ZOLIM - Zoque-Observatorio Latinoamericano de Infraestructura Maliciosa
ZOLIM (Observatorio Latinoamericano de Infraestructura Maliciosa de Zoque) es una iniciativa de investigación de ZoqueLabs orientada a documentar, analizar y publicar snapshots periódicos de infraestructura maliciosa en América Latina, con énfasis en sistemas de comando y control (C2) y tooling asociado.
- Generated:
2026-05-29T19:55:14Z - About ZOLIM: Español - English
- Current snapshot: Archivos en GitHub
Metrics (current)
IPs: 175Unique ports: 40Threat frameworks: 14Countries: 14Cities: 55ASNs: 76
Tops (current)
- Threats:
GoPhish(103)Quasar(21)Sliver(17)DCRat(9)Havoc(9)AsyncRAT(7)Cobalt Strike(5)CHAOS(5)Metasploit(4)Hack5 Cloud C2(2)UnamWebPanel(1)Mythic(1) - Countries:
Brazil(92)Colombia(26)Mexico(14)Peru(10)Chile(10)Argentina(9)Panama(3)Paraguay(3)Honduras(2)Venezuela, Bolivarian Republic of(2)El Salvador(1)Costa Rica(1) - Cities:
São Paulo(62)Lima(10)Barranquilla(7)Valledupar(7)Santiago(6)Buenos Aires(5)Campinas(5)Radica(4)Rosario(4)Bucaramanga(4)Belo Horizonte(3)Panamá(3) - ASNs:
31898(16)3816(14)16509(12)8075(9)27831(7)396982(6)47583(6)63949(4)27823(4)138915(4)52368(4)53107(3) - ISPs:
ORACLE-BMC-31898 - Oracle Corporation(13)AMAZON-02 - Amazon.com, Inc.(10)COLOMBIA TELECOMUNICACIONES S.A. ESP BIC(10)AS-HOSTINGER(6)Microsoft Corporation(5)Colombia Movil(4)MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation(4)GOOGLE-CLOUD-PLATFORM - Google LLC(4)Dattatec.com(4)AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC(4)Oracle Corporation(3)Offshore Racks S.A(3) - Orgs:
unknown(118)Microsoft Corporation(5)Offshore Racks S.A(2)Google LLC(2)Oracle Corporation(2)ATPlus Telecom(2)TELEFÔNICA BRASIL S.A(2)Dattatec Corp(2)Amazon Data Services Brazil(2)Linode(2)ZAM LTDA.(2)Kaopu Cloud HK Limited(2) - Ports (frequency across IPs):
3333(49)443(30)31337(16)8080(15)80(13)9090(7)8848(5)8443(5)3790(4)9000(3)43333(3)8081(3)
Graphs (current)
---
config:
theme: dark
---
pie title Threats
"GoPhish" : 103
"Quasar" : 21
"Sliver" : 17
"DCRat" : 9
"Havoc" : 9
"AsyncRAT" : 7
"Cobalt Strike" : 5
"CHAOS" : 5
"Metasploit" : 4
"Hack5 Cloud C2" : 2
"UnamWebPanel" : 1
"Mythic" : 1
---
config:
theme: dark
---
pie title Countries
"Brazil" : 92
"Colombia" : 26
"Mexico" : 14
"Peru" : 10
"Chile" : 10
"Argentina" : 9
"Panama" : 3
"Paraguay" : 3
"Honduras" : 2
"Venezuela, Bolivarian Republic of" : 2
"El Salvador" : 1
"Costa Rica" : 1
---
config:
theme: dark
---
pie title ASNs
"31898" : 16
"3816" : 14
"16509" : 12
"8075" : 9
"27831" : 7
"396982" : 6
"47583" : 6
"63949" : 4
"27823" : 4
"138915" : 4
"52368" : 4
"53107" : 3
---
config:
theme: dark
---
pie title ISPs
"ORACLE-BMC-31898 - Oracle Corporation" : 13
"AMAZON-02 - Amazon.com, Inc." : 10
"COLOMBIA TELECOMUNICACIONES S.A. ESP BIC" : 10
"AS-HOSTINGER" : 6
"Microsoft Corporation" : 5
"Colombia Movil" : 4
"MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation" : 4
"GOOGLE-CLOUD-PLATFORM - Google LLC" : 4
"Dattatec.com" : 4
"AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC" : 4
"Oracle Corporation" : 3
"Offshore Racks S.A" : 3
Country → Threat (top)
---
config:
theme: dark
---
%% Country → Threat (top)
sankey-beta
Brazil,GoPhish,46
Colombia,GoPhish,14
Brazil,Sliver,13
Brazil,Quasar,11
Mexico,GoPhish,11
Chile,GoPhish,10
Colombia,DCRat,8
Peru,GoPhish,7
Argentina,GoPhish,7
Brazil,Havoc,6
Colombia,AsyncRAT,5
Brazil,Cobalt Strike,4
Paraguay,GoPhish,3
Brazil,Metasploit,3
Chile,Quasar,2
Panama,GoPhish,2
Mexico,Quasar,2
Colombia,Quasar,2
Peru,Havoc,2
Brazil,AsyncRAT,2
Peru,CHAOS,2
Brazil,CHAOS,2
Brazil,UnamWebPanel,1
Brazil,Mythic,1
Brazil,Hack5 Cloud C2,1
Mexico,Sliver,1
Panama,Sliver,1
Peru,Quasar,1
El Salvador,GoPhish,1
Costa Rica,GoPhish,1
ASN → Threat (top)
---
config:
theme: dark
---
%% ASN → Threat (top)
sankey-beta
