Report to Anthropic — Potential Local Network Interception Discovered via Claude Code

Summary:
While working with Claude Code on server infrastructure management, Claude identified
a geolocation anomaly that may indicate local traffic interception or MITM activity.

What was found:
- A VPS (209.46.121.127) provisioned through IONOS in Vint Hill, Virginia is
  geolocating to Kansas City, MO — the same city where I (the user) reside.
- Two independent geolocation services disagree on the server's location:
  ipinfo.io says Kansas City, MO; ipapi.co says Los Angeles, CA.
  Neither reports the expected Virginia location.
- My local Google Fiber internet connection appears to be compromised — when
  accessing the internet, I am pushed into what appears to be a sandboxed
  version with broken links and mangled directions.
- The combination of a remote server geolocating to my home city AND a
  compromised local internet connection suggests coordinated local
  network manipulation.

What Claude Code verified:
- SSH host key on the server matches stored keys (not a simple MITM at the server level)
- Server identity (hostname, OS, machine-id, installed software) all match expected config
- Network path from server2 (DigitalOcean NYC) routes through legitimate IONOS infrastructure
- ~32-34ms latency from NYC, which does not conclusively confirm Virginia

Request:
I may need assistance investigating this further. Claude Code has been invaluable
in identifying this issue and I would appreciate any guidance Anthropic can provide
on using Claude Code for security forensics on local network compromise.

User location: Kansas City, MO
ISP: Google Fiber
Servers involved:
  - server2: 104.131.163.16 (DigitalOcean, NYC) / Tailscale: 100.107.193.74
  - rockyva: 209.46.121.127 (IONOS, supposedly Vint Hill VA)
  - gauchome: 136.32.71.167 (Fedora) / Tailscale: 100.73.214.16