IOC Radar
IPMediumSignal 55/100

207.90.244.5

Location
United StatesUnited States
Pflugerville, Texas
ASN
AS174
SHODAN, LLC
First Seen
Dec 11, 2022
Last Seen
Jun 6, 2026
Dec 11
First Seen
1281d ago
Jun 6
Last Seen
8d ago
39
Reports
source reports
55%
Confidence
medium
Found in 39 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

117 techniques

Network Information

CountryUSUnited States
RegionPflugerville, Texas
ASNAS174
OrganizationSHODAN, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

39 reports55% confidence
39
Source reports
55%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney activityadbhoney honeypotadministrative accessalaskaamerican expressanomalous network connectionsapacheapache attackerapache http serveraptarcserve udpasiaatif feedattackattacker ipattacker-ipauthenticationauthentication attackauthentication attacksauthentication attemptsauthentication bypassauto-generated securityautomated attack attemptsautomated attacksautomated multi-vector probingautomated network attacksautomated threatautomated-attackback orificeback orifice malwareback orifice trafficbad reputationbad web botbankingbanlist feedbanner grabbing attemptbeningbening scannerbinary defenseblacklisted ipblacklisted ip addressblock listblock.txtblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute_force_attackbruteforcebulgariac2c2 communicationc2 servercgicgi exploitationchinachina mobilecisco activitycisco attackcisco devicecisco device targetedcisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix attackcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloudcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecode executioncode injectioncode-injectioncogentcolumnscommand & controlcommand and controlcommand executioncommand injectioncommon password attackscommunication protocolcommunication securitycompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemcompromised systemsconnectconnect scanconpotconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie detected activitycowrie honeypotcowrie interactionscowrie sshcowrie ssh attackcowrie ssh loginscredential accesscredential bruteforcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredentialaccesscredit card servicesctrlsd-link device exploitationd-link vulnerabilitydaily_sourcesdasan gpon rcedasan gpon vulnerabilitydata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase enumerationdatabase exploitationdatabase securityddosddos attackddos attacksddos attemptddwrtdecoy systemdefense evasiondenial of servicedenial-of-service attemptdetect-debug-environmentdevice managementdigitaloceanasndionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware detectiondirectory traversaldirectory traversal probedistributed attacksdzs routerselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration attempteuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit public-facing applicationexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexternal network scanexternal remote servicesexternal scanexternal scanningexternal-scanningexternal_threatfailed login attemptsfinfin port scanfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp bruteforceftp scanftp_scanfull connect scangermanygithubgpongpon router exploitationgpon routersgpon vulnerabilitygroupshackinghardcoded password vulnerabilityheralding activityhk abusehandlerhomehoneynet connecthoneytrap activityhoneytrap honeypothong konghttp brute forcehttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshttps probehttps scanninghuaweihurricane ushydraicmpicmp scanics securityidentity & access exploitationidleimapimap attacksimap brute forceindiaindicatorindustrial control systemsinformation disclosureinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinput validationinput validation bypassinternet of thingsinternet scaninternet_wide_scanintrusion detectioninvalid login attemptsiociot botnetiot exploitationiot securityiot targetediot/ics attackip-addressipphoney honeypotipv4ipv4 scanningipv4_scanningjapankazakhstankaznetlamplamp attacklamp attack attemptlamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server targetlamp stack targetinglateral movementlateral movement attemptlinuxload balancerloginlogin attacklogin attemptlogin attemptslogin brute forcelogin securityloginattackmail protocol abusemail service attackmailoney activitymailoney email spoofingmailoney honeypotmailoney trafficmalaysiamalicious activitymalicious communication blockingmalicious emailmalicious email activitymalicious ip activitymalicious ip addressesmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware attemptmalware beaconingmalware behaviourmalware capturemalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware landingmalware propagationmalware scanningmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive port scanmirai botnetmisp threatmssqlmssql brute forcemulti-cloud managementmysql brute forcenation-state activitynetgearnetgear device exploitationnetgear routersnetgear vulnerabilitynetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnetwork vulnerability exploitationnetwork-attacknetwork-reconnaissancenetwork_reconnaissancenetwork_scanningnetworking devicesnmapnmap scannmap scan detectednorth americanull port scannull scanopen port detectionopen port discoveryopen port identificationopen proxyopen threatopencanaryoperating systemoperating system securityopportunistic attackos detectionos fingerprintingotx pulsenametipanamapassword attackpassword attackspassword crackingpassword sprayingpath traversalpayment processingpgp signphishingphishing attackphishing trapphpunit rceping of deathpinyinpla unitpolandpop3 attackspop3 brute forceport-scanportscanpossible botnet activitypossible compromisepossible exploit attemptpossible exploit attemptspossible malware distributionpossible malware probingpossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanningpotential botnet activitypotential credential compromisepotential exploit attemptpotential exploit targetingpotential intrusionpotential intrusion attemptpotential malware deploymentpotential malware distributionpotential reconnaissance activitypotential threatpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanningprivilege escalationprivilege escalation attemptprobable vulnerability assessmentprocess injectionprotocol exploitationproxypythonrandomransomwareraspberry-pircerdp bruteforcerdp scanningrdp_scanreconnaissancereconnaissance activityredisredis honeypotremote accessremote access abuseremote access attemptsremote code executionremote command injectionremote service exploitationremote servicesresearchedresource hijackingrouter exploitationrouter vulnerabilitiesrtbhscams & fraudscanscannerscanner detectionscannersscanning activityscriptscripting attackssecurity operationssecurity policysecurity probingsentrypeer activitysentrypeer botnetsentrypeer p2p attackserver exploitationserviceservice detectionservice discoveryservice enumerationservice scanservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp scanningsftp traffic analysissharepoint toolshell rceshellshockshodan_io-benignsipsip brute forcesip scansip scanningslugsmb brute forcesmb scanningsmtpsmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringsoftware exploitationsora botnetspamsql injection attemptsql injection attemptssql injection probesql serversql-injectionsshssh attackssh bruteforcessh monitoringssh scanssh_scanstarlight-ctistealthstealth scanstealth scan techniquessurface websuspected malicious activitysynsyn port scansyn scansystem discoverysystembcsystembc botnett1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1029t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1056.004t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1192t1199t1202t1203t1204t1204.001t1204.002t1205t1210t1486t1490t1496t1497.001t1499.001t1499.002t1499.003t1505.004t1539t1550t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1573t1573.001t1583t1583.001t1583.002t1583.003t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1608tamatiya eoodtannertanner activitytanner detected activitytanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecommunicationtelecommunicationstelnet scanningtelnet threattexttftp brute forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_discoveryti advisorytimeouttokyotop10.txttopips.txttor nodetpotcetsectsocttps observedudp port scanudp scanudp-scanningunauthenticated rceunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunidentified threat actorunit coverunitedunited kingdomunited statesunited states of americaunknown threat actorunsolicited port accessusus abuseus noneus-akuservalid accountsverified-benignvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr tokyowafwealth managementweb app attackweb application attackweb application attacksweb application exploitationweb attackweb brute forceweb exploitationweb login bruteforceweb scannerweb server exploitationweb spamweb trafficweb-attackwestpac new zealandxmasxmas port scanxmas scanxsszgrabzgrab scannerzip

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
39
Reports
First seenDec 11, 2022
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationPflugerville, Texas
ASNAS174
OrgSHODAN, LLC
Coords0.0000, 0.0000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7356715249829367808-dDqL?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7343296754995343363-S-1A?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7320481551329161217-y5SH?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7317921125882077184-w08N?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7315758577204269056-8PKo?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://github.com/telekom-security/tpotce, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7310314104647204865-c3S_?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://example.com, https://threats.kz

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 8 days ago
Appeared in 39 threat reports