Web logs 404 analysis - past 72 hours

Dec 5, 2025

Automatically updated daily

Checking for 404 errors in your logs can reveal more than just broken links, it can also expose files and URLs that attackers are actively scanning for. To track this behavior, we set up hundreds of honeypots and analyzed live web traffic data, giving us insight into which files and URLs are being targeted across the internet.

This table bellow list the top URLs being scanned in the past 72 hours. Some of them may show what attacker are actively looking for and new vulnerabilities in the wild.

Rank	Scanned URL	Counter
#1	/wp-login.php	35,777
#2	/autodiscover/autodiscover.xml	18,758
#3	/.well-known/traffic-advice	10,215
#4	/api/v2/auth	6,698
#5	/saiga.php	5,048
#6	/.env	4,922
#7	/404	3,766
#8	/api/v2/products/5518	3,517
#9	/wp-content/video	3,158
#10	/xmlrpc.php	2,952
#11	/shop	2,870
#12	/admin.php	2,393
#13	/api/v2/products/2247	2,365
#14	/index.php	2,081
#15	/sitemap.xml	2,051
#16	/api/v2/marketplace/sellers/376/products/status-batch	1,991
#17	/api/v2/marketplace/sellers/376/products/stock-batch	1,989
#18	/api/v2/marketplace/sellers/376/products/price-batch	1,987
#19	/[object%20Object]	1,850
#20	/api/v2/products/1659370690	1,800
#21	/api/v2/products/1659369592	1,799
#22	/api/v2/products/1659370540	1,794
#23	/api/v2/products/1659371462	1,794
#24	/api/v2/products/1659370315	1,790
#25	/api/v2/products/1659369863	1,788
#26	/api/v2/products/1659370940	1,787
#27	/api/v2/products/1659372022	1,785
#28	/api/v2/products/1659371194	1,784
#29	/api/v2/products/1659371217	1,784
#30	/api/v2/products/1659371029	1,782
#31	/api/v2/products/1659371884	1,781
#32	/api/v2/products/1659369038	1,781
#33	/api/v2/products/1659370143	1,780
#34	/api/v2/products/1659372042	1,778
#35	/api/v2/products/1659369318	1,778
#36	/api/v2/products/1659371950	1,776
#37	/api/v2/products/1659369366	1,776
#38	/api/v2/products/1659369485	1,774
#39	/api/v2/products/1659371489	1,774
#40	/api/v2/products/1659370649	1,774
#41	/api/v2/products/1659369941	1,766
#42	/api/v2/products/1659371730	1,762
#43	/api/v2/products/1659370539	1,762
#44	/api/v2/products/1659369765	1,761
#45	/api/v2/products/1659368975	1,749
#46	/.git/config	1,677
#47	/upload/banner	1,638
#48	/cdn-cgi/rum	1,592
#49	/about.php	1,580
#50	/api/v2/products/1659370661	1,566
#51	/info.php	1,547
#52	/chosen.php	1,538
#53	/wp-cron.php	1,507
#54	/content.php	1,496
#55	/api/.env	1,486
#56	/api/v2/app/intermittent-fasting	1,484
#57	/files	1,411
#58	/files.php	1,371
#59	/backend/.env	1,323
#60	/export.php	1,322
#61	/file_manager	1,291
#62	/.well-known/passkey-endpoints	1,289
#63	/file_manager.php	1,238
#64	/file_upload	1,235
#65	/admin/.env	1,214
#66	/filter	1,156
#67	/footer.php	1,148
#68	/abcd.php	1,123
#69	/fileupload	1,118
#70	/api/sessions	1,117
#71	/wp-json/oembed/1.0/embed	1,102
#72	/functions	1,102
#73	/forgot.php	1,085
#74	/forgot	1,083
#75	/header	1,078
#76	/file.php	1,074
#77	/functions.php	1,071
#78	/header.php	1,063
#79	/web_api/auth	1,052
#80	/ioxi-o.php	1,043
#81	/backup	1,040
#82	/aa.php	1,038
#83	/null	1,035
#84	/wp-json/commerce/paypal/payments/payment-token	997
#85	/tytyd.php	994
#86	/wp-json/commerce/paypal/payments/start-trial	979
