Check an IP Address, Domain Name, Subnet, or ASN

40.124.173.224 was found in our database!

Confidence Level

69%

High?

Geolocation

🇺🇸

United StatesSan Antonio

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 21, 2026, 01:41 PM

Last seen1h ago

79Sessions

116Events

Protocol Breakdown

HTTPS

35 / 55

SMTP

4 / 12

SSH

8 / 8

FTP

4 / 7

REDIS

4 / 7

MONGODB

5 / 7

SMB

6 / 6

POSTGRES

5 / 6

HTTP

4 / 4

IMAP

2 / 2

MSSQL

2 / 2

40.124.173.224 has a high threat confidence level of 69%, originating from San Antonio, United States, on the Microsoft Corporation network (8075). It has been observed across 79 sessions targeting HTTPS, SMTP, SSH, FTP, REDIS and 6 other protocols, First observed on January 21, 2026, most recently active March 12, 2026.

Behaviors

Classified behavioral patterns observed

Redis Mglndd Campaign Activity

low1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

Http Root Path Request

info3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Https Root Path Request

info3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Primitives

Individual actions observed

Http Method Get4 Https Path Root3 Mongodb Buildinfo3 Redis Mglndd Client Identifier Tag2 Ftp Auth Tls1 Http Path Bad Request1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMicrosoft Corporation HTTPSMore threats targetingHTTPS SMTPMore threats targetingSMTP SSHMore threats targetingSSH FTPMore threats targetingFTP REDISMore threats targetingREDIS MONGODBMore threats targetingMONGODB SMBMore threats targetingSMB POSTGRESMore threats targetingPOSTGRES HTTPMore threats targetingHTTP IMAPMore threats targetingIMAP MSSQLMore threats targetingMSSQL { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
20.163.32.79	74%	148
20.84.153.185	60%	104
20.84.153.199	73%	99
40.74.208.9	59%	139
172.208.24.40	84%	140

IP Address	Confidence	Events
130.12.180.44	91%	26,788
130.12.180.82	91%	26,071
206.168.34.217	30%	1,422
167.99.224.142	78%	192
104.243.45.20	100%	60,010