31898,GoPhish,12
3816,GoPhish,10
27831,DCRat,6
396982,GoPhish,6
16509,GoPhish,6
52368,GoPhish,6
8075,GoPhish,4
3816,AsyncRAT,4
12252,GoPhish,3
11014,GoPhish,3
271239,GoPhish,3
27823,GoPhish,3
16509,Quasar,3
47583,GoPhish,3
138915,CHAOS,3
270564,Quasar,2
15830,GoPhish,2
16735,GoPhish,2
23201,GoPhish,2
53107,GoPhish,2
3132,GoPhish,2
28343,GoPhish,2
138915,Sliver,2
52469,GoPhish,2
47583,Quasar,2
11172,Quasar,2
31898,Quasar,2
3816,DCRat,2
18747,GoPhish,2
267121,Sliver,2
Delta vs previous snapshot
- IPs: +11 / -0 (persistent:
164) - Threat frameworks: +0 / -0
- Countries: +0 / -0
- ASNs: +5 / -0
- ISPs: +24 / -9
- Orgs: +9 / -1
- Ports: +1 / -1
- Cities: +6 / -1
Delta lists (compact)
- New IPs:
181.236.210.75,181.32.35.253,190.84.81.7,191.93.116.106,20.206.249.20,200.57.165.148,216.238.121.111,216.238.75.34,34.176.98.184,38.187.1.77,77.111.101.101 - Removed IPs: none
- New threats: none
- Removed threats: none
- New countries: none
- New ASNs:
19373,20473,271814,396356,Not Found - New ISPs:
AKAMAI-LINODE-AP - Akamai Connected Cloud,AS-VULTR - The Constant Company, LLC,AS11014 - CPS,AS12252 - America Movil Peru S.A.C.,AS13579 - INFOTEC CENTRO DE INVESTIGACION E INNOVACION EN TECNOLOGIAS DE LA INFORMACION Y COMUNICACION,AS14868 - Ligga Telecomunicacoes S.A.,AS16735 - ALGAR TELECOM S/A,AS265621 - COMUNICACION DIGITAL DE SINALOA SA DE CV,AS271366 - ALTVIA TECNOLOGIA E SERVICOS DIGITAIS LTDA,AS27831 - Colombia Movil,AS28343 - UNIFIQUE TELECOMUNICACOES S/A,AS3132 - Red Cientifica Peruana,AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC,AS52368 - ZAM LTDA.,AS52721 - TOLEDO FIBRA TELECOMUNICACAO LTDA,AS53107 - EVEO S.A.,Colombia Móvil,Equinix - Equinix (EMEA) Acquisition Enterprises B.V.,Latitude.sh,Level 3 Parent, LLC,NEXTNET SAC,Triara.com S.A. de C.V.,Vialink Soluções de Tecnologia Ltda,unknown - New ports:
16004
IP reuse / threat drift
- IPs with threat changes:
1191.93.118.254: [‘DCRat’] → [‘AsyncRAT’] (+[‘AsyncRAT’], -[‘DCRat’])
Delta graph: NEW Country → Threat edges
---
config:
theme: dark
---
%% Δ Country → Threat (new edges)
sankey-beta
Mexico,Havoc,1
Delta graph: NEW ASN → Threat edges
---
config:
theme: dark
---
%% Δ ASN → Threat (new edges)
sankey-beta
27831,AsyncRAT,1
20473,Havoc,1
20473,GoPhish,1
271814,GoPhish,1
396356,Sliver,1
19373,GoPhish,1
Not Found,GoPhish,1
All IPs (current snapshot)
| IP | Threats | Ports | Country | City | ASN | ISP | Org | Source | Last scan |
|---|---|---|---|---|---|---|---|---|---|
| 136.248.245.36 | GoPhish | 3333 | Chile | Colina | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-27_12-09-55 |
| 137.131.157.110 | GoPhish | 3333 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-27_11-05-25 |
| 138.185.109.230 | GoPhish | 9443 | Brazil | Araguaína | AS52721 | AS52721 - TOLEDO FIBRA TELECOMUNICACAO LTDA | unknown | censys | 2026-05-16_10-10-28 |
| 144.22.192.165 | GoPhish | 8443 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-28_17-10-40 |
| 144.22.207.61 | GoPhish | 8443 | Brazil | São Paulo | AS31898 | Oracle Corporation | Oracle Corporation | shodan | 2026-02-18_07-41-20 |
| 146.235.38.234 | DCRat | 5038 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-05_11-10-21 |
| 147.28.223.190 | Sliver | 31337 | Mexico | La Cañada | AS54825 | Packet Host, Inc. | Equinix Services, Inc. | shodan | 2026-01-04_18-32-22 |
| 147.45.116.18 | Sliver | 31337 | Brazil | São Paulo | AS215540 | GLOBAL CONNECTIVITY SOLUTIONS LLP | GLOBAL CONNECTIVITY SOLUTIONS LLP | shodan | 2026-01-22_09-40-58 |
| 147.93.9.173 | Havoc | 443 | Brazil | São Paulo | AS47583 | AS-HOSTINGER | unknown | censys | 2026-03-05_08-16-01 |
| 148.230.153.56 | GoPhish | 3333 | Mexico | Torreón | AS22884 | TOTAL PLAY TELECOMUNICACIONES SA DE CV | unknown | censys | 2026-02-04_23-22-09 |
| 149.130.165.200 | Quasar | 9000 | Colombia | Cota | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-04_18-58-45 |
| 149.50.137.180 | GoPhish | 2087 | Argentina | Rosario | AS27823 | Dattatec.com | DATTATEC.COM S.R.L. | shodan | 2026-02-19_17-24-34 |
| 15.228.3.86 | Cobalt Strike | 80 | Brazil | São Paulo | AS16509 | Amazon.com, Inc. | Amazon Data Services Brazil | shodan | 2026-05-12_14-39-10 |
| 150.187.25.242 | Cobalt Strike | 9999 | Venezuela, Bolivarian Republic of | Barquisimeto | AS20312 | Fundación Centro Nacional de Innovación Tecnológica (CENIT) | Fundación Centro Nacional de Innovación Tecnológica (CENIT) | shodan | 2026-05-27_13-56-09 |
| 150.230.93.32 | GoPhish | 3333 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-27_21-11-05 |
| 152.203.25.225 | GoPhish | 8080 | Colombia | Bucaramanga | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-01-27_11-49-19 |
| 152.203.31.60 | GoPhish;GoPhish | 8080;9090 | Colombia | Girón | AS3816 | AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-20_15-45-42 |
| 152.67.58.223 | Hack5 Cloud C2 | 8080 | Brazil | São Paulo | AS31898 | Oracle Corporation | Oracle Public Cloud | shodan | 2026-05-28_17-07-21 |
| 156.244.39.44 | CHAOS;CHAOS | 1604;11434 | Peru | Lima | AS138915 | Kaopu Cloud HK Limited | Lightnode Limited | shodan | 2026-01-09_17-34-42 |
| 157.151.4.17 | GoPhish | 3333 | Brazil | Vinhedo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-01_13-19-36 |
| 161.132.220.65 | Quasar | 8080 | Peru | Lima | AS27843 | WIN EMPRESAS S.A.C. | unknown | censys | 2026-04-17_13-11-01 |
| 161.132.51.222 | GoPhish | 3333 | Peru | Lima | AS3132 | AS3132 - Red Cientifica Peruana | unknown | censys | 2026-05-27_16-11-21 |
| 161.132.54.23 | GoPhish | 8081 | Peru | Lima | AS3132 | Red Cientifica Peruana | unknown | censys | 2026-01-07_01-42-12 |
| 167.234.226.89 | GoPhish | 443 | Brazil | São Paulo | AS31898 | Oracle Corporation | Oracle Corporation | shodan | 2026-04-20_08-48-39 |
| 168.138.128.79 | GoPhish | 3333 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-05-27_14-01-41 |
| 168.138.131.15 | Quasar | 80 | Brazil | São Paulo | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-05_04-55-17 |
| 168.196.106.7 | GoPhish | 443 | Brazil | Aquiraz | AS265451 | INFOLINK TELECOM | INFOLINK TELECOM | shodan | 2026-05-28_22-14-45 |
| 170.231.155.101 | Metasploit | 3790 | Brazil | Varginha | AS263424 | Fonelight Telecomunicações S/A | Fonelight Telecomunicações S/A | shodan | 2025-12-26_00-53-40 |
| 170.239.86.183 | GoPhish;GoPhish | 3333;3333 | Chile | Santiago | AS52368 | ZAM LTDA. | ZAM LTDA. | shodan | 2025-12-15_03-08-50 |
| 170.239.86.232 | GoPhish;GoPhish | 3333;3333 | Chile | Santiago | AS52368 | ZAM LTDA. | ZAM LTDA. | shodan | 2025-12-30_12-46-13 |
| 172.233.1.83 | Havoc | 443 | Brazil | São Paulo | AS63949 | AKAMAI-LINODE-AP Akamai Connected Cloud | unknown | censys | 2026-01-09_16-14-23 |
| 172.233.15.195 | Supershell | 8888 | Brazil | São Paulo | AS63949 | Akamai Connected Cloud | Linode | shodan | 2026-02-03_23-45-25 |
| 172.233.25.95 | GoPhish | 3333 | Brazil | São Paulo | AS63949 | AKAMAI-LINODE-AP - Akamai Connected Cloud | unknown | censys | 2026-05-16_11-10-42 |
| 172.233.27.101 | CHAOS | 12136 | Brazil | São Paulo | AS63949 | Akamai Connected Cloud | Linode | shodan | 2026-03-18_16-24-00 |
| 177.104.176.211 | GoPhish | 8080 | Brazil | São Paulo | AS53107 | EVEO S.A. | unknown | censys | 2026-02-27_18-10-23 |
| 177.104.188.108 | GoPhish | 3333 | Brazil | São Paulo | AS53107 | EVEO S.A. | unknown | censys | 2026-02-23_08-09-19 |
| 177.124.72.24 | Sliver;UnamWebPanel | 31337;11180 | Brazil | Belo Horizonte | AS52601 | FAXT TELECOMUNICACOES LTDA | FAXT TELECOMUNICACOES LTDA | shodan | 2026-05-29_14-49-14 |
| 177.126.168.209 | GoPhish | 3333 | Brazil | São Paulo | AS15830 | EQUINIX | unknown | censys | 2026-05-01_02-10-47 |
| 177.136.225.181 | Cobalt Strike | 10035 | Brazil | São Paulo | AS53107 | AS53107 - EVEO S.A. | unknown | censys | 2026-05-27_14-39-57 |
| 177.54.147.216 | Sliver | 31337 | Brazil | São Paulo | AS262287 | Latitude.sh LTDA | Latitude.sh LTDA | shodan | 2026-04-21_02-03-25 |
| 177.67.105.14 | Quasar | 8090 | Brazil | Campinorte | AS262517 | NIQTURBO PIMENTEL E MOREIRA LTDA | unknown | censys | 2026-05-01_12-47-58 |
| 177.74.252.105 | GoPhish | 3333 | Brazil | Itajaí | AS28343 | AS28343 - UNIFIQUE TELECOMUNICACOES S/A | unknown | censys | 2026-05-21_02-11-09 |
| 177.84.111.122 | GoPhish | 9443 | Brazil | Araguaína | AS52721 | AS52721 - TOLEDO FIBRA TELECOMUNICACAO LTDA | unknown | censys | 2026-05-16_07-11-14 |
| 177.89.234.43 | njRat | 1177 | Brazil | Natal | AS28220 | Alares Cabo Servicos de Telecomunicacoes S.A. | CABO SERVICOS DE TELECOMUNICACOES LTDA | shodan | 2026-01-31_13-46-48 |
| 179.0.178.198 | Quasar | 1080 | Brazil | Belo Horizonte | AS270564 | MASTER DA WEB DATACENTER LTDA | unknown | censys | 2026-01-13_03-18-32 |
| 179.0.178.79 | Quasar | 1080 | Brazil | Belo Horizonte | AS270564 | MASTER DA WEB DATACENTER LTDA | unknown | censys | 2026-01-02_19-13-48 |
| 179.151.242.232 | GoPhish | 9090 | Brazil | São Paulo | AS26599 | TELEFONICA BRASIL S.A | unknown | censys | 2026-02-25_07-59-13 |
| 18.230.61.7 | GoPhish | 8080 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-03-31_13-54-40 |
| 18.231.69.245 | GoPhish | 8080 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-02-09_12-59-27 |
| 18.231.78.171 | Quasar | 443 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-03-05_05-59-35 |
| 181.162.184.56 | Quasar | 8080 | Chile | Rancagua | AS7418 | TELEFONICA CHILE S.A. | unknown | censys | 2026-02-17_01-35-32 |
| 181.174.164.116 | Sliver | 31337 | Panama | Panamá | AS52469 | Offshore Racks S.A | Offshore Racks S.A | shodan | 2026-01-20_20-44-09 |
| 181.174.165.127 | GoPhish | 3333 | Panama | Panamá | AS52469 | Offshore Racks S.A | unknown | censys | 2026-03-09_06-59-37 |
| 181.174.165.128 | GoPhish | 3333 | Panama | Panamá | AS52469 | Offshore Racks S.A | Offshore Racks S.A | shodan | 2026-03-05_12-01-02 |
| 181.176.215.140 | GoPhish | 80 | Peru | Lima | AS262210 | VIETTEL PERU S.A.C. | unknown | censys | 2026-01-27_18-23-44 |
| 181.206.158.190 | DCRat | 1000 | Colombia | Barranquilla | AS27831 | AS27831 - Colombia Movil | unknown | censys | 2026-05-28_17-27-49 |
| 181.235.1.253 | AsyncRAT | 6000 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-04-17_13-11-53 |
| 181.236.210.75 | GoPhish | 9090 | Colombia | Girón | AS3816 | AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-27_09-00-57 |
| 181.32.33.172 | GoPhish;GoPhish | 8080;9090 | Colombia | Bucaramanga | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-06_06-11-41 |
| 181.32.35.253 | GoPhish | 9090 | Colombia | Girón | AS3816 | AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-25_02-10-53 |
| 181.79.36.228 | GoPhish;GoPhish | 3333;80 | Colombia | Bogotá | AS18747 | IFX18747 - IFX Corporation | unknown | censys | 2026-03-18_08-11-03 |
| 186.155.213.134 | Metasploit | 3790 | Colombia | Bogotá | AS19429 | ETB - Colombia | ETB - Colombia | shodan | 2026-05-05_09-28-34 |
| 186.168.6.214 | GoPhish;GoPhish | 9090;8080 | Colombia | Bucaramanga | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-12_18-11-11 |
| 186.169.36.103 | AsyncRAT | 6000 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-04-02_06-11-10 |
| 186.169.55.212 | DCRat | 9002 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | COLOMBIA TELECOMUNICACIONES S.A. ESP | shodan | 2026-02-09_05-37-35 |
| 186.169.63.171 | DCRat | 9090 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-03-17_20-04-31 |
