IPMediumSignal 62/100
45.227.253.102
Location
Bolivia, Plurinational State ofLa Paz, La Paz Department
ASN
AS209272
Nextcloud S.A
First Seen
Apr 27, 2022
Last Seen
Apr 19, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBolivia, Plurinational State of
Bolivia, Plurinational State ofRegionLa Paz, La Paz Department
ASNAS209272
OrganizationNextcloud S.A
Feed Intelligence Summary
15 reports62% confidence
15
Source reports
62%
Confidence score
Category tags
academic institutionsactive scanactive scanningasiaauto-generated securityblackbolivia, plurinational state ofbotnetbotnet activitybrazilbrute forcebrute force attackccau asnas36351certcisaclopcloud infrastructurecobalt strikecode executioncommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcyber threatdata encryptiondata exfiltrationdata store exposuredecoy systemdistributed attacksdw-osint-cibeducational resourceseducational serviceseducational technologyencryptioneuropeexploitation activityextortionfinancial and insuranceflawed gracegraceguardhigher educationicedididentity & access exploitationindicatorinfo stealerinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinstalliocsipv4ipv6k-12 educationlightlocalmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmalware/gracemalware/truebotmanualmexicomodelnetworknetwrix auditornorth americaosintpassword attacksphishingphishing attackpolandprocess injectionpsexecransomwareraspberry robinreconnaissancereferremote desktopresearchedretention 3mscannerscripting attackssilencesocial engineeringsoftware exploitationsouth americasqlcmdstrongsystem disruptiont1027t1047t1053t1055t1056t1059t1059.001t1071t1071.001t1086t1105t1110.001t1110.002t1110.003t1110.004t1203t1204.002t1486t1490t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1590.001t1595.001t1595.002t1595.003ta505tablethreat actorthreat intelligencethreatactor/ta505toolstor nodetrojan malwaretruebottruebot malwaretrusted thirdtsecturkeyuuidzero
Activity Timeline
Apr 19Apr 19
Threat Activity Heatmap
· Peak: 2026-04-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
15
Reports
First seenApr 27, 2022
Last seenApr 19, 2026
GeolocationBO
CountryBolivia, Plurinational State of
LocationLa Paz, La Paz Department
ASNAS209272
OrgNextcloud S.A
Coords9.0000, -80.0000
VirusTotal
Not checked
WHOIS
- raw
- Socket not responding: [Errno 111] Connection refused
- references
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a, https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/, December 10th, 2022 - CryptoGen Cyber Threat Intelligence - New Truebot variant leveraging Netwrix bug and Raspberry Robin Worm.pdf, December 18th, 2022 - CryptoGen Cyber Threat Intelligence - Glupteba malware is back.pdf, https://community.riskiq.com/article/32fca8dd, https://otx.alienvault.com/otxapi/pulses/627136c8b95024f5508312fb/export/?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IkFMU0hPQkFLSSIsInZhbHVlIjpbIjYyNzEzNmM4Yjk1MDI0ZjU1MDgzMTJmYiIsImNzdiJdLCJleHAiOjE2NTIzNDAxMjB9.m6mMtZUX6APiYkOqo-hy0WS99veHvINvZqzUghByxOo&format=csv, test2.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 1 month ago
Appeared in 15 threat reports