IntrusionLabs / threat intelligence

Sign in

← Back to feed

64.89.163.139

TAGGED SUSPICIOUS how we decide →

Threat Confidence

56%

Location

🇬🇧 GB

ASN

AS401626 · Netiface America, Inc.

Cloud Provider

—

Total Events

7

Below average by volume

Agent Count

3

First / Last Seen

2026-04-02 20:20 — 2026-05-01 02:15

Attack Types

mysql:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Credential Access

T1110 T1110.001

External Corroboration

DShield Top Attackers

Reported 2026-05-01 06:01

dshield:top_attacker

Campaigns

Multi-Agent Scan SCAN Active medium

81 IPs 116544 events

2026-04-02 — ongoing · 81 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

67 IPs 16430 events

2026-03-30 — ongoing · 67 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …

Subnet 64.89.163.0/24 SUBNET Active high 🇬🇧 GB

25 IPs 410 events

mysql:bruteforce

2026-03-30 — ongoing · 25 IPs from the same /24 subnet (64.89.163.0/24) were observed attacking our sensors within the same time window. …

Multi-Agent Scan SCAN Active medium

61 IPs 20433 events

2026-03-26 — ongoing · 61 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

10 IPs 844 events

2026-03-18 — ongoing · 10 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on GCP. Scanning the same …

Multi-Agent Scan SCAN Active medium

56 IPs 15075 events

2026-03-16 — ongoing · 56 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

37 IPs 11776 events

2026-03-07 — ongoing · 37 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on DO. Scanning the same …

Multi-Agent Scan SCAN Active medium

57 IPs 30506 events

2026-03-04 — ongoing · 57 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

65 IPs 16940 events

2026-03-04 — ongoing · 65 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

17 IPs 2308 events

2026-03-03 — ongoing · 17 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …

Multi-Agent Scan SCAN Active medium

95 IPs 130898 events

2026-03-02 — ongoing · 95 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …

Multi-Agent Scan SCAN Active medium

104 IPs 164584 events

2026-02-26 — ongoing · 104 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

20 IPs 14390 events

2026-02-23 — ongoing · 20 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

102 IPs 139771 events

2026-02-23 — ongoing · 102 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …

Multi-Agent Scan SCAN Active medium

34 IPs 15285 events

2026-02-22 — ongoing · 34 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Session Forensics

mysql_probe ×7

Sessions

7

Avg Depth Score

0.2

Commands Executed

0

Files Downloaded

0

Evidence Timeline

MySQL Probe 0717b0a8efb6c18c w4m_seattle_01 · 2026-05-01 02:15

1 20%

Loading events...

MySQL Probe 407b4dc18104160f newark_01 · 2026-04-26 05:49

1 20%

Loading events...

MySQL Probe bde37b9509516d88 newark_01 · 2026-04-25 19:28

1 20%

Loading events...

MySQL Probe 3212dbabcb81a686 w4m_singapore_01 · 2026-04-18 14:14

1 20%

Loading events...

MySQL Probe 007afd97c0132cb1 w4m_singapore_01 · 2026-04-17 05:50

1 20%

Loading events...

MySQL Probe 1c5a42dfd1ca6ebf w4m_singapore_01 · 2026-04-12 20:41

1 20%

Loading events...

MySQL Probe d2bfd24083056949 w4m_singapore_01 · 2026-04-02 20:20

1 20%

Loading events...

Non-Session Events

Timestamp	Port	Proto	Event	Source	Location
2026-05-01 02:15:13	:3306	mysql	MySQL connection	opencanary	sea
2026-04-26 05:49:06	:3306	mysql	MySQL connection	opencanary	ewr
2026-04-25 19:28:31	:3306	mysql	MySQL connection	opencanary	ewr
2026-04-18 14:14:36	:3306	mysql	MySQL connection	opencanary	sin
2026-04-17 05:50:18	:3306	mysql	MySQL connection	opencanary	sin
2026-04-12 20:41:53	:3306	mysql	MySQL connection	opencanary	sin
2026-04-02 20:20:29	:3306	mysql	MySQL connection	opencanary	sin