The HITME has begun to pick up a new web scanning pattern from sources primarily in Europe. The pattern is assuming the spread and slow increase as usual with these simple PHP or web application scans.
Here is the list of targets that the scanner is checking for:
//phpMyAdmin/main.php
//phpmyadmin/main.php
//pma/main.php
//admin/main.php
//dbadmin/main.php
//mysql/main.php
//php-my-admin/main.php
//myadmin/main.php
//PHPMYADMIN/main.php
Note that this scanner does not have the big two scanning signatures that we are used to seeing from Toata and Morfeus. No scanner name or identifier is sent during the probes.
Web Admins should check their servers for these signatures. You can do so using our BrainWebScan tool if you would like. (FREE) I will publish a brain file for this as soon as possible, or you can cut and paste the signatures from this page.