Significant Threat
IP 207.90.244.5 is a high-risk address with a threat level of 8 out of 10 that has accumulated 17,703 abuse reports from automated honeypot sensors over approximately nine months of sustained hostile activity, indicating a persistent and prolific source of intrusion attempts targeting networks worldwide.
The address traces to Cogent Communications (ASN AS174) based in the United States and was first reported in September 2025 with continued activity logged through June 2026. Of the 21 most recent threat reports, 20 classified the activity as general hacking attempts while 1 targeted Internet of Things infrastructure specifically. The honeypot sensor network detected both standard attack connection patterns and IoT/ICS-directed probes originating from this single source, reflecting an attacker or automated toolkit pursuing multiple vectors simultaneously. With an activity frequency rated 8 out of 10 and a confidence score of 79 percent, the volume and consistency of these reports strongly corroborate the assessed threat level.
The dominant hacking activity from this IP represents automated intrusion attempts including vulnerability scanning, credential guessing, and exploitation probing against publicly accessible services. Combined with documented IoT-targeted behavior, this pattern suggests the operator is conducting widespread reconnaissance to identify both traditional server vulnerabilities and weakly secured connected devices such as cameras, routers, and industrial control systems. The dual-focus approach maximises the chances of finding an exploitable entry point across diverse target environments, making any exposed service a potential point of compromise.
Network operators should block or rate-limit traffic from 207.90.244.5 at the firewall level and implement strict ingress filtering on edge devices. Exposed services should enforce strong, unique credentials and multi-factor authentication where feasible. Deploying tools such as fail2ban or equivalent intrusion prevention systems can automatically detect and neutralise repeated connection attempts. Regularly auditing publicly accessible assets and segmenting IoT devices onto isolated network zones will reduce the attack surface should these or similar scanning campaigns eventually bypass perimeter defences.
CA 
AT 
UA 
RO 
GB 
BG 
KZ 
FR 
PS 
VN