Server Security Dashboard

IP	Hits
76.20.48.131	30
85.31.225.235	27
107.77.211.37	26
66.60.165.106	16
157.245.105.107	5
206.81.12.187	5
128.199.182.55	5
64.23.218.208	4
206.189.19.19	4
146.190.63.248	4

URI	Hits
`/honeypot-trap.php`	71
`/.env`	38
`/testing/wp-login.php`	22
`/testing/xmlrpc.php`	18
`/.git/config`	12
`/api/graphql`	9
`/api/gql`	8
`/wp-config.php`	6
`/config.json`	5
`/xmlrpc.php`	4

Recent Honeypot Events

Date/Time	IP	URI	Reason	Event	User Agent	Extra
2025-11-29 10:09:51	18.221.162.160	`/vendor/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 10:09:50	18.221.162.160	`/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 10:02:49	3.39.230.60	`/vendor/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 10:02:41	3.39.230.60	`/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 08:53:22	35.204.180.74	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	-	METHOD=GET \| REF=-
2025-11-29 07:23:26	134.209.179.41	`/api/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36	METHOD=GET \| REF=-
2025-11-29 07:07:03	35.82.29.212	`/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 07:06:51	35.82.29.212	`/config.json`	GENERIC_HONEYPOT_HIT	SOFT_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 07:06:03	35.82.29.212	`/debug.log`	GENERIC_HONEYPOT_HIT	SOFT_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 06:51:30	3.34.99.192	`/vendor/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-29 06:51:28	3.34.99.192	`/.env`	CONFIG_PROBE	HARDKILL_HIT	python-httpx/0.22.0	METHOD=GET \| REF=-
2025-11-28 22:52:51	159.223.134.146	`/.env`	CONFIG_PROBE	HARDKILL_HIT	python-requests/2.32.5	METHOD=GET \| REF=-
2025-11-28 16:38:20	34.138.10.121	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36 Edg/125.0.2535.51	METHOD=HEAD \| REF=http://www.optimumyouth.com/old/
2025-11-28 12:26:46	34.106.133.73	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.2365.66	METHOD=HEAD \| REF=http://mail.optimumyouth.com/old/
2025-11-28 11:59:51	48.217.233.215	`/developmentserver/metadatauploader`	DEV_METADATA_PROBE	HARDKILL_HIT	Mozilla/5.0 zgrab/0.x	METHOD=GET \| REF=-
2025-11-28 11:02:37	206.81.19.122	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36	METHOD=GET \| REF=-
2025-11-28 10:35:41	172.161.24.0	`/1.php`	BACKDOOR_PROBE	HARDKILL_HIT	Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1	METHOD=GET \| REF=https://www.google.de/
2025-11-28 10:13:34	142.111.146.31	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36	METHOD=GET \| REF=-
2025-11-28 10:01:26	35.229.108.165	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/124.0.6367.56 Mobile/15E148 Safari/604.1	METHOD=HEAD \| REF=http://optimumyouth.com/old/
2025-11-28 06:44:48	213.209.157.162	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Linux; Android 5.1; OPPO A59s Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6148 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN	METHOD=GET \| REF=-
2025-11-28 02:54:21	162.142.125.40	`/login`	SENSITIVE_ENDPOINT_PROBE	SOFT_HIT	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)	METHOD=GET \| REF=-
2025-11-28 02:52:36	147.185.40.210	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36	METHOD=GET \| REF=-
2025-11-28 02:33:25	64.225.75.246	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-28 02:32:42	64.225.75.246	`/api/gql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-28 02:32:35	64.225.75.246	`/api/graphql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-27 19:51:54	128.199.182.55	`/config.json`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-27 19:51:53	128.199.182.55	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-27 19:51:42	128.199.182.55	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-27 19:51:08	128.199.182.55	`/api/gql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-27 19:51:02	128.199.182.55	`/api/graphql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-27 15:19:28	35.237.172.167	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15	METHOD=HEAD \| REF=http://www.optimumyouth.com/old/
2025-11-27 11:37:29	34.26.216.247	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.20 Safari/537.36	METHOD=HEAD \| REF=http://optimumyouth.com/old/
2025-11-27 09:50:18	34.106.104.44	`/honeypot-trap.php`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1	METHOD=HEAD \| REF=http://mail.optimumyouth.com/old/
2025-11-27 08:33:25	196.74.230.113	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0	METHOD=GET \| REF=-
2025-11-27 04:02:44	77.90.44.38	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Windows NT 10.0; rv:124.0) Gecko/20100101 Firefox/124.0	METHOD=GET \| REF=-
2025-11-27 00:06:59	40.113.19.56	`/1.php`	BACKDOOR_PROBE	HARDKILL_HIT	-	METHOD=GET \| REF=-
2025-11-27 00:00:02	144.172.112.234	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.3331.99	METHOD=GET \| REF=-
2025-11-26 15:59:15	130.33.50.246	`/wso.php`	BACKDOOR_PROBE	HARDKILL_HIT	-	METHOD=GET \| REF=-
2025-11-26 15:16:18	176.65.132.195	`/api/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (compatible; S-Scanner/1.0)	METHOD=GET \| REF=-
2025-11-26 15:16:12	176.65.132.195	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (compatible; S-Scanner/1.0)	METHOD=GET \| REF=-
2025-11-26 12:33:18	52.178.205.26	`/1.php`	BACKDOOR_PROBE	HARDKILL_HIT	Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1	METHOD=GET \| REF=https://www.yahoo.com/
2025-11-26 08:17:16	138.197.36.0	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36	METHOD=GET \| REF=-
2025-11-26 07:31:56	54.91.59.150	`/.git/config`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15	METHOD=GET \| REF=-
2025-11-26 07:28:20	94.26.88.18	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.2 Safari/605.1.15	METHOD=GET \| REF=-
2025-11-26 06:36:14	146.190.63.248	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-26 06:35:49	146.190.63.248	`/api/swagger.json`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-
2025-11-26 06:35:34	146.190.63.248	`/api/gql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-26 06:35:27	146.190.63.248	`/api/graphql`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=POST \| REF=-
2025-11-26 05:11:40	5.189.168.68	`/.env`	CONFIG_PROBE	HARDKILL_HIT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36	METHOD=GET \| REF=-
2025-11-26 04:57:26	206.81.12.187	`/config.json`	GENERIC_HONEYPOT_HIT	SOFT_HIT	Mozilla/5.0 (l9scan/2.0.533323e2532323e21333e25383; +https://leakix.net)	METHOD=GET \| REF=-

Honeypot Reason Legend

PHPUNIT_RCE_PROBE Probes for phpunit eval-stdin RCE to execute arbitrary PHP code.

THINKPHP_RCE_PROBE ThinkPHP invokefunction-based RCE scanning.

AUTO_PREPEND_RCE Attempts to use auto_prepend_file=php://input or similar to run injected PHP.

DOCKER_API_PROBE Tries to access Docker Engine API endpoints like /containers/json.

BACKDOOR_PROBE Classic webshells and backdoor files (wso, r57, c99, upl.php, etc.).

CONFIG_PROBE Attempts to read config/secret files like wp-config.php, .git/config, .env.

PATH_TRAVERSAL Directory traversal patterns (../../) aiming to escape the webroot.

DEV_METADATA_PROBE Dev-only endpoints like /developmentserver/metadatauploader.

SMTP_PROBE Probes for mail config files (smtp_config.json, smtp.php, mail_config.php).

SENSITIVE_ENDPOINT_PROBE Scanning login/XML-RPC/wp-admin and similar access points.

SCANNER_PROBE Fingerprinting URIs such as /geoip/ or /wsman.

GENERIC_HONEYPOT_HIT Caught by honeypot, but not mapped to a specific exploit type.

Top 404 Offenders (by IP)

IP	404 Count
162.142.125.45	4
194.187.179.201	2
134.122.83.158	2
115.132.54.236	2
77.183.244.153	2

Top 404 URLs

URL	404 Count
`/favicon.ico`	6
`/.env`	2
`/boaform/admin/formLogin?username=user&psd=user`	2
`/sitemap.xml`	2

Recent 404 "Page Not Found" Errors

Date/Time	IP	Method	URL	Referrer	User Agent
29/Nov/2025:12:56:00 -0800	162.142.125.45	GET	`/sitemap.xml`	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:12:54:57 -0800	162.142.125.45	GET	`/favicon.ico`	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:11:48:26 -0800	77.183.244.153	GET	`/boaform/admin/formLogin?username=user&psd=user`	-	-
29/Nov/2025:11:34:59 -0800	115.132.54.236	GET	`/.env`	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
29/Nov/2025:11:29:33 -0800	134.122.83.158	GET	`/favicon.ico`	http://ns2.srv471368.hstgr.cloud/	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
29/Nov/2025:10:04:43 -0800	194.187.179.201	GET	`/favicon.ico`	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
29/Nov/2025:10:04:43 -0800	194.187.179.201	GET	`/favicon.ico`	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
29/Nov/2025:11:29:33 -0800	134.122.83.158	GET	`/favicon.ico`	http://ns2.srv471368.hstgr.cloud/	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
29/Nov/2025:11:34:59 -0800	115.132.54.236	GET	`/.env`	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
29/Nov/2025:11:48:26 -0800	77.183.244.153	GET	`/boaform/admin/formLogin?username=user&psd=user`	-	-
29/Nov/2025:12:54:57 -0800	162.142.125.45	GET	`/favicon.ico`	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:12:56:00 -0800	162.142.125.45	GET	`/sitemap.xml`	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)

Copy 404 Data for ChatGPT Analysis

Select all (Ctrl+A / Cmd+A) inside this box, copy, and paste into ChatGPT.

You are a Linux server and WordPress security assistant.

I will provide you with a list of recent HTTP 404 (Page Not Found) errors taken from my Apache access log.

Your tasks:

Group all entries by IP address.

Identify which IPs appear to be malicious bots or scanners. Treat the following as strong indicators of malicious behavior:

Repeated 404 errors

Enumeration of wp-admin directories, plugins, themes, uploads, backups, or fake/non-existent paths

Attempts to access sensitive endpoints (wp-login.php, xmlrpc.php, installer.php, phpmyadmin, .env, .git, etc.)

Suspicious or blank user agents, mismatched browser signatures, or automation indicators

Entries that have multiple user agents, even if one of appears to be a excluded searchbot

Fast or burst-style scanning in short time intervals

Assign a recommendation for each IP:

Permanent CSF ban for clearly malicious or exploit-focused behavior

Temporary CSF ban (24–48 hours recommended) for low-volume or borderline suspicious behavior

No action for legitimate traffic

EXCLUSIONS — Do NOT recommend bans for these well-known legitimate crawlers unless they perform exploit behavior:

OpenAI GPTBot (“GPTBot”)

OpenAI OAI-SearchBot (“OAI-SearchBot”)

CensysInspect / Censys Security Scanner

Palo Alto Networks Cortex Xpanse scanners

Standard robots.txt/sitemap fetchers

Normal favicon.ico hits with valid browser UAs
Only classify these as malicious if they access exploit paths such as /.env, /wp-login.php, /xmlrpc.php, /phpunit/, or encoded traversal requests.

For each IP recommended for blocking, generate:

A CSF permanent deny line for /etc/csf/csf.deny

For temporary bans, provide:
• The IP
• A recommended duration (24h or 48h)
• A short reason
• The exact CSF command the user must run manually
(csf -td IP duration "reason")

Use these formats:

PERMANENT BAN FORMAT (csf.deny):
IP_ADDRESS # REASON (permanent) YYYY-MM-DD

TEMPORARY BAN OUTPUT (NOT paste-ready):
IP: 1.2.3.4
Duration: 24h
Reason: Enumeration of /wp-admin directories
Command: csf -td 1.2.3.4 86400 "wp-admin enumeration"

Return the following:

1. Short Summary

Briefly explain the overall pattern (bot scans, probing, noise, etc.)

2. Table of IPs

Columns:

IP Address

Total 404 Count

Example URLs Hit

Recommendation (no action / temp ban / permanent ban)

3. PERMANENT BAN BLOCK (paste-ready)

Use only permanent ban lines in csf.deny format.
Output “None” if empty.

4. TEMPORARY BAN RECOMMENDATIONS (manual entry)

List each temp-ban IP using the format shown above.
Do NOT output csf.tempban file lines.
Provide only the recommended command to run manually.


29/Nov/2025:12:56:00 -0800 | IP=162.142.125.45 | METHOD=GET | URL=/sitemap.xml | REF=- | UA=Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:12:54:57 -0800 | IP=162.142.125.45 | METHOD=GET | URL=/favicon.ico | REF=- | UA=Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:11:48:26 -0800 | IP=77.183.244.153 | METHOD=GET | URL=/boaform/admin/formLogin?username=user&psd=user | REF=- | UA=-
29/Nov/2025:11:34:59 -0800 | IP=115.132.54.236 | METHOD=GET | URL=/.env | REF=- | UA=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
29/Nov/2025:11:29:33 -0800 | IP=134.122.83.158 | METHOD=GET | URL=/favicon.ico | REF=http://ns2.srv471368.hstgr.cloud/ | UA=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
29/Nov/2025:10:04:43 -0800 | IP=194.187.179.201 | METHOD=GET | URL=/favicon.ico | REF=- | UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
29/Nov/2025:10:04:43 -0800 | IP=194.187.179.201 | METHOD=GET | URL=/favicon.ico | REF=- | UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
29/Nov/2025:11:29:33 -0800 | IP=134.122.83.158 | METHOD=GET | URL=/favicon.ico | REF=http://ns2.srv471368.hstgr.cloud/ | UA=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
29/Nov/2025:11:34:59 -0800 | IP=115.132.54.236 | METHOD=GET | URL=/.env | REF=- | UA=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
29/Nov/2025:11:48:26 -0800 | IP=77.183.244.153 | METHOD=GET | URL=/boaform/admin/formLogin?username=user&psd=user | REF=- | UA=-
29/Nov/2025:12:54:57 -0800 | IP=162.142.125.45 | METHOD=GET | URL=/favicon.ico | REF=- | UA=Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
29/Nov/2025:12:56:00 -0800 | IP=162.142.125.45 | METHOD=GET | URL=/sitemap.xml | REF=- | UA=Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)

Server Security Dashboard

Top Honeypot Offenders (by IP)

Top Honeypot URIs

Recent Honeypot Events

Honeypot Reason Legend

Sensitive Endpoint Traffic (Recent Log Sample)

Top 404 Offenders (by IP)

Top 404 URLs

Recent 404 "Page Not Found" Errors

Copy 404 Data for ChatGPT Analysis