ScanMalware.com

Security Scan Report: www.spark.co.nz

Redirected to:
https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/chec...
Site favicon
Submitted: May 18, 2026, 7:37:22 PMCompleted: May 18, 2026, 7:39:08 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main domain is signin.spark.co.nz.

Submitted URL: https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbhMxEIVfZeX7Xe9uN2liJZG2TSNFKlAlgBA3yDhT1cJ%2FeGa7hafH3gAKN%2BXK0swczfmOZ4XSmiD6gZ7cAb4PgFS8WONQTI01G6ITXqJG4aQFFKTEsX9zL9qqFiF68sobdiF5XSERIZL2jhX77Zp96brF7q6bL9r%2BZtss2%2Fmim82u6qZrd3fNzXW%2FZMVHiJjm1yzJkwhxgL1Dko5SqW7nZT0rm8X7ZimurkVbf2bFNjFoJ2lSPREFFJyP41hhkPFbpXzlfnI1Su4DJIf8eHx3gJOOoIhbINkbLZF%2Foiit1IbrU2hYcesdQt75Gp06Dwk1xJjeUttgtNLEip2PCqaQ1%2BxRGoSM8pDS0M%2Fwt9L%2FCScvGyzEI8RnreDD4f4CBL5mW9VL8vebxYIx3vHgkQ6AIZtgm1X%2BDDHlFTcyBBw0QZmLJY1xxS%2Fbq%2FMRvE1A%2B%2B2DT55%2FZMdW%2Foc3V%2FSpfJxGRTLkUCfuRJIMjbcRJCU6igMwvjmv%2FPfUNr8A&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=RRm0nZqftW2pPz61JdmgezxwWKAkPVeD62XvpYfpNWYrQV8Yj%2F0oShinpFzWNWeFco7ZNFgZm0K5w1lkv0HTTiFd5GLcwxpdg6L1t2QB%2FaaWVCnGgXKBBFUKbIuS6ovmLV9PCSgDwrmVewn2A40jwXhzRBlJEK8NxpTms8%2BFF0GEm%2Br0HGqPZNZTakYJLFeM51if%2FLaorftzsw8iySzybOcAMSgWY1cliaK7CQKZ8hV%2BM5h2fQPYJhyrrINj1MU79uv1IhqTIeCoTNp4jAPp2wf0PHXnc%2BhXvm1Di3UDkTq1%2FGQA77PR6scEK7vXAL9n5Vti99tOSgcKk8JjBr0ZgA%3D%3D

Effective URL: https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/checkcookies?spEntityID%3Dappsuite-saml-twr%26goto%3Dhttp://openam.internal.spark.co.nz:8080/openam/saml2/continue/metaAlias/Xtramail/idp1?secondVisitUrl%253D/SSORedirect/metaAlias/Xtramail/idp1?ReqID%25253D_448FE4682ABD1926845530142FE1B7A9%26AMAuthCookie%3D&brand=xtramailRedirected

The Cisco Umbrella rank of the primary domain is #416,869 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

10
Risk Score

Login page on spark.co.nz presents a credential form but critical IDS alerts show malware/C2 activity, indicating a high‑risk compromised site.

Risk Factors
Unknown domain age
Low domain reputation for a brand‑claimed site
Critical IDS alerts for malware and C2 activity
Credential collection form on a newly‑seen domain
Potential site compromise despite legitimate‑looking SSO flow
Domain age information unavailable

Details

Page Title

Sign in

Scan Type

public

Language

🇺🇸

English

(54% confidence)

Category

healthcare medical

(29%)

Domain Information

The domain name 'www.spark.co.nz' uses the New Zealand country-code top-level domain (.co.nz) and includes subdomain 'www'. The core label 'spark' covers 5 characters holding 1 vowel versus 4 consonants. Segmentation suggests one word: spark. Median word length comes out to 5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLdbhMxEIVfZeX7Xe9uN2liJZG2TSNFKlAlgBA3yDhT1cJ%2FeGa7hafH3gAKN%2BXK0swczfmOZ4XSmiD6gZ7cAb4PgFS8WONQTI01G6ITXqJG4aQFFKTEsX9zL9qqFiF68sobdiF5XSERIZL2jhX77Zp96brF7q6bL9r%2BZtss2%2Fmim82u6qZrd3fNzXW%2FZMVHiJjm1yzJkwhxgL1Dko5SqW7nZT0rm8X7ZimurkVbf2bFNjFoJ2lSPREFFJyP41hhkPFbpXzlfnI1Su4DJIf8eHx3gJOOoIhbINkbLZF%2Foiit1IbrU2hYcesdQt75Gp06Dwk1xJjeUttgtNLEip2PCqaQ1%2BxRGoSM8pDS0M%2Fwt9L%2FCScvGyzEI8RnreDD4f4CBL5mW9VL8vebxYIx3vHgkQ6AIZtgm1X%2BDDHlFTcyBBw0QZmLJY1xxS%2Fbq%2FMRvE1A%2B%2B2DT55%2FZMdW%2Foc3V%2FSpfJxGRTLkUCfuRJIMjbcRJCU6igMwvjmv%2FPfUNr8A&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=RRm0nZqftW2pPz61JdmgezxwWKAkPVeD62XvpYfpNWYrQV8Yj%2F0oShinpFzWNWeFco7ZNFgZm0K5w1lkv0HTTiFd5GLcwxpdg6L1t2QB%2FaaWVCnGgXKBBFUKbIuS6ovmLV9PCSgDwrmVewn2A40jwXhzRBlJEK8NxpTms8%2BFF0GEm%2Br0HGqPZNZTakYJLFeM51if%2FLaorftzsw8iySzybOcAMSgWY1cliaK7CQKZ8hV%2BM5h2fQPYJhyrrINj1MU79uv1IhqTIeCoTNp4jAPp2wf0PHXnc%2BhXvm1Di3UDkTq1%2FGQA77PR6scEK7vXAL9n5Vti99tOSgcKk8JjBr0ZgA%3D%3D

Page Load Overview

17.93s
Total Load Time
20
HTTP Requests
3
Domains
164 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:54%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:54%
Script Type:Latin
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical29% confidence
Type: spa
Method: ml+structural

All Detected Categories

healthcare medical
29%
technology software
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
866.22.91.1Auckland, Auckland, New Zealand
AS48851Radware Ltd
666.22.91.48Auckland, Auckland, New Zealand
AS48851Radware Ltd
634.160.81.0Kansas City, Missouri, United States
AS396982Google LLC
203--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14E53C7CA1570A24815CEE54EDF6FEEC8101B606BE9B3D5C57AEE8B0C4B8BAD4FD41844

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:TggO/fvJf7WkDNKZoBz7qawqh0QKoZCktWnBo2rTbFDqJuKPv5qwq1nTplP3:TS/VF5r7qa1ZI42rZg0H1nTplf

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:66507:RMIAGEQqC0IQrhAkDYu4FyDIFBGAIjgDAAryUAIkSWgTPTRACJAxIBDoJCakigAyifAJEcAwcYmEATKoQBeEIRUBSBoWcScg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1018181818180000
Perceptual Hash:8dc877227626dc27
Difference Hash:b2b2b2b2b3b34326
Wavelet Hash:18181819191b83c7
Color Hash:#1f933a

Other Hashes

Crop Resistant:fa78c2e8b0b28e8e,b2b2b2b2b3b34326

Scan History

Scan history not available

Unable to load historical scan data