Check an IP Address, Domain Name, Subnet, or ASN

82.153.138.57 was found in our database!

$ whois 82.153.138.57

country·🇷🇴 Romania

city·Orăştie

isp·Internet Magnate (Pty) Ltd

asn·AS214209

network·Tor Exit Node

$ sikker risk 82.153.138.57scoring →

confidence

80%Very High

first_seen·Jan 24, 2026

last_seen·9h ago

sessions·46

events·264

$ sikker protocols 82.153.138.57

POSTGRES

24 / 240

SSH

15 / 17

ELASTICSEARCH

3 / 3

HTTPS

2 / 2

TELNET

2 / 2

$ sikker summary 82.153.138.57

82.153.138.57 has a threat confidence score of 80%. This IP address from Romania (AS214209, Internet Magnate (Pty) Ltd) has been observed in 46 honeypot sessions targeting POSTGRES, SSH, ELASTICSEARCH, HTTPS, TELNET protocols. This IP is a known Tor exit node. Detected attack patterns include postgres copy from program execution chain. First observed on January 24, 2026, most recently active March 28, 2026.

$ sikker behaviors 82.153.138.57catalog →

very_highPostgres Copy From Program Execution Chain1x

Represents a complete, tightly scoped PostgreSQL exploitation chain where a client initiates a transaction, fingerprints the server version, prepares a temporary table, executes an external system command via COPY FROM PROGRAM, retrieves the command output, and immediately cleans up by dropping the table. This sequence is highly characteristic of automated post-authentication exploitation tooling that abuses PostgreSQL’s trusted language and program execution features for one-shot remote command execution, output capture, and minimal on-disk footprint. The rapid execution and cleanup indicate intent to execute payloads rather than interact with the database as a datastore.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 82.153.138.57

elastic_root_path_probe3 elastic_http_get_request3 https_path_root1 postgres_drop_table1 sql_transaction_begin1 postgres_drop_table_if_exists1 postgres_select_table_contents1 postgres_create_table_cmd_output1 postgres_version_probe_lowercase1 postgres_version_probe_lowercase_no_;1 postgres_copy_from_program_background_execution1

$ sikker related 82.153.138.57

🇷🇴·More threats fromRomania→AS·More threats fromInternet Magnate (Pty) Ltd→POST·More threats targetingPOSTGRES→SSH·More threats targetingSSH→ELAS·More threats targetingELASTICSEARCH→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
82.153.138.129	67%	19
151.242.30.119	96%	15
93.113.25.90	54%	10
94.156.152.217	55%	7
45.137.99.182	16%	7

IP Address	Confidence	Events
89.47.53.19	100%	1,068
193.32.162.13	100%	107,210
80.94.92.177	100%	319,645
80.94.92.183	100%	167,361
80.94.92.167	100%	324,755