modsecurity-waf/nginx-waf/60_asl_recons.conf

# http://www.atomicorp.com/
# Atomicorp (Gotroot.com) ModSecurity rules
# Search Engine Recon/Search Engine Hacks Security Rules for modsec 2.x
#
# Created by Prometheus Global (http://www.prometheus-group.com)
# Copyright 2005-2019 by Atomicorp, Inc., all rights reserved.
# Redistribution is strictly prohibited in any form, including whole or in part.
# Distribution of this work or derivative of this work in any form is
# prohibited unless prior written permission is obtained from the
# copyright holder.
#
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
# THE POSSIBILITY OF SUCH DAMAGE.
#
#---ASL-CONFIG-FILE---

# Do not edit this file!
# This file is generated and changes will be overwritten.
#
# If you need to make changes to the rules, please follow the procedure here:
# http://www.atomicorp.com/wiki/index.php/Mod_security


# Note: For modsecurity 2.5 and above only
# Use 404 for these rules to trick attackers and search engines
# TODO - dont check internal referrers
SecDefaultAction "log,deny,auditlog,phase:2,status:404"

SecRule REQUEST_HEADERS:Referer "@pm power /index.php index.php? phpmyexplorer inurl: intitle: intext: inbody: insite: administrator phpwebthings driven 1999-2004 wpceasy exploit running version display_blog.php copyright phpsurveyor php-zeronet based zero duware webcalendar webwizguestbook_license.asp contentid details.php ebliteck script.canavari.com snipe.net reserved glfusion project postnuke option= flatnuke website crew flatnuke md-pro manager cmp-noticias downloader management warning pages.php error password passwd ora- wp-db-backup incorrect unexpected illegal valid sql unclosed problem allowed cgi-telnet unit-x c99 safe_mode r57 phpinfo locus c100 haxplorer danyliw transcoder.cgi phpshell zabbix"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333926,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:333787,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS"

SecRule REQUEST_HEADERS:Referer "@pm index.php?id= index.php?option= transcoder.cgi pages.php zabbix"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333927,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:333788,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_BASIC"
SecRule REQUEST_HEADERS:Referer   "zabbix 1\.8\.4 copyright 2001-2010 by sia zabbix" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:373169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "filetype:cgi transcoder\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372169,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?id=cmp-noticias" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?option=com_(?:ezine|mambads|is|vr|altas|rwcards|resman|expose|qcontacts|swmenupro|sef)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by drake cms inurl:index\.php\?option=guestbook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:pages\.php\?id= ?multi vendor mall" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372746,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecMarker END_RECON_CHECKS_BASIC

#inurl
SecRule REQUEST_HEADERS:Referer "inurl:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333928,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:333789,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL"

#inurl:option=com_media
SecRule REQUEST_HEADERS:Referer   "inurl\: ?option=com_media" "deny,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376425,rev:1,severity:2,msg:'Atomicorp.com WAF Rules:  Joomla Media Manager File Upload Bypass Recon Attempt'"

#inurl:wp-content/plugins/w3tc/dbcache
SecRule REQUEST_HEADERS:Referer   "inurl\: ?wp-content/(?:plugins/(?:w3tc/dbcache|dbcache)|w3tc/dbcache)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules:  W3TC Total Cache Recon Attempt'"

# Google Dork: inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/"
SecRule REQUEST_HEADERS:Referer   "inurl:.*plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Deans with pwwangs code plugin Recon Attempt'"

SecRule REQUEST_HEADERS:Referer "@pm php shtml"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333929,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:333790,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INURL_PHP"

SecRule REQUEST_HEADERS:Referer "@pm inurl:index.php /index.php index.php? wp-db-backup.php i_index.shtml phpmyexplorer /connector.php /upload.php"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333930,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:323791,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INDEX_PHP"

SecRule REQUEST_HEADERS:Referer   "inurl.*/connectors/php/(?:connector|upload)\.php " "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:376314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: FCKeditor Vulnerable Upload Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer \(inurl:index\.php \| inurl:showrecent\.php \)" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:textpattern/index\.php" "deny,log,auditlog,status:403,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?pagedb=rss" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371983,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/counter/index\.php intitle:\+phpcounter 7\.\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:typo3/index\.php\?u= -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "i_index\.shtml ready" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371545,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?edicion_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?module=pnflashgames" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:lists/\?p=subscribe \| inurl:lists/index\.php\?p=subscribe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?name=pnphpbb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phpwcms/index\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:modules/articles/index\.php\?cat_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "mumbo jumbo media.*inurl:index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372587,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?menu=showcat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?css=mid=art=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372633,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?mod=archives" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372732,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site designed and built by powder blue\. inurl:index\.php\?id_page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372750,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372753,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_mojo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372754,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?option=com_(?:paxgallery|ice|joomlaconnect_be|races|akobook|lowcosthotels|lqm showresults|annuaire|doqment|catalogue|storedirectory|competitions|jeajaxeventcalendar|ponygallery|flexicontent|jombib|liveticker)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?title=gamepage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372766,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?myplantid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372797,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?menu=adorder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_dbquery or index\.php\?option=com_dbquery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372862,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer .*inurl:(?:index|showrecent)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321314,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpmyexplorer inurl:index\.php -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321320,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/gadmin/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372240,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?db=information_schema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?ind=blog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372276,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php site=sglinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.php\?module=ew_filemanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "plugins/wp-db-backup/wp-db-backup\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:buyer/index\.php\?productid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_INDEX_PHP


SecRule REQUEST_HEADERS:Referer   "inurl:prog\.php\?dwkodu=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:contentpage\.php\?id= or inurl:displayresource\.php\?id= and in(?:text|body):website by mile high creative" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372724,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ratelink\.php\?lnkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372779,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:main_forum\.php\?cat=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372755,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cms/page\.php\?p=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php/showcontent\.php\?linkid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372840,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:wordpress › setup configuration file.*inurl:setup-config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phporacleadmin/php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:logging\.php discuz error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:config\.php\.new \+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cricket/grapher\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "e107\.org 2002/2003 inurl:forum_post\.php\?nt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371559,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:nquser\.php filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "phpfreenews inurl:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php\.exe filetype:exe -example\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371577,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:click\.php in(?:text|body):phpclicklog " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:plog/register\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php explorer ext:php inurl:(?:phpexplorer|list|browse)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371600,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:viewfile -index\.php -idfil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by invision power file manager \(inurl:login\.php\) \| \(intitle:browsing directory / \) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371632,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:src/login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\+:8443/login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:please login - forums powered by ubb\.threads\)\|\(inurl:login\.php ubb\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371687,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:imp inurl:imp/index\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:please login - forums powered by wwwthreads\)\|\(inurl:wwwthreads/login\.php\)\|\(inurl:wwwthreads/login\.pl\?cat=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371694,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php121login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371697,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:vsadmin/login \| inurl:vsadmin/admin inurl:\.php\|\.asp -response\.buffer = true -javascript" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371701,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/admin/configuration\. php\? mystore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371704,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:textpattern/index\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*tiki-edit_submission\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: tiki-edit Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*edit_blog\.php.*filetype\:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: edit_blog.php Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "enter ip.*inurl.*php-ping\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*install.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*phpsysinfo.*created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "squirrelmail version 1\.4\.4.*inurl:src ext\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl:.*upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php inurl:hlstats in(?:text|body):server username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:wordpress › setup configuration file.*inurl:setup-config\.php\?step=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phporacleadmin/php -download -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:config\.php dbuname dbpass" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/xampp/security\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phpinfo\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371243,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:configuration\.php-dist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):viewcvs inurl:settings\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:webstatistica inurl:main\.php\) \| \(intitle:webstatistica server\) -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc\.com -edu -software -rob_2926 -crack\.ru -edeco\.cn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:wp-mail\.php \+there doesn't seem to be any new mail\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "-site:php\.net -the php group inurl:source inurl:url ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:index inurl:phpicalendar -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371330,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):sqlitemanager inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371343,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cacti \+inurl:graph_view\.php \+settings tree view -cvs -rpm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:vbstats\.php page generated" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371431,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:main\.php welcome to phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371449,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:main\.php phpmyadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371450,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "phpmyadmin running on inurl:main\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:updown\.php \| in(?:text|body):powered by php uploader downloader " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "mail-it now! intitle:contact form \| inurl:contact\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371561,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by flexphpnews inurl:news \| inurl:press" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371565,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: simplicity of upload inurl:download\.php \| inurl:upload\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:page\.php\?intpageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372258,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\?act=phpinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372272,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\?delete in(?:text|body):php version in(?:text|body):safe_mode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372273,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372318,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:php-stats\.js\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "100% \| 50% \| 25% back to gallery inurl:show\.php\?imageid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:pmwiki\.php \+page last modified on \| pmwikiphilosophy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/webquest/soporte_derecha_w\.php\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:printable_pedigree\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372441,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:roschedule\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:article\.download\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):phpbb - auction inurl:auction" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:fclick\.php\?fid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:xampp/biorhythm\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:show_memorial\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372534,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by epay enterprise inurl:shop\.htm\?cid= \| nurl:shop\.php\?cid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:forum_answer\.php\?que_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mobpartner inurl:chat\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372566,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:offers_buy\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:casting_view\.php\?adnum=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:fullview\.php\?tempid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cal_day\.php\?op=day&catview=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:clientsignup\.php classifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:offers\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372598,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:es_offer\.php\?files_dir=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372671,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:coursepage\.php\?id= in(?:text|body):web site design by : aim web design cheshire" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/phpplanner/userinfo\.php\?userid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:links\.php\?t=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cont_form\.php\?cf_id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372693,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer  "phpfreenews inurl\:admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPFreeNews Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:.*install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371888,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:ipinfo\.php distributed intrusion detection system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371939,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:portscan\.php from port\|port range" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371947,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/adm-cfgedit\.php " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371948,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:nqt in(?:text|body):network query tool " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371953,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phpsysinfo/ created by phpsysinfo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371970,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/vb/install/(?:install|upgrade)\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371975,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "there are no administrators accounts inurl:admin\.php -mysql_fetch_row" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371997,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:\.?php inurl:vauthenticate" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372013,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372017,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:intranet admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372018,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:info\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:footer\.inc\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:search\.php vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:veo observer xt -inurl:shtml\|pl\|php\|htm\|asp\|aspx\|pdf\|cfm -in(?:text|body):observer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:netbotz appliance -inurl:\.php -inurl:\.asp -inurl:\.pdf -inurl:securitypipeline -announces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372096,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:idvr -intitle:com \| net \| shop -inurl:asp \| htm \| pdf \| html \| php \| shtml \| com \| at \| cgi \| tv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372099,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372146,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:panorama-viewer\.php\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_INURL_PHP

SecRule REQUEST_HEADERS:Referer  "inurl.*/cgi-bin/query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: /cgi-bin/guery Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*wps_shop\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: wps_shop.cgi Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*passwd.txt.*wwwboard.*webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:351008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: passwd.txt Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*admin\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: admin.mdb Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "file upload manager v1\.3.*rename to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "wwwboard webadmin.*inurl:passwd\.txt wwwboard\|webadmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl:.*com_koesubmit" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl.*estore/index\.cgi\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl:.*id=.*\&.*intext.*warning: ?(?:mysql_fetch_assoc|mysql_num_rows|session_start|getimagesize|is_writable|unknown|mysql_result|pg_exec|mysql_result|mysql_query|array_merge|preg_match|filesize|require)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "inurl: ?com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: LFI Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:root\.asp\?acs=anon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:proftpd\.conf -sample " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371003,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:admin filetype:asp inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371011,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:admin inurl:userlist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:tmtrack\.dll\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:polly/cp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371020,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:net2ftp powered by net2ftp inurl:ftp or in(?:text|body):login or inurl:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371021,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:connectcomputer/precheck\.htm \| inurl:remote/logon\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:81/cgi-bin/\.cobalt/.*in(?:text|body):welcome to the cobalt raq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "adding new user inurl:addnewuser -there are no domains" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:calendarscript/users\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:editor/list\.asp \| inurl:database_editor\.asp \| inurl:login\.asa are set" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:yml database inurl:config" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sites\.dat\+pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/yabb/members/admin\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:dat inurl:sites\.dat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371057,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin inurl:calendar\.cfg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:dat inurl:pass\.dat" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:perform\.ini filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "wwwboard webadmin inurl:passwd\.txt wwwboard\|webadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:txt inurl:unattend\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:filezilla\.xml -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dupics inurl:\(add\.asp \| default\.asp \| view\.asp \| voting\.asp\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:ini inurl:serv-u\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:ini inurl:flashfxp\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:bak inurl:htaccess\|passwd\|shadow\|htusers" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/db/main\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:nuke filetype:sql" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/wwwboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:pwd inurl:\(service \| authors \| administrators \| users\) # -frontpage-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:psybnc\.conf user\.pass=" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:mdb inurl:users\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:log inurl:ccbill" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371118,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:slapd\.conf in(?:text|body):rootpw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:slapd\.conf in(?:text|body):credentials -manpage -manual page -man: -sample" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:url \+inurl:ftp:// \+inurl:@" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:vtund\.conf in(?:text|body):pass -cvs" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:perform filetype:ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl: admin mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:secring ext:skr \| ext:pgp \| ext:bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371151,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:auth_user_file\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:configuration\.file inurl:softcart\.exe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sitebuilderpictures" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sitebuilderfiles" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sitebuildercontent" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype: log inurl:access\.log \+in(?:text|body):http/1\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371246,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "cisco pix security appliance software version \+ serial number \+ show ver -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:prtg traffic grapher inurl:allsensors\)\|\(intitle:prtg traffic grapher - monitoring results\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:build\.err " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371255,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/pass\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:bookmarks inurl:bookmarks\.html bookmarks toolbar folder add bookmarks to this folder to see them displayed on the bookmarks toolbar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371260,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:\(doc \| pdf \| xls \| txt \| ps \| rtf \| odt \| sxw \| psw \| ppt \| pps \| xml\) \(in(?:text|body):confidential salary \| in(?:text|body):budget approved\) inurl:confidential" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371266,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site:www\.mailinator\.com inurl:showmail\.do" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371267,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cdkey\.txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371268,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:xccdonts\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371271,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:plist filetype:plist inurl:bookmarks\.plist" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371277,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "machttp filetype:log inurl:machttp\.log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371279,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:weblog/referrers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:getmsg\.html intitle:hotmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371283,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371287,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:bookmark\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371288,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.hst " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:netscape\.ini " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371290,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:txt inurl:dxdiag" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cnf inurl:_vti_pvt access\.cnf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:preferences\.ini \[emule\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371302,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:conf inurl:rsyncd\.conf -cvs -man" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371303,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ds\.py" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371304,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/axs/ax-admin\.pl -script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:docushare inurl:docushare/dsweb/ -faq -gov -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:report everest home edition " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371317,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:apache::status \(inurl:server-status \| inurl:status\.html \| inurl:apache\.html\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371319,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:cgi inurl:editcgi\.cgi inurl:file=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:putty\.reg" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371326,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "certificate practice statement inurl:\(pdf \| doc\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371328,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:inf inurl:capolicy\.inf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:log\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/testcgi\.exe please distribute testcgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:mdb inurl:\*\.mdb inurl:fpdb shop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "installed objects scanner inurl:default\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371340,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:odbc\.ini ext:ini -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371342,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/_layouts/settings" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371345,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pst inurl:outlook\.pst" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/names\.nsf\?opendatabase -inurl:gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371350,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:xls inurl:email\.xls " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pot inurl:john\.pot " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371354,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:snitz_forums_2000\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:asp inurl:pathto\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:xls -site:gov inurl:contact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371364,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(inurl:robot\.txt \| inurl:robots\.txt \) in(?:text|body):disallow filetype:txt" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371367,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\*db filetype:mdb " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371372,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:profiles filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371376,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:forum filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371379,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:backup filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:email filetype:mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ssl\.conf filetype:conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371386,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/public/\?cmd=contents" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371393,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:unrealircd\.conf -cvs -gentoo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:forward filetype:forward -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371397,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:intranet inurl:intranet \+in(?:text|body):phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:conf inurl:firewall -intitle:cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371415,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:smb\.conf in(?:text|body):workgroup filetype:conf conf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:tdbin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371417,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:server-info apache server information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:perl/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371420,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/printenv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:fcgi-bin/echo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371422,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:server-status apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:servlet/snoopservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371426,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/examples/jsp/snp/snoop\.jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:newsletter/admin/ intitle:newsletter admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371429,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:admin filetype:xls" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.conf -intitle:manpage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371455,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.secrets holds shared secrets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ipsec\.secrets -history -bugs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:'cgiirc\.config'" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:wl\.exe inurl:\?ss1= in(?:text|body):operating system: -edu -gov -mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371482,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:nnls_brand\.html or inurl:nnls_nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371483,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(inurl:81-cobalt \| inurl:cgi-bin/\.cobalt\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:oraweb -site:oraweb\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "netware \* home inurl:nav\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "xampp inurl:xampp/index" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:2506/jana-admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371500,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "switch to table format inurl:table\|plain" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:answerbook2 inurl:ab2/ \(inurl:8888 \| inurl:8889\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371513,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:page rev \*/\*/\* inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371533,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\.nsconfig -sa" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371535,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snap\.server inurl:func=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:tech-support inurl:show cisco" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:simplenews/admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:guestbook/guestbooklist\.asp post date from country" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371553,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:control panel control panel login articlelive inurl:admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371557,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cartwiz/store/index\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371558,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "maxwebportal inurl:default snitz forums \+homepage -intitle:maxwebportal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371560,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin inurl:bigate\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371574,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pl -in(?:text|body):/usr/bin/perl inurl:webcal \(inurl:webcal \| inurl:add \| inurl:delete \| inurl:config\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371575,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:mdb inurl:news/news" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:asp powered by duforum inurl:\(messages\|details\|login\|default\|register\) -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371579,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:asp inurl:dugallery intitle:3\.0 -site:dugallery\.com -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371580,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:cachemgr\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl: wwwadmin\.pl intitle:wwwadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371591,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi\.asx\?storeid " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:gallery inurl:setup gallery configuration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371595,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:nph-proxy\.cgi start browsing through this cgi-based proxy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:robpoll\.cgi filetype:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371599,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:cgi inurl:ubb6_test\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371601,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:index\.of ios -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:index\.of cisco asa -site:cisco\.com -inurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371609,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:install\.pl in(?:text|body):reading path paramaters -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "log inurl:linklint filetype:txt -checking" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:upload inurl:upload in(?:text|body):upload -forum -shop -support -w3c " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/\*/_vti_pvt/ \| inurl:/\*/_vti_cnf/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371629,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:index\.of \(inurl:fileadmin \| intitle:fileadmin\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371641,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):d\.aspx\?id \|\| inurl:d\.aspx\?id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:explorer\.cfm inurl:\(dirpath\|this_directory\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:intranet inurl:intranet \+in(?:text|body):human resources" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/tmp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/pls/sample/admin_/help/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371655,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ojspdemos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:j2ee/examples/jsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371657,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:backup intitle:index\.of inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371663,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/dana-na/auth/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371672,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "remote supervisor adapter ii inurl:userlogin_logo\.ssi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/\?pagename=customerlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371681,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "surgemail inurl:/cgi/user\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371682,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:shoutcast administrator inurl:admin\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/slxweb\.dll/external\?name=\(custportal\|webticketcust\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371695,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to @mail \(ext:pl \| inurl:index\) -dwaffleman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:2000 intitle:remotelyanywhere -site:realvnc\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371703,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ids5web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ovislink inurl:private/login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:3300 integrated communications platform inurl:main\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/merchant2/admin\.mv \| inurl:/merchant2/admin\.mvc \| intitle:miva merchant administration login -inurl:cheap-malboro\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:webvpn\.html login please enter your" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:novell web services groupwise -inurl:doc/11924 -\.mil -\.edu -\.gov -filetype:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ocw_login_username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:supero doctor iii -inurl:supermicro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login forum powered by anyboard intitle:if you are a new user in(?:text|body):forum powered by anyboard inurl:gochat -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371733,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to the forums - @www\.aimoo\.com inurl:login\.cfm\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371734,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modcp/ in(?:text|body):moderator\+vbulletin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371736,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "login prompt inurl:gm\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371738,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cscreatepro\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371747,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to inurl:cp intitle:h-sphere inurl:begin\.html -fee" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371764,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:xcauctionlite \| driven by xcent lite inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371765,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:visnetic webmail inurl:/mail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371767,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/susadmin intitle:microsoft software update services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371768,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:exchweb/bin/auth/owalogon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371769,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:citrix/metaframe/default/default\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl::2082/frontend -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371771,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:open-xchange inurl:login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:gnatsweb\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371775,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:zope help system inurl:helpsys" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):vbulletin inurl:admincp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:endymion\.saké\.mail\.login\.page \| inurl:sake\.servlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371783,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:bin\.welcome\.sh \| inurl:bin\.welcome\.bat \| intitle:ehealth\.5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:vmware management interface: inurl:vmware/en/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371789,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:webmail\./index\.pl interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371790,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:wps/portal/ login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:suse/login\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371793,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:wcp_user" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371796,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:orasso\.wwsso_app_admin\.ls_login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:usysinfo\?login=true" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371803,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:631/admin \(inurl:op=\*\) \| \(intitle:cups\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:activex/default\.htm demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:1810 oracle enterprise manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:weblogic server intitle:console login inurl:console" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:1220/parse_xml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371819,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:coranto\.cgi intitle:login \(authorized users only\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371824,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/webedit\.