195.154.170.135

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 195.154.170.135

*Last Updated: 2026-06-08*

---

1. Core Profile

Risk Score: Moderate (59/100)
Ownership: Owned by Scaleway (AS12876), based in France (Paris).
Geolocation: Paris, France (FR).
Network Role: Tor exit node, classified as a Web Server with HTTP/HTTPS services.
Threat Indicators:

- Tor exit node (confirmed).

- DNS associations with `notorture.deuza.bzh` (mixed reputation).

- Moderate operator risk score (0.52).

---

2. Threat Observations

Tor Exit Node: This IP is actively used as a Tor exit node, which may be associated with anonymity services or malicious traffic.
DNS Activity:

- PTR hostname: `notorture.deuza.bzh` (linked to mixed reputation).

- DNSSEC and CAA records present but not fully validated.

Services:

- Open ports: 80 (HTTP), 443 (HTTPS).

- TLS certificate issued by Let’s Encrypt, valid for `notorture.deuza.bzh`.

- Server banner: Apache.

---

3. Temporal Trends

Observation History:

- Recent signals (June 7–8, 2026) show consistent moderate risk.

- No significant changes in threat indicators or network behavior.

Stability:

- BGP route stability: Stable (no recent route changes).

- Geolocation consistency: Paris, France (500m radius).

---

4. Network Relationships

Linked Entities:

- DNS: `notorture.deuza.bzh` (mixed reputation).

- Network: Scaleway (AS12876).

- Subnet: 195.154.170.0/24 (no neighboring IPs reported).

Risk Correlation:

- No direct links to known malicious campaigns or blacklists.

---

5. Recommendations

Monitoring:

- Track traffic originating from this Tor exit node, as it may be used for covert communication or data exfiltration.

- Monitor DNS queries to `notorture.deuza.bzh` for suspicious activity.

Firewall Rules:

- Consider blocking Tor exit nodes in your network unless explicitly required.

- Apply rules to restrict HTTP/HTTPS traffic from this IP unless authorized.

Investigation:

- Validate the legitimacy of `notorture.deuza.bzh` and its associated services.

---

Next Steps:

Cross-reference `notorture.deuza.bzh` with threat intelligence feeds.
Review historical data for anomalies in Tor exit node behavior.

*Generated by IPDebrief intelligence analysis.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	Île-de-France
City	Paris
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.35

🏢 Ownership & Registration

Organization	SCALEWAY
ASN	AS12876
Network Name	—
CIDR Block	195.154.0.0/16
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	notorture.deuza.bzh
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`notorture.deuza.bzh`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

Tor

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Apache
HTTP Title	—

🔐 TLS Certificate

🔒

CN=notorture.deuza.bzh

Issued by CN=E8, O=Let's Encrypt, C=US

Self-signed: No

SANs	notorture.deuza.bzh
Valid From	2026-05-23T06:42:38+00:00
Valid Until	2026-08-21T06:42:37+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	05608BDC4B4E041044085E9B982F21B5FF07
Thumbprint	C06F976701236C0BC261D44B8E30A55B0CED924D

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	4
routing	20%	2	3
services	27%	2	3
ownership	32%	3	9
reputation	29%	1	3
geolocation	34%	2	3
Overall	29%	12	25

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (85%) — 1 contradiction(s)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ High authority score (70) but appears on threat lists (risk 49)

📅 Observation Timeline 🔄 Live

First Seen	2026-05-23 06:35:38 UTC
Last Seen	2026-06-28 20:45:48 UTC
Profile Built	2026-06-29 02:48:48 UTC
Data Freshness	Live
Signal Types	32
Total Observations	49

🔍 32 signal types · 49 observations collected

This report is generated from 32+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

195.154.170.135📋 Copy

**1. Core Profile**

**2. Threat Observations**

**3. Temporal Trends**

**4. Network Relationships**

**5. Recommendations**