Mittwoch, 9. September 2015

Checking Database config - 202.137.205.134

BEGIN OF HTTP DATA:
2015-09-09 01:48:57
Source IP: 202.137.205.134
Country: AU RiskScore: 1 Malware: []
HEAD http://195.169.125.87:80/PMA2011/ HTTP/1.1
Connection: Keep-Alive
Keep-Alive: 300
User-Agent: Mozilla/5.0 Jorgee
Host: 195.169.125.87
The IP made several tries to access database related access console.
So, time to show the new tool :-)
 python.exe .\spider.py -i 202.137.205.134
<?xml version="1.0" encoding="UTF-8"?>
<ip>202.137.205.134
<reporter>SANS Internet Storm Cast</reporter>
<comment>IP is listed on SANS ISC</comment>
<reference>https://isc.sans.edu/api/ip/202.137.205.134</reference>
</reporter>
</ip>
HEAD http://195.169.125.87:80/1phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/2phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/3phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/4phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/MyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA2011/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA2012/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA2013/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA2014/ HTTP/1.1
HEAD http://195.169.125.87:80/PMA2015/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/db/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/pMA/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/phpMyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/sqladmin/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/sysadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/admin/web/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/PMA/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/admin/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/db/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/phpMyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/pma/ HTTP/1.1
HEAD http://195.169.125.87:80/administrator/web/ HTTP/1.1
HEAD http://195.169.125.87:80/database/ HTTP/1.1
HEAD http://195.169.125.87:80/db/ HTTP/1.1
HEAD http://195.169.125.87:80/db/db-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/dbadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/dbweb/ HTTP/1.1
HEAD http://195.169.125.87:80/db/myadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/phpMyAdmin-3/ HTTP/1.1
HEAD http://195.169.125.87:80/db/phpMyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/phpMyAdmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/db/phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/phpmyadmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/db/webadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/db/webdb/ HTTP/1.1
HEAD http://195.169.125.87:80/db/websql/ HTTP/1.1
HEAD http://195.169.125.87:80/dbadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/myadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/myadminphp/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/admin/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/db/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/dbadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/mysqlmanager/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/pMA/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/pma/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/sqlmanager/ HTTP/1.1
HEAD http://195.169.125.87:80/mysql/web/ HTTP/1.1
HEAD http://195.169.125.87:80/mysqladmin/ HTTP/1.1
HEAD http://195.169.125.87:80/mysqlmanager/ HTTP/1.1
HEAD http://195.169.125.87:80/php-my-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/php-myadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin-2/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin-3/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin-4/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin2/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyAdmin4/ HTTP/1.1
HEAD http://195.169.125.87:80/phpMyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmanager/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmy-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmy/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyadmin1/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyadmin2/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyadmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/phpmyadmin4/ HTTP/1.1
HEAD http://195.169.125.87:80/phppma/ HTTP/1.1
HEAD http://195.169.125.87:80/pma/ HTTP/1.1
HEAD http://195.169.125.87:80/pma2011/ HTTP/1.1
HEAD http://195.169.125.87:80/pma2012/ HTTP/1.1
HEAD http://195.169.125.87:80/pma2013/ HTTP/1.1
HEAD http://195.169.125.87:80/pma2014/ HTTP/1.1
HEAD http://195.169.125.87:80/pma2015/ HTTP/1.1
HEAD http://195.169.125.87:80/program/ HTTP/1.1
HEAD http://195.169.125.87:80/shopdb/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/myadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/php-myadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpMyAdmin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpMyAdmin2/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpMyAdmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpMyAdmin4/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpmanager/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpmy-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpmyadmin2/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpmyadmin3/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/phpmyadmin4/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/sql-admin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/sql/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/sqladmin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/sqlweb/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/webadmin/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/webdb/ HTTP/1.1
HEAD http://195.169.125.87:80/sql/websql/ HTTP/1.1
HEAD http://195.169.125.87:80/sqlmanager/ HTTP/1.1