111.70.22.153

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 111.70.22.153

*Generated via IPDebrief Threat Intelligence Platform*

---

Core Profile

Risk Score: 70 (High Risk)
Geolocation: Taipei City, Taiwan (TW) | Latitude 23.7, Longitude 120.96
Network Role: Web server (lighttpd/1.4.30) | Ports 443 (HTTPS), 8080 (HTTP-alt)
Ownership: Unattributed (no ASN/org name recorded)
Threat Indicators: No direct malicious activity detected (no blacklists, spam, or known attacker flags).

---

Observation History

Recent Activity:

- DNS resolution to `hinet.net` (valid DNSSEC, SPF, and CAA records).

- TLS certificate with self-signed issuer (`CN=localhost`).

- HTTP service fingerprinted as `lighttpd/1.4.30` (no HSTS/CSP headers).

Geolocation Consistency: Confirmed as Taipei, Taiwan (2026-06-06).
Subnet Stability: BGP prefix `111.70.0.0/18` shows route instability (stability score 0).

---

Network Relationships

DNS Associations:

- Resolves to `111-70-22-153.emome-ip.hinet.net` (hinet.net domain).

- DNSSEC validation successful; CAA records present.

BGP Context:

- Origin ASN 17421 (unknown provider).

- Route changes detected in the past 30 days.

---

Subnet Neighborhood

Subnet: `111.70.22.153/24`
Abuse Density: 1 (mostly clean, but 2 high-risk neighbors).
High-Risk Neighbors:

- 111.70.22.152: Risk score 80

- 111.70.22.154: Risk score 80

Neighbor Analysis: Both flagged for potential abuse (no further details provided).

---

Actionable Intelligence

1. Monitor Subnet: The high-risk neighbors suggest increased scrutiny of the `111.70.22.0/24` subnet.

2. DNS Validation: Investigate the communication errors to `192.168.2.108` (internal DNS server) for misconfigurations.

3. Web Server Security: Ensure the self-signed TLS certificate is not exposed to external users; consider replacing it with a trusted CA.

4. Threat Correlation: Cross-reference with known campaigns or indicators from the `hinet.net` domain.

---

Conclusion: This IP is a web server in Taiwan with no direct malicious indicators, but its subnet contains high-risk neighbors. SOC teams should prioritize monitoring the subnet and validating DNS configurations to mitigate potential lateral movement risks.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇹🇼 Taiwan
Region	Taipei City
City	Taipei
Timezone	Asia/Taipei
Latitude	23.70
Longitude	120.96

🏢 Ownership & Registration

Organization	Unknown
ASN	—
Network Name	—
CIDR Block	—
RIR	—
Country	—
Abuse Contact	—

🌐 DNS Intelligence

PTR	111-70-22-153.emome-ip.hinet.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`111-70-22-153.emome-ip.hinet.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
8080	http-alt	tcp	—
Closed Ports	22, 25, 80, 3389, 8443 (2 open / 7 scanned)

Server	lighttpd/1.4.30
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=localhost

Issued by CN=localhost

Self-signed: Yes

SANs	None
Valid From	2021-08-19T19:56:16+00:00
Valid Until	2031-08-17T19:56:16+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	00A3D21BD00BF83DBC
Thumbprint	11C27A093AAE3064B856B4B847498968530B74DF

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	29%	2	4
ownership	15%	2	2
reputation	19%	1	3
geolocation	27%	2	3
Overall	21%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-12 09:39:42 UTC
Last Seen	2026-06-26 18:10:23 UTC
Profile Built	2026-06-26 16:07:03 UTC
Data Freshness	Live
Signal Types	22
Total Observations	23

🔍 22 signal types · 23 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

111.70.22.153📋 Copy

**Core Profile**

**Observation History**

**Network Relationships**

**Subnet Neighborhood**

**Actionable Intelligence**