Web logs 404 analysis - past 72 hours

Jan 31, 2026

Automatically updated daily

Checking for 404 errors in your logs can reveal more than just broken links, it can also expose files and URLs that attackers are actively scanning for. To track this behavior, we set up hundreds of honeypots and analyzed live web traffic data, giving us insight into which files and URLs are being targeted across the internet.

This table bellow list the top URLs being scanned in the past 72 hours. Some of them may show what attacker are actively looking for and new vulnerabilities in the wild.

Rank	Scanned URL	Counter
#1	/wp-login.php	21,915
#2	/api/v2/auth	20,952
#3	/index.php	8,650
#4	/autodiscover/autodiscover.xml	8,223
#5	/[object%20Object]	4,552
#6	/.well-known/traffic-advice	3,949
#7	/api/v2/products/stock-batch	3,748
#8	/.well-known/passkey-endpoints	3,040
#9	/404	2,163
#10	/.env	1,900
#11	/admin.php	1,802
#12	/saiga.php	1,765
#13	/file.php	1,741
#14	/ccstore/v1/images	1,661
#15	/ioxi-o.php	1,467
#16	/about.php	1,430
#17	/adminfuns.php	1,386
#18	/classwithtostring.php	1,290
#19	/admin	1,286
#20	/info.php	1,273
#21	/wp-json/oembed/1.0/embed	1,270
#22	/abcd.php	1,187
#23	/sources.php	1,174
#24	/aa.php	1,121
#25	/-/-/-/-/-/-/-/-/-/-	1,077
#26	/olympikus	1,066
#27	/xmlrpc.php	1,010
#28	/api/v2/products/1659369592	983
#29	/api/v2/products/1659370143	981
#30	/api/v2/products/1659369038	976
#31	/goods.php	975
#32	/api/v2/products/1659369318	975
#33	/.git/config	975
#34	/api/v2/products/1659370315	972
#35	/api/v2/products/1659372022	971
#36	/api/v2/products/1659371730	967
#37	/api/v2/products/1659371194	966
#38	/api/v2/products/1659370539	966
#39	/api/v2/products/1659369485	966
#40	/api/v2/products/1659370649	965
#41	/api/v2/products/1659371462	965
#42	/api/v2/products/1659369765	960
#43	/api/v2/products/1659369941	960
#44	/api/v2/products/1659371884	958
#45	/api/v2/products/1659371217	954
#46	/api/v2/products/1659371029	954
#47	/api/v2/products/1659370690	954
#48	/api/v2/products/1659371489	953
#49	/api/v2/products/1659369366	951
#50	/api/v2/products/1659371220	947
#51	/api/v2/products/1659370540	946
#52	/api/v2/products/1659368975	943
#53	/autoload_classmap.php	941
#54	/api/v2/products/1659371950	939
#55	/edit.php	928
#56	/buy.php	891
#57	/sitemap.xml	844
#58	/backup	831
#59	/chosen.php	828
#60	/wp-admin	800
#61	/wp-good.php	793
#62	/shop	776
#63	/checkout/cart/add	763
#64	/rest/V1/salesRules	746
#65	/wp-cron.php	726
#66	/api/.env	725
#67	/wp-json/mod/v1/clients/plugins/jcdaFPpvQo28KCS7T9Aa6BKXzTwHupSJ	722
#68	/backend/.env	699
#69	/wp-json/mod/v1/clients/themes/jcdaFPpvQo28KCS7T9Aa6BKXzTwHupSJ	698
#70	/images/images/cache.php	689
#71	/1.php	687
#72	/flower.php	687
#73	/cgi-bin	686
#74	/admin/.env	677
#75	/cong.php	663
#76	/pb	659
#77	/wp-json/mod/v1/clients/plugins/j6FbdsfF230jtfGKl2WXTwui8jVLt3uR	650
#78	/wp-json/mod/v1/clients/themes/j6FbdsfF230jtfGKl2WXTwui8jVLt3uR	647
#79	/module/ngmercadolivre/notificacao	641
#80	/wp-content/themes/admin.php	639
