20.64.96.40 — Microsoft Corporation, US — High (69%)

Check an IP Address, Domain Name, Subnet, or ASN

20.64.96.40 was found in our database!

Confidence Level

69%

High?

Geolocation

🇺🇸

United StatesSan Antonio

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 21, 2026, 06:25 PM

Last seen17h ago

121Sessions

183Events

Protocol Breakdown

HTTPS

34 / 49

SIP

10 / 18

SMTP

10 / 18

FTP

6 / 14

HTTP

8 / 14

SMB

12 / 13

MONGODB

7 / 13

SSH

10 / 12

DOCKER

3 / 7

IMAP

6 / 6

REDIS

2 / 5

TELNET

4 / 4

POSTGRES

3 / 4

MSSQL

3 / 3

ELASTICSEARCH

3 / 3

20.64.96.40 has a high threat confidence level of 69%, originating from San Antonio, United States, on the Microsoft Corporation network (8075). It has been observed across 121 sessions targeting HTTPS, SIP, SMTP, FTP, HTTP and 10 other protocols, First observed on January 21, 2026, most recently active March 4, 2026.

Behaviors

Classified behavioral patterns observed

Redis Mglndd Campaign Activity

low1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

Http Root Path Request

info3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Smtp Ehlo Greeting4 Elastic Http Get Request4 Http Method Get3 Docker Get Method2 Elastic Http Bad Request Path Probe2 Ftp Auth Ssl1 Ftp Auth Tls1 Https Path Root1 Elastic Root Path Probe1 Redis Mglndd Client Identifier Tag1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMicrosoft Corporation HTTPSMore threats targetingHTTPS SIPMore threats targetingSIP SMTPMore threats targetingSMTP FTPMore threats targetingFTP HTTPMore threats targetingHTTP SMBMore threats targetingSMB MONGODBMore threats targetingMONGODB SSHMore threats targetingSSH DOCKERMore threats targetingDOCKER IMAPMore threats targetingIMAP REDISMore threats targetingREDIS TELNETMore threats targetingTELNET POSTGRESMore threats targetingPOSTGRES MSSQLMore threats targetingMSSQL ELASTICSEARCHMore threats targetingELASTICSEARCH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
20.169.107.54	73%	54
135.237.126.90	60%	40
20.169.106.132	62%	19
20.55.98.221	58%	39
20.169.108.13	33%	24

IP Address	Confidence	Events
40.90.234.147	69%	27
87.121.84.57	86%	107
92.118.39.62	100%	351,905
135.237.127.238	60%	33
206.168.34.192	30%	1,248