Sites hosted outside of NK

Not sure if this deserves a regular page yet, but a list of sites that are hosted outside of the NK address space:

  • Defunct. Led by Nigel Cowrie who under his shell company helped sell arms and expand the North Korean nuclear program

  • porn site now. was selling North Korean literature until late last year. or


Scan Results 7.4.15

For the past few months, I’ve been working on scans from a VPS against the North Korean IP space to watch as different sites come online. I’ve got a decent scan that runs now but still needs some work. Below is what I’ve found but there is still a lot more digging to be done on the sites, but I wanted to at least start getting this information online and work on categorizing it better later:

Default Red Hat server with an Apache test page.

Open ports for each host:

22/tcp   open     ssh
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
3306/tcp open     mysql
4444/tcp filtered krb524
6000/tcp open     X11

The banner reported for them as well shows as Red Hat, as opposed to Red Star Linux, which show up in some of the other hosts scanned: Apache/2.2.15 (Red Hat)

Network Gear:

  • OS Identifications: Cisco 831 switch or 1760 router (IOS 12.4)
  • SSH Banner: SSH-1.99-Cisco-1.25


This is one that I always keep coming back to whenever it appears online. It looks like it is a North Korean security tool of some kind. The only information that I’ve been able to gather is in the following:

# wget –no-check-certificate
–2015-07-05 01:10:06–
Connecting to… connected.
WARNING: cannot verify’s certificate, issued by “/C=XX/ST=XX/L=XX/O=NeoTech/OU=Secure Team/CN=NetRadar/”:
Self-signed certificate encountered.
WARNING: certificate common name “NetRadar” doesn’t match requested host name “”.
HTTP request sent, awaiting response… 200 OK


Depending on the country you are connecting in from you are Rodong will load from a different IP. Connecting from Romania produced and Canada

Other than the fact that any picture of a crowd looks Photoshopped, you can also track Supreme Leaders activity. Site runs on Red Star 3.0: Apache/2.2.15 (RedStar 3.0)


Website of a software development company founded in 2002. Focuses on mobile and web apps, games, and applications.

There’s a lot of different domains for this address. It hosts a news site Naenara but there are several other domains associated with it as well:

Website of Kim Il Sung University. Haven’t had too much of a chance to dig into this site yet, seems pretty straightforward though.

Scan results are below. Still working on tweaking the scan a little bit to get some more information.