#81	/en/AutoDiscover/autodiscover.xml	616
#82	/inputs.php	614
#83	/file2.php	610
#84	/222.php	591
#85	/ccstore/v1/registry	589
#86	/elp.php	584
#87	/wp-trackback.php	579
#88	/alfa.php	568
#89	/xmrlpc.php	558
#90	/api/v1/5331de46da1425c8b5f036d69da64571/json/desconto-url/dados-xml	548
#91	/akcc.php	545
#92	/moon.php	544
#93	/wp-json/mod/v1/clients/themes/iHNBUuF2wAFhhJ1LTSZnjkZre9wu6lm8	542
#94	/wp-json/mod/v1/clients/plugins/iHNBUuF2wAFhhJ1LTSZnjkZre9wu6lm8	538
#95	/.well-known/apple-app-site-association	536
#96	/k.php	531
#97	/asasx.php	522
#98	/uploads	510
#99	/new.php	508
#100	/.env.example	500
#101	/not_found	497
#102	/rip.php	497
#103	/bolt.php	494
#104	/administrator	493
#105	/login	489
#106	/admin/config.php	486
#107	/bless.php	481
#108	/wp-content/plugins/hellopress/wp_filemanager.php	470
#109	/app_dev.php/_profiler/phpinfo	470
#110	/wp.php	465
#111	/contrato/wap/crons/enviar-email.php	462
#112	/dropdown.php	453
#113	/upload/banner	450
#114	/themes.php	442
#115	/wp-content/plugins/fix/up.php	440
#116	/index/function.php	439
#117	/atomlib.php	439
#118	/makeasmtp.php	429
#119	/wp-content/admin.php	427
#120	/wp-json/mod/v1/clients/themes/dfH6fTJpNKPXFmf72OBbcx9a6kb73dAu	422
#121	/en/autodiscover/autodiscover.xml	419
#122	/wp-content/plugins/admin.php	416
#123	/nc4.php	409
#124	/doc.php	407
#125	/image.php	401
#126	/akc.php	394
#127	/radio.php	392
#128	/wp-content/wp-conflg.php	385
#129	/wp-json/mod/v1/clients/plugins/dfH6fTJpNKPXFmf72OBbcx9a6kb73dAu	383
#130	/admin/controller/extension/extension	382
#131	/cdn-cgi/rum	379
#132	/.git/index	377
#133	/+CSCOL+/a1.jar	370
#134	/+CSCOL+/Java.jar	370
#135	/modules	360
#136	/wp-json/mod/v1/clients/themes/N6FafVRrjaWL2s4wJW4e71UxELvdDOT5	357
#137	/shell.php	356
#138	/wordpress	352
#139	/ss.php	349
#140	/wp-json/mod/v1/clients/plugins/N6FafVRrjaWL2s4wJW4e71UxELvdDOT5	340
#141	/wp-admin/images	337
#142	/profile.php	335
#143	/wp-json/mod/v1/clients/themes/5HEdh3eDqs6NhxAvfBJ5bWLGdvzCD248	334
#144	/api/sessions	333
#145	/wp-content/uploads	332
#146	/wp-json/mod/v1/clients/plugins/5HEdh3eDqs6NhxAvfBJ5bWLGdvzCD248	331
#147	/wp-admin/images/admin.php	331
#148	/api/v2/brands/4718	328
#149	/old	326
#150	/wp-json/mod/v1/clients/plugins/AF6QHtkifS7afe9hYdSVzYwNUya7Deki	325
#151	/wp-json/mod/v1/clients/themes/AF6QHtkifS7afe9hYdSVzYwNUya7Deki	325
#152	/storage/2018/09/Educac	322
#153	/user-login	322
#154	/wp	317
#155	/server.php	316
#156	/submissions	315
#157	/man.php	313
#158	/register	313
#159	/webapp/wcs/stores/servlet/Search	311
#160	/lock360.php	310
#161	/test.php	309
#162	/awstats/.env	309
#163	/as.php	307
#164	/api/upload	307
#165	/files.php	306
#166	/class-t.api.php	304
#167	/wp-admin/css	304
#168	/app/.env	302
#169	/test1.php	302
#170	/wp-content/plugins/wp-diambar/includes/loadme.php	298
#171	/portal/.env	298
#172	/api/v2/marketplace/sellers/queue	296
#173	/worksec.php	294
#174	/user/login	294
#175	/back/.env	294
#176	/api	293
#177	/wp-includes/wlwmanifest.xml	293
#178	/content.php	293
