Critical Alert
IP 207.90.244.4 is a critical-risk address that has been repeatedly linked to hacking activity, with automated honeypot sensors recording 337 incident reports across an eight-month period between October 2025 and June 2026. With a threat level rated at the maximum score of 10 out of 10 and a confidence score of 91 percent, this IP represents one of the most persistently malicious actors observed within the detection timeframe. The activity frequency score of 8 out of 10 indicates that the hostile behavior is not intermittent but sustained over months, making it a consistent threat to any exposed service.
The network infrastructure housing this IP belongs to COGENT-174, operated by Cogent Communications, a major United States-based ISP providing backbone connectivity. Despite originating from a Tier-1 network operator in a country with robust cybersecurity infrastructure, the IP has generated reports exclusively for hacking activity across all 20 of the most recent detections, pointing to a deliberate and targeted campaign rather than misconfigured or compromised end-user equipment. The entire corpus of 337 reports derives from automated honeypot sensors, lending statistical weight to the assessment that this address is actively engaged in systematic intrusion attempts against internet-facing systems.
The dominant threat category, Hacking, encompasses a broad spectrum of intrusion tradecraft including vulnerability exploitation, unauthorized access attempts, and reconnaissance activity designed to identify entry points into target environments. The consistent volume of reports suggests that IP 207.90.244.4 functions as part of an automated attack infrastructure, likely conducting credential guessing, exploit probing, or serving as a source node for further compromise campaigns. Real-world risk includes data exfiltration, service disruption, lateral movement within networks, and deployment of secondary payloads on successfully breached systems.
Site operators should treat traffic from this IP as hostile and block it at the firewall or network edge to eliminate exposure entirely. Implementing automated blocking tools such as fail2ban or comparable intrusion-prevention solutions can detect and reject repeated connection patterns associated with this address in real time. Enforcing strong authentication requirements, including key-based SSH access, non-standard port configuration, and account lockout policies, significantly reduces the effectiveness of any subsequent attempts. Continuous monitoring of authentication logs and network traffic for patterns consistent with the observed attack methodology will enable rapid identification and containment should blocking measures be temporarily bypassed.
CA 
AT 
HK 
UA