Magento Bitrix Exploit
Starting 2/13/2020 at 5:40AM EDT it appears some new bot network is scanning for a new form of exploit regarding a Magento (1) Bitrix connector exploit.
It appears to be trying known location of bitrix installs. Sec teams should monitor and/or ban these sessions at their App firewall level.
If you are running Bitrix connector make sure you have the latest patched plugins.
Locations being scanned:
/2002/bitrix/admin
/2004/bitrix/admin
/2000/bitrix/admin
/123/bitrix/admin (Seriously??)
/10/bitrix/admin/
It had been a relatively quiet past few days with relatively no bot scanning activity.