167.114.98.48
# IP INTELLIGENCE BRIEFING: 167.114.98.48/32
Classification: Moderate Risk (Score: 50/100) | Report Date: 2026-06-19
Analyst: IPDebrief Intelligence Division
---
## EXECUTIVE SUMMARY
The target IP address 167.114.98.48 is an OVH-hosted cloud compute instance located in Montreal, Canada. While the IP maintains a moderate risk profile, intelligence indicates geolocation inconsistencies and blacklist associations requiring further scrutiny. The IP is not classified as a known attacker, spam source, or Tor exit node, but operational anomalies warrant monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
- Provider: OVH Hosting, Inc. (ASN: 16276)
- Infrastructure Type: Cloud Compute (Hosting)
- Geolocation: Montreal, Quebec, Canada (CA)
- Network Block: 167.114.0.0/17
- BGP Prefix: 167.114.0.0/17
- Control Plane: Route stability flagged as false; DNSSEC validated
---
## DNS & HOSTNAMES
- PTR Record: vps-c843f486.vps.ovh.ca
- Forward Resolution: Confirmed to ovh.ca domain
- Email Authentication: SPF record present (v=spf1 mx a:mail.winkchamber.net ~all); DMARC configured with p=reject policy
---
## SERVICE FINGERPRINT
- Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
- SSH Banner: SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.2
- Web Server: nginx/1.26.3 (Ubuntu)
- TLS Certificate: Issued by Let's Encrypt (CN=E7, O=Let's Encrypt, C=US)
- Certificate Subject: CN=mail.winkchamber.net
- SANs: mail.winkchamber.net
---
## THREAT INDICATORS
- Blacklist Status: Listed on 2 of 8 DNSBLs
- Campaign Matching: None detected
- Known Campaigns: None
- Threat Feeds: Empty
- Abuse Confidence Score: Not available
---
## GEOLOCATION VALIDATION WARNING โ ๏ธ
Critical geolocation implausibility detected during observation:
- Claimed Location: Montreal, QC, Canada
- Observed RTT: 26ms (minimum measured)
- Calculated Distance: 5,597.4 km
- Minimum Possible RTT: 112ms for claimed distance
- Status: VIOLATION โ Observed RTT is below physical minimum for claimed distance
- Implication: Potential geolocation spoofing or misconfiguration
---
## OBSERVATION HISTORY (27 Total Signals)
Recent observations indicate:
- 2026-06-19: Blacklist listings with "high" severity; SPF/DMARC records confirmed for winkchamber.net and ovh.ca
- 2026-06-14: Geolocation implausibility flagged with RTT violation (26ms vs 111.9ms minimum)
- Provider Attribution: Consistently identified as OVH hosting infrastructure
---
## NETWORK RELATIONSHIPS
- DNS Associations: vps-c843f486.vps.ovh.ca (multiple records)
- Network Affiliations: OVH-ARIN-8
- Related Entities: 52 relationships identified (DNS, network, hostname associations)
---
## SUBNET ANALYSIS (167.114.98.0/24)
- Abuse Density: Low (1)
- Classification: Mostly clean
- Inherited Risk Score: 2
- Total Subnet Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Risk Distribution: No high/medium/low risk neighbors detected
---
## RECOMMENDED ACTIONS
Based on risk profile and operational anomalies:
1. Monitor Geolocation Claims: The RTT violation indicates potential spoofing. Consider blocking or flagging traffic from this IP if legitimate geolocation is expected.
2. Review DNSBL Listings: Investigate the 2 DNSBL listings for specific reasons and potential false positives.
3. Certificate Monitoring: The TLS certificate (mail.winkchamber.net) should be monitored for certificate transparency violations or domain reputation changes.
4. SSH Access: Port 22 is open with Ubuntu SSH. Verify this is expected for the service purpose.
5. Provider Context: As an OVH cloud instance, traffic patterns should be evaluated against typical hosting behavior.
6. Correlation Analysis: Monitor for additional IPs in the 167.114.98.0/24 subnet or related hostnames (vps-c843f486.vps.ovh.ca) exhibiting similar behavior.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Hosting, Inc. |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-c843f486.vps.ovh.ca |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-c843f486.vps.ovh.ca |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 2/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | nginx/1.26.3 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 15:46:57 UTC |
| Last Seen | 2026-06-27 21:35:27 UTC |
| Profile Built | 2026-06-28 15:40:50 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.