Search

How do I create a Cloned Website Canarytoken?

Description: The Cloned Website token is placed within the JavaScript of your websites and notifies you if someone clones your site and hosts it on another domain. (This is often used for targeted Phishing attacks.)

Note: If your site is actually used for phishing attacks, you will be notified for every user who loads the “malicious page" - This is great news, since it will often help with targeted Incident Response.

Follow the steps below to create a Cloned Website Canarytoken:

Step 1:

Log in to your Console.

Console Login.png

Step 2:

Select the Canarytokens tile.

Step 3:

Select the Cloned Website token from the list.

CleanShot 2024-07-23 at 09.06.54@2x.png

Step 4:

Enter the website domain under Cloned Web.

Note: we used "inyoni-corp.com" as the domain

CleanShot 2024-07-23 at 09.10.26@2x.png

Step 5:

Copy the JS into a file on your target server.

Note: you can encode the file to obfuscate it by toggling on the Obfuscate Script switch.

CleanShot 2024-07-23 at 09.10.53@2x.png

Alert:

An alert is only triggered if the page is ever loaded on another server that doesn't match the domain specified.

Note: the original domain "inyoni-corp.com" was loaded on "inyonii-corp.com"

You're done! ;-)