111.70.32.51
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 111.70.32.51
Date: 2026-06-17
---
**1. Profile Summary**
- Risk Score: 80 (High Risk)
- Geolocation: Taipei, Taiwan (TW)
- Network Role: Web server (lighttpd/1.4.30)
- Services: Open ports 443 (HTTPS), 8080 (HTTP-alt). TLS certificate self-signed, issued to `CN=localhost`.
- Ownership: Unverified ASN (AS17421). No registered organization or abuse contact.
---
**2. Threat Indicators**
- No direct malware campaigns or spam sources detected.
- Subnet Abuse: 111.70.32.0/24 has 12/15 neighbors with high risk scores (80), indicating potential compromised hosts.
- DNS Associations: Linked to `hinet.net` (residential ISP), with SPF records but no DMARC.
---
**3. Observation History**
- Recent Activity (2026-06-17):
- TLS certificate validated (self-signed).
- DNS resolution confirmed for `111-70-32-51.emome-ip.hinet.net`.
- No new threat indicators detected in the last 30 days.
---
**4. Relationships**
- DNS: Resolves to `hinet.net` (residential ISP).
- Subnet: Part of 111.70.32.0/24, with 12 high-risk neighbors.
- Certificates: Self-signed TLS certificate (no SANs).
---
**5. Recommendations**
- Monitor Subnet: The 111.70.32.0/24 subnet has high abuse density (68.75%). Investigate neighbors with risk scores โฅ80.
- Block Untrusted Traffic: Consider blocking traffic from this subnet in firewalls unless confirmed legitimate.
- Verify DNS: Validate `hinet.net` DNS records for spoofing or misconfiguration.
- Check TLS: Self-signed certificates may indicate internal or compromised services.
Next Steps: Correlate with internal logs, verify DNS source integrity, and assess subnet-wide risks.
---
*Generated by IPDebrief. All data sourced from observed signals and threat intelligence feeds.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Unknown |
| ASN | AS17421 |
| Network Name | โ |
| CIDR Block | 111.70.0.0/18 |
| RIR | โ |
| Country | โ |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 111-70-32-51.emome-ip.hinet.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 111-70-32-51.emome-ip.hinet.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | โ |
๐ TLS Certificate
A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.
CN=localhost
Issued by CN=localhost
Self-signed: Yes
| SANs | None |
| Valid From | 2023-05-25T19:42:01+00:00 |
| Valid Until | 2033-05-22T19:42:01+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00C3EF50D494D67785 |
| Thumbprint | 5E485C45D1FFA9E8AC3A78A82683B3ADBA7002D6 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 14 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 18:10:24 UTC |
| Profile Built | 2026-06-25 00:59:55 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 22 |
๐ 22 signal types ยท 22 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.