IP Address: 154.59.121.135Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
154.59.121.135​
Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Connect-Back, Scanner

Services Targeted

SSH MSSQL

Tags

Failed FTP Login Access Suspicious Domain SSH NetBIOS DNS Query FTP Smnt Command HTTP Listening MSSQL 100+ Ftp Commands FTP FTP Site Command

Associated Attack Servers

qualys-9a3b7987

Basic Information

IP Address

154.59.121.135

Domain

-

ISP

Cogent Communications

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-12-02

Last seen in Guardicore Centra

2020-07-19

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/sbin/smbd attempted to access suspicious domains: qualys-9a3b7987 8 times

Access Suspicious Domain DNS Query

A user failed to login using FTP with the following username: uSlH6Xgr 2 times

Failed FTP Login

A user failed to login using FTP with the following username: guest 2 times

Failed FTP Login

A user failed to login using FTP with the following username: uJJ91XUH 2 times

Failed FTP Login

FTP SITE commands EXEC %p %p %p %p were executed

FTP Site Command

A user failed to login using FTP with the following username: unpYjqla

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

FTP SITE commands EXEC %p %p %p %p /.a were executed 20 times

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:45258

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:35116

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:51215

A user failed to login using FTP with the following username: unpYjqla

Failed FTP Login

A user failed to login using FTP with the following username: u5NpliHT

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: uOoGKFeB

Failed FTP Login

A user failed to login using FTP with the following username: u5NpliHT

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: ulaESuhe

Failed FTP Login

A user failed to login using FTP with the following username: uOoGKFeB

Failed FTP Login

A user failed to login using FTP with the following username: ulaESuhe

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: ulaESuhe 2 times

Failed FTP Login

A user failed to login using FTP with the following username: guest 8 times

Failed FTP Login

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:58664

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:32897

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:43574

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:57627

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:43776, 154.59.121.135:47137 and 154.59.121.135:59247

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:37256, 154.59.121.135:41248 and 154.59.121.135:48595

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:38220, 154.59.121.135:44526 and 154.59.121.135:45160

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:40556

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33093

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:55438

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33015

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:46504

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:32970

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:35284

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:54896

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:45395

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:42667

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33986

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:44145 and 154.59.121.135:50171

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33809 and 154.59.121.135:47268

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:43741 and 154.59.121.135:54396

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:36235 and 154.59.121.135:59033

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:51184 and 154.59.121.135:55537

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33673 and 154.59.121.135:53064

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33765 and 154.59.121.135:55859

Process /usr/local/sbin/vsftpd started listening on ports: 7941

FTP SMNT commands with arguments /tmp were executed 7 times

FTP Smnt Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33347, 154.59.121.135:35398 and 154.59.121.135:57244

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33780, 154.59.121.135:53416 and 154.59.121.135:56005

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:40484 and 154.59.121.135:43282

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:41785 and 154.59.121.135:49639

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:49464 and 154.59.121.135:54660

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:38059 and 154.59.121.135:43862

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:35076 and 154.59.121.135:38711

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:44300 and 154.59.121.135:52489

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:34672 and 154.59.121.135:49469

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:50380 and 154.59.121.135:59502

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:46877, 154.59.121.135:53783 and 154.59.121.135:60260

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 64557

FTP SITE commands CHMOD 700 QTest /QTest were executed 3 times

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 33083

FTP SITE commands IDLE /QTest were executed 2 times

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed 2 times

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 33528

Process /usr/local/sbin/vsftpd started listening on ports: 7848

Process /usr/local/sbin/vsftpd started listening on ports: 57002

Process /usr/local/sbin/vsftpd started listening on ports: 11823

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:58293

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:47037

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:33432

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:49487

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:58058

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:42337

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:44070

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:35389

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:54189

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:38485

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:55677

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:56622

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:50652

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:35722

Process /usr/local/sbin/vsftpd started listening on ports: 13113, 24274, 24331, 29946, 30966, 35447, 39423, 39704, 43732 and 60113

Listening

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:46947

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:37054

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:42304

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.135:55653

Process /usr/local/sbin/vsftpd started listening on ports: 17567, 20238, 31300, 42270, 45673, 55437, 5555, 56565, 65380 and 9109

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 27440, 28199, 34117, 42482, 45638, 50733, 5162, 52179, 63468 and 6614

Listening

Connection was closed due to timeout

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 154.59.121.135​Malicious