157.230.191.69 — DigitalOcean, LLC, US — Very High (98%)

Check an IP Address, Domain Name, Subnet, or ASN

157.230.191.69 was found in our database!

Confidence Level

98%

Very High?

Geolocation

🇺🇸

United StatesNorth Bergen

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenFeb 4, 2026, 05:36 PM

Last seen24d ago

385Sessions

1,499Events

Protocol Breakdown

REDIS

296 / 1315

POSTGRES

65 / 117

MONGODB

11 / 54

MSSQL

13 / 13

157.230.191.69 has a very high threat confidence level of 98%, originating from North Bergen, United States, on the DigitalOcean, LLC network (14061). It has been observed across 385 sessions targeting REDIS, POSTGRES, MONGODB, MSSQL, First observed on February 4, 2026, most recently active February 6, 2026.

Behaviors

Classified behavioral patterns observed

Mongodb Database Enumeration

medium11x

Client performs initial MongoDB discovery using isMaster followed by listDatabases and buildinfo, indicating active enumeration of server structure and version details. This pattern goes beyond basic probing and reflects an attempt to map available databases on an exposed instance.

Redis Service Fingerprint Enumeration

low16x

Identifies Redis service discovery and basic environment enumeration where an actor probes with invalid commands, validates availability using PING, retrieves server metadata via INFO (case variations), and gracefully exits with QUIT. This pattern is commonly used to fingerprint exposed Redis instances before exploitation.

Redis Automated Service Fingerprinting Sequence

low16x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

Primitives

Individual actions observed

Mongodb Ismaster55 Mongodb Buildinfo55 Mongodb Listdatabases55 Redis Ping16 Redis Quit16 Redis Info Uppercase16 Redis Nonexistent Command16

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromDigitalOcean, LLC REDISMore threats targetingREDIS POSTGRESMore threats targetingPOSTGRES MONGODBMore threats targetingMONGODB MSSQLMore threats targetingMSSQL { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
146.190.105.81	99%	124
159.65.26.16	99%	400
104.248.169.83	99%	337
170.64.156.162	99%	284
68.183.26.186	89%	162

IP Address	Confidence	Events
192.155.90.118	90%	1,622
168.144.38.100	99%	163
92.118.39.87	100%	231,720
174.138.89.122	69%	42
143.198.79.40	99%	354