# http://www.atomicorp.com/ # Atomicorp (Gotroot.com) ModSecurity rules # Search Engine Recon/Search Engine Hacks Security Rules for modsec 2.x # # Created by Prometheus Global (http://www.prometheus-group.com) # Copyright 2005-2019 by Atomicorp, Inc., all rights reserved. # Redistribution is strictly prohibited in any form, including whole or in part. # Distribution of this work or derivative of this work in any form is # prohibited unless prior written permission is obtained from the # copyright holder. # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # #---ASL-CONFIG-FILE--- # Do not edit this file! # This file is generated and changes will be overwritten. # # If you need to make changes to the rules, please follow the procedure here: # http://www.atomicorp.com/wiki/index.php/Mod_security # Note: For modsecurity 2.5 and above only # Use 404 for these rules to trick attackers and search engines # TODO - dont check internal referrers SecDefaultAction "log,deny,auditlog,phase:2,status:404" SecRule REQUEST_HEADERS:Referer "@pm power /index.php index.php? phpmyexplorer inurl: intitle: intext: inbody: insite: administrator phpwebthings driven 1999-2004 wpceasy exploit running version display_blog.php copyright phpsurveyor php-zeronet based zero duware webcalendar webwizguestbook_license.asp contentid details.php ebliteck script.canavari.com snipe.net reserved glfusion project postnuke option= flatnuke website crew flatnuke md-pro manager cmp-noticias downloader management warning pages.php error password passwd ora- wp-db-backup incorrect unexpected illegal valid sql unclosed problem allowed cgi-telnet unit-x c99 safe_mode r57 phpinfo locus c100 haxplorer danyliw transcoder.cgi phpshell zabbix" "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333926,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:333787,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS" SecRule REQUEST_HEADERS:Referer "@pm index.php?id= index.php?option= transcoder.cgi pages.php zabbix" "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333927,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:333788,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_BASIC" SecRule REQUEST_HEADERS:Referer "zabbix 1\.8\.4 copyright 2001-2010 by sia zabbix" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'" SecRule REQUEST_HEADERS:Referer "filetype:cgi transcoder\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?id=cmp-noticias" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?option=com_(?:ezine|mambads|is|vr|altas|rwcards|resman|expose|qcontacts|swmenupro|sef)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by drake cms inurl:index\.php\?option=guestbook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:pages\.php\?id= ?multi vendor mall" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372746,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by phpcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecMarker END_RECON_CHECKS_BASIC #inurl SecRule REQUEST_HEADERS:Referer "inurl:" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333928,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:333789,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL" #inurl:option=com_media SecRule REQUEST_HEADERS:Referer "inurl\: ?option=com_media" "deny,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376425,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Joomla Media Manager File Upload Bypass Recon Attempt'" #inurl:wp-content/plugins/w3tc/dbcache SecRule REQUEST_HEADERS:Referer "inurl\: ?wp-content/(?:plugins/(?:w3tc/dbcache|dbcache)|w3tc/dbcache)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: W3TC Total Cache Recon Attempt'" # Google Dork: inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/" SecRule REQUEST_HEADERS:Referer "inurl:.*plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Deans with pwwangs code plugin Recon Attempt'" SecRule REQUEST_HEADERS:Referer "@pm php shtml" "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333929,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:333790,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL_PHP" SecRule REQUEST_HEADERS:Referer "@pm inurl:index.php /index.php index.php? wp-db-backup.php i_index.shtml phpmyexplorer /connector.php /upload.php" "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333930,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:323791,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INDEX_PHP" SecRule REQUEST_HEADERS:Referer "inurl.*/connectors/php/(?:connector|upload)\.php " "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: FCKeditor Vulnerable Upload Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:php advanced transfer \(inurl:index\.php \| inurl:showrecent\.php \)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:textpattern/index\.php" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?pagedb=rss" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371983,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/counter/index\.php intitle:\+phpcounter 7\.\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:typo3/index\.php\?u= -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "i_index\.shtml ready" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371545,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?edicion_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?module=pnflashgames" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:lists/\?p=subscribe \| inurl:lists/index\.php\?p=subscribe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?name=pnphpbb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phpwcms/index\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:modules/articles/index\.php\?cat_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "mumbo jumbo media.*inurl:index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372587,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?menu=showcat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?css=mid=art=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372633,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?mod=archives" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372732,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "site designed and built by powder blue\. inurl:index\.php\?id_page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372750,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372753,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_mojo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372754,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?option=com_(?:paxgallery|ice|joomlaconnect_be|races|akobook|lowcosthotels|lqm showresults|annuaire|doqment|catalogue|storedirectory|competitions|jeajaxeventcalendar|ponygallery|flexicontent|jombib|liveticker)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?title=gamepage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372766,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?myplantid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372797,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?menu=adorder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_dbquery or index\.php\?option=com_dbquery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372862,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:php advanced transfer .*inurl:(?:index|showrecent)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/gadmin/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372240,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?db=information_schema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?ind=blog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372276,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php site=sglinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.php\?module=ew_filemanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "plugins/wp-db-backup/wp-db-backup\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:buyer/index\.php\?productid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecMarker END_RECON_CHECKS_INDEX_PHP SecRule REQUEST_HEADERS:Referer "inurl:prog\.php\?dwkodu=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:contentpage\.php\?id= or inurl:displayresource\.php\?id= and in(?:text|body):website by mile high creative" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372724,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ratelink\.php\?lnkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372779,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:main_forum\.php\?cat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372755,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cms/page\.php\?p=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php/showcontent\.php\?linkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372840,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:wordpress › setup configuration file.*inurl:setup-config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phporacleadmin/php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:php inurl:logging\.php discuz error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:config\.php\.new \+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cricket/grapher\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "e107\.org 2002/2003 inurl:forum_post\.php\?nt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371559,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:nquser\.php filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "phpfreenews inurl:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php\.exe filetype:exe -example\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371577,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:click\.php in(?:text|body):phpclicklog " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:plog/register\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:php explorer ext:php inurl:(?:phpexplorer|list|browse)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371600,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:php inurl:viewfile -index\.php -idfil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by invision power file manager \(inurl:login\.php\) \| \(intitle:browsing directory / \) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371632,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:src/login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\+:8443/login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:please login - forums powered by ubb\.threads\)\|\(inurl:login\.php ubb\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371687,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:please login - forums powered by wwwthreads\)\|\(inurl:wwwthreads/login\.php\)\|\(inurl:wwwthreads/login\.pl\?cat=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371694,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php121login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371697,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:vsadmin/login \| inurl:vsadmin/admin inurl:\.php\|\.asp -response\.buffer = true -javascript" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371701,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/admin/configuration\. php\? mystore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371704,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:textpattern/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*tiki-edit_submission\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: tiki-edit Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*edit_blog\.php.*filetype\:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: edit_blog.php Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "enter ip.*inurl.*php-ping\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*install.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*phpsysinfo.