IPMediumSignal 57/100

`207.90.244.13`

Location

United States

Pflugerville, Texas

ASN

AS174

SHODAN, LLC

First Seen

Jun 26, 2023

Last Seen

Jun 5, 2026

Jun 26

First Seen

1075d ago

Jun 5

Last Seen

today

Reports

source reports

57%

Confidence

medium

Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

84 techniques

Network Information

Country

United States

RegionPflugerville, Texas

ASNAS174

OrganizationSHODAN, LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

35 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactor listalaskaanomalous network connectionsaptarctic wolfasiaattackattacker ipattacker-ipaustraliaauthenticationauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attacksautomated network attacksautomated threatautomated-attackbad reputationbad web botbankingbeningbening scannerblacklisted ipblacklisted ip addressblock listblock.txtblocked ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_force_attackbruteforcebulgariac2c2 communicationc2 serverchinachina mobilecisco devicecisco secureclientcloudcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecogentcolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemcompromised systemscowriecredential accesscredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredentialaccesscredit card servicescsvctactrlsdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdesktopdevice managementdigitaloceanasndirectory traversaldistributed attacksdosencryptionenterprise networkingenumerationeuropeeurope/asiaexecutable fileexploitexploit attemptexploit attemptsexploit targetingexploitation activityexploitation attemptexploitation attemptsexploited hostexternal attackexternal scanningexternal-scanningexternal_threatfailed login attemptsfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp bruteforceftp_scangermanygrouphackinghk abusehandlerhomehoneynet connecthong konghostscanhttp brute forcehttp floodhttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshurricane ushydraidentity & access exploitationimapindiaindicatorindonesiainformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitiator ipinjection activityinjection attacksinput validationinternet scaninternet_wide_scanintrusion detectioniociot securityiot targetedip-addressesipv4ipv4 scanningipv4_scanningit infrastructurejapanlateral movementlateral movement attemptlinuxload balancerlocallogin attacklogin attemptlogin attemptslogin brute forceloginattacklookmalicious activitymalicious communication blockingmalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware beaconingmalware distributionmalware propagationmalware scanningmanualmexicomisp threatmssqlmssql brute forcemulti-cloud managementmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service attacknetwork service scanningnetwork threatnetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenetwork_scanningnorth americaoceaniaopen proxyopen threatopencanaryopenctiopportunistic attackoriginotx pulsenametipalo altopanamapassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackping of deathpinyinpla unitpolandportscanpossible botnet activitypossible malware distributionpotential intrusionpotential threat actorprivilege escalation attemptprobable vulnerability assessmentprobingprocess injectionprotocol exploitationproxypublic coveragerandomransomwareraspberry-piravpnrdp bruteforcerdp exploitation attemptrdp scanningrdp_scanreconnaissancereconnaissance activityredisremote accessremote servicesresearchedresource hijackingrussiascams & fraudscanscannerscannersscanningscanning activityscripting attackssecurity operationssecurity policyserver exploitationserviceservice discoveryservice enumerationservice scanshodan_io-benignsipsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsoftware developmentsouth koreaspamsql injection attemptssql serversshssh attackssh bruteforcessh_scansuspected malicious activitysynsyn scansystem accesssystem discoveryt1003t1003.001t1003.006t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1029t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1543.003t1550.003t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1588t1588.002t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1608tamatiya eoodtargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet scanningtelnet threattextthreat actorthreat actor activitythreat defensethreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_discoveryti advisorytimeouttokyotop10.txttopips.txttor nodetsocudp port scanudp scanudp-scanningukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunit coverunitedunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneus-akuservalid accountsverified-benignvietnamvoice over ipvoidtrapvoipvpnvpn connectionvpnsvulnerability scanvultrvultr cloud infrastructurevultr tokyowafwazuhwealth managementweb app attackweb application attackweb attackweb brute forceweb exploitationweb login bruteforceweb scannerweb spamweb trafficwebscanwebscannerxss

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

24h

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenJun 26, 2023

Last seenJun 5, 2026

GeolocationUS

CountryUnited States

LocationPflugerville, Texas

ASNAS174

OrgSHODAN, LLC

Coords0.0000, 0.0000

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 207.90.244.0 - 207.90.244.255 CIDR: 207.90.244.0/24 NetName: SHODAN-01 NetHandle: NET-207-90-244-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: SHODAN, LLC (SL-2059) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/207.90.244.0 OrgName: SHODAN, LLC OrgId: SL-2059 Address: 18541 Dry Brook Loop City: Pflugerville StateProv: TX PostalCode: 78660 Country: US RegDate: 2021-05-13 Updated: 2021-05-13 Ref: https://rdap.arin.net/registry/entity/SL-2059 OrgTechHandle: SUPPO2311-ARIN OrgTechName: Support OrgTechPhone: +1-484-746-3260 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO2311-ARIN OrgAbuseHandle: ABUSE8082-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-484-746-3260 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8082-ARIN
references: https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-04/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrtokyo-redis-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrtokyo-ftp-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrtokyo-ftp-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrtokyo-redis-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrtokyo-ftp-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrtokyo-redis-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrtokyo-ftp-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-20/

`207.90.244.13`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy