High Risk
IP 207.90.244.13 is a high-risk address assessed at 8 out of 10 on the threat scale, extensively linked to hacking activity with a volume of 15,721 abuse reports logged by automated honeypot sensors over a nine-month window between September 2025 and June 2026. This Cogent Communications-hosted address (AS174) based in the United States operates at an activity frequency of 8 out of 10, indicating sustained and aggressive intrusion behavior that poses a concrete threat to any exposed network service.
The report corpus for this IP is substantial relative to typical threat actors, drawing from 20 separate honeypot sensor sources and reflecting a confidence score of 80 percent in the assessment. Community reporting channels have flagged the address repeatedly for malware and exploit-oriented connection attempts, attack connection activity, and SMTP spam abuse patterns. The temporal distribution spanning from September 2025 through June 2026 demonstrates persistent engagement rather than isolated opportunistic scanning, with the majority of recent reports categorizing the activity under the Hacking classification. This pattern is consistent with either a compromised host being leveraged for automated attacks or a deliberate infrastructure node used for systematic probing of vulnerable services.
The dominant Hacking category encompasses intrusion attempts, vulnerability exploitation, and unauthorized access vectors that can translate into data breach exposure, lateral movement within networks, or deployment of secondary payloads. The concurrent Exploited Host classification suggests external assessment that this address may itself be a compromised system operating without its owner's awareness, participating in broader attack campaigns. SMTP abuse patterns indicate potential involvement in email fraud or malware distribution chains. An address with this reputation communicating with a target network almost invariably signals hostile intent requiring immediate defensive response.
Site operators should block 207.90.244.13 at the firewall level and monitor logs for any successful connections that may indicate existing compromise. Implementing aggressive rate-limiting on authentication endpoints and enforcing strong credential policies reduces the effectiveness of any intrusion attempts that slip through perimeter defenses. Tools such as fail2ban can automate the detection and temporary blocking of repeated connection attempts matching this address's signature. Organizations receiving connections from this IP should treat any affected accounts as potentially compromised and initiate appropriate incident response procedures.
CA 
AT 
CH 
RO 
BG 
UA