#87	/wp-json/commerce/paypal/payments/order	974
#88	/g/collect	974
#89	/.env.example	966
#90	/classwithtostring.php	964
#91	/alfa.php	955
#92	/moon.php	949
#93	/contrato/wap/crons/enviar-email.php	936
#94	/wp-json/commerce/paypal/payments/confirm	931
#95	/app_dev.php/_profiler/phpinfo	907
#96	/wp-admin	888
#97	/1.php	887
#98	/asasx.php	876
#99	/api/v2/customers/login	875
#100	/buy.php	863
#101	/wp-good.php	862
#102	/admin	859
#103	/AutoDiscover/autodiscover.xml	852
#104	/cong.php	829
#105	/play/aula/conteudo/buscar/44285674	829
#106	/xmrlpc.php	821
#107	/bolt.php	809
#108	/wp-includes/wlwmanifest.xml	806
#109	/autoload_classmap.php	797
#110	/default.php	775
#111	/akcc.php	770
#112	/wp-json/commerce/paypal/payments/cancel	758
#113	/flower.php	753
#114	/nc4.php	738
#115	/new.php	735
#116	/pagamento/mercadopago/ipn.php	712
#117	/api	708
#118	/goods.php	705
#119	/function/function.php	699
#120	/dropdown.php	690
#121	/build.php	690
#122	/demo/equipe/api/v2/auth	689
#123	/login	688
#124	/api/v1/677e09724f0e2df9b6c000b75b5da10d/conectala/freight	682
#125	/play/aula/conteudo/buscar/23157962	679
#126	/wordpress	675
#127	/web/wp-includes/wlwmanifest.xml	673
#128	/wordpress/wp-includes/wlwmanifest.xml	671
#129	/file2.php	670
#130	/wp/wp-includes/wlwmanifest.xml	662
#131	/adminfuns.php	654
#132	/makeasmtp.php	653
#133	/api/v2/batch/1146	649
#134	/wp	648
#135	/api/v2/batch/1145	644
#136	/2019/wp-includes/wlwmanifest.xml	641
#137	/comment.php	637
#138	/shop/wp-includes/wlwmanifest.xml	635
#139	/api/v2/brands/4718	631
#140	/feed	629
#141	/old	629
#142	/blog/wp-includes/wlwmanifest.xml	628
#143	/assets/images/accesson.php	625
#144	/-/-/-/-/-/-/-/-/-/-	610
#145	/atomlib.php	608
#146	/graphql	607
#147	/api/graphql	606
#148	/home	604
#149	/admin/config.php	603
#150	/website/wp-includes/wlwmanifest.xml	587
#151	/new	580
#152	/news/wp-includes/wlwmanifest.xml	579
#153	/aaa.php	574
#154	/filemanager.php	568
#155	/api/v2/app/sleep-monitoring/setting	564
#156	/elp.php	563
#157	/style.php	560
#158	/wp-admin/index.php	557
#159	/administrator	556
#160	/api/gql	553
#161	/bless.php	541
#162	/simular	540
#163	/sitemap_index.xml	537
#164	/bin	535
#165	/ALFA_DATA/admin.php	534
#166	/graphql/api	533
#167	/test.php	531
#168	/export	529
#169	/admin/admin.php	528
#170	/images/images/about.php	526
#171	/comment-subscriptions	526
#172	/mari.php	523
#173	/xleet.php	522
#174	/edit.php	521
#175	/wso.php	515
#176	/js	509
#177	/test	508
#178	/akc.php	507
#179	/wp-content/plugins/hellopress/wp_filemanager.php	502
#180	/about	500
#181	/wp-content/wp-conflg.php	493
#182	/api/v2/products/531	485
#183	/rest/V1/store/storeViews	482
#184	/item.php	480
#185	/css.php	476
#186	/ahax.php	474
#187	/2018/wp-includes/wlwmanifest.xml	474
#188	/ds.php	473
#189	/wp-content/plugins/fix/up.php	471
#190	/api/v2/marketplace/sellers/655/products/queue	471
#191	/api/v2/marketplace/sellers/425/products/queue	469
#192	/api/v2/marketplace/sellers/615/products/queue	469
#193	/api/v2/marketplace/sellers/537/products/queue	469
#194	/en/autodiscover/autodiscover.xml	468
#195	/core.php	468
#196	/api/v2/batch/1190	467
#197	/api/v2/batch/1183	467
#198	/api/v2/batch/1176	466
#199	/api/v2/batch/1186	465
#200	/api/v2/batch/1188	464
#201	/api/v2/batch/1185	464
#202	/api/v2/batch/1182	464
#203	/api/v2/batch/1181	464
#204	/api/v2/batch/1178	464
#205	/api/v2/batch/1187	464
#206	/api/v2/batch/1189	463
#207	/api/v2/batch/1184	463
#208	/api/v2/batch/1179	463
#209	/api/v2/batch/1173	463
#210	/api/v2/batch/1175	463
#211	/api/v2/batch/1192	462
#212	/api/v2/batch/1177	462
#213	/api/v2/batch/1171	462
#214	/api/v2/batch/1174	462
#215	/api/v2/batch/1194	461
#216	/api/v2/batch/1191	461
#217	/api/v2/batch/1168	461
#218	/api/v2/batch/1169	461
#219	/api/v2/batch/1170	461
#220	/api/v2/batch/1172	460
#221	/api/v2/batch/1193	459
#222	/wp-content/plugins/yanierin/akcc.php	456
#223	/images	455
#224	/+CSCOL+/a1.jar	454
#225	/+CSCOL+/Java.jar	453
#226	/debug/default/view	451
#227	/umbro/masculino	449
#228	/blog	448
#229	/postnews.php	448
#230	/lowpr.php	447
#231	/api/v2/batch/1166	445
#232	/module/ngmercadolivre/notificacao	444
#233	/api/v2/batch/1165	443
#234	/.__info.php	442
#235	/phpinfo	441
#236	/api/v2/batch/1142	441
#237	/.env.local	440
#238	/play/aula/conteudo/buscar/75016992	438
#239	/new4.php	435
#240	/_profiler/phpinfo	431
#241	/api/v2/batch/1126	431
#242	/api/v2/batch/1198	430
#243	/api/v2/batch/1148	430
#244	/v2/_catalog	430
#245	/api/v2/batch/1121	429
#246	/api/v2/batch/1117	428
#247	/api/v2/batch/1149	428
#248	/api/v2/batch/1124	428
#249	/api/v2/batch/1120	428
#250	/api/v2/batch/1214	427
#251	/api/v2/batch/1127	427
#252	/api/v2/batch/1118	427
#253	/api/v2/batch/1128	426
#254	/api/v2/batch/1115	426
#255	/404.php	424
#256	/api/v2/batch/1125	424
#257	/api/v2/batch/1129	423
#258	/api/v2/batch/1111	423
#259	/api/v2/batch/1116	422
#260	/api/v2/batch/1119	421
#261	/api/v2/batch/1114	420
#262	/cgi-bin	420
#263	/manager.php	418
#264	/api/v2/batch/1113	418
#265	/api/v2/batch/1110	417
#266	/wp-content/index.php	416
#267	/install.php	414
#268	/telescope/requests	414
#269	/server-status	411
#270	/api/v2/products/386	407
#271	/en/AutoDiscover/autodiscover.xml	401
#272	/404testpage4525d2fdc	399
#273	/api/v2/marketplace/sellers/376/products/queue	397
#274	/filemanager/dialog.php	397
#275	/api/v2/marketplace/sellers/376/products/batch	396
#276	/test1.php	396
#277	/simple.php	391
#278	/wp-content/plugins/cartflows/assets/fonts	389
#279	/inputs.php	389
#280	/ava.php	385
#281	/api/v2/products/248	381
#282	/app/webroot/filemanager.php	379
#283	/zuk.php	378
#284	/umbro	376
#285	/sts.php	376
#286	/api/v2/batch/1219	375
#287	/wp-admin/includes	375
#288	/api/v2/batch/1218	374
#289	/image.php	374
#290	/fox.php	374
#291	/mail.php	372
#292	/wp-content/plugins/wpsearch/login.php	367
#293	/app/.env	364
#294	/wp-content/postnews.php	364
#295	/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application	362
#296	/umbro/feminino	361
#297	/papelariafofa	361
#298	/.aws/credentials	357
#299	/pow.php	356
#300	/.well-known/acme-challenge/about.php	355
#301	/sitemap-index.xml	354
#302	/fss.php	354
#303	/App/__healthcheck	350
#304	/simular-credito-trabalhador	348
#305	/hplfuns.php	346
#306	/wp.php	345
#307	/form.php	345
#308	/wp-admin/postnews.php	343
#309	/login.action	341
#310	/swagger/index.html	339
#311	/file4.php	338
#312	/swagger-ui.html	336
#313	/webjars/swagger-ui/index.html	335
#314	/shell.php	334
#315	/fm.php	332
#316	/lock360.php	329
#317	/swagger/swagger-ui.html	327
#318	/_all_dbs	322
#319	/server	322
#320	/wp-content/upgrade/index.php	315
#321	/laravel/.env	313
#322	/cache.php	312
#323	/uploads	311
#324	/actuator/env	308
#325	/wp-admin/css/colors/blue/index.php	308
#326	/wp1/wp-includes/wlwmanifest.xml	306
#327	/sso/ifood/play/player/6305193	305
#328	/@vite/env	304
#329	/.env.development	301
#330	/app/impulse/products	300
#331	/wp-json/commerce/paypal/payments/cards	299
#332	/minha-conta-atk	299
#333	/config/.env	293
#334	/4ec82611	292
#335	/HNAP1	291
#336	/wso112233.php	289
#337	/wp-admin/css	286
#338	/appWP/lab/wp-admin/css/colors/blue/blue.php	286
#339	/as.php	285
#340	/v2/api-docs	285
#341	/customers.php	283
#342	/wp-content/plugins/pwnd/pwnd.php	281
#343	/submissions	281
#344	/databases.yml	281
#345	/new/.env	278
#346	/themes.php	277
#347	/cp	277
#348	/wp-admin/network/plugin-privacy.php	277
#349	/go.php	276
#350	/wp-admin/about.php	274
#351	/portal/.env	274
#352	/dead.letter	274
#353	/customers	274
#354	/play/aula/conteudo/buscar/55403970	274
#355	/pb	273
#356	/loja/cartService.php	273
#357	/radio.php	270
#358	/callback.php	270
#359	/loja/login_layout.php	269
#360	/wordpress/wp-admin/setup-config.php	269
#361	/s/1313e2236313e20373e2538313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties	268
#362	/wp-admin/includes/class-action.php	268
#363	/gmo.php	266
#364	/customer/account/create	266
#365	/play/aula/conteudo/buscar/20757514	266
#366	/fr	262
#367	/minha-conta/pedidoapi/v2/front/checkout/cart	261
#368	/config.php	261
#369	/.git/credentials	261
#370	/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts	260
#371	/lv.php	260
#372	/v3/api-docs	260
#373	/images/index.php	259
#374	/web_api/products	255
#375	/www/.env	253
#376	/app/config/parameters.yml	253
#377	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	251
#378	/file5.php	251
#379	/wp-includes/style-engine	250
#380	/pinfo.php	250
#381	/test/wp-includes/wlwmanifest.xml	247
#382	/sitemap.php	246
#383	/loja/busca.php	246
#384	/autoload_classmap/function.php	243
#385	/php.php	243
#386	/RDWeb/Pages	241
#387	/wp-editor.php	239
#388	/index/function.php	236
#389	/api/v2/marketplace/sellers/425/orders/queue	236
#390	/api/v2/marketplace/sellers/537/orders/queue	236
#391	/apps/.env	236
#392	/api/v2/marketplace/sellers/615/orders/queue	235
#393	/api/v2/marketplace/sellers/655/orders/queue	235
#394	/api/v2/batch/162620	234
#395	/api/v2/batch/162619	234
#396	/api/v2/batch/162570	234
#397	/api/v2/batch/162569	234
#398	/api/v2/batch/162562	234
#399	/api/v2/batch/162546	234
#400	/api/v2/batch/162545	234
#401	/api/v2/batch/162530	234
#402	/api/v2/batch/162529	234
#403	/api/v2/batch/162525	234
#404	/api/v2/batch/162523	234
#405	/api/v2/batch/162452	234
#406	/api/v2/batch/162451	234
#407	/api/v2/batch/162432	234
#408	/api/v2/batch/162431	234
#409	/api/v2/batch/162210	234
#410	/api/v2/batch/162209	234
#411	/api/v2/batch/162208	234
#412	/api/v2/batch/162131	234
#413	/api/v2/batch/162130	234
#414	/api/v2/batch/162129	234
#415	/api/v2/batch/162114	234
#416	/api/v2/batch/162113	234
#417	/api/v2/batch/162009	234
#418	/api/v2/batch/162007	234
#419	/api/v2/batch/162002	234
#420	/api/v2/batch/162001	234
#421	/api/v2/batch/161999	234
#422	/api/v2/batch/161998	234
