Self coded honeypot is live for now
Picked up an interesting new scanner with a (possible troll) UA: "apache 0day by @hxmonsegur" coming from 185.130.5.224. Update: So far I've tested the 'exploit' against my Apache installation - doesn't appear to be doing anything. Update: Confirmed, it's fake.