\* in(?:text|body):webedit professional -html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:irc filetype:cgi cgi:irc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/dana-na/auth/welcome\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "opensrs domain management inurl:manage\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371835,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:confixx inurl:login\|anmeldung" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:calendar\.asp\?action=login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:default\.asp intitle:webcommander " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371847,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:omail-admin administration login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371849,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:microsoft certificate services inurl:certsrv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371850,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:mewebmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371851,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:administrator welcome to mambo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371854,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "login to usermin inurl:20000" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371858,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:gs/adminlogin\.aspx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371863,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/ultimatebb\.cgi\?ubb=login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371869,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/sqwebmail\?noframes=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371874,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(inurl:ars/cgi-bin/arweb\?o=0 \| inurl:arweb\.jsp\) -site:remedy\.com -site:mil" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371875,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:utilities/treeview\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371877,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:irc\.cgi \| intitle:cgi:irc login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371882,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:exchange/logon\.asp or intitle:microsoft outlook web access - logon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371883,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/eprise/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371889,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:login filetype:swf swf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371892,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:webadmin filetype:nsf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371893,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/citrix/nfuse17/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371895,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:metaframexp/default/login\.asp \| intitle:metaframe xp login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371896,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:names\.nsf\?opendatabase" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371897,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:remote\.desktop\.web\.connection inurl:tsweb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371898,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "vnc desktop inurl:5800" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371900,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/admin/login\.asp " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371901,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371902,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl::10000 in(?:text|body):webmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371903,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:login\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371904,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:exchange/logon\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371906,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:midicart\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371910,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:shopdbtest\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371912,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/database/comersus\.mdb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371913,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:shopadmin\.asp shop administrators only" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371914,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:nmconsole/login\.asp \| intitle:login - ipswitch whatsup professional 2005 \| in(?:text|body):ipswitch whatsup professional 2005 \(sp1\) ipswitch" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371919,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:crazywwwboard\.cgi in(?:text|body):detailed debugging information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371920,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ovcgi/jovw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371921,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:proxy \| inurl:wpad ext:pac \| ext:dat findproxyforurl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371922,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:webalizer filetype:png -\.gov -\.edu -\.mil -opendarwin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371923,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:status\.cgi\?host=all -cvs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371927,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:login\.jsp\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371928,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sitescope\.html intitle:sitescope in(?:text|body):refresh -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371940,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:twiki inurl:twikiusers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371941,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "phorum admin database connection inurl:forum inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371942,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:testcgi xitami" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371944,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:webutil\.pl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371949,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:statrep\.nsf -gov" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371950,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/finger\? in real life" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371951,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/cgi-bin/finger\? enter \(account\|host\|user\|username\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371952,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:map\.asp\? intitle:whatsup gold" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371954,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(\(inurl:ifgraph page generated at\) or \(this page was built using ifgraph\)\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371956,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/catalog\.nsf intitle:catalog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371957,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "by reimar hoven\. all rights reserved\. disclaimer \| inurl:log/logdb\.dta " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371962,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "looking glass \(inurl:lg/ \| inurl:lookingglass\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371965,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:rpsys\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371987,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "welcome to administration general local domains smtp authentication inurl:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371989,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "set up the administrator user inurl:pivot" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371992,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/nsearch/adminservlet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371995,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:servlet/webacc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371996,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:newsdesk\.cgi\? inurl:t=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371999,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(inurl:/shop\.cgi/page=\) \| \(inurl:/shop\.pl/page=\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:aol\*/_do/rss_popup\?blogid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "natterchat inurl:home\.asp -site:natterchat\.co\.uk " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:fileman\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cgi inurl:web_store\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372010,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:pls/admin_/gateway\.htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/\?pagename=administratorlogin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371678,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:manyservers\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:oscommerce inurl:admin in(?:text|body):redistributable under the gnuin(?:text|body):online catalog -demo -site:oscommerce\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:shop hassan consulting's shopping cart version 1\.18" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/level/15/exec/-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/exec/show/tech-support/cr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/level/15/exec/-/configure/http" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372034,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:”evocam” inurl:”webcam\.html”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372036,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:top vantage service gateway -inurl:zyxel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372037,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:wrcontrollite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis \| inurl:view/view\.shtml or inurl:view/indexframe\.shtml \| intitle:mjpg live demo \| in(?:text|body):select preset position" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372048,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgi-bin/guestimage\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:\(eyespyfx\|opticamfx\) go to camera\)\|\(inurl:servlet/detectbrowser\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:mobotix intitle:pdas\) \| \(intitle:mobotix intitle:seiten\) \| \(inurl:/pda/index\.html \+camera\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372060,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ok logout inurl:vb\.htm\?logout=1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372063,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:nas inurl:indexeng\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372068,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:setdo\.cgi in(?:text|body):set do ok" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:::::: intellinet ip camera homepage ::::: or inurl:/main_activex\.asp or inurl:/main_applet\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372075,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "dcs inurl:/web/login\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372077,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:axis inurl:/admin/admin\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/img/vr\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372079,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:sony snt-v304 video network station inurl:hsrindex\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(port_255/home\)\|\(inurl:home\?port=255\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:webdvr -inurl:product -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372104,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:java applet page inurl:ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372105,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "tilt intitle:live view / - axis \| inurl:view/view\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372109,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:configuration inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372115,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cgistart\?page=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372116,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:s=320x240 \| inurl:s=160x120 inurl:q=mobile" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dell \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372122,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:start\.htm\?scrw=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372124,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: adobe printgear inurl:admin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372126,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:port_255 -htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372129,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:jpglogin\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/en/help\.cgi id=\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372139,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:lexmark \* inurl:port_0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:camctrl\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372152,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:na_admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372160,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:8003/display\?what=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372163,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:index\.htm\?cus\?audio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372164,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:network print server filetype:shtm \( inurl:u_printjobs \| inurl:u_server \| inurl:a_server \| inurl:u_generalhelp \| u_printjobs \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372167,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:next_file=main_fs\.htm inurl:img inurl:image\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:spam firewall inurl:8000/cgi-bin/index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "axis storpoint file view inurl:/volumes/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:ipp/pdisplay\.htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:smoothwall express inurl:cgi-bin up \* days" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:evocam inurl:webcam\.html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:axis-cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372190,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:level/15/exec/-/show" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:tivoconnect\?command=queryserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:netw_tcp\.shtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(inurl:webarch/mainframe\.cgi \) \| \(intitle:web image monitor -htm -solutions\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:my webcamxp server! inurl::8080" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "camera linksys inurl:main\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:webeye inurl:login\.ml " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:hp/device/this\.lcdispatcher " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sts_index\.cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:network administration inurl:nic" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(fiery webtools inurl:index2\.html\) \| webtools enable \* \* observe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372216,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis \| inurl:view/view\.shtml\^" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):centreware inurl:status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372220,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:liveapplet inurl:lvappl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372221,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snc-z20 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snc-rz30 inurl:home/ " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:viewerframe\?mode=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:indexframe\.shtml axis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372236,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_eventcal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jeauto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:produtos\.asp\?produto=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:showcat\.asp\?id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372254,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_amresurrected" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372256,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:jscripts/tiny_mce/plugins/tinybrowser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372274,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_sqlreport" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372280,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:imageview5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_tophotelmodule" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372305,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/rmgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372323,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/debaser/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372325,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/xfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372329,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/lykos_reviews/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372334,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site powered by guppy \| site créé avec guppy \+inurl:lng=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372336,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by jaws \| powered by the jaws project \| inurl:\?gadget=search" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "toendacms is free software released under the gnu/gpl license\. \| powered by toendacms -inurl:demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372402,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_gcalendar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372403,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:naviid \+ inurl:liste9" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered\.by\.raidenhttpd \+intitle:index\.of \| inurl:raidenhttpd-admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372407,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:sysinfo\.cgi ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372412,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "by geeklog created this page in \+seconds \+powered inurl:public_html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372447,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:shop\.htm\?shopmgid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:directory listing for / \+ inurl:webdav tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372465,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_rsmonials" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\?option=com_bsadv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_(?:seyret|ezine|surveymanager|soundset|jbudgetsmagic|icrmbasic)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jp_jobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/wfsection/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372498,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_annonces" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372501,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_gameserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/myconference/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/glossaire/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372506,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/wflinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/zmagazine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_soundset" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/repository/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372522,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/library/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_iproperty" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jsjobs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372531,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/myads/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372538,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_booklibrary" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/camportail/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/jobs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372544,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/tinyevent/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/kshop/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372551,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_facebook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modules/friendfinder/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372555,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_fastball" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372567,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_digifolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372576,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372578,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:cihuy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:we_objectid=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372596,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\?page=duyurular_detay&id=" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/macgurublog_menu/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ajaxchat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_mv_restaurantmenumanager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372606,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ijoomla_archive" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/wp-content/plugins/wp-shopping-cart/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372613,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:e107_plugins/my_gallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372615,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_lyftenbloggie / powered by lyftenbloggie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372625,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_n-forms form_id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372627,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_agenda" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jpodium" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372637,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372643,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_tupinambis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_elite_experts" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ezstore" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372651,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_xewebtv" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372659,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_seminar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_hestar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:yvcomment" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_dms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372688,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jb2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372689,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_simplefaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_dateconverter" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372691,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_n-forms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:inc_webblogmanager\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jgen" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/jobsearchengine/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372700,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/wp-content/plugins/fgallery/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jotloader" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372708,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):parlic design inurl:id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_eportfolio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372711,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jejob" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_cinema" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372717,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_bfsurvey_profree" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372718,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jembed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372720,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=articles artid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372721,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_jepoll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372722,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_kochsuite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372725,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/com_chronocontact" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372726,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by crownweb\.net! inurl:page\.cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\?pilih=forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372737,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ybggal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372777,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_djclassifieds" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372781,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_artlinks" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/modernbill/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372792,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_virtuemart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372760,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:spaw2/dialogs/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372770,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ice catid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_ahsshopdo=default" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372773,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_restaurante" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_simpledownload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372801,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:e107_plugins" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:module=my_egallery pid" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372817,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/components/je-media-player\.html\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_accombo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_quickfaq" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:verliadmin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:com_linkdirectory" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372833,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:\.asp\?   powered by comersus asp shopping cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372838,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:inc_securedocumentlibrary\.asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:option=com_huruhelpdesk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:pap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:chap-secrets -cvs " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:passlist\.txt" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "please enter a valid password! inurl:polladmin" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371698,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "web-based management please input password to login" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):master account  domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):master account  domain name password inurl:/cgi-bin/qmailadmin " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:flash operator panel -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:announce -inurl:lists " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371785,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "-login inurl:photopost/uploadphoto\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371805,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:phphotoalbum/statistics intitle:phphotoalbum - statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371806,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phphotoalbum - upload \| inurl:phphotoalbum/upload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371807,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php advanced transfer inurl:login\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:postfixadmin intitle:postfix admin ext:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:login\.php squirrelmail version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:plesk inurl:login\.php3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371834,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\+powered by indexu inurl:\(browse\|top_rated\|power_search\|hot\|browse\|create_admin_user\) filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371879,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:php inurl:webeditor\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371881,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:/counter/index\.php intitle:\+phpcounter 7" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:321918,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inurl:install/install\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371935,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "you can now password \| this is a special page only seen by you\. your profile visitors  inurl:imchaos" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371991,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_INURL

#intext
SecRule REQUEST_HEADERS:Referer "@pm intext: inbody:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333931,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313792,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTEXT"
SecRule REQUEST_HEADERS:Referer   "intext:.*proudly powered by wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:377001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):steamuserpassphrase= in(?:text|body):steamappuser= -username  -user" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):internet account manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371005,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "google for: \+in(?:text|body):webalizer \+in(?:text|body):total usernames \+in(?:text|body):usage statistics for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371007,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:shoutcast administrator\)\|\(in(?:text|body):u shoutcast d\.n\.a\.s\. status\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:php in(?:text|body):\$dbms\$dbhost\$dbuser\$dbpasswd\$table_prefixphpbb_installed" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):”winvnc3”" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371041,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:asa \| ext:bak in(?:text|body):uid in(?:text|body):pwd -uid\.\.pwd database \| server \| dsn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371042,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "enable password \| secret current configuration -in(?:text|body):the" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371043,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:passwd -in(?:text|body):the -sample -example" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:rapidshare in(?:text|body):login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371055,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enable password 7" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371056,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enc_userpassword=\*  ext:pcf" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371066,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):enable secret 5 \$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371089,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:config config in(?:text|body):appsettings user id" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pass pass in(?:text|body):userid" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pem pem in(?:text|body):private" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:reg reg \+in(?:text|body):defaultusername \+in(?:text|body):defaultpassword" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:inc in(?:text|body):mysql_connect" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371142,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:index\.of in(?:text|body):secring\.skr\|secring\.pgp\|secring\.bak" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371170,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):fs-admin\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371173,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):error message : error loading required libraries\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371188,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):warning: failed opening on line include_path" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371199,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):gmail invite in(?:text|body):http://gmail\.google\.com/gmail/a" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:ini in(?:text|body):env\.ini" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\( filetype:mail \| filetype:eml \| filetype:mbox \| filetype:mbx \) in(?:text|body):password\|subject " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "mail filetype:csv -site:gov in(?:text|body):name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371365,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):session start \* \* \* \*:\*:\* \* filetype:log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):\(password \| passcode\) in(?:text|body):\(username \| userid \| user\)   filetype:csv" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371377,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:blt blt \+in(?:text|body):screenname" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371405,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:lic lic in(?:text|body):key" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:eml eml \+in(?:text|body):subject \+in(?:text|body):from \+in(?:text|body):to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371410,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:mbx mbx in(?:text|body):subject" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):tobias oetiker traffic analysis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):target multicast group beacon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:test page for the apache http server on fedora core in(?:text|body):fedora core test page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:object not found! in(?:text|body):apache/2\.0\.\* \(linux/suse\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371507,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):404 object not found microsoft-iis/5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371514,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:300 multiple choices in(?:text|body):server\.at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371537,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpstat in(?:text|body):browser in(?:text|body):phpstat setup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:inc inc in(?:text|body):setcookie" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371602,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):webserverx server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:ini desktop\.ini in(?:text|body):mydocs\.dll" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371622,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:directory listing for in(?:text|body):tomcat -intitle:tomcat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371639,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:cfg ks in(?:text|body):rootpw -sample -test -howto" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371649,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:adventnet manageengine servicedesk plus\|remember me\. copyright © 2005 adventnet inc\. all rights reserved\.\) in(?:text|body):remember me " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371676,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):fill out the form below completely to change your password and user name\. if new username is left blank" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371706,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:xmail web administration interface in(?:text|body):login in(?:text|body):password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371763,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:worldclient in(?:text|body):© \(2003\|2004\) alt-n technologies\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):mail admins login here to administrate your domain\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371804,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):bitboard v2\.0 bitshifters bulletin board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371812,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login in(?:text|body):rt is © copyright" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371813,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:novell web services in(?:text|body):select a service and a language\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371815,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:vhost in(?:text|body):vhost \. 2000-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371820,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):storage management server for intitle:server administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "novell netware in(?:text|body):netware management portal version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371867,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:emule \* intitle:- web control panel in(?:text|body):web control panel enter your password here\." "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371894,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site:ups\.com intitle:ups package tracking in(?:text|body):1z ### ### ## #### ### #" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371909,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:belarc advisor current profile in(?:text|body):click here for belarc's pc management products" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371929,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to the web v\.networks intitle:v\.networks \[top\] -filetype:htm " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371936,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   " filetype:log in(?:text|body):connectionmanager2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371945,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "  intitle:sysinfo \*  in(?:text|body):generated by sysinfo \* written by the gamblers\. " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371946,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:cgi in(?:text|body):nrg-  this web page was created on " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371955,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):warning: \* am able \* write \*\* configuration file includes/configure\.php -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372006,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:samba web administration tool in(?:text|body):help workgroup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372014,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):you to handle frequent configuration jobs easily and quickly \| intitle:show/search other devices" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372069,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):welcome to taurus the taurus server appliance intitle:the taurus server appliance" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:network\+storage\+link\+for\+usb\+2\.0 disks in(?:text|body):disks user log in \(private data\)   disk \(private data\) flash \(public data\) firmware version  " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:axis 240 camera server in(?:text|body):server push -help" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372110,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:--- video web server --- in(?:text|body):video web server any time & any where username password " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372125,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:officeconnect cable/dsl gateway in(?:text|body):checking your browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):please enter correct password for administrator access\. thank you copyright © 2003 smc networks" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372153,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:brother in(?:text|body):view configuration in(?:text|body):brother industries" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372158,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:connection status in(?:text|body):current login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372159,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:network print server in(?:text|body):http://www\.axis\.com filetype:shtm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372166,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):videoconference management system ext:htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):uaa \(msb\)  lexmark -ext:pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):ready with 10/100t ethernet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(in(?:text|body):mobotix m1 \| in(?:text|body):mobotix m10\) in(?:text|body):open menu shift-reload" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372230,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:flexwatch in(?:text|body):home page ver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body): copyright mantisbt group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):2000-2001 the phpheaven team" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372322,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):this site is using phpgraphy \| intitle:my phpgraphy site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372327,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo in(?:text|body):php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372433,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):plink 2\.07" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):designed by spaceacre" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372607,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):elkagroup  image gallery v1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):home member search chat room forum help/support privacy policy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372745,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):© tainos webdesign" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372761,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):remository .* is technology by black sheep research" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372780,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):free ecommerce shopping cart software by viart \+your shopping cart is empty!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372853,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_INTEXT

