190.211.254.185
IP Intelligence Briefing: 190.211.254.185
Date: 2026-06-10
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 40)
- Ownership: Registered to PRIVATE LAYER INC (ASN 51852, LACNIC).
- Geolocation: London, England, United Kingdom (GB).
- Network Role: Identified as a Tor Exit Node, with no active services or open ports detected.
---
**2. Threat Indicators**
- No Malicious Activity: No indicators of spam, attacks, or known malicious campaigns.
- DNS Associations: Linked to `hostedby.privatelayer.com` (SPF/DMARC configured).
- Routing: BGP prefix `190.211.252.0/22` with ASN 51852. Route stability flagged as unstable.
---
**3. Historical Observations**
- Recent Activity: 17 observations over 30 days, showing minimal risk signals.
- Key Trends:
- DNSSEC validation and route stability flagged as "minimal risk."
- Traceroute reveals transit through Comcast and Cogent networks.
- No persistent malicious behavior or ownership changes.
---
**4. Network Relationships**
- Subnet: Part of `190.211.252.0/22` (2048 IPs), classified as clean with low abuse density.
- Neighbors:
- 190.211.254.97 (Risk Score: 25, Authority Score: 50).
- Subnet abuse density: 0%.
- DNS: Resolves to `hostedby.privatelayer.com` (no additional domain associations).
---
**5. Actionable Insights**
- Monitor Tor Exit Node: While not inherently malicious, Tor exit nodes can be used for covert traffic. Monitor for unusual traffic patterns.
- Verify DNS Configuration: Ensure SPF/DMArc alignment with domain reputation.
- Investigate Neighbor Risk: The subnetβs low abuse density contrasts with the single neighborβs moderate risk score.
---
Conclusion:
190.211.254.185 appears to be a low-risk Tor exit node with no direct malicious indicators. However, its association with a private layer service and the presence of a moderately risky neighbor warrant further monitoring. SOC teams should focus on traffic anomalies and verify DNS configurations for potential spoofing risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | PRIVATE LAYER INC |
| ASN | AS51852 |
| Network Name | β |
| CIDR Block | β |
| RIR | LACNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | hostedby.privatelayer.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | hostedby.privatelayer.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 17% | 8 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:42 UTC |
| Last Seen | 2026-06-09 22:56:30 UTC |
| Profile Built | 2026-06-09 23:31:32 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.