Server Security Dashboard

Generated at 2026-03-03 10:20:02

Warning: Some paths are not readable:
🛡️ Honeypot Hits (Last 24 Hours)
27
Based on honeypot.log timestamps
👥 Total Honeypot Offenders
171
Distinct IPs in last 500 honeypot lines
🚫 Honeypot Hardkills (Last 24 Hours)
19
Counted by HARDKILL_HIT honeypot events
⚠️ 404 Errors (Last 24 Hours)
0
Based on access log timestamps

Top Honeypot Offenders (by IP)

IPHits
93.123.109.214 41
34.158.168.101 27
45.83.31.38 22
45.148.10.119 17
185.177.72.60 14
204.76.203.210 12
20.213.152.227 10
45.148.10.247 8
204.76.203.25 8
45.144.212.176 7

Top Honeypot URIs

URIHits
/.env 164
/.git/config 84
/honeypot-trap.php 41
/config.php 17
/1.php 14
/.git/HEAD 10
/.env~ 9
/api/.env 9
//wso.php 8
/shell.php 8

Recent Honeypot Events

Date/Time IP URI Reason Event User Agent Extra
2026-03-03 01:46:32 184.105.247.254 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 Safari/537.36 OPR/80.0.4170.72 METHOD=GET | REF=-
2026-03-03 01:41:08 45.144.212.176 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.42 Safari/537.36 METHOD=GET | REF=-
2026-03-03 01:07:01 77.83.39.103 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 METHOD=GET | REF=-
2026-03-03 00:42:50 45.87.249.196 /login?redir= GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 METHOD=GET | REF=https://www.google.com
2026-03-03 00:42:39 45.87.249.196 /remote/login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 METHOD=GET | REF=https://www.google.com
2026-03-02 22:55:15 54.227.123.204 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 22:45:36 162.142.125.45 /login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/) METHOD=GET | REF=-
2026-03-02 21:51:40 153.92.11.95 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:54:34 93.123.109.214 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 METHOD=GET | REF=-
2026-03-02 20:54:29 93.123.109.214 /.git/HEAD CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:54:17 93.123.109.214 /config.php CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 METHOD=GET | REF=-
2026-03-02 20:54:11 93.123.109.214 /wp-config.php CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:54:06 93.123.109.214 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:53:57 93.123.109.214 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:53:54 93.123.109.214 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 20:21:50 185.218.19.135 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 METHOD=GET | REF=-
2026-03-02 20:20:10 172.94.9.253 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 METHOD=GET | REF=-
2026-03-02 18:32:57 104.234.53.112 /.git/ GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64) METHOD=GET | REF=-
2026-03-02 17:02:07 172.71.172.58 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 Version/17.0 Mobile Safari/604.1 METHOD=GET | REF=-
2026-03-02 16:08:49 45.87.249.187 /api/sonicos/is-sslvpn-enabled GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 METHOD=GET | REF=https://www.google.com
2026-03-02 13:20:11 20.104.206.150 /config.php CONFIG_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-03-02 12:05:18 13.79.87.25 //1.php BACKDOOR_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-03-02 11:52:06 34.135.108.136 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 14; RMX3842) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.44 Mobile Safari/537.36 METHOD=HEAD | REF=http://mail.optimumyouth.com/old/
2026-03-02 11:34:06 104.198.38.11 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 10; vivo 1904) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.60 Mobile Safari/537.36 METHOD=HEAD | REF=http://www.optimumyouth.com/old/
2026-03-02 10:46:53 45.156.87.205 /api/.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 METHOD=GET | REF=-
2026-03-02 10:46:42 45.156.87.205 /.env CONFIG_PROBE HARDKILL_HIT Opera/9.80 (Windows Mobile; WCE; Opera Mobi/WMD-50433; U; en) Presto/2.4.13 Version/10.00 METHOD=GET | REF=-
2026-03-02 10:43:00 34.168.236.19 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 10; vivo 1904) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.60 Mobile Safari/537.36 METHOD=HEAD | REF=http://optimumyouth.com/old/
2026-03-02 08:29:44 168.63.70.12 //1.php BACKDOOR_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-03-02 04:43:35 45.83.31.38 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 7.0; SM-G955U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 METHOD=GET | REF=-
2026-03-02 04:43:14 45.83.31.38 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 04:43:00 45.83.31.38 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3269.3 Safari/537.36 METHOD=GET | REF=-
2026-03-02 04:42:42 45.83.31.38 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 9; PH-1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 METHOD=GET | REF=-
2026-03-02 04:42:20 45.83.31.38 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux x86_64; sv-SE; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 METHOD=GET | REF=-
2026-03-02 03:06:37 45.144.212.176 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 9; ONEPLUS A5010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 METHOD=GET | REF=-
2026-03-02 02:18:59 43.228.157.67 /.git/config CONFIG_PROBE HARDKILL_HIT Go-http-client/1.1 METHOD=GET | REF=-
2026-03-02 00:36:20 45.148.10.119 /api/.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 00:35:28 45.148.10.119 /api/user GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:35:23 45.148.10.119 /%2egit/%63onfig GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 00:35:16 45.148.10.119 /%2eenv GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:35:10 45.148.10.119 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:56 45.148.10.119 /api/user GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:52 45.148.10.119 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 METHOD=GET | REF=-
2026-03-02 00:34:47 45.148.10.119 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:44 45.148.10.119 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 METHOD=GET | REF=-
2026-03-02 00:34:38 45.148.10.119 /%2eenv GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:19 45.148.10.119 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 METHOD=GET | REF=-
2026-03-02 00:34:18 45.148.10.119 /api/user GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:17 45.148.10.119 /%2eenv GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-
2026-03-02 00:34:12 45.148.10.119 /%2egit/%63onfig GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-03-02 00:34:08 45.148.10.119 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 METHOD=GET | REF=-

