ZOLIM - Zoque-Observatorio de Infraestructura Maliciosa

ZOLIM (Observatorio Latinoamericano de Infraestructura Maliciosa de Zoque) es una iniciativa de investigación de ZoqueLabs orientada a documentar, analizar y publicar snapshots periódicos de infraestructura maliciosa en América Latina, con énfasis en sistemas de comando y control (C2) y tooling asociado.

Generated: 2026-02-05T17:12:30Z
About ZOLIM: Español - English
Current snapshot: https://github.com/ZoqueLabs/olim_datasets/tree/main/reports/2026-02-05_12-12-30

Metrics (current)

IPs: 77 Unique ports: 24 Threat frameworks: 14 Countries: 13 Cities: 32 ASNs: 44

Tops (current)

Threats: GoPhish(53) Sliver(8) DCRat(5) Cobalt Strike(4) Quasar(4) CHAOS(3) Havoc(2) AsyncRAT(1) UnamWebPanel(1) Mythic(1) Hack5 Cloud C2(1) njRat(1)
Countries: Brazil(38) Colombia(7) Mexico(7) Peru(7) Argentina(4) Chile(4) Paraguay(3) Venezuela, Bolivarian Republic of(2) Panama(1) El Salvador(1) Costa Rica(1) Ecuador(1)
Cities: São Paulo(25) Lima(7) Barranquilla(4) Santiago(4) Belo Horizonte(3) Asunción(3) Buenos Aires(3) Rolândia(2) Mexico City(2) Santiago de Querétaro(2) La Cañada(1) Panamá(1)
ASNs: 31898(7) 8075(5) 27831(4) 63949(4) 16509(3) 11014(3) 271239(3) 396982(3) 53107(2) 270564(2) 12252(2) 15830(2)
ISPs: ORACLE-BMC-31898 - Oracle Corporation(5) Colombia Movil(4) Microsoft Corporation(4) CPS(3) Altatech Solucoes em Tecnologia EIRELI(3) EVEO S.A.(2) Oracle Corporation(2) MASTER DA WEB DATACENTER LTDA(2) AKAMAI-LINODE-AP Akamai Connected Cloud(2) America Movil Peru S.A.C.(2) EQUINIX(2) Telecel S.A.(2)
Orgs: unknown(47) Microsoft Corporation(4) America Movil Peru S.A.C.(2) Linode(2) ZAM LTDA.(2) FAXT TELECOMUNICACOES LTDA(1) Oracle Public Cloud(1) Equinix Services, Inc.(1) GLOBAL CONNECTIVITY SOLUTIONS LLP(1) Offshore Racks S.A(1) Univ. Catolica Nuestra Senora de la Asuncion(1) DIGICEL S.A. DE C.V.(1)
Ports (frequency across IPs): 3333(28) 443(13) 31337(8) 8080(5) 80(5) 8848(3) 8443(3) 43333(3) 1080(2) 8081(2) 1000(1) 10035(1)

Graphs (current)

---
config:
  theme: dark
---
pie title Threats
  "GoPhish" : 53
  "Sliver" : 8
  "DCRat" : 5
  "Cobalt Strike" : 4
  "Quasar" : 4
  "CHAOS" : 3
  "Havoc" : 2
  "AsyncRAT" : 1
  "UnamWebPanel" : 1
  "Mythic" : 1
  "Hack5 Cloud C2" : 1
  "njRat" : 1

---
config:
  theme: dark
---
pie title Countries
  "Brazil" : 38
  "Colombia" : 7
  "Mexico" : 7
  "Peru" : 7
  "Argentina" : 4
  "Chile" : 4
  "Paraguay" : 3
  "Venezuela, Bolivarian Republic of" : 2
  "Panama" : 1
  "El Salvador" : 1
  "Costa Rica" : 1
  "Ecuador" : 1

---
config:
  theme: dark
---
pie title ASNs
  "31898" : 7
  "8075" : 5
  "27831" : 4
  "63949" : 4
  "16509" : 3
  "11014" : 3
  "271239" : 3
  "396982" : 3
  "53107" : 2
  "270564" : 2
  "12252" : 2
  "15830" : 2

