Confidence Level

84%

Very High?

Geolocation

🇺🇸

United StatesLos Angeles

ISPMULTACOM CORPORATION

ASNAS35916

Activity Timeline

First seenMar 8, 2026, 11:32 AM

Last seen6h ago

8Sessions

8Events

Protocol Breakdown

SSH

3 / 3

HTTP

2 / 2

TELNET

2 / 2

HTTPS

1 / 1

142.171.227.226 has a very high threat confidence level of 84%, originating from Los Angeles, United States, on the MULTACOM CORPORATION network (35916). It has been observed across 8 sessions targeting SSH, HTTP, TELNET, HTTPS, with detected attack patterns including http mass web rce exploitation scanning, First observed on March 8, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Http Mass Web Rce Exploitation Scanning

high2x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

Primitives

Individual actions observed

Http Method Get84 Http Php Echo Md5 Hello Phpunit Marker74 Http Body Wget Curl Pipe To Sh Selfrep4 Telnet Echo Hex Escape Sequence Output4 Http Thinkphp Invokefunction Call User Func Array Md54 Http Php Cgi Allow Url Include Auto Prepend Input Injection4 Telnet Command Sh2 Telnet Command Shell2 Telnet Command Enable2 Telnet Command System2 Http Cgi Bin Direct Bin Sh Access2 Http Phpunit Eval Stdin Php Path Access2 Http Phpunit License Eval Stdin Path Probe2 Http Docker Api Containers Json Path Access2 Http Phpunit Util Php Eval Stdin Path Access2 Http Root Phpunit Src Eval Stdin Path Access2 Http Root Phpunit Util Eval Stdin Path Access2 Https Query Thinkphp Invokefunction Md5 Probe2 Https Body Wget Curl Pipe To Sh Apache Selfrep2 Http Double Vendor Phpunit Eval Stdin Path Probe2

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMULTACOM CORPORATION SSHMore threats targetingSSH HTTPMore threats targetingHTTP TELNETMore threats targetingTELNET HTTPSMore threats targetingHTTPS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
142.171.95.117	88%	262
66.154.124.165	100%	857
148.135.91.153	23%	1
66.154.125.60	100%	772
74.48.5.98	23%	1

IP Address	Confidence	Events
130.12.180.75	91%	17,875
167.94.138.189	30%	2,283
130.12.180.116	91%	17,991
43.159.152.4	28%	47
91.92.243.154	91%	18,271