Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
209.15.110.23 has a very high threat confidence level of 100%, originating from Thailand, on the National Telecom Public Company Limited network (135566). It has been observed across 2,888 sessions targeting POSTGRES, with detected attack patterns including postgres rce with superuser persistence and capability suppression, postgres copy from program rce with superuser persistence, First observed on January 20, 2026, most recently active March 2, 2026.
Represents an advanced PostgreSQL compromise chain where an attacker achieves OS command execution via COPY ... FROM PROGRAM, establishes persistent administrative access by creating a new superuser role, and then deliberately revokes the pg_execute_server_program privilege from the default postgres role.
Represents a full PostgreSQL host compromise chain in which an attacker fingerprints the database server, prepares a temporary table to capture command output, executes arbitrary OS commands via COPY ... FROM PROGRAM (commonly using base64-encoded shell payloads), and subsequently establishes persistence by creating a new PostgreSQL role with LOGIN and SUPERUSER privileges. This behavior indicates successful remote command execution on the database host followed by deliberate persistence inside PostgreSQL, allowing the attacker to retain long-term administrative access even if the initial access vector is closed.