THL Inkognito X-Admin-Token in CORS Allow-Headers Response (Admin API Auth Primitive)
Sourcehunters-ledger
Filehunters-ledger.rules
CreatedMay 16, 2026
UpdatedJuly 13, 2026
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"THL Inkognito X-Admin-Token in CORS Allow-Headers Response (Admin API Auth Primitive)"; flow:established,to_client ; http.header; content:"Access-Control-Allow-Headers"; nocase; content:"X-Admin-Token"; nocase; threshold:type limit,track by_src,count 1,seconds 3600 ; classtype:trojan-activity; sid:3500031; rev:2; metadata:author The_Hunters_Ledger, date 2026-05-16, reference https://the-hunters-ledger.com/hunting-detections/inkognito-russian-vpn-phishing-185-221-196-118-20260516-detections/ ;)
Metadata
authorThe_Hunters_Ledger
date2026-05-16
referencehttps://the-hunters-ledger.com/hunting-detections/inkognito-russian-vpn-phishing-185-221-196-118-20260516-detections/
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!