IPMediumSignal 58/100
146.19.168.223
Location
FranceLyon, Rhône-Alpes
ASN
AS207992
Hexanode SARL
First Seen
May 24, 2023
Last Seen
May 26, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionLyon, Rhône-Alpes
ASNAS207992
OrganizationHexanode SARL
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
9 reports58% confidence
9
Source reports
58%
Confidence score
Category tags
abuseactive scanactive scanningadded activeanonymization networkanonymization network iocsanonymization network usageanonymous attack sourceanonymous proxyanonymous_proxyaptauthentication attemptsautomated attackbad reputationblacklisted ipbotnetbotnet activitybrute forcebrute force attemptsbrute-force attackbrute_forcec2cnwe1 ogooglecommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised ios devicecompromised systemcredential accesscredential attackcredential guessingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcsv geoipcus subjectdata encryptiondata exfiltrationdata store exposureddosdenial of servicedistributed attacksdnsdns attackencryptioneuropeevasionexploitationexploitation activityexternal proxyfinlandfranceftpftp brute forceftp_brute_forceftp_servicegermanyget httpshoneynet connecthttp attackhttp brute forcehttp scannerhttp_brute_forcehttpsidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinitial_accessinitial_access_attemptinjection activityinternet_background_noiseiociosipv4it infrastructurelateral movementlogin attemptlogin credentialsmalicious activitymalicious ip addressesmalicious linksmalicious powershell activitymalicious softwaremalicious trafficmalicious_ipsmalicious_trafficmalwareman-in-the-middlemobile threatmssql_brute_forcename filenetherlandsnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork_attacknetwork_enumerationnetwork_reconnaissancenetwork_service_probingnorth americanumberopportunistic_attackerpassword attackpegasuspegasusloaderpolandprocess injectionprotocol exploitationproxyproxy ip addressesproxy networkproxy_trafficproxy_usageratrdp_brute_forcerdp_servicereconnaissancereconnaissance_activityrelated pulsesremote accessremote servicesresearchedrmsrole titlescanning activityscripting attackssearchsearch engine overlaysecurity operationsservice scansmb brute forcesmb_enumerationsmb_servicesmtp brute forcesmtp_brute_forcesoftware developmentsorry index networkssh attackssh_brute_forcessh_servicet1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1056t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1086t1087t1090t1090.002t1090.003t1105t1110t1110.001t1110.002t1110.003t1113t1133t1140t1190t1204t1204.001t1204.002t1480t1486t1496t1497t1499.002t1499.003t1555t1555.003t1563t1564.004t1565t1566t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tcp scantcp scanningtelnet threattexttext geoip6text statethreat activitythreat actorthreat intelligencetortor nodetor node indicatorstor_traffictrusttype indicatorudp scanunauthorized access attemptunauthorized_accessunitedunited statesvpnvpn ip addressesvpn_trafficweb application scanningweb brute forceweb securityweb trafficweb_service_scanningwi-fi password theftwin32 exewmic
Activity Timeline
May 26May 26
Threat Activity Heatmap
· Peak: 2026-05-26LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
9
Reports
First seenMay 24, 2023
Last seenMay 26, 2026
GeolocationFR
CountryFrance
LocationLyon, Rhône-Alpes
ASNAS207992
OrgHexanode SARL
Coords45.7713, 4.8281
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- inetnum: 146.19.168.0 - 146.19.168.255 abuse-c: AR56261-RIPE netname: FR-HEXANODE-20211116 country: FR org: ORG-SH131-RIPE admin-c: HNOC9-RIPE tech-c: HNOC9-RIPE status: ALLOCATED PA geoloc: 45.764043 4.835659 geofeed: https://geofeed.as207992.net/geofeed.csv mnt-by: mnt-fr-hexanode-1 mnt-by: RIPE-NCC-HM-MNT created: 2023-12-27T11:06:45Z last-modified: 2025-05-27T07:34:55Z source: RIPE organisation: ORG-SH131-RIPE org-name: Hexanode SARL country: FR org-type: LIR address: 254 Rue Vendome address: 69003 address: LYON address: FRANCE phone: +33972605400 admin-c: HNOC9-RIPE tech-c: HNOC9-RIPE abuse-c: AR53475-RIPE mnt-ref: mnt-fr-hexanode-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-fr-hexanode-1 created: 2019-06-26T07:13:11Z last-modified: 2021-09-03T09:29:41Z source: RIPE # Filtered role: Hexanode Network Operation Center address: 254 Rue Vend�me 69003 LYON FRANCE nic-hdl: HNOC9-RIPE mnt-by: mnt-fr-hexanode-1 created: 2019-08-06T10:00:07Z last-modified: 2022-02-01T08:46:45Z source: RIPE # Filtered admin-c: MD25844-RIPE tech-c: MD25844-RIPE abuse-mailbox: [email protected] route: 146.19.168.0/24 origin: AS207992 mnt-by: mnt-fr-hexanode-1 mnt-by: mnt-fr-hexanode-1 created: 2021-11-22T16:23:18Z last-modified: 2021-11-22T16:23:18Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 19 days ago
Appeared in 9 threat reports