www.auth.haloworld.my.id Open in urlscan Pro
103.123.17.195 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.auth.haloworld.my.id/
Submission: On October 18 via automatic, source certstream-suspicious (October 18th 2024, 10:19:43 am UTC) — Scanned from DE

Summary HTTP 8 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 103.123.17.195, located in Indonesia and belongs to IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID. The main domain is www.auth.haloworld.my.id.
TLS certificate: Issued by R11 on October 16th 2024. Valid for: 3 months.

This is the only time www.auth.haloworld.my.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	103.123.17.195 103.123.17.195	138069 (IDNIC-CIT...) (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI)
3	104.21.234.234 104.21.234.234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

5 103.123.17.195 (Indonesia)

ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID)
PTR: etna.scxserver.com

www.auth.haloworld.my.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
auth.haloworld.my.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.21.234.234 (None, )

ASN13335 (CLOUDFLARENET, US)

rsms.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	haloworld.my.id www.auth.haloworld.my.id auth.haloworld.my.id	64 KB
3	rsms.me rsms.me — Cisco Umbrella Rank: 9083	340 KB
8	2

	Domain	Requested by
4	auth.haloworld.my.id	www.auth.haloworld.my.id
3	rsms.me	www.auth.haloworld.my.id rsms.me client
1	www.auth.haloworld.my.id
8	3

This site contains links to these domains. Also see Links.

Domain
auth.haloworld.my.id

Subject Issuer	Validity	Valid
auth.haloworld.my.id R11	`2024-10-16` - `2025-01-14`	3 months	crt.sh
rsms.me WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.auth.haloworld.my.id/
Frame ID: CE01C63188116016D6B9E7CDEFFEC1FB
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in

Detected technologies

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

404 kB
Transfer

1423 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://auth.haloworld.my.id/auth

Search URL Search Domain Scan URL

URL: https://auth.haloworld.my.id/auth/forgot_password
Title: Forgot password?

