Honeypot Visits
--
Check GA4 Events
Clone Detections
--
Check GA4 for CLONE_ALERT
Admin Page Hits
--
Check GA4 for HIDDEN_PAGE_ACCESS
Login Attempts
--
Check GA4 for login_attempt
Active Honeypot Traps
| Trap Name | URL | Type | Tracking | Status |
|---|---|---|---|---|
| Main Honeypot | /HONEYPOT_TRACKER.html | Full Fingerprint | GA4 + LocalStorage | Active |
| Hidden Admin | /admin-panel-7x9k2m.html | Intruder Detection | GA4 Critical Alert | Active |
| Clone Detector | All Pages | Domain Verification | GA4 CLONE_ALERT | Active |
How to View Captured Data
GA4 Real-Time Events
- 1. Go to analytics.google.com
- 2. Select your property (G-MW56HRQ79D)
- 3. Click "Reports" → "Realtime"
- 4. Look for events:
- • honeypot_access
- • CLONE_ALERT
- • HIDDEN_PAGE_ACCESS
- • INTRUDER_DETECTED
- • login_attempt
GA4 Event Reports
- 1. Go to "Reports" → "Engagement" → "Events"
- 2. Filter by event name:
- SECURITY_ALERT (critical)
- CRITICAL_SECURITY (intruders)
- HONEYPOT_LOGIN (attempts)
- 3. Check "Event parameters" for details:
- • clone_domain (where it's being served from)
- • user_agent (browser/device info)
- • referrer (how they found the page)
Local Storage Captured Data
Honeypot Visits
Loading...
Intruder Log
Loading...
Signs of Interception (What to Watch For)
🚨 Critical Alerts
- • CLONE_ALERT event — Your page is being served from another domain
- • HIDDEN_PAGE_ACCESS — Someone found admin page (not linked anywhere)
- • is_cloned: YES_CLONED — Domain mismatch detected
- • Traffic from unexpected locations (Langley, Fort Meade, etc.)
🔍 Suspicious Patterns
- • Multiple visits to honeypot from same fingerprint
- • Login attempts on fake admin panel
- • Unusual referrer URLs
- • Visits from government/military IP ranges
- • Timing correlation with your WiFi activity