We have answers from the amazing team about triggering tokens: Q: Why is the ISP triggering the tokens? A: CanaryTokens generate a unique HTTP URL or DNS hostname which once browsed to or resolved, makes a connection back to our servers and raises an alert. The Windows Folder Token makes use of DNS to trigger an alert, and inspecting the downloaded files reveals that we set the folders icon to a remote resource and encode some local system information into the hostname. Due to the hostnames being unique, Windows will recursively query a Tokens hostname up the DNS resolution chain which usually follows the path of localhost -> local DNS server (router) -> ISP DNS servers -> Root Servers -> Canary Tokens server. We tend to see multiple alerts happening after a Token is first triggered as ISP name servers cache the query and later refresh that cache for any DNS updates, this causes the Token to trigger multiple times. The “recent places or quick access” features of Windows can keep the Tokened folder in explorer's sidebar which attempts to preview the document causes further unnecessary alerts. Our advice: once a Token has initially triggered, you'll have gotten the all-important alert to further investigate; once complete, it's worth swapping out the Token for a new one to avoid later false positives. Q: Does this work on cell phones too? A: Yes. It's worth noting however that Tokens are designed to be tripped by their intended applications.The Word Token will require a desktop version of Microsoft Word to trigger Q: What about Anti-Virus? A: AV products do sometimes detect and even trigger Tokens in their scans, it's worth hiding Tokens a little deeper in your files. Certain AV programs also offer "sandboxing" services whereby files are uploaded to their servers for safe "detonation" which can end up triggering Tokens multiple times.
@monophoto1
Жыл бұрын
Is it possible to translate this into English for those of use who aren't computer geeks.
@dannystiasny3891
Жыл бұрын
@@monophoto1 I persoanlly would appreciate a quick video on what you just said Liron , I have a comprehension issue when reading , , Allways understand your Awesome vids , easy to understand and implement into action what you explain , Thanks
@edgamilcar92
Жыл бұрын
@@monophoto1 the dns is the domain, basically it is the acces to the online information, it assings to you an ip, that is like an unique id for your device... the cache memory is like some kind of archive that stores data to be easy to access, the cache triggers the token multiple times so you are supposed to give importance to the very first one... sorry for my english, i dont know if i am being clearly enough..
@superdrykidrobot
Жыл бұрын
Homeland, FBI, Google and Windows analytics, Facebook and Amazon trackers, game launchers, Discord, the list goes on and on. Most software these days acts like spyware, but they get on the whitelist and get you to approve permissions.
@manicminer4573
Жыл бұрын
@@monophoto1 It sounds like there will be so many false triggers as to make the technique practically useless.
@LironSegev
Жыл бұрын
hmmm I am seeing several people saying that their own ISP is triggering their tokens. I am looking into why this is happening. I also reached out to Canary Token people to see if they can shed some light. So DONT PANIC - your ISP is most likely not hacking your computer. My guess it is some type of "checks" that is happening at the ISP level. Will keep you updated as I learn more. This is getting interesting 🤔
@Boda.Attila
Жыл бұрын
Same problem here, in 15 minutes got 62 alerts. Not very helpful, unfortunately.
@sma7530
Жыл бұрын
Keep us posted, please!
@hankfox4170
Жыл бұрын
From the ip addresses and locations through Comcast, it's almost as if Comcast is treating something in the code as a new DNS address and it's passing it around just like DNS propagation. It may settle down after the initial spread, then all you need is to ignore the initial burst, although it would be nice to be able to remove the "hits" from the main list.
@ZarpeParadise
2 жыл бұрын
YOU ARE Epic!!! So much valuable info, I'll be watching again! Thank You!
@LironSegev
2 жыл бұрын
appreciate you being here!
@guppymarshall9945
Жыл бұрын
You are a living legend Liron.
@madeforstreets
2 жыл бұрын
Liron you're the Best 🙌 Much love 🙏 - Stay Blessed - 🙏❤✌
@LironSegev
2 жыл бұрын
🔥
@justjacqueline2004
2 жыл бұрын
Great info as always.
@LironSegev
2 жыл бұрын
Glad it was helpful!
@DemocracyManifest-vc5jn
Жыл бұрын
I would love to see you describe home network security and how to monitor connections and do some tls dissection
@V530-15ICR
2 жыл бұрын
Tech experts gets hacked moment
@mkks4559
2 жыл бұрын
At least when they get hacked, they explain clearly how to protect ourselves from getting hacked like them.
@LironSegev
2 жыл бұрын
there are only two kind of people: those who have been hacked, and those who don't know they have been hacked....
@Dnizzle25
2 жыл бұрын
@@LironSegev give them time to let what you said marinate they'll get it tomorrow!
@timmytom
2 жыл бұрын
You are a star. Thank you . I'm subscribed.
@LironSegev
2 жыл бұрын
Welcome!
@bobgleaser7106
2 жыл бұрын
For me still lost, but good that you can help people. Thank you.
@LironSegev
2 жыл бұрын
No worries!
@CanuckDividends
2 жыл бұрын
Thanks for another useful video and yes I am a subscriber
@LironSegev
2 жыл бұрын
Awesome, thank you!
@rickco2415
2 жыл бұрын
Lots of valuable information brother ,thanks
@LironSegev
2 жыл бұрын
Glad it was helpful!
@WindowsWrecker
Жыл бұрын
Same I got hacked yesterday
@livebeforeyoudie9984
Жыл бұрын
Hello can I use canary tokens on MacBook Pro or iPhone 13? I see a lot of the tokens are related to windows
@wilhelmtaylor9863
Жыл бұрын
OK, now what do you DO with that information? Can you go after the hackers some way?
@NeptuneSega
5 ай бұрын
Secure your device obviously
@diveron
Жыл бұрын
What can I do if I catch someone?
@michaeltodd2012
Жыл бұрын
Running file backups that include a tokenized folder will also generate email alerts.
@LironSegev
Жыл бұрын
Good call. Anytime anything touches the files it is triggered. So anti virus scan, backups, cloud syncs, renaming the file etc.
@buddyboy4x44
Жыл бұрын
@@LironSegev That scares me off. I wanted to place the file and forget it, but your reply here says I will get never ending email alerts from scans, backups, etc. Correct?
@wildae.
Жыл бұрын
great information. I created a similar folder and opened it and then checked to see that it has been opened 3 times, once by me and 2 times from two different asian conuntries
@Hugh248
2 жыл бұрын
I have created the folder and shortcut and put them on my desktop, it will be interesting to see what hits i get. Thanks for creating the very interesting and useful videos.
@LironSegev
2 жыл бұрын
Hopefully you get nothing which means no one is in your system 😉 I have many of these and just hope I never see an alert. Ever.
@nigelmaxwell5751
2 жыл бұрын
Thanks Leron. Very apt for Aussie right now.
@justmeunm8
Жыл бұрын
What if your on a apple ipad which one Would you click on
@NiijiAl-Haqq
2 жыл бұрын
Thanks for your expertise. Any advice for Android phones?
@LironSegev
2 жыл бұрын
yes
@franshendrix1404
Жыл бұрын
Update: I made the token and I see that my cellphone provider seems to trigger it, now I do not know if cookies do this or a hacker is active, but I did ask them to clarify. Thank you it is nice to see.
@tiagoferreira086
Жыл бұрын
Great and useful content as always :)
@albertfullard
Жыл бұрын
What do I do if someone trigger it? How to I revoke the access they have to my PC??
@mohsman
Жыл бұрын
Thanks!
@LironSegev
Жыл бұрын
Appreciate you being here 🔥
@ritajain2453
Жыл бұрын
Bravo, brother!
@CosmicCitiZenOfficial
2 жыл бұрын
Good Info thanx 😃👍
@LironSegev
2 жыл бұрын
No problem 👍
@darkfalcon59
Жыл бұрын
wow this is crazy thanks for this man like always you keep giving great information did the email stuff now.
@LironSegev
Жыл бұрын
Thanks for the message and hanging out here 👍
@GringoLoco1
Жыл бұрын
Great info -- AGAIN! Thanks
@LironSegev
Жыл бұрын
Thanks again!
@lonniec7603
Жыл бұрын
Liron you're a Boss
@KimberlyLetsGo
Жыл бұрын
I would redirect them to one of the KZitem channels that messes with scammers. LOL
@williamgamache2882
Жыл бұрын
Thanks for the great info... I will definitely use this !!! Thank You for taking the time to educate people like me. I really like your channel . Please keep up the great work !!!
@LironSegev
Жыл бұрын
You are so welcome!
@TheMrReee
Жыл бұрын
A little confused, Google's options are always see images or always ask, there's no don't automatically download images. It does say in the link you provided, that Google automatically scans email for potential threats. So what's the score? 🤔
@KENNYB322
Жыл бұрын
WHEN I HAVE A VIDEO ATTACHED TO MY EMAIL I HAVE TO SAVE IT IN ORDER TO PLAY IT. I USE TO JUST RIGHT CLICK ON THE ATTACHMENT AND CLICK PLAY. WHAT DO I HAVE TO DO IN FIREFOX TO HAVE THIS OPTION AGAIN. THANKS
@IamLookingforWoody_________786
6 ай бұрын
Is anti-virus worth to keep in computers now in 2024?
