IP Address: 154.59.121.146Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
154.59.121.146​
Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Connect-Back, Scanner

Services Targeted

SSH MSSQL

Tags

Failed FTP Login Access Suspicious Domain SSH NetBIOS DNS Query FTP Smnt Command HTTP Listening MSSQL 100+ Ftp Commands FTP FTP Site Command Outgoing Connection

Associated Attack Servers

qualys-9a3b7992

160.62.12.231

Basic Information

IP Address

154.59.121.146

Domain

-

ISP

Cogent Communications

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-03-01

Last seen in Guardicore Centra

2020-09-01

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user failed to login using FTP with the following username: uJ50g7Xm 2 times

Failed FTP Login

A user failed to login using FTP with the following username: guest 2 times

Failed FTP Login

Process /usr/sbin/smbd attempted to access suspicious domains: qualys-9a3b7992 6 times

DNS Query Access Suspicious Domain

A user failed to login using FTP with the following username: ur49DVci 2 times

Failed FTP Login

A user failed to login using FTP with the following username: guest 2 times

Failed FTP Login

A user failed to login using FTP with the following username: ugUslVUe 2 times

Failed FTP Login

A user failed to login using FTP with the following username: uyojUmiL

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: uunQ6YQo

Failed FTP Login

A user failed to login using FTP with the following username: uyojUmiL

Failed FTP Login

A user failed to login using FTP with the following username: guest

Failed FTP Login

A user failed to login using FTP with the following username: uunQ6YQo

Failed FTP Login

A user failed to login using FTP with the following username: guest 4 times

Failed FTP Login

FTP SITE commands EXEC %p %p %p %p /.a were executed

FTP Site Command

FTP SITE commands EXEC %p %p %p %p were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:38507, 154.59.121.146:42958, 154.59.121.146:55570 and 154.59.121.146:55644

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:33491, 154.59.121.146:34092 and 154.59.121.146:38643

FTP SITE commands EXEC %p %p %p %p /.a were executed 13 times

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:54744

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:50955

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:45868

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:57214

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:48779

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:48673

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:55657

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:47272

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:45030

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:33016

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:57531

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:60945

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:54130

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:46484 and 154.59.121.146:48791

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:56300 and 154.59.121.146:56406

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:38063 and 154.59.121.146:39601

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:33488 and 154.59.121.146:40296

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:38360 and 154.59.121.146:39204

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:43164, 154.59.121.146:51941 and 154.59.121.146:52999

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:44747 and 154.59.121.146:53045

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:39710 and 154.59.121.146:50183

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:42174, 154.59.121.146:45277 and 154.59.121.146:45849

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:33019 and 154.59.121.146:46591

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:36012 and 154.59.121.146:44065

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:41845, 154.59.121.146:43056 and 154.59.121.146:60347

Outgoing Connection

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:51780 and 154.59.121.146:60457

Process /usr/local/sbin/vsftpd started listening on ports: 30710

FTP SMNT commands with arguments /tmp were executed 5 times

FTP Smnt Command

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 27100

FTP SITE commands CHMOD 700 QTest /QTest were executed

FTP Site Command

FTP SITE commands IDLE /QTest were executed

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed

FTP Site Command

FTP SITE commands CHMOD 700 QTest /QTest were executed 2 times

FTP Site Command

FTP SITE commands IDLE /QTest were executed 2 times

FTP Site Command

FTP SITE commands IDLE 10000 /QTest were executed 2 times

FTP Site Command

Process /usr/local/sbin/vsftpd started listening on ports: 61731

Process /usr/local/sbin/vsftpd started listening on ports: 5626

Process /usr/local/sbin/vsftpd started listening on ports: 22321

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:52569

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:50075

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:42125

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:47478

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:52856

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:50450

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:44841

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:34559

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:32873

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:52944

Process /usr/local/sbin/vsftpd generated outgoing network traffic to: 154.59.121.146:45620

Process /usr/local/sbin/vsftpd started listening on ports: 22776, 24088, 24092, 31862, 43150, 44548, 50677, 59920, 63078 and 63832

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 21965, 22093, 39800, 45672, 46763, 49935, 50581, 58622, 8865 and 8988

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 18836, 19843, 28378, 30330, 30363, 35912, 54623, 56275, 58814 and 9657

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 20644, 23036, 23268, 28988, 51401, 56909, 63216 and 64181

Listening

Process /usr/local/sbin/vsftpd started listening on ports: 11787, 25782, 47616, 54894 and 9322

Connection was closed due to timeout

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 154.59.121.146​Malicious