40.76.117.18 — Microsoft Corporation, US — High (74%)

Check an IP Address, Domain Name, Subnet, or ASN

40.76.117.18 was found in our database!

Confidence Level

74%

High?

Geolocation

🇺🇸

United StatesWashington

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 21, 2026, 07:52 PM

Last seen7h ago

128Sessions

188Events

Protocol Breakdown

HTTPS

59 / 81

SMTP

14 / 26

HTTP

12 / 22

SSH

8 / 11

FTP

4 / 9

TELNET

4 / 6

SIP

5 / 5

SMB

4 / 5

TR069

2 / 5

IMAP

3 / 3

RTSP

1 / 3

REDIS

3 / 3

ELASTICSEARCH

3 / 3

DOCKER

2 / 2

MONGODB

2 / 2

MSSQL

1 / 1

POSTGRES

1 / 1

40.76.117.18 has a high threat confidence level of 74%, originating from Washington, United States, on the Microsoft Corporation network (8075). It has been observed across 128 sessions targeting HTTPS, SMTP, HTTP, SSH, FTP and 12 other protocols, First observed on January 21, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Https Root Path Request

info3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Primitives

Individual actions observed

Elastic Http Get Request5 Smtp Ehlo Greeting4 Elastic Http Bad Request Path Probe4 Rtsp Options3 Https Path Root3 Ftp Auth Tls2 Http Method Get2 Docker Get Method2 Ftp Auth Ssl1 Redis Info Lowercase1 Redis Mglndd Client Identifier Tag1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
20.169.107.54	73%	54
135.237.126.90	60%	40
20.169.106.132	62%	19
20.55.98.221	58%	39
20.169.108.13	33%	24

IP Address	Confidence	Events
40.90.234.147	69%	27
87.121.84.57	86%	107
92.118.39.62	100%	351,905
135.237.127.238	60%	33
206.168.34.192	30%	1,248