@dig1035
Жыл бұрын
Thumbs up and subscribed!
@ryantait177
Жыл бұрын
Thanx
@DefutesM
Жыл бұрын
Don't close the token download page, First go to that "manage this token", When you get to the log page for that token (it shows the token ID number), Copy the URL for that log page and save it to your computer, else if you close that download page, you will lose access to that token history log.
@EFudd-lu6ji
11 ай бұрын
Great comment!
@jessederinger
6 ай бұрын
youve never replied to me but maybe this is my lucky shot. I followed all the directions, but I am not getting any emails and it says my token has not been triggered yet, despite me trying every which way to make it work. Theres quite a few people commenting this but I havent seen it answered. THANK YOU!
@wolfierobblack
2 жыл бұрын
Amazing bro!!!!!😮😮😮👍🏽✊🏽✊🏽🎧🎵👏🏾👏🏾👏🏾
@LironSegev
2 жыл бұрын
appreciate you being here!
@soltanakouider5922
Жыл бұрын
MERCI
@thecartinkerer
Жыл бұрын
Epic... thanks so much
@jasf316
Жыл бұрын
Would this work if I dropped these folders on a Synology server?
@tabbarsg
2 жыл бұрын
Really like those over the top, exaggerated thumbnails 👌
@LironSegev
2 жыл бұрын
what a coincidence - me too!
@thedigitallens
Жыл бұрын
This is interesting. Will try this out. 👍🏻
@chinedumichael8776
Жыл бұрын
Nice video Liron , PLEASE I've question to ask .... You said that if I open an email I received if the image load without clicking the image itself it'll notify them that I've read the email... So I taught it's only when I clicked on the image ?
@LironSegev
Жыл бұрын
nope - as soon as the image downloads, it triggers. That's how they know how many people received it, even if you didn't interact with any links.
@chinedumichael8776
Жыл бұрын
@@LironSegev Thanks for you reply. But please how do you mean download? Do you mean download straight to my phone or just the image load up or my email application (GMAIL) ?
@eltronics
Жыл бұрын
Hmm...very interesting. Insteading of email, can CanaryTokens trigger a text message?
@stephhongwwwmasterminesio5845
Жыл бұрын
Hi thanks
@DeeArroyo
4 ай бұрын
did as instructed but whenever I access this folder, there are no triggers at all
@CharlesHoens
Жыл бұрын
Nice idea, but it doesn't seem to be working for me, nor can I see the "Manage Token" screen. Help me!
@Buzzebee1
Жыл бұрын
Thanks Liron. I followed your instructions and immediatly got 8 hits from my ISP?????
@LironSegev
Жыл бұрын
yip - see my pinned comment
@Chamelionroses
Жыл бұрын
I wish there was such on cell phones too.
@subarumanrp233
Жыл бұрын
Downloaded 2 canaries ,re named them as you did...opened them and NOTHING....checked several times ...NO TRIGGERS.....Im running webrootsecure anywhere on windows 10 laptop
@jessederinger
6 ай бұрын
did you ever figure it out? im having the same experience
@seltzercoffee
2 жыл бұрын
Nice! What should I do with the info about the hackers?
@LironSegev
2 жыл бұрын
report it to your local authorities
@billdurant3560
5 ай бұрын
anyway I tried the the fast redirect and slow redirect and could not get my browsers to go through when ever I would go to test them
@ColinRussianForce
Жыл бұрын
There is a file called "desktop" which is a configuration ini file, which i believe i can see because i have windows to show all hidden files, inside the My Documents folder downloaded.
@Ruben-bm2gr
10 ай бұрын
Can you explain more about "just by it being in your email and hovering over the link" comment you made? Does this mean even if I don't click the link just hover over it and look at the URL description it is triggering a token to the sender...??? Really appreciate this info!
@PhD63
Жыл бұрын
Instantly after doing this i got over 50 triggers, all from my ISP....................... Update: I get a trigger alert approx every 30 minutes from my ISP. Update 2: I removed it due constant triggers from ISP.
@wishlistrose
Жыл бұрын
I tried the token site you mention and get this site can’t be reached?
@moodberry
Жыл бұрын
How long did it take from the time you set up the honeypot until you got results?
@ΑγγελοςΤρικωμιτης
Жыл бұрын
I FOLLOWED THE STEPS BUT when i checked history ,it says It dosent show me a list of events !!
