Infection Report IP 31.40.6.40 (Mehr Ava Gostar Parsian Information Engineering Co)

Botnet

APT Stuxnet

Date

2015-03-01 07:03:55

IP

31.40.6.40

Domain

www.mypremierfutbol.com

User Agent

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/index.php?data=66a96e28946ae06bd5d79f3cc56200481bb53bd76e607407dd29715e42e43f9a5390d443f2a7645fa21d659d3fb4a877e8629ba48291a374c7cb908e5a08ac56c6983db9e07b14f74d8d993fb5a8688d498b91baa9e542838ea1bd

OS

Windows XP

Browser

IE 6.0

Port

1041

Threat

1

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-02-22 03:02:16

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49349

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-02-18 08:02:11

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1093

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-02-07 11:02:53

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1126

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-01-31 04:01:11

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1121

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-01-24 12:01:32

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49180

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-01-22 08:01:25

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49210

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-01-21 04:01:23

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1090

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2015-01-19 04:01:46

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1116

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-12-22 04:12:10

IP

31.40.6.40

Domain

www.ceylanogullari.com

User Agent

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/logof.gif?449148=22468200

OS

Windows XP

Browser

IE 7.0

Port

2522

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-12-18 05:12:12

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1064

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-12-17 07:12:26

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1095

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-12-17 10:12:44

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1137

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-12-12 07:12:50

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1185

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality P2P

Date

2014-12-07 12:12:20

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

59153

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Sality

Date

2014-11-29 02:11:45

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1309

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-22 07:11:27

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1890

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-17 05:11:24

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49174

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-16 11:11:56

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1110

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-13 01:11:25

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49308

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-11 08:11:07

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1094

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-10 09:11:03

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49273

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-09 03:11:21

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1077

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-08 07:11:13

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1168

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-11-02 10:11:54

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1292

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-31 09:10:58

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49308

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality P2P

Date

2014-10-29 07:10:26

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

1229

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Sality

Date

2014-10-29 07:10:10

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1072

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-21 06:10:01

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49297

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-16 02:10:33

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

55367

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality P2P

Date

2014-10-15 08:10:07

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

3875

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Sality P2P

Date

2014-10-15 08:10:20

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

3801

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Sality

Date

2014-10-15 07:10:27

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

3267

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-14 02:10:00

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

58737

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-12 08:10:22

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1123

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-10-01 09:10:06

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1081

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-30 04:09:30

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49188

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-28 07:09:59

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1063

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-24 03:09:54

IP

31.40.6.40

Domain

noralvasanchez.com

User Agent

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/s.jpg?2508e6=16989770

OS

Windows XP

Browser

IE 7.0

Port

49572

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-21 05:09:47

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49191

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-18 11:09:04

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49289

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-14 04:09:15

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

2291

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-13 07:09:22

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1104

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-09-10 02:09:42

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1119

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-08-14 07:08:19

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1130

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-08-13 01:08:03

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49277

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-08-05 07:08:09

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49179

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality P2P

Date

2014-07-31 10:07:26

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

1338

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Sality

Date

2014-07-31 09:07:16

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1953

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-07-27 03:07:15

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49256

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-07-25 08:07:56

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1203

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-07-20 09:07:32

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

49402

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-07-18 04:07:15

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1268

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-07-10 07:07:21

IP

31.40.6.40

Domain

hzmksreiuojy.biz

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/ldr.php

OS

Other

Browser

Other

Port

1168

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-29 03:06:59

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49219

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-27 09:06:54

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1239

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-23 11:06:27

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49190

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-22 04:06:43

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

60640

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-21 10:06:33

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

50002

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-20 08:06:52

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49469

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-08 03:06:15

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

4439

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-06-04 01:06:21

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

2192

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-05-31 05:05:31

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

1817

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-05-28 07:05:42

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49432

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality

Date

2014-05-21 06:05:46

IP

31.40.6.40

Domain

ygiudewsqhct.in

User Agent

Mozilla/4.0

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/in.php

OS

Other

Browser

Other

Port

49354

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Botnet

Sality P2P

Date

2014-05-10 05:05:16

IP

31.40.6.40

Domain

69.195.140.124:9674 Active

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Bot Version

Network 3

Port

1261

Threat

1

Destination Port

9674

Type

P2P UDP

Access Count

1

Botnet

Bamital

Date

2014-01-28 08:01:58

IP

31.40.6.40

Domain

cdd3ff24c7f620244216a6de9ce62668.cz.cc

User Agent

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/message.php?subid=2418&br=IE_6.00&os=12&flg=8&id=501B83CE6E0C9A0EA6BE6AE5E795B7A6&ad=&ver=_if20

OS

Windows XP

Browser

IE 7.0

Port

1663

Threat

1

Type

HTTP

Access Count

1

Botnet

Sality

Date

2013-12-15 07:12:51

IP

31.40.6.40

Domain

noralvasanchez.com

User Agent

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.1.50700)

Country

Iran, Islamic Republic of

Organization

Mehr Ava Gostar Parsian Information Engineering Co

ISP

Mehr Ava Gostar Parsian Information Engineering Co

ASN

AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd

Latitude

28.5168

Longitude

53.2773

Request Path

/s.jpg?43ae2=1663308

OS

Windows XP

Browser

IE 7.0

Port

1139

Threat

1

Destination Port

80

Type

HTTP

Access Count

1

Infections	69 infection records
Date	Last infection 09 Mar 2015 - First infection 15 Dec 2013
IP Address	31.40.6.40
IP Location	IR - Iran, Islamic Republic of
ASN	AS56703 Mehr Ava Gostar Parsian Information Engineering Co.ltd - Mehr Ava Gostar Parsian Information Engineering Co

Total IP's	1
Infection Records	69

Total IP's	1
Infection Records	69

Infection Records 31.40.6.40