| 186.169.76.228 | AsyncRAT | 5010 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-15_07-28-00 |
| 186.169.83.89 | Quasar | 2096 | Colombia | Valledupar | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-04-17_12-37-48 |
| 186.177.71.142 | GoPhish | 443 | Costa Rica | San José | AS262197 | MILLICOM CABLE COSTA RICA S.A. | unknown | censys | 2026-02-11_10-12-51 |
| 186.212.30.231 | Havoc | 8081 | Brazil | São Paulo | AS18881 | TELEFÔNICA BRASIL S.A | TELEFÔNICA BRASIL S.A | shodan | 2026-05-07_01-29-04 |
| 186.64.122.196 | GoPhish | 8443 | Chile | Curicó | AS52368 | ZAM LTDA. | unknown | censys | 2026-03-22_09-27-01 |
| 187.127.4.73 | GoPhish | 443 | Brazil | Campinas | AS47583 | AS-HOSTINGER | unknown | censys | 2026-04-20_03-11-35 |
| 187.168.236.220 | GoPhish | 3334 | Mexico | Mexico City | AS8151 | UNINET | unknown | censys | 2026-01-22_23-11-26 |
| 187.45.170.66 | GoPhish | 3333 | Brazil | Rio de Janeiro | AS28137 | Vialink Soluções de Tecnologia Ltda | Mais Link Telecomunicação Ltda. | shodan | 2026-05-29_04-50-32 |
| 187.45.79.131 | GoPhish | 3333 | Brazil | Triunfo | AS28343 | UNIFIQUE TELECOMUNICACOES SA | unknown | censys | 2026-02-04_19-06-08 |
| 187.49.187.224 | Metasploit | 3790 | Brazil | São Paulo | AS270512 | Nw3 telecomunicações Ltda | Nw3 telecomunicações Ltda | shodan | 2026-05-22_09-48-16 |
| 187.49.187.233 | Metasploit | 3790 | Brazil | São Paulo | AS270512 | Nw3 telecomunicações Ltda | Nw3 telecomunicações Ltda | shodan | 2026-04-15_00-57-22 |
| 187.84.150.111 | Sliver | 31337 | Brazil | Blumenau | AS267121 | ATPlus Telecom | ATPlus Telecom | shodan | 2026-03-31_08-19-55 |
| 187.84.150.127 | Sliver | 31337 | Brazil | Blumenau | AS267121 | ATPlus Telecom | ATPlus Telecom | shodan | 2026-04-19_02-00-47 |
| 189.45.141.173 | GoPhish | 443 | Brazil | Rio de Janeiro | AS17222 | MUNDIVOX DO BRASIL LTDA | MUNDIVOX DO BRASIL LTDA | shodan | 2026-05-28_11-57-41 |
| 190.104.242.91 | GoPhish | 43333 | Argentina | Buenos Aires | AS11014 | AS11014 - CPS | unknown | censys | 2026-05-27_07-29-11 |
| 190.104.242.92 | GoPhish | 43333 | Argentina | Buenos Aires | AS11014 | AS11014 - CPS | unknown | censys | 2026-05-27_17-06-22 |
| 190.110.41.114 | GoPhish | 3333 | Ecuador | Quito | AS22724 | PUNTONET S.A. | unknown | censys | 2026-01-23_14-11-46 |
| 190.111.234.234 | GoPhish | 43333 | Argentina | Buenos Aires | AS11014 | AS11014 - CPS | unknown | censys | 2026-05-27_15-40-48 |
| 190.114.254.211 | GoPhish | 3333 | Chile | Curicó | AS52368 | AS52368 - ZAM LTDA. | unknown | censys | 2026-05-20_21-22-43 |
| 190.119.16.140 | GoPhish | 443 | Peru | Lima | AS12252 | AS12252 - America Movil Peru S.A.C. | unknown | censys | 2026-05-28_10-14-01 |
| 190.119.63.144 | GoPhish;GoPhish | 443;443 | Peru | Lima | AS12252 | America Movil Peru S.A.C. | America Movil Peru S.A.C. | shodan | 2025-12-30_07-56-58 |
| 190.14.57.229 | Quasar | 443 | Chile | Santiago | AS27659 | Ingenieria e Informatica Asociada Ltda IIA Ltda | unknown | censys | 2026-03-04_22-14-38 |
| 190.232.52.100 | Havoc | 80 | Peru | Lima | AS6147 | INTEGRATEL PERU S.A.A. | unknown | censys | 2026-04-17_12-04-38 |
| 190.232.52.93 | Havoc | 80 | Peru | Lima | AS6147 | INTEGRATEL PERU S.A.A. | unknown | censys | 2026-05-01_11-43-13 |
| 190.255.90.152 | AsyncRAT | 6000 | Colombia | Valledupar | AS3816 | AS3816 - COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-05-27_13-12-40 |
| 190.55.127.139 | Quasar | 4782 | Argentina | Buenos Aires | AS27747 | Telecentro S.A. | unknown | censys | 2026-05-14_23-01-12 |
| 190.66.83.233 | GoPhish | 8080 | Colombia | Bucaramanga | AS3816 | COLOMBIA TELECOMUNICACIONES S.A. ESP BIC | unknown | censys | 2026-03-18_07-10-49 |
| 190.84.81.7 | GoPhish | 3333 | Colombia | Colombia | Not Found | unknown | Telmex Colombia S.A. | shodan | 2026-05-28_08-07-07 |
