unifikas.orkli.com
Open in
urlscan Pro
212.142.224.37
Malicious Activity!
Public Scan
Submitted URL: https://unifikas.orkli.com//CAE/CAE/Orders/ActOrdersDetail.aspx
Effective URL: https://unifikas.orkli.com/COM/LoginFBA.aspx
Submission: On June 12 via manual from ES — Scanned from ES
Effective URL: https://unifikas.orkli.com/COM/LoginFBA.aspx
Submission: On June 12 via manual from ES — Scanned from ES
Summary
This website contacted 2 IPs
in 1 countries
across 1 domains to perform 11 HTTP transactions.
The main IP is 212.142.224.37, located in
Donostia / San Sebastian, Spain and
belongs to EUSKALTEL, ES.
The main domain is unifikas.orkli.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on January 11th 2024. Valid for: a year.
This is the only time unifikas.orkli.com was scanned on urlscan.io!
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on January 11th 2024. Valid for: a year.
This is the only time unifikas.orkli.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 12 | 212.142.224.37 212.142.224.37 | 12338 (EUSKALTEL) (EUSKALTEL) | |
| 11 | 2 |
12
212.142.224.37
(Donostia / San Sebastian, Spain)
ASN12338 (EUSKALTEL, ES)
PTR: 37.212-142-224.static.clientes.euskaltel.es
ASN12338 (EUSKALTEL, ES)
PTR: 37.212-142-224.static.clientes.euskaltel.es
| unifikas.orkli.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
orkli.com
2 redirects
unifikas.orkli.com |
166 KB |
| 11 | 1 |
| Domain | Requested by | |
|---|---|---|
| 12 | unifikas.orkli.com |
2 redirects
unifikas.orkli.com
|
| 11 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.orkli.com GeoTrust TLS RSA CA G1 |
2024-01-11 - 2025-02-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://unifikas.orkli.com/COM/LoginFBA.aspx
Frame ID: ACE18E05EE08F3EB3FED84135A34B97D
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
LogIn - UnifikasPage URL History Show full URLs
-
https://unifikas.orkli.com//CAE/CAE/Orders/ActOrdersDetail.aspx
HTTP 302
https://unifikas.orkli.com/COM/Login.aspx?data=IMPXNOnu5WVo9tczEEyJfZ_w0XirZ0tll6Qhb-HQ1UEaF1S18htZnyOd... HTTP 302
https://unifikas.orkli.com/COM/LoginFBA.aspx Page URL
Detected technologies
Microsoft ASP.NET
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.aspx?(?:$|\?)
- <input[^>]+name="__VIEWSTATE
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://unifikas.orkli.com//CAE/CAE/Orders/ActOrdersDetail.aspx
HTTP 302
https://unifikas.orkli.com/COM/Login.aspx?data=IMPXNOnu5WVo9tczEEyJfZ_w0XirZ0tll6Qhb-HQ1UEaF1S18htZnyOdsjgi0GQBOvXJm_7ZfSNp4937Kmfr65OPqnO-0eVDgVgY0OpLXgYWLy5rxZE7Zb0MHtfa4z79 HTTP 302
https://unifikas.orkli.com/COM/LoginFBA.aspx Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
LoginFBA.aspx
unifikas.orkli.com/COM/ Redirect Chain
|
15 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Style.css.aspx
unifikas.orkli.com/_Style/ |
165 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
WebResource.axd
unifikas.orkli.com/ |
23 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Common.js
unifikas.orkli.com/_Scripts/ |
164 KB 41 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ScriptResource.axd
unifikas.orkli.com/ |
86 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ScriptResource.axd
unifikas.orkli.com/ |
36 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppLogoWhite.png
unifikas.orkli.com/_Images/MasterPage/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Micro.png
unifikas.orkli.com/_Images/Interface/ |
440 B 973 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v30-latin-300.woff2
unifikas.orkli.com/_Fonts/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v30-latin-700.woff2
unifikas.orkli.com/_Fonts/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
unifikas.orkli.com/ |
1 KB 0 |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)214 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| detectIE11OrOlder function| FindElement function| AddEvent function| ElementGetTransformationMatrix function| ElementGeometry function| ElementFocus function| WindowHeight function| WindowWidth function| WindowScroll function| WindowScrollTop function| WindowScrollLeft function| ElementAddClass function| ElementHasClass function| ElementDelClass function| ElementToggleClass function| FadeIn function| FadeOut function| ToggleFade function| ElementVerticalScale_GetWrapper function| ElementVerticalScaleFade function| ElementVerticalExpandFadeIn function| ElementVerticalCollapseFadeOut function| Show function| EquateHeight function| stripHtml function| htmlEscape function| htmlUnescape function| FileName_GetTitle function| GetParentByTagName function| AllCheckboxChecked function| ElementRemove function| ElementGetCaretPosition function| ElementSetCaretPosition function| CheckKey function| ClearSelection function| Label_FocusForElement function| AddLoadingOverlay function| DelLoadingOverlay object| UserResizableElement object| TextboxSpeechRecognition function| CheckUpdatePanelError function| FilterKeys boolean| g_isSubmit boolean| g_isMenuChange function| frmMaster_OnSubmit function| ExitConfirmation_Load function| isDirty function| setDirty function| markDirty function| cleanDirty function| markMenuChange function| messageExitConfirmation function| hasExitConfirmation function| confirmLogout function| ExitConfirmation_Check function| ExitConfirmation_LinkClick function| CtrOffline_Show function| CtrOffline_Hide function| CtrCurrentUserInfo_CopyLink function| CtrMenu_FocusFirstActivity function| CtrMenu_Close function| CtrMenu_ToggleItem function| CM_TI function| CtrMenu_KeyPress function| CM_KP function| CtrMenu_Hide function| SideMenu_Init function| TextBox_ApplyMaxLenght function| TextBox_KeyPressMaxLenght function| TextBox_KeyUpMaxLenght function| TextBox_MouseUpMaxLenght function| TextBox_GetValue function| TextBox_SetValue function| TextBox_SetEnabled function| TextBox_BindOnChange function| GridView_CheckElementInsideGrid function| GridView_ChangeActiveRow function| GridView_RowMouseDown function| GridView_MultiSelCheckMouseDown function| GridView_MultiSelCheckClick function| GridView_MultiSelRowMouseDown function| GridView_PreDoubleClick function| GridView_GetRowId function| GridView_GetCheckId function| GridView_IsRowSelected function| GridView_SelectRow function| GridView_DeselectRow function| GridView_ActiveRow function| GridView_DeactiveRow function| GridView_OnkeyDown function| CalendarInputField_HideCalendar function| CalendarInputField_OnKeyDown function| CalendarInputField_Clean function| DropDownPanel_Init function| DropDownPanel_Toggle function| DropDownPanel_Hide function| DropDownPanel_SetText function| DropDownPanel_SetTexts function| DropDownPanel_OnBlur function| DropDownList_GetItems function| DropDownList_GetSelection function| DropDownList_SetSelection function| DropDownList_Click function| DDL_C function| DropDownList_Multiselection_BuildSelection function| DropDownList_Multiselection_CheckItem function| DDL_M_CI function| DropDownList_GetValue function| DropDownList_GetText function| DropDownList_BindOnchange function| BaseDropDown_GetValue function| BaseDropDown_GetText function| BaseDropDown_BindOnchange function| CtrCheckYesNo_GetValue function| CtrCheckYesNo_BindOnChange function| NumericTextBox_Integer_Input function| NumericTextBox_Decimal_Input function| NumericTextBox_GetValue function| CommonFindControl_GetInfo function| CommonFindControl_SetInfo function| CommonFindControl_Hide function| CommonFindControl_Show function| CommonFindControl_CanAccept function| CommonFindControl_SetTextFromItem function| CommonFindControl_KeyUp function| CommonFindControl_Focus function| CommonFindControl_Blur function| CommonFindControl_CallAutocompleteHandler function| CommonFindControl_AutoCompleteRender function| CommonFindControl_AutoCompleteClick function| CFC_ACC function| CommonFindControl_Reset function| CommonFindControl_GetValue function| CtrFileUpload_ChangeText function| CtrFileUpload_GetAndCopyFilename function| CtrFileUpload_Submit function| CtrFileUpload_Init object| RichTextEditor object| CtrTextBox object| CtrCards function| CtrLocalReportViewer_FixCollapsedImages object| TreeView function| DropDownTreeView_Init function| DropDownTreeView_Changed function| PanelExpander_Toggle object| GraphTreeView function| DropDownGraphTree_Init function| DropDownGraphTree_MouseDown object| UrlTextBox object| EmailTextBox object| PDFViewer function| ChecklistLineIcons_ExpanderClick function| CtrPeriod_TextChanged function| CtrPeriod_DdlChanged function| CtrScribbleSignature_Init boolean| firstClick function| SetCoordinates function| getOffset boolean| EnableExitConfirmation object| ExitConfirmation_PreviousOnBeforeUnload number| ServiceWorkerVersion object| __cultureInfo function| $get function| $create function| $addHandler function| $addHandlers function| $clearHandlers object| Sys function| Type function| $removeHandler object| _events function| $find function| SpeechRecognition10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| unifikas.orkli.com/_Images/MasterPage | Name: Value: secure |
|
| unifikas.orkli.com/_Images/Interface | Name: Value: secure |
|
| unifikas.orkli.com//CAE/CAE/Orders | Name: Value: secure |
|
| unifikas.orkli.com/_Scripts | Name: Value: secure |
|
| unifikas.orkli.com/_Style | Name: Value: secure |
|
| unifikas.orkli.com/_Fonts | Name: Value: secure |
|
| unifikas.orkli.com/COM | Name: Value: secure |
|
| unifikas.orkli.com/ | Name: UnifikasSettings Value: {} |
|
| unifikas.orkli.com/ | Name: UnifikasSession Value: d619056f361a494b8bdb258d51dd7cf4 |
|
| unifikas.orkli.com/ | Name: Value: secure |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests;base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
unifikas.orkli.com
212.142.224.37
2f55ddaf2f9ae28afc58aa9c1b8b6097d4028aa205755dec866bec22bb593d43
3842b063705286e729befd4832755eb4aa7df42d505201c7ea76b19517b46ac9
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
7b6014ce602e1be7e3e51eeaefaed81b0de886c767044c7cb2bfed866cb76370
9fc461b8d874178739028ab5c62d7403938516d2866140006bcd7887594c0ade
e738422009383d326b5cb783bfa8b7d55212b9db8b0a22168106722aaf3363e2
ef44dcf90eb3406f1e90a8d6a18b9d58ff57d1e2183719a7ccdebb6d04a64a1b
f0741b4855748955122818ec07640239db6192a6750724ad757e8eb67fce8ad6
f1d2a34f883d83fe764db7fa3b17845cfd31f81ccd1426129111cde47437ad0a
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef