IOC Radar
IPMediumSignal 0/100

20.65.193.203

Location
United StatesUnited States
San Antonio, Texas
ASN
AS8075
Microsoft Azure Cloud (southcentralus)
First Seen
Mar 4, 2025
Last Seen
Jun 6, 2026
Mar 4
First Seen
466d ago
Jun 6
Last Seen
7d ago
7
Reports
source reports
0%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionSan Antonio, Texas
ASNAS8075
OrganizationMicrosoft Azure Cloud (southcentralus)

Feed Intelligence Summary

7 reports0% confidence
7
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This report details an analysis of the Indicator of Compromise (IOC) `20.65.193.203`, which has been identified as a low-risk entry. The current assessment indicates a score of 0.0 and a confirmed whitelist status, signifying that this IP address is considered benign and not associated with active malicious activity. This classification suggests that while the address may appear in various threat intelligence feeds, its mere presence does not, by itself, indicate hostile behavior or an immediate…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
7
Reports
First seenMar 4, 2025
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationSan Antonio, Texas
ASNAS8075
OrgMicrosoft Azure Cloud (southcentralus)
Coords29.4167, -98.5000

VirusTotal

Not checked

WHOIS

description
Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.65.193.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 7 threat reports