IP Address: 154.59.121.142Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
154.59.121.142​
Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

MYSQL SSH MSSQL

Tags

Failed FTP Login FTP Site Command FTP Smnt Command MSSQL HTTP SSH Listening NetBIOS FTP 100+ Ftp Commands

Associated Attack Servers

qualys-9a3b798e

160.62.12.231

Basic Information

IP Address

154.59.121.142

Domain

-

ISP

Cogent Communications

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-12-02

Last seen in Guardicore Centra

2020-07-20

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user failed to login using FTP with the following username: uYO3kh0Z 2 times

Failed FTP Login

A user failed to login using FTP with the following username: guest 2 times

Failed FTP Login

A user failed to login using FTP with the following username: uWB5rUSQ 2 times

Failed FTP Login

A user failed to login using FTP with the following username: uPYIRSch

Failed FTP Login

A user failed to login using FTP with the following username: ut45o8vs

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: uPYIRSch

Failed FTP Login

FTP SITE commands EXEC %p %p %p %p /.a were executed

FTP Site Command

FTP SITE commands EXEC %p %p %p %p were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:60487

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: ut45o8vs

Failed FTP Login

FTP SITE commands EXEC %p %p %p %p /.a were executed 16 times

FTP Site Command

A user failed to login using FTP with the following username: guest

Failed FTP Login

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36981, 154.59.121.142:43872 and 154.59.121.142:50314

A user failed to login using FTP with the following username: uFv7aUHR

Failed FTP Login

A user failed to login using FTP with the following username: guest 2 times

Failed FTP Login

A user failed to login using FTP with the following username: uFv7aUHR

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56238

A user failed to login using FTP with the following username: u8CifqFi

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: u8CifqFi

Failed FTP Login

A user failed to login using FTP with the following username: guest 3 times

Failed FTP Login

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38753

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35844

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39417

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48861, 154.59.121.142:55575 and 154.59.121.142:60727

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:33807

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57057

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:60368

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36019

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:34645, 154.59.121.142:41008 and 154.59.121.142:59423

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56154

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57213

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:44982

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:59123

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:43514

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48618

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41543, 154.59.121.142:44730, 154.59.121.142:50723 and 154.59.121.142:58808

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41588, 154.59.121.142:44009 and 154.59.121.142:60192

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39250, 154.59.121.142:40155 and 154.59.121.142:53439

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:39522 and 154.59.121.142:60007

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:41307 and 154.59.121.142:46288

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:46387, 154.59.121.142:48586 and 154.59.121.142:57943

Process /usr/local/sbin/vsftpd started listening on ports: 6260

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:46873 and 154.59.121.142:57322

FTP SMNT commands with arguments /tmp were executed 6 times

FTP Smnt Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:37386, 154.59.121.142:56958 and 154.59.121.142:58421

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:37194 and 154.59.121.142:51305

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:44210, 154.59.121.142:52902 and 154.59.121.142:56472

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:56513 and 154.59.121.142:60172

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36965 and 154.59.121.142:60754

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:34207 and 154.59.121.142:46509

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:36615 and 154.59.121.142:59075

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35013, 154.59.121.142:40162 and 154.59.121.142:59042

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 61504

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 56716

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 23230

Process /usr/local/sbin/vsftpd started listening on ports: 32171

Process /usr/local/sbin/vsftpd started listening on ports: 63741

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:53366

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38887

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:50651

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:54532

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:57142

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:49594

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:51907

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:48025

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:35129

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:38993

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.142:49628

Process /usr/local/sbin/vsftpd started listening on ports: 10225, 14995, 15780, 16003, 28085, 47627, 58906, 62334, 62442 and 63263

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 11322, 15833, 17213, 21997, 36480, 38475, 46300, 49372, 49837 and 52305

Listening

Connection was closed due to timeout

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 154.59.121.142​Malicious