14.47.3.221
Threat Intelligence Briefing for IP 14.47.3.221/32
Date: 2026-06-17
---
**1. IP Profile**
- Risk Score: 80 (High Risk)
- Geolocation: South Korea (KR), Ansan-si, 35.91°N, 127.77°E
- Ownership: Registered to "IP Manager" (ASN 4766, APNIC). Abuse contact available via RDAP.
- Network Role: Mobile device (KT Corporation, LTE/5G). No public services (HTTP, TLS, DNS) detected.
- Threat Indicators: No direct indicators (no malware, phishing, or C2 activity). However, DNSBL listings (5/8) suggest potential spam or abuse.
---
**2. Observation History**
- Recent Signals (30-Day Window):
- DNSSEC/CAA Valid: Confirmed.
- BGP Stability: Unstable route (routeChanges30d = 0, but isRouteStable = false).
- DNS Abuse: 5/8 DNSBL listings (high severity).
- Geolocation Plausibility: Low confidence (geoPlausible = false).
- Trend: No persistent malicious activity observed.
---
**3. Relationships & Network**
- Linked Entities:
- Subnet: 14.47.3.0/24 (abuseDensity = 1, "mostly_clean" classification).
- Neighbors: 1 high-risk neighbor (14.47.3.217, riskScore = 80).
- Network: Associated with "KORNET-KR" (likely a mobile carrier network).
- DNS Associations: No resolvable PTR records or email auth (SPF/DKIM).
---
**4. Recommendations**
- Monitor: Track DNSBL status and subnet activity (14.47.3.0/24) for anomalies.
- Block: Consider blocking the IP due to high risk score and DNSBL listings.
- Investigate: Verify mobile carrier (KT) for potential SIM hijacking or rogue APNs.
- Subnet Review: Check neighboring IPs (e.g., 14.47.3.217) for coordinated attacks.
---
Conclusion: This IP is part of a high-risk subnet with mobile network ties. While no direct threats are detected, DNSBL listings and unstable routing suggest potential abuse. SOC teams should prioritize monitoring and containment to mitigate possible lateral movement or network compromise.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 18% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:41 UTC |
| Last Seen | 2026-06-26 18:10:38 UTC |
| Profile Built | 2026-06-22 14:57:21 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.