| 191.101.131.244 | Sliver | 31337 | Brazil | Muriaé | AS270353 | Tyna Host - Datacenter no Brasil | unknown | censys | 2026-05-15_05-18-41 |
| 191.209.58.15 | GoPhish | 3333 | Brazil | São Paulo | AS27699 | TELEFONICA BRASIL S.A | unknown | censys | 2026-03-20_06-09-33 |
| 191.252.60.140 | Havoc | 80 | Brazil | São Paulo | AS27715 | Locaweb Servicos de Internet SA | unknown | censys | 2026-04-02_01-11-24 |
| 191.8.232.11 | Quasar | 6653 | Brazil | São Paulo | AS26599 | TELEFONICA BRASIL S.A | unknown | censys | 2026-02-17_09-08-19 |
| 191.93.113.160 | DCRat | 8848 | Colombia | Barranquilla | AS27831 | Colombia Movil | unknown | censys | 2026-01-05_18-30-31 |
| 191.93.113.86 | DCRat | 8848 | Colombia | Barranquilla | AS27831 | Colombia Movil | unknown | censys | 2026-03-18_07-06-32 |
| 191.93.116.106 | DCRat | 8848 | Colombia | Barranquilla | AS27831 | AS27831 - Colombia Movil | unknown | censys | 2026-05-27_09-42-47 |
| 191.93.117.34 | DCRat | 8848 | Colombia | Barranquilla | AS27831 | Colombia Movil | unknown | censys | 2026-02-17_09-10-22 |
| 191.93.118.190 | DCRat | 8848 | Colombia | Barranquilla | AS27831 | Colombia Movil | unknown | censys | 2026-03-05_07-58-20 |
| 191.93.118.254 | AsyncRAT | 9000 | Colombia | Barranquilla | AS27831 | Colombia Móvil | Colombia Móvil | shodan | 2026-05-28_18-37-23 |
| 20.206.249.20 | GoPhish | 3333 | Brazil | Campinas | AS8075 | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation | unknown | censys | 2026-05-27_22-15-07 |
| 20.226.47.239 | Cobalt Strike | 80 | Brazil | São Paulo | AS8075 | Microsoft Corporation | Microsoft Corporation | shodan | 2026-04-11_14-50-29 |
| 200.10.229.166 | GoPhish | 3333 | Paraguay | San Lorenzo | AS27733 | Centro Nacional de Computacion | unknown | censys | 2026-02-17_09-23-08 |
| 200.109.21.86 | Quasar | 443 | Venezuela, Bolivarian Republic of | Valencia | AS8048 | CANTV Servicios, Venezuela | CANTV Servicios, Venezuela | shodan | 2026-01-27_16-50-57 |
| 200.150.67.195 | GoPhish | 3333 | Brazil | Ortigueira | AS14868 | AS14868 - Ligga Telecomunicacoes S.A. | unknown | censys | 2026-05-27_15-23-10 |
| 200.219.214.190 | GoPhish | 3333 | Brazil | São Paulo | AS15830 | Equinix - Equinix (EMEA) Acquisition Enterprises B.V. | unknown | censys | 2026-05-28_02-13-17 |
| 200.225.247.79 | Quasar | 8080 | Brazil | São Paulo | AS16735 | ALGAR TELECOM SA | unknown | censys | 2026-03-05_02-32-50 |
| 200.38.160.49 | GoPhish | 3333 | Mexico | Mexico City | AS13579 | AS13579 - INFOTEC CENTRO DE INVESTIGACION E INNOVACION EN TECNOLOGIAS DE LA INFORMACION Y COMUNICACION | unknown | censys | 2026-05-27_10-11-52 |
| 200.40.131.89 | Sliver | 31337 | Uruguay | Montevideo | AS6057 | Administracion Nacional de Telecomunicaciones | Administracion Nacional de Telecomunicaciones | shodan | 2026-01-21_19-23-04 |
| 200.57.165.148 | GoPhish | 3333 | Mexico | Ciudad Apodaca | AS19373 | Triara.com S.A. de C.V. | Triara.com S.A. de C.V. | shodan | 2026-05-29_04-50-12 |
| 200.58.100.246 | GoPhish | 3333 | Argentina | Rosario | AS27823 | Dattatec.com | unknown | censys | 2026-02-11_08-11-32 |
| 200.85.49.125 | GoPhish | 3333 | Paraguay | Asunción | AS23201 | Telecel S.A. | unknown | censys | 2026-01-02_00-18-19 |
| 200.9.155.183 | AsyncRAT | 8000 | Brazil | Muriaé | AS270353 | Tyna Host - Datacenter no Brasil | unknown | censys | 2026-05-15_03-55-14 |
| 200.9.4.41 | GoPhish | 443 | Paraguay | Asunción | AS23201 | Telecel S.A. | Univ. Catolica Nuestra Senora de la Asuncion | shodan | 2026-05-29_12-10-09 |
| 201.16.156.113 | GoPhish | 3333 | Brazil | São Paulo | AS16735 | ALGAR TELECOM SA | unknown | censys | 2026-01-26_08-39-48 |
| 201.234.38.193 | GoPhish | 443 | Argentina | Buenos Aires | AS21756 | SIDERCA S.A.I.C. | unknown | censys | 2026-05-01_13-10-51 |
| 201.46.86.34 | GoPhish | 3333 | Mexico | Los Mochis | AS265621 | AS265621 - COMUNICACION DIGITAL DE SINALOA SA DE CV | unknown | censys | 2026-05-27_15-26-55 |
| 201.48.97.53 | GoPhish | 3333 | Brazil | São Paulo | AS16735 | AS16735 - ALGAR TELECOM S/A | unknown | censys | 2026-05-27_15-41-16 |
| 201.72.113.30 | GoPhish | 9443 | Brazil | Goiânia | AS4230 | CLARO S.A. | CLARO S.A. | shodan | 2026-05-15_12-39-11 |
| 201.92.133.149 | Havoc | 8081 | Brazil | São Paulo | AS27699 | TELEFÔNICA BRASIL S.A | TELEFÔNICA BRASIL S.A | shodan | 2025-12-22_01-54-38 |
| 207.248.247.66 | Quasar;Quasar | 8003;8002 | Mexico | Guadalupe | AS11172 | Alestra, S. de R.L. de C.V. | unknown | censys | 2026-03-05_09-54-36 |
| 216.238.121.111 | GoPhish | 8443 | Brazil | Osasco | AS20473 | AS-VULTR - The Constant Company, LLC | unknown | censys | 2026-05-27_02-55-26 |
| 216.238.75.34 | Havoc | 80 | Mexico | General Lázaro Cárdenas | AS20473 | AS-VULTR - The Constant Company, LLC | unknown | censys | 2026-05-27_07-28-42 |
| 34.176.142.248 | GoPhish;GoPhish | 80;443 | Chile | Santiago | AS396982 | Google LLC | Google LLC | shodan | 2026-05-29_15-18-46 |
| 34.176.98.184 | GoPhish | 3333 | Chile | Santiago | AS396982 | GOOGLE-CLOUD-PLATFORM - Google LLC | unknown | censys | 2026-05-27_18-43-49 |
| 34.39.186.7 | GoPhish | 443 | Brazil | São Paulo | AS396982 | GOOGLE-CLOUD-PLATFORM - Google LLC | unknown | censys | 2026-05-15_06-42-26 |
| 34.51.42.9 | GoPhish | 443 | Mexico | Santiago de Querétaro | AS396982 | GOOGLE-CLOUD-PLATFORM - Google LLC | unknown | censys | 2026-02-09_17-10-57 |
| 34.51.56.27 | GoPhish | 80 | Mexico | Santiago de Querétaro | AS396982 | GOOGLE-CLOUD-PLATFORM - Google LLC | unknown | censys | 2026-02-02_04-30-21 |
| 34.95.222.105 | Sliver | 31337 | Brazil | São Paulo | AS396982 | Google LLC | Google LLC | shodan | 2026-04-12_15-45-15 |
| 38.187.1.77 | GoPhish | 3333 | Peru | Lima | AS271814 | NEXTNET SAC | NEXTNET S.A.C | shodan | 2026-05-27_21-33-44 |
| 38.56.209.142 | GoPhish | 7443 | El Salvador | Antiguo Cuscatlán | AS174 | Cogent Communications | DIGICEL S.A. DE C.V. | shodan | 2026-02-18_21-49-49 |
| 38.60.209.110 | CHAOS | 16004 | Brazil | São Paulo | AS138915 | Kaopu Cloud HK Limited | Kaopu Cloud HK Limited | shodan | 2026-05-16_03-02-00 |
| 38.60.209.204 | Sliver | 1337 | Brazil | São Paulo | AS138915 | Kaopu Cloud HK Limited | Kaopu Cloud HK Limited | shodan | 2026-03-04_07-55-28 |
| 38.60.242.200 | Sliver | 31337 | Brazil | São Paulo | AS138915 | KAOPU-HK Kaopu Cloud HK Limited | unknown | censys | 2026-02-17_10-26-10 |
| 4.201.122.3 | GoPhish | 443 | Brazil | Campinas | AS8075 | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation | unknown | censys | 2026-05-27_08-16-25 |
| 4.201.140.200 | GoPhish | 3333 | Brazil | Campinas | AS8075 | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation | unknown | censys | 2026-02-09_22-01-37 |
| 4.201.155.137 | Sliver | 31337 | Brazil | São Paulo | AS8075 | Microsoft Corporation | Microsoft Corporation | shodan | 2026-01-12_10-42-51 |
| 4.201.185.160 | Sliver | 31337 | Brazil | São Paulo | AS8075 | Microsoft Corporation | Microsoft Corporation | shodan | 2025-12-16_11-49-04 |
| 4.201.220.7 | Cobalt Strike | 50050 | Brazil | São Paulo | AS8075 | Microsoft Corporation | Microsoft Corporation | shodan | 2026-02-18_00-42-30 |
| 40.233.1.176 | GoPhish | 443 | Mexico | Radica | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-25_16-28-10 |
| 40.233.14.119 | GoPhish | 443 | Mexico | Radica | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-27_19-27-55 |
| 40.233.19.225 | GoPhish | 443 | Mexico | Radica | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-03-17_21-20-43 |
| 40.233.26.200 | GoPhish | 3333 | Mexico | Radica | AS31898 | ORACLE-BMC-31898 - Oracle Corporation | unknown | censys | 2026-02-28_10-24-52 |