#179	/propolis-verde.html	293
#180	/new	292
#181	/w.php	289
#182	/wp-includes/style-engine	288
#183	/security/.env	285
#184	/dev/.env	283
#185	/2.php	283
#186	/wp/wp-includes/wlwmanifest.xml	282
#187	/web/wp-includes/wlwmanifest.xml	282
#188	/admins/.env	282
#189	/.well-known	281
#190	/wordpress/wp-includes/wlwmanifest.xml	281
#191	/lib/.env	280
#192	/api/v2/marketplace/rebates/queue	278
#193	/private	277
#194	/ws.php	277
#195	/wp-content/index.php	276
#196	/blog/wp-includes/wlwmanifest.xml	274
#197	/shared/.env	274
#198	/wp-json/mod/v1/clients/themes/DtvNHI7xP8EXF2FuIDUJit4NDHASlM1n	272
#199	/feed	271
#200	/2019/wp-includes/wlwmanifest.xml	271
#201	/wp-includes/Text/Diff/Renderer	270
#202	/shop/wp-includes/wlwmanifest.xml	270
#203	/beta/.env	270
#204	/production/.env	270
#205	/deepseek_d.php	268
#206	/wp-content/themes/about.php	267
#207	/default.php	267
#208	/wp-content/plugins/WordPressCore	266
#209	/t.php	266
#210	/infraalert/connections.php	265
#211	/alpha/.env	265
#212	/cms/.env.prod	264
#213	/wp-admin/css/colors/blue/index.php	263
#214	/credentials	262
#215	/wp-includes/rest-api	261
#216	/sitemap_index.xml	261
#217	/sample.env	261
#218	/wp-json/mod/v1/clients/plugins/DtvNHI7xP8EXF2FuIDUJit4NDHASlM1n	260
#219	/wp-admin/includes	259
#220	/wp-json/mod/v1/clients/themes/3Y0UftK4ZgkOOyNentdzLR3O1XCgseZb	259
#221	/community/.env	259
#222	/app/config/.env	258
#223	/xleet.php	257
#224	/api/v2/products/531	255
#225	/~admin/.env	255
#226	/pos/.env	252
#227	/Core/.env	252
#228	/wp-admin.php	251
#229	/web_api/auth	250
#230	/robots/.env	250
#231	/wp-includes/Requests/Exception	248
#232	/wp-json/mod/v1/clients/plugins/3Y0UftK4ZgkOOyNentdzLR3O1XCgseZb	248
#233	/search	247
#234	/base/.env	247
#235	/num.php	245
#236	/django/.env	245
#237	/wp-includes/ID3	244
#238	/profile/.env	244
#239	/travis/.env	243
#240	/cc.php	242
#241	/news/wp-includes/wlwmanifest.xml	241
#242	/website/wp-includes/wlwmanifest.xml	241
#243	/novnc/.env	241
#244	/css.php	240
#245	/App/__healthcheck	240
#246	/gecko.php	239
#247	/mail/.env	239
#248	/api/v2/batch/1219	238
#249	/api/v2/batch/1198	238
#250	/api/v2/batch/1193	238
#251	/api/v2/batch/1192	238
#252	/api/v2/batch/1187	238
#253	/api/v2/batch/1184	238
#254	/api/v2/batch/1183	238
#255	/api/v2/marketplace/sellers/364/products/queue	237
#256	/api/v2/batch/1218	237
#257	/api/v2/batch/1214	237
#258	/api/v2/batch/1189	237
#259	/api/v2/batch/1188	237
#260	/api/v2/batch/1173	237
#261	/api/v2/batch/1171	237
#262	/api/v2/batch/1146	237
#263	/api/v2/batch/1182	237
#264	/api/v2/batch/1181	237
#265	/api/v2/batch/1179	237
#266	/api/v2/batch/1175	237
#267	/api/v2/batch/1172	237
#268	/api/v2/batch/1191	237
#269	/api/v2/batch/1178	237
#270	/bak.php	236
#271	/api/v2/marketplace/sellers/351/products/queue	236
#272	/4ec82611	236
#273	/api/v2/marketplace/sellers/423/products/queue	236
#274	/api/v2/marketplace/sellers/534/products/queue	236
#275	/api/v2/batch/1194	236
#276	/api/v2/batch/1190	236
#277	/api/v2/batch/1177	236
#278	/api/v2/batch/1174	236