Honeypot Reason Legend

PHPUNIT_RCE_PROBE Probes for phpunit eval-stdin RCE to execute arbitrary PHP code.
THINKPHP_RCE_PROBE ThinkPHP invokefunction-based RCE scanning.
AUTO_PREPEND_RCE Attempts to use auto_prepend_file=php://input or similar to run injected PHP.
DOCKER_API_PROBE Tries to access Docker Engine API endpoints like /containers/json.
BACKDOOR_PROBE Classic webshells and backdoor files (wso, r57, c99, upl.php, etc.).
CONFIG_PROBE Attempts to read config/secret files like wp-config.php, .git/config, .env.
PATH_TRAVERSAL Directory traversal patterns (../../) aiming to escape the webroot.
DEV_METADATA_PROBE Dev-only endpoints like /developmentserver/metadatauploader.
SMTP_PROBE Probes for mail config files (smtp_config.json, smtp.php, mail_config.php).
SENSITIVE_ENDPOINT_PROBE Scanning login/XML-RPC/wp-admin and similar access points.
SCANNER_PROBE Fingerprinting URIs such as /geoip/ or /wsman.
GENERIC_HONEYPOT_HIT Caught by honeypot, but not mapped to a specific exploit type.

Sensitive Endpoint Traffic (Recent Log Sample)

Monitoring hits to wp-login.php, xmlrpc.php, wp-admin, wp-json, and other high-value URLs from the last 20000 log lines.

IP Address Hits Endpoints First Seen Last Seen UA Samples
185.242.3.87 1 /wp-admin/txets.php 2026-03-03 08:33:39 2026-03-03 08:33:39
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
165.232.80.252 1 /wp-login.php 2026-03-03 06:46:19 2026-03-03 06:46:19
Mozilla/5.0
134.122.86.72 1 /wp-login.php 2026-03-03 04:56:19 2026-03-03 04:56:19
Mozilla/5.0
134.199.146.217 1 /wp-admin/install.php 2026-03-03 04:51:41 2026-03-03 04:51:41
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
104.28.235.60 7 /wp-admin/style.php, /wp-admin/admin-ajax.php, /wp-admin/zwso.php, /wp-admin/css/index.php, /wp-admin/css/ … 2026-03-03 01:21:21 2026-03-03 01:21:53
Go-http-client/1.1
172.190.142.176 2 /wp-admin/css/bolt.php, /wp-admin/sc.php 2026-03-02 22:35:40 2026-03-02 22:36:51
-
13.79.87.25 6 /wp-admin/images/wp-conflg.php, /xmlrpc.php, /wp-admin/css/bolt.php, /adminfuns.php, /wp-admin/js/widgets/ … 2026-03-02 20:04:57 2026-03-02 20:06:39
-
168.63.70.12 6 /wp-admin/images/wp-conflg.php, /xmlrpc.php, /wp-admin/css/bolt.php, /adminfuns.php, /wp-admin/js/widgets/ … 2026-03-02 16:29:26 2026-03-02 16:31:06
-
185.242.3.85 5 /wp-admin/style.php, /wp-admin/admin-ajax.php, /wp-admin/zwso.php, /wp-admin/css/index.php, /wp-admin/css/ 2026-03-02 13:24:54 2026-03-02 13:25:40
Go-http-client/1.1

Top 404 Offenders (by IP)

IP404 Count

Top 404 URLs

URL404 Count

Recent 404 "Page Not Found" Errors

Date/Time IP Method Reason URL Referrer User Agent

Copy 404 Data for ChatGPT Analysis

Select all (Ctrl+A / Cmd+A) inside this box, copy, and paste into ChatGPT.