---
config:
  theme: dark
---
pie title ISPs
  "ORACLE-BMC-31898 - Oracle Corporation" : 5
  "Colombia Movil" : 4
  "Microsoft Corporation" : 4
  "CPS" : 3
  "Altatech Solucoes em Tecnologia EIRELI" : 3
  "EVEO S.A." : 2
  "Oracle Corporation" : 2
  "MASTER DA WEB DATACENTER LTDA" : 2
  "AKAMAI-LINODE-AP Akamai Connected Cloud" : 2
  "America Movil Peru S.A.C." : 2
  "EQUINIX" : 2
  "Telecel S.A." : 2

Country → Threat (top)

---
config:
  theme: dark
---
%% Country → Threat (top)
sankey-beta
  Brazil,GoPhish,21
  Mexico,GoPhish,6
  Peru,GoPhish,6
  Chile,GoPhish,6
  Colombia,DCRat,5
  Brazil,Sliver,4
  Argentina,GoPhish,4
  Brazil,Cobalt Strike,3
  Paraguay,GoPhish,3
  Brazil,Quasar,2
  Brazil,Havoc,2
  El Salvador,GoPhish,2
  Costa Rica,GoPhish,2
  Colombia,GoPhish,2
  Peru,CHAOS,2
  Colombia,AsyncRAT,1
  Brazil,UnamWebPanel,1
  Brazil,Mythic,1
  Brazil,Hack5 Cloud C2,1
  Mexico,Sliver,1
  Panama,Sliver,1
  Peru,Quasar,1
  Ecuador,GoPhish,1
  Venezuela  Bolivarian Republic of,Cobalt Strike,1
  Chile,Sliver,1
  Brazil,njRat,1
  Brazil,CHAOS,1
  Brazil,Metasploit,1
  Uruguay,Sliver,1
  Venezuela  Bolivarian Republic of,Quasar,1

ASN → Threat (top)

---
config:
  theme: dark
---
%% ASN → Threat (top)
sankey-beta
  31898,GoPhish,6
  27831,DCRat,4
  396982,GoPhish,4
  52368,GoPhish,4
  12252,GoPhish,3
  11014,GoPhish,3
  271239,GoPhish,3
  270564,Quasar,2
  15830,GoPhish,2
  23201,GoPhish,2
  174,GoPhish,2
  3132,GoPhish,2
  8075,GoPhish,2
  262197,GoPhish,2
  8075,Sliver,2
  138915,CHAOS,2
  53107,Cobalt Strike,1
  27831,AsyncRAT,1
  52601,Sliver,1
  52601,UnamWebPanel,1
  16509,Mythic,1
  31898,Hack5 Cloud C2,1
  54825,Sliver,1
  215540,Sliver,1
  52469,Sliver,1
  27843,Quasar,1
  63949,Havoc,1
  28137,GoPhish,1
  16735,GoPhish,1
  271366,GoPhish,1

Delta vs previous snapshot

IPs: +14 / -1 (persistent: 63)
Threat frameworks: +1 / -0
Countries: +0 / -0
ASNs: +5 / -0
ISPs: +10 / -3
Orgs: +4 / -1
Ports: +4 / -1
Cities: +7 / -2

Delta lists (compact)

New IPs: 152.203.25.225, 172.233.15.195, 177.126.168.209, 186.169.55.212, 187.168.236.220, 191.93.117.34, 200.109.21.86, 200.58.100.246, 34.51.42.9, 34.51.56.27, 4.201.220.7, 45.225.129.210, 54.233.43.28, 64.76.214.54
Removed IPs: 186.17.213.66
New threats: Supershell
Removed threats: none
New countries: none
New ASNs: 27823, 3549, 3816, 8048, 8151
New ISPs: ALTVIA TECNOLOGIA E SERVICOS DIGITAIS LTDA, AMAZON-02 - Amazon.com, Inc., CANTV Servicios, Venezuela, COLOMBIA TELECOMUNICACIONES S.A. ESP BIC, Dattatec.com, GOOGLE-CLOUD-PLATFORM - Google LLC, LVLT-3549 - Level 3 Parent, LLC, MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, ORACLE-BMC-31898 - Oracle Corporation, UNINET
New ports: 3334, 8888, 9002, 953

