THL Inkognito X-Admin-Token in CORS Allow-Headers Response (Admin API Auth Primitive)

SID: 3500031Rev: 2Enabled3 views
History
Filehunters-ledger.rules
CreatedMay 16, 2026
UpdatedJuly 13, 2026
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"THL Inkognito X-Admin-Token in CORS Allow-Headers Response (Admin API Auth Primitive)"; flow:established,to_client; http.header; content:"Access-Control-Allow-Headers"; nocase; content:"X-Admin-Token"; nocase; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:3500031; rev:2; metadata:author The_Hunters_Ledger, date 2026-05-16, reference https://the-hunters-ledger.com/hunting-detections/inkognito-russian-vpn-phishing-185-221-196-118-20260516-detections/;)

Metadata

authorThe_Hunters_Ledger
date2026-05-16
referencehttps://the-hunters-ledger.com/hunting-detections/inkognito-russian-vpn-phishing-185-221-196-118-20260516-detections/

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!