EULJI MUNDEOK

VHOST SECURITY ANALYSIS & INTRUSION MONITOR

--:--:--
2026-04-20  |  qec-0238.cafe24.com
LOG: ACTIVE  /var/log/httpd/access_log
3.57
2.59 / 2.38 (5m/15m)
27.4%
4.2GB / 15.2GB
15.5%
36.1GB / 233.3GB
1,247
전체 분석: 1,402건
10
알려진 스캐너 IP
1
수상한 경로 접근 IP
2
자동화 패턴 감지
THREAT SUMMARY
74.7.227.27  — 알려진 스캐너/봇 도구 감지  644회
iptables -I INPUT -s 74.7.227.27 -j DROP
74.7.227.171  — 알려진 스캐너/봇 도구 감지  641회
iptables -I INPUT -s 74.7.227.171 -j DROP
216.73.217.89  — 알려진 스캐너/봇 도구 감지  65회
iptables -I INPUT -s 216.73.217.89 -j DROP
⚠️
216.73.217.89  — 수상한 경로 탐색  2건
/phpmyadmin/  /phpmyadmin 
iptables -I INPUT -s 216.73.217.89 -j DROP
🤖
74.7.227.27  — 자동화 요청 패턴 감지  평균 1초 간격  stddev 0
iptables -I INPUT -s 74.7.227.27 -j DROP
🤖
74.7.227.171  — 자동화 요청 패턴 감지  평균 1초 간격  stddev 0
iptables -I INPUT -s 74.7.227.171 -j DROP
IP ATTACK WATCH (5분)
IPReqsUA 수판정
74.7.227.27 576 1 SCANNER 
74.7.227.171 572 1 SCANNER 
216.73.217.89 53 1 SCANNER  PROBE 
180.65.72.118 34 2 OK
3.148.177.60 4 2 SCANNER 
74.7.230.45 2 1 SCANNER 
66.249.66.39 1 1 SCANNER 
66.249.66.68 1 1 SCANNER 
66.249.66.192 1 1 SCANNER 
66.249.66.7 1 1 SCANNER 
66.249.75.3 1 1 SCANNER 
34.91.100.6 1 1 OK
SUSPICIOUS PATH PROBE
IP탐색 경로건수
216.73.217.89 /phpmyadmin/
/phpmyadmin
 2
TOP URI (전체)
PathHits
/CLOUD/remote.php/dav/files/newtrons/ 16
/OLDBOY/_PAGE/_MAIN/asset/coin_item_list.php?ajax=1 6
/CLOUD/ocs/v2.php/apps/notifications/api/v2/notifications?format=json 6
/CLOUD/ocs/v2.php/apps/user_status/api/v1/user_status?format=json 6
/robots.txt 5
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=442 3
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=127 3
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=175 3
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=803 3
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=547 3
/GNU/_PAGE/monitoring/upbit/daemon_history/history_btc.php?page=594 3
/ 2
USER AGENT 분석
User AgentHits
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GP 1285 SCANNER
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Cl 65 SCANNER
Mozilla/5.0 (Windows) mirall/33.0.2 (build 20260331) (Nextcloud, 28
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT 12
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWe 4 SCANNER
python-requests/2.31.0 2 SCANNER
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT 2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.3 2 SCANNER
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bo 1 SCANNER
Scrapy/2.13.4 (+https://scrapy.org) 1
REQUEST METHOD 분포
GET 1,386  (98.9%)
PROPFIND 16  (1.1%)
HTTP STATUS 분포
200 1,354  (96.6%)
207 16  (1.1%)
404 12  (0.9%)
301 10  (0.7%)
304 6  (0.4%)
403 4  (0.3%)
LIVE TRAFFIC LOG (5분 최근 30건)
21:45:37 216.73.217.89 GET /GNU/_PAGE/data/upbit/ 403 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:37 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=949 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:37 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=30%EB%B6%84%EB%B4%89&url=http://www.m72x2.com/GNU/ 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:37 216.73.217.89 GET /GNU/_PAGE/data/upbit 301 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:36 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=296 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:36 216.73.217.89 GET /GNU/_PAGE/asset/upbit/data_assets.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:36 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=%EC%83%81%ED%83%9C&url=http://www.m72x2.com/GNU/bb 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:36 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=369 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:36 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=1%EC%8B%9C%EA%B0%84+1h&url=http://www.m72x2.com/GN 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:35 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=916 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:35 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=5%EB%B6%84%EB%B4%89&url=http://www.m72x2.com/GNU/b 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:35 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=595 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:35 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=1%EB%B6%84%EB%B4%89&url=http://www.m72x2.com/GNU/b 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:34 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=514 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:34 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=1%EB%B6%84%EB%B4%89&url=http://www.m72x2.com/GNU/b 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:34 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=318 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:34 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_subject||wr_content&stx=%EC%88%98%EC%A7%91&url=http://www.m72x2.com/GNU/bb 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:33 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=313 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:33 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_1&stx=%EC%BB%A8%ED%85%8C%EC%9D%B4%EB%84%88%EB%AA%AC&url=http://www.m72x2.c 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:33 180.65.72.118 PROPFIND /CLOUD/remote.php/dav/files/newtrons/ 207 Mozilla/5.0 (Windows) mirall/33.0.2 (build 20260331) (Nextcl
21:45:33 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=667 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:33 74.7.227.171 GET /GNU/bbs/login.php?url=http://www.m72x2.com/GNU/bbs/faq.php?fm_id=1 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:32 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=854 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:32 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_1&stx=%EA%B5%AC%EB%A5%B4%EB%8B%A4&url=http://www.m72x2.com/GNU/bbs/board.p 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:32 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=623 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:32 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_1&stx=%EB%9C%BB%EB%8D%B0%EB%A1%9C&url=http://www.m72x2.com/GNU/bbs/board.p 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:31 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_1&stx=%ED%94%8C%EB%9E%AB%ED%8F%BC&url=http://www.m72x2.com/GNU/bbs/board.p 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:31 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=317 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:31 74.7.227.27 GET /GNU/bbs/login.php?url=http://m72.kr/GNU/bbs/board.php?bo_table=moving_assets&wr_id=137 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
21:45:31 74.7.227.171 GET /GNU/bbs/login.php?sfl=wr_1&stx=%EB%AC%B4%EC%A1%B0%EA%B1%B4&url=http://www.m72x2.com/GNU/bbs/board.p 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S
BLOCK COMMAND GENERATOR