Check an IP Address, Domain Name, Subnet, or ASN

66.179.9.227 was found in our database!

$ whois 66.179.9.227

country·🇨🇦 Canada

city·Maple

isp·Nuday Networks Inc.

asn·AS1100

network·Standard

$ sikker risk 66.179.9.227scoring →

confidence

100%Very High

first_seen·Feb 25, 2026

last_seen·1h ago

first_reported·Feb 25, 2026

last_reported·24d ago

sessions·4,132

events·4,168

reports·111

$ sikker protocols 66.179.9.227

POSTGRES

4,132 / 4,168 / 109r

$ sikker summary 66.179.9.227

66.179.9.227 has a threat confidence score of 100%. This IP address from Canada (AS1100, Nuday Networks Inc.) has been observed in 4,132 honeypot sessions and reported 111 times targeting POSTGRES protocols. Detected attack patterns include postgres copy from program execution chain. First observed on February 25, 2026, most recently active April 15, 2026.

$ sikker behaviors 66.179.9.227catalog →

very_highPostgres Copy From Program Execution Chain3839x

Represents a complete, tightly scoped PostgreSQL exploitation chain where a client initiates a transaction, fingerprints the server version, prepares a temporary table, executes an external system command via COPY FROM PROGRAM, retrieves the command output, and immediately cleans up by dropping the table. This sequence is highly characteristic of automated post-authentication exploitation tooling that abuses PostgreSQL’s trusted language and program execution features for one-shot remote command execution, output capture, and minimal on-disk footprint. The rapid execution and cleanup indicate intent to execute payloads rather than interact with the database as a datastore.

$ sikker primitives 66.179.9.227

sql_transaction_begin4090 postgres_version_probe_lowercase_no_;4082 postgres_drop_table_if_exists4052 postgres_select_table_contents4050 postgres_create_table_cmd_output4045 postgres_copy_from_program_command_execution4045 postgres_drop_table3991

$ sikker reports 66.179.9.227submit →

Showing 5 of 25 reports (111 total) from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 13:40	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets
User	Mar 22, 2026, 08:27	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets
User	Mar 22, 2026, 03:34	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets
User	Mar 21, 2026, 22:21	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets
User	Mar 21, 2026, 17:18	Brute Force	POSTGRES	SikkerGuard: 6 blocked packets

1 / 5

$ sikker related 66.179.9.227

🇨🇦·More threats fromCanada→AS·More threats fromNuday Networks Inc.→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
85.217.149.56	81%	220
149.56.155.187	97%	5,343
86.54.31.38	100%	3,556
85.217.149.74	88%	243
85.217.149.11	95%	1,015