Public Report

Infrastructure Security — Q1 2026

Security audit of a small production fleet. 27 months of HTTP data, SSH brute-force analysis, cross-layer threat correlation, and hardening assessment. Operational details redacted.

Web data: Jan 2024 – Mar 2026 (813 days) SSH data: auth log retention window Generated: Mar 23, 2026

OPSEC notice: This is the public version of an internal security report. Server names, IP addresses, ports, network topology, and specific vulnerability details have been redacted. Attacker IPs are published as indicators of compromise (IOCs). A full unredacted version is maintained internally.

Executive Summary

No breach. Zero unauthorized SSH logins across the entire fleet. 149,623 failed attempts blocked by key-only auth + firewall. confirmed
Rate limiter fixed. Audit identified a misconfigured rate limiter. Resolved same day. confirmed
No targeted attacks detected. SSH and web attacks come from separate populations (<1% IP overlap). All scored OPPORTUNISTIC or INCONCLUSIVE. heuristic
513,227 HTTP requests over 27 months. 185.177.72.0/24 dominates (96,975 = 18.9%), scanning in waves since May 2025.
MCP scanning is new. 50 requests from 7 subnets since May 2025. Mass recon for exposed MCP servers, not targeted.
AI crawlers exploded 2024→2025: 8/month → 1,319/month (165x). Now stabilizing ~500–700/month.

What this report cannot prove

No APT-level intrusion occurred. SSH auth logs cover a limited retention window. A sophisticated attacker who gained access before that window and cleaned up would not appear.
No lateral movement happened. This audit checked perimeter defenses (SSH, HTTP, firewall). Internal east-west traffic between servers was not analyzed.
No persistence mechanisms exist. Checked for unauthorized SSH keys and deleted executables. Did not check cron jobs, systemd timers, kernel modules, or container image layers.
Scoring model is definitive. The threat scoring model is heuristic. Some indicators were untestable. An IP scoring INCONCLUSIVE could be a sophisticated actor that deliberately avoids detection signals.
Egress is clean beyond the snapshot. Outbound connections were checked at one point in time. Intermittent C2 callbacks could have been missed.

01 Methodology & Data Availability

What was queried, what was not, and known gaps.

Data sources

Source	Coverage	Quality
HTTP request logging database	813 days	best source 513,227 records
SSH auth logs (journalctl)	4–16 days	good per server retention varies
Firewall configuration audit	point-in-time	good
Deception-based detection	early stage	early stage
Outbound connection snapshot	point-in-time	moderate

All data queried directly from production systems via SSH. Full HTTP dataset frozen to snapshot for reproducibility. [VERIFIED]

What was NOT assessed

One fleet endpoint — SSH key rejected, requires physical access
VPN access control lists — requires admin API
Secrets management rotation — separate audit
CI/CD pipeline security — requires platform access
Threat intelligence enrichment (GreyNoise, AbuseIPDB) — not queried

How this report was made

Produced by Architect, the infrastructure & security agent within Daimon — a self-governing multi-agent system built on Claude Code. Data gathering delegated to automated subagents (SSH into servers, database queries). Analysis and cross-correlation performed by a separate reasoning agent. Full HTTP dump frozen to snapshot for reproducibility — the database is live and numbers drift between queries.

Scoring model: targeted indicators (multi-layer activity, path specificity, custom tooling, persistence) vs. opportunistic indicators (single-layer, burst pattern, generic credentials). Thresholds: ≥6 TARGETED, 3–5 SUSPICIOUS, −2 to 2 INCONCLUSIVE, ≤−3 OPPORTUNISTIC.

02 SSH Brute Force & Authentication

149,623 failed authentication attempts across the fleet. Zero breaches. [VERIFIED]

149,623

Failed SSH Attempts

across all servers, auth log window

98.5%

On One Server

cloud VPS in heavily-scanned range

Unauthorized Logins

all logins = authorized via VPN

Fixed

Rate Limiter

misconfiguration found & resolved

Rate limiter misconfiguration found and resolved. Audit discovered that the rate-limiting service was not matching SSH events due to a platform-level service naming issue. Zero bans had been issued despite 149,623 attacks. Fixed same day across all servers. [VERIFIED]

Why one server attracted 98.5% of attempts: The busiest node is a cloud VPS in a datacenter IP range that is heavily targeted by automated scanning — an extremely high daily rate even on a non-standard SSH port. This reflects the datacenter’s scanning profile, not targeted interest in our infrastructure.

Top attacker IPs

45.224.97.181

26,618

51.79.2.27

18,448

139.99.122.93

8,147

158.247.202.121

7,032

87.121.84.136

5,278

144.31.117.52

3,349

111.22.52.211

2,892

7 top attackers. Cross-checked against full 813-day web dataset (513,227 records): zero appear in HTTP traffic. SSH-only operators. [VERIFIED]

Top usernames tried

Username	Attempts	Category
ubuntu	1,212	Generic default
admin	1,142	Generic
user	843	Generic
test	544	Generic
dell	423	Vendor default
postgres	375	Service account
oracle	372	Service account
git	291	Service account
jenkins	219	CI/CD service
claude	214	AI-related
clawd	213	AI-related

Notable: claude and clawd — attackers probing for AI/LLM service accounts. Emerging trend in 2025/26 threat landscape.

Authentication outcome

All logins legitimate. Every accepted SSH login across all servers was verified as authorized operator access via mesh VPN, using public-key authentication.

Zero unauthorized successful logins. [VERIFIED]

03 Web Traffic & Scanning

Full 813-day dataset: 513,227 HTTP requests, 35,424 unique IPs, Jan 2024 – Mar 2026. [VERIFIED]

513,227

Total HTTP Requests

813 days (Jan 2024 – Mar 2026)

35,424

Unique IPs

all time

59.5%

Return 404

305,617 of 513,227

78%

Bot / Automated

400,668 confirmed non-human

Traffic decomposition (full dataset)

Category	Requests	%	How identified
Empty UA	144,778	28.2%	NULL or empty user_agent — mostly cloud provider IPs, automated probing
Spoofed browser UA	141,559	27.6%	Browser-like UA but: outdated Chrome (91/78/60/42), typos (`Mozlila`, `5.g`), known scanner UAs
Known bot crawlers	71,823	14.0%	Self-identifying: bot/crawl/spider in UA (Google, Bing, AI crawlers, SEO)
Known tool scanners	24,253	4.7%	UA matches curl/wget/nikto/sqlmap/nuclei/httpx/zgrab
Automated clients	18,255	3.6%	Go-http-client, python-requests, python-httpx, node-fetch
Browser UA (unclassified)	112,559	21.9%	Modern browser UAs that don’t match known bot patterns. Upper bound — includes headless browsers + scrapers with valid UAs. Actual humans estimated ~2,500/month based on baseline before bot waves.

Sum = 513,227. The 102k Chrome/91 requests (2021 browser version) are a single botnet campaign. Site receives ~2–3k real visitors/month. [VERIFIED]

Monthly volume (27 months)

Jan 2024 Jul 2025: 79k peak Dec 2025: 56k 2026 →

Quarterly trends

Quarter	Requests	Unique IPs	404 Rate	AI Crawlers	185.177.72 Cluster
2024-Q1	19,471	3,795	26.1%	52	0
2024-Q2	25,115	4,352	31.9%	141	0
2024-Q3	50,665	4,950	64.5%	606	0
2024-Q4	37,340	4,976	52.0%	1,518	0
2025-Q1	25,744	5,125	29.9%	1,586	0
2025-Q2	75,447	6,361	71.4%	2,669	19,915
2025-Q3	120,144	7,437	78.6%	3,455	56,593
2025-Q4	88,253	8,261	49.8%	2,370	42
2026-Q1	71,048	6,301	57.1%	1,531	20,425

185.177.72 cluster first appeared May 2025, dominant Jul 2025 (63% of month), went quiet Q4 2025, returned Jan 2026. [VERIFIED]

The 185.177.72.0/24 scanner cluster

96,975 requests from 47 IPs over 11 months (since May 2025) = 18.9% of all traffic ever. All curl/8.7.1. Scanning in waves, systematically probing credential/config paths.

IP	All-time Requests	Active Period
185.177.72.108	40,603	Jul–Aug 2025 (dominant)
185.177.72.104	4,578	Jul 2025
185.177.72.205	4,392	Jun–Jul 2025
185.177.72.13	4,072	Feb–Mar 2026
185.177.72.30	3,979	Jun 2025 + Feb 2026
185.177.72.113	3,890	Jul 2025
185.177.72.10	3,700	Jun 2025
185.177.72.210	3,577	Jul 2025
185.177.72.23	3,303	Feb–Mar 2026
... +38 more IPs	24,881	various

Top paths: /.env, /.env.production, /.git/config, /.aws/credentials, /docker-compose.yml. All return 404. Zero SSH attempts from this subnet. [VERIFIED]

Sensitive path scanning (all time)

WordPress (wp-*)

85,963

.env variants

32,240

.git exposure

2,450

AWS credentials

1,235

WordPress scanning dominant (85,963) despite site not being WordPress — blind mass scanning. All return 404. [VERIFIED]

Notable: Dec 2025 spike (56,106)

185.159.131.99 — 17,942 requests with SQL injection attempts in User-Agent header (-1 OR 5*5=25 --). Caused 5,756 500 INTERNAL SERVER ERROR responses (99% of all 500s in the dataset). Single IP, single campaign.

All-time 500 errors: 5,797. Dec 2025 alone: 5,756. [VERIFIED]

Status code distribution (all time)

Status	Count	%
404 NOT FOUND	305,617	59.5%
200 OK	196,932	38.4%
500 INTERNAL SERVER ERROR	5,797	1.1%
304 NOT MODIFIED	2,766	0.5%
405 METHOD NOT ALLOWED	2,004	0.4%
308 PERMANENT REDIRECT	111	0.0%

04 AI Crawlers & MCP Scanning

AI crawlers: 8/month (Jan 2024) → 1,319/month peak (Aug 2025). Now ~500–700/month. MCP probing since May 2025.

AI crawler growth (full 27-month dataset)

Month	ClaudeBot	ChatGPT	GPTBot	Bytespider	Meta	Total AI
2024-01	0	7	1	0	0	8
2024-04	4	4	7	0	0	15
2024-07	7	78	105	1	3	194
2024-10	22	208	155	0	61	446
2025-01	41	160	156	4	75	436
2025-05	76	610	238	29	312	1,265
2025-07	462	208	290	154	142	1,256
2025-08	646	282	110	161	120	1,319
2025-11	590	213	42	157	205	1,207
2026-01	117	133	38	103	41	432
2026-03 (partial)	256	66	16	70	44	452

All-time AI crawlers: 13,928. Peak Aug 2025 (1,319/month). ClaudeBot dominant since Jul 2025. ChatGPT peaked May 2025 (610). GPTBot peaked Mar 2025 (306). Meta appeared Jul 2024. [VERIFIED]

MCP server scanning — 50 requests since May 2025

50 requests (25 POST /mcp + 25 GET /sse) from 24 IPs across 7 subnets. All python-httpx/0.28.1. Always in pairs: POST /mcp then GET /sse — MCP server discovery handshake.

Subnet	Unique IPs	Requests
45.156.128.0/24	6	12
185.226.197.0/24	6	12
185.180.141.0/24	4	8
109.105.209.0/24	3	6
109.105.210.0/24	2	6
45.156.129.0/24	2	4
52.77.165.0/24	1	2
Total	24	50

Timeline: first seen May 2025 (2 req), accelerating — Jan 2026 (10), Feb 2026 (18), Mar 2026 (20). Single operator, rotated IPs. Zero SSH attempts. [VERIFIED]

MCP scanning is accelerating. 2 requests in May 2025 → 20 in March 2026 (10x in 10 months). ~1,000 exposed MCP servers documented in the wild (SiliconAngle, Dec 2025). Any MCP deployment must be firewalled from day one.

05 Deception & llms.txt Probing

Two separate signals: deception-based threat detection (recently deployed) and llms.txt file probing (25 hits over 12 months).

Deception-based detection

Deployed deception-based threat detection targeting automated systems and LLM agents. Early results show automated systems interacting with planted indicators. Classification pending — data collection ongoing.

