Check an IP Address, Domain Name, Subnet, or ASN

135.237.126.84 was found in our database!

Confidence Level

74%

High?

Geolocation

🇺🇸

United StatesWashington

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 20, 2026, 12:58 PM

Last seen1h ago

96Sessions

148Events

Protocol Breakdown

FTP

12 / 33

HTTPS

21 / 32

SSH

10 / 14

HTTP

7 / 13

TELNET

9 / 11

SMB

8 / 9

REDIS

4 / 7

SIP

6 / 6

DOCKER

4 / 6

SMTP

4 / 5

ELASTICSEARCH

5 / 5

RDP

2 / 2

IMAP

2 / 2

RTSP

1 / 2

MONGODB

1 / 1

135.237.126.84 has a high threat confidence level of 74%, originating from Washington, United States, on the Microsoft Corporation network (8075). It has been observed across 96 sessions targeting FTP, HTTPS, SSH, HTTP, TELNET and 10 other protocols, First observed on January 20, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Redis Mglndd Campaign Activity

low1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

Http Root Path Request

info3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Elastic Http Get Request5 Rtsp Options3 Http Method Get3 Docker Get Method3 Elastic Http Bad Request Path Probe3 Ftp Auth Ssl2 Ftp Auth Tls2 Https Path Root2 Redis Mglndd Client Identifier Tag2 Smtp Ehlo Greeting1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
20.49.0.100	97%	60
135.237.126.205	47%	30
20.169.104.255	64%	134
40.119.32.47	64%	129
20.163.10.187	79%	201

IP Address	Confidence	Events
209.222.101.54	100%	46,388
130.12.180.70	91%	18,774
130.12.180.53	91%	18,724
130.12.180.75	91%	18,005
130.12.180.37	90%	19,160