*created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "squirrelmail version 1\.4\.4.*inurl:src ext\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:.*upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:wordpress › setup configuration file.*inurl:setup-config\.php\?step=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phporacleadmin/php -download -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:config\.php dbuname dbpass" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/xampp/security\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phpinfo\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371243,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:configuration\.php-dist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):viewcvs inurl:settings\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:webstatistica inurl:main\.php\) \| \(intitle:webstatistica server\) -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc\.com -edu -software -rob_2926 -crack\.ru -edeco\.cn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:wp-mail\.php \+there doesn't seem to be any new mail\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "-site:php\.net -the php group inurl:source inurl:url ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:\.?php inurl:index inurl:phpicalendar -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371330,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):sqlitemanager inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371343,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cacti \+inurl:graph_view\.php \+settings tree view -cvs -rpm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:vbstats\.php page generated" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:main\.php welcome to phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371449,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:main\.php phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371450,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "phpmyadmin running on inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:updown\.php \| in(?:text|body):powered by php uploader downloader " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "mail-it now! intitle:contact form \| inurl:contact\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371561,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by flexphpnews inurl:news \| inurl:press" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371565,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by: simplicity of upload inurl:download\.php \| inurl:upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:page\.php\?intpageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\?act=phpinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372272,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\?delete in(?:text|body):php version in(?:text|body):safe_mode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372273,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372318,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:php-stats\.js\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "100% \| 50% \| 25% back to gallery inurl:show\.php\?imageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:pmwiki\.php \+page last modified on \| pmwikiphilosophy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/webquest/soporte_derecha_w\.php\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372441,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:roschedule\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):phpbb - auction inurl:auction" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:fclick\.php\?fid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:xampp/biorhythm\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:show_memorial\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372534,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by epay enterprise inurl:shop\.htm\?cid= \| nurl:shop\.php\?cid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:forum_answer\.php\?que_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by mobpartner inurl:chat\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:casting_view\.php\?adnum=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:fullview\.php\?tempid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cal_day\.php\?op=day&catview=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:clientsignup\.php classifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:offers\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:es_offer\.php\?files_dir=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:coursepage\.php\?id= in(?:text|body):web site design by : aim web design cheshire" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/phpplanner/userinfo\.php\?userid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:links\.php\?t=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cont_form\.php\?cf_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372693,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "phpfreenews inurl\:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPFreeNews Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371888,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:\.?php inurl:ipinfo\.php distributed intrusion detection system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371939,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:portscan\.php from port\|port range" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371947,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/adm-cfgedit\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371948,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:\.?php inurl:nqt in(?:text|body):network query tool " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371953,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phpsysinfo/ created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371970,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/vb/install/(?:install|upgrade)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371975,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "there are no administrators accounts inurl:admin\.php -mysql_fetch_row" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371997,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:\.?php inurl:vauthenticate" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:intranet admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372018,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:info\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:footer\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:search\.php vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:veo observer xt -inurl:shtml\|pl\|php\|htm\|asp\|aspx\|pdf\|cfm -in(?:text|body):observer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:netbotz appliance -inurl:\.php -inurl:\.asp -inurl:\.pdf -inurl:securitypipeline -announces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:idvr -intitle:com \| net \| shop -inurl:asp \| htm \| pdf \| html \| php \| shtml \| com \| at \| cgi \| tv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372146,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:panorama-viewer\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecMarker END_RECON_CHECKS_INURL_PHP SecRule REQUEST_HEADERS:Referer "inurl.*/cgi-bin/query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: /cgi-bin/guery Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*wps_shop\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: wps_shop.cgi Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*passwd.txt.*wwwboard.*webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:351008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: passwd.txt Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*admin\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: admin.mdb Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "file upload manager v1\.3.*rename to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "wwwboard webadmin.*inurl:passwd\.txt wwwboard\|webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:.*com_koesubmit" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl.*estore/index\.cgi\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:.*id=.*\&.*intext.*warning: ?(?:mysql_fetch_assoc|mysql_num_rows|session_start|getimagesize|is_writable|unknown|mysql_result|pg_exec|mysql_result|mysql_query|array_merge|preg_match|filesize|require)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl: ?com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: LFI Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "inurl:root\.asp\?acs=anon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:conf inurl:proftpd\.conf -sample " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:admin filetype:asp inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:admin inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:tmtrack\.dll\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:polly/cp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:net2ftp powered by net2ftp inurl:ftp or in(?:text|body):login or inurl:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:connectcomputer/precheck\.htm \| inurl:remote/logon\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:81/cgi-bin/\.cobalt/.*in(?:text|body):welcome to the cobalt raq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "adding new user inurl:addnewuser -there are no domains" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:calendarscript/users\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:editor/list\.asp \| inurl:database_editor\.asp \| inurl:login\.asa are set" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:yml database inurl:config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sites\.dat\+pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/yabb/members/admin\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:dat inurl:sites\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin inurl:calendar\.cfg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:dat inurl:pass\.dat" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:perform\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "wwwboard webadmin inurl:passwd\.txt wwwboard\|webadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:txt inurl:unattend\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:filezilla\.xml -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:dupics inurl:\(add\.asp \| default\.asp \| view\.asp \| voting\.asp\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:ini inurl:serv-u\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:ini inurl:flashfxp\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:bak inurl:htaccess\|passwd\|shadow\|htusers" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/db/main\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:nuke filetype:sql" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/wwwboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:pwd inurl:\(service \| authors \| administrators \| users\) # -frontpage-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:conf inurl:psybnc\.conf user\.pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:mdb inurl:users\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:log inurl:ccbill" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371118,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:slapd\.conf in(?:text|body):rootpw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:slapd\.conf in(?:text|body):credentials -manpage -manual page -man: -sample" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:url \+inurl:ftp:// \+inurl:@" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:vtund\.conf in(?:text|body):pass -cvs" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:perform filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl: admin mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:secring ext:skr \| ext:pgp \| ext:bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371151,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:auth_user_file\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:configuration\.file inurl:softcart\.exe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sitebuilderpictures" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sitebuilderfiles" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sitebuildercontent" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype: log inurl:access\.log \+in(?:text|body):http/1\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "cisco pix security appliance software version \+ serial number \+ show ver -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:prtg traffic grapher inurl:allsensors\)\|\(intitle:prtg traffic grapher - monitoring results\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:build\.err " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cgi-bin/pass\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:bookmarks inurl:bookmarks\.html bookmarks toolbar folder add bookmarks to this folder to see them displayed on the bookmarks toolbar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371260,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:\(doc \| pdf \| xls \| txt \| ps \| rtf \| odt \| sxw \| psw \| ppt \| pps \| xml\) \(in(?:text|body):confidential salary \| in(?:text|body):budget approved\) inurl:confidential" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371266,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "site:www\.mailinator\.com inurl:showmail\.do" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371267,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cdkey\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371268,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:xccdonts\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371271,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:plist filetype:plist inurl:bookmarks\.plist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371277,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "machttp filetype:log inurl:machttp\.log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371279,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:weblog/referrers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:getmsg\.html intitle:hotmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371283,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371287,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:bookmark\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371288,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:netscape\.ini " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371290,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:txt inurl:dxdiag" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cnf inurl:_vti_pvt access\.cnf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:preferences\.ini \[emule\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371302,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:conf inurl:rsyncd\.conf -cvs -man" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371303,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ds\.py" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371304,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/axs/ax-admin\.pl -script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:docushare inurl:docushare/dsweb/ -faq -gov -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:report everest home edition " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371317,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:apache::status \(inurl:server-status \| inurl:status\.html \| inurl:apache\.html\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371319,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:cgi inurl:editcgi\.cgi inurl:file=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:putty\.reg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371326,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "certificate practice statement inurl:\(pdf \| doc\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:inf inurl:capolicy\.inf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:log\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin/testcgi\.exe please distribute testcgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:mdb inurl:\*\.mdb inurl:fpdb shop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "installed objects scanner inurl:default\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371340,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:odbc\.ini ext:ini -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371342,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/_layouts/settings" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371345,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:pst inurl:outlook\.pst" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/names\.nsf\?opendatabase -inurl:gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371350,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:xls inurl:email\.xls " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:pot inurl:john\.pot " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371354,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:snitz_forums_2000\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:asp inurl:pathto\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:xls -site:gov inurl:contact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371364,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(inurl:robot\.txt \| inurl:robots\.txt \) in(?:text|body):disallow filetype:txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\*db filetype:mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371372,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:profiles filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371376,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:forum filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:backup filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:email filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ssl\.conf filetype:conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371386,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/public/\?cmd=contents" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371393,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:conf inurl:unrealircd\.conf -cvs -gentoo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:forward filetype:forward -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371397,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:intranet inurl:intranet \+in(?:text|body):phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:conf inurl:firewall -intitle:cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:smb\.conf in(?:text|body):workgroup filetype:conf conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:tdbin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:server-info apache server information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:perl/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:fcgi-bin/echo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:server-status apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:servlet/snoopservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371426,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/examples/jsp/snp/snoop\.jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371429,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:admin filetype:xls" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ipsec\.conf -intitle:manpage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ipsec\.secrets holds shared secrets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ipsec\.secrets -history -bugs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:'cgiirc\.config'" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:wl\.exe inurl:\?ss1= in(?:text|body):operating system: -edu -gov -mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371482,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:nnls_brand\.html or inurl:nnls_nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371483,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(inurl:81-cobalt \| inurl:cgi-bin/\.cobalt\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:oraweb -site:oraweb\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "netware \* home inurl:nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "xampp inurl:xampp/index" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:2506/jana-admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371500,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "switch to table format inurl:table\|plain" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:answerbook2 inurl:ab2/ \(inurl:8888 \| inurl:8889\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371513,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:page rev \*/\*/\* inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371533,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\.nsconfig -sa" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371535,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:snap\.server inurl:func=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:tech-support inurl:show cisco" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:simplenews/admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:guestbook/guestbooklist\.asp post date from country" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371553,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:control panel control panel login articlelive inurl:admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371557,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cartwiz/store/index\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371558,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "maxwebportal inurl:default snitz forums \+homepage -intitle:maxwebportal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371560,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin inurl:bigate\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:pl -in(?:text|body):/usr/bin/perl inurl:webcal \(inurl:webcal \| inurl:add \| inurl:delete \| inurl:config\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371575,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:mdb inurl:news/news" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:asp powered by duforum inurl:\(messages\|details\|login\|default\|register\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371579,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:asp inurl:dugallery intitle:3\.0 -site:dugallery\.com -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371580,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cgi inurl:cachemgr\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl: wwwadmin\.pl intitle:wwwadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371591,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi\.asx\?storeid " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:gallery inurl:setup gallery configuration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371595,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:nph-proxy\.cgi start browsing through this cgi-based proxy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:robpoll\.cgi filetype:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371599,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:cgi inurl:ubb6_test\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371601,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:index\.of ios -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:index\.of cisco asa -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371609,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:install\.pl