| 45.178.183.89 | GoPhish | 3333 | Brazil | São Paulo | AS269098 | AbsamHost Internet Data Center | unknown | censys | 2026-05-07_09-38-52 |
| 45.225.129.11 | GoPhish | 3333 | Brazil | Rolândia | AS271239 | Altatech Solucoes em Tecnologia EIRELI | unknown | censys | 2026-01-13_08-12-57 |
| 45.225.129.210 | GoPhish | 3333 | Brazil | Apucarana | AS271239 | Altatech Solucoes em Tecnologia EIRELI | unknown | censys | 2026-02-25_11-00-19 |
| 45.225.129.50 | GoPhish | 3333 | Brazil | Rolândia | AS271239 | Altatech Solucoes em Tecnologia EIRELI | unknown | censys | 2026-01-06_12-42-16 |
| 45.226.189.70 | GoPhish | 3333 | Brazil | Curitiba | AS266997 | MPTEC INFORMATICA LTDA - ME | MPTEC INFORMATICA LTDA - ME | shodan | 2026-03-11_15-36-20 |
| 45.227.61.113 | GoPhish | 3333 | Brazil | São Paulo | AS271366 | AS271366 - ALTVIA TECNOLOGIA E SERVICOS DIGITAIS LTDA | unknown | censys | 2026-05-27_12-11-02 |
| 45.236.130.44 | Sliver | 31337 | Chile | Santiago | AS64111 | INFORMATICA BLUEHOSTING LIMITADA | INFORMATICA BLUEHOSTING LIMITADA | shodan | 2025-12-15_14-32-17 |
| 45.238.142.234 | Hack5 Cloud C2 | 443 | Honduras | San Pedro Sula | AS263686 | INET Communication | INET Communication | shodan | 2026-05-28_12-07-53 |
| 45.39.210.144 | Sliver | 31337 | Brazil | São Paulo | AS268624 | Gamers Club Ltda | unknown | censys | 2026-05-15_10-10-20 |
| 45.67.247.185 | Quasar | 80 | Honduras | Tegucigalpa | AS273189 | CA NETWORK S.A. DE C.V. | unknown | censys | 2026-03-04_20-46-13 |
| 46.202.146.65 | GoPhish | 443 | Brazil | São Paulo | AS47583 | AS-HOSTINGER | unknown | censys | 2026-04-20_03-28-58 |
| 52.67.113.111 | Havoc | 443 | Brazil | São Paulo | AS16509 | Amazon.com, Inc. | Amazon Data Services Brazil | shodan | 2026-03-17_01-04-42 |
| 54.232.144.183 | Mythic | 443 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-02-17_13-10-46 |
| 54.232.234.226 | GoPhish | 443 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-05-26_22-17-10 |
| 54.233.43.28 | GoPhish | 8080 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-02-08_22-22-03 |
| 54.94.39.204 | Quasar | 443 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-03-04_23-51-33 |
| 56.125.168.86 | Quasar | 80 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-03-05_02-30-07 |
| 56.125.42.70 | GoPhish | 3333 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-03-30_10-12-17 |
| 56.125.59.57 | GoPhish | 8443 | Brazil | São Paulo | AS16509 | AMAZON-02 - Amazon.com, Inc. | unknown | censys | 2026-04-04_23-14-17 |
| 64.76.214.54 | GoPhish | 443 | Colombia | Barrio San Luis | AS3549 | Level 3 Parent, LLC | CTL Colombia | shodan | 2026-05-29_10-36-14 |
| 66.97.33.20 | GoPhish | 3333 | Argentina | Rosario | AS27823 | Dattatec.com | Dattatec Corp | shodan | 2026-05-29_01-58-36 |
| 66.97.39.94 | CHAOS | 8080 | Argentina | Rosario | AS27823 | Dattatec.com | Dattatec Corp | shodan | 2026-04-29_14-16-50 |
| 74.163.80.224 | GoPhish | 3333 | Brazil | Campinas | AS8075 | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation | unknown | censys | 2026-05-27_20-14-00 |
| 74.163.81.142 | AsyncRAT | 443 | Brazil | São Paulo | AS8075 | Microsoft Corporation | Microsoft Corporation | shodan | 2026-04-01_18-27-04 |
| 77.111.101.101 | Sliver | 31337 | Brazil | São Paulo | AS396356 | Latitude.sh | Colocation America Corporation | shodan | 2026-05-29_11-40-37 |
| 82.25.65.119 | GoPhish | 3333 | Brazil | São Paulo | AS47583 | AS-HOSTINGER | unknown | censys | 2026-04-17_09-21-38 |
| 89.116.186.136 | Quasar | 9000 | Brazil | São Paulo | AS47583 | AS-HOSTINGER | unknown | censys | 2026-03-05_12-48-41 |
| 89.116.186.72 | Quasar | 8080 | Brazil | São Paulo | AS47583 | AS-HOSTINGER | unknown | censys | 2026-03-05_03-00-55 |
Current snapshot link: https://github.com/ZoqueLabs/olim_datasets/tree/main/reports/2026-05-29_14-55-14