Report - 210.102.97.36/new

Report Overview

Submitted URL
210.102.97.36/new_neis/
IP
210.102.97.36
ASN
#9455 KERIS
Submitted
2024-05-07 16:57:27
Access
public
Website Title
KERIS원격지원시스템
Final URL
210.102.97.36/new_neis/hc4_user.asp
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
210.102.97.36	unknown	unknown	2013-11-12	2023-10-22	3.7 kB	29 kB	210.102.97.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed
2024-05-07	medium	210.102.97.36	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	210.102.97.36/new_neis/hc4_user.asp	0 B	2023-03-07	2024-05-19
Pretty URL 210.102.97.36/new_neis/hc4_user.asp IP 210.102.97.36 ASN #9455 KERIS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:41:20 Times Seen37834244 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (7)

URL IP Response Size

210.102.97.36/new_neis/

210.102.97.36

4.0 kB

URL
210.102.97.36/new_neis/
IP
210.102.97.36:0
ASN
#9455 KERIS

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
4.0 kB (3961 bytes)
Hash
2197f95cc35cc93231935440b23668f9
decd0c0942f758ba117d0e6c4c79f19d1163e948
531757ae95701ec1e51a32adc6a94b78e8bbfacc5fa2abc6f5625251b58b31bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/ HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; path=/
Date: Tue, 07 May 2024 16:56:48 GMT
Content-Length: 3961

210.102.97.36/new_neis/hc4_user.asp

210.102.97.36

200 OK

3.8 kB

URL User Request GET HTTP/1.1
210.102.97.36/new_neis/hc4_user.asp
IP
210.102.97.36:443
ASN
#9455 KERIS

Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.8 kB (3845 bytes)
Hash
67b8198653bb48c40966115e6aa99870
a2da7a443fcaff9d8f550d927af43444c4cbe839
5f7458fd57db962149fb209841961289eb0dabd8f13dfff8e2192c9abc9ced31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/hc4_user.asp HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://210.102.97.36/
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE; secure; path=/
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 3845

210.102.97.36/new_neis/login.css

210.102.97.36

200 OK

6.9 kB

URL GET HTTP/1.1
210.102.97.36/new_neis/login.css
IP
210.102.97.36:443
ASN
#9455 KERIS

Requested by
https://210.102.97.36/new_neis/hc4_user.asp
Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
6.9 kB (6858 bytes)
Hash
ed3990efa1bf4fcc178a8c4598e1b347
031d864d0a16ef998ffc4bb93236476d095c8665
c5fb7a7151dfa630b2cf2d9f5646e1a37809becb5d93e163e837c4f5aa3fd474

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/login.css HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 21 Oct 2019 05:37:54 GMT
Accept-Ranges: bytes
ETag: "0e585afd187d51:0"
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 6858

210.102.97.36/new_neis/logo.png

210.102.97.36

200 OK

9.1 kB

URL GET HTTP/1.1
210.102.97.36/new_neis/logo.png
IP
210.102.97.36:443
ASN
#9455 KERIS

Requested by
https://210.102.97.36/new_neis/hc4_user.asp
Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
PNG image data, 174 x 29, 8-bit/color RGBA, non-interlaced
Size
9.1 kB (9130 bytes)
Hash
7e097685f6a4ef734c1d3ec2a6bb44b2
ffe1242a9276b3d407238e063c54f50f607577a4
15e8a2eb9f5f69c7ea09da08b9bcf56a32a2418e8264aa7a054e0dc2ab01278e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/logo.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Aug 2022 03:16:28 GMT
Accept-Ranges: bytes
ETag: "08efe95b0a7d81:0"
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 9130

210.102.97.36/new_neis/images/bul_ty1.png

210.102.97.36

404 Not Found

1.2 kB

URL GET HTTP/1.1
210.102.97.36/new_neis/images/bul_ty1.png
IP
210.102.97.36:443
ASN
#9455 KERIS

Requested by
https://210.102.97.36/new_neis/hc4_user.asp
Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
1.2 kB (1238 bytes)
Hash
e8ef69b860a012d6c1423047e232536b
5f81824c41a80d67f7ecd983716b27b903195008
55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/images/bul_ty1.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/login.css
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 1238

210.102.97.36/new_neis/images/bullet.png

210.102.97.36

404 Not Found

1.2 kB

URL GET HTTP/1.1
210.102.97.36/new_neis/images/bullet.png
IP
210.102.97.36:443
ASN
#9455 KERIS

Requested by
https://210.102.97.36/new_neis/hc4_user.asp
Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
1.2 kB (1238 bytes)
Hash
e8ef69b860a012d6c1423047e232536b
5f81824c41a80d67f7ecd983716b27b903195008
55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new_neis/images/bullet.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/login.css
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:54 GMT
Content-Length: 1238

210.102.97.36/favicon.ico

210.102.97.36

404 Not Found

1.2 kB

URL GET HTTP/1.1
210.102.97.36/favicon.ico
IP
210.102.97.36:443
ASN
#9455 KERIS

Requested by
https://210.102.97.36/new_neis/hc4_user.asp
Certificate
IssuerSectigo Limited
Subject*.neis.go.kr
FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1
ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
1.2 kB (1238 bytes)
Hash
e8ef69b860a012d6c1423047e232536b
5f81824c41a80d67f7ecd983716b27b903195008
55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:54 GMT
Content-Length: 1238

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections