IP Intelligence Briefing: 178.79.173.199
Date: 2026-06-05
---
**1. Profile Summary**
- Risk Score: 40 (Moderate Risk)
- Provider: Linode (ASN 63949)
- Geolocation: London, England, UK (cloud-hosted)
- Network Role: Cloud Compute (Linode Infrastructure)
- Services:
- Open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- TLS Certificate: Issued to `api.mindup.co.za` (Letβs Encrypt), valid for HTTPS.
- Server Banner: `Apache/2.4.58 (Ubuntu)`
- Threat Indicators: No known malicious activity, spam, or attacker campaigns.
---
**2. Observation History**
- Latest Scan (2026-06-05):
- HTTP 401 Unauthorized responses detected.
- TLS 1.3 with cipher `TLS_AES_256_GCM_SHA384`.
- SSH banner: `SSH-2.0-OpenSSH_9.6p1`.
- No active scans or DNS anomalies.
- Temporal Trends: Single observation recorded; no persistent threats or ownership changes.
---
**3. Relationships & Network Context**
- DNS Associations:
- `178-79-173-199.ip.linodeusercontent.com` (Linode-managed hostname).
- Network Subnet:
- Subnet `178.79.173.199/24` (abuse density: 0, classified as "mostly clean").
- Connected Entities:
- Linked to Linodeβs `LINODE-UK` network (cloud provider infrastructure).
---
**4. Neighborhood Analysis**
- Subnet Neighbors: No active sibling IPs detected in the `/24` range.
- Abuse Density: 0% (low risk of subnet-wide compromise).
---
**5. Key Findings & Recommendations**
- Potential Misconfiguration: The TLS certificate (`api.mindup.co.za`) is registered to a South African domain, while the IP is hosted in the UK. Verify if this is intentional or indicative of misconfigured SSL/TLS settings.
- Unauthorized Access: The HTTP 401 responses suggest potential unauthorized access attempts. Monitor for further suspicious activity.
- No Immediate Threats: No malicious campaigns, spam, or known attacker activity detected.
- Actionable Steps:
- Validate the TLS certificateβs validity and ensure it aligns with the serverβs operational context.
- Monitor SSH and HTTP logs for unauthorized access attempts.
- Confirm Linodeβs security practices for cloud instances.
Conclusion: This IP appears to be a legitimate cloud-hosted server with no immediate malicious activity. However, the mismatched TLS certificate and HTTP 401 responses warrant further investigation to rule out misconfigurations or potential attack vectors.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode Abuse Support |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | 178.79.128.0/18 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 178-79-173-199.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 178-79-173-199.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.4.58 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.5 |
π TLS Certificate
| SANs | api.mindup.co.zaapps.mindup.co.za |
| Valid From | 2026-04-24T21:28:00+00:00 |
| Valid Until | 2026-07-23T21:27:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0691B3F51ED0CD2FF1C972C864A2552CFBF0 |
| Thumbprint | 77431EF3F96263DF8C6B1A6CDF977BFEBA81DA50 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 35% | 2 | 3 |
| services | 28% | 2 | 3 |
| ownership | 28% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 28% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 04:11:38 UTC |
| Last Seen | 2026-06-27 16:59:00 UTC |
| Profile Built | 2026-06-28 17:03:57 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.