111.70.33.248
IP Intelligence Briefing: 111.70.33.248
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Geolocation: Taiwan (TW), latitude 23.7, longitude 120.96
- Network Role: Web Server (HTTP/HTTPS on ports 80/443)
- DNS: Resolves to `111-70-33-248.emome-ip.hinet.net` (hinet.net)
- Threat Indicators:
- Listed in 3/8 DNSBLs (high-risk spam/abuse lists)
- No TLS certificate detected
- Server fingerprint: `lighttpd/1.4.30` (older version)
---
**2. Observation History**
- Recent Activity (2026-06-17):
- Detected in 5 DNSBL listings (high-severity threats)
- HTTP server responded with status 200, no HSTS or CSP headers
- TLS scan showed no active certificate
- Historical Trends:
- First observed on 2026-06-02; no persistent malicious behavior noted
- No significant ownership or threat persistence over time
---
**3. Relationships**
- DNS Associations:
- Linked to `111-70-33-248.emome-ip.hinet.net` (hinet.net)
- SPF record exists (`v=spf1 redirect=spf.ms.hinet.net`), but no DMARC
- Network Connections:
- Part of `111.70.33.0/24` subnet with moderate abuse density (0.5)
---
**4. Neighborhood Analysis**
- Subnet: `111.70.33.0/24`
- Neighbor IPs (4 total):
- 111.70.33.163: Risk score 80 (High)
- 111.70.33.165: Risk score 80 (High)
- 111.70.33.194: Risk score 70 (Medium)
- 111.70.33.217: Risk score 55 (Low)
- Subnet Risk: Mostly clean, but 2 high-risk siblings present
---
**5. Recommendations**
1. Block the IP: Add to firewall rules (iptables/nftables) to mitigate potential threats.
2. Monitor Subnet: Track neighboring IPs (111.70.33.163, 111.70.33.165) for suspicious activity.
3. Check Server Configuration:
- Update `lighttpd` to a newer version (1.4.30 is outdated).
- Implement DMARC and HSTS for improved email and HTTPS security.
4. DNSBL Scrutiny: Investigate why this IP is listed in DNSBLs; confirm if itβs a false positive or legitimate abuse.
---
Note: This IP is associated with a Taiwanese ISP (hinet.net). While the server appears legitimate, its DNSBL listings and outdated software warrant further investigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Unknown |
| ASN | AS17421 |
| Network Name | β |
| CIDR Block | 111.70.0.0/18 |
| RIR | β |
| Country | β |
| Abuse Contact | β |
π DNS Intelligence
| PTR | 111-70-33-248.emome-ip.hinet.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 111-70-33-248.emome-ip.hinet.net |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 17% | 1 | 2 |
| geolocation | 32% | 2 | 3 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Recent
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 14:30:51 UTC |
| Profile Built | 2026-06-27 07:11:33 UTC |
| Data Freshness | Recent |
| Signal Types | 23 |
| Total Observations | 23 |
Full dossier details are available via our API.