www.clicknew.ir Open in urlscan Pro
185.140.12.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.clicknew.ir/KeyBank/index.php
Submission: On August 30 via manual (August 30th 2017, 12:21:51 pm UTC) from US

Summary HTTP 9 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 185.140.12.111, located in Iran, Islamic Republic Of and belongs to MAJDICT, IR. The main domain is www.clicknew.ir.

This is the only time www.clicknew.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: KeyBank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	185.140.12.111 185.140.12.111		202663 (MAJDICT) (MAJDICT)
9	1

9 185.140.12.111 (Iran, Islamic Republic Of)

ASN202663 (MAJDICT, IR)

www.clicknew.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	clicknew.ir www.clicknew.ir	364 KB
9	1

	Domain	Requested by
9	www.clicknew.ir	www.clicknew.ir
9	1

This site contains links to these domains. Also see Links.

Domain
www.key.com

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://www.clicknew.ir/KeyBank/index.php
Frame ID: 24643.1
Requests: 6 HTTP requests in this frame

Frame: http://www.clicknew.ir/KeyBank/index/index_1.html
Frame ID: 24643.2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

364 kB
Transfer

614 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.key.com/about/customer-service/key-bank-customer-service.jsp
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response www.clicknew.ir/KeyBank/	10 KB 3 KB	208ms 110ms	Document text/html	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / PHP/5.6.24 Resource Hash `42b50313acc3d69a70beb98c2eaa8167ce1ff7d3a353341badfce87d52a9e4e9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips X-Powered-By PHP/5.6.24 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 2946
GET H/1.1	200 OK	index.css www.clicknew.ir/KeyBank/index/	200 KB 36 KB	113ms 113ms	Stylesheet text/css	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index/index.css Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `bdb63a5a446100c40efb5c0bba67c55d2c690ab4ee1ec17419933efef50d58db` Request headers Referer http://www.clicknew.ir/KeyBank/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Last-Modified Tue, 01 Aug 2017 09:05:20 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "321b8-555ad725db400-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 37086
GET H/1.1	404 ÙØ¬ÙÙØ¹Ù Ù¾ÛØ¯Ø§ ÙØ´Ø¯	index_1.html Show response www.clicknew.ir/KeyBank/index/ Frame 2464	2 KB 883 B	606ms 470ms	Document text/html	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index/index_1.html Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / PHP/5.6.24 Resource Hash `a9f899de2cd258669df7fcd5e8cde72639e3a938ac95d4106875c4a3b478079d` Request headers Upgrade-Insecure-Requests 1 Referer http://www.clicknew.ir/KeyBank/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Pragma no-cache Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips X-Powered-By PHP/5.6.24 Vary Accept-Encoding,User-Agent P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-cache Connection Keep-Alive Content-Type text/html; charset=utf-8 Keep-Alive timeout=2, max=100 Content-Length 883
GET H/1.1	200 OK	background_default_day.jpg www.clicknew.ir/KeyBank/index/	164 KB 164 KB	96ms 95ms	Image image/jpeg	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Show image Full URL http://www.clicknew.ir/KeyBank/index/background_default_day.jpg Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `1852ed09096f64de76acfd4f0c4912b06b306911cf2752d925bb8ffb6dbc8688` Request headers Referer http://www.clicknew.ir/KeyBank/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Last-Modified Tue, 01 Aug 2017 09:05:20 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "28e74-555ad725db400" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Content-Length 167540
GET H/1.1	200 OK	keybank-icons.ttf www.clicknew.ir/KeyBank/index/	144 KB 69 KB	216ms 111ms	Font application/x-font-ttf	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index/keybank-icons.ttf Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `d71384cf0cc3bd3d055caa8a56877e345cc49e1febd963e3e6fb854062b72b74` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Referer http://www.clicknew.ir/KeyBank/index/index.css Origin http://www.clicknew.ir Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Last-Modified Tue, 01 Aug 2017 09:05:20 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "23ff0-555ad725db400-gzip" Vary Accept-Encoding,User-Agent Content-Type application/x-font-ttf Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100
GET H/1.1	200 OK	530dee22-e3c1-4e9f-bf62-c31d510d9656.woff www.clicknew.ir/KeyBank/index/	55 KB 54 KB	280ms 145ms	Font application/x-font-woff	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index/530dee22-e3c1-4e9f-bf62-c31d510d9656.woff Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `1e1ac677a9e917935dcd25ca6300c1f038c1fcc3cb82ec79eb64a844e16fa828` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Referer http://www.clicknew.ir/KeyBank/index/index.css Origin http://www.clicknew.ir Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Last-Modified Tue, 01 Aug 2017 09:05:20 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "dda0-555ad725db400-gzip" Vary Accept-Encoding,User-Agent Content-Type application/x-font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 55469
GET H/1.1	200 OK	14ff6081-326d-4dae-b778-d7afa66166fc.woff www.clicknew.ir/KeyBank/index/	37 KB 37 KB	278ms 146ms	Font application/x-font-woff	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/KeyBank/index/14ff6081-326d-4dae-b778-d7afa66166fc.woff Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index.php Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `90973db3f26fe86b648ec735f3183b44902e5cedf2b1a042402bac39da70404f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Referer http://www.clicknew.ir/KeyBank/index/index.css Origin http://www.clicknew.ir Response headers Date Wed, 30 Aug 2017 12:23:16 GMT Content-Encoding gzip Last-Modified Tue, 01 Aug 2017 09:05:20 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "92b8-555ad725db400-gzip" Vary Accept-Encoding,User-Agent Content-Type application/x-font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 37391
GET H/1.1	200 OK	error.css www.clicknew.ir/templates/system/css/ Frame 2464	1 KB 595 B	138ms 137ms	Stylesheet text/css	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/templates/system/css/error.css Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index/index_1.html Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `0db9c7323261bf7b5a33266bffb06c544ad759d86ff7a35adb304e30421c9125` Request headers Referer http://www.clicknew.ir/KeyBank/index/index_1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 30 Aug 2017 12:23:17 GMT Content-Encoding gzip Last-Modified Thu, 06 Feb 2014 15:07:14 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "5a3-4f1be3a7a0c80-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 595
GET H/1.1	200 OK	error_rtl.css www.clicknew.ir/templates/system/css/ Frame 2464	328 B 231 B	187ms 94ms	Stylesheet text/css	185.140.12.111 MAJDICT
General Check archive.org Show headers Download Go to Full URL http://www.clicknew.ir/templates/system/css/error_rtl.css Requested by Host: www.clicknew.ir URL: http://www.clicknew.ir/KeyBank/index/index_1.html Protocol HTTP/1.1 Server 185.140.12.111 , Iran, Islamic Republic Of, ASN202663 (MAJDICT, IR), Reverse DNS Software Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips / Resource Hash `185a4e2cd754bc706cd25ef80d2a94838b7507c23f264e0e574ecb896bf9ad65` Request headers Referer http://www.clicknew.ir/KeyBank/index/index_1.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 30 Aug 2017 12:23:17 GMT Content-Encoding gzip Last-Modified Thu, 06 Feb 2014 15:07:14 GMT Server Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips ETag "148-4f1be3a7a0c80-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 231

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: KeyBank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.clicknew.ir/	1970-01-01 00:00:00	Name: a7359cf7fa65a6db208821da40c8fdd7 Value: 797j70mr8urqboum1099b6deq4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.clicknew.ir
185.140.12.111
0db9c7323261bf7b5a33266bffb06c544ad759d86ff7a35adb304e30421c9125
1852ed09096f64de76acfd4f0c4912b06b306911cf2752d925bb8ffb6dbc8688
185a4e2cd754bc706cd25ef80d2a94838b7507c23f264e0e574ecb896bf9ad65
1e1ac677a9e917935dcd25ca6300c1f038c1fcc3cb82ec79eb64a844e16fa828
42b50313acc3d69a70beb98c2eaa8167ce1ff7d3a353341badfce87d52a9e4e9
90973db3f26fe86b648ec735f3183b44902e5cedf2b1a042402bac39da70404f
a9f899de2cd258669df7fcd5e8cde72639e3a938ac95d4106875c4a3b478079d
bdb63a5a446100c40efb5c0bba67c55d2c690ab4ee1ec17419933efef50d58db
d71384cf0cc3bd3d055caa8a56877e345cc49e1febd963e3e6fb854062b72b74

www.clicknew.ir Open in urlscan Pro 185.140.12.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

364 kBTransfer

614 kBSize

1 Cookies

1 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.clicknew.ir Open in urlscan Pro
185.140.12.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

364 kB
Transfer

614 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!