| 210.102.97.36/new_neis/ | 210.102.97.36 | | 4.0 kB |
IP210.102.97.36:0
File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators Hash2197f95cc35cc93231935440b23668f9 decd0c0942f758ba117d0e6c4c79f19d1163e948 531757ae95701ec1e51a32adc6a94b78e8bbfacc5fa2abc6f5625251b58b31bf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/ HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; path=/
Date: Tue, 07 May 2024 16:56:48 GMT
Content-Length: 3961
|
|
| 210.102.97.36/new_neis/hc4_user.asp | 210.102.97.36 | 200 OK | 3.8 kB |
URL User Request GET HTTP/1.1210.102.97.36/new_neis/hc4_user.asp IP210.102.97.36:443
CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators Hash67b8198653bb48c40966115e6aa99870 a2da7a443fcaff9d8f550d927af43444c4cbe839 5f7458fd57db962149fb209841961289eb0dabd8f13dfff8e2192c9abc9ced31
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/hc4_user.asp HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://210.102.97.36/
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE; secure; path=/
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 3845
|
|
| 210.102.97.36/new_neis/login.css | 210.102.97.36 | 200 OK | 6.9 kB |
URL GET HTTP/1.1210.102.97.36/new_neis/login.css IP210.102.97.36:443
Requested byhttps://210.102.97.36/new_neis/hc4_user.asp CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typeUnicode text, UTF-8 (with BOM) text, with CRLF line terminators Hashed3990efa1bf4fcc178a8c4598e1b347 031d864d0a16ef998ffc4bb93236476d095c8665 c5fb7a7151dfa630b2cf2d9f5646e1a37809becb5d93e163e837c4f5aa3fd474
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/login.css HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 21 Oct 2019 05:37:54 GMT
Accept-Ranges: bytes
ETag: "0e585afd187d51:0"
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 6858
|
|
| 210.102.97.36/new_neis/logo.png | 210.102.97.36 | 200 OK | 9.1 kB |
URL GET HTTP/1.1210.102.97.36/new_neis/logo.png IP210.102.97.36:443
Requested byhttps://210.102.97.36/new_neis/hc4_user.asp CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typePNG image data, 174 x 29, 8-bit/color RGBA, non-interlaced Hash7e097685f6a4ef734c1d3ec2a6bb44b2 ffe1242a9276b3d407238e063c54f50f607577a4 15e8a2eb9f5f69c7ea09da08b9bcf56a32a2418e8264aa7a054e0dc2ab01278e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/logo.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Aug 2022 03:16:28 GMT
Accept-Ranges: bytes
ETag: "08efe95b0a7d81:0"
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 9130
|
|
| 210.102.97.36/new_neis/images/bul_ty1.png | 210.102.97.36 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1210.102.97.36/new_neis/images/bul_ty1.png IP210.102.97.36:443
Requested byhttps://210.102.97.36/new_neis/hc4_user.asp CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typeHTML document, ISO-8859 text, with CRLF line terminators Hashe8ef69b860a012d6c1423047e232536b 5f81824c41a80d67f7ecd983716b27b903195008 55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/images/bul_ty1.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/login.css
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:53 GMT
Content-Length: 1238
|
|
| 210.102.97.36/new_neis/images/bullet.png | 210.102.97.36 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1210.102.97.36/new_neis/images/bullet.png IP210.102.97.36:443
Requested byhttps://210.102.97.36/new_neis/hc4_user.asp CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typeHTML document, ISO-8859 text, with CRLF line terminators Hashe8ef69b860a012d6c1423047e232536b 5f81824c41a80d67f7ecd983716b27b903195008 55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new_neis/images/bullet.png HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/login.css
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:54 GMT
Content-Length: 1238
|
|
| 210.102.97.36/favicon.ico | 210.102.97.36 | 404 Not Found | 1.2 kB |
URL GET HTTP/1.1210.102.97.36/favicon.ico IP210.102.97.36:443
Requested byhttps://210.102.97.36/new_neis/hc4_user.asp CertificateIssuerSectigo Limited Subject*.neis.go.kr FingerprintCA:06:A2:FC:DF:A4:39:1C:B3:4D:73:57:29:5A:01:BE:5F:22:D0:B1 ValidityWed, 24 Apr 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT
File typeHTML document, ISO-8859 text, with CRLF line terminators Hashe8ef69b860a012d6c1423047e232536b 5f81824c41a80d67f7ecd983716b27b903195008 55bce6ae40de209387f0443421c793c2d0d5891bf1cacdac441546b39f0faa03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 210.102.97.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://210.102.97.36/new_neis/hc4_user.asp
Cookie: ASPSESSIONIDACSTCQBT=IJPDJNOADILCFGBEADBLGAIH; ASPSESSIONIDAGSTCQBT=JJPDJNOAHLKHGKJLIEGNCMGE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 07 May 2024 16:56:54 GMT
Content-Length: 1238
|
|