#423	/api/v2/batch/161997	234
#424	/api/v2/batch/161990	234
#425	/api/v2/batch/161989	234
#426	/api/v2/batch/161988	234
#427	/api/v2/batch/161981	234
#428	/api/v2/batch/161980	234
#429	/api/v2/batch/161979	234
#430	/api/v2/batch/161971	234
#431	/api/v2/batch/161970	234
#432	/api/v2/batch/161969	234
#433	/api/v2/batch/161877	234
#434	/api/v2/batch/161876	234
#435	/api/v2/batch/161875	234
#436	/api/v2/batch/161865	234
#437	/api/v2/batch/161863	234
#438	/api/v2/batch/161859	234
#439	/api/v2/batch/161857	234
#440	/api/v2/batch/161762	234
#441	/api/v2/batch/161761	234
#442	/api/v2/batch/161563	234
#443	/api/v2/batch/161562	234
#444	/api/v2/batch/161561	234
#445	/api/v2/batch/1264	234
#446	/api/v2/batch/1263	234
#447	/api/v2/batch/1261	234
#448	/api/v2/batch/1260	234
#449	/api/v2/batch/1259	234
#450	/api/v2/batch/1257	234
#451	/api/v2/batch/1256	234
#452	/api/v2/batch/1252	234
#453	/api/v2/batch/161550	234
#454	/api/v2/batch/1251	234
#455	/api/v2/batch/161549	234
#456	/api/v2/batch/1250	234
#457	/api/v2/batch/161397	234
#458	/api/v2/batch/1249	234
#459	/api/v2/batch/1248	234
#460	/api/v2/batch/160672	234
#461	/api/v2/batch/160671	234
#462	/api/v2/batch/160590	234
#463	/api/v2/batch/1243	234
#464	/api/v2/batch/160367	234
#465	/api/v2/batch/1241	234
#466	/api/v2/batch/160365	234
#467	/api/v2/batch/1240	234
#468	/api/v2/batch/1239	234
#469	/api/v2/batch/160246	234
#470	/api/v2/batch/1238	234
#471	/api/v2/batch/1237	234
#472	/api/v2/batch/160232	234
#473	/api/v2/batch/160231	234
#474	/api/v2/batch/160230	234
#475	/api/v2/batch/160226	234
#476	/api/v2/batch/160225	234
#477	/api/v2/batch/1236	234
#478	/api/v2/batch/160224	234
#479	/api/v2/batch/1233	234
#480	/api/v2/batch/1232	234
#481	/api/v2/batch/159979	234
#482	/api/v2/batch/1231	234
#483	/api/v2/batch/1230	234
#484	/api/v2/batch/159978	234
#485	/api/v2/batch/159918	234
#486	/api/v2/batch/1228	234
#487	/api/v2/batch/1227	234
#488	/api/v2/batch/1226	234
#489	/api/v2/batch/1222	234
#490	/api/v2/batch/159853	234
#491	/api/v2/batch/159718	234
#492	/api/v2/batch/501255	234
#493	/api/v2/batch/430861	234
#494	/api/v2/batch/461100	234
#495	/api/v2/batch/467777	234
#496	/api/v2/batch/310229	234
#497	/api/v2/batch/3315	234
#498	/api/v2/batch/162571	233
#499	/api/v2/batch/162561	233
#500	/api/v2/batch/162560	233

Data was last updated on: Dec 5, 2025

Logging Research

We love logs. In this section we will share some of the data we are parsing from our logs and honeypots we have live.

Trunc Logging

Logging for fun and a good night of sleep.

Real time search
Google simple
Cheap
Just works
PCI compliance

Trunc Research

Latest log-based threat analysis added.

2025-09-03WordPress - Last scanned URLs
2025-08-22Web logs 404 analysis - past 72 hours
2025-08-21WordPress most scanned URLs - all time
2025-08-21Web logs 404 analysis - all time

Contact us!

Do you have an idea for a research that is not here? See something wrong? Contact us at support@noc.org

Tired of price gouging

Clear pricing
No need to guess
Real people
Real logging

Web logs 404 analysis - past 72 hours

Logging Research

Trunc Logging

Trunc Research

Contact us!

Tired of price gouging

Simple, Affordable, Log Management and Analysis.

PRODUCTS

USEFUL LINKS

CONTACT US