ScanMalware.com

Security Scan Report: www.spark.co.nz

Redirected to:
https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/chec...
Site favicon
Submitted: May 15, 2026, 3:05:51 AMCompleted: May 15, 2026, 3:07:52 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main domain is signin.spark.co.nz.

Submitted URL: https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZJvb9MwEMa%2FSuT3ibN0SYvVVsqWTao0YGoBId4g4940C%2F%2FDd1kGn352Cqi8Ga8s3d2je36Pb43SmiD6kR7dHn6MgFQ8W%2BNQzI0NG6MTXqJG4aQFFKTEoX97J5qqFiF68sobdiZ5XSERIZL2jhW7YcO%2B9lerRds1zdBdDlfdaqib5U3dDotlv1zddLctKz5BxDS%2FYUmeRIgj7BySdJRKddOVdVtetB%2FqhahbcfnmCyuGxKCdpFn1SBRQcD5NU4VBxu%2BV8pX7xdUkuQ%2BQHPLD4f0ejjqCIm6BZG%2B0RP6ZorRSG66P4YIV194h5J2v0anTkFBjjOkttQ1GK02suPVRwRzyhj1Ig5BR7lMa%2Bgn%2BVvo%2F4eRlo4V4gPikFXzc352BwLdsq3pO%2Fn6zWDDGOx480h4wZBNsu86fIea84laGgKMmKHOxpCmu%2BXl7fTqCdwloN9z75Plndmzlf3hzRR%2FLh3lUJEMOdeJOJMnQdB1BUqKjOALj29PKf09t%2BwI%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=q%2FpjyRcZHFlovf2NPhHWRmVX6fXJCSd91LrrPDpbIkHy4MK6pKJSN%2FKkoAG4Jzya4J8TrGLhu9%2BJkUUA4wHeGlfvQzfsGc7n1tZpysJ9TEBZ2dLumMkgVSemcqRJaZoRGcjuf%2FQGHb3PLj7OGKw80ezZKZbD60US1xP%2F%2BF4rHn0N2khl493pWytmUJq5MnaNQq%2BLUrryLv6J%2BNG6J36gQEvXZI4I5th8Ri%2BC08oqkNWcGWTZ4eRppGoVMUYgvSI%2BjhCk7vta5FUroC2ir9D%2FKaLQ2MqEbDPd2tncPsSX1CnVvIUgMMP55G4pdZm96Cs9BkUyvSBECn8mEdLz909S4w%3D%3D

Effective URL: https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/checkcookies?spEntityID%3Dappsuite-saml-twr%26goto%3Dhttp://openam.internal.spark.co.nz:8080/openam/saml2/continue/metaAlias/Xtramail/idp1?secondVisitUrl%253D/SSORedirect/metaAlias/Xtramail/idp1?ReqID%25253D_AB835622D64DB68D027E05D37A78E6F5%26AMAuthCookie%3D&brand=xtramailRedirected

The Cisco Umbrella rank of the primary domain is #416,869 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 88%

10
Risk Score

The site presents a credential‑phishing login for Xtra Mail, has unknown age, low reputation, critical malware alerts, and heavily obfuscated scripts – confirmed scam.

Risk Factors
Unknown domain age combined with credential collection
Low domain reputation for a claimed brand
Critical IDS alerts for malware and command‑and‑control activity
Highly obfuscated JavaScript code
Domain age information unavailable

Details

Page Title

Sign in

Scan Type

public

Language

🇺🇸

English

(54% confidence)

Category

healthcare medical

(29%)

Domain Information

You're looking at domain 'www.spark.co.nz' on the New Zealand country-code top-level domain (.co.nz) with subdomain 'www'. The second-level label 'spark' is 5 characters long split between one vowel and four consonants. Splitting it apart reveals 1 word: spark. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZJvb9MwEMa%2FSuT3ibN0SYvVVsqWTao0YGoBId4g4940C%2F%2FDd1kGn352Cqi8Ga8s3d2je36Pb43SmiD6kR7dHn6MgFQ8W%2BNQzI0NG6MTXqJG4aQFFKTEoX97J5qqFiF68sobdiZ5XSERIZL2jhW7YcO%2B9lerRds1zdBdDlfdaqib5U3dDotlv1zddLctKz5BxDS%2FYUmeRIgj7BySdJRKddOVdVtetB%2FqhahbcfnmCyuGxKCdpFn1SBRQcD5NU4VBxu%2BV8pX7xdUkuQ%2BQHPLD4f0ejjqCIm6BZG%2B0RP6ZorRSG66P4YIV194h5J2v0anTkFBjjOkttQ1GK02suPVRwRzyhj1Ig5BR7lMa%2Bgn%2BVvo%2F4eRlo4V4gPikFXzc352BwLdsq3pO%2Fn6zWDDGOx480h4wZBNsu86fIea84laGgKMmKHOxpCmu%2BXl7fTqCdwloN9z75Plndmzlf3hzRR%2FLh3lUJEMOdeJOJMnQdB1BUqKjOALj29PKf09t%2BwI%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=q%2FpjyRcZHFlovf2NPhHWRmVX6fXJCSd91LrrPDpbIkHy4MK6pKJSN%2FKkoAG4Jzya4J8TrGLhu9%2BJkUUA4wHeGlfvQzfsGc7n1tZpysJ9TEBZ2dLumMkgVSemcqRJaZoRGcjuf%2FQGHb3PLj7OGKw80ezZKZbD60US1xP%2F%2BF4rHn0N2khl493pWytmUJq5MnaNQq%2BLUrryLv6J%2BNG6J36gQEvXZI4I5th8Ri%2BC08oqkNWcGWTZ4eRppGoVMUYgvSI%2BjhCk7vta5FUroC2ir9D%2FKaLQ2MqEbDPd2tncPsSX1CnVvIUgMMP55G4pdZm96Cs9BkUyvSBECn8mEdLz909S4w%3D%3D

Page Load Overview

5.80s
Total Load Time
20
HTTP Requests
3
Domains
164 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:54%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:54%
Script Type:Latin
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical29% confidence
Type: spa
Method: ml+structural

All Detected Categories

healthcare medical
29%
technology software
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
866.22.91.48Auckland, Auckland, New Zealand
AS48851Radware Ltd
634.160.81.0Kansas City, Missouri, United States
AS396982Google LLC
666.22.91.1Auckland, Auckland, New Zealand
AS48851Radware Ltd
203--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C463C7DA1530A24815DEE54EEF6FEEC8101B605BE8A2D5C1BAEE8B0C5B8BED4FD41444

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:u1gO/fvJfAwkANKZoBz7qawqh0QKoZCktWnBo2rTbFDqJuK1v5qwqI2lDolP3:ur/VIYr7qa1ZI42rZi0HI2lDolf

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:70628:AWYrmEoAIDAaAECyTkBSREBEAgBUIaGiSQhEUqEAxABOcUwXgfGhrTA9hWLUhYAQxRKh6KUUxIPhVDARQEAgBQAAZJ2AgAig

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1018181818180000
Perceptual Hash:8dc877227626dc27
Difference Hash:b2b2b2b2b3b34326
Wavelet Hash:18181819191b83c7
Color Hash:#2dd2bf

Other Hashes

Crop Resistant:fa78c2e8b0b28e8e,b2b2b2b2b3b34326

Scan History

Scan history not available

Unable to load historical scan data