Using tools like nmap -sV -p 2222 , an attacker identifies that an Apache service is running.
The malware authors use port 2222 because it is often overlooked by administrators who assume it is "just the DirectAdmin panel" or a development environment. apache httpd 2222 exploit
Vulnerability description (technical, non-actionable) Using tools like nmap -sV -p 2222 ,