#279	/api/v2/marketplace/sellers/388/products/queue	236
#280	/api/v2/batch/1176	236
#281	/api/v2/batch/1170	236
#282	/cdn-cgi/trace	236
#283	/api/v2/marketplace/sellers/31/products/queue	235
#284	/api/v2/marketplace/sellers/354/products/queue	235
#285	/api/v2/marketplace/sellers/473/products/queue	235
#286	/api/v2/marketplace/sellers/841/products/queue	235
#287	/api/v2/marketplace/sellers/476/products/queue	235
#288	/api/v2/marketplace/sellers/363/products/queue	235
#289	/api/v2/marketplace/sellers/360/products/queue	235
#290	/api/v2/marketplace/sellers/425/products/queue	235
#291	/api/v2/marketplace/sellers/457/products/queue	235
#292	/api/v2/marketplace/sellers/537/products/queue	235
#293	/api/v2/marketplace/sellers/536/products/queue	235
#294	/api/v2/marketplace/sellers/533/products/queue	235
#295	/api/v2/batch/1186	235
#296	/api/v2/batch/1185	235
#297	/api/v2/batch/1169	235
#298	/api/v2/marketplace/sellers/391/products/queue	235
#299	/api/v2/marketplace/sellers/455/products/queue	235
#300	/api/v2/marketplace/sellers/430/products/queue	235
#301	/api/v2/marketplace/sellers/463/products/queue	235
#302	/api/v2/marketplace/sellers/487/products/queue	235
#303	/api/v2/marketplace/sellers/471/products/queue	235
#304	/api/v2/batch/1168	235
#305	/api/v2/batch/1142	235
#306	/api/v2/marketplace/sellers/390/products/queue	234
#307	/wp-content/plugins/yanierin/akcc.php	233
#308	/ae.php	233
#309	/api/v2/batch/1166	233
#310	/api/v2/batch/1145	233
#311	/api/v2/batch/1165	232
#312	/api/v2/marketplace/sellers/655/products/queue	231
#313	/wp-admin/class-db.php	230
#314	/wp-includes	228
#315	/13.php	228
#316	/wp-content/upgrade	227
#317	/adminfuns.php/.well-known/acme-challenge/file.php	227
#318	/wp-json/mod/v1/clients/themes/yQYJEiML0EAKHJ1ba5G863ebauTGL4v6	227
#319	/wp-includes/Text	226
#320	/bin	226
#321	/404.php	225
#322	/wp-json/mod/v1/clients/plugins/dQbiHaYYDAThrFKTMcDQ8bWWiNvx28Yd	224
#323	/wp-includes/IXR	223
#324	/css/admin.php	222
#325	/wp-content/about.php	222
#326	/wp-admin/images/file.php	220
#327	/staging/.env	220
#328	/log.php	219
#329	/minha-conta/pedido/2168498/detalheapi/v2/front/checkout/cart	218
#330	/wp-admin/product.php	217
#331	/wp-json/mod/v1/clients/themes/dQbiHaYYDAThrFKTMcDQ8bWWiNvx28Yd	217
#332	/wp-content/plugins/sid/sidwso.php	216
#333	/demo/.env	215
#334	/blog	213
#335	/file5.php	211
#336	/minha-conta/pedido/2167917/detalheapi/v2/front/checkout/cart	211
#337	/wp-json/mod/v1/clients/plugins/yQYJEiML0EAKHJ1ba5G863ebauTGL4v6	211
#338	/defaults.php	210
#339	/root.php	210
#340	/rest/V1/orders	209
#341	/wp-admin/js/index.php	208
#342	/a.php	207
#343	/wp-includes/fonts	206
#344	/wp-admin/css/colors/coffee	204
#345	/rest/V1/products	204
#346	/wp-content/plugins/hello-dolly	203
#347	/loja/casa.html	203
#348	/wp-content/plugins/ultimate-member	202
#349	/wp-admin/css/colors/sunrise	202
#350	/manager.php	202
#351	/wp-includes/pomo	200
#352	/file4.php	200
#353	/wp-admin/css/colors/midnight	199
#354	/wp-content/plugins/gravityforms	198