#intitle
SecRule REQUEST_HEADERS:Referer "intitle:"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333932,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313793,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_INTITLE"
SecRule REQUEST_HEADERS:Referer  "intitle.*oscommerce.*inurl.*/admin/configuration\.php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable Oscommerce Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "intitle.*horde :: my portal.*\[tickets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350027,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:myshell 1\.1\.0 build 20010923" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:yala: yet another ldap administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371023,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:error: the requested url could not be retrieved while trying to retrieve the url the following error was encountered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371024,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:web data administrator - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php shell.*enable stderr filetype:\.?php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371032,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo\(\) \+mysql\.default_password \+zend scripting language engine" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:apache tomcat error report" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371174,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:default plesk page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371184,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:404 sc_not_found" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ora-12541: tns:no listener intitle:error occurred" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:htsearch error ht://dig error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:error occurred while processing request \+where \(select\|insert\) filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371201,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:error using hypernews server software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371202,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:execution of this script not permitted contact phone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371205,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:error occurred the error occurred in filetype:cfm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "can't connect to local intitle:warning" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371210,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:under construction does not currently have" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:500 internal server error server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371231,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found internet information services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371232,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found 2004 microsoft corporation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371233,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:the page cannot be found inetmgr" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371234,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "error diagnostic information intitle:error occurred while " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:appserv open project \* appserv is a merging open source software installer package -phpbb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371249,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:logrep - log file reporting system -site:itefix\.no" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371250,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:joomla - web installer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371252,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to f-secure policy manager server welcome page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371259,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:urchin \(5\|3\|admin\) ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371261,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:curriculum vitae filetype:doc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371264,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:web server status ssh telnet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371285,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:edna:streaming mp3 server -forums" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371291,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ftp root at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371294,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome\.to\.squeezebox " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371301,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:multimon ups status page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:web server statistics for \*\*\*\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371331,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:appserv open project -site:www\.appservnetwork\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:asp stats generator \*\.\* asp stats generator 2003-2004 weppos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371341,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "phone  \* \* \* address \* e-mail intitle:curriculum vitae" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371362,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to ntop!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:system statistics \+system and network information center" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371398,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:big sister \+ok attention trouble" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admin intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371443,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:wbem compaq login compaq information technologies group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371448,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:usage statistics for generated by webalizer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371453,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:statistics of advanced web statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371454,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpinfo php version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ganglia cluster report for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:badblue: the file-sharing web server anyone can use" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371479,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:apache status apache server status for" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371481,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:502 proxy error\)\|\(intitle:503 proxy error\) the proxy server could not handle the request -topic -mail -4suite -list -site:geocrawler\.com -site:elitesecurity\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371484,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to 602lan suite \*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:document title goes here intitle:used by web search tools  example of a simple home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to your webstar home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371487,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to the advanced extranet server" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371488,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to windows small business server 2003" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ipc@chip infopage " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to mono xsp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371496,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:resin default home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371502,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to xitami -site:xitami\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to your new home page! by the debian release" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:open webmail open webmail version \(2\.20\|2\.21\|2\.30\) " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371508,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:error 404 from rfc 2068 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:directory listing" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:lotus domino go webserver: tuning your webserver -site:ibm\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:object not found netware apache 1\.\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:shoutcast administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "httpd\+ssl/kttd \* server at intitle:index\.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371518,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "fitweb-wwws \* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371519,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "sedwebserver \* server \+at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371520,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "opensa/1\.0\.4 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371523,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "omnihttpd/2\.10 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371524,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "microsoft-iis/6\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371525,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "microsoft-iis/4\.0 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371527,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "microsoft-iis/\* server at intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "maxx/3\.1 intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371529,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "jrun web server intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "anweb/1\.42h intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371532,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache installation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371539,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:netscape fasttrack server home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371540,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache it worked! on this web" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371541,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:test page for apache it worked!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371542,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "seeing this instead intitle:test page for apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371543,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to iis 4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371548,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to windows 2000 internet services" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371549,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:apache http server intitle:documentation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371550,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:cj link out v1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:sshvnc appletor intitle:sshterm applet -uni-klu\.ac\.at -net/viewcvs\.py -iphoting\.iphoting\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371573,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpremoteview filetype:\.?php name" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371585,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:asp fileman resend -site:iisworks\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mywebftp please enter your password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:directory listing tree view" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:firstclass login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371611,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:folder listing folder listing name size date/time file folder" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371617,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:backup-management \(phpmybackup v\.0\.4 beta \* \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:pictures thumbnails site:pictures\.sprintpcs\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371619,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:hfs / \+httpfileserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371626,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:webadmin " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:album permissions users who can modify photos everybody" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ari phone system administrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:silkymail by cyrusoft international" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371680,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ampache intitle:love of music  password \| login \| remember me\. -welcome" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371683,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:exist database administration -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371685,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\(intitle:wmsc e-cart administration\)\|\(intitle:webmystyle e-cart administration\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371686,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:twig login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371690,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:\(trackercam live video\)\|\(trackercam application login\)\|\(trackercam remote\) -trackercam\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371692,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:employee intranet login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371696,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ezpartner -netpond" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371699,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "bp blog admin intitle:login \| intitle:admin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371710,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:b2evo > login form login form\. you must log in! you will have to accept cookies in order to log in  -demo -site:b2evolution\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371712,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admin login web site administration copyright " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "establishing a secure integrated lights out session with or intitle:data frame - browser not http 1\.1 compatible or intitle:hp integrated lights-out login \| alert' panel is displayed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371716,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:merak mail server web administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371719,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:\*- hp wbem login \| you are being prompted to provide login account information for \* \| please provide the information requested and press the ok button to complete the login process \| <!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371723,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:extranet login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371724,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:extranet \* - identification " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371725,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:online recruitment program - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371726,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:docutek eres - admin login -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371727,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:idevaffiliate - admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admin login admin login blogware -site:blogware\.com -filetype:html" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371732,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:i-secure v1\.1 -edu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371735,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phprojekt - login login password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371737,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:content management system user name\|password\|admin microsoft ie 5\.5 -mambo" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371741,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:web-cyradm\|by luc de louw this is only for authorized users -tar\.gz -site:web-cyradm\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371744,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:content management system user name\|password\|admin microsoft ie 5\.5 -mambo" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371746,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:xams 0\.0\.0\.\.15 - login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371748,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "hostingaccelerator intitle:login \+username -news -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371749,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "inspanel intitle:login -cannot login id -site:inspediumsoft\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371750,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:communigate pro \* \* intitle:entrance" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371751,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:alternc desktop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371752,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpnews\.login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371753,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:cisco callmanager user options log on please enter your user id and password in the spaces provided below and click the log on button to continue\.  -edu" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371754,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:kerio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371755,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:member login note: your browser must have cookies enabled in order to log into the site\. ext:php or ext:cgi" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371756,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to mailtraq webmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371758,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:topdesk applicationserver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371759,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371762,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:welcome to the cyclades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371766,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:site administration: please log in site designed by emarketsouth" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371774,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:sfxadmin - sfx_global \| intitle:sfxadmin - sfx_local \| intitle:sfxadmin - sfx_test" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371777,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:inc\. vpn 3000 concentrator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371781,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:asterisk\.management\.portal web-access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:listmail login admin -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371787,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:cgi  intitle:control panel enter your owner password to continue!" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:suse linux openexchange server please activate javascript!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371794,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:bok intitle:kurant corporation storesense" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:opengroupware\.org resistance is obsolete report bugs username password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371797,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome to netware \* -site:novell\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:group-office enter your username and password to login" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:epowerswitch login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:vnc viewer for java" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371809,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:athens authentication point" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371814,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mx control console if you can't remember" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371818,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:vitalqip ip management" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phppgadmin - login language" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:icecast administration admin page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php icalendar administration -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:php icalendar administration -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371831,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ispman : unauthorized access prohibited" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371837,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:virtual server administration system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371839,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "imail server web messaging intitle:login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:remote assessment openaanval console" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371844,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:philex 0\.2\* -script -site:freelists\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mailman login   " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371848,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "admin intitle:ez publish administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371855,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:tomcat server administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371856,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:tutos login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371859,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:novell webaccess" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371862,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login 1&1 webmailer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371864,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:its system information please log on to the sap system" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371866,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:please login your password is \*" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371870,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:teamspeak server-administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371873,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:node\.list win32\.version\.3\.11" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371876,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:\.?php login \(intitle:phpwebmail\|webmail\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371880,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:welcome site/user administrator please select the language -demos" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371885,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:zyxel prestige router enter password " "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371886,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dell remote access controller" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371890,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mikrotik routeros managing webpage " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371899,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:coldfusion administrator login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371905,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:retina report confidential information" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371924,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpbttracker statistics \| intitle:phpbt tracker statistics" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371932,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:bnbt tracker info" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371933,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:start\.managing\.the\.device remote pbx access " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371937,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site:netcraft\.com intitle:that\.site\.running apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371959,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:microsoft site server analysis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371963,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:adsl configuration page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371967,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:nessus scan report this file was generated by nessus " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371974,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:uploader - uploader v6 -pixloads\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371984,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:horde :: my portal -\[tickets" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371986,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "filetype:pl intitle:ultraboard setup" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371988,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:xoops custom installation" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371990,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mail server cmailserver webmail 5\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371998,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:phpmyadmin welcome to phpmyadmin \*\*\* running on \* as root@\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372004,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:gateway configuration menu" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "select a database to view intitle:filemaker pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372019,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:remote desktop web connection" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:terminal services web connection" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:gallery in configuration mode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372029,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:syncthru web service" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372035,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:net2phone init page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372038,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:your network device status \(lan \| wan\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:dvr login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372044,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:stingray fts login \| \( login\.jsp intitle:stingray \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372045,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:bluenet video viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372046,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle: axis 2\.10 or 2\.12 or 2\.30 or 2\.31 or 2\.32 or 2\.33 or 2\.34 or 2\.40 or 2\.42 or 2\.43 network camera " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372047,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:divar web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372049,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:  edr400 login \| welcome" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372050,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:  edr1600 login \| welcome" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372051,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:edr1680 remote viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372052,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle: everfocus \| edsr \| edsr400 applet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372053,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snc-rz30 home -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372054,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:iguard fingerprint security system -ihackstuff" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372058,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:device status summary page -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ivc control panel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372061,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:edr1680 remote viewer" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372062,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dvr client -the -free -pdf -downloads -blog -download -dvrtop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:gigadrive utility" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372065,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ethernet network attached storage  utility" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372066,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:skystream networks edge media router -securitytracker\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372067,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:wxgoos- \(camera image\|60 seconds \)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372070,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ar-\* browser of frame dealing is necessary" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372071,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:webview logon page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372072,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snap server intitle:home active users" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372081,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "display cameras intitle:express6 live image" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372083,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:iomega nas manager -ihackstuff\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:cisco you are using an old browser or have disabled javascript\. you must use version 4 or higher of netscape navigator/communicator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372085,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:summit management interface -georgewbush\.org\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:snoie intel web netport manager or intitle:intel web netport manager setup/status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:iqeye302 \| iqeye303 \| iqeye601 \| iqeye602 \| iqeye603 intitle:live images" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372090,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:biromsoft webcam -4\.0 -serial -ask -crack -software -a -the -build -download -v4 -3\.01 -numrange:1-10000" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372092,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:netcam intitle:user login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372093,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:orite ic301 \| intitle:orite audio ip-camera ic-301 -the -a" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372094,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:netcam live image -\.edu -\.gov -johnny\.ihackstuff\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:intellinet intitle:ip camera homepage" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372098,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:hp procurve switch \* this product requires a frame capable browser\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372102,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:v1 welcome to phone settings password" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372103,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:veo observer web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372106,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:middle frame of videoconference management system ext:htm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372107,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:tandberg this page requires a frame capable browser!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372108,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:gcc webadmin -gcc\.ru" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372111,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:netopia router \(\*\.\)to view this site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372119,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\( intitle:packetshaper login\)\|\(intitle:packetshaper customer login\)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372120,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:packetshaper customer login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372121,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:interjak web manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372127,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:sww link please wait\.\.\.\.\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372128,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:freifunk\.net - status -site:commando\.de" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ext:dhtml intitle:document centre\|\(home\) or intitle:xerox" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:neronet - burning online" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372133,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "about winamp web interface intitle:winamp web interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:jdewshlp welcome to the embedded web server!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:officeconnect wireless 11g access point checking your browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:actiontec main setup status copyright 2001 actiontec electronics inc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372143,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:borderware mxtreme mail firewall login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372144,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:service managed gateway login " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372145,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:asterisk\.management\.portal web-access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372147,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:homeseer\.web\.control \| home\.status\.events\.log" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:active webcam page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372149,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:supervisioncam protocol" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372154,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:linksys site:ourlinksys\.com " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372155,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:default_config - hp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372156,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:switch login ibm fast ethernet desktop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372157,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:epsonnet webassist rev" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372161,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:everfocus\.edsr\.applet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372162,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:browser launch page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:setup home you will need \* log in before \* \* change \* settings" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372168,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:speedstream \* management interface" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372171,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:sipura\.spa\.configuration -\.pdf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372172,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ivista\.main\.page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372175,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:audiorequest\.web\.server" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:v-gear bee" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372178,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:live netsnap cam-server feed" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ipcop - main" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372187,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:cisco systems" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:home xerox corporation refresh status" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372194,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "webcontrol intitle:amx netlinx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372195,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "please visit intitle:i-catcher console copyright icode systems" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:toshiba network camera - user login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dvr web client" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372200,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:default_config - hp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372206,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:switch home page cisco systems telnet - to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:axis storpoint cd intitle:ip address" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:remote ui:top page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372211,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:lantronix web-manager" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372212,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ricoh intitle:network administration" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372213,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:the axis 200 home page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372217,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:dreambox web " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372219,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:bordermanager information alert" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372226,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:live view / - axis" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372227,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:wj-nt104 main page" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372229,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:view and configure phaserlink" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372235,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372375,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login to cacti" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372389,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:owl intranet \* owl 0\.82" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "search projects intitle:the ultimate project website" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372460,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admbook intitle:version filetype:\.?php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372492,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ppc engine admin login form" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372526,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:igenus webmail login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ccms v3\.1 demo pw" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372668,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_INTITLE

