IOC Radar
IPMediumSignal 58/100

207.90.244.2

Location
United StatesUnited States
Pflugerville, Texas
ASN
AS174
SHODAN, LLC
First Seen
Dec 8, 2022
Last Seen
Jun 7, 2026
Dec 8
First Seen
1289d ago
Jun 7
Last Seen
13d ago
44
Reports
source reports
58%
Confidence
medium
14/91
VirusTotal
detections
Found in 44 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

110 techniques

Network Information

CountryUSUnited States
RegionPflugerville, Texas
ASNAS174
OrganizationSHODAN, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

44 reports58% confidence
44
Source reports
58%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount discoveryaccount securityackack scanactionactive reconnaissanceactive scanactive scanningactor listadbhoney activityadbhoney honeypotadbhoney interactionsadministrative accessalaskaamerican expressangelanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaatif feedattachment phishingattackattacker ipattacker-ipattacking ipsauthenticationauthentication attackauthentication attacksauthentication attemptsauthentication bypassauthentication failureauto-generated securityautomated attack attemptsautomated attacksautomated emailautomated network attacksautomated threatautomated-attackbad reputationbad web botbankingbanlist feedbase64base64 encodingbecbeningbening scannerbinary defenseblacklist candidateblacklisted ipblacklisted ip addressblock listblock.txtblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute_force_attackbruteforcebulgariabulk emailc2c2 communicationc2 servercertchina mobilecisco activitycisco attackcisco devicecisco device targetedcisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloudcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecode executioncode injectioncogentcolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemcompromised systemsconfigconnectconnect scanconpotconpot activityconpot honeypotconpot ics attackconsumer goodscowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie sshcowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcecredential compromisecredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential_accesscredentialaccesscredit card servicescssctrlscyber securitydaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata store attackdata store exposuredata theftdatabase attackdatabase enumerationdatabase exploitationdatabase probingdatabase securityddosddos attackddos attacksddos attemptdecoy systemdefensedenial of servicedenial-of-service attemptdevice managementdictionary attackdigitaloceanasndionaeadionaea activitydionaea exploit attemptsdionaea honeypotdionaea malware detectiondirectory traversaldistributed attackseducationelasticpot honeypotelasticsearch monitoringemailencryptionengineeringenterprise networkingenterprise securityenumerationenumeration attempteuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexternal accessexternal network scanexternal scanexternal scanningexternal-scanningexternal_threatfailed login attemptsfinfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall detectionfirewall evasionfirewall probingfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp bruteforceftp scanftp_scanfull connect scangermanygithubgroupshackingheralding activityhk abusehandlerhomehoneynet connecthoneytrap activityhoneytrap honeypothong konghttp brute forcehttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshttps probehttps scanninghuaweihurricane ushydraicmpics securityidentity & access exploitationids evasionimapimap brute forceindiaindia educationindicatorindustrial control systemsinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessinjection activityinjection attacksinput validationinternal scaninternet of thingsinternet scaninternet_wide_scanintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackipphoney dataipphoney honeypotipv4ipv4 scanningipv4_addressipv4_scanningjapanjapan_locationlamplamp attacklamp attack attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server targetlamp stack targetinglateral movementlateral movement attemptlegallinuxload balancerloginlogin attacklogin attemptlogin attemptslogin brute forceloginattackmailoney activitymailoney email attacksmailoney email spoofingmailoney honeypotmalicious activitymalicious communication blockingmalicious emailmalicious email activitymalicious ip activitymalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious python scriptsmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious_activitymalwaremalware activitymalware attemptmalware beaconingmalware behaviourmalware capturemalware detectionmalware distributionmalware distribution attemptsmalware hostingmalware propagationmalware scanningmanualmasscanmasscan activitymassive port scanmediamirai botnetmisp threatmssqlmulti-cloud managementnation-state activitynetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenetwork_scanningnextraynmapnmap scannmap scan detectednorth americanull scanopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsopen threatopencanaryopenctioperating systemoperating system securityopportunistic attackos detectionos fingerprintingotx pulsenametipanamapasswordpassword attackpassword attackspassword crackingpassword cracking attemptspassword sprayingpassword theftpayment fraudpayment processingpgp signphishingphishing attackphishing campaignphishing trappingping of deathpinkpinyinpla unitpolandpop3 brute forceportscanpossible botnet activitypossible malicious activitypossible malware distributionpossible malware payloadpossible malware probingpossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential botnet activitypotential credential compromisepotential exploit targetingpotential intrusionpotential intrusion attemptpotential malware deploymentpotential reconnaissance activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprice requestprice request scamprivilege escalationprivilege escalation attemptprobingprocess injectionprotocol exploitationproxypythonrandomransomwareransomware activityraspberry-pirdp bruteforcerdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityremote accessremote access attemptremote access attemptsremote service exploitationremote servicesresearchedresource hijackingretail tradertbhscams & fraudscanscannerscannersscanningscanning activityschedule themescheduled task abusescriptscripting attackssecurity eventsecurity operationssecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer p2p attackserverserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp scanningshodan_io-benignsipsip attackssip brute forcesip probingsip protocolsip scansip scanningsip vulnerability scanslugsmb brute forcesmb scanningsmtpsmtp attackersmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware exploitationspamspam campaignssql injectionsql injection attemptsql injection attemptssql serversshssh attackssh bruteforcessh monitoringssh scanssh_scanstealthstealth scansurface websynsyn scansystem discoveryt1003t1003.001t1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1029t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1192t1199t1203t1204t1204.002t1205t1210t1213t1213.002t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tamatiya eoodtannertanner activitytanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantcp scanningtcp-scanningtcp/3306telecommunicationtelecommunicationstelnet scanningtelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_discoveryti advisorytimeouttokyotop10.txttopips.txttor nodetpottsectsocudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunit coverunitedunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneus-akuserverified-benignversion detectionvoidtrapvoipvoip attackvoip securityvulnerability scanvultrvultr cloud infrastructurevultr tokyovultr_infrastructurewafwealth managementweb app attackweb application attackweb application attacksweb attackweb brute forceweb exploitationweb login bruteforceweb scannerweb server exploitationweb spamweb trafficwebscanwebscannerwestpac new zealandwetransfer abusexmasxmas scanxss

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
44
Reports
First seenDec 8, 2022
Last seenJun 7, 2026
GeolocationUS
CountryUnited States
LocationPflugerville, Texas
ASNAS174
OrgSHODAN, LLC
Coords30.4515, -97.5774
Proxy

VirusTotal

14/ 91vendors flagged
15% detection rateJun 7, 2026

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN
references
https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://example.com, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 13 days ago
Appeared in 44 threat reports