IP Address: 154.59.121.142Previously Malicious
IP Address: 154.59.121.142Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
MSSQL SSH |
|
Tags |
Failed FTP Login FTP Site Command FTP Smnt Command MSSQL HTTP SSH Listening NetBIOS FTP 100+ Ftp Commands |
|
Associated Attack Servers |
- |
|
IP Address |
154.59.121.142 |
|
|
Domain |
- |
|
|
ISP |
Cogent Communications |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2018-12-02 |
|
Last seen in Akamai Guardicore Segmentation |
2021-10-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user failed to login using FTP with the following username: uYO3kh0Z 2 times |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest 2 times |
Failed FTP Login |
|
A user failed to login using FTP with the following username: uWB5rUSQ 2 times |
Failed FTP Login |
|
A user failed to login using FTP with the following username: uPYIRSch |
Failed FTP Login |
|
A user failed to login using FTP with the following username: ut45o8vs |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest |
Failed FTP Login |
|
A user failed to login using FTP with the following username: uPYIRSch |
Failed FTP Login |
|
FTP SITE commands EXEC %p %p %p %p /.a were executed |
FTP Site Command |
|
FTP SITE commands EXEC %p %p %p %p were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:60487 |
|
|
A user failed to login using FTP with the following username: guest |
Failed FTP Login |
|
A user failed to login using FTP with the following username: ut45o8vs |
Failed FTP Login |
|
FTP SITE commands EXEC %p %p %p %p /.a were executed 16 times |
FTP Site Command |
|
A user failed to login using FTP with the following username: guest |
Failed FTP Login |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36981, 154.59.121.142:43872 and 154.59.121.142:50314 |
|
|
A user failed to login using FTP with the following username: uFv7aUHR |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest 2 times |
Failed FTP Login |
|
A user failed to login using FTP with the following username: uFv7aUHR |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest |
Failed FTP Login |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56238 |
|
|
A user failed to login using FTP with the following username: u8CifqFi |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest |
Failed FTP Login |
|
A user failed to login using FTP with the following username: u8CifqFi |
Failed FTP Login |
|
A user failed to login using FTP with the following username: guest 3 times |
Failed FTP Login |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38753 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35844 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39417 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48861, 154.59.121.142:55575 and 154.59.121.142:60727 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:33807 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57057 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:60368 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36019 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:34645, 154.59.121.142:41008 and 154.59.121.142:59423 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56154 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57213 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:44982 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:59123 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:43514 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48618 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41543, 154.59.121.142:44730, 154.59.121.142:50723 and 154.59.121.142:58808 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41588, 154.59.121.142:44009 and 154.59.121.142:60192 |
|
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39250, 154.59.121.142:40155 and 154.59.121.142:53439 |
|
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39522 and 154.59.121.142:60007 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41307 and 154.59.121.142:46288 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:46387, 154.59.121.142:48586 and 154.59.121.142:57943 |
|
|
Process /usr/local/sbin/vsftpd started listening on ports: 6260 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:46873 and 154.59.121.142:57322 |
|
|
FTP SMNT commands with arguments /tmp were executed 6 times |
FTP Smnt Command |
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:37386, 154.59.121.142:56958 and 154.59.121.142:58421 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:37194 and 154.59.121.142:51305 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:44210, 154.59.121.142:52902 and 154.59.121.142:56472 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56513 and 154.59.121.142:60172 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36965 and 154.59.121.142:60754 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:34207 and 154.59.121.142:46509 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36615 and 154.59.121.142:59075 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35013, 154.59.121.142:40162 and 154.59.121.142:59042 |
|
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd started listening on ports: 61504 |
|
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
FTP SITE commands CHMOD 700 QTest /QTest were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd started listening on ports: 56716 |
|
|
FTP SITE commands IDLE /QTest were executed |
FTP Site Command |
|
FTP SITE commands IDLE 10000 /QTest were executed |
FTP Site Command |
|
Process /usr/local/sbin/vsftpd started listening on ports: 23230 |
|
|
Process /usr/local/sbin/vsftpd started listening on ports: 32171 |
|
|
Process /usr/local/sbin/vsftpd started listening on ports: 63741 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:53366 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38887 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:50651 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:54532 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57142 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:49594 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:51907 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48025 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35129 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38993 |
|
|
Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:49628 |
|
|
Process /usr/local/sbin/vsftpd started listening on ports: 10225, 14995, 15780, 16003, 28085, 47627, 58906, 62334, 62442 and 63263 |
Listening |
|
Process /usr/local/sbin/vsftpd started listening on ports: 11322, 15833, 17213, 21997, 36480, 38475, 46300, 49372, 49837 and 52305 |
Listening |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies