Check an IP Address, Domain Name, Subnet, or ASN

192.155.90.220 was found in our database!

Confidence Level

93%

Very High?

Geolocation

🇺🇸

United StatesCedar Knolls

ISPAkamai Connected Cloud

ASNAS63949

Activity Timeline

First seenJan 20, 2026, 05:06 PM

Last seen1h ago

951Sessions

1,670Events

Protocol Breakdown

SSH

474 / 744

FTP

26 / 168

HTTP

64 / 118

SIP

59 / 108

REDIS

38 / 107

HTTPS

63 / 105

TELNET

48 / 73

IMAP

36 / 68

SMB

38 / 38

POSTGRES

38 / 38

RTSP

13 / 34

MSSQL

20 / 20

MONGODB

18 / 20

DOCKER

7 / 17

ELASTICSEARCH

5 / 5

TR069

1 / 3

RDP

2 / 2

WINRM

1 / 2

192.155.90.220 has a very high threat confidence level of 93%, originating from Cedar Knolls, United States, on the Akamai Connected Cloud network (63949). It has been observed across 951 sessions targeting SSH, FTP, HTTP, SIP, REDIS and 13 other protocols, First observed on January 20, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Ftp Control Channel Protocol Anomaly

low16x

FTP session where an empty control-channel command is observed in conjunction with non-printable binary data on the control channel. This pattern reflects malformed or non-FTP-compliant input, commonly seen during TLS handshake attempts on plaintext endpoints, protocol confusion, or automated scanner misfires.

Https Root Path Request

info21x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info17x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Docker Invalid Protocol Probe

info1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

Primitives

Individual actions observed

Ftp Control Channel Binary Payload85 Empty Ftp Command48 Https Path Root21 Http Method Get18 Docker Get Method7 Elastic Root Path Probe5 Elastic Http Get Request5 Redis Command Http Host Header Port 63795 Docker Bad Request Uri2 Http Path Bad Request1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
172.104.105.194	50%	534
172.236.179.87	100%	64
45.79.128.205	91%	1,582
45.79.172.21	92%	1,711
45.79.181.179	90%	1,630

IP Address	Confidence	Events
15.204.144.239	99%	21,381
130.12.180.92	91%	18,563
91.92.243.24	91%	19,274
92.118.39.92	100%	99,147
52.165.80.170	65%	131