IP reuse / threat drift

IPs with threat changes: 1
- 177.124.72.24: [‘Havoc’, ‘Sliver’, ‘UnamWebPanel’] → [‘Sliver’, ‘UnamWebPanel’] (+[], -[‘Havoc’])

Delta graph: NEW Country → Threat edges

---
config:
  theme: dark
---
%% Δ Country → Threat (new edges)
sankey-beta
  Colombia,GoPhish,2
  Venezuela  Bolivarian Republic of,Quasar,1
  Brazil,Supershell,1

Delta graph: NEW ASN → Threat edges

---
config:
  theme: dark
---
%% Δ ASN → Threat (new edges)
sankey-beta
  16509,GoPhish,1
  3549,GoPhish,1
  8151,GoPhish,1
  27823,GoPhish,1
  3816,GoPhish,1
  3816,DCRat,1
  8075,Cobalt Strike,1
  8048,Quasar,1
  63949,Supershell,1

All IPs (current snapshot)

IP	Threats	Ports	Country	City	ASN	ISP	Org	Source	Last scan
144.22.192.165	GoPhish	8443	Brazil	São Paulo	AS31898	Oracle Corporation	Oracle Corporation	shodan	2026-02-05_08-56-46
144.22.207.61	GoPhish	8443	Brazil	São Paulo	AS31898	ORACLE-BMC-31898 - Oracle Corporation	unknown	censys	2026-02-05_03-11-12
147.28.223.190	Sliver	31337	Mexico	La Cañada	AS54825	Packet Host, Inc.	Equinix Services, Inc.	shodan	2026-01-04_18-32-22
147.45.116.18	Sliver	31337	Brazil	São Paulo	AS215540	GLOBAL CONNECTIVITY SOLUTIONS LLP	GLOBAL CONNECTIVITY SOLUTIONS LLP	shodan	2026-01-22_09-40-58
148.230.153.56	GoPhish	3333	Mexico	Torreón	AS22884	TOTAL PLAY TELECOMUNICACIONES SA DE CV	unknown	censys	2026-02-04_23-22-09
15.228.3.86	Cobalt Strike	80	Brazil	São Paulo	AS16509	Amazon.com, Inc.	Amazon Data Services Brazil	shodan	2026-01-06_03-05-38
150.187.25.242	Cobalt Strike	9999	Venezuela, Bolivarian Republic of	Barquisimeto	AS20312	Fundación Centro Nacional de Innovación Tecnológica (CENIT)	Fundación Centro Nacional de Innovación Tecnológica (CENIT)	shodan	2026-02-04_04-26-49
152.203.25.225	GoPhish	8080	Colombia	Bucaramanga	AS3816	COLOMBIA TELECOMUNICACIONES S.A. ESP BIC	unknown	censys	2026-01-27_11-49-19
152.67.58.223	Hack5 Cloud C2	8080	Brazil	São Paulo	AS31898	Oracle Corporation	Oracle Public Cloud	shodan	2026-02-05_05-44-29
156.244.39.44	CHAOS;CHAOS	1604;11434	Peru	Lima	AS138915	Kaopu Cloud HK Limited	Lightnode Limited	shodan	2026-01-09_17-34-42
157.151.4.17	GoPhish	3333	Brazil	Vinhedo	AS31898	ORACLE-BMC-31898 - Oracle Corporation	unknown	censys	2026-02-05_08-11-45
161.132.220.65	Quasar	8080	Peru	Lima	AS27843	WIN EMPRESAS S.A.C.	unknown	censys	2026-02-05_08-10-41
161.132.51.222	GoPhish	3333	Peru	Lima	AS3132	Red Cientifica Peruana	unknown	censys	2026-02-05_08-04-49
161.132.54.23	GoPhish	8081	Peru	Lima	AS3132	Red Cientifica Peruana	unknown	censys	2026-01-07_01-42-12
167.234.226.89	GoPhish	443	Brazil	São Paulo	AS31898	ORACLE-BMC-31898 - Oracle Corporation	unknown	censys	2026-02-05_10-11-04
168.138.128.79	GoPhish	3333	Brazil	São Paulo	AS31898	ORACLE-BMC-31898 - Oracle Corporation	unknown	censys	2026-02-05_11-11-51
170.231.155.101	Metasploit	3790	Brazil	Varginha	AS263424	Fonelight Telecomunicações S/A	Fonelight Telecomunicações S/A	shodan	2025-12-26_00-53-40
170.239.86.183	GoPhish;GoPhish	3333;3333	Chile	Santiago	AS52368	ZAM LTDA.	ZAM LTDA.	shodan	2025-12-15_03-08-50
170.239.86.232	GoPhish;GoPhish	3333;3333	Chile	Santiago	AS52368	ZAM LTDA.	ZAM LTDA.	shodan	2025-12-30_12-46-13
172.233.1.83	Havoc	443	Brazil	São Paulo	AS63949	AKAMAI-LINODE-AP Akamai Connected Cloud	unknown	censys	2026-01-09_16-14-23
172.233.15.195	Supershell	8888	Brazil	São Paulo	AS63949	Akamai Connected Cloud	Linode	shodan	2026-02-03_23-45-25
172.233.25.95	GoPhish	3333	Brazil	São Paulo	AS63949	AKAMAI-LINODE-AP Akamai Connected Cloud	unknown	censys	2026-02-05_10-11-07
172.233.27.101	CHAOS	953	Brazil	São Paulo	AS63949	Akamai Connected Cloud	Linode	shodan	2026-01-29_14-45-19
177.104.176.211	GoPhish	8080	Brazil	São Paulo	AS53107	EVEO S.A.	unknown	censys	2026-01-13_13-19-31
177.124.72.24	Sliver;UnamWebPanel	31337;11180	Brazil	Belo Horizonte	AS52601	FAXT TELECOMUNICACOES LTDA	FAXT TELECOMUNICACOES LTDA	shodan	2026-02-03_06-09-38
177.126.168.209	GoPhish	3333	Brazil	São Paulo	AS15830	EQUINIX	unknown	censys	2026-02-05_08-15-26
177.136.225.181	Cobalt Strike	10035	Brazil	São Paulo	AS53107	EVEO S.A.	unknown	censys	2026-02-05_10-10-23
177.89.234.43	njRat	1177	Brazil	Natal	AS28220	Alares Cabo Servicos de Telecomunicacoes S.A.	CABO SERVICOS DE TELECOMUNICACOES LTDA	shodan	2026-01-31_13-46-48
179.0.178.198	Quasar	1080	Brazil	Belo Horizonte	AS270564	MASTER DA WEB DATACENTER LTDA	unknown	censys	2026-01-13_03-18-32
179.0.178.79	Quasar	1080	Brazil	Belo Horizonte	AS270564	MASTER DA WEB DATACENTER LTDA	unknown	censys	2026-01-02_19-13-48
181.174.164.116	Sliver	31337	Panama	Panamá	AS52469	Offshore Racks S.A	Offshore Racks S.A	shodan	2026-01-20_20-44-09
181.176.215.140	GoPhish	80	Peru	Lima	AS262210	VIETTEL PERU S.A.C.	unknown	censys	2026-01-27_18-23-44
181.206.158.190	DCRat	1000	Colombia	Barranquilla	AS27831	Colombia Movil	unknown	censys	2026-02-05_12-12-06
186.169.55.212	DCRat	9002	Colombia	Valledupar	AS3816	COLOMBIA TELECOMUNICACIONES S.A. ESP BIC	COLOMBIA TELECOMUNICACIONES S.A. ESP	shodan	2026-02-05_10-13-08
186.177.71.142	GoPhish;GoPhish	443;3333	Costa Rica	San José	AS262197	MILLICOM CABLE COSTA RICA S.A.	MILLICOM CABLE COSTA RICA S.A.	shodan	2026-02-05_11-14-16
187.168.236.220	GoPhish	3334	Mexico	Mexico City	AS8151	UNINET	unknown	censys	2026-01-22_23-11-26
187.45.170.66	GoPhish	3333	Brazil	Rio de Janeiro	AS28137	Vialink Solucoes de Tecnologia Ltda	unknown	censys	2026-02-05_09-13-42
187.45.79.131	GoPhish	3333	Brazil	Triunfo	AS28343	UNIFIQUE TELECOMUNICACOES SA	unknown	censys	2026-02-04_19-06-08
190.104.242.91	GoPhish	43333	Argentina	Buenos Aires	AS11014	CPS	unknown	censys	2026-02-05_08-49-56
190.104.242.92	GoPhish	43333	Argentina	Buenos Aires	AS11014	CPS	unknown	censys	2026-02-05_08-57-43
190.110.41.114	GoPhish	3333	Ecuador	Quito	AS22724	PUNTONET S.A.	unknown	censys	2026-01-23_14-11-46
190.111.234.234	GoPhish	43333	Argentina	Buenos Aires	AS11014	CPS	unknown	censys	2026-02-05_06-46-29
190.119.16.140	GoPhish	443	Peru	Lima	AS12252	America Movil Peru S.A.C.	America Movil Peru S.A.C.	shodan	2026-02-05_10-38-52
190.119.63.144	GoPhish;GoPhish	443;443	Peru	Lima	AS12252	America Movil Peru S.A.C.	America Movil Peru S.A.C.	shodan	2025-12-30_07-56-58
191.209.58.15	GoPhish	3333	Brazil	São Paulo	AS27699	TELEFONICA BRASIL S.A	unknown	censys	2026-02-05_07-11-20
191.93.113.160	DCRat	8848	Colombia	Barranquilla	AS27831	Colombia Movil	unknown	censys	2026-01-05_18-30-31
191.93.117.34	DCRat	8848	Colombia	Barranquilla	AS27831	Colombia Movil	unknown	censys	2026-02-05_09-41-45
191.93.118.254	AsyncRAT;DCRat	9000;8848	Colombia	Barranquilla	AS27831	Colombia Movil	unknown	censys	2026-02-05_09-30-42
200.10.229.166	GoPhish	3333	Paraguay	Asunción	AS27733	Centro Nacional de Computacion	unknown	censys	2026-02-05_09-29-10
200.109.21.86	Quasar	443	Venezuela, Bolivarian Republic of	Valencia	AS8048	CANTV Servicios, Venezuela	CANTV Servicios, Venezuela	shodan	2026-01-27_16-50-57
200.219.214.190	GoPhish	3333	Brazil	São Paulo	AS15830	EQUINIX	unknown	censys	2026-02-05_09-24-28
200.38.160.49	GoPhish	3333	Mexico	Mexico City	AS13579	INFOTEC CENTRO DE INVESTIGACION E INNOVACION EN TECNOLOGIAS DE LA INFORMACION Y COMUNICACION	unknown	censys	2026-02-05_10-57-22
200.40.131.89	Sliver	31337	Uruguay	Montevideo	AS6057	Administracion Nacional de Telecomunicaciones	Administracion Nacional de Telecomunicaciones	shodan	2026-01-21_19-23-04
200.58.100.246	GoPhish	3333	Argentina	Rosario	AS27823	Dattatec.com	unknown	censys	2026-02-05_09-11-02
200.85.49.125	GoPhish	3333	Paraguay	Asunción	AS23201	Telecel S.A.	unknown	censys	2026-01-02_00-18-19
200.9.4.41	GoPhish	443	Paraguay	Asunción	AS23201	Telecel S.A.	Univ. Catolica Nuestra Senora de la Asuncion	shodan	2026-01-26_05-31-56
201.16.156.113	GoPhish	3333	Brazil	São Paulo	AS16735	ALGAR TELECOM SA	unknown	censys	2026-01-26_08-39-48
201.92.133.149	Havoc	8081	Brazil	São Paulo	AS27699	TELEFÔNICA BRASIL S.A	TELEFÔNICA BRASIL S.A	shodan	2025-12-22_01-54-38
34.176.142.248	GoPhish;GoPhish	80;443	Chile	Santiago	AS396982	Google LLC	Google LLC	shodan	2026-02-05_03-07-52
34.51.42.9	GoPhish	443	Mexico	Santiago de Querétaro	AS396982	GOOGLE-CLOUD-PLATFORM - Google LLC	unknown	censys	2026-02-05_07-10-21
34.51.56.27	GoPhish	80	Mexico	Santiago de Querétaro	AS396982	GOOGLE-CLOUD-PLATFORM - Google LLC	unknown	censys	2026-02-02_04-30-21
38.56.209.142	GoPhish;GoPhish	7443;8443	El Salvador	Antiguo Cuscatlán	AS174	Cogent Communications	DIGICEL S.A. DE C.V.	shodan	2026-02-05_09-48-54
4.201.122.3	GoPhish	443	Brazil	São Paulo	AS8075	Microsoft Corporation	Microsoft Corporation	shodan	2026-02-05_11-30-17
4.201.140.200	GoPhish	3333	Brazil	Campinas	AS8075	MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation	unknown	censys	2026-02-05_08-11-07
4.201.155.137	Sliver	31337	Brazil	São Paulo	AS8075	Microsoft Corporation	Microsoft Corporation	shodan	2026-01-12_10-42-51
4.201.185.160	Sliver	31337	Brazil	São Paulo	AS8075	Microsoft Corporation	Microsoft Corporation	shodan	2025-12-16_11-49-04
4.201.220.7	Cobalt Strike	80	Brazil	São Paulo	AS8075	Microsoft Corporation	Microsoft Corporation	shodan	2026-02-05_03-05-50
40.233.26.200	GoPhish	3333	Mexico	Triana	AS31898	ORACLE-BMC-31898 - Oracle Corporation	unknown	censys	2026-02-05_11-26-54
45.225.129.11	GoPhish	3333	Brazil	Rolândia	AS271239	Altatech Solucoes em Tecnologia EIRELI	unknown	censys	2026-01-13_08-12-57
45.225.129.210	GoPhish	3333	Brazil	Apucarana	AS271239	Altatech Solucoes em Tecnologia EIRELI	unknown	censys	2026-02-05_11-13-44
45.225.129.50	GoPhish	3333	Brazil	Rolândia	AS271239	Altatech Solucoes em Tecnologia EIRELI	unknown	censys	2026-01-06_12-42-16
45.226.189.70	GoPhish	3333	Brazil	Curitiba	AS266997	MPTEC INFORMATICA LTDA - ME	unknown	censys	2026-02-05_11-42-28
45.227.61.113	GoPhish	3333	Brazil	São Paulo	AS271366	ALTVIA TECNOLOGIA E SERVICOS DIGITAIS LTDA	unknown	censys	2026-02-05_10-25-39
45.236.130.44	Sliver	31337	Chile	Santiago	AS64111	INFORMATICA BLUEHOSTING LIMITADA	INFORMATICA BLUEHOSTING LIMITADA	shodan	2025-12-15_14-32-17
54.232.144.183	Mythic	443	Brazil	São Paulo	AS16509	AMAZON-02	unknown	censys	2026-01-13_08-13-39
54.233.43.28	GoPhish	8080	Brazil	São Paulo	AS16509	AMAZON-02 - Amazon.com, Inc.	unknown	censys	2026-02-05_11-37-16
64.76.214.54	GoPhish	443	Colombia	Barrio San Luis	AS3549	LVLT-3549 - Level 3 Parent, LLC	unknown	censys	2026-02-05_09-07-13

Current snapshot link: https://github.com/ZoqueLabs/olim_datasets/tree/main/reports/2026-02-05_12-12-30