diff --git a/push.php b/push.php
new file mode 100644
index 0000000..2ae412a
--- /dev/null
+++ b/push.php
@@ -0,0 +1,93 @@
+<?php
+/**
+ * portspoof_concentrator – HTTP push trigger
+ *
+ * Reads the frequent IPs list and pushes each IP to the external blacklist API.
+ * Complements trigger.php (fetch) and purge.php (purge) as the third HTTP action endpoint.
+ *
+ * Authentication (any one of):
+ *   - Active web session (logged-in browser)
+ *   - Authorization: Bearer <TRIGGER_TOKEN>
+ *   - ?token=<TRIGGER_TOKEN>
+ *
+ * Usage:
+ *   GET/POST  /push.php
+ *   GET/POST  /push.php?token=<secret>
+ *   GET/POST  /push.php   (with header: Authorization: Bearer <secret>)
+ *
+ * Always returns JSON.
+ */
+
+require_once __DIR__ . '/includes/auth.php';
+require_once __DIR__ . '/includes/functions.php';
+
+header('Content-Type: application/json');
+
+// ── Auth ──────────────────────────────────────────────────────────────────────
+
+$session_ok = false;
+if (auth_enabled()) {
+    if (session_status() === PHP_SESSION_NONE) {
+        session_start();
+    }
+    $session_ok = !empty($_SESSION['authenticated']);
+}
+
+$token_ok = false;
+if (TRIGGER_TOKEN !== '') {
+    $provided = '';
+    $auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+    if (str_starts_with($auth_header, 'Bearer ')) {
+        $provided = substr($auth_header, 7);
+    }
+    if ($provided === '' && isset($_REQUEST['token'])) {
+        $provided = $_REQUEST['token'];
+    }
+    $token_ok = $provided !== '' && hash_equals(TRIGGER_TOKEN, $provided);
+}
+
+if (!$session_ok && !$token_ok) {
+    http_response_code(401);
+    echo json_encode(['error' => 'Unauthorized']);
+    exit;
+}
+
+// ── Run push ──────────────────────────────────────────────────────────────────
+
+$started_at = microtime(true);
+$threshold  = (int)get_setting('frequent_ip_threshold', '5');
+$rows       = frequent_ips($threshold);
+$results    = [];
+
+$expire_date = date('ymdHis', strtotime('+6 months'));
+
+foreach ($rows as $row) {
+    $ip  = $row['src_ip'];
+    $url = 'https://www.daprogs.com/api/ipban199/blacklist.php'
+         . '?a=add&type=2&date=' . $expire_date . '&reason=portspoof&ip=' . urlencode($ip);
+
+    $ch = curl_init($url);
+    curl_setopt_array($ch, [
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_TIMEOUT        => 10,
+    ]);
+    curl_exec($ch);
+    $http_code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
+    curl_close($ch);
+
+    $results[] = [
+        'ip'        => $ip,
+        'http_code' => $http_code,
+        'ok'        => ($http_code >= 200 && $http_code < 300),
+    ];
+}
+
+$elapsed_ms = (int)round((microtime(true) - $started_at) * 1000);
+
+echo json_encode([
+    'ok'         => true,
+    'elapsed_ms' => $elapsed_ms,
+    'threshold'  => $threshold,
+    'pushed'     => count($results),
+    'results'    => $results,
+], JSON_PRETTY_PRINT);
diff --git a/version.php b/version.php
index 04d62f9..bf64781 100644
--- a/version.php
+++ b/version.php
@@ -1,2 +1,2 @@
 <?php
-define('APP_VERSION', '2603.14');
+define('APP_VERSION', '2603.15');