#355	/wordpress/wp-admin/maint	198
#356	/simple.php	198
#357	/wp-includes/html-api	197
#358	/api/v1/7d7f91c7b727f4627bf81883ea25a347/json/pedido/atualizacoes	196
#359	/api/v2/3f0803957c6b00580c1d83ddef8033ca/json/pedido/atualizacoes	196
#360	/api/v1/ede49134002f41b1320469a869921657/json/pedido/atualizacoes	195
#361	/api/v1/5331de46da1425c8b5f036d69da64571/json/pedido/atualizacoes	195
#362	/wp-content/upgrade/index.php	194
#363	/build.php	194
#364	/wp-admin/network	193
#365	/lowpr.php	191
#366	/wp-includes/js/crop	190
#367	/403.php	190
#368	/api/catalog_system/pub/products/search	189
#369	/sitemap-index.xml	188
#370	/server/.env	187
#371	/style.php	187
#372	/pagamento/mercadopago/ipn.php	186
#373	/owa/auth.owa	185
#374	/wp-content/plugins/wp-file-manager	184
#375	/wp-json/mod/v1/clients/themes/O8IPZVSpWRsNUvKGmp6tCOXPEc5pwzOf	184
#376	/wp-includes/assets	183
#377	/images	182
#378	/wp-json/mod/v1/clients/plugins/O8IPZVSpWRsNUvKGmp6tCOXPEc5pwzOf	181
#379	/wp-content/uploads/2022/07	180
#380	/userlogin	179
#381	/404testpage4525d2fdc	179
#382	/novos-produtos.html	179
#383	/test/.env	177
#384	/api/v1/5331de46da1425c8b5f036d69da64571/json/produto/atualizacoes	177
#385	/wp-json/mod/v1/clients/plugins/Jowup0YjuyoFl8756PugwrEu8CEOb7W	176
#386	/shop/.env	176
#387	/api/v1/ede49134002f41b1320469a869921657/json/produto/atualizacoes	176
#388	/api/v1/7d7f91c7b727f4627bf81883ea25a347/json/produto/atualizacoes	176
#389	/api/v2/3f0803957c6b00580c1d83ddef8033ca/json/produto/atualizacoes	175
#390	/api/v2/products/21965	174
#391	/wp-json/mod/v1/clients/themes/5HmAU7xN6qdUl3VpoGsirSopze0t5F2E	174
#392	/files	174
#393	/wp-content/themes/twentytwentythree	173
#394	/wp-includes/images	173
#395	/aaa.php	171
#396	/0x.php	171
#397	/2018/wp-includes/wlwmanifest.xml	171
#398	/wp-content/plugins/akismet	170
#399	/blog/.env	170
#400	/f5.php	170
#401	/p.php	170
#402	/wp-content/themes/twentytwentyfour	169
#403	/en/assets/images/logos/HTB.JPG	169
#404	/wp-includes/PHPMailer	169
#405	/wp-includes/block-supports	169
#406	/wp-content/languages	168
#407	/wp-content	168
#408	/minha-conta-atk	168
#409	/minha-conta/pedidoapi/v2/front/checkout/cart	167
#410	/install.php	167
#411	/assets	167
#412	/wp-json/mod/v1/clients/themes/Jowup0YjuyoFl8756PugwrEu8CEOb7W	166
#413	/cloud/.env	166
#414	/app	166
#415	/dashboard/.env	165
#416	/wp-content/plugins/contact-form-7	163
#417	/store/.env	163
#418	/m/.env	163
#419	/.env.local	163
#420	/wp-content/uploads/2018/09/Educac	162
#421	/vpn/.env	162
#422	/webmail/.env	162
#423	/remote/.env	162
#424	/owa/auth/logon.aspx	161
#425	/secure/.env	161
#426	/sx.php	161
#427	/wp-admin/js/widgets	160
#428	/support/.env	160
#429	/host/.env	160
#430	/ultra.php	159
#431	/ftp/.env	159
#432	/smtp/.env	158
#433	/cdn/.env	158
#434	/pop/.env	158
#435	/filemanager.php	158
#436	/wp-plain.php	158
#437	/sites/default/files	157
#438	/wp-includes/css	156
#439	/wp-json/mod/v1/clients/themes/222SatWljlPjOcZ6sbz9QrN2P7tPZ7fEhaw111	156
