diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index d011c54..a061076 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -301,9 +301,11 @@ parse_logs() {
     local log_search_path
     local log_search_name
     if [ "$INTERWORX_MODE" = "yes" ]; then
-        # InterWorx: /home/user/var/domain.com/logs/transfer.log (VERIFIED: uses 'transfer.log' not 'access_log')
+        # InterWorx: Official docs from https://appendix.interworx.com/current/nodeworx/general/other/log-file-locations.html
+        # HTTP:  /home/{user}/var/{domain}/logs/transfer.log
+        # HTTPS: /home/{user}/var/{domain}/logs/transfer-ssl.log
         log_search_path="/home/*/var/*/logs"
-        log_search_name="transfer.log"
+        log_search_name="transfer*.log"
     else
         # cPanel/Plesk: /var/log/apache2/domlogs/domain.com
         log_search_path="$LOG_DIR"
@@ -320,7 +322,7 @@ parse_logs() {
 
         # Extract domain name based on control panel
         if [ "$INTERWORX_MODE" = "yes" ]; then
-            # InterWorx: extract from path /home/user/var/domain.com/logs/transfer.log
+            # InterWorx: extract from path /home/user/var/domain.com/logs/transfer*.log
             domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p')
         elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then
             # Plesk: extract from path /var/www/vhosts/system/domain.com/logs/access_log
@@ -1808,12 +1810,12 @@ main() {
             find_opts+=(-mtime -"$DAYS_BACK")
         fi
 
-        # Find all transfer.log files in InterWorx structure
-        log_count=$(find /home/*/var/*/logs -type f -name "transfer.log" "${find_opts[@]}" 2>/dev/null | wc -l)
+        # Find all transfer*.log files in InterWorx structure (includes transfer.log and transfer-ssl.log)
+        log_count=$(find /home/*/var/*/logs -type f -name "transfer*.log" "${find_opts[@]}" 2>/dev/null | wc -l)
 
         if [ "$log_count" -eq 0 ]; then
             # Try without time filter to see if ANY logs exist
-            local total_logs=$(find /home/*/var/*/logs -type f -name "transfer.log" 2>/dev/null | wc -l)
+            local total_logs=$(find /home/*/var/*/logs -type f -name "transfer*.log" 2>/dev/null | wc -l)
 
             if [ "$total_logs" -eq 0 ]; then
                 print_alert "Error: No InterWorx access logs found in /home/*/var/*/logs/"