WAF Rule ID 313704

Alert message: Atomicorp.com Malware Removal System: Potentially malicious reverse javascript malware detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 4

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Potentially malicious reverse javascript malware detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 313705

Alert message: Atomicorp.com Malware Removal System: encrypted javascript malware detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: encrypted javascript malware detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373764

Alert message: Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 5

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373769

Alert message: Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 1

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373723

Alert message: Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 1

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373763

Alert message: Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 6

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373767

Alert message: Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373765

Alert message: Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 4

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373766

Alert message: Atomicorp.com Malware Removal System: Encoded Iframe detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Encoded Iframe detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373786

Alert message: Atomicorp.com Malware Removal System: Malicious Javascript detected in RESPONSE_BODY and removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Malicious Javascript detected in RESPONSE_BODY and removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 361029

Alert message: Atomicorp.com Malware Removal System: Malware domain detected in webserver output and REMOVED.

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • htmlEntityDecode

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Malware Removal System: Malware domain detected in webserver output and REMOVED.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 361139

Alert message: Atomicorp.com Spam Removal System: Spam domain detected in webserver output and REMOVED.

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • htmlEntityDecode

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com Spam Removal System: Spam domain detected in webserver output and REMOVED.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373896

Alert message: Atomicorp.com Malware Removal System: Potentially malicious javascript in RESPONSE_BODY removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 1

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com Malware Removal System: Potentially malicious javascript in RESPONSE_BODY removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 373795

Alert message: Atomicorp.com Malware Removal System: Potentially malicious javascript before initial html tag in RESPONSE_BODY removed

Rule Class: Generic Attack Ruleset (98_asl_adv_redactor.conf)

Version: 7

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Options: No active Response

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com Malware Removal System: Potentially malicious javascript before initial html tag in RESPONSE_BODY removed

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.