in(?:text|body):reading path paramaters -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "log inurl:linklint filetype:txt -checking" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:upload inurl:upload in(?:text|body):upload -forum -shop -support -w3c " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/\*/_vti_pvt/ \| inurl:/\*/_vti_cnf/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371629,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:index\.of \(inurl:fileadmin \| intitle:fileadmin\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371641,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):d\.aspx\?id \|\| inurl:d\.aspx\?id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:explorer\.cfm inurl:\(dirpath\|this_directory\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:intranet inurl:intranet \+in(?:text|body):human resources" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/tmp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/pls/sample/admin_/help/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371655,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ojspdemos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:j2ee/examples/jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:backup intitle:index\.of inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371663,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/dana-na/auth/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371672,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "remote supervisor adapter ii inurl:userlogin_logo\.ssi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/\?pagename=customerlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371681,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "surgemail inurl:/cgi/user\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371682,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:shoutcast administrator inurl:admin\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/slxweb\.dll/external\?name=\(custportal\|webticketcust\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371695,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:2000 intitle:remotelyanywhere -site:realvnc\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371703,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ids5web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ovislink inurl:private/login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:3300 integrated communications platform inurl:main\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/merchant2/admin\.mv \| inurl:/merchant2/admin\.mvc \| intitle:miva merchant administration login -inurl:cheap-malboro\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:webvpn\.html login please enter your" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:novell web services groupwise -inurl:doc/11924 -\.mil -\.edu -\.gov -filetype:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ocw_login_username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:supero doctor iii -inurl:supermicro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:login forum powered by anyboard intitle:if you are a new user in(?:text|body):forum powered by anyboard inurl:gochat -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371733,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:login to the forums - @www\.aimoo\.com inurl:login\.cfm\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371734,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modcp/ in(?:text|body):moderator\+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371736,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "login prompt inurl:gm\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371738,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cscreatepro\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):welcome to inurl:cp intitle:h-sphere inurl:begin\.html -fee" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:xcauctionlite \| driven by xcent lite inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371765,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:visnetic webmail inurl:/mail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371767,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/susadmin intitle:microsoft software update services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371768,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:exchweb/bin/auth/owalogon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371769,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:citrix/metaframe/default/default\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl::2082/frontend -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371771,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:open-xchange inurl:login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:gnatsweb\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371775,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:zope help system inurl:helpsys" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):vbulletin inurl:admincp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:endymion\.saké\.mail\.login\.page \| inurl:sake\.servlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371783,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:bin\.welcome\.sh \| inurl:bin\.welcome\.bat \| intitle:ehealth\.5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:vmware management interface: inurl:vmware/en/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371789,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:webmail\./index\.pl interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:wps/portal/ login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:suse/login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371793,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:wcp_user" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371796,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:orasso\.wwsso_app_admin\.ls_login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:usysinfo\?login=true" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371803,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:631/admin \(inurl:op=\*\) \| \(intitle:cups\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:activex/default\.htm demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:1810 oracle enterprise manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:weblogic server intitle:console login inurl:console" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:1220/parse_xml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371819,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:coranto\.cgi intitle:login \(authorized users only\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/webedit\.\* in(?:text|body):webedit professional -html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:irc filetype:cgi cgi:irc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/dana-na/auth/welcome\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "opensrs domain management inurl:manage\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371835,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:confixx inurl:login\|anmeldung" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:calendar\.asp\?action=login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:default\.asp intitle:webcommander " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371847,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:omail-admin administration login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371849,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:microsoft certificate services inurl:certsrv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:mewebmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371851,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:administrator welcome to mambo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371854,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "login to usermin inurl:20000" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371858,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:gs/adminlogin\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371863,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin/ultimatebb\.cgi\?ubb=login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371869,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cgi-bin/sqwebmail\?noframes=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371874,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(inurl:ars/cgi-bin/arweb\?o=0 \| inurl:arweb\.jsp\) -site:remedy\.com -site:mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371875,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:utilities/treeview\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371877,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cgi inurl:irc\.cgi \| intitle:cgi:irc login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371882,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:exchange/logon\.asp or intitle:microsoft outlook web access - logon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371883,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/eprise/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371889,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:login filetype:swf swf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371892,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:webadmin filetype:nsf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371893,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/citrix/nfuse17/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371895,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:metaframexp/default/login\.asp \| intitle:metaframe xp login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371896,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:names\.nsf\?opendatabase" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371897,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:remote\.desktop\.web\.connection inurl:tsweb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371898,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "vnc desktop inurl:5800" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371900,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/admin/login\.asp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371901,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371902,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl::10000 in(?:text|body):webmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371903,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:login\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371904,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:exchange/logon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371906,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:midicart\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371910,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:shopdbtest\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371912,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/database/comersus\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371913,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:shopadmin\.asp shop administrators only" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371914,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:nmconsole/login\.asp \| intitle:login - ipswitch whatsup professional 2005 \| in(?:text|body):ipswitch whatsup professional 2005 \(sp1\) ipswitch" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371919,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:crazywwwboard\.cgi in(?:text|body):detailed debugging information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371920,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ovcgi/jovw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371921,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:proxy \| inurl:wpad ext:pac \| ext:dat findproxyforurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371922,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:webalizer filetype:png -\.gov -\.edu -\.mil -opendarwin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371923,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:status\.cgi\?host=all -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371927,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:login\.jsp\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371928,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sitescope\.html intitle:sitescope in(?:text|body):refresh -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371940,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:twiki inurl:twikiusers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371941,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "phorum admin database connection inurl:forum inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371942,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:testcgi xitami" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371944,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371949,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:statrep\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371950,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cgi-bin/finger\? in real life" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371951,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/cgi-bin/finger\? enter \(account\|host\|user\|username\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371952,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:map\.asp\? intitle:whatsup gold" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371954,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(\(inurl:ifgraph page generated at\) or \(this page was built using ifgraph\)\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371956,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/catalog\.nsf intitle:catalog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371957,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "by reimar hoven\. all rights reserved\. disclaimer \| inurl:log/logdb\.dta " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371962,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "looking glass \(inurl:lg/ \| inurl:lookingglass\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371965,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:rpsys\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371987,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "welcome to administration general local domains smtp authentication inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371989,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "set up the administrator user inurl:pivot" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371992,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/nsearch/adminservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371995,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:servlet/webacc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371996,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:newsdesk\.cgi\? inurl:t=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371999,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(inurl:/shop\.cgi/page=\) \| \(inurl:/shop\.pl/page=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:aol\*/_do/rss_popup\?blogid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "natterchat inurl:home\.asp -site:natterchat\.co\.uk " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cgi inurl:fileman\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cgi inurl:web_store\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:pls/admin_/gateway\.htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/\?pagename=administratorlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371678,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:manyservers\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:oscommerce inurl:admin in(?:text|body):redistributable under the gnuin(?:text|body):online catalog -demo -site:oscommerce\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:shop hassan consulting's shopping cart version 1\.18" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/level/15/exec/-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/exec/show/tech-support/cr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/level/15/exec/-/configure/http" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372034,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:”evocam” inurl:”webcam\.html”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:top vantage service gateway -inurl:zyxel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:wrcontrollite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:live view / - axis \| inurl:view/view\.shtml or inurl:view/indexframe\.shtml \| intitle:mjpg live demo \| in(?:text|body):select preset position" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372048,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgi-bin/guestimage\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:\(eyespyfx\|opticamfx\) go to camera\)\|\(inurl:servlet/detectbrowser\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:mobotix intitle:pdas\) \| \(intitle:mobotix intitle:seiten\) \| \(inurl:/pda/index\.html \+camera\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ok logout inurl:vb\.htm\?logout=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:nas inurl:indexeng\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372068,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:setdo\.cgi in(?:text|body):set do ok" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:::::: intellinet ip camera homepage ::::: or inurl:/main_activex\.asp or inurl:/main_applet\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372075,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "dcs inurl:/web/login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:axis inurl:/admin/admin\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/img/vr\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:sony snt-v304 video network station inurl:hsrindex\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(port_255/home\)\|\(inurl:home\?port=255\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:webdvr -inurl:product -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:java applet page inurl:ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "tilt intitle:live view / - axis \| inurl:view/view\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:configuration inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cgistart\?page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:s=320x240 \| inurl:s=160x120 inurl:q=mobile" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:dell \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372122,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:start\.htm\?scrw=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372124,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):powered by: adobe printgear inurl:admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372126,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:port_255 -htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372129,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:jpglogin\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/en/help\.cgi id=\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:lexmark \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:camctrl\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372152,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:na_admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:8003/display\?what=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372163,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:index\.htm\?cus\?audio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:network print server filetype:shtm \( inurl:u_printjobs \| inurl:u_server \| inurl:a_server \| inurl:u_generalhelp \| u_printjobs \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372167,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:next_file=main_fs\.htm inurl:img inurl:image\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:spam firewall inurl:8000/cgi-bin/index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "axis storpoint file view inurl:/volumes/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:ipp/pdisplay\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:smoothwall express inurl:cgi-bin up \* days" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:evocam inurl:webcam\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:axis-cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:level/15/exec/-/show" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:tivoconnect\?command=queryserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:netw_tcp\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(inurl:webarch/mainframe\.cgi \) \| \(intitle:web image monitor -htm -solutions\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:my webcamxp server! inurl::8080" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "camera linksys inurl:main\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:webeye inurl:login\.ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:hp/device/this\.lcdispatcher " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sts_index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:network administration inurl:nic" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(fiery webtools inurl:index2\.html\) \| webtools enable \* \* observe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372216,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:live view / - axis \| inurl:view/view\.shtml\^" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):centreware inurl:status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372220,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:liveapplet inurl:lvappl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372221,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:snc-z20 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:snc-rz30 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:viewerframe\?mode=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:indexframe\.shtml axis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_eventcal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:produtos\.asp\?produto=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:showcat\.asp\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_amresurrected" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:jscripts/tiny_mce/plugins/tinybrowser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372274,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_sqlreport" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:imageview5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_tophotelmodule" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372305,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/rmgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372323,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/debaser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372325,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/xfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/lykos_reviews/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "site powered by guppy \| site créé avec guppy \+inurl:lng=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372336,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by jaws \| powered by the jaws project \| inurl:\?gadget=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "toendacms