IPMediumSignal 74/100
146.19.168.235
Location
FranceLyon, Rhône-Alpes
ASN
AS207992
Hexanode SARL
First Seen
Jun 30, 2025
Last Seen
Jan 24, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionLyon, Rhône-Alpes
ASNAS207992
OrganizationHexanode SARL
Feed Intelligence Summary
16 reports74% confidence
16
Source reports
74%
Confidence score
Category tags
abuseaccess controlactive scanningattackbotnetbrute forcebrute force attackbrute force attemptcisco attackcisco devicecisco device targetingcommand and controlcommunication protocolcompromised hostcowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdatabase attackdecoy systemdevice managementdionaea capturedionaea honeypotdistributed attacksenterprise networkingeuropeexfiltrationfinlandfranceheralding behaviorhoneytrap honeypotindicatorioclamplamp attacklamp stack targetinglateral movementlogin attacklogin brute-forcemalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attacksprocess injectionreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscripting attackssecurity policysentrypeer botnetsentrypeer detectionsftp activitysftp attacksip brute forcesip scanningssh attackssh monitoringt1021t1021.004t1040t1041t1055t1059t1059.007t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1555.003t1565t1573t1588t1588.004t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontpotcevoipvoip attackweb attackweb exploitation
Activity Timeline
Jan 24Jan 24
Threat Activity Heatmap
· Peak: 2026-01-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
16
Reports
First seenJun 30, 2025
Last seenJan 24, 2026
GeolocationFR
CountryFrance
LocationLyon, Rhône-Alpes
ASNAS207992
OrgHexanode SARL
Coords0.0000, 0.0000
VirusTotal
Not checked
WHOIS
- description
- SSH brute force IOCs collected mainly from hosts located in Finland
- raw
- inetnum: 146.19.168.0 - 146.19.168.255 abuse-c: AR56261-RIPE netname: FR-HEXANODE-20211116 country: FR org: ORG-SH131-RIPE admin-c: HNOC9-RIPE tech-c: HNOC9-RIPE status: ALLOCATED PA geoloc: 45.764043 4.835659 geofeed: https://geofeed.as207992.net/geofeed.csv mnt-by: mnt-fr-hexanode-1 mnt-by: RIPE-NCC-HM-MNT created: 2023-12-27T11:06:45Z last-modified: 2025-05-27T07:34:55Z source: RIPE organisation: ORG-SH131-RIPE org-name: Hexanode SARL country: FR org-type: LIR address: 254 Rue Vendome address: 69003 address: LYON address: FRANCE phone: +33972605400 admin-c: HNOC9-RIPE tech-c: HNOC9-RIPE abuse-c: AR53475-RIPE mnt-ref: mnt-fr-hexanode-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-fr-hexanode-1 created: 2019-06-26T07:13:11Z last-modified: 2021-09-03T09:29:41Z source: RIPE # Filtered role: Hexanode Network Operation Center address: 254 Rue Vend�me 69003 LYON FRANCE nic-hdl: HNOC9-RIPE mnt-by: mnt-fr-hexanode-1 created: 2019-08-06T10:00:07Z last-modified: 2022-02-01T08:46:45Z source: RIPE # Filtered admin-c: MD25844-RIPE tech-c: MD25844-RIPE abuse-mailbox: [email protected] route: 146.19.168.0/24 origin: AS207992 mnt-by: mnt-fr-hexanode-1 mnt-by: mnt-fr-hexanode-1 created: 2021-11-22T16:23:18Z last-modified: 2021-11-22T16:23:18Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 5 months ago
Appeared in 16 threat reports