28 08:33:22 UTC
Data Freshness	Live
Signal Types	24
Total Observations	28

🔍 24 signal types · 28 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

195.154.200.208📋 Copy