ScanMalware.com

Security Scan Report: www.spark.co.nz

Redirected to:
https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/chec...
Site favicon
Submitted: May 16, 2026, 8:31:48 PMCompleted: May 16, 2026, 8:33:30 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main domain is signin.spark.co.nz.

Submitted URL: https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbtswDIVfxdC9rThOPURIArjxCgTotiLZimI3g6qwqDD9TaTrbk8%2FyemK7Ka9EkDygOc74gqlNUF0Az26PfwaAKl4tsahmBprNkQnvESNwkkLKEiJQ%2FfpWsyrmQjRk1fesDPJ2wqJCJG0d6zY9Wv2o6mX3XZbd91icTlvr%2Fp6WdfN5cXiQ9O07cdlz4pbiJjm1yzJkwhxgJ1Dko5SaTZvy9lFWbdf5zPR1GLRfmdFnxi0kzSpHokCCs7HcawwyPizUr5yf7gaJfcBkkN%2BOHzZw1FHUMQtkOyMlsjvKEorteH6GGpWbL1DyDvfolOnIaGGGNNbahuMVppYceWjginkNXuQBiGj3KQ09BO8Vrp%2F4eRlg4V4gPikFXzbX5%2BBwH22VT0nfy8sFozxjgePtAcM2QTbrPJniCmvuJEh4KAJylwsaYwrft5enY7gcwLa9Tc%2Bef6dHVv5Dm%2Bu6GP5MI2KZMihTtyJJBkatxEkJTqKAzC%2BOa38%2F9Q2fwE%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=E8nhGTLHS0TuZPcf7q%2Fivcg2ZQS%2FSku4i4ygAS03j8j5%2BmlfhQben%2BspNUo0vRiuVEUUFi79FSA0KZfSolL%2BYckjQqcpCh59vHJpL4RZWwlz85OQHN09tRGee4kL2EsMgByBGa3so%2FwTPS%2BrQCEhtt%2Bx6OgoL8DwMiDtZyVFBeyQoo6U4jxTFwt3XoD9%2F%2BG%2BS5rIoLDY%2B2oMJjhrymh8yyXh4UpXMDKJr58ezBwdObjWgC4klnZhi46i8iRV5Qto6wo%2B%2FyypfM%2BThZzLJowhb3j4%2FRXD%2FTv3XW2tqj22pTn0XOmfCAiCeTwuKdeVX%2FFhU33vzwKOzawDjwuxQ9KT7g%3D%3D

Effective URL: https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/checkcookies?spEntityID%3Dappsuite-saml-twr%26goto%3Dhttp://openam.internal.spark.co.nz:8080/openam/saml2/continue/metaAlias/Xtramail/idp1?secondVisitUrl%253D/SSORedirect/metaAlias/Xtramail/idp1?ReqID%25253D_319ACC1AA44B26FD19113B5473366E9D%26AMAuthCookie%3D&brand=xtramailRedirected

The Cisco Umbrella rank of the primary domain is #416,869 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 92%

10
Risk Score

The site mimics Spark's Xtra Mail login but triggers multiple critical IDS alerts for data exfiltration, indicating a likely compromised phishing or malware distribution page.

Risk Factors
Unknown domain age
Low domain ranking for brand claim
Critical network IDS alerts indicating malware/C2 activity
Credential collection on a brand‑related domain
Potentially compromised legitimate login page
Domain age information unavailable

Details

Page Title

Sign in

Scan Type

public

Language

🇺🇸

English

(54% confidence)

Category

healthcare medical

(29%)

Domain Information

The domain name 'www.spark.co.nz' uses the New Zealand country-code top-level domain (.co.nz) with subdomain 'www'. The second-level label 'spark' is 5 characters long with 1 vowel and 4 consonants. Word splitting yields 1 word: spark. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbtswDIVfxdC9rThOPURIArjxCgTotiLZimI3g6qwqDD9TaTrbk8%2FyemK7Ka9EkDygOc74gqlNUF0Az26PfwaAKl4tsahmBprNkQnvESNwkkLKEiJQ%2FfpWsyrmQjRk1fesDPJ2wqJCJG0d6zY9Wv2o6mX3XZbd91icTlvr%2Fp6WdfN5cXiQ9O07cdlz4pbiJjm1yzJkwhxgJ1Dko5SaTZvy9lFWbdf5zPR1GLRfmdFnxi0kzSpHokCCs7HcawwyPizUr5yf7gaJfcBkkN%2BOHzZw1FHUMQtkOyMlsjvKEorteH6GGpWbL1DyDvfolOnIaGGGNNbahuMVppYceWjginkNXuQBiGj3KQ09BO8Vrp%2F4eRlg4V4gPikFXzbX5%2BBwH22VT0nfy8sFozxjgePtAcM2QTbrPJniCmvuJEh4KAJylwsaYwrft5enY7gcwLa9Tc%2Bef6dHVv5Dm%2Bu6GP5MI2KZMihTtyJJBkatxEkJTqKAzC%2BOa38%2F9Q2fwE%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=E8nhGTLHS0TuZPcf7q%2Fivcg2ZQS%2FSku4i4ygAS03j8j5%2BmlfhQben%2BspNUo0vRiuVEUUFi79FSA0KZfSolL%2BYckjQqcpCh59vHJpL4RZWwlz85OQHN09tRGee4kL2EsMgByBGa3so%2FwTPS%2BrQCEhtt%2Bx6OgoL8DwMiDtZyVFBeyQoo6U4jxTFwt3XoD9%2F%2BG%2BS5rIoLDY%2B2oMJjhrymh8yyXh4UpXMDKJr58ezBwdObjWgC4klnZhi46i8iRV5Qto6wo%2B%2FyypfM%2BThZzLJowhb3j4%2FRXD%2FTv3XW2tqj22pTn0XOmfCAiCeTwuKdeVX%2FFhU33vzwKOzawDjwuxQ9KT7g%3D%3D

Page Load Overview

11.03s
Total Load Time
21
HTTP Requests
3
Domains
164 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:54%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:54%
Script Type:Latin
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical29% confidence
Type: spa
Method: ml+structural

All Detected Categories

healthcare medical
29%
technology software
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
766.22.91.48Auckland, Auckland, New Zealand
AS48851Radware Ltd
766.22.91.1Auckland, Auckland, New Zealand
AS48851Radware Ltd
734.160.81.0Kansas City, Missouri, United States
AS396982Google LLC
213--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T17463C7DA1530A24815CFE54EEF6FEEC8101B605BE8A3D5C1BAED8B0C5B8BAD4FD41844

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:uOgO/fvJfAwkENKZoBz7qawqh0QKoZCktWnBo2rTbFDqJuK/v5qwqI23DolP3:uA/VI8r7qa1ZI42rZo0HI23Dolf

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:70628:aHAzERYESQRKACKwN1dDQkDQqSUWCYEgAiFAACA4qhQAoWgSuICHGpm1NGCwMwIAUSyAoxEBlNLlZgImAIACjERAYO+ngASA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1018181818180000
Perceptual Hash:8dc877227626dc27
Difference Hash:b2b2b2b2b3b34326
Wavelet Hash:18181819191b83c7
Color Hash:#798cd2

Other Hashes

Crop Resistant:fa78c2e8b0b28e8e,b2b2b2b2b3b34326

Scan History

Scan history not available

Unable to load historical scan data