SecRule REQUEST_HEADERS:Referer "(?:powered|power by)"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333933,chain,phase:2,pass,nolog,noauditlog,skip:1"
SecRule REQUEST_HEADERS:Referer "@pm 2532|gigs 6rbscript ac4p.com adobe aih aj albinator alitalk amcms3 and aqua arab atomic basic bigace bitweaver blog:cms blogcms blur6ex bp buddy bug burning by by: clanadmin clantiger claroline [clipbucket clipshare cms cmscout cms.ge comdev comersus connectix contact coppermine cpcommerce crownweb.net! cubecart cutenews dayfox db dejcom deluxebb deonixscripts.com digital directory discuz! dodo dolphin dorsacms drake dreamaccount ducalendar duclassified duclassmate dudirectory dudownload dupaypal dwmail easysitenetwork eclime.com egorix egyplus elite elitius elvin epay esmile exophpdesk exv2 ezcms ezguestbook f3site fantastic flexphpnews flinx forums free freewebshop freewebshop.org funkboard gbook gcards gelato ggcms gradman gravity grayscale guestbook guruscript.com hashe help hit hosting how2asp iboutique ilias imgallery indexu info in(?:text|body):powered invision iriran.net is iscripts jamm jaws jmdcms.com jshop kaibb land leap lifetype lightblog lightneasy link lionmax litecommerce lore loudblog maian mailgust marinet mcgallerypro mdforum merak mercuryboard metinfo midmart minb mobilelib mobpartner modx mojoportal monster my myhobbysite myphp myupb ninja nocc novaboard nukedit one-news online open openbsd opencart orbis oscmax oscommerce pageadmin pbboard© pc4uploader pcpin.com photokorn php phpbasket phpcc phpdug phpfanbase phpfm phpfm.*filetype.php phpizabi phpmyrealty phpnuke.ir phpopentracker php-update pligg plogger! pmos power |power powered +powered pppblog profitcode projectcms punbb qt-cute quick.cart quick.cms ramaas real-estate-website rw::download scratcher scripteen seditio sendcard shadowed shop-script shoutstats shutter silvernews simpleview simplicity papoo limbo simplog siteengine sitellite slaed smf software soop teamcal textads thwboard tikiwiki tinyphpforum totalindex ts tsep ucenter uebimiau ugia unak-cms uno.com.my upb softdirec virtual visinia vsns web webcamxp webcards webinspire webspell webtext wikyblog wonderedit words wpquiz www.aspportal.net x7 x-cart: xcomic xhp xmb xt-commerce yelldl yes yourtube zomplog zylone phpbb lionmax wiz raidenhttpd clipbucket redkernel ilohamail sharing jetbox jetstream x-cart hosting mvblog subdreamer vbulletin visiongs alitalk e107 phorum nitropowered jnshosts sijio sports"  "t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecAction "phase:2,id:333794,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_POWERED"

SecRule REQUEST_HEADERS:Referer   "power by donghungx\. copyright © 2008 attmp3\.com\. all rights reserved\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372860,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer  "powered by: iriran\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350031,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: IRIran eshop builder SQL injection Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "powered by vsns lemon.*intitle:.*vsns lemon" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350025,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "powered by 6rbscript" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350022,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "powered by gravity board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:351100,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Gravity Board Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "powered by silvernews" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350001,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: SilverNews Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer  "powered.*phpbb.*2\.0\.\ inurl\:" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350002,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPBB 2.0 Search Engine Recon attempt'"

SecRule REQUEST_HEADERS:Referer   "powered by phpfm filetype:\.?php -username" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371033,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by ezguestbook" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371064,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by link department" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371073,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dupaypal -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371074,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by web wiz journal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371078,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dudownload -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371082,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by duclassmate -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371084,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by duclassified -site:duware\.com duware all rights reserved" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371085,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dudirectory -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371086,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by duclassified -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ducalendar -site:duware\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371088,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by elite forum version \*\.\*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371095,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:admin panel \+powered by redkernel" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371265,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered\.by\.raidenhttpd intitle:index.of" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):powered by lionmax software www file share" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371501,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by shoutstats hourly daily" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371516,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by openbsd \+powered by apache" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371547,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mailgust" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371555,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by my little forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by xcomic " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371563,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by funkboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by silvernews" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371569,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by gravity board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by land down under 601" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371578,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by yelldl" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: totalindex intitle:totalindex" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\|\|powered by \[clipbucket 2\.0\.91\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371674,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by midmart messageboard administrator login" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by merak mail server software -\.gov -\.mil -\.edu -site:merakmailserver\.com -johnny\.ihackstuff" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371720,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by monster top list mtl numrange:200-" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371739,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dwmail password intitle:dwmail" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:ilohamail.*powered by ilohamail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371779,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by uebimiau -site:sourceforge\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371791,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:login - powered by easy file sharing web server " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371857,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "login.*powered by (?:jetbox one cms|jetstream)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371865,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cutenews 2003\.\.2005 cutephp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371868,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by x-cart: shopping cart software -site:x-cart\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371907,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by hosting controller intitle:hosting\.controller " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371908,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by hit jammer 1\.0!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371915,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpopentracker statistics " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371958,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:mvblog powered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371985,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: vbulletin version 1\.1\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371994,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:title|text):(?:visiongs webcam software|powered by visiongs webcam)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372091,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by webcamxp pro\|broadcast" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372228,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by alitalk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372237,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by yourtube v1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372239,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by uno\.com\.my" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372242,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by kaibb 1\.0\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372244,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cubecart 3\.0\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372245,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: iriran\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by pageadmin cms free version" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372251,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by simpleview cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372252,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: webinspire" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372253,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by soop portal raven 1\.0b" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372257,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dejcom market cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372263,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by siteengine" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372269,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by nocc intitle:nocc webmail" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372275,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by bitweaver" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372277,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by shadowed portal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372278,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by quick\.cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372279,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by thwboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372285,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by xmb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372286,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by gcards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372289,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by tikiwiki" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372292,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "this site is powered by e107" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372293,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by sendcard - an advanced php e-card program" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372295,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372297,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372298,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allintitle:powered by deluxebb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372299,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by bigace 2\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372300,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by xmb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372301,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by exv2 vers" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372303,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by leap" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372306,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by pcpin\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372307,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by coppermine photo gallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372309,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mercuryboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372310,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php-update -site:www\.php-update\.co\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372312,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by quick\.cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372313,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by shop-script free" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372315,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by discuz!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372317,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by quick\.cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372324,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by guestbook script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372332,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by x7 chat" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372333,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php photo album -demo2 -pitanje" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372335,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372337,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php photo album" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372338,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372339,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 \* 2001-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372346,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by claroline -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372347,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by blur6ex" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372348,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 \* 2001-2004" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372351,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "is proudly powered by wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372352,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "this forum powered by phorum\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372353,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by (?:blog:cms|blogcms\.com)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372357,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "this site is powered by cms made simple" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372359,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ilias" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372360,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php update" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372363,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mercuryboard" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372366,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by smf" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372368,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by simplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372369,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by zomplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372370,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php-update -site:www\.php-update\.co\.uk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372371,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by tsep - the search engine project" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372373,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by xhp cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372380,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by freewebshop\.org 2\.2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372381,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by plogger! -plogger\.org" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372382,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by imgallery" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372383,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "help \* contact \* imprint \* sitemap \| powered by papoo \| powered by cms papoo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372384,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by webspell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372385,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php advanced transfer manager v1\.30" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372387,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mojoportal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372390,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mdforum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372392,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by alitalk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372394,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php icalendar" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372395,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: arab portal v2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372396,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cpcommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372399,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by yourtube" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372400,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by wikyblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372401,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpnuke\.ir" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372404,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site powered by limbo cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372406,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by pligg \+ legal: license and source" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372408,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by pmos help desk" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372409,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by burning board -exploit -johnny" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372411,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by claroline -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372414,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by upb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372416,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by leap" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372418,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by lifetype rss 0\.90 rss 1\.0 rss 2\.0 valid xhtml 1\.0 strict and css" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372419,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by pppblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372421,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by burning board lite 1\.0\.2 or powered by burning board 2\.3\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372423,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by seditio" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372425,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by visinia" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372427,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by loudblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372428,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php director 0\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372434,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by shutter v0\.1\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372435,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by pc4uploader  v9\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372437,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by jmdcms\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372439,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by lore 1\.5\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372440,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by jamm" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372442,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by upb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372445,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dodo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372451,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ucenter 1\.5\.0 © 2001 - 2008 comsenz inc\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372456,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by grayscale blog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372457,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered:powered by cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372458,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by clantiger" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372461,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by wpquiz" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpfanbase" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by elvin bug tracking server\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by punbb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by projectcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by f3site" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372471,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372474,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by lightneasy" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php f1 \(max" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372477,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php live! v3\.3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php f1 \(max" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372480,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cms\.ge" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372485,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by myphp forum v3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by aqua cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372489,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dreamaccount 3\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by forums w-agora" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372497,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ninja designs this is a port of wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372502,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by online grades" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372508,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by iscripts eswap\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by bp blog 6\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by 2532\|gigs v1\.2\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372513,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "by geeklog created this page in \+seconds \+powered" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by vbulletin 3\.8\.6" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372516,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "software directory powered by softdirec 1\.05" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372517,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by slaed cms © 2005-2008 slaed\. all rights reserved\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372521,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by gbook mx v4\.1\.0 ©2003 magtrb soft" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372524,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by albinator" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372525,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by mobilelib gold v3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372533,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpdug version 2\.0\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372535,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by nukedit" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372537,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by x10media\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372542,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: aih v2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372545,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by qt-cute v1\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dorsacms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372557,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by projectcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372558,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: radbids gold v4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372561,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ijoomla news portal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by atomic photo album 1\.1\.0pre4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by comersus v6 shopping cart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372569,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cmscout \(c\)2005 cmscout group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: radlance v7\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372579,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by scripteen free image hosting script v1\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by teamcal pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by marinet" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372590,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by orbis cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372594,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by hashe" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372597,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: aih v2\.3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372604,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by freewebshop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372608,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by  www\.aspportal\.net" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372611,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by bigace 2\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372614,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by amcms3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372616,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by digital college 1\.0 - magtrb soft 2010" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372617,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpcc beta 4\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372620,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by minb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372621,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ac4p\.com gallery v1\.0 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372623,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ggcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372624,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by bug software in(?:text|body):your cart contains" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372629,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by webcards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372632,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by: virtual war v1\.5\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372636,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpizabi v0\.848b c1 hfp1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by clipshare" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372641,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by amcms3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372646,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by basic cms sweetrice" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372647,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by connectix boards" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "this site is nitropowered!" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372655,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by iscripts socialware" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by litecommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372661,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "allin(?:text|body):powered by buddy zone" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372663,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by egyplus" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372665,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dayfox designs this is a port of wordpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372666,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by mcgallerypro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372667,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by tinyphpforum v3\.61" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372669,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by novaboard v1\.0\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372672,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by php director" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by one-news" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372676,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by oscommerce \| customized by ez-oscommerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by clanadmin tools v1\.4\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372682,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by iboutique v4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372683,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ugia php uploader v0\.2" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372684,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: profitcode" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372687,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by gelato cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372694,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by elitius version 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372697,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ts special edition" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372701,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by jshop" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372702,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by guruscript\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372703,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by subrion cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "site designed and built powered by globalwebtek\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by skadate dating" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by zomplog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372713,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "designed and powered by aws sports" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372714,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by gradman" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372719,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by textads 2\.08" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372727,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "copyright @ 2007 powered by hot or not clone by jnshosts\.com rate my pic :: home :: advertise :: contact us::" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by sijio - community software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by guruscript\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372733,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: myphp forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372735,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by webtext" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372741,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by info fisier\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372742,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by metinfo 3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372743,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by zylone it" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372744,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by  metinfo  2\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372748,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by  metinfo 3\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372749,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by photokorn" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372751,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by lightblog - powered by lightblog" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372752,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by eclime\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372756,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by opencart" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372757,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by rw::download v2\.0\.3 lite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372759,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: maian uploader v4\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372762,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by cmscout \(c\)2005 cmscout group" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372763,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by elitius version 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372769,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by exophpdesk v1\.2 final\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372771,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: esmile" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372775,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by power editor" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: deonixscripts\.com" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by elitius 1\.0" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372783,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by iscripts socialware" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by fantastic news v2\.1\.4" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:powered by open bulletin board" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by easysitenetwork" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372791,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by \[ isupport 1\.8 \]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by real-estate-website" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372796,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by myhobbysite 1\.01" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372798,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by flinx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by myupb" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpmyrealty" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372803,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by maian greetings v2\.1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372807,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "in(?:text|body):powered by ramaas software" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by xt-commerce" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372809,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by db masters' curium cms 1" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "website powered by subdreamer cms & sequel theme designed by indiqo\.media" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372815,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dayfox designs" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by phpbasket" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372819,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by how2asp" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372820,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by scratcher" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by ezcms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by pbboard© 2009 version 2\.0\.5" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by unak-cms" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: yes solutions" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by dolphin" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by: aj square inc" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372845,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by comdev news publisher" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by sitellite" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372849,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by wonderedit pro" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372852,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by egorix" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372854,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by oscmax v2\.0 " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372856,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by words tag script" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372857,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by modx" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372858,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "powered by discuz! 1\.0 © 2002" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:372861,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"



SecMarker END_RECON_CHECKS_POWERED

#warnings
SecRule REQUEST_HEADERS:Referer "@pm warning phpaddressbook"         "id:333934,t:none,t:urlDecodeUni,t:htmlEntityDecode,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313795,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_WARNING"
SecRule REQUEST_HEADERS:Referer   "warning: installation directory exists at powered by zen cart -demo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371613,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecRule REQUEST_HEADERS:Referer   "warning: bad arguments to \(join\|implode\) \(\) in on line -help -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371176,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: failed to open stream: http request failed on line " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371177,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: mysql_connect\(\): access denied for user: '\*@\* on line -help -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371178,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: division by zero in on line -forum" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371179,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: safe mode restriction in effect\. the script whose uid is is not allowed to access owned by uid 0 in on line" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371181,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: supplied argument is not a valid file-handle resource in " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371182,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: mysql_query\(\) invalid query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371189,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "php application warnings failing include_path" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371198,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning error on line php sablotron" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371207,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: cannot modify header information - headers already sent" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371213,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: pg_connect\(\): unable to connect to postgresql server: fatal" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371214,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "php-addressbook this is the addressbook for " "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371307,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "warning: cannot execute a blank command in" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"

SecMarker END_RECON_CHECKS_WARNING

SecRule REQUEST_HEADERS:Referer "@pm incorrect unexpected illegal error valid unclosed quotation problem allowed phpinfo sql"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333935,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313796,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_ERROR"

SecRule REQUEST_HEADERS:Referer   "error found handling the request cocoon filetype:xml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371204,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "filetype:asp  \+ \[odbc sql" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371180,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "filetype:log php parse error \| php warning \| php error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371193,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "filetype:asp custom error message category source" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371209,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "a syntax error has occurred filetype:ihtml" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371217,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer   "\[ phpinfo \]  \[ php\.ini \]  \[ cpu \]  \[ mem \]  \[ users \]  \[ tmp \]  \[ delete \]" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:371982,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "there seems to have been a problem with the  please try again by clicking the refresh button in your web browser\." "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371183,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "the script whose uid is  is not allowed to access" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371191,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "an unexpected token end-of-statement was found" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371215,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "supplied argument is not a valid (?:postgresql|mysql) result" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371220,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "unclosed quotation mark before the character string" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371224,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "an illegal character has been found in the statement -previous message" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371218,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "\[sql server driver\]\[sql server\]line 1: incorrect syntax near -forum -thread -showthread" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371186,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "incorrect syntax near" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371223,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "parse error: parse error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371185,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "databasetype\. code : 80004005\. error description :" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371192,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "internal server error server at" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371197,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "invision power board database error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371203,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "fatal error: call to undefined function -reply -the -next" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "detected an internal error \[ibm\]\[cli driver\]\[db2/6000\]" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371216,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "syntax error in query expression  -the" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371219,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "postgresql query failed:  error:  parser: parse error" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371221,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "you have an error in your sql syntax near" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371229,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "mysql error with query" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371230,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecMarker END_RECON_CHECKS_ERROR

SecRule REQUEST_HEADERS:Referer "ora-"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:333936,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313797,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_ORA"
SecRule REQUEST_HEADERS:Referer   "ora-00933: sql command not properly ended" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371225,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ora-00921: unexpected end of sql command" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371226,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ora-00936: missing expression" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371227,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "ora-00921: unexpected end of sql command" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371238,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecMarker END_RECON_CHECKS_ORA

#Installed malware
SecRule REQUEST_HEADERS:Referer "@pm cgi-telnet unit-x c99 safe_mode r57 locus c100 danyliw haxplorer phpshell"         "t:none,t:urlDecodeUni,t:htmlEntityDecode,id:333937,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:313798,t:none,pass,nolog,noauditlog,skipAfter:END_RECON_CHECKS_MALWARE"

SecRule REQUEST_HEADERS:Referer   "phpkonsole phpshell  filetype:php -echo" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371026,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Google Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "acid by roman danyliw filetype:php" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371964,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Search Engine Recon Attempt for sensitive information'"
SecRule REQUEST_HEADERS:Referer  "php haxplorer .*server files browser" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350012,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon attempt'"
SecRule REQUEST_HEADERS:Referer   "cgi-telnet unit-x team connected to \*\.com or cgi-telnet unit-x team connected to" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371977,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "www\.\*\.com - c99shell or www\.\*\.net - c99shell or www\.\*\.org - c99shell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371978,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "safe_mode: \*  php version: \*  curl: \*  mysql: \*  mssql: \*  postgresql: \*  oracle: \*" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371979,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "r57shell" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371980,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer   "intitle:r57shell \+uname -bbpress" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:371916,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerable App Search Engine Recon Attempt'"
SecRule REQUEST_HEADERS:Referer  "(?:c(?:99|100)|locus|r57shell|r57)\.(?:txt|php)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:350030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Web Shell Search Engine Recon attempt'"
SecMarker END_RECON_CHECKS_MALWARE

SecMarker END_RECON_CHECKS