64.89.163.178 — Netiface America, Inc., GB — Very High (100%)

Check an IP Address, Domain Name, Subnet, or ASN

64.89.163.178 was found in our database!

Confidence Level

100%

Very High?

Geolocation

🇬🇧

United Kingdom

ISPNetiface America, Inc.

ASNAS401626

Activity Timeline

First seenJan 24, 2026, 01:03 PM

Last seen1h ago

First reportedFeb 25, 2026, 02:10 AM

Last reported5d ago

3,815Sessions

19,810Events

1Reports

Protocol Breakdown

MYSQL

3815 / 19810

64.89.163.178 has a very high threat confidence level of 100%, originating from United Kingdom, on the Netiface America, Inc. network (401626). It has been observed across 3,815 sessions targeting MYSQL, with detected attack patterns including mysql pre extortion valuation and ransom drop, mysql targeted database destruction, mysql ransom extortion workflow, First observed on January 24, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Mysql Pre Extortion Valuation And Ransom Drop

very_high326x

Performs a structured MySQL extortion workflow that first disables autocommit and calculates database size via information_schema to assess data value, then enumerates tables, creates a ransom table, inserts explicit extortion messages with payment instructions, and commits the transaction—clearly indicating intentional database extortion following valuation.

Mysql Targeted Database Destruction

very_high203x

Explicitly disables autocommit, then deliberately drops multiple named databases and commits the transaction, indicating intentional and controlled destructive activity against specific MySQL databases rather than reconnaissance or misconfiguration.

Mysql Ransom Extortion Workflow

very_high200x

Performs a coordinated sequence of MySQL actions to create and select a ransom-themed database and table, insert extortion markers, and explicitly manage transactions, clearly signaling database compromise and intent to extort the owner

Mysql Transaction Manipulation Probe

low1368x

Disables MySQL autocommit mode without performing any follow-up actions, indicating an initial transaction manipulation probe or a failed/aborted attempt to prepare multi-step database operations. Often seen in low-confidence automation or disrupted attack flows.

Primitives

Individual actions observed

Mysql Disable Autocommit3159 Sql Commit Transaction2048 Mysql Insert Ransom Marker2031 Mysql Use Database1630 Mysql Calculate Database Size1630 Mysql Create Ransom Table1016 Mysql Drop Database815 Sql Enumerate Tables686 Sql Enumerate Tables Capital484 Mysql Use Ransom Database202 Mysql Create Ransom Database202

User Reports

1 report from 1 contributor

Date	Category	Protocol	Comment
Feb 25, 2026	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

Related Threats

Explore related threat intelligence

🇬🇧More threats fromUnited Kingdom ASMore threats fromNetiface America, Inc.MYSQLMore threats targetingMYSQL { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
64.89.163.90	100%	3,583
64.89.163.81	91%	761
64.89.163.158	100%	16,075
64.89.163.138	100%	18,408
64.89.163.168	100%	1,871

IP Address	Confidence	Events
64.89.163.90	100%	3,583
159.65.25.131	99%	67
178.83.200.2	70%	459
51.89.235.201	89%	33,822
85.11.183.6	91%	6,055