[CRITICAL] Caddy exploit attempts detected, 2026-05-25 06:00–08:01 MDT (mid-window alert)

Caddy audience digest for arc-codex.com, 2026-05-25 06:00 – 08:01 MDT. TRAFFIC OVERVIEW Total external requests: 7740 from 717 unique IPs over 4 hours. Operator activity: 141 requests from 1 operator IP(s) (38.175.170.87). Datacenter origin: 0.1% of external requests. AUDIENCE ESTIMATE Likely-human sessions: 2 (heuristic: real browser UA, non-datacenter IP, has referrer or direct content visit). Engaged sessions: 1 (loaded ≥1 article page, session duration ≥30s). Bot/crawler sessions: 1136. TOP REFERRERS m.facebook.com (4), facebook.com (1). TOP IPs BY VOLUME 74.7.241.22 (640 req); 216.73.216.51 (359 req); 216.244.66.198 (183 req). STATUS BREAKDOWN HTTP 200: 7646, HTTP 206: 1, HTTP 308: 46, HTTP 404: 39, HTTP 502: 8. EXPLOIT ATTEMPTS DETECTED (12 requests) Patterns: 35.239.90.70 → /xmlrpc.php?rsd; 104.23.221.162 → /wp-admin/install.php?step=1; 104.23.221.162 → /wp-admin/install.php?step=1; 5.255.104.83 → /.git/config; 5.255.104.83 → /.env.bak