is free software released under the gnu/gpl license\. \| powered by toendacms -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372402,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_gcalendar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:naviid \+ inurl:liste9" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered\.by\.raidenhttpd \+intitle:index\.of \| inurl:raidenhttpd-admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372407,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:sysinfo\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372412,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "by geeklog created this page in \+seconds \+powered inurl:public_html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:shop\.htm\?shopmgid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:directory listing for / \+ inurl:webdav tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372465,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_rsmonials" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\?option=com_bsadv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_(?:seyret|ezine|surveymanager|soundset|jbudgetsmagic|icrmbasic)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jp_jobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/wfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_annonces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372501,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_gameserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/myconference/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/glossaire/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/wflinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/zmagazine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_soundset" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/repository/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372522,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/library/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_iproperty" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jsjobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372531,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/myads/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_booklibrary" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/camportail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/jobs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372544,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/tinyevent/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/kshop/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_facebook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modules/friendfinder/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372555,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_fastball" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_digifolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372578,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:cihuy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:we_objectid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\?page=duyurular_detay&id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/macgurublog_menu/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ajaxchat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_mv_restaurantmenumanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372606,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ijoomla_archive" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/wp-content/plugins/wp-shopping-cart/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372613,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:e107_plugins/my_gallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_lyftenbloggie / powered by lyftenbloggie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372625,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_n-forms form_id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_agenda" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jpodium" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372637,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372643,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_tupinambis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_elite_experts" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ezstore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_xewebtv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372659,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_seminar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_hestar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:yvcomment" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_dms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_simplefaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_dateconverter" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372691,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_n-forms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:inc_webblogmanager\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jgen" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/wp-content/plugins/fgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jotloader" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):parlic design inurl:id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_eportfolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372711,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_bfsurvey_profree" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372718,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jembed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372720,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=articles artid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372721,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_jepoll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_kochsuite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372725,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/com_chronocontact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372726,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "powered by crownweb\.net! inurl:page\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\?pilih=forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372737,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ybggal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372777,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_djclassifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372781,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_artlinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/modernbill/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_virtuemart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:spaw2/dialogs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ice catid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_ahsshopdo=default" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_restaurante" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_simpledownload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:e107_plugins" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:module=my_egallery pid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/components/je-media-player\.html\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_accombo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_quickfaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:verliadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:com_linkdirectory" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:\.asp\? powered by comersus asp shopping cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372838,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:inc_securedocumentlibrary\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:option=com_huruhelpdesk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:pap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:chap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:passlist\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "please enter a valid password! inurl:polladmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "web-based management please input password to login" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):master account domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):master account domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:announce -inurl:lists " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371785,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "-login inurl:photopost/uploadphoto\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:phphotoalbum/statistics intitle:phphotoalbum - statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371806,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phphotoalbum - upload \| inurl:phphotoalbum/upload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371807,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:php advanced transfer inurl:login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:postfixadmin intitle:postfix admin ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:login\.php squirrelmail version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:plesk inurl:login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371834,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\+powered by indexu inurl:\(browse\|top_rated\|power_search\|hot\|browse\|create_admin_user\) filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371879,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:php inurl:webeditor\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371881,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:/counter/index\.php intitle:\+phpcounter 7" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371935,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "you can now password \| this is a special page only seen by you\. your profile visitors inurl:imchaos" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371991,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecMarker END_RECON_CHECKS_INURL #intext SecRule REQUEST_HEADERS:Referer "@pm intext: inbody:" "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333931,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:313792,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTEXT" SecRule REQUEST_HEADERS:Referer "intext:.*proudly powered by wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:377001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):steamuserpassphrase= in(?:text|body):steamappuser= -username -user" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:reg reg \+in(?:text|body):internet account manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "google for: \+in(?:text|body):webalizer \+in(?:text|body):total usernames \+in(?:text|body):usage statistics for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:shoutcast administrator\)\|\(in(?:text|body):u shoutcast d\.n\.a\.s\. status\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:php in(?:text|body):\$dbms\$dbhost\$dbuser\$dbpasswd\$table_prefixphpbb_installed" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:reg reg \+in(?:text|body):”winvnc3”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:asa \| ext:bak in(?:text|body):uid in(?:text|body):pwd -uid\.