internal.excel.staging.sparta.app Open in urlscan Pro
18.245.60.28 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://internal.excel.staging.sparta.app/
Submission: On March 15 via automatic, source certstream-suspicious (March 15th 2024, 9:01:22 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 18.245.60.28, located in United States and belongs to AMAZON-02, US. The main domain is internal.excel.staging.sparta.app.
TLS certificate: Issued by Amazon RSA 2048 M01 on May 8th 2023. Valid for: a year.

This is the only time internal.excel.staging.sparta.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	18.245.60.28 18.245.60.28	16509 (AMAZON-02) (AMAZON-02)
2	104.102.22.187 104.102.22.187	16625 (AKAMAI-AS) (AKAMAI-AS)
10	3

7 18.245.60.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-28.fra60.r.cloudfront.net

internal.excel.staging.sparta.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.22.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-22-187.deploy.static.akamaitechnologies.com

appsforoffice.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	sparta.app internal.excel.staging.sparta.app	7 MB
2	microsoft.com appsforoffice.microsoft.com — Cisco Umbrella Rank: 1084	56 KB
0	oaspapps.com Failed telemetryservice.firstpartyapps.oaspapps.com Failed
10	3

	Domain	Requested by
7	internal.excel.staging.sparta.app	internal.excel.staging.sparta.app
2	appsforoffice.microsoft.com	internal.excel.staging.sparta.app appsforoffice.microsoft.com
0	telemetryservice.firstpartyapps.oaspapps.com Failed	appsforoffice.microsoft.com
10	3

This site contains no links.

Subject Issuer	Validity	Valid
excel.staging.sparta.app Amazon RSA 2048 M01	`2023-05-08` - `2024-06-05`	a year	crt.sh
appsforoffice.microsoft.com Microsoft Azure ECC TLS Issuing CA 04	`2023-12-28` - `2024-12-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://internal.excel.staging.sparta.app/
Frame ID: 1EED39F285FB8AC51D1804FE0125E6AE
Requests: 9 HTTP requests in this frame

Frame: https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html
Frame ID: 18CB3FE3343D2D821EF098998430756C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sparta Excel Tool

