I noticed the other day that 188.43.136.115 and 188.43.136.116 had the same certificate information in November 2021 as 175.45.176.21 and 175.45.176.22 had until recently. Now this doesn’t prove anything but it’s also interesting to note that both had ports 443 and 8888 exposed. Something to keep an eye on. Certificate is below. Could not find any other IP’s using that certificate when searching the hash.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9961 (0x26e9)
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=ISRA
Validity
Not Before: Sep 10 10:19:41 2021 GMT
Not After : Sep 10 10:19:41 2022 GMT
Subject: CN=is_server
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:4d:da:80:80:5e:1c:99:c0:cb:cf:c0:a3:a2:6f:
2b:1c:ca:f0:4a:03:6a:82:35:64:26:08:0f:c0:ac:
6f:31:e5:38:b9:04:cd:ca:1c:4e:39:d7:1e:32:81:
a5:62:65:be:2d:db:9f:80:61:e8:0b:46:95:d8:c6:
e5:48:29:e8:48:e8:af:85:24:bd:58:93:92:40:aa:
10:d1:a8:c2:e7:06:f3:ab:7b:29:cd:6f:57:b3:84:
60:1d:90:96:3b:7f:c8
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
OpenSSL Generated Client Certificate
X509v3 Subject Key Identifier:
C2:A2:12:38:21:74:43:BF:F0:DE:5A:F8:EA:0E:B1:68:98:0E:3E:C3
X509v3 Authority Key Identifier:
keyid:CB:36:50:B9:C4:39:6E:9B:F4:43:46:56:D5:2B:C2:99:6D:E6:F5:FA
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:4c:19:3b:cc:a9:3d:4b:01:5d:ab:df:09:93:3f:
fc:e0:8f:f1:9c:61:11:c8:a4:d7:d8:fa:5f:6f:4e:08:a9:1f:
42:81:97:6e:5d:d5:cb:53:30:d2:25:cb:56:db:9f:22:02:31:
00:c7:b1:5e:ac:f8:67:82:c9:7b:88:e4:cf:03:23:b2:1f:65:
39:e7:22:25:d6:e1:76:68:e2:1e:f5:de:13:ce:fa:94:24:77:
51:8d:eb:08:77:eb:8d:55:9c:da:f7:38:63
Discover more from North Korean Internet
Subscribe to get the latest posts sent to your email.
North Korean Internet 