149.56.28.9 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 149.56.28.9 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

• Tags: badrequest, bruteforce, Brute Force, cyber security, dionaea, ioc, malicious, Nextray, phishing, probing, RDP, scanning, smb, SSH, SSL VPN, VPN, webscan, webscanner, webscanner bruteforce web app attack

• View other sources: Spamhaus VirusTotal

• Country: Canada
• Network:
• Noticed: 50 times
• Protocols Attacked: mssql
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 2 99dd9d56c570ca846292db1d51f93d5316fe0e7a3712fc2e53d198712ac797fb 74170f8676db037536df5575969eba0b0002842f363534bf960298ee8ad4442a

Map

Whois Information

• NetRange: 149.56.0.0 - 149.56.255.255
• CIDR: 149.56.0.0/16
• NetName: HO-2
• NetHandle: NET-149-56-0-0-1
• Parent: NET149 (NET-149-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: OVH Hosting, Inc. (HO-2)
• RegDate: 2016-02-09
• Updated: 2016-02-10
• Ref: https://rdap.arin.net/registry/ip/149.56.0.0
• OrgName: OVH Hosting, Inc.
• OrgId: HO-2
• Address: 800-1801 McGill College
• City: Montreal
• StateProv: QC
• PostalCode: H3A 2N4
• Country: CA
• RegDate: 2011-06-22
• Updated: 2025-09-04
• Ref: https://rdap.arin.net/registry/entity/HO-2
• OrgAbuseHandle: ABUSE3956-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-855-684-5463
• OrgAbuseEmail: abuse@ovh.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
• OrgTechHandle: NOC11876-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-855-684-5463
• OrgTechEmail: noc@ovh.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN
• NetRange: 149.56.16.0 - 149.56.31.255
• CIDR: 149.56.16.0/20
• NetName: OVH-DEDICATED-149-56-16-NET
• NetHandle: NET-149-56-16-0-1
• Parent: HO-2 (NET-149-56-0-0-1)
• NetType: Reassigned
• OriginAS:
• Organization: OVH Hosting, Inc. (HO-2)
• RegDate: 2016-07-29
• Updated: 2016-07-29
• Comment: OVH-DEDICATED-149-56-16-NET
• Ref: https://rdap.arin.net/registry/ip/149.56.16.0
• OrgName: OVH Hosting, Inc.
• OrgId: HO-2
• Address: 800-1801 McGill College
• City: Montreal
• StateProv: QC
• PostalCode: H3A 2N4
• Country: CA
• RegDate: 2011-06-22
• Updated: 2025-09-04
• Ref: https://rdap.arin.net/registry/entity/HO-2
• OrgAbuseHandle: ABUSE3956-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-855-684-5463
• OrgAbuseEmail: abuse@ovh.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
• OrgTechHandle: NOC11876-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-855-684-5463
• OrgTechEmail: noc@ovh.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

Links to attack logs

nmap-scanning-list-2020-12-23 ****** vultrparis-mssql-bruteforce-ip-list-2021-05-05 nmap-scanning-hosts-2020-08-06 ****** ******