Loading threats
Uses PostgreSQL’s COPY FROM PROGRAM feature to execute an external system command and ingest its output into a table. In a honeypot context, this primitive is a high-confidence indicator of remote command execution, where the database is being abused as an execution primitive rather than for data storage. The presence of shell pipelines and decoding stages (for example base64 decoding piped into a shell) is characteristic of automated exploitation, payload staging, and post-compromise execution chains targeting misconfigured or overly privileged PostgreSQL instances.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 208.97.53.150 | 100% | 27,926 | 4,227 | 🇺🇸 US | AS30247 | 2026-02-24 |
| 212.113.98.30 | 100% | 16,243 | 5,497 | 🇷🇺 RU | AS206134 | 2026-04-23 |
| 178.250.186.28 | 99% | 11,150 | 2,058 | 🇷🇺 RU | AS207957 | 2026-04-21 |
| 157.230.55.143 | 100% | 8,948 | 4,987 | 🇺🇸 US | AS14061 | 2026-04-23 |
| 164.90.155.248 | 100% | 8,905 | 4,880 | 🇺🇸 US | AS14061 | 2026-04-23 |
| 144.217.252.80 | 100% | 8,745 | 4,887 | 🇨🇦 CA | AS16276 |
| 2026-04-23 |
| 143.198.94.28 | 100% | 8,622 | 4,928 | 🇸🇬 SG | AS14061 | 2026-04-23 |
| 157.230.250.115 | 100% | 8,619 | 4,791 | 🇸🇬 SG | AS14061 | 2026-04-23 |
| 103.81.100.222 | 100% | 8,599 | 4,835 | 🇮🇩 ID | AS58475 | 2026-04-23 |
| 209.15.110.13 | 100% | 8,558 | 4,862 | 🇹🇭 TH | AS135566 | 2026-04-23 |
| 167.172.104.27 | 100% | 8,533 | 4,853 | 🇩🇪 DE | AS14061 | 2026-04-23 |
| 62.217.122.251 | 100% | 8,483 | 4,882 | 🇬🇷 GR | AS5408 | 2026-04-23 |
| 103.236.108.25 | 100% | 8,483 | 4,885 | 🇮🇳 IN | AS132925 | 2026-04-23 |
| 128.199.197.130 | 100% | 8,433 | 4,948 | 🇸🇬 SG | AS14061 | 2026-04-23 |
| 77.222.63.226 | 100% | 8,415 | 4,764 | 🇷🇺 RU | AS44112 | 2026-04-23 |
| 137.184.65.234 | 100% | 8,413 | 4,787 | 🇺🇸 US | AS14061 | 2026-04-23 |
| 45.55.174.23 | 100% | 8,378 | 4,853 | 🇺🇸 US | AS14061 | 2026-04-23 |
| 209.15.110.23 | 100% | 8,377 | 4,945 | 🇹🇭 TH | AS135566 | 2026-04-23 |
| 83.212.174.61 | 100% | 8,312 | 4,806 | 🇬🇷 GR | AS5408 | 2026-04-23 |
| 91.90.213.175 | 100% | 8,304 | 4,819 | 🇷🇺 RU | AS57487 | 2026-04-23 |