Search URL Search Domain Scan URL

URL: https://auth.haloworld.my.id/auth/register
Title: Sign up

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.auth.haloworld.my.id/	8 KB 3 KB	904ms 196ms	Document text/html	103.123.17.195 IDNIC-CITRAHOST-I...
General Check archive.org Show headers Download Go to Full URL https://www.auth.haloworld.my.id/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.123.17.195 , Indonesia, ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID), Reverse DNS etna.scxserver.com Software LiteSpeed / Resource Hash `69dccee2dc7963e12a979f7871548622cd3f98b672d6be6b951808754d722d70` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Fri, 18 Oct 2024 10:19:36 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding
GET H2	200	tabler.min.css auth.haloworld.my.id/assets/css/	530 KB 60 KB	482ms 189ms	Stylesheet text/css	103.123.17.195 IDNIC-CITRAHOST-I...
General Check archive.org Show headers Download Go to Full URL https://auth.haloworld.my.id/assets/css/tabler.min.css Requested by Host: www.auth.haloworld.my.id URL: https://www.auth.haloworld.my.id/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.123.17.195 , Indonesia, ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID), Reverse DNS etna.scxserver.com Software LiteSpeed / Resource Hash `5fd4644c1d24a600b7bf3c9997c39a43793a2c2ae07f196a3a4d0b7a870a046d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 25 Oct 2024 10:19:37 GMT accept-ranges bytes content-length 61534 date Fri, 18 Oct 2024 10:19:37 GMT content-type text/css last-modified Tue, 27 Aug 2024 10:04:01 GMT vary Accept-Encoding server LiteSpeed
GET H3	200	inter.css rsms.me/inter/	7 KB 1 KB	374ms 26ms	Stylesheet text/css	104.21.234.234 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rsms.me/inter/inter.css Requested by Host: www.auth.haloworld.my.id URL: https://www.auth.haloworld.my.id/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.234.234 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers x-fastly-request-id b091f9605e8a053b8158d3e394539c2e8a99c5ab content-encoding gzip cf-cache-status HIT etag W/"6601abff-1b8d" age 170 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmURWZ46CuaitIK8T%2FkJ9jazj0exa9q%2BvjHg%2BGtMaUlfaDEvsxmytQTlhFvwY8XU5%2FcKZVXG7vdz%2F%2Fc0QPczr7IRi%2B%2B87RfxA8qCwetuQDKf5ycOd4IvDb03"}],"group":"cf-nel","max_age":604800} x-github-request-id 5815:3754EB:2796E51:28B9783:670DED24 expires Wed, 18 Sep 2024 02:56:42 GMT x-proxy-cache MISS alt-svc h3=":443"; ma=86400 x-cache HIT date Fri, 18 Oct 2024 10:19:37 GMT content-type text/css; charset=utf-8 x-served-by cache-lin1730074-LIN x-cache-hits 1 last-modified Mon, 25 Mar 2024 16:53:19 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-timer S1729027445.228519,VS0,VE1 via 1.1 varnish cf-ray 8d47ca89586e6951-FRA accept-ranges bytes access-control-allow-origin * content-length 712 x-origin-cache HIT server cloudflare
GET H2	200	logo.svg auth.haloworld.my.id/assets/img/	3 KB 1 KB	853ms 561ms	Image image/svg+xml	103.123.17.195 IDNIC-CITRAHOST-I...
General Check archive.org Show headers Download Go to Show image Full URL https://auth.haloworld.my.id/assets/img/logo.svg Requested by Host: www.auth.haloworld.my.id URL: https://www.auth.haloworld.my.id/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.123.17.195 , Indonesia, ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID), Reverse DNS etna.scxserver.com Software LiteSpeed / Resource Hash `455b7ed1a406b7ccfa76ecf515431f2d7801a3ab1fc5268104fcd96963aef06e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 25 Oct 2024 10:19:37 GMT accept-ranges bytes content-length 1214 date Fri, 18 Oct 2024 10:19:37 GMT content-type image/svg+xml last-modified Tue, 27 Aug 2024 10:04:01 GMT vary Accept-Encoding server LiteSpeed
GET H3	200	InterVariable.woff2 rsms.me/inter/font-files/	337 KB 338 KB	38ms 24ms	Font font/woff2	104.21.234.234 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rsms.me/inter/font-files/InterVariable.woff2?v=4.0 Requested by Host: rsms.me URL: https://rsms.me/inter/inter.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.234.234 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://www.auth.haloworld.my.id Referer https://rsms.me/inter/inter.css Response headers x-fastly-request-id 21b0fcc697ae7a6bf1112f6637e4c6c7da336ca7 cf-cache-status MISS etag "6601abff-545f4" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wef2N%2BwX7ez8NcmGRAyTBv%2FtuD0AG353ja60ZFxRLdIxBjcwrP621t2DhTy7LM43bCQDpBjbbh6l%2FNsxrPQik62SPl6JRj4Ia9PbnXU8QKFyOdW8Vw566adF"}],"group":"cf-nel","max_age":604800} x-github-request-id A00B:35F2F4:6EED87:723949:66F2654C expires Tue, 24 Sep 2024 07:17:57 GMT x-proxy-cache MISS alt-svc h3=":443"; ma=86400 x-cache HIT server-timing cfExtPri date Fri, 18 Oct 2024 10:19:38 GMT content-type font/woff2 x-served-by cache-fra-eddf8230103-FRA x-cache-hits 3 last-modified Mon, 25 Mar 2024 16:53:19 GMT vary Accept-Encoding cache-control max-age=2678400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-timer S1729246778.381262,VS0,VE1 via 1.1 varnish cf-ray 8d47ca8cd8439295-FRA accept-ranges bytes access-control-allow-origin * content-length 345588 x-origin-cache HIT server cloudflare
GET H2	200	tabler.min.css auth.haloworld.my.id/assets/css/	530 KB 0	1ms 0ms	Stylesheet text/css	103.123.17.195 IDNIC-CITRAHOST-I...
General Check archive.org Show headers Download Go to Full URL https://auth.haloworld.my.id/assets/css/tabler.min.css Requested by Host: www.auth.haloworld.my.id URL: https://www.auth.haloworld.my.id/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.123.17.195 , Indonesia, ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID), Reverse DNS etna.scxserver.com Software LiteSpeed / Resource Hash `5fd4644c1d24a600b7bf3c9997c39a43793a2c2ae07f196a3a4d0b7a870a046d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 25 Oct 2024 10:19:37 GMT accept-ranges bytes content-length 61534 date Fri, 18 Oct 2024 10:19:37 GMT content-type text/css last-modified Tue, 27 Aug 2024 10:04:01 GMT vary Accept-Encoding server LiteSpeed
GET H3	200	inter.css rsms.me/inter/	7 KB 0	0ms 0ms	Stylesheet text/css	104.21.234.234 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rsms.me/inter/inter.css Requested by Host: client URL: about:client Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.234.234 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers x-fastly-request-id b091f9605e8a053b8158d3e394539c2e8a99c5ab content-encoding gzip cf-cache-status HIT etag W/"6601abff-1b8d" age 170 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmURWZ46CuaitIK8T%2FkJ9jazj0exa9q%2BvjHg%2BGtMaUlfaDEvsxmytQTlhFvwY8XU5%2FcKZVXG7vdz%2F%2Fc0QPczr7IRi%2B%2B87RfxA8qCwetuQDKf5ycOd4IvDb03"}],"group":"cf-nel","max_age":604800} x-github-request-id 5815:3754EB:2796E51:28B9783:670DED24 expires Wed, 18 Sep 2024 02:56:42 GMT x-proxy-cache MISS alt-svc h3=":443"; ma=86400 x-cache HIT date Fri, 18 Oct 2024 10:19:37 GMT content-type text/css; charset=utf-8 x-served-by cache-lin1730074-LIN x-cache-hits 1 last-modified Mon, 25 Mar 2024 16:53:19 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-timer S1729027445.228519,VS0,VE1 via 1.1 varnish cf-ray 8d47ca89586e6951-FRA accept-ranges bytes access-control-allow-origin * content-length 712 x-origin-cache HIT server cloudflare
GET H2	200	logo-small.svg auth.haloworld.my.id/assets/img/	602 B 423 B	190ms 190ms	Other image/svg+xml	103.123.17.195 IDNIC-CITRAHOST-I...
General Check archive.org Show headers Download Go to Full URL https://auth.haloworld.my.id/assets/img/logo-small.svg Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.123.17.195 , Indonesia, ASN138069 (IDNIC-CITRAHOST-ID PT CITRAWEB DIGITAL MULTISOLUSI, ID), Reverse DNS etna.scxserver.com Software LiteSpeed / Resource Hash `1009c170c2a6b34500a903451761260c8c7519095380fb5adf2fd125c0fd4119` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://www.auth.haloworld.my.id/ Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 25 Oct 2024 10:19:38 GMT accept-ranges bytes content-length 344 date Fri, 18 Oct 2024 10:19:38 GMT content-type image/svg+xml last-modified Tue, 27 Aug 2024 10:04:01 GMT vary Accept-Encoding server LiteSpeed

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.auth.haloworld.my.id/	1970-01-21 00:20:53	Name: csrf_cookie_ci3 Value: 8b8b155db040571003267a85b31d9a81
			www.auth.haloworld.my.id/	1969-12-31 23:59:59	Name: ci_session Value: 1d7e7618c5cb29b37aba4df8d3c67d1460e18391

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.haloworld.my.id
rsms.me
www.auth.haloworld.my.id
103.123.17.195
104.21.234.234
1009c170c2a6b34500a903451761260c8c7519095380fb5adf2fd125c0fd4119
455b7ed1a406b7ccfa76ecf515431f2d7801a3ab1fc5268104fcd96963aef06e
5fd4644c1d24a600b7bf3c9997c39a43793a2c2ae07f196a3a4d0b7a870a046d
69dccee2dc7963e12a979f7871548622cd3f98b672d6be6b951808754d722d70
8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0
8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18

www.auth.haloworld.my.id Open in urlscan Pro 103.123.17.195 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

404 kBTransfer

1423 kBSize

2 Cookies

3 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

www.auth.haloworld.my.id Open in urlscan Pro
103.123.17.195 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

404 kB
Transfer

1423 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions