IP address 20.203.42.204 has been flagged in 207 abuse reports across 25 independent threat intelligence sources, resulting in a threat score of 100.0/100 (critical risk). The primary activity associated with this IP is abuseipdb blacklist, along with aggregated threat, attacks, brute force, bruteforce, known attacker, malware c2, malware infrastructure, reconnaissance, ssh-bruteforce, ssh brute force, ssh bruteforce, suspicious activity, voip attack.
This IP is geolocated in United Arab Emirates (Dubai) and belongs to the network Microsoft Corporation (AS8075). Reports span from 2025-09-27 to 2026-04-17.
Assessment: With 207 abuse reports, 20.203.42.204 shows persistent malicious activity that has been flagged by multiple threat intelligence feeds. The IP has been observed conducting automated SSH login attempts against internet-facing servers, a technique commonly used to gain unauthorized access to systems. This IP belongs to Microsoft Corporation, a major cloud/hosting provider — the malicious activity likely originates from a compromised or rented virtual server rather than the provider's own infrastructure.