ScanMalware.com

Security Scan Report: www.spark.co.nz

Redirected to:
https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/chec...
Site favicon
Submitted: May 21, 2026, 5:07:33 AMCompleted: May 21, 2026, 5:10:06 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main domain is signin.spark.co.nz.

Submitted URL: https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLRa9swEMb%2FFaN3W3bqOlgkAddpIdBtJdlG2cvQlCsVlSVNd667%2FfWTnG5kL%2B2T4O4%2B7vt9uhXKwXjRjfRo9%2FBzBKTsZTAWxdxYszFY4SRqFFYOgIKUOHQfbsWiKIUPjpxyhp1J3lZIRAiknWXZbrtm3xdtu10um7op%2B6u67fvrm7Zatk1X13XVNdcdy75CwDi%2FZlEeRYgj7CyStBRL5aLJy8t8UX0uL0W5FBfVN5ZtI4O2kmbVI5FHwfk0TQV6GZ4K5Qr7m6tJcuchOuSHw6c9HHUARXwAkp3REvk9BTlIbbg%2B%2BoplvbMIaedbdOo0JNQYQnxzPXijlSaW3bigYA55zR6kQUgodzEN%2FQz%2FKt3fcNKycYBwgPCsFXzZ356BwI9kq3iJ%2Fl5ZBjDGWe4d0h7QJxNss0qfIea8wkZ6j6MmyFMxpyms%2BHl7dTqCjxFot71z0fOv5HiQ7%2FCmij7mD%2FOoiIYs6sgdSaKhqQ8gKdJRGIHxzWnl%2F6e2%2BQM%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=RMkA%2B1yZaTdxM1riA5%2FeQw%2FNTd0osdrT9rOzM3Evgje4mA%2FyEB1bN%2BI8rrB%2FaJ1WM3YaY7DRl5%2B9i1iCTR0j8wc20phmCKWZyxtituD%2FWO6Q7v31natLtTKzXHm3qfDN%2FA%2BaV9T0d64WN%2B%2BZCDGWAoXruR1Cq56PR1VFRuI71kzXfwGyE7pbJ7UtERBrYIUDWdXOgVo2tohPDWvqrDju3jKRMGmJc0IfxxYIiihB8Drw%2F5DM0oz0Uce94M248QrBG5OmCSbwiQQo1x33SD1Gz8aD7TGyYAgbi9XonKJKvPCt4wZ%2BPXAk%2FGVrbljlMJ%2FGAH%2BYTJCkmD7JxJsgw0Xy1Q%3D%3D

Effective URL: https://signin.spark.co.nz/?goto=https://www.spark.co.nz/xtramail/checkcookies?spEntityID%3Dappsuite-saml-twr%26goto%3Dhttp://openam.internal.spark.co.nz:8080/openam/saml2/continue/metaAlias/Xtramail/idp1?secondVisitUrl%253D/SSORedirect/metaAlias/Xtramail/idp1?ReqID%25253D_299D776460CB49CCEF91796A4441A6EA%26AMAuthCookie%3D&brand=xtramailRedirected

The Cisco Umbrella rank of the primary domain is #416,869 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 78%

8
Risk Score

The site presents a login form for Xtra Mail on an unknown‑age, low‑rank domain with heavily obfuscated JavaScript, indicating a high‑risk credential phishing attempt.

Risk Factors
Domain age unknown (treated as new)
Low domain reputation ranking
Highly obfuscated JavaScript
Credential collection on a low‑rank domain
Domain age information unavailable

Details

Page Title

Sign in

Scan Type

public

Language

🇺🇸

English

(54% confