Server Security Dashboard

Generated at 2026-04-22 12:20:02

Warning: Some paths are not readable:
🛡️ Honeypot Hits (Last 24 Hours)
21
Based on honeypot.log timestamps
👥 Total Honeypot Offenders
197
Distinct IPs in last 500 honeypot lines
🚫 Honeypot Hardkills (Last 24 Hours)
19
Counted by HARDKILL_HIT honeypot events
⚠️ 404 Errors (Last 24 Hours)
0
Based on access log timestamps

Top Honeypot Offenders (by IP)

IPHits
45.148.10.249 27
185.177.72.61 16
94.26.88.31 15
45.148.10.62 15
192.253.248.169 12
54.178.29.150 11
104.168.93.75 11
93.123.109.214 10
77.83.39.197 10
213.209.159.175 9

Top Honeypot URIs

URIHits
/.git/config 94
/.env 92
/honeypot-trap.php 48
/1.php 38
/config.php 33
/api/graphql 16
/api/.env 15
/.git/HEAD 13
/wp-config.php 12
/login 11

Recent Honeypot Events

Date/Time IP URI Reason Event User Agent Extra
2026-04-22 04:45:23 192.253.248.169 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; da-dk) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5 METHOD=GET | REF=-
2026-04-22 03:58:32 170.64.172.28 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 METHOD=GET | REF=-
2026-04-22 03:24:19 65.49.1.94 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-04-22 01:54:55 91.215.85.104 /api/version GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; WOW64; rv:70.0) Gecko/20100101 Firefox/70.0 METHOD=GET | REF=-
2026-04-21 23:27:24 185.93.89.167 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060916 Firefox/2.0b2 METHOD=GET | REF=-
2026-04-21 23:27:23 185.93.89.167 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) METHOD=GET | REF=-
2026-04-21 23:27:23 185.93.89.167 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 METHOD=GET | REF=-
2026-04-21 23:27:23 185.93.89.167 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G920T Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36 METHOD=GET | REF=-
2026-04-21 23:27:22 185.93.89.167 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.133 Chrome/10.0.648.133 Safari/534.16 METHOD=GET | REF=-
2026-04-21 22:49:43 187.127.72.232 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0 METHOD=GET | REF=-
2026-04-21 22:49:37 187.127.72.232 /.git/HEAD CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-04-21 22:49:35 187.127.72.232 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-04-21 21:25:17 172.238.170.48 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); METHOD=GET | REF=-
2026-04-21 21:25:10 172.238.170.48 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); METHOD=GET | REF=-
2026-04-21 20:41:19 213.209.159.175 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3 METHOD=GET | REF=-
2026-04-21 19:37:48 103.153.183.69 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-04-21 15:41:05 158.158.122.51 /1.php BACKDOOR_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 15:40:04 158.158.122.51 /shell.php GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 14:38:44 159.65.54.177 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 METHOD=GET | REF=-
2026-04-21 12:46:37 136.107.204.163 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 13; Nokia G42 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.41 Mobile Safari/537.36 METHOD=HEAD | REF=http://mail.optimumyouth.com/old/
2026-04-21 12:22:29 77.83.39.42 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (compatible; alexa site audit/1.0; +http://www.alexa.com/help/webmasters; ) METHOD=GET | REF=-
2026-04-21 12:17:25 34.162.58.81 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 METHOD=HEAD | REF=http://optimumyouth.com/old/
2026-04-21 10:43:45 35.196.202.49 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 11; RMX2195) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.210 Mobile Safari/537.36 OPR/75.2.3995.72468 METHOD=HEAD | REF=http://www.optimumyouth.com/old/
2026-04-21 09:00:05 192.253.248.169 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.45 Safari/537.36 OPR/30.0.1835.26 (Edition beta) METHOD=GET | REF=-
2026-04-21 08:50:53 172.94.9.253 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 METHOD=GET | REF=-
2026-04-21 05:41:11 124.198.131.162 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (adaptive-bot) METHOD=GET | REF=-
2026-04-21 05:29:02 20.150.192.63 /developmentserver/metadatauploader DEV_METADATA_PROBE HARDKILL_HIT Mozilla/5.0 zgrab/0.x METHOD=GET | REF=-
2026-04-21 05:22:07 192.253.248.169 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.25 METHOD=GET | REF=-
2026-04-21 05:11:48 80.94.92.242 /vendor/.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 METHOD=GET | REF=-
2026-04-21 05:11:25 80.94.92.242 /api/.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 METHOD=GET | REF=-
2026-04-21 05:11:18 80.94.92.242 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 METHOD=GET | REF=-
2026-04-21 04:52:31 213.209.159.175 /.env CONFIG_PROBE HARDKILL_HIT Opera/9.12 (X11; Linux i686; U; en) (Ubuntu) METHOD=GET | REF=-
2026-04-21 04:37:02 58.229.188.59 /admin/config.php CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 METHOD=GET | REF=-
2026-04-21 03:34:17 64.62.156.182 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 METHOD=GET | REF=-
2026-04-21 02:21:09 132.196.3.209 /wso.php BACKDOOR_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 02:20:49 132.196.3.209 /1.php BACKDOOR_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 01:35:28 66.132.195.73 /login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/) METHOD=GET | REF=-
2026-04-21 01:20:24 66.132.195.63 /login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/) METHOD=GET | REF=-
2026-04-21 01:18:57 20.212.118.199 /remote/login?lang=en GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-04-21 01:00:21 146.70.178.124 /vendor/ GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 01:00:09 146.70.178.124 /vendor/phpunit/phpunit/src/Util/PHP/ GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-04-21 01:00:01 146.70.178.124 /honeypot-trap.php GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-04-20 23:14:59 192.253.248.169 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 5.0; SM-G900V Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36 METHOD=GET | REF=-
2026-04-20 23:04:41 213.209.159.175 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008110715 ASPLinux/3.0.2-3.0.120asp Firefox/3.0.2 METHOD=GET | REF=-
2026-04-20 22:38:51 20.234.16.176 /config.php CONFIG_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-04-20 22:38:09 20.234.16.176 /config.php CONFIG_PROBE HARDKILL_HIT - METHOD=GET | REF=-
2026-04-20 22:03:35 167.250.224.25 /admin/config.php CONFIG_PROBE HARDKILL_HIT nvdorz METHOD=GET | REF=-
2026-04-20 21:59:50 185.177.72.68 /config%2ejson GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-04-20 21:51:31 185.177.72.68 /storage/logs/rails%2elog GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-04-20 21:51:28 185.177.72.68 /storage/logs/rails%2elog GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-

Honeypot Reason Legend

PHPUNIT_RCE_PROBE Probes for phpunit eval-stdin RCE to execute arbitrary PHP code.
THINKPHP_RCE_PROBE ThinkPHP invokefunction-based RCE scanning.
AUTO_PREPEND_RCE Attempts to use auto_prepend_file=php://input or similar to run injected PHP.
DOCKER_API_PROBE Tries to access Docker Engine API endpoints like /containers/json.
BACKDOOR_PROBE Classic webshells and backdoor files (wso, r57, c99, upl.php, etc.).
CONFIG_PROBE Attempts to read config/secret files like wp-config.php, .git/config, .env.
PATH_TRAVERSAL Directory traversal patterns (../../) aiming to escape the webroot.
DEV_METADATA_PROBE Dev-only endpoints like /developmentserver/metadatauploader.
SMTP_PROBE Probes for mail config files (smtp_config.json, smtp.php, mail_config.php).
SENSITIVE_ENDPOINT_PROBE Scanning login/XML-RPC/wp-admin and similar access points.
SCANNER_PROBE Fingerprinting URIs such as /geoip/ or /wsman.
GENERIC_HONEYPOT_HIT Caught by honeypot, but not mapped to a specific exploit type.

Sensitive Endpoint Traffic (Recent Log Sample)

Monitoring hits to wp-login.php, xmlrpc.php, wp-admin, wp-json, and other high-value URLs from the last 20000 log lines.

No sensitive-endpoint activity detected in the recent log window.

Top 404 Offenders (by IP)

IP404 Count

Top 404 URLs

URL404 Count

Recent 404 "Page Not Found" Errors

Date/Time IP Method Reason URL Referrer User Agent

Copy 404 Data for ChatGPT Analysis

Select all (Ctrl+A / Cmd+A) inside this box, copy, and paste into ChatGPT.