← Back to Dashboard

20.104.50.116 Threat Intelligence Report

Risk Level: CRITICAL — 33 abuse reports from 16 sources

Threat Intelligence Summary

IP address 20.104.50.116 has been flagged in 33 abuse reports across 16 independent threat intelligence sources, resulting in a threat score of 100.0/100 (critical risk). The primary activity associated with this IP is abuseipdb blacklist, along with aggregated threat, attacks, botnet, brute force, cms attack, known attacker, malware c2, malware infrastructure, port scan, reconnaissance, scanning, suspicious activity, web attack, web brute force, web scanner.

This IP is geolocated in Canada (Toronto) and belongs to the network Microsoft Corporation (AS8075). Reports span from 2026-07-02 to 2026-07-05.

Assessment: Despite a lower report volume, the severity and nature of activity from 20.104.50.116 has triggered critical-level alerts across our threat detection network. Systematic port scanning activity from this IP indicates active reconnaissance of internet-facing services, typically a precursor to targeted exploitation. This IP belongs to Microsoft Corporation, a major cloud/hosting provider — the malicious activity likely originates from a compromised or rented virtual server rather than the provider's own infrastructure.

Data aggregated from 16 independent threat intelligence sources.

Geolocation

Country Canada
City Toronto
Region Ontario
Timezone America/Toronto

Threat Status

Overall Status Critical
Threat Score 100.0%
Report Count 33
Sources 16
First Seen 2026-07-02
Last Seen 2026-07-05
AI Analysis

Check IPs automatically with the WAYSCloud API

Free tier: 1,000 lookups/day. Get threat scores, geolocation, and abuse reports via REST API.

Explore the API →

See how we classify and verify threats →

Related Intelligence

Canada Threat Intelligence → AS8075 Network Intelligence → See all top malicious IPs → View latest attacks →
Learn about these threats: