Check an IP Address, Domain Name, Subnet, or ASN

40.76.116.132 was found in our database!

$ whois 40.76.116.132

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 40.76.116.132scoring →

confidence

88%Very High

first_seen·Jan 27, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·13d ago

sessions·149

events·167

reports·2

$ sikker protocols 40.76.116.132

HTTPS

68 / 75 / 1r

SMTP

14 / 17 / 1r

SSH

12 / 14

HTTP

9 / 9

FTP

8 / 8

SIP

2 / 6

IMAP

6 / 6

TELNET

6 / 6

SMB

5 / 5

MONGODB

5 / 5

POSTGRES

5 / 5

ELASTICSEARCH

4 / 4

DOCKER

1 / 3

RDP

2 / 2

REDIS

2 / 2

$ sikker summary 40.76.116.132

40.76.116.132 has a threat confidence score of 88%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 149 honeypot sessions and reported 2 times targeting HTTPS, SMTP, SSH, HTTP, FTP and 10 other protocols. First observed on January 27, 2026, most recently active March 26, 2026.

$ sikker behaviors 40.76.116.132catalog →

mediumRedis Mglndd Campaign Activity1x

Authenticated Redis sessions where the source issues a command containing the MGLNDD_[ip]_6379 pattern. The value is transmitted as part of the executed command rather than connection metadata and appears programmatically generated. This behavior groups activity where the previously defined primitive detects the MGLNDD command pattern, reflecting automated Redis interaction observed through honeypot telemetry. No assumptions are made about operator intent beyond the execution of this specific command string.

infoHttp Root Path Request6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade3x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 40.76.116.132

http_method_get8 elastic_http_get_request4 ftp_auth_tls3 http_path_bad_request2 elastic_http_bad_request_path_probe2 https_path_root1 redis_mglndd_client_identifier_tag1

$ sikker reports 40.76.116.132submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 13:32	Brute Force	HTTPS	SikkerGuard: 2 blocked packets
User	Mar 8, 2026, 11:12	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 40.76.116.132

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.219.16.35	95%	1,385
20.150.193.32	78%	114
20.29.29.56	99%	89
4.213.160.153	100%	951
20.219.16.34	95%	1,272

IP Address	Confidence	Events
23.226.133.133	96%	25
45.61.184.223	99%	14,564
172.104.210.105	78%	1,660
65.49.20.69	100%	2,709
172.81.128.48	97%	2,049