Server Security Dashboard

Generated at 2026-06-12 09:10:02

Warning: Some paths are not readable:
🛡️ Honeypot Hits (Last 24 Hours)
29
Based on honeypot.log timestamps
👥 Total Honeypot Offenders
156
Distinct IPs in last 500 honeypot lines
🚫 Honeypot Hardkills (Last 24 Hours)
14
Counted by HARDKILL_HIT honeypot events
⚠️ 404 Errors (Last 24 Hours)
0
Based on access log timestamps

Top Honeypot Offenders (by IP)

IPHits
146.70.173.108 42
15.165.159.72 20
52.47.82.79 17
77.83.39.54 16
34.174.122.232 15
35.202.172.96 15
208.84.102.89 13
208.84.100.96 13
208.84.100.188 13
77.83.39.197 13

Top Honeypot URIs

URIHits
/.env 104
/.git/config 72
/honeypot-trap.php 40
/api/.env 28
/config.json 19
/.git/HEAD 17
/api/auth/validate-sso 12
/.git/logs/HEAD 10
/.env~ 9
/.git/index 8

Recent Honeypot Events

Date/Time IP URI Reason Event User Agent Extra
2026-06-12 01:44:47 194.62.107.97 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 METHOD=GET | REF=-
2026-06-11 21:12:37 77.83.39.197 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 5.1.1; KYF39 Build/100.0.2039; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36 METHOD=GET | REF=-
2026-06-11 21:11:18 77.83.39.197 /.env CONFIG_PROBE HARDKILL_HIT w3m/0.5.1 METHOD=GET | REF=-
2026-06-11 20:55:30 185.177.72.56 /api/%2eenv GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-06-11 20:55:19 185.177.72.56 /api/%2eenv GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-06-11 20:54:17 185.177.72.56 /api/settings GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-06-11 20:54:08 185.177.72.56 /honeypot-trap.php GENERIC_HONEYPOT_HIT HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-06-11 20:53:58 185.177.72.56 /login SENSITIVE_ENDPOINT_PROBE HARDKILL_HIT curl/8.7.1 METHOD=GET | REF=-
2026-06-11 17:29:46 65.49.20.68 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0 METHOD=GET | REF=-
2026-06-11 17:28:07 77.83.36.170 /login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 METHOD=GET | REF=-
2026-06-11 17:27:58 77.83.36.170 /remote/login SENSITIVE_ENDPOINT_PROBE SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 METHOD=GET | REF=-
2026-06-11 17:15:16 95.182.114.5 /config.json GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/125.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-06-11 12:19:39 34.11.99.241 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 12; TECNO CK6n) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.50 Mobile Safari/537.36 METHOD=HEAD | REF=http://mail.optimumyouth.com/old/
2026-06-11 11:50:52 34.171.97.151 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 METHOD=HEAD | REF=http://optimumyouth.com/old/
2026-06-11 10:40:48 208.84.100.240 /.env~ GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 METHOD=GET | REF=-
2026-06-11 10:40:48 208.84.100.240 /.git/HEAD CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0 METHOD=GET | REF=-
2026-06-11 10:40:48 208.84.100.240 /.git/logs/HEAD GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 METHOD=GET | REF=-
2026-06-11 10:40:45 208.84.100.240 /.env.local~ GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1 METHOD=GET | REF=-
2026-06-11 10:40:15 208.84.100.240 /.env.production~ GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 METHOD=GET | REF=-
2026-06-11 10:40:14 208.84.100.240 /.git/refs/heads/main GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0 METHOD=GET | REF=-
2026-06-11 10:40:14 208.84.100.240 /.git/FETCH_HEAD GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0 METHOD=GET | REF=-
2026-06-11 10:40:14 208.84.100.240 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0 METHOD=GET | REF=-
2026-06-11 10:40:14 208.84.100.240 /.git/refs/heads/master GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0 METHOD=GET | REF=-
2026-06-11 10:39:42 208.84.100.240 /api/.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0 METHOD=GET | REF=-
2026-06-11 10:39:41 208.84.100.240 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 METHOD=GET | REF=-
2026-06-11 10:39:16 208.84.100.240 /config.json GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 METHOD=GET | REF=-
2026-06-11 10:39:10 208.84.100.240 /api/client_secret.json GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0 METHOD=GET | REF=-
2026-06-11 10:21:35 34.182.139.63 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 METHOD=HEAD | REF=http://www.optimumyouth.com/old/
2026-06-11 10:10:12 77.83.39.197 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 METHOD=GET | REF=-
2026-06-11 06:12:10 80.94.95.211 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 7.1.1; CPH1723 Build/N6F26Q) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36 METHOD=GET | REF=-
2026-06-11 05:55:06 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-11 05:30:11 128.203.204.215 /developmentserver/metadatauploader DEV_METADATA_PROBE HARDKILL_HIT Mozilla/5.0 zgrab/0.x METHOD=GET | REF=-
2026-06-11 04:22:02 176.65.132.162 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 8.1.0; Infinix X624B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Mobile Safari/537.36 METHOD=GET | REF=-
2026-06-11 02:58:29 155.133.23.242 /.env CONFIG_PROBE HARDKILL_HIT Python/3.13 aiohttp/3.14.1 METHOD=GET | REF=-
2026-06-10 23:49:43 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-10 22:29:09 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-10 17:48:28 65.49.1.80 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 METHOD=GET | REF=-
2026-06-10 17:42:15 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-10 16:50:01 77.83.39.94 /.git/index CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116 METHOD=GET | REF=-
2026-06-10 16:00:05 34.162.154.79 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.90 Safari/537.36 METHOD=HEAD | REF=http://www.optimumyouth.com/old/
2026-06-10 14:37:12 136.117.13.203 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; U; Android 10; en-US; CPH2015) AppleWebKit/537.36 (KHTML, like Gecko) UCBrowser/13.5.8.1311 Mobile Safari/537.36 METHOD=HEAD | REF=http://optimumyouth.com/old/
2026-06-10 14:27:03 77.83.39.197 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Linux; Android 9; SM-G950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 METHOD=GET | REF=-
2026-06-10 13:43:35 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-10 13:37:09 8.229.61.249 /honeypot-trap.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 METHOD=HEAD | REF=http://mail.optimumyouth.com/old/
2026-06-10 10:36:08 165.140.238.74 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (compatible; Scanner/1.0) METHOD=GET | REF=-
2026-06-10 08:42:22 195.3.220.7 /wp-content/cache/index.php GENERIC_HONEYPOT_HIT SOFT_HIT Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 METHOD=GET | REF=-
2026-06-10 07:55:54 195.178.110.162 /.env CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3722.400 QQBrowser/10.5.3763.400 METHOD=GET | REF=-
2026-06-10 07:52:11 77.83.39.94 /.git/config CONFIG_PROBE HARDKILL_HIT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 METHOD=GET | REF=-
2026-06-10 07:18:41 151.242.30.224 /api/auth/validate-sso GENERIC_HONEYPOT_HIT HARDKILL_HIT - METHOD=GET | REF=-
2026-06-10 06:48:33 77.83.39.54 /.git/config CONFIG_PROBE HARDKILL_HIT Opera/9.64 (Macintosh; PPC Mac OS X; U; en) Presto/2.1.1 METHOD=GET | REF=-

