The source IP (49.232.133.229) is making repeated requests to various phpMyAdmin URLs without a User-Agent string. This behavior is indicative of a malicious bot or automated script and not of a regular user or benign crawler. The lack of a User-Agent string and the specific targeting of phpMyAdmin setup files are concerning and suggest the IP should be added to a blocklist.
Paste the full User-Agent String here
(no User-Agent string was provided in the logs)
Is this for Addition / Removal?
Did the User-Agent request robots.txt first?
Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)
49.232.133.229 - - [03/Jan/2024:03:12:57 -0500] "GET http://40.121.23.143:80/myadmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:12:57 -0500] "GET http://40.121.23.143:80/MyAdmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:12:59 -0500] "GET http://40.121.23.143:80/PHPMYADMIN/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:12:59 -0500] "GET http://40.121.23.143:80/mysqladmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:13:00 -0500] "GET http://40.121.23.143:80/SQL/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:03 -0500] "GET http://40.121.23.143:80/phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:04 -0500] "GET http://40.121.23.143:80/phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:05 -0500] "GET http://40.121.23.143:80/phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:05 -0500] "GET http://40.121.23.143:80/phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:06 -0500] "GET http://40.121.23.143:80/admin/pma/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:06 -0500] "GET http://40.121.23.143:80/phpMyAdmin-2/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:07 -0500] "GET http://40.121.23.143:80/web/phpMyAdmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:07 -0500] "GET http://40.121.23.143:80/webadmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:09 -0500] "GET http://40.121.23.143:80/admin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:09 -0500] "GET http://40.121.23.143:80/dbadmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:10 -0500] "GET http://40.121.23.143:80/mysql/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:10 -0500] "GET http://40.121.23.143:80/phpMyAdmin2/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:11 -0500] "GET http://40.121.23.143:80/phpma/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:11 -0500] "GET http://40.121.23.143:80/sqlweb/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:12 -0500] "GET http://40.121.23.143:80/webdb/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:13 -0500] "GET http://40.121.23.143:80/websql/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:13 -0500] "GET http://40.121.23.143:80/_phpMyAdmin/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:14 -0500] "GET http://40.121.23.143:80/php/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:14 -0500] "GET http://40.121.23.143:80/admin/phpmyadmin/scripts/setup.txt HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:15 -0500] "GET http://40.121.23.143:80/db/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:15 -0500] "GET http://40.121.23.143:80/sqlmanager/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-" 49.232.133.229 - - [03/Jan/2024:03:14:16 -0500] "GET http://40.121.23.143:80/mysqlmanager/scripts/setup.php HTTP/1.0" 301 186 "-" "-" "-"
Additional information
The source IP (49.232.133.229) is making repeated requests to various phpMyAdmin URLs without a User-Agent string. This behavior is indicative of a malicious bot or automated script and not of a regular user or benign crawler. The lack of a User-Agent string and the specific targeting of phpMyAdmin setup files are concerning and suggest the IP should be added to a blocklist.