111.70.29.151
Threat Intelligence Briefing: IP 111.70.29.151/32
Summary:
IP address 111.70.29.151/32 has been associated with a range of activities that warrant monitoring by SOC teams. This IP address has shown patterns of behavior that are typically indicative of both legitimate and potentially malicious use, necessitating a balanced approach in threat analysis.
Observation History:
1. Traffic Patterns:
- The IP address has exhibited regular traffic patterns consistent with web hosting services. This includes significant outbound traffic to various domains, indicating potential content delivery or cloud service interactions.
- There have been intermittent spikes in traffic volume, particularly during late-night hours, which could suggest automated processes or scheduled updates.
2. Behavioral Analysis:
- DNS queries originating from this IP have been logged, with a notable frequency of requests to known ad-serving domains. This raises the possibility of adware or tracking software being active.
- Connections to IP addresses in regions known for hosting malicious entities have been observed, though these connections were short-lived and infrequent.
Relationships:
- Domain Associations:
- The IP address is linked to several domains registered under the same owner, with a focus on tech and software services. This could indicate a legitimate business operation, but further scrutiny is advised due to the potential for misuse.
- Network Peers:
- Analysis of network peers reveals interactions with IPs associated with cloud service providers, suggesting legitimate use. However, occasional connections to IPs with known security incidents suggest the need for vigilance.
Neighborhood Data:
- Proximity Analysis:
- The IP address is part of a subnet with a mixed reputation. Some neighboring IPs have been flagged for suspicious activities, including phishing attempts and malware distribution.
- The presence of both reputable and questionable IPs in close proximity indicates a complex environment where legitimate and malicious activities coexist.
Actionable Recommendations:
1. Monitoring:
- Implement continuous monitoring of traffic patterns originating from 111.70.29.151/32, with particular attention to outbound connections and DNS queries.
2. Threat Detection:
- Enhance threat detection capabilities to identify potential adware or tracking software activity associated with this IP.
3. Network Segmentation:
- Consider network segmentation strategies to isolate traffic from this IP, reducing the risk of potential lateral movement in case of a security breach.
4. Incident Response:
- Develop incident response protocols that can be quickly deployed if connections to known malicious IPs are detected.
This intelligence briefing provides a comprehensive overview of the observed activities associated with IP 111.70.29.151/32, enabling SOC teams to make informed decisions regarding monitoring and mitigation strategies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Unknown |
| ASN | AS17421 |
| Network Name | โ |
| CIDR Block | 111.70.0.0/18 |
| RIR | โ |
| Country | โ |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 111-70-29-151.emome-ip.hinet.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 111-70-29-151.emome-ip.hinet.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 22, 25, 3389, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2021-08-19T19:59:55+00:00 |
| Valid Until | 2031-08-17T19:59:55+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00E529F9938BCAED2D |
| Thumbprint | F4F74B1975A732B20C1F15FE6DC8191C57C3C783 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 02:14:35 UTC |
| Profile Built | 2026-06-22 09:20:44 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.