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

7712 kB
Transfer

7873 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response internal.excel.staging.sparta.app/	912 B 1 KB	204ms 83ms	Document text/html	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `f8c20450ebc9b19cd8dc3d1dc9b9b4ccd25dd8311bb4598e27700b85827b611a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-length 912 content-type text/html date Fri, 15 Mar 2024 09:01:18 GMT etag "f5c541414e5dcdb8b1167cf05b0ffb01" last-modified Thu, 14 Mar 2024 13:01:45 GMT server AmazonS3 vary Origin via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) x-amz-cf-id SJ4tomQMvERYGu3zoJP-4BYYxYNRVw-kJktu6rg_K6SaKw4GHrEY-Q== x-amz-cf-pop FRA60-P5 x-cache Miss from cloudfront
GET H/1.1	200 OK	office.js Show response appsforoffice.microsoft.com/lib/1.1/hosted/	62 KB 19 KB	69ms 8ms	Script application/javascript	104.102.22.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://appsforoffice.microsoft.com/lib/1.1/hosted/office.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.22.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-22-187.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `45436bb6517b9d05022bd2e39d166d8f43d557c45cd9520c1d457369a26d45aa` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 09:01:17 GMT Content-Encoding gzip Last-Modified Wed, 28 Feb 2024 12:34:52 GMT Server Microsoft-IIS/10.0 ETag "0fea186426ada1:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 19361
GET H2	200	vendor.js Show response internal.excel.staging.sparta.app/	2 MB 2 MB	92ms 92ms	Script application/javascript	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/vendor.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `d76517228fa0b88d4d6c93d71ad0e448559e4867c32b77d5dcb4f378e80db7d7` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:59 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "24c1903201aec566d7390a053effb9d6" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript content-length 2329010 x-amz-cf-id U7xZUojneSMBOXOoS-4H0SztbG7BLR3UbO8-v_dt8uX_VNc4SKnUiQ==
GET H2	200	index.js Show response internal.excel.staging.sparta.app/	4 MB 4 MB	111ms 107ms	Script application/javascript	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/index.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `215a0101feb587e054ab3e54c17d8eb78f8853d5af082bccbf2a5b4a4ee2eef5` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:46 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "cc6fccc0bcbe12c4960d530dcdb19cb4" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript content-length 4667843 x-amz-cf-id 15KN6iaLrec2O2FCzc5uYMxjtSHDHpuMaSi4ZXOvWkPbjLWFxVF9OA==
GET H2	200	auth.js Show response internal.excel.staging.sparta.app/	384 KB 385 KB	161ms 157ms	Script application/javascript	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/auth.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `e80af228cf9ca270f502a18fc14911ebcb6ad66eea4901f751edd33f99b859d4` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:39 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "67fd25dff009ab91c225d7a267d4f3c3" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript content-length 392738 x-amz-cf-id T06lQLNy2VJHEakDNrKEXGI-vz0uOUzI4aLKM1C4waoibPGunxLb6Q==
GET H2	200	commands.js Show response internal.excel.staging.sparta.app/	16 KB 17 KB	126ms 123ms	Script application/javascript	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/commands.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `1bcef9cbe05a275b92df1800d8ee426ccb7c5970bb0626e58263d89d14bb5f0e` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:40 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "aedab34091b8d1c2aa46ea37a89a4ee0" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript content-length 16519 x-amz-cf-id GMt7wERIEZJzF01pgTm8mV148zMHwEZGjFnqEkMHXaOEBB9IrEezdQ==
GET H2	200	functions.js Show response internal.excel.staging.sparta.app/	381 KB 381 KB	155ms 153ms	Script application/javascript	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/functions.js Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `cc9d82db474bd6768d6f16e3f7dcf805b914d3c8ab2bc08eabbed7649206348d` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:42 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "176e335d00d434f7c5aecbb50333889a" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript content-length 389678 x-amz-cf-id ZlzKyFSbNyqPMwuzmKvWqIZhZrEyudut1JX-zfsdmXb454rEly7O0A==
GET H2	200	index.d8e67b7711478d085920.css internal.excel.staging.sparta.app/	30 KB 30 KB	126ms 126ms	Stylesheet text/css	18.245.60.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://internal.excel.staging.sparta.app/index.d8e67b7711478d085920.css Requested by Host: internal.excel.staging.sparta.app URL: https://internal.excel.staging.sparta.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `803e6721495ec6e1ddcf10c2a8459e672c223693fc88922dc17fb0609f0e8e19` Request headers accept-language de-DE,de;q=0.9 Referer https://internal.excel.staging.sparta.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 09:01:18 GMT via 1.1 0254a3d4b384cab4933ea28efe6685c2.cloudfront.net (CloudFront) last-modified Thu, 14 Mar 2024 13:01:44 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 etag "646b508677550099e71eba4100def18e" vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type text/css content-length 30421 x-amz-cf-id vUS9_NPXO6oAD_PDtBK7x0o7kWpx3d2YOzrOmir2MMJqbjR-QaTrOw==
GET H/1.1	200 OK	o15apptofilemappingtable.js Show response appsforoffice.microsoft.com/lib/1.1/hosted/	167 KB 37 KB	21ms 7ms	Script application/javascript	104.102.22.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://appsforoffice.microsoft.com/lib/1.1/hosted/o15apptofilemappingtable.js Requested by Host: appsforoffice.microsoft.com URL: https://appsforoffice.microsoft.com/lib/1.1/hosted/office.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.22.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-22-187.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `2cf6e909da5391f513f14379c3ba86fe888f083d9f8205bcc7bd91cde3d9b522` Request headers Referer https://internal.excel.staging.sparta.app/ Origin https://internal.excel.staging.sparta.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 09:01:17 GMT Content-Encoding gzip Last-Modified Wed, 28 Feb 2024 12:34:52 GMT Server Microsoft-IIS/10.0 ETag "0fea186426ada1:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control public, max-age=11932 Connection keep-alive Accept-Ranges bytes Content-Length 37609
GET		telemetryproxy.html telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/ Frame 18CB	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: telemetryservice.firstpartyapps.oaspapps.com
URL: https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appsforoffice.microsoft.com
internal.excel.staging.sparta.app
telemetryservice.firstpartyapps.oaspapps.com
telemetryservice.firstpartyapps.oaspapps.com
104.102.22.187
18.245.60.28
1bcef9cbe05a275b92df1800d8ee426ccb7c5970bb0626e58263d89d14bb5f0e
215a0101feb587e054ab3e54c17d8eb78f8853d5af082bccbf2a5b4a4ee2eef5
2cf6e909da5391f513f14379c3ba86fe888f083d9f8205bcc7bd91cde3d9b522
45436bb6517b9d05022bd2e39d166d8f43d557c45cd9520c1d457369a26d45aa
803e6721495ec6e1ddcf10c2a8459e672c223693fc88922dc17fb0609f0e8e19
cc9d82db474bd6768d6f16e3f7dcf805b914d3c8ab2bc08eabbed7649206348d
d76517228fa0b88d4d6c93d71ad0e448559e4867c32b77d5dcb4f378e80db7d7
e80af228cf9ca270f502a18fc14911ebcb6ad66eea4901f751edd33f99b859d4
f8c20450ebc9b19cd8dc3d1dc9b9b4ccd25dd8311bb4598e27700b85827b611a

internal.excel.staging.sparta.app Open in urlscan Pro 18.245.60.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

7712 kBTransfer

7873 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

0 Cookies

Indicators

internal.excel.staging.sparta.app Open in urlscan Pro
18.245.60.28 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

7712 kB
Transfer

7873 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions