14.48.246.33📋 Copy

IP INTELLIGENCE BRIEFING: 14.48.246.33/32

Classification: High Risk (Score: 80/100)

Date: 2026-06-17

Prepared by: IPDebrief Intelligence

---

EXECUTIVE SUMMARY

IP address 14.48.246.33 is classified as HIGH RISK with a risk score of 80/100. The IP is associated with mobile carrier KT Corporation in South Korea (Jeju City) and belongs to ASN 4766 (IP Manager). The address has been DNSBL listed on 5 of 8 threat feeds with maximum severity rated as high. Despite being a mobile residential IP, the elevated risk score warrants defensive blocking and enhanced monitoring.

---

GEOLOCATION AND NETWORK ATTRIBUTES

Geolocation Confidence: Moderate (0.52) with 250km accuracy radius. Multiple geo sources indicate consensus location in South Korea.

---

THREAT INTELLIGENCE

Risk Assessment:

• Overall Risk Score: 80/100 (High)
• DNSBL Listings: 5/8 lists (maximum severity: high)
• Operator Score: 0.1304 (Minimal)
• Known Attacker: No
• Spam Source: No
• Tor Exit Node: No
• Is Cloud/CDN/VPN/Proxy: No

Control Plane Data:

• Route Stability: False
• Is Route Stable: False
• BGP Prefix: 14.48.0.0/13
• RPKI State: Unknown
• DNSSEC Valid: True
• DNSBL Lists Listed: 5

---

OBSERVATION HISTORY

Fourteen signal observations recorded from 2026-06-02 to 2026-06-17. Notable observations:

• 2026-06-07: DNSBL listing detection (5/8 lists, high severity) with 0.85 confidence
• 2026-06-17: Recent operator signal (0.1304 operator score) and routing assessment
• 2026-06-02: Initial network classification assessment (mobile IP)

The IP has persisted for 0 threat observation days and is not flagged as persistently malicious.

---

NETWORK RELATIONSHIPS

• Network Association: 17 relationships identified, all linked to KORNET-KR network
• Subnet Analysis: 14.48.246.33/24 neighborhood shows abuse density of 0 with mostly_clean classification
• Siblings: 1 total sibling IP in subnet, 0 active, 1 threat sibling
• Inherited Risk: 2 (moderate neighborhood risk)

---

SERVICE AND NETWORK ROLE

• Service Purpose: Firewalled / No Services
• Open Ports: None detected
• DNS Records: No forward resolution, no PTR hostnames
• TLS/HTTP: No certificates, no HTTP title or server banner
• Email Authentication: No SPF, DMARC, or TXT records

---

RECOMMENDED ACTIONS

Immediate:

• Block at perimeter firewall using provided rules for iptables, nftables, pfSense, Cloudflare WAF, and AWS WAF
• Increase logging verbosity for all traffic from this IP
• Review recent activity logs for correlation with other threat signals

Firewall Rules:

```

iptables: iptables -A INPUT -s 14.48.246.33 -j DROP

nftables: nft add rule inet filter input ip saddr 14.48.246.33 drop

nginx: deny 14.48.246.33;

Cloudflare WAF: Block 14.48.246.33 — IPDebrief risk score 80

AWS WAF: Addresses [14.48.246.33/32], Description "IPDebrief risk 80"

```

Monitoring:

• Enable enhanced logging for this IP address
• Monitor for correlation with other IPs in the 14.48.246.0/24 subnet
• Review for any emerging threat indicators within the next 7 days

---

INTELLIGENCE NOTE

This mobile IP address shows elevated risk despite being classified as residential mobile. The DNSBL listings and route instability suggest potential abuse. Recommend treating as hostile traffic until further investigation confirms legitimate use. Correlate with any blocked or suspicious activity observed in SOC logs.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.