\.pwd database \| server \| dsn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371042,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "enable password \| secret current configuration -in(?:text|body):the" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:passwd -in(?:text|body):the -sample -example" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:rapidshare in(?:text|body):login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):enable password 7" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):enc_userpassword=\* ext:pcf" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371066,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):enable secret 5 \$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:config config in(?:text|body):appsettings user id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:pass pass in(?:text|body):userid" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:pem pem in(?:text|body):private" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:reg reg \+in(?:text|body):defaultusername \+in(?:text|body):defaultpassword" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:inc in(?:text|body):mysql_connect" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371142,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:index\.of in(?:text|body):secring\.skr\|secring\.pgp\|secring\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "allin(?:text|body):fs-admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371173,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):error message : error loading required libraries\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):warning: failed opening on line include_path" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371199,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):gmail invite in(?:text|body):http://gmail\.google\.com/gmail/a" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:ini in(?:text|body):env\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\( filetype:mail \| filetype:eml \| filetype:mbox \| filetype:mbx \) in(?:text|body):password\|subject " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "mail filetype:csv -site:gov in(?:text|body):name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):session start \* \* \* \*:\*:\* \* filetype:log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):\(password \| passcode\) in(?:text|body):\(username \| userid \| user\) filetype:csv" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371377,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:blt blt \+in(?:text|body):screenname" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:lic lic in(?:text|body):key" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:eml eml \+in(?:text|body):subject \+in(?:text|body):from \+in(?:text|body):to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371410,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:mbx mbx in(?:text|body):subject" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):tobias oetiker traffic analysis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):target multicast group beacon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:test page for the apache http server on fedora core in(?:text|body):fedora core test page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:object not found! in(?:text|body):apache/2\.0\.\* \(linux/suse\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):404 object not found microsoft-iis/5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:300 multiple choices in(?:text|body):server\.at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371537,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpstat in(?:text|body):browser in(?:text|body):phpstat setup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:inc inc in(?:text|body):setcookie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "allin(?:text|body):webserverx server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:ini desktop\.ini in(?:text|body):mydocs\.dll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371622,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:directory listing for in(?:text|body):tomcat -intitle:tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "filetype:cfg ks in(?:text|body):rootpw -sample -test -howto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:adventnet manageengine servicedesk plus\|remember me\. copyright © 2005 adventnet inc\. all rights reserved\.\) in(?:text|body):remember me " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371676,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):fill out the form below completely to change your password and user name\. if new username is left blank" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:xmail web administration interface in(?:text|body):login in(?:text|body):password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371763,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:worldclient in(?:text|body):© \(2003\|2004\) alt-n technologies\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):mail admins login here to administrate your domain\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371804,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):bitboard v2\.0 bitshifters bulletin board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371812,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:login in(?:text|body):rt is © copyright" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371813,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:novell web services in(?:text|body):select a service and a language\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371815,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:vhost in(?:text|body):vhost \. 2000-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371820,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):storage management server for intitle:server administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "novell netware in(?:text|body):netware management portal version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371867,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:emule \* intitle:- web control panel in(?:text|body):web control panel enter your password here\." "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371894,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "site:ups\.com intitle:ups package tracking in(?:text|body):1z ### ### ## #### ### #" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371909,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:belarc advisor current profile in(?:text|body):click here for belarc's pc management products" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371929,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):welcome to the web v\.networks intitle:v\.networks \[top\] -filetype:htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371936,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer " filetype:log in(?:text|body):connectionmanager2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371945,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer " intitle:sysinfo \* in(?:text|body):generated by sysinfo \* written by the gamblers\. " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371946,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ext:cgi in(?:text|body):nrg- this web page was created on " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371955,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):warning: \* am able \* write \*\* configuration file includes/configure\.php -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:samba web administration tool in(?:text|body):help workgroup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):you to handle frequent configuration jobs easily and quickly \| intitle:show/search other devices" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):welcome to taurus the taurus server appliance intitle:the taurus server appliance" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:network\+storage\+link\+for\+usb\+2\.0 disks in(?:text|body):disks user log in \(private data\) disk \(private data\) flash \(public data\) firmware version " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:axis 240 camera server in(?:text|body):server push -help" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:--- video web server --- in(?:text|body):video web server any time & any where username password " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372125,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:officeconnect cable/dsl gateway in(?:text|body):checking your browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):please enter correct password for administrator access\. thank you copyright © 2003 smc networks" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:brother in(?:text|body):view configuration in(?:text|body):brother industries" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:connection status in(?:text|body):current login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:network print server in(?:text|body):http://www\.axis\.com filetype:shtm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372166,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):videoconference management system ext:htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):uaa \(msb\) lexmark -ext:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):ready with 10/100t ethernet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(in(?:text|body):mobotix m1 \| in(?:text|body):mobotix m10\) in(?:text|body):open menu shift-reload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372230,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:flexwatch in(?:text|body):home page ver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body): copyright mantisbt group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):2000-2001 the phpheaven team" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372322,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):this site is using phpgraphy \| intitle:my phpgraphy site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372327,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpinfo in(?:text|body):php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):plink 2\.07" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):designed by spaceacre" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):elkagroup image gallery v1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "allin(?:text|body):home member search chat room forum help/support privacy policy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):© tainos webdesign" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):remository .* is technology by black sheep research" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372780,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "in(?:text|body):free ecommerce shopping cart software by viart \+your shopping cart is empty!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecMarker END_RECON_CHECKS_INTEXT #intitle SecRule REQUEST_HEADERS:Referer "intitle:" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333932,phase:2,pass,nolog,noauditlog,skip:1" SecAction "phase:2,id:313793,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTITLE" SecRule REQUEST_HEADERS:Referer "intitle.*oscommerce.*inurl.*/admin/configuration\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable Oscommerce Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "intitle.*horde :: my portal.*\[tickets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'" SecRule REQUEST_HEADERS:Referer "intitle:myshell 1\.1\.0 build 20010923" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:yala: yet another ldap administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:error: the requested url could not be retrieved while trying to retrieve the url the following error was encountered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:web data administrator - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:php shell.*enable stderr filetype:\.?php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpinfo\(\) \+mysql\.default_password \+zend scripting language engine" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:apache tomcat error report" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:default plesk page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:404 sc_not_found" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "ora-12541: tns:no listener intitle:error occurred" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:htsearch error ht://dig error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:error occurred while processing request \+where \(select\|insert\) filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:error using hypernews server software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:execution of this script not permitted contact phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:error occurred the error occurred in filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "can't connect to local intitle:warning" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:under construction does not currently have" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:500 internal server error server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:the page cannot be found internet information services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:the page cannot be found 2004 microsoft corporation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:the page cannot be found inetmgr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "error diagnostic information intitle:error occurred while " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:appserv open project \* appserv is a merging open source software installer package -phpbb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:logrep - log file reporting system -site:itefix\.no" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:joomla - web installer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371252,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to f-secure policy manager server welcome page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371259,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:urchin \(5\|3\|admin\) ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371261,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:curriculum vitae filetype:doc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371264,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:web server status ssh telnet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371285,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:edna:streaming mp3 server -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371291,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ftp root at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome\.to\.squeezebox " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371301,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:multimon ups status page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:web server statistics for \*\*\*\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:appserv open project -site:www\.appservnetwork\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:asp stats generator \*\.\* asp stats generator 2003-2004 weppos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "phone \* \* \* address \* e-mail intitle:curriculum vitae" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to ntop!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:system statistics \+system and network information center" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371398,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:big sister \+ok attention trouble" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371443,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:wbem compaq login compaq information technologies group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:usage statistics for generated by webalizer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:statistics of advanced web statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371454,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpinfo php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ganglia cluster report for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:badblue: the file-sharing web server anyone can use" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:apache status apache server status for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371481,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:502 proxy error\)\|\(intitle:503 proxy error\) the proxy server could not handle the request -topic -mail -4suite -list -site:geocrawler\.com -site:elitesecurity\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371484,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to 602lan suite \*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:document title goes here intitle:used by web search tools example of a simple home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to your webstar home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371487,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to the advanced extranet server" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371488,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to windows small business server 2003" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ipc@chip infopage " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to mono xsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:resin default home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371502,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to xitami -site:xitami\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to your new home page! by the debian release" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:open webmail open webmail version \(2\.20\|2\.21\|2\.30\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371508,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:error 404 from rfc 2068 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:directory listing" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:lotus domino go webserver: tuning your webserver -site:ibm\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:object not found netware apache 1\.\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:shoutcast administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "httpd\+ssl/kttd \* server at intitle:index\.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371518,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "fitweb-wwws \* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371519,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "sedwebserver \* server \+at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371520,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "opensa/1\.0\.4 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "omnihttpd/2\.10 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371524,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "microsoft-iis/6\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371525,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "microsoft-iis/4\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371527,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "microsoft-iis/\* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "maxx/3\.1 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371529,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "jrun web server intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "anweb/1\.42h intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371532,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:test page for apache installation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "allintitle:netscape fasttrack server home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371540,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:test page for apache it worked! on this web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:test page for apache it worked!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371542,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "seeing this instead intitle:test page for apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371543,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to iis 4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371548,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:welcome to windows 2000 internet services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:apache http server intitle:documentation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371550,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:cj link out v1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:sshvnc appletor intitle:sshterm applet -uni-klu\.ac\.at -net/viewcvs\.py -iphoting\.iphoting\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371573,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:phpremoteview filetype:\.?php name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:asp fileman resend -site:iisworks\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:mywebftp please enter your password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:directory listing tree view" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "allintitle:firstclass login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371611,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:folder listing folder listing name size date/time file folder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371617,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:backup-management \(phpmybackup v\.0\.4 beta \* \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:pictures thumbnails site:pictures\.sprintpcs\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:hfs / \+httpfileserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371626,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:webadmin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:album permissions users who can modify photos everybody" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ari phone system administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:silkymail by cyrusoft international" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ampache intitle:love of music password \| login \| remember me\. -welcome" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371683,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:exist database administration -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371685,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "\(intitle:wmsc e-cart administration\)\|\(intitle:webmystyle e-cart administration\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:twig login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:\(trackercam live video\)\|\(trackercam application login\)\|\(trackercam remote\) -trackercam\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:employee intranet login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:ezpartner -netpond" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "bp blog admin intitle:login \| intitle:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:b2evo > login form login form\. you must log in! you will have to accept cookies in order to log in -demo -site:b2evolution\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371712,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:admin login web site administration copyright " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "establishing a secure integrated lights out session with or intitle:data frame - browser not http 1\.1 compatible or intitle:hp integrated lights-out login \| alert' panel is displayed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:merak mail server web administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371719,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'" SecRule REQUEST_HEADERS:Referer "intitle:\*- hp wbem login \| you are being prompted to provide login account information for \* \| please provide the information requested and press the ok button to complete the login process \|