IPMediumSignal 27/100
172.58.145.156
Location
United StatesSmyrna, Tennessee
ASN
AS21928
T-Mobile USA
First Seen
Dec 18, 2020
Last Seen
Apr 7, 2026
Dec 18
First Seen
2001d ago
Apr 7
Last Seen
65d ago
8
Reports
source reports
27%
Confidence
medium
1/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSmyrna, Tennessee
ASNAS21928
OrganizationT-Mobile USA
Feed Intelligence Summary
8 reports27% confidence
8
Source reports
27%
Confidence score
Category tags
active scanactive scanningattackbotnetbotnet activitybrute forcebrute force attackscisco asacisco devicecommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingexploitationexploitation activityftphackinghoneytrap honeypothttp scanneridentity & access exploitationindicatorinjection activitylamplamp stacklinuxmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnorth americaprocess injectionreconnaissanceresearchedscannersftp attacksftp attacksssh attackssh monitoringt1016.001t1021t1021.001t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1083t1110t1110.001t1110.002t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telekom-security/tpotcethreat actorthreat detectionthreat intelligencetor nodeunited statesweb application attackweb application attacksweb exploitationweb traffic
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
8
Reports
First seenDec 18, 2020
Last seenApr 7, 2026
GeolocationUS
CountryUnited States
LocationSmyrna, Tennessee
ASNAS21928
OrgT-Mobile USA
Coords38.1608, -85.7807
WHOIS
- description
- 2025-07-01T01:34:00.399Z Honeypot : Ciscoasa : Source: 172.58.145.156 : Message: {'timestamp': '2025-07-01T01:34:00.399821', 'src_ip': '172.58.145.156', 'payload_printable': '"GET /+webvpn+/index.html HTTP/1.1" 200 -'}
- raw
- NetRange: 172.32.0.0 - 172.63.255.255 CIDR: 172.32.0.0/11 NetName: TMO9 NetHandle: NET-172-32-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Allocation OriginAS: AS21928 Organization: T-Mobile USA, Inc. (TMOBI) RegDate: 2012-09-18 Updated: 2020-11-18 Comment: Geofeed https://raw.githubusercontent.com/tmobile/tmus-geofeed/main/tmus-geo-ip.txt Ref: https://rdap.arin.net/registry/ip/172.32.0.0 OrgName: T-Mobile USA, Inc. OrgId: TMOBI Address: 12920 SE 38th Street City: Bellevue StateProv: WA PostalCode: 98006 Country: US RegDate: 2003-01-02 Updated: 2017-01-28 Ref: https://rdap.arin.net/registry/entity/TMOBI OrgAbuseHandle: ABUSE4857-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-888-662-4662 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4857-ARIN OrgTechHandle: DNSAD11-ARIN OrgTechName: DNS Administrators OrgTechPhone: +1-888-662-4662 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/DNSAD11-ARIN
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 2 months ago
Appeared in 8 threat reports