@jessederinger
6 ай бұрын
did you ever resolve this? i am having same experience
@ΑγγελοςΤρικωμιτης
6 ай бұрын
@@jessederinger no , never
@peterbaker6038
Жыл бұрын
Love your videos with it's plethora of info. I've used IOLO System Mechanic for many, many years now but I've been disappointed with them lately. Not the product but the way they do business. The big one is they have gone to an automatic auto-renewal system and you can no longer login and make changes to your account. Their site will tell you how to login but where they tell you to look, it's not there. You need to call them to do that. IOLO has made changes as of September 2022.
@speedon68SS
Жыл бұрын
Liron I got the folder on my desktop and it gets triggered like 12 to 15 times a day. What should I do?? Reinstall windows?? Please help.
@LironSegev
Жыл бұрын
see the pinned comment where Canary Token explains why this is happening.
@blindship5792
Жыл бұрын
Can you do the same video for Mac Users plz? thanks
@ryaniglesias6381
Жыл бұрын
Amazing video as usual. I tried it and every time i startup my computer ( after i Power down) i get a trigger alert immediately...... every single time I power on my computer. I tried restart as well ( as opposed to power down) and same thing happens , i get an trigger alert as soon a my computer is restarted ( false positives) and sometimes I get many other alerts, all says my VPN ( I have VPN on at all times). I had to remove it.
@BANIAAAAK
Жыл бұрын
Thats awesome. BUT! How we de stop them from taking info are watching and viewing our PC?
@LironSegev
Жыл бұрын
there really isnt any confidential info - its a trap. Make sure you have a good anti-virus and use a VPN, dont download cracked software and you should be fine.
@sandandshoreshoppe
Жыл бұрын
Liron, I have tried putting the windows folder thingey on two different computers, and I am not getting any emails or trigger alerts on the Canary page under ''manage this token''. Your instructions are very clear and I followed them directly but still nothing. Any ideas what Im doing wrong?
@jessederinger
6 ай бұрын
did you ever find a resolution? im experiencing the same thing
@dannystiasny3891
2 жыл бұрын
can't find the mange this Token , after the other steps , Documentation , link that's it , thanks for all your Great info and vids by the way
@LironSegev
2 жыл бұрын
trigger it yourself - you will get an email and it will have a link in the email to manage the token.
@dannystiasny3891
Жыл бұрын
@@LironSegev Thanks , I checked my email after writing this and found the link to click in the Alert in my Email , lol
@dannystiasny3891
Жыл бұрын
OMG , in 20 minutes have had 18 , yea a few where me , I think , , The IP address are all different and the Maps show basically 2 locations , none since then 2 hours ago ... WOW Thanks Liron , ot sure what to do now , BUT WOW ,lol
@louf7178
Жыл бұрын
I, similarly, have an e-mail contact named "Me". Every once in a while I get an e-mail from Me. That way I know if something has gone through my contact list and tried baiting me. It's at least an alert.
@LironSegev
Жыл бұрын
nice!
@te2te111
Жыл бұрын
the hackers seeing this video 😧
@ldmuttley101
Жыл бұрын
Excellent video advice. However, I think I may be getting false positives. I have a new PC. I don't surf in admin, only visit legit known sites, and check links with virus total before visiting a new site or clicking a link I've never used before. I have an up-to-date AV, using Quad9 DNS. I always look forward to being notified of your new uploads.
@LironSegev
Жыл бұрын
isnt it strange just how much happens in the background that we are not even aware of? I wonder if its your anti-virus triggering this as it is testing the links?
@ldmuttley101
Жыл бұрын
@@LironSegev Thanks for all the tips and tricks you've offered over the years. My AV.; That was my first thought, I only mentioned it because I'm getting hits from around the world; Ireland, Germany, USA, India, Russia. I'm thinking of trying it in a new local account to see what happens. Once again thanks for all the tips and tricks you've offered over the years.
@mehulshah7205
Жыл бұрын
what if hackers are using VPN ?
@dennisneo1608
7 ай бұрын
It appears to be uneccessarily attracting hackers??
@Gulpgulp-v7b
Жыл бұрын
That would be fun yo put some rickroll
@davidgeorge4784
Жыл бұрын
This explains it so much better than what my professor did.
@LironSegev
Жыл бұрын
haha thank you for the compliment and for hanging out here!
@davidgeorge4784
Жыл бұрын
@@LironSegev you’re welcome. Love your content.
@pkjones5263
Жыл бұрын
Getting a lot of hits from _Cloudfare WARP_
@gwaeron8630
2 жыл бұрын
Thanks Liron! Honeypot set up.
@LironSegev
2 жыл бұрын
nice!!! Simple right?
@gwaeron8630
Жыл бұрын
@@LironSegev I got an alert when I shut my PC down and when I woke it from sleep. Running MS safety scanner and windows security scans and researching now. I made sure indexing was off. The src_data is always my PC. Hopefully it is just something innocent doing its thing.
@mikeduffy67
Жыл бұрын
I'm getting my folder CanaryToken triggered about 11 times a day, from the same 2 ip addresses . IPCONFIG cannot resolve those IP's. Is this my ISP doing it ?
@LironSegev
Жыл бұрын
see the pinned comment where Canary Token explains why this is happening.
@mikeduffy67
Жыл бұрын
I checked the logs from the token page, and yes, the requests are from my isp.
@DERRICK1984
Жыл бұрын
Hi Liron if im getting these tokens what do I do? I have virus protect and everything is up to date what am I missing thank you so much for your time
@DemocracyManifest-vc5jn
Жыл бұрын
Will you get notified if this file is copied or scanned by a program like Discord? Let’s say copied to remote location.
@peter486
Жыл бұрын
i do it, but i have a macro that kicks off that nukes the hardriver if they open it :)
@louf7178
Жыл бұрын
Could one create something similar in PowerShell?
@boenq1908
Жыл бұрын
Thanks for posting. I have question, why after creating the honeypot, I checked on the history, it shows all 14 clicks where various IP addresses show up, some from local and some from out of state. Does someone constantly watching it ? I have no idea.
@LironSegev
Жыл бұрын
see the pinned comment where Canary Token explains why this is happening.
@jacquesb5248
Жыл бұрын
how did they get in?
@dannystiasny3891
Жыл бұрын
Liron , will System Mechanic® Ultimate Defense help me with the people getting into my computer , like canary is showing , ? Thanks
@LironSegev
Жыл бұрын
Yup. I has great detection features
@PiltdownSuperman
Жыл бұрын
The Thunderbird email client for PCs/Laptops refuses to download images by default. They can be enabled each time or permanently for senders the user selects. Some companies don't give you much information, what they want you to see is loaded in the images which are also links. I get lenient, "This was sent from, say, a streaming service I subscribe to, so I'm more willing to allow the images to load. Others, no.
@louf7178
Жыл бұрын
I get it. Could they open a file/folder that uses encryption? Meaning not using bait, but they come across a real file.
@lyfe415
2 жыл бұрын
I don’t understand how the Windows folder part works. How did CantoryTokens knows the Windows folder was accessed? Windows folder isn’t executable like .exe, it’s just a folder? When you downloaded the folder I didn’t see you run anything else that that would trigger CantoryTokens that the folder was accessed?
@LironSegev
2 жыл бұрын
Here's a wild and crazy idea.... Try it for yourself
@monophoto1
Жыл бұрын
I tried this, but found that Google triggered the tokens more than 30 times in the first two hours after I installed it. That's not tolerable.
@LironSegev
Жыл бұрын
not at all - when you say Google, can you be more specific?
@monophoto1
Жыл бұрын
@@LironSegev All I can say is that the the reports all traced the 'hacker' back to a Google IP address in the Washington, DC area.
@stephhongwwwmasterminesio5845
Жыл бұрын
Ok
@erobos111
Жыл бұрын
Appreciate the knowledge! I've subscribed a while back
@LironSegev
Жыл бұрын
Appreciate you being here 🔥
@JonnyIT1
Жыл бұрын
Very useful video
@LironSegev
Жыл бұрын
Glad you liked it
@weskal5490
Жыл бұрын
Curious, this upload started at 2:57 into video
@dbest4755
Жыл бұрын
Hello L, I have troubles taking photos using Android smartphone in a way that is acceptable to Mobile Bank App. Please do UTube video on this subject.
@sagacitytv9288
2 жыл бұрын
First here to watch and like, am that am always first person. big ups to you big brother 👏
@LironSegev
2 жыл бұрын
you rock!
@christianduval8374
2 жыл бұрын
Why the heck do you have a minidisc player on the shelf? 🤔
@LironSegev
2 жыл бұрын
haha good old tech - still works and I have the discs too. That saved me on the daily London underground travels....
@harrybreakermorant3562
Жыл бұрын
Nice
@duran9664
2 жыл бұрын
😏 I had to do this to let ya know who’s ur boss. 😏
@LironSegev
2 жыл бұрын
thanks for confirming. have screenshotted and added it to the report.
@bobmurton5869
Жыл бұрын
Can I put a folder inside a the folder and call it "Open at your own risk.exe" so when they open it says inside "You now have a virus!" they will think they now have a virus. Ha Ha. Thanks mate! Have a cold one on me!
Пікірлер: 247