OSINT / scan-target bait paths

Tests (targeted reconnaissance / OSINT). Standard "common scan path" URLs an attacker would probe when fingerprinting a target. Each path returns a synthetic placeholder so we can observe whether an intermediary passes scan-shaped traffic through (and at what rate).

Paths exposed here:

• /admin
  Fake admin login page.
• /wp-login.php
  Fake WordPress login form.
• /phpmyadmin/
  Fake phpMyAdmin login.
• /server-status
  Fake Apache server-status page.
• /.env
  Fake .env file (dotfile). Routes through the Cloud Function (Hosting normally ignores dotfiles).
• /.git/config
  Fake .git/config. Same Function-routed.
• /api
  Generic API root.

For scan-rate testing

Drive a slow directory-enumeration sweep (e.g., 10 requests over 5 minutes) through the intermediary and observe (a) whether each path returns its expected synthetic content, (b) whether the intermediary rate-limits, (c) whether the intermediary detects the recon pattern. Use sticky-session if available to ensure all requests go through the same exit.