IP address 20.104.50.116 has been flagged in 33 abuse reports across 16 independent threat intelligence sources, resulting in a threat score of 100.0/100 (critical risk). The primary activity associated with this IP is abuseipdb blacklist, along with aggregated threat, attacks, botnet, brute force, cms attack, known attacker, malware c2, malware infrastructure, port scan, reconnaissance, scanning, suspicious activity, web attack, web brute force, web scanner.
This IP is geolocated in Canada (Toronto) and belongs to the network Microsoft Corporation (AS8075). Reports span from 2026-07-02 to 2026-07-05.
Assessment: Despite a lower report volume, the severity and nature of activity from 20.104.50.116 has triggered critical-level alerts across our threat detection network. Systematic port scanning activity from this IP indicates active reconnaissance of internet-facing services, typically a precursor to targeted exploitation. This IP belongs to Microsoft Corporation, a major cloud/hosting provider — the malicious activity likely originates from a compromised or rented virtual server rather than the provider's own infrastructure.