IPMediumSignal 64/100

`207.90.244.14`

Location

United States

Pflugerville, Texas

ASN

AS174

SHODAN, LLC

First Seen

Jun 27, 2023

Last Seen

Jun 11, 2026

Jun 27

First Seen

1085d ago

Jun 11

Last Seen

5d ago

Reports

source reports

64%

Confidence

medium

Found in 43 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

98 techniques

Network Information

Country

United States

RegionPflugerville, Texas

ASNAS174

OrganizationSHODAN, LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

43 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseackack scanactive scanactive scanningadbhoney honeypotadminalaskaalert aggregationapacheapache attackerapiapplication layer protocolaptasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attemptsauto-generated securityautomated enumerationautomated reconnaissance activitybad reputationbad web botbankingbanlist feedbanner grabbing attemptbeningbening scannerbinary defenseblacklist candidateblacklisted ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercertciscocisco asa attackcisco attackcisco devicecisco device attackcisco device scanningcisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscisco scanningcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommentcommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised hostsconfigconnect scanconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescrypto currencycryptocurrencycvecve exploitation attemptcyber threatsdata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase exploitationdatabase probingdatabase securitydcom exploitationddosddos attackddos attacksddos attemptddos probedecoy systemdefense evasiondenialdenial of servicedesktopdevice managementdigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondirectory traversaldirectory traversal probedistributed attacksemailencryptionenterprise networkingenterprise securityenumerationeuropeexecutable fileexploitexploit attemptexploit scanexploit targetingexploitationexploitation activityexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexternal scanfailed login attemptsfinfin port scanfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall detectionfirewall detection probefirewall evasionfrancefraud voipftpftp attacksftp brute forceftp brute-forcefull connect scangeckogermanygithubgroupshackinghelloheralding activityhoneynet connecthoneypot 24h activityhoneypot triggeredhoneytrap honeypothtmlhttphttp brute forcehttp probehttp probinghttp scannerhttp scanninghttpshttps probehttps scanninghuntericmpicmp scanics securityidentity & access exploitationidsids evasionimagesimap brute forceinbound scanindexindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessinjection activityinjection attacksinput validationintel macinternal scaninternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackipphoney honeypotit infrastructurekhtmlkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attack attemptlamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglatamlateral movementlateral movement techniqueslinux malwarelinux x8664load balancerloginlogin attacklogin attemptmailoney activitymailoney honeypotmaimon scanmalaysiamalicious activitymalicious ip detectedmalicious network activitymalicious payloadmalicious softwaremalicious trafficmalicious_activitymalwaremalware attemptmalware behaviourmalware capturemalware distributionmalware download attemptmalware download attemptsmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive scanningmedium-riskmicrosoft technologiesmirai botnetmispmobilemobile securitymysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_intrusionnidsnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen portsopen proxyopenctioperating system detectionos detectionos fingerprintingos fingerprinting attemptos xosint enrichmentpassword attackpassword attackspassword sprayingpayloadpayment processingphishingphishing attackphishing trapphp injection attemptsping of deathpngpolandpop3 brute forceportscanpossible botnet activitypossible credential stuffingpossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpostgrespotential botnet activitypotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential malware deploymentpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobingprobing activityprocess injectionprotocol exploitationprotocol scanproxypythonradminransomwarereconnaissancereconnaissance activityredis honeypotredis honeypot activityredishoneypotredishoneypot activityredmineremote accessremote service exploitationremote service interactionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner detectionscannersscanningscanning activityscriptscripting attackssecurity operationssecurity policysecurity probingsentrypeer activitysentrypeer botnetserver exploitationserviceservice detectionservice discoveryservice enumerationservice scanservice version detectionsftpsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp scanningshodan_io-benignsipsip attackssip brute forcesip scanningsip vulnerability exploitationslugsmb brute forcesmb probingsmb scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradarsoftware developmentsoftware exploitationspamsql databasesql injectionsql injection attemptsql injection attemptssql injection probesshssh attackssh bruteforcessh monitoringstealth scanstealth scan techniquessurface websweep scansynsyn port scansyn scant-pott1003t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.002t1205t1205 traffict1210t1213t1486t1496t1498t1498 networkt1499t1499 endpointt1499.001t1499.002t1499.003t1539t1547t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003t1608ta0001 initialta0005 defenseta0040 impacttannertanner activitytargeting databasetcp protocoltcp scantcp/23telecommunicationstelnettelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized network activityunauthorized scanningunited kingdomunited statesunited states of americaunknown threat actorunsolicited port accessunusual network trafficusus-akv2validatorverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvultrwafwazuhwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb crawling detectionweb exploitationweb scannerweb server exploitationweb spamweb trafficwebscanwebscannerwindow scanwindows malwarewindows ntxmasxmas port scanxmas scanxmlxss

Activity Timeline

1 total obs

Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenJun 27, 2023

Last seenJun 11, 2026

GeolocationUS

CountryUnited States

LocationPflugerville, Texas

ASNAS174

OrgSHODAN, LLC

Coords0.0000, 0.0000

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 207.90.244.14 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to mdms1 between 2026-05-26 12:15 and 2026-05-26 12:15 UTC.
raw: NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://chiraba.com:8443/hourly, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`207.90.244.14`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy