aurora.mx Open in urlscan Pro
142.93.144.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://aurora.mx/
Effective URL:
https://aurora.mx/mlogin.html
Submission: On May 09 via automatic, source openphish (May 9th 2022, 1:17:17 am UTC) — Scanned from CA

Summary HTTP 50 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 50 HTTP transactions. The main IP is 142.93.144.82, located in Toronto, Canada and belongs to DIGITALOCEAN-ASN, US. The main domain is aurora.mx.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on January 4th 2022. Valid for: a year.

This is the only time aurora.mx was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Huntington Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 46	142.93.144.82 142.93.144.82	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2620:1ec:40::40 2620:1ec:40::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	100.24.162.178 100.24.162.178	14618 (AMAZON-AES) (AMAZON-AES)
50	4

46 142.93.144.82 (Toronto, Canada) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: xpcp19003.xpress.com.mx

aurora.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:40::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

media-us1.digital.nuance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 100.24.162.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-162-178.compute-1.amazonaws.com

mef957.dynatrace-managed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	aurora.mx 2 redirects aurora.mx	2 MB
3	nuance.com media-us1.digital.nuance.com — Cisco Umbrella Rank: 12267	145 KB
2	dynatrace-managed.com mef957.dynatrace-managed.com — Cisco Umbrella Rank: 269829	1 KB
0	Failed function sub() { [native code] }. Failed
50	4

	Domain	Requested by
46	aurora.mx	2 redirects aurora.mx
3	media-us1.digital.nuance.com	aurora.mx
2	mef957.dynatrace-managed.com	aurora.mx
0	hfgbpkkdodfihabamnkhoaeamkdhnoec Failed	aurora.mx
50	4

This site contains links to these domains. Also see Links.

Domain
outdatedbrowser.com
www.huntington-ir.com
pages.huntington-email.com
redirect.hbgo.mobi
selfservice.huntington.com
cms.huntington.com
huntingtoncc.fdecs.com
escrowsolutions.huntington.com
myapps.paychex.com
ht.businessonlinepayroll.com
investor.wealthscape.com
login2.fisglobal.com
go-retire.com
www.govone.com
huntington-ir.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.aurora.mx AlphaSSL CA - SHA256 - G2	`2022-01-04` - `2023-02-05`	a year	crt.sh
*.digital.nuance.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-10-12` - `2022-10-12`	a year	crt.sh
mef957.dynatrace-managed.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://aurora.mx/mlogin.html
Frame ID: DF75792A3F07EBAF2979667C33244C94
Requests: 26 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/nuanceChat.html
Frame ID: 16F04FEC5C103D55D5F3DAF748534342
Requests: 14 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/activityi.html
Frame ID: 3F907D741782AB76B4599429886A413E
Requests: 2 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/activityi(1).html
Frame ID: DE55604C8A1FA9A11FA605A8A6AE31AD
Requests: 2 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/up.html
Frame ID: 18A0E0F677F18AB178B559F63017DC24
Requests: 2 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/pixel.html
Frame ID: 33C353F61EA3F5B402462D1F59CB4003
Requests: 1 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/pixel(1).html
Frame ID: 0EEC800776608D36B36B52AEBEB46800
Requests: 1 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/pixel(2).html
Frame ID: 84CECAB73BE558C7962233149B0BAA7C
Requests: 1 HTTP requests in this frame

Frame: https://aurora.mx/mlogin_files/postToServer.min.html
Frame ID: 211E34BA04F2FE0DC0F006AF31C4245F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mobile Banking Login | Huntington BankChat with a bankerClose FlagSearchVisit Huntington's Facebook pageVisit Huntington's Twitter feedVisit Huntington's Instagram pageVisit Huntington's YouTube pageVisit Huntington's LinkedIn pageFAB_AskUs

Page URL History Show full URLs

http://aurora.mx/ HTTP 301
https://aurora.mx/ HTTP 302
https://aurora.mx/mlogin.html Page URL

Page Statistics

50
Requests

98 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1758 kB
Transfer

2182 kB
Size

6
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: http://outdatedbrowser.com/
Title: Upgrade your browser

Search URL Search Domain Scan URL

URL: http://www.huntington-ir.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://pages.huntington-email.com/page.aspx?QS=c76003443ff9837d789f6f72fadb8d969a48c977aab19627
Title: Email Unsubscribe

Search URL Search Domain Scan URL

URL: http://redirect.hbgo.mobi/
Title: Download

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/account/forgotusername
Title: Forgot Username?

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/default/ForgotPassword/3
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/default/Enrollment/3
Title: Enroll Now

Search URL Search Domain Scan URL

URL: https://cms.huntington.com/
Title: Asset Based Lending

Search URL Search Domain Scan URL

URL: https://huntingtoncc.fdecs.com/
Title: Commercial eCustomerService

Search URL Search Domain Scan URL

URL: https://escrowsolutions.huntington.com/aews
Title: Escrow Solutions

Search URL Search Domain Scan URL

URL: https://myapps.paychex.com/landing_remote/login.do?TYPE=33554433&REALMOID=06-fd3ba6b8-7a2f-1013-ba03-83af2ce30cb3&GUID&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=09PZJoiHr8jiAF1z4DL6SopY5OyRzoKSeZ4yIhpJe7nkRdeIwtlMrg0rd7X3FRDM&TARGET=-SM-https%3a%2f%2fmyapps.paychex.com%2f
Title: Payroll - Paychex

Search URL Search Domain Scan URL

URL: https://ht.businessonlinepayroll.com/SPF/login/ee_auth.aspx
Title: Payroll - SurePayroll

Search URL Search Domain Scan URL

URL: https://investor.wealthscape.com/huntington/
Title: Online Investments

Search URL Search Domain Scan URL

URL: https://login2.fisglobal.com/idp/HUNTRPWL/?ClientID=WebLinkUI
Title: Online Trust

Search URL Search Domain Scan URL

URL: https://go-retire.com/huntington
Title: Retirement Plan Portal

Search URL Search Domain Scan URL

URL: https://www.govone.com/TPP/huntington/Account/Logon
Title: Smart Tax

Search URL Search Domain Scan URL

URL: http://huntington-ir.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/HuntingtonBank
Title: Visit Huntington's Facebook page

Search URL Search Domain Scan URL

URL: https://twitter.com/Huntington_Bank
Title: Visit Huntington's Twitter feed

Search URL Search Domain Scan URL

URL: https://www.instagram.com/huntingtonbank/?hl=en
Title: Visit Huntington's Instagram page

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/HuntingtonBank
Title: Visit Huntington's YouTube page

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntington-national-bank
Title: Visit Huntington's LinkedIn page

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://aurora.mx/ HTTP 301
https://aurora.mx/ HTTP 302
https://aurora.mx/mlogin.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request mlogin.html Show response
aurora.mx/
Redirect Chain

http://aurora.mx/
https://aurora.mx/
https://aurora.mx/mlogin.html

151 KB
152 KB

20ms
20ms

Document
text/html

142.93.144.82
DIGITALOCEAN-ASN

General

Domain/Path	Expires	Name / Value
.aurora.mx/	1970-01-20 20:26:57	Name: rxVisitor Value: 16520590302198G51SJG7202MDOU5N4UTCSQU31P3PR4O
.aurora.mx/	1969-12-31 23:59:59	Name: dtSa Value: -
.aurora.mx/	1969-12-31 23:59:59	Name: dtLatC Value: 24
.aurora.mx/	1969-12-31 23:59:59	Name: rxvt Value: 1652060830522\|1652059030224
.aurora.mx/	1969-12-31 23:59:59	Name: dtPC Value: -21$259030131_567h-vELCKJURDCAGLKADAWBFGBCSPPKDPTIFU-0e1
.aurora.mx/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_3_sn_VHNIKO1AEK7KTS1AB8L2JU61P7EOMO9C_app-3A0bd76d7cc9264013_1_ol_0_perc_100000_mul_1

Source	Level	URL Text
network	error	URL: chrome-extension://hfgbpkkdodfihabamnkhoaeamkdhnoec/app/site/site.min.css Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://aurora.mx/mlogin_files/sp.pl(1).download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/mlogin_files/sp.pl.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-700.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-300.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-600.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/HuntingtonApexWeb-Medium.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-700.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-300.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/muli-v11-latin-600.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://aurora.mx/fonts/HuntingtonApexWeb-Medium.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/muli-v11-latin-600.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/HuntingtonApexWeb-Bold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/HuntingtonApexWeb-Medium.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/muli-v11-latin-700.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/muli-v11-latin-300.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://aurora.mx/mlogin.html Message: The resource https://aurora.mx/css/HuntingtonApexWeb-MediumCaps.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

aurora.mx Open in urlscan Pro 142.93.144.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

50 Requests

98 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1758 kBTransfer

2182 kBSize

6 Cookies

22 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

aurora.mx Open in urlscan Pro
142.93.144.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

98 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1758 kB
Transfer

2182 kB
Size

6
Cookies

50 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!