Check an IP Address, Domain Name, Subnet, or ASN

20.203.42.204 was found in our database!

$ whois 20.203.42.204

country·🇦🇪 United Arab Emirates

city·Dubai

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.203.42.204scoring →

confidence

100%Very High

first_seen·Jan 20, 2026

last_seen·22m ago

first_reported·Mar 25, 2026

last_reported·19d ago

sessions·3,714

events·4,057

reports·2

$ sikker protocols 20.203.42.204

SSH

3,714 / 4,057 / 2r

$ sikker summary 20.203.42.204

20.203.42.204 has a threat confidence score of 100%. This IP address from United Arab Emirates (AS8075, Microsoft Corporation) has been observed in 3,714 honeypot sessions and reported 2 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established. First observed on January 20, 2026, most recently active April 14, 2026.

$ sikker behaviors 20.203.42.204catalog →

very_highSsh Authorized Keys Persistence Established1039x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 20.203.42.204

ssh_authorized_keys_replacement_home1043 unix_home_ssh_directory_attribute_modification_attempt1043

$ sikker reports 20.203.42.204submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 25, 2026, 19:28	Brute Force	SSH	Fail2Ban Report - Bruteforce attempt
User	Mar 25, 2026, 17:26	Brute Force	SSH	Fail2Ban Report - Bruteforce attempt

$ sikker related 20.203.42.204

🇦🇪·More threats fromUnited Arab Emirates→AS·More threats fromMicrosoft Corporation→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
135.237.125.27	80%	170
23.97.62.122	100%	618
20.46.251.132	73%	50
51.12.216.205	57%	15
135.237.126.73	81%	251

IP Address	Confidence	Events
20.203.59.187	100%	636
31.29.65.47	18%	30
165.154.12.9	92%	482
165.154.12.38	91%	648
185.54.19.234	39%	14