Honeypot Reason Legend

PHPUNIT_RCE_PROBE Probes for phpunit eval-stdin RCE to execute arbitrary PHP code.
THINKPHP_RCE_PROBE ThinkPHP invokefunction-based RCE scanning.
AUTO_PREPEND_RCE Attempts to use auto_prepend_file=php://input or similar to run injected PHP.
DOCKER_API_PROBE Tries to access Docker Engine API endpoints like /containers/json.
BACKDOOR_PROBE Classic webshells and backdoor files (wso, r57, c99, upl.php, etc.).
CONFIG_PROBE Attempts to read config/secret files like wp-config.php, .git/config, .env.
PATH_TRAVERSAL Directory traversal patterns (../../) aiming to escape the webroot.
DEV_METADATA_PROBE Dev-only endpoints like /developmentserver/metadatauploader.
SMTP_PROBE Probes for mail config files (smtp_config.json, smtp.php, mail_config.php).
SENSITIVE_ENDPOINT_PROBE Scanning login/XML-RPC/wp-admin and similar access points.
SCANNER_PROBE Fingerprinting URIs such as /geoip/ or /wsman.
GENERIC_HONEYPOT_HIT Caught by honeypot, but not mapped to a specific exploit type.

Sensitive Endpoint Traffic (Recent Log Sample)

Monitoring hits to wp-login.php, xmlrpc.php, wp-admin, wp-json, and other high-value URLs from the last 20000 log lines.

IP Address Hits Endpoints First Seen Last Seen UA Samples
157.15.40.86 1233 /wp-json/wp/v2/users/, /xmlrpc.php 2026-06-12 06:06:23 2026-06-12 06:43:48
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
185.177.72.56 1 /login 2026-06-12 03:53:53 2026-06-12 03:53:53
curl/8.7.1
64.188.91.212 1 /wp-login.php?action=register 2026-06-12 02:29:40 2026-06-12 02:29:40
Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
52.138.38.186 2 /wp-admin/css/bolt.php, /admin-footer.php 2026-06-11 22:23:59 2026-06-11 22:24:48
-
208.84.100.240 1 /wp-content/debug.log 2026-06-11 17:39:06 2026-06-11 17:39:06
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15

Top 404 Offenders (by IP)

IP404 Count

Top 404 URLs

URL404 Count

Recent 404 "Page Not Found" Errors

Date/Time IP Method Reason URL Referrer User Agent

Copy 404 Data for ChatGPT Analysis

Select all (Ctrl+A / Cmd+A) inside this box, copy, and paste into ChatGPT.