IPMediumSignal 50/100

`207.90.244.27`

Location

United States

Pflugerville, Texas

ASN

AS174

SHODAN, LLC

First Seen

Apr 18, 2025

Last Seen

Jun 6, 2026

Apr 18

First Seen

423d ago

Jun 6

Last Seen

9d ago

Reports

source reports

50%

Confidence

medium

Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

50%

Signal Score

50 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

79 techniques

Network Information

Country

United States

RegionPflugerville, Texas

ASNAS174

OrganizationSHODAN, LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

24 reports50% confidence

Source reports

50%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactor listalfa teamanomalous network connectionsapache http serveraptasiaattackattacker ipattacker-ipauthentication attackauthentication attacksauthentication attemptsautomated attacksautomated network attacksautomated threatautomated-attackback orificebad ip'sbad reputationbad web botbeningbening scannerblacklisted ipblacklisted ip addressblock listblock.txtblocked connectionbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbrute_force_attackbruteforcebulgariac2c2 communicationc2 servercgicgi exploitchinachina mobilecloudcloud computingcloud environmentcloud hosted attackcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecogentcolumnscommand & controlcommand and controlcommand executioncommand-injectioncommunication protocolcompany limitedcompromise assessmentcompromised credentialscompromised hostcompromised hostscompromised systemcompromised systemscowriecredential accesscredential attackcredential compromisecredential guessingcredential harvestingcredential stuffingcredentialaccessctrlsdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attack sourceddwrtdecoy systemdenial of servicedenial-of-service attemptdeserializationdigitaloceanasndirectory-bruteforcedistributed attacksencryptionenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploitation activityexploitation attemptsexploited hostexternal attackexternal scanningexternal serviceexternal-scanningexternal_threatfailed login attemptsfinlandfortios ssl vpnfrancefraud voipftpftp brute forceftp brute-forceftp bruteforceftp_scangalahgermanygpongpon routershackinghardcoded passwordhk abusehandlerhnaphoneynet connecthong konghttphttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshurricane ushydraidentity & access exploitationifsimapindiaindicatorinformation technologyinitial accessinjection activityinjection attacksinput validation bypassinternet scaninternet-facinginternet_wide_scanintrusion detectioninvision boardiociocsiot securityiot targetedip-addressipv4ipv4 scanningipv4_scanningit infrastructurejapanlateral movementlateral movement attemptlogin attacklogin attemptlogin attemptslogin brute forceloginattackmalaysiamalicious activitymalicious communication blockingmalicious ip activitymalicious ip blockedmalicious ipsmalicious softwaremalicious trafficmalwaremalware beaconingmalware distributionmalware propagationmalware scanningmisp threatmobile threatmozi botnetmssqlmssql brute forcemulti-cloud managementmysql brute forcenetgearnetgear dgn1000netgear exploitationnetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork perimeter blockingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenetwork_scanningnorth americaopen proxyopen threatopencanaryopenctiopportunistic attackotx pulsenametioutbound communication blockingpanamapassword attackpassword attackspassword sprayingpath traversalpathname information disclosurepgp signphishingphishing attackphp information disclosurephpunitping of deathpinyinpla unitpolandport-scanportscanpossible apt activitypossible botnet activitypossible malware distributionpossible vulnerability exploitationpotential intrusionpotential threat actorprivilege escalation attemptprocess injectionprotocol exploitationproxyransomwareraspberry-pircerdp bruteforcerdp scanningrdp_scanreconnaissancereconnaissance activityredisremote accessremote access serviceremote code executionremote command injectionremote servicesresearchedresource hijackingrouter exploitationrouter vulnerabilityscams & fraudscannerscannersscanning activitysecurity operationssecurity policyserver exploitationserviceservice discoveryservice enumerationservice scanshodan_io-benignsingaporesipsmb brute forcesmb scanningsmtpsmtp brute forcesmtp scanningsoapsocial engineeringsoftware developmentsora botnetsouth koreaspamsql injection attemptsql injection attemptssql serversql-injectionsshssh attackssh bruteforcessh_scanstarlight-ctisuricata alertssynsyn floodsyn scansystem discoverysystembcsystembc botnett1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1029t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1065t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1588t1589t1590t1592t1595t1595.001t1595.002t1595.003tamatiya eoodtargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet scanningtelnet threatthreat actorthreat actor activitythreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_discoveryti advisorytimeouttokyotop10.txttopips.txttor nodetsocudp scanudp-scanningunauthenticated accessunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunit coverunitedunited kingdomunited statesusus abuseus noneverified-benignvoidtrapvoipvpnvulnerability scanvulnerable protocolvultrvultr cloud infrastructurevultr tokyowazuhwazuh alertsweb app attackweb application attackweb application exploitationweb brute forceweb camera exploitationweb camera vulnerabilityweb exploitationweb login bruteforceweb spamweb trafficxstreamzgrabzivif

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

50%

Confidence

Reports

First seenApr 18, 2025

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationPflugerville, Texas

ASNAS174

OrgSHODAN, LLC

Coords30.4515, -97.5774

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN
references: https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7328079059572137984-kHdW?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7333516827039289344-HyE1?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7322628435460145153-h-b_?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://example.com

`207.90.244.27`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy