Check an IP Address, Domain Name, Subnet, or ASN

40.124.120.52 was found in our database!

$ whois 40.124.120.52

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 40.124.120.52scoring →

confidence

77%High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·6d ago

sessions·111

events·150

reports·1

$ sikker protocols 40.124.120.52

HTTPS

23 / 31

HTTP

15 / 28

SMTP

14 / 20

SMB

14 / 16

MONGODB

8 / 12 / 1r

ELASTICSEARCH

9 / 9

SSH

5 / 6

IMAP

6 / 6

TELNET

4 / 6

FTP

2 / 5

RDP

4 / 4

DOCKER

3 / 3

MSSQL

2 / 2

SIP

1 / 1

POSTGRES

1 / 1

$ sikker summary 40.124.120.52

40.124.120.52 has a threat confidence score of 77%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 111 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SMTP, SMB, MONGODB and 10 other protocols. First observed on January 21, 2026, most recently active March 23, 2026.

$ sikker behaviors 40.124.120.52catalog →

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 40.124.120.52

elastic_http_get_request13 elastic_http_bad_request_path_probe8 smtp_ehlo_greeting5 http_method_get4 https_path_root3 docker_get_method3 http_path_bad_request3 elastic_root_path_probe2 sip_call_id_token_at_ip1

$ sikker reports 40.124.120.52submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 22:42	Brute Force	MONGODB	SikkerGuard: 2 blocked packets

$ sikker related 40.124.120.52

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	2,463
135.119.112.121	75%	150
13.94.117.127	77%	230
52.180.144.185	64%	123
172.206.243.183	54%	32

IP Address	Confidence	Events
167.94.138.51	50%	1,643
92.118.39.63	100%	53,097
167.94.138.43	50%	1,747
45.61.184.223	98%	1,487
212.162.151.134	94%	84