← Back to feed

Subnet 64.89.163.0/24

SUBNET Active high

Why this campaign was detected

31 IPs from the same /24 subnet (64.89.163.0/24) were observed attacking our sensors within the same time window. All belong to Netiface America, Inc. (AS401626). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.

Primary ASN

AS401626 · Netiface America, Inc.

Subnet

64.89.163.0/24

Country

🇬🇧 GB

Cloud Provider

—

Member Count

31 IPs

Below average

Total Events

6622

Below average by volume

Started / Ended

2026-03-30 03:43 — ongoing

Attack Types

mysql:bruteforce ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
64.89.163.154	mysql_bruter	57%	DROP1x OSINT	16	3	mysql:bruteforce	—	2026-05-15 05:24	evidence →
64.89.163.80	mysql_bruter	53%	DROP1x OSINT	20	3	mysql:bruteforce	—	2026-05-12 16:47	evidence →
64.89.163.166	mysql_bruter	52%	DROP1x OSINT	17	3	mysql:bruteforce	—	2026-05-12 13:05	evidence →
64.89.163.179	mysql_bruter	52%	DROP1x OSINT	11	3	mysql:bruteforce	—	2026-05-12 18:59	evidence →
64.89.163.180	mysql_bruter	52%	DROP1x OSINT	11	3	mysql:bruteforce	—	2026-05-12 17:49	evidence →
64.89.163.148	mysql_bruter	52%	DROP1x OSINT	117	3	mysql:bruteforce	—	2026-05-10 13:21	evidence →
64.89.163.146	mysql_bruter	51%	DROP1x OSINT	11	3	mysql:bruteforce	—	2026-05-12 02:36	evidence →
64.89.163.168	mysql_bruter	50%	DROP	232	3	mysql:bruteforce	—	2026-05-11 17:12	evidence →
64.89.163.176	mysql_bruter	50%	DROP1x OSINT	10	3	mysql:bruteforce	—	2026-05-11 21:47	evidence →
64.89.163.77	mysql_bruter	48%	DROP	26	3	mysql:bruteforce	—	2026-05-12 18:03	evidence →
64.89.163.79	mysql_bruter	47%	DROP	21	3	mysql:bruteforce	—	2026-05-12 11:01	evidence →
64.89.163.90	mysql_bruter	47%	DROP1x OSINT	14	3	mysql:bruteforce	—	2026-05-10 02:16	evidence →
64.89.163.91	mysql_bruter	46%	DROP1x OSINT	14	3	mysql:bruteforce	—	2026-05-09 12:48	evidence →
64.89.163.139	mysql_bruter	46%	DROP	12	3	mysql:bruteforce	—	2026-05-11 23:42	evidence →
64.89.163.158	mysql_bruter	46%	DROP1x OSINT	24	3	mysql:bruteforce	—	2026-05-08 18:05	evidence →
64.89.163.138	mysql_bruter	44%	DROP	9	3	mysql:bruteforce	—	2026-05-11 05:50	evidence →
64.89.163.173	scanner	44%	DROP1x OSINT	5159	1	ssh:bruteforce	—	2026-05-11 20:36	evidence →
64.89.163.167	mysql_bruter	42%	DROP	12	3	mysql:bruteforce	—	2026-05-09 23:43	evidence →
64.89.163.170	mysql_bruter	42%	DROP	9	3	mysql:bruteforce	—	2026-05-10 01:16	evidence →
64.89.163.145	mysql_bruter	40%	DROP	8	3	mysql:bruteforce	—	2026-05-09 12:39	evidence →
64.89.163.162	scanner	40%	DROP1x OSINT	127	1	ssh:bruteforce	—	2026-05-11 19:33	evidence →
64.89.163.159	mysql_bruter	36%	DROP	10	2	mysql:bruteforce	—	2026-05-15 00:01	evidence →
64.89.163.156	scanner	35%	DROP	99	1	ssh:bruteforce	—	2026-05-11 17:12	evidence →
64.89.163.164	mysql_bruter	34%	DROP	156	2	mysql:bruteforce	—	2026-05-11 04:49	evidence →
64.89.163.144	mysql_bruter	32%	DROP	87	2	mysql:bruteforce	—	2026-05-10 19:35	evidence →
64.89.163.163	mysql_bruter	31%	DROP	117	2	mysql:bruteforce	—	2026-05-09 21:14	evidence →
64.89.163.89	mysql_bruter	30%	DROP	8	2	mysql:bruteforce	—	2026-05-12 02:17	evidence →
64.89.163.94	mysql_bruter	30%	DROP	11	2	mysql:bruteforce	—	2026-05-11 19:34	evidence →
64.89.163.141	mysql_bruter	30%	DROP1x OSINT	7	2	mysql:bruteforce	—	2026-05-09 11:41	evidence →
64.89.163.165	mysql_bruter	28%	DROP	13	2	mysql:bruteforce	—	2026-05-10 12:59	evidence →
64.89.163.152	mysql_bruter	23%	DROP	234	1	mysql:bruteforce	—	2026-05-09 20:01	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds