Description: This Canarytoken is placed within either the CSS of your site, or inside a 3rd party site, where you may not be able to add JavaScript and notifies you if someone clones your site and hosts it on another domain. This can alert on targeted or Adversary-in-the-Middle (AitM) phishing attacks.

Ideas for use:

Only the url() portion is required, you can change the selector and add
opacity: 0 or display: hidden if you want to style an invisible element.
Use this CSS to style 3rd party authentication pages, such as a LogTo page, or an AWS Cognito login.

Step 1:

Console Login.png

Step 2:

Select the Canarytokens tile.

Step 3:

Select the "Cloned CSS" token from the list.

CleanShot 2024-07-22 at 10.24.42@2x.png

Step 4:

Enter the website domain under Cloned Site. This is the domain of the website you'd like to protect.

Note: we used "inyoni-corp.com" as the domain
CleanShot 2024-07-22 at 10.19.35@2x.png

Step 5:

Download, copy or print the token and place it in its intended location.

CleanShot 2024-07-22 at 10.20.11@2x.png

Alert:

An alert is triggered when the cloned website is loaded.

CleanShot 2024-07-22 at 10.20.24@2x.png

You're done! ;-)

Search

How do I create a Cloned CSS Token?