Check an IP Address, Domain Name, Subnet, or ASN

41.215.139.17 was found in our database!

$ whois 41.215.139.17

country·🇰🇪 Kenya

city·Nairobi

isp·JTL

asn·AS36866

network·Standard

$ sikker risk 41.215.139.17scoring →

confidence

70%High

first_seen·Mar 10, 2026

last_seen·Mar 10, 2026

sessions·7

events·7

$ sikker protocols 41.215.139.17

POSTGRES

7 / 7

$ sikker summary 41.215.139.17

41.215.139.17 has a threat confidence score of 70%. This IP address from Kenya (AS36866, JTL) has been observed in 7 honeypot sessions targeting POSTGRES protocols. First observed on March 10, 2026, most recently active March 10, 2026.

$ sikker behaviors 41.215.139.17catalog →

mediumPostgres Environment Fingerprint With Stmtcache Probe3x

Identifies a PostgreSQL reconnaissance sequence where an actor first issues a comment-based parser probe, then interacts using a deterministic statement-cache prepared statement identifier, followed by enumeration of the current database encoding and locale settings via pg_catalog.pg_database. This pattern reflects automated client or adversarial tooling performing environment fingerprinting to assess query parsing behavior, driver compatibility, and database configuration prior to further interaction or exploitation attempts.

$ sikker primitives 41.215.139.17

postgres_ping_comment_marker6 postgres_select_pg_database_encoding_locale6 postgres_prepared_statement_stmtcache_d5e798036d936623055430b36bb1d1608079a2ce1c4c24056

$ sikker related 41.215.139.17

🇰🇪·More threats fromKenya→AS·More threats fromJTL→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
197.232.51.49	63%	12
197.232.139.202	36%	1
197.232.249.253	18%	60
197.232.10.248	86%	14
41.215.129.18	39%	4

IP Address	Confidence	Events
197.232.51.49	63%	12
197.232.139.202	36%	1
129.222.147.99	48%	5
197.248.8.33	100%	1,283
41.139.200.19	23%	102