EULJI MUNDEOK

VHOST SECURITY ANALYSIS & INTRUSION MONITOR

--:--:--

2026-04-20 | qec-0238.cafe24.com

LOG: ACTIVE /var/log/httpd/access_log

CPU Load 1m

2.9

2.35 / 2.2 (5m/15m)

RAM Usage

26.8%

4.1GB / 15.2GB

Disk Usage

15.4%

35.9GB / 233.3GB

HTTP Reqs (5m)

137

전체 분석: 1,922건

Scanner Hits

알려진 스캐너 IP

Suspicious Path

수상한 경로 접근 IP

Bot Candidates

자동화 패턴 감지

THREAT SUMMARY

⚡

216.73.217.89 — 알려진 스캐너/봇 도구 감지 751회

iptables -I INPUT -s 216.73.217.89 -j DROP

⚡

74.7.227.171 — 알려진 스캐너/봇 도구 감지 615회

iptables -I INPUT -s 74.7.227.171 -j DROP

⚡

74.7.227.27 — 알려진 스캐너/봇 도구 감지 396회

iptables -I INPUT -s 74.7.227.27 -j DROP

⚠️

216.73.217.64 — 수상한 경로 탐색 3건

/phpmyadmin/ /phpmyadmin

iptables -I INPUT -s 216.73.217.64 -j DROP

⚠️

74.7.227.171 — 수상한 경로 탐색 1건

/GNU/plugin/okname/ipin.config.php

iptables -I INPUT -s 74.7.227.171 -j DROP

⚠️

74.7.227.27 — 수상한 경로 탐색 1건

/GNU/plugin/okname/ipin.config.php

iptables -I INPUT -s 74.7.227.27 -j DROP

IP ATTACK WATCH (5분)

IP	Reqs	UA 수	판정
216.73.217.64	96	1	SCANNER PROBE
74.7.227.27	11	1	SCANNER PROBE
216.73.217.89	9	1	SCANNER
74.7.227.171	8	1	SCANNER PROBE
34.162.184.145	7	7	OK
66.132.186.170	3	2	SCANNER PROBE
46.151.178.13	1	1	OK
74.7.230.45	1	1	SCANNER
34.64.82.78	1	1	SCANNER

SUSPICIOUS PATH PROBE

IP	탐색 경로	건수
216.73.217.64	`/phpmyadmin/` `/phpmyadmin`	3
74.7.227.171	`/GNU/plugin/okname/ipin.config.php`	1
74.7.227.27	`/GNU/plugin/okname/ipin.config.php`	1
66.132.186.170	`/.well-known/security.txt`	1
204.76.203.27	`/.env`	1

TOP URI (전체)

Path	Hits
`/`	9
`/robots.txt`	8
`/ZIP/X2/shop/kakaopay/orderform.3.php`	2
`/GNU/_PAGE/head.css`	2
`/ZIP/X2/shop/kakaopay/orderform.2.php`	2
`/GNU/lib/PHPExcel/Worksheet/RowDimension.php`	2
`/OLDBOY/lib/PHPExcel/Worksheet/PageSetup.php`	2
`/OLDBOY/plugin/jqplot/plugins/jqplot.mekkoAxisRenderer.min.js`	2
`/GNU/plugin/jqplot/jquery.jqplot.min.css`	2
`/OLDBOY/shop/kcp/img/kcp_ing.gif`	2
`/GNU`	2
`/SATA/FilesGallery.php`	2

USER AGENT 분석

User Agent	Hits
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GP	1011	SCANNER
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Cl	877	SCANNER
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWe	7	SCANNER
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT	4
-	2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.3	2	SCANNER
Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys	2	SCANNER
Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWeb	2
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bo	2	SCANNER
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like G	1
Mozilla/5.0 (Linux; Android 14; SM-A146P) AppleWebKit/537.36 (KHT	1
Mozilla/5.0 (Linux; Android 14; OnePlus 12) AppleWebKit/537.36 (K	1

REQUEST METHOD 분포

GET 1,913 (99.5%)

PROPFIND 1 (0.1%)

HEAD 7 (0.4%)

PRI 1 (0.1%)

HTTP STATUS 분포

200 1,739 (90.5%)

500 59 (3.1%)

404 50 (2.6%)

302 26 (1.4%)

301 24 (1.2%)

403 22 (1.1%)

405 1 (0.1%)

400 1 (0.1%)

LIVE TRAFFIC LOG (5분 최근 30건)

02:57:19 216.73.217.64 GET /GNU/_PAGE/menu/board/daemon_main.php?view=daemon 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:57:18 216.73.217.64 GET /GNU/bbs/board.php?bo_table=maria_event 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:57:18 216.73.217.64 GET /GNU/_PAGE/chart/upbit/trade_volume 404 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:57:18 216.73.217.64 GET /GNU/_PAGE/data/on_chain_data/coin_dominance.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:57:08 74.7.227.27 GET /OLDBOY/plugin/editor/cheditor5/editor.lib.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:54 74.7.227.171 GET /ZIP/X2/shop/kakaopay/orderform.3.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:51 74.7.227.27 GET /OLDBOY/skin/board/daemon_day_upbit/view_comment.skin.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:49 216.73.217.64 GET /GNU/bbs/board.php?bo_table=daemon_production 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:49 216.73.217.64 GET /GNU/_PAGE/maria/upbit_dictionary_db.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:48 216.73.217.64 GET /GNU/_PAGE/data/upbit/whale/total_table_chart.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:48 216.73.217.64 GET /GNU/_PAGE/stats/average_price_24h.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:48 216.73.217.64 GET /GNU/bbs/board.php?bo_table=maria_db 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:47 216.73.217.64 GET /GNU/_PAGE/maria/upbit_dictionary_event.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:43 46.151.178.13 PROPFIND / 405 -

02:56:34 74.7.227.27 GET /ZIP/X2/lib/PHPExcel/RichText/ITextElement.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:28 216.73.217.89 GET /GNU/_PAGE/backup/backup_skin.php?dir=oldboy_setting%2Fview&download=view.image.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:21 216.73.217.89 GET /GNU/_PAGE/backup/backup_skin.php?dir=daemon_kind_upbit%2Fview&download=view.file.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:14 216.73.217.64 GET /GNU/bbs/board.php?bo_table=daily 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:14 216.73.217.64 GET /GNU/_PAGE/chart/upbit/positionl/ 403 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:13 216.73.217.64 GET /GNU/_PAGE/chart/upbit/positionl 301 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:13 74.7.227.27 GET /OLDBOY/data/file/chatgpt/da54a742f0d11c0692fb97fc70ba857f_mLp5wq1B_ec43e2e2e4c3973542608fabef53f959 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:13 216.73.217.64 GET /GNU/_PAGE/data/upbit/whale/extinction_table.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:12 216.73.217.64 GET /GNU/bbs/board.php?bo_table=moving_assets 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:12 216.73.217.64 GET /GNU/js/jquery-migrate-1.4.1.min.js 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:12 216.73.217.64 GET /GNU/_PAGE/monitoring/upbit/daemon_market/daemon.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:12 216.73.217.64 GET /GNU/_PAGE/head.css 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:11 216.73.217.64 GET /GNU/_PAGE/head.css 301 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:01 216.73.217.64 GET /GNU/_PAGE/asset/upbit/data_list.php 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:00 216.73.217.64 GET /GNU/js/jquery-1.12.4.min.js 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

02:56:00 216.73.217.64 GET /GNU/_PAGE/chart/upbit/ecg/ 200 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl S

BLOCK COMMAND GENERATOR