192.46.221.91

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 192.46.221.91

Date: 2026-06-10

---

1. Core Profile

Risk Assessment:

- Reputation: Low Risk (riskScore: 0, providerScore: 0).

- Ownership: Owned by Linode (ASN 63949).

- Geolocation: Registered to the U.S., but city/region fields are blank (potential data gap).

- Network Role: Hosting server (Linode infrastructure).

Services & TLS:

- Open ports: HTTP (80), HTTPS (443), SSH (22).

- TLS certificate:

- Issuer: Let’s Encrypt (CN=R13).

- Subject: autoconfig.server.workfloweasy.ca (SAN includes 6 domains).

- Self-signed: No.

- HTTP server banner: Nginx.

---

2. Threat & Anomalies

Threat Indicators:

- No malicious indicators, blacklists, or campaigns linked.

- No Tor exit node, no spam source, no known attacker.

Historical Observations (30d):

- Stable ownership (no recent changes).

- Subnet abuse density: 0 (clean).

- No persistent malicious activity detected.

---

3. Network Relationships

DNS Associations:

- Resolves to `192-46-221-91.ip.linodeusercontent.com` (Linode CDN).

- Hosted domains: None (no email auth records).

Network Peers:

- Linked to subnet US-LINODE-19881220 (BGP prefix: 192.46.220.0/23).

- No neighboring IPs detected in /24 subnet (neighbors tool returned empty).

---

4. Actionable Insights

Monitoring Recommendations:

- Track TLS certificate validity (subject/san fields require verification).

- Monitor Linode infrastructure for unexpected port activity (e.g., SSH brute force).

- Validate geolocation data (missing city/region may indicate incomplete records).

SOC Workflow:

- No immediate mitigation required; low-risk IP with no malicious signals.

- Consider cross-referencing with Linode’s abuse reports for further validation.

---

Tools Used: IPDebrief Profile, History, Relationships, Neighbors.

Final Note: IP appears legitimate, hosted by a reputable cloud provider with no threat indicators. No action required unless new activity emerges.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NSW
City	Sydney
Timezone	—
Latitude	-33.87
Longitude	151.20

🏢 Ownership & Registration

Organization	linode-mnt
ASN	AS63949
Network Name	—
CIDR Block	192.46.220.0/23
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	192-46-221-91.ip.linodeusercontent.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`192-46-221-91.ip.linodeusercontent.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	1/2 domains
DMARC	1/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.7
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.7

🔐 TLS Certificate

🔒

CN=autoconfig.server.workfloweasy.ca

Issued by CN=R13, O=Let's Encrypt, C=US

Self-signed: No

SANs	autoconfig.server.workfloweasy.caautodiscover.server.workfloweasy.cacpanel.server.workfloweasy.cacpcalendars.server.workfloweasy.cacpcontacts.server.workfloweasy.caipv6.server.workfloweasy.camail.server.workfloweasy.caserver.workfloweasy.cawebdisk.server.workfloweasy.cawebmail.server.workfloweasy.ca
Valid From	2026-04-24T15:24:00+00:00
Valid Until	2026-07-23T15:23:59+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	05B976D382D68D61EAA734D90313F1757E1A
Thumbprint	BB7DAAAC04994C796F1225F2A1C25DD365463977

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	27%	2	3
services	27%	2	3
ownership	37%	3	6
reputation	26%	1	3
geolocation	33%	2	3
Overall	29%	12	22

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-23 18:29:29 UTC
Last Seen	2026-06-28 22:39:51 UTC
Profile Built	2026-06-29 04:43:04 UTC
Data Freshness	Live
Signal Types	26
Total Observations	30

🔍 26 signal types · 30 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

192.46.221.91📋 Copy

**1. Core Profile**

**2. Threat & Anomalies**

**3. Network Relationships**

**4. Actionable Insights**