Notable Threat
IP 207.90.244.17 is a high-risk address associated with sustained hacking activity, having generated 609 abuse reports with a confidence score of 88 percent, making it a significant threat to any exposed services on the internet. This Cogent Communications-operated address (AS174) originating from the United States has maintained an activity frequency rated 8 out of 10, indicating persistent and repeated malicious engagement against targeted infrastructure over a monitoring period spanning from August 2025 through June 2026.
The evidence base for this assessment derives entirely from automated honeypot sensors, which logged 20 distinct hacking-related incidents attributable to 207.90.244.17. The volume of community reports, combined with the consistently high activity frequency over approximately ten months, demonstrates deliberate and organized intrusion behavior rather than opportunistic or accidental connectivity. The AS174 network operated by Cogent Communications is a major upstream internet backbone provider, and IP addresses originating from such large transit networks are frequently leveraged by threat actors seeking to anonymize their infrastructure or exploit the broad reach of tier-one providers.
The dominant threat classification for this address is general hacking activity, which encompasses unauthorized access attempts, exploitation of software vulnerabilities, and intrusion vectors designed to compromise target systems. The persistent nature of the activity against honeypot sensors suggests the address is involved in systematic reconnaissance or exploitation campaigns. Organizations running exposed services such as SSH, Telnet, HTTP APIs, or other network-accessible interfaces face concrete risk of credential compromise, data exfiltration, or malware deployment if this address is not blocked at the network perimeter.
Site operators should implement immediate blocking of 207.90.244.17 at the firewall or network edge device to eliminate known malicious traffic. Deploying fail2ban or equivalent log-based intrusion prevention tools can automate dynamic blocking of repeated connection attempts. Enforcing strong authentication, including key-based authentication for SSH and multi-factor authentication where supported, significantly reduces the effectiveness of any credential-focused attacks. Continuous monitoring of authentication logs for connections originating from this address and regular review of honeypot telemetry will help identify whether the threat actor shifts tactics or sources.
CA 
AT 
RO 
GB 
BG