185.191.204.254
IP Intelligence Briefing: 185.191.204.254
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: 55 (Moderate Risk)
- Network Role: Tor Exit Node (classified as "Firewalled / No Services")
- Ownership:
- ASN: 35758 (HQSERV_NETWORKS)
- Organization: David Rozanski (Israel)
- Geolocation:
- Country: Israel (IL)
- Coordinates: 31.05° N, 34.85° E (Jerusalem time zone)
- Threat Indicators:
- No malicious activity detected (no indicators, blacklist entries, or campaigns).
- DNSSEC validation: Enabled.
- BGP Analysis: Route stability flagged as "unstable" (likely due to Tor exit node characteristics).
---
**2. Observation History**
- Recent Activity (2026-06-09):
- Minimal risk score (0.13) with low confidence (0.21).
- Tor exit node classification confirmed.
- No significant changes in geolocation or DNS signals.
- Historical Trends:
- No persistent malicious behavior or long-term threats observed.
---
**3. Relationships**
- Network Links:
- Directly tied to HQSERV_NETWORKS (ASN 35758).
- No external subnets, hostnames, or certificates linked.
- Behavioral Context:
- Classified as a Tor exit node, which may mask malicious activity.
---
**4. Neighborhood Analysis**
- Subnet: 185.191.204.0/24
- Neighbor Count: 0 active IPs (no sibling IPs detected).
- Abuse Density: 0% (clean subnet).
---
**5. Recommendations**
- Monitoring: Track traffic originating from this Tor exit node, as Tor networks are often used for obfuscation.
- Firewall Rules: Consider blocking Tor exit node traffic unless explicitly required.
- Contextual Awareness: The IPโs low risk score and clean subnet suggest it may be a benign Tor node, but its role as an exit point warrants scrutiny for potential misuse.
---
Source: IPDebrief Intelligence Platform
Note: This IP is flagged as a Tor exit node, which inherently increases anonymity but does not confirm malicious intent. Further investigation into traffic patterns is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | David rozanski |
| ASN | AS35758 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:39 UTC |
| Last Seen | 2026-06-26 21:06:48 UTC |
| Profile Built | 2026-06-27 10:37:24 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 47 |
Full dossier details are available via our API.