๐บ๐ธ
bigscoots.com
2026-01-14 06:45:52
(6 months ago)
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on acco ...
show more
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jan 14 00:44:37 16741 sshd[3191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.71.116.214 user=root
Jan 14 00:44:39 16741 sshd[3191]: Failed password for root from 222.71.116.214 port 46615 ssh2
Jan 14 00:44:44 16741 sshd[3202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.96.225.178 user=root
Jan 14 00:45:27 16741 sshd[3348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.96.225.174 user=root
Jan 14 00:44:47 16741 sshd[3202]: Failed password for root from 66.96.225.178 port 38416 ssh2
IP Addresses Blocked:
222.71.116.214 (CN/China/-)
66.96.225.178 (ID/Indonesia/host-66-96-225-178.myrepublic.co.id)
show less
Brute-Force
SSH
๐บ๐ธ
bigscoots.com
2026-01-13 18:44:00
(6 months ago)
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on acco ...
show more
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on account [dlink] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jan 13 12:43:40 14827 sshd[19996]: Invalid user dlink from 66.96.225.174 port 48746
Jan 13 12:12:14 14827 sshd[16391]: Invalid user dlink from 62.146.228.81 port 36492
Jan 13 12:12:16 14827 sshd[16391]: Failed password for invalid user dlink from 62.146.228.81 port 36492 ssh2
Jan 13 12:14:50 14827 sshd[16668]: Invalid user dlink from 45.78.219.186 port 34656
Jan 13 12:14:52 14827 sshd[16668]: Failed password for invalid user dlink from 45.78.219.186 port 34656 ssh2
IP Addresses Blocked:
show less
Brute-Force
SSH
๐บ๐ธ
bigscoots.com
2026-01-13 02:24:18
(6 months ago)
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on acco ...
show more
66.96.225.174 (ID/Indonesia/host-66-96-225-174.myrepublic.co.id), 5 distributed sshd attacks on account [ubuntu] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jan 12 20:23:33 14850 sshd[8249]: Invalid user ubuntu from 66.96.225.69 port 52750
Jan 12 20:23:35 14850 sshd[8249]: Failed password for invalid user ubuntu from 66.96.225.69 port 52750 ssh2
Jan 12 20:24:10 14850 sshd[8319]: Invalid user ubuntu from 103.47.133.103 port 58594
Jan 12 20:22:15 14850 sshd[8166]: Invalid user ubuntu from 66.96.225.174 port 53694
Jan 12 20:22:17 14850 sshd[8166]: Failed password for invalid user ubuntu from 66.96.225.174 port 53694 ssh2
IP Addresses Blocked:
66.96.225.69 (ID/Indonesia/host-66-96-225-69.myrepublic.co.id)
103.47.133.103 (ID/Indonesia/host-103-47-133-103.myrepublic.co.id)
show less
Brute-Force
SSH
๐ฉ๐ฐ
castipo
2025-10-27 07:07:31
(8 months ago)
nginx-http :: 66.96.225.174 - vps.[host]o.my.id "GET /error.wav HTTP/1.1" 206 171564 "https://vps.[h ...
show more
nginx-http :: 66.96.225.174 - vps.[host]o.my.id "GET /error.wav HTTP/1.1" 206 171564 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=99415680df776045-SIN
66.96.225.174 - - [25/Oct/2025:18:22:07 +0700] "GET /windows10_preview.webp HTTP/1.1" 304 0 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36"
66.96.225.174 - vps.[host]o.my.id "GET /windows10_preview.webp HTTP/1.1" 304 0 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=9941567f38dc6046-FRA
66.96.225.174 - - [26/Oct/2025:23:59:20 +0700] "GET /.env HTTP/1.1" 404 1451 "-" "Mozilla/5.0 (Wi
show less
Hacking
Web App Attack
๐ฉ๐ฐ
castipo
2025-10-27 06:10:10
(8 months ago)
nginx-http :: 66.96.225.174 - vps.[host]o.my.id "GET /success.wav HTTP/1.1" 206 23580 "https://vps.[ ...
show more
nginx-http :: 66.96.225.174 - vps.[host]o.my.id "GET /success.wav HTTP/1.1" 206 23580 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=99415680df766045-SIN
66.96.225.174 - - [25/Oct/2025:18:22:06 +0700] "GET /error.wav HTTP/1.1" 206 171564 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36"
66.96.225.174 - vps.[host]o.my.id "GET /error.wav HTTP/1.1" 206 171564 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=99415680df776045-SIN
66.96.225.174 - - [25/Oct/2025:18:22:07 +0700] "GET /windows10_preview.webp HTTP/1.1" 304 0 "https://vps.[host]o
show less
Hacking
Web App Attack
๐บ๐ธ
ipblock.com
2025-10-27 01:38:00
(8 months ago)
IPBlock protected site ID [4055-d][s=03].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
castipo
2025-10-26 16:59:34
(8 months ago)
nginx-botsearch :: 66.96.225.174 - vps.[host]o.my.id "GET /windows10.webp HTTP/1.1" 304 0 "https://v ...
show more
nginx-botsearch :: 66.96.225.174 - vps.[host]o.my.id "GET /windows10.webp HTTP/1.1" 304 0 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=9941567f8f5b6045-FRA
66.96.225.174 - - [25/Oct/2025:18:22:06 +0700] "GET /success.wav HTTP/1.1" 206 23580 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36"
66.96.225.174 - vps.[host]o.my.id "GET /success.wav HTTP/1.1" 206 23580 "https://vps.[host]o.my.id/activate?token=070565de0aae4b36b0169affdd34eeb8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[ip] Safari/537.36" cfip=66.96.225.174 cfray=99415680df766045-SIN
66.96.225.174 - - [25/Oct/2025:18:22:06 +0700] "GET /error.wav HTTP/1.1" 206 171564 "https://vps.[host]o.m
show less
Port Scan
Hacking
Web App Attack
๐ฎ๐ฉ
penjaga BRIN
2025-05-26 04:10:07
(1 year ago)
apache-alfa-111
Web App Attack
Anonymous
2025-05-23 18:55:03
(1 year ago)
Web Scanning Attack to Multiple Domain
DDoS Attack
Ping of Death
Web Spam
SQL Injection
๐ฎ๐ฉ
Ridwan Na'im
2024-12-19 02:31:29
(1 year ago)
Shellshock attack detected - Exploitation for Privilege Escalation,Exploit Public-Facing Application
Hacking
Web App Attack
๐ฎ๐ฉ
Ridwan Na'im
2024-12-19 01:40:48
(1 year ago)
Multiple web server 400 error codes from same source ip. - Vulnerability Scanning
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2024-12-17 11:13:28
(1 year ago)
[Tue Dec 17 11:49:32.100785 2024] [security2:error] [pid 751809:tid 132717257660096] [client 66.96.2 ...
show more
[Tue Dec 17 11:49:32.100785 2024] [security2:error] [pid 751809:tid 132717257660096] [client 66.96.225.174:59098] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.9.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulanan/555558811-prakiraan-bulanan-curah-hujan-bulan-agustus-tahun-2021-update-dari-analisis-bulan-mei-tahun-2021-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulanan/555558811-prakiraan-bulanan-curah-hujan-bulan-agustus-tahun-2021-update-dari-analisis-bulan-mei-tahun-2021-di-prov
...
show less
Hacking
Web App Attack
๐ฎ๐ฉ
amanat institute
2024-08-31 15:25:00
(1 year ago)
ddos scanning web app
DDoS Attack
Brute-Force
Anonymous
2024-06-18 13:55:01
(2 years ago)
XSS Attempt
Hacking
๐ฎ๐ฉ
hermawan
2023-11-28 14:08:52
(2 years ago)
[Tue Nov 28 21:08:48.681561 2023] [security2:error] [pid 260825:tid 139944972248640] [client 66.96.2 ...
show more
[Tue Nov 28 21:08:48.681561 2023] [security2:error] [pid 260825:tid 139944972248640] [client 66.96.225.174:60016] [client 66.96.225.174] ModSecurity: Access denied with code 403 (phase 1). Match of "pm www.google.com https://www.google.fi/ android-app://com.google.android.gm myactivity.google.com applebot iPhone bingbot https://yandex.com/ https://www.google.com.tw sih3.dpuair.jatimprov.go.id duckduckgo.com neeva.com mail.google.com dpuair.jatimprov ..." against "REQUEST_HEADERS:Referer" required. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "63"] [id "440067"] [msg "BAD Referer"] [data "Matched Data: staklim-jatim.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.perplexity.ai/ request_line = GET /images/Klimatologi/Analisis/03-Analisis_Bulanan/Analisis_Distibusi_Curah_Hujan_Bulanan/Analisis_Distibusi_Curah_Hujan_Bulanan_Provinsi_Jawa_Timur/2021/03/Analisis_Bulanan_Distribusi_Curah_Hujan_Bulan_Maret_Tahun_2021_di_Provinsi_Ja
...
show less
Hacking
Web App Attack