ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 185.139.230.87:3001.

Database Entry

IOC ID:	1775219
IOC:	185.139.230.87:3001
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	Unknown Stealer
Confidence Level :	Confidence level is high (90%)
Is compromised? :	False
ASN:	AS204548 CLOUDWEBMANAGE-IL-FR
Country:	IL
First seen:	2026-03-25 06:41:41 UTC
Last seen:	never
UUID:	abbf1106-27f2-11f1-9af6-42010aa4000a
Reporter	Lenny_3BO
Reward	5 credits from ThreatFox
Tags:	Electron ExaStealer stealer

Lenny_3BO

ExaStealer WebSocket C2 (ws://185.139.230.87:3001/ws). Express.js on Kamatera DE, Windows 11, RDP hostname letracanbaba-1. Confirmed via debug.log from HelloKittySMP Electron stealer detonation (0be40e881e13). 11 samples, all 0/76.