IOC Radar
IPMediumSignal 56/100

207.90.244.28

Location
United StatesUnited States
Pflugerville, Texas
ASN
AS174
SHODAN, LLC
First Seen
Apr 18, 2025
Last Seen
Jun 10, 2026
Apr 18
First Seen
424d ago
Jun 10
Last Seen
6d ago
35
Reports
source reports
56%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryUSUnited States
RegionPflugerville, Texas
ASNAS174
OrganizationSHODAN, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

35 reports56% confidence
35
Source reports
56%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotandroxgh0st malwareanomalous network connectionsapacheapache attackeraptasiaattackaustraliaauthentication attacksauthentication attemptauthentication failureauthentication_attemptback orificebad reputationbad web botbankingbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 serverchinachina mobilecisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicesdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securitydatabase_attackddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsexploited hostfattfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanygpon router exploitationhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationinbound scanindicatorinjection activityinjection attacksiociot securityiot targetedipphoney honeypotlamplateral movementlogin attemptlogin attemptsmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalicious_activitymalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningnetgear cgi rcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_intrusionnorth americaoceaniaopen proxyp0fpassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackphishing trapphpunit rceping of deathpolandportscanpossible botnet activitypossible malware distributionpotential threat actorprocess injectionprotocol exploitationproxyransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote code executionremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksharepoint toolshell rceshodan_io-benignsip attackssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsora botnetspamsql injectionsql injection attemptssshssh attackssh monitoringt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1497.001t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1588t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited statesusus abuseus noneverified-benignvoipvoip attackvulnerabilityvulnerability scanvulnerability-exploitationvultrwealth managementweb app attackweb application attackweb application attacksweb attackweb exploitationweb scannerweb spamweb traffic

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
35
Reports
First seenApr 18, 2025
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationPflugerville, Texas
ASNAS174
OrgSHODAN, LLC
Coords30.4515, -97.5774
Proxy

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 207.90.244.28 observed using TLS client fingerprint 'Unknown TLS Client (da049029c0c5)' 4 times when connecting to mdms1 between 2026-05-28 15:58 and 2026-05-28 15:59 UTC.
raw
NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN
references
https://github.com/telekom-security/tpotce, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7356715249829367808-dDqL?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 35 threat reports