LevelBlue

LevelBlue + SentinelOne Partner to Deliver AI-Powered Managed Security Operations and Incident Response. Learn More

Submit RFP Request a Demo

[Honeypot Alert] Extensive 'setup.php' Scanning Detected

Change theme to light
5 Minute Read by Ryan Barnett

The SpiderLabs Research Team has identified an extensive scanning campaign which aims to enumerate the "setup.php" pages from a vast number of blogging and CMS applications. Below are the probes that we saw on our web honeypots today:

GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1GET /admin/mysql/scripts/setup.php HTTP/1.1GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1GET //admin/pma/scripts/setup.php HTTP/1.1GET /admin/pma/scripts/setup.php HTTP/1.1GET /_admin/scripts/setup.php HTTP/1.1GET //admin/scripts/setup.php HTTP/1.1GET /admin/scripts/setup.php HTTP/1.1GET admin/scripts/setup.php HTTP/1.1GET //admm/scripts/setup.php HTTP/1.1GET /admm/scripts/setup.php HTTP/1.1GET //admn/scripts/setup.php HTTP/1.1GET /admn/scripts/setup.php HTTP/1.1GET /backup/phpmyadmin/scripts/setup.php HTTP/1.1GET /backup/phpMyAdmin/scripts/setup.php HTTP/1.1GET /bkup/phpmyadmin/scripts/setup.php HTTP/1.1GET /bkup/phpMyAdmin/scripts/setup.php HTTP/1.1GET /cpadmindb/scripts/setup.php HTTP/1.1GET /cpadmin/scripts/setup.php HTTP/1.1GET /cpanelmysql/scripts/setup.php HTTP/1.1GET /cpdbadmin/scripts/setup.php HTTP/1.1GET /cpphpmyadmin/scripts/setup.php HTTP/1.1GET //databaseadmin/scripts/setup.php HTTP/1.1GET /databaseadmin/scripts/setup.php HTTP/1.1GET //dbadmin/scripts/setup.php HTTP/1.1GET /dbadmin/scripts/setup.php HTTP/1.1GET //db/scripts/setup.php HTTP/1.1GET /db/scripts/setup.php HTTP/1.1GET //myadmin/scripts/setup.php HTTP/1.1GET /myadmin/scripts/setup.php HTTP/1.1GET /MyAdmin/scripts/setup.php HTTP/1.1GET /mysqladminconfig/scripts/setup.php HTTP/1.1GET //mysql-admin/scripts/setup.php HTTP/1.1GET //mysqladmin/scripts/setup.php HTTP/1.1GET /mysql-admin/scripts/setup.php HTTP/1.1GET /mysqladmin/scripts/setup.php HTTP/1.1GET /MySQLAdmin/scripts/setup.php HTTP/1.1GET //mysqlmanager/scripts/setup.php HTTP/1.1GET /mysqlmanager/scripts/setup.php HTTP/1.1GET //mysql/scripts/setup.php HTTP/1.1GET //phpadmin/scripts/setup.php HTTP/1.1GET /phpadmin/scripts/setup.php HTTP/1.1GET //phpmanager/scripts/setup.php HTTP/1.1GET /phpmanager/scripts/setup.php HTTP/1.1GET /phpm/scripts/setup.php HTTP/1.1GET /phpmyadmin/%0Dscripts/setup.php HTTP/1.1GET //phpmyadmin1/scripts/setup.php HTTP/1.1GET /phpmyadmin1/scripts/setup.php HTTP/1.1GET /phpMyAdmin1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1GET //phpmyadmin2/scripts/setup.php HTTP/1.1GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1GET /_phpmyadmin/scripts/setup.php HTTP/1.1GET //php-my-admin/scripts/setup.php HTTP/1.1GET //php-myadmin/scripts/setup.php HTTP/1.1GET //phpmy-admin/scripts/setup.php HTTP/1.1GET //phpmyadmin/scripts/setup.php HTTP/1.1GET /php-my-admin/scripts/setup.php HTTP/1.1GET /php-myadmin/scripts/setup.php HTTP/1.1GET /phpmy-admin/scripts/setup.php HTTP/1.1GET /phpmyadmin/scripts/setup.php HTTP/1.1GET /_phpMyAdmin/scripts/setup.php HTTP/1.1GET //phpMyAdmin/scripts/setup.php HTTP/1.1GET /phpMyAdmin/scripts/setup.php HTTP/1.1GET /pHpMyAdMiN/scripts/setup.php HTTP/1.1GET /PHPMYADMIN/scripts/setup.php HTTP/1.1GET /phpMyAdmi/scripts/setup.php HTTP/1.1GET /phpmyad/scripts/setup.php HTTP/1.1GET /phpMyAds/scripts/setup.php HTTP/1.1GET /phpmyad-sys/scripts/setup.php HTTP/1.1GET /phpmya/scripts/setup.php HTTP/1.1GET /phpMyA/scripts/setup.php HTTP/1.1GET /phpmy/scripts/setup.php HTTP/1.1GET /php/scripts/setup.php HTTP/1.1GET //pma2005/scripts/setup.php HTTP/1.1GET /pma2005/scripts/setup.php HTTP/1.1GET //PMA2005/scripts/setup.php HTTP/1.1GET /PMA2005/scripts/setup.php HTTP/1.1GET //p/m/a/scripts/setup.php HTTP/1.1GET //pma/scripts/setup.php HTTP/1.1GET /p/m/a/scripts/setup.php HTTP/1.1GET /pma/scripts/setup.php HTTP/1.1GET /~/PMA/scripts/setup.php HTTP/1.1GET /PMA/scripts/setup.php HTTP/1.1GET /roundcube/scripts/setup.php HTTP/1.1GET //scripts/setup.php HTTP/1.1GET /scripts/setup.php HTTP/1.1GET /sl2/data/scripts/setup.php HTTP/1.1GET /sqladmin/scripts/setup.php HTTP/1.1GET //sqlmanager/scripts/setup.php HTTP/1.1GET /sqlmanager/scripts/setup.php HTTP/1.1GET /sql/scripts/setup.php HTTP/1.1GET //sqlweb/scripts/setup.php HTTP/1.1GET /sqlweb/scripts/setup.php HTTP/1.1GET /SSLMySQLAdmin/scripts/setup.php HTTP/1.1GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1GET /vhcs2/tools/pma/scripts/setup.php HTTP/1.1GET //webadmin/scripts/setup.php HTTP/1.1GET /webadmin/scripts/setup.php HTTP/1.1GET //webdb/scripts/setup.php HTTP/1.1GET /webdb/scripts/setup.php HTTP/1.1GET /web/phpmyadmin/scripts/setup.php HTTP/1.1GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1GET //web/scripts/setup.php HTTP/1.1GET /web/scripts/setup.php HTTP/1.1GET //websql/scripts/setup.php HTTP/1.1GET /websql/scripts/setup.php HTTP/1.1GET /wp-content/plugins/wp-phpmyadmin/wp-phpmyadmin/phpmyadmin/scripts/setup.php HTTP/1.1GET /wp-phpmyadmin/scripts/setup.php HTTP/1.1GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1

 

Here are the two different User-Agent strings used in the probes:

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]User-Agent: Opera

 

There were no follow-up exploit attempts with this scanning which leads us to believe either:

  1. Since all of these requests resulted in 404 Not Found status codes, the target application was not present so an actual attack was not executed, or
  2. This is merely an enumeration scanning exercise where the attacker(s) are mapping out possible future targets. When a new vulnerability is found within one of these application in the future, the attacker can simplly consult their own list of possible targets.

ABOUT LEVELBLUE

LevelBlue secures what's next with intelligence-led security delivering visibility and speed to stop threats faster. As the world’s largest and most analyst-recognized pure-play managed security services provider, our AI-powered managed services and cyber expertise across managed, advisory, and incident response services help clients operate with confidence. Learn more about us.

https://www.levelblue.com/resources/blogs/internal-blog/how-to-create-a-blog-post/

Latest Intelligence

The Device Code Phishing Tsunami: What We’re Seeing in the Wild
macOS ClickFix Social Engineering Campaigns
ClickFix Is Now Hiring: From Job Platform Impersonation to Python-Based RAT Delivery

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
© Copyright 2026