Picked up an interesting new scanner with a (possible troll) UA: “apache 0day by @hxmonsegur” coming from 185.130.5.224.

Update: So far I’ve tested the ‘exploit’ against my Apache installation – doesn’t appear to be doing anything.

Update: Confirmed, it’s fake.