ScanMalware.com

Security Scan Report: www.spark.co.nz

Redirected to:
https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/chec...
Site favicon
Submitted: May 15, 2026, 6:42:50 PMCompleted: May 15, 2026, 6:44:26 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main domain is signin.spark.co.nz.

Submitted URL: https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbhMxEIVfZeX7Xe9uN6WxkkjpJpEiFagSQIgbZJypauE%2FPLPdwtPX3gAKN%2BXK0swczfmOZ4HSmiDWAz26A%2FwYAKl4tsahmBpLNkQnvESNwkkLKEiJ4%2FrtnWirWoToyStv2IXkdYVEhEjaO1bsN0v29barm7abt%2FNZt7vZ9tvretu0fb%2B7up3v%2BvnVhhWfIGKaX7IkTyLEAfYOSTpKpbq9LutZ2cw%2BNDeia0X35gsrNolBO0mT6pEooOB8HMcKg4zfK%2BUr94urUXIfIDnkx%2BP7A5x0BEXcAsm10RL5Z4rSSm24PoWGFb13CHnna3TqPCTUEGN6S22D0UoTK3Y%2BKphCXrIHaRAyyn1KQz%2FB38r6Tzh52WAhHiE%2BaQUfD3cXIPAt26qek7%2FfLBaM8Y4Hj3QADNkEWy3yZ4gpr7iSIeCgCcpcLGmMC37ZXpyP4F0C2m%2FuffL8Mzu28j%2B8uaJP5cM0KpIhhzpxJ5JkaOwjSEp0FAdgfHVe%2Be%2BprV4A&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=pq3LDILLt%2FV2axtWK13Nn9nNVtdjMyr%2F1e2IcQ2u3oFUCWQfKHU8ihKmmYJ4NDbQWn8X0fITmLXLEUf1bSI4O6S1XtUDmAVQ4Mpot8Z09HM2dIjRXXvdmAzgcPivIimDSBfjPpdrhzgzvVWeXgo4JXVSMfNuyN4MxzMbvuX2b%2F9wJqHe2tjS%2BDffLm3CfpTBdRhlg1iiB34pP7UE%2BM12lU%2FjRzN7kCUJEJ6JfH5XA28KO%2F3vQSVukKLP6QjXMSh7v2EGXW580swwyZYeg49TSJLM9YZi6KKpdrWbd%2FMb0CwMIbINGn5X%2Bj9tlEIMgv0FcKbBrGsqzZddUlkYLI43Ow%3D%3D

Effective URL: https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/checkcookies?spEntityID%3Dappsuite-saml-twr%26goto%3Dhttp://openam.internal.spark.co.nz:8080/openam/saml2/continue/metaAlias/Xtramail/idp1?secondVisitUrl%253D/SSORedirect/metaAlias/Xtramail/idp1?ReqID%25253D_B4012492954F8ECE60E12CCF3B9FC93D%26AMAuthCookie%3D&brand=xtramailRedirected

The Cisco Umbrella rank of the primary domain is #416,869 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 94%

10
Risk Score

The site impersonates Xtra Mail, collects credentials, and triggers critical malware alerts – treat as confirmed phishing scam.

Risk Factors
Brand impersonation on unranked/low‑rank domain
Unknown domain age with credential collection
Critical IDS alerts indicating possible malware exfiltration
Low domain ranking for a claimed reputable brand
Credential harvesting form without clear legitimate purpose
Domain age information unavailable

Details

Page Title

Sign in

Scan Type

public

Language

🇺🇸

English

(54% confidence)

Category

healthcare medical

(29%)

Domain Information

The domain 'www.spark.co.nz' uses the New Zealand country-code top-level domain (.co.nz); it also runs on subdomain 'www'. Count 5 characters in 'spark' split between 1 vowel and four consonants. Splitting it apart reveals one word: spark. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbhMxEIVfZeX7Xe9uN6WxkkjpJpEiFagSQIgbZJypauE%2FPLPdwtPX3gAKN%2BXK0swczfmOZ4HSmiDWAz26A%2FwYAKl4tsahmBpLNkQnvESNwkkLKEiJ4%2FrtnWirWoToyStv2IXkdYVEhEjaO1bsN0v29barm7abt%2FNZt7vZ9tvretu0fb%2B7up3v%2BvnVhhWfIGKaX7IkTyLEAfYOSTpKpbq9LutZ2cw%2BNDeia0X35gsrNolBO0mT6pEooOB8HMcKg4zfK%2BUr94urUXIfIDnkx%2BP7A5x0BEXcAsm10RL5Z4rSSm24PoWGFb13CHnna3TqPCTUEGN6S22D0UoTK3Y%2BKphCXrIHaRAyyn1KQz%2FB38r6Tzh52WAhHiE%2BaQUfD3cXIPAt26qek7%2FfLBaM8Y4Hj3QADNkEWy3yZ4gpr7iSIeCgCcpcLGmMC37ZXpyP4F0C2m%2FuffL8Mzu28j%2B8uaJP5cM0KpIhhzpxJ5JkaOwjSEp0FAdgfHVe%2Be%2BprV4A&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=pq3LDILLt%2FV2axtWK13Nn9nNVtdjMyr%2F1e2IcQ2u3oFUCWQfKHU8ihKmmYJ4NDbQWn8X0fITmLXLEUf1bSI4O6S1XtUDmAVQ4Mpot8Z09HM2dIjRXXvdmAzgcPivIimDSBfjPpdrhzgzvVWeXgo4JXVSMfNuyN4MxzMbvuX2b%2F9wJqHe2tjS%2BDffLm3CfpTBdRhlg1iiB34pP7UE%2BM12lU%2FjRzN7kCUJEJ6JfH5XA28KO%2F3vQSVukKLP6QjXMSh7v2EGXW580swwyZYeg49TSJLM9YZi6KKpdrWbd%2FMb0CwMIbINGn5X%2Bj9tlEIMgv0FcKbBrGsqzZddUlkYLI43Ow%3D%3D

Page Load Overview

6.03s
Total Load Time
20
HTTP Requests
3
Domains
164 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:54%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:54%
Script Type:Latin
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical29% confidence
Type: spa
Method: ml+structural

All Detected Categories

healthcare medical
29%
technology software
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
866.22.91.1Auckland, Auckland, New Zealand
AS48851Radware Ltd
634.160.81.0Kansas City, Missouri, United States
AS396982Google LLC
666.22.91.48Auckland, Auckland, New Zealand
AS48851Radware Ltd
203--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1ED63C7DA1530A24815CEE54EEF6FEEC8105B605BE8A2D5C1BAED8B0C5B8BED4FD41844

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:ulgO/fvJfAwkLNKZoBz7qawqh0QKoZCktWnBo2rTbFDqJuK4v5qwqI78OolP3:u7/VIhr7qa1ZI42rZv0HI78Oolf

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:70628:eCIh8BhAaVXABAAwBh8SYmREEjEQmQEhQ2AAY4AICAQKGz4jkpDFgT0BsILKkAYR2AQoyKBRhPEECsAxgNBiAEEEYIy7JETJ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1018181818180000
Perceptual Hash:8dc877227626dc27
Difference Hash:b2b2b2b2b3b34326
Wavelet Hash:18181819191b83c7
Color Hash:#862e2d

Other Hashes

Crop Resistant:fa78c2e8b0b28e8e,b2b2b2b2b3b34326

Scan History

Scan history not available

Unable to load historical scan data