Check an IP Address, Domain Name, Subnet, or ASN

20.55.88.105 was found in our database!

Confidence Level

57%

Medium?

Geolocation

🇺🇸

United StatesWashington

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 20, 2026, 04:35 PM

Last seen1h ago

86Sessions

127Events

Protocol Breakdown

HTTPS

32 / 43

SMTP

8 / 16

HTTP

7 / 13

MONGODB

8 / 12

SSH

8 / 10

DOCKER

3 / 7

TELNET

4 / 6

SMB

4 / 5

IMAP

4 / 4

ELASTICSEARCH

4 / 4

SIP

1 / 3

FTP

2 / 2

POSTGRES

1 / 2

20.55.88.105 has a moderate threat confidence level of 57%, originating from Washington, United States, on the Microsoft Corporation network (8075). It has been observed across 86 sessions targeting HTTPS, SMTP, HTTP, MONGODB, SSH and 8 other protocols, First observed on January 20, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Http Root Path Request

info2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Docker Invalid Protocol Probe

info1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

Primitives

Individual actions observed

Elastic Http Get Request4 Mongodb Buildinfo3 Smtp Ehlo Greeting3 Elastic Http Bad Request Path Probe3 Http Method Get2 Docker Get Method2 Docker Bad Request Uri1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
52.177.84.38	56%	1
40.76.248.118	67%	144
20.83.167.30	66%	131
40.124.174.138	71%	145
20.29.49.134	79%	121

IP Address	Confidence	Events
130.12.180.66	91%	18,232
130.12.180.37	90%	18,474
130.12.180.117	91%	17,380
15.204.144.239	99%	20,947
92.118.39.63	100%	29,986