Confidence: LOW — limited data window. Methodology details withheld. [VERIFIED]

llms.txt probing

25 requests to /llms.txt from 16 unique IPs since April 2025. llms.txt is a proposed standard (like robots.txt but for LLM agents). All return 404.

Period	Requests	Notes
Apr 2025	4	First appearance — 4 different IPs in one day
May–Sep 2025	5	SemrushBot-adjacent IPs
Oct–Dec 2025	7	Expanding IP diversity
Jan–Mar 2026	9	Accelerating

Bots checking whether sites publish LLM-readable descriptions. Indicates growing LLM agent ecosystem. [VERIFIED]

06 Security Posture Checks

16 security scenarios tested, based on real-world incidents and CVEs.

PASS

no issues found

WARN

non-critical, tracked

FAIL

no critical failures

N/A

not applicable

Scenarios tested

Category	Checks	Status
Container runtime security	API exposure, socket mounts, runtime CVEs	pass
Network exposure	Database ports, internal service ports, 0.0.0.0 binds	warn mitigated by firewall
SSH & key management	Key type, authorized keys, agent forwarding	pass
Web exposure	Source code (.git), sensitive files, reverse proxy config	pass
Mesh VPN	Version currency	pass
Log integrity	Journal persistence, DNS logging	warn gaps identified
Malware indicators	Deleted executables, unexpected processes	pass
Egress	Outbound SSH, mining pools, C2 indicators	pass

Based on: Matrix.org 2019, Firecrawl 2025, Leaky Vessels CVE-2024-21626, Scattered Spider, perfctl, EmeraldWhale. [VERIFIED]

07 Defense Architecture

What actually protected the fleet — structural vs cosmetic defenses.

Structural defenses (effective)

VPN-restricted management access — SSH only reachable via mesh VPN. All 149,623 brute-force attempts hit a firewall wall before authentication.
Key-only authentication — Password authentication disabled fleet-wide. Even if firewall is bypassed, password brute-force is impossible.
Host firewalls — Every server runs a host firewall restricting internal services to the VPN subnet. Internal APIs and monitoring are not reachable from the public internet.

Cosmetic defenses (noise reduction)

Non-standard SSH port — reduces automated scanning by ~98% (industry benchmark). Not a security boundary — determined attackers find non-standard ports.
Rate limiting — reduces noise on high-volume targets. Not relied upon for security (key-only auth is the real barrier).

Structural defenses proved sufficient. Despite 149,623 SSH attempts and 513,227 HTTP requests, zero unauthorized access. The defense model does not depend on obscurity or rate limiting — it depends on cryptographic authentication and network segmentation.

08 Threat Scoring & Correlation

Cross-layer IP correlation against full 813-day dataset. Zero IPs scored TARGETED or SUSPICIOUS.

Cross-layer correlation

SSH and web attacks come from entirely separate actor populations.

Top 7 SSH attacker IPs checked against full 513,227 web records: zero matches
Subnet (/24) overlap: 1 subnet with both SSH and web activity — different IPs, different timing, likely shared hosting
Our overlap: <1%. Benchmark: 10–30% (honeypot studies, NSF/Outpost24 2023 — external, not verified)

Scoring summary

IP / Subnet	Layer	Score	Verdict	Key Evidence
45.224.97.181	SSH	-6	opportunistic	26,618 attempts, burst, generic creds, zero web
51.79.2.27	SSH	-6	opportunistic	18,448 attempts, burst, zero web
139.99.122.93	SSH	-5	opportunistic	8,147 attempts, burst, zero web
158.247.202.121	SSH	-5	opportunistic	7,032 attempts, burst, zero web
185.177.72.0/24	Web	-2	inconclusive	96,975 req, 47 IPs, mass .env harvester, web-only
185.159.131.99	Web	-1	inconclusive	17,942 req, SQLi in UA, caused mass 500 errors
87.121.84.0/24	SSH+Web	+2	inconclusive	Only cross-layer subnet, different IPs per layer
MCP scanners (7 subnets)	Web	-1	inconclusive	50 MCP probes, novel but mass recon

Zero IPs scored TARGETED (≥6) or SUSPICIOUS (3–5). All activity is opportunistic botnet noise or mass scanning. No evidence of intelligence-driven reconnaissance against this infrastructure. heuristic — see “What this report cannot prove” above.