#440	/wp-json/mod/v1/clients/plugins/222SatWljlPjOcZ6sbz9QrN2P7tPZ7fEhaw111	156
#441	/autoload_classmap/function.php	156
#442	/wiki/.env	155
#443	/wp-includes/block-bindings	154
#444	/.aws/credentials	154
#445	/wp-bat.php	154
#446	/pu9.php	154
#447	/ds.php	154
#448	/.well-known/acme-challenge/cloud.php	153
#449	/god4m.php	153
#450	/form.php	152
#451	/loja/catalogo.php	151
#452	/rest/V1/store/storeViews	150
#453	/goat.php	149
#454	/wp-content/plugins/litespeed-cache	148
#455	/app/impulse/products	148
#456	/wp-json/mod/v1/clients/plugins/Rw3ntZOSgnzAowBha1RvN3pidNBOtirn	146
#457	/mari.php	146
#458	/123.php	144
#459	/0.php	144
#460	/AutoDiscover/autodiscover.xml	143
#461	/wp-json/mod/v1/clients/plugins/BwQrKZus03C3jAUdfG6roDDVrbF67FH1	143
#462	/phpinfo.php	143
#463	/include	143
#464	/asd.php	143
#465	/07.php	143
#466	/wp-json/mod/v1/clients/plugins/5HmAU7xN6qdUl3VpoGsirSopze0t5F2E	142
#467	/wp-json/mod/v1/clients/themes/Rw3ntZOSgnzAowBha1RvN3pidNBOtirn	142
#468	/writer/sarah-freeman-woolpert	142
#469	/assets/images	142
#470	/berax.php	142
#471	/axx.php	142
#472	/Jcrop.php	141
#473	/hplfuns.php	141
#474	/wp1/wp-includes/wlwmanifest.xml	139
#475	/wp-includes/widgets	138
#476	/play/aula/conteudo/buscar/4365382	137
#477	/wp-json/mod/v1/clients/themes/iuyhN4wenVAqT45GUz5UTZJS7XwKw1a8	137
#478	/x.php	137
#479	/cache.php	137
#480	/wp-json/mod/v1/clients/plugins/iuyhN4wenVAqT45GUz5UTZJS7XwKw1a8	136
#481	/phpinfo	136
#482	/wp-admin/setup-config.php	135
#483	/wp-json/mod/v1/clients/plugins/XbPUmQItjloTIWA6BLYFIH9kLKopOaPg	134
#484	/zona-livre	133
#485	/_next	133
#486	/kyami.php	133
#487	/wp-json/mod/v1/clients/themes/XbPUmQItjloTIWA6BLYFIH9kLKopOaPg	132
#488	/wp-json/mod/v1/clients/plugins/AVrzZ53ziRyZEhVINNEiHcUOgJbgJrOP	132
#489	/mm.php	132
#490	/lufix.php	132
#491	/new/.env	132
#492	/akismet.php	130
#493	/hello.php	130
#494	/admin/function.php	130
#495	/apps/.env	130
#496	/wp-content/cache	128
#497	/wp-json/mod/v1/clients/themes/AVrzZ53ziRyZEhVINNEiHcUOgJbgJrOP	128
#498	/version	128
#499	/al.php	128
#500	/wp-content/plugins/elementor	127

Data was last updated on: Jan 31, 2026

Logging Research

We love logs. In this section we will share some of the data we are parsing from our logs and honeypots we have live.

Trunc Logging

Logging for fun and a good night of sleep.

Real time search
Google simple
Cheap
Just works
PCI compliance

Trunc Research

Latest log-based threat analysis added.

2025-09-03WordPress - Last scanned URLs
2025-08-22Web logs 404 analysis - past 72 hours
2025-08-21WordPress most scanned URLs - all time
2025-08-21Web logs 404 analysis - all time

Contact us!

Do you have an idea for a research that is not here? See something wrong? Contact us at support@noc.org

Tired of price gouging

Clear pricing
No need to guess
Real people
Real logging

Web logs 404 analysis - past 72 hours

Logging Research

Trunc Logging

Trunc Research

Contact us!

Tired of price gouging

Simple, Affordable, Log Management and Analysis.

PRODUCTS

USEFUL LINKS

CONTACT US