LeakIXからの偵察ログ

久しぶりのログをアップします。これは、ログのUser-Agent が “Mozilla/5.0 (l9scan/2.0.…; +https://leakix.net)”となっているものです。

LeakIX（リーク・アイエックス）とは、インターネットに公開しているサイトをスキャンして設定ミスや脆弱性を収集して公開する検索エンジンで、OSINT（オープン・ソース・インテリジェンス）のプラットフォームです。

ログを見ると、/, /graphql, /api, /swagger*.html, /.env, /.git/config, /server-statusなどにアクセスできるかを試しているようですね。僕のサイトではWAFが403を返すか、実際にファイルがなくて404を返しているようなログになってます。あわよくば機密情報（APIキー、認証情報、環境設定など）を収集して公開してやろうというやつですね。

以下がログの一部です。

"GET / HTTP/1.1" 200 15920 "-" "-"
"GET / HTTP/1.1" 200 15920 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"POST /graphql HTTP/1.1" 404 4663 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"POST /api HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"POST /api/graphql HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"POST /graphql/api HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"POST /api/gql HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /swagger-ui.html HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /swagger/index.html HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /swagger/swagger-ui.html HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /webjars/swagger-ui/index.html HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /swagger.json HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /swagger/v1/swagger.json HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /v2/api-docs HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /v3/api-docs HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /api-docs/swagger.json HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /api/swagger.json HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /@vite/env HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /actuator/env HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /server HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /.vscode/sftp.json HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /about HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /debug/default/view?panel=config HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /v2/_catalog HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /server-status HTTP/1.1" 403 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /login.action HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /_all_dbs HTTP/1.1" 404 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"
"GET /.DS_Store HTTP/1.1" 403 1614 "-" "Mozilla/5.0 (l9scan/2.0.7333e2332323e23363e2038313; +https://leakix.net)"