Confidence statements

Finding	Confidence	Basis
SSH volumes + zero breaches	high	Direct query of auth logs on all servers
Web traffic statistics	high	Frozen database snapshot (513,227 rows), deterministic
SSH↔web correlation	high	All top SSH IPs cross-referenced against full 813-day web dataset
Scoring verdicts	moderate	Heuristic model. Some indicators untestable (no threat intel enrichment)
Egress cleanliness	moderate	Point-in-time snapshot, transient connections missed
Deception detection	low	Limited data window

Weaknesses & areas for improvement

Area	Gap	Impact on conclusions
Log retention	SSH auth logs cover days to weeks, not months. Industry median dwell time before detection exceeds our retention on most servers.	Historical or slow intrusions prior to the log window are invisible. “Zero breaches” means “zero in the available window.” confirmed gap
No east-west visibility	Only perimeter traffic analyzed. No internal inter-server traffic monitoring.	Lateral movement after initial access — the primary APT kill-chain step — would not appear in this report. confirmed gap
No threat intel enrichment	Attacker IPs not checked against GreyNoise, AbuseIPDB, or Shodan. Scoring is behavioral-only.	An IP with known APT attribution would still score INCONCLUSIVE in our model. Verdicts lack external corroboration. affects scoring
Deception: low confidence	Deception-based detection recently deployed. Limited data window.	Sample size too small for statistical conclusions. Cannot yet distinguish targeted from automated interaction with planted indicators. early stage
Egress: point-in-time	Single outbound connection snapshot per server. No persistent monitoring.	C2 callbacks on timers or DNS-based exfiltration would not be captured. Egress verdict is “clean at time of query.” snapshot only
Traffic classification	Bot detection is regex-based (UA patterns). 21.9% of traffic classified as “Browser UA (unclassified)” = upper bound.	Headless browsers with valid UAs and residential proxies are indistinguishable from real users. Human traffic estimate (~2,500/month) is a heuristic baseline. approximation
Single-analyst methodology	Analysis by automated agents. No independent human peer review of raw findings.	Systematic blind spots possible. Scoring model could under-weight novel attack patterns. Next audit should include human review and red-team validation. process gap

09 Findings & Remediation

Summary of identified issues and their resolution status.

P1 — Resolved

fixed same day

P2 — Scheduled

tracked internally

P3 — Backlog

low risk, queued

P1 (resolved): Rate limiter misconfiguration — identified and fixed same session across all servers.

P2 (scheduled): Log retention improvements and firewall rule hardening on specific servers.

P3 (backlog): Monitoring enhancements, service binding improvements, key rotation. All tracked internally.

No critical (P0) findings. No active breach, no public exploits, no data exposure. The P1 rate limiter issue was the highest priority finding and was resolved during the audit session.

10 Appendix: IOC Table

Indicators of Compromise

IOC	Type	Activity	Volume	Verdict
45.224.97.181	IP	SSH brute-force	26,618	opportunistic
51.79.2.27	IP	SSH brute-force	18,448	opportunistic
139.99.122.93	IP	SSH brute-force	8,147	opportunistic
185.177.72.0/24	Subnet	.env/.git/.aws scanning	96,975	inconclusive
185.159.131.99	IP	SQLi in UA + mass crawl	17,942	inconclusive
87.121.84.0/24	Subnet	SSH + web (cross-layer)	5,278 SSH + web	inconclusive
45.156.128.0/24 +6	Subnets	MCP probing	50	inconclusive

Not enriched via GreyNoise/AbuseIPDB. Verdicts based on behavioral analysis only. [VERIFIED]

Scoring model

Each IP/subnet is scored using weighted indicators. Targeted indicators (positive points): multi-layer activity, stack-specific path probing, custom tooling, low-and-slow patterns, persistence attempts. Opportunistic indicators (negative points): single-layer only, burst patterns, generic credentials, known scanner signatures, single port.

Thresholds: ≥6 = TARGETED, 3–5 = SUSPICIOUS, −2 to 2 = INCONCLUSIVE, ≤−3 = OPPORTUNISTIC.