Severe Risk
IP address 207.90.244.6 is a maximum-threat-level infrastructure address linked to sustained hacking activity, representing one of the highest-risk entries in public abuse databases. This Cogent Communications-operated address, registered in the United States under ASN 174, has accumulated 311 separate incident reports within a ten-month window spanning August 2025 through June 2026, indicating persistent and aggressive intrusion-oriented behavior rather than opportunistic scanning.
Community-driven and automated honeypot sensors documented all 20 recent threat-category reports originating from this single IP address, with an activity frequency rating of 8 out of 10 confirming near-continuous offensive operations. The 94% confidence score assigned to this address reflects substantial corroboration across multiple detection mechanisms, lending high reliability to the assessment that 207.90.244.6 represents a genuine, active threat actor rather than misclassified legitimate traffic. The sustained timeline of malicious activity spanning nearly a year demonstrates organized, persistent operations utilizing US-based network infrastructure, a common pattern among actors leveraging reputable hosting providers to blend into normal traffic profiles.
The dominant threat classification of hacking encompasses systematic intrusion attempts, vulnerability exploitation, and unauthorized access vectors targeting exposed services. For network operators and service administrators, this translates to concrete risk of credential compromise, service disruption, or backdoor establishment if systems remain unpatched or inadequately monitored. The volume and persistence of reports suggest automated attack toolchains capable of probing diverse entry points across internet-facing deployments.
Administrators should immediately block or rate-limit traffic originating from 207.90.244.6 at the network perimeter, deploy or strengthen fail2ban-style automated blocking daemons to mitigate repeated connection attempts, and ensure all internet-facing services run current security patches. Implementing strict authentication requirements including certificate-based or multi-factor mechanisms substantially reduces credential-stuffing success rates. Continuous traffic analysis and intrusion detection monitoring will identify any remaining probing activity for timely incident response.
CA 
AT 
MU 
MX 
SC 
UA 
RO 
EG