An anonymous researcher scanned North Korea’s externally routed 175.45.176.0/22 address block after public discussion of P4x’s denial-of-service activity against DPRK internet assets. The scan found only 32 active IP addresses but identified exposed services and technology stacks, including Red Hat Linux, six RedStar OS 4.0 instances, Apache, Microsoft IIS/SQL Server, and other externally reachable infrastructure. The report distinguishes North Korea’s restricted Kwangmyong intranet from the small Star Joint Venture block that connects selected users and services to the global internet. Its CTI value is infrastructure reconnaissance: it provides defender context on DPRK internet exposure and software choices, but it does not attribute malicious activity to a DPRK threat actor.