111.70.27.30
# IP Intelligence Briefing: 111.70.27.30/32
## Executive Summary
IP address 111.70.27.30/32 is a high-risk address (risk score: 80) associated with Hinet (ASN 17421) in Taipei, Taiwan. The address resolves to a residential/dynamic IP assignment with multiple blacklist listings. While the /24 subnet shows low abuse density, this specific IP demonstrates persistent threat indicators and warrants defensive monitoring.
## Threat Profile
Risk Assessment:
- Overall Risk Score: 80 (High Risk)
- Control Plane Risk: Operator score 0.3478 (Basic level)
- DNSBL Status: Listed on 6 of 8 threat intelligence feeds
- Reputation Sources: Multiple blacklist confirmations
Network Classification:
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- Infrastructure Type: Residential/ISP-dynamic allocation
- DNS Classification: emome-ip.hinet.net (Hinet residential range)
- HTTP Fingerprint: lighttpd/1.4.30, HTTP/1.1
Geolocation:
- Country: Taiwan (TW)
- City: Taipei
- Region: NWT (New Taipei)
- Coordinates: 23.7°N, 120.96°E
- Accuracy Radius: 200km
## Threat Indicators
Observed Threat Activity:
- 22 signal observations recorded
- Recent activity includes blacklist listings (high severity)
- Port scanning activity detected (June 2026)
- DNS resolution confirms emome-ip.hinet.net hostname
- Multiple PTR record associations to same hostname
Campaign Correlation:
- No known campaign matches
- Zero certificate-based matches
- Zero banner-based matches
- No correlated IPs in threat network
## Network Context
Subnet Analysis (/24):
- Subnet: 111.70.27.30/24
- Abuse Density: 1 (low)
- Classification: Mostly clean
- Inherited Risk: 2 (low)
- Active Siblings: 1
Related Entities:
- Organization: Hinet (Taiwan ISP)
- BGP Prefix: 111.70.0.0/18
- Origin ASN: 17421
- RIR Registry: APNIC (inferred from Taiwan location)
DNS Intelligence:
- PTR Hostname: 111-70-27-30.emome-ip.hinet.net
- Forward Resolution: Confirmed
- SPF Record: Present
- DMARC Record: Not configured
- Hosted Domains: 0
## Observational History
Temporal Analysis:
- 22 observations tracked across monitoring period
- Threat observation count: 1
- Persistence assessment: Not persistently malicious
- Ownership changes: 0 (stable)
- Recent activity concentration: June 2026
Behavioral Patterns:
- Port scanning detected during observation windows
- HTTP response code: 200 (when accessible)
- Time-to-first-byte: 1428ms
- HTTP Version: 1.1 (no HTTP/2 support)
- Security headers: No HSTS, no CSP, no referrer policy
## Recommended Actions
Defensive Measures:
1. Firewall Rules:
- Block inbound traffic on standard web ports (80, 443) if not required
- Implement rate limiting for outbound connections
- Monitor for scanning activity from this IP
2. Threat Intelligence Integration:
- Add to blocklist based on high risk score (80)
- Monitor blacklist feed updates (currently on 6 of 8 lists)
- Watch for new certificate or banner matches
3. Network Monitoring:
- Alert on connection attempts from this IP range
- Track for any changes in DNS resolution or hostname associations
- Monitor for emergence of open services or port changes
4. Investigation Priorities:
- Verify legitimate vs. unauthorized use of Hinet residential allocation
- Check for lateral movement indicators
- Correlate with any incident reports involving similar Hinet IPs
## Risk Narrative
This IP address represents a medium-to-high risk indicator that originated from Taiwan's Hinet ISP infrastructure. The high risk score of 80 is driven primarily by extensive blacklist presence across 6 DNSBL sources. Despite the /24 subnet showing low abuse density, the individual IP demonstrates concerning behavior patterns including port scanning activity and persistent threat indicators.
The residential/emome-ip classification suggests this may be a compromised endpoint rather than infrastructure-level abuse. The absence of open services indicates the IP may be actively monitored or blocked, yet the persistent blacklist presence suggests ongoing threat activity. SOC analysts should treat this IP with caution and implement monitoring controls while avoiding immediate takedown actions that could disrupt legitimate end-user services.
---
*Report generated based on IPDebrief intelligence data. Data timestamp: Current analysis period. Risk scores subject to ongoing monitoring and may change with additional observations.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Unknown |
| ASN | AS17421 |
| Network Name | โ |
| CIDR Block | 111.70.0.0/18 |
| RIR | โ |
| Country | โ |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 111-70-27-30.emome-ip.hinet.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 111-70-27-30.emome-ip.hinet.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 32% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 25% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 18:10:24 UTC |
| Profile Built | 2026-06-26 23:23:31 UTC |
| Data Freshness | Fresh |
| Signal Types | 23 |
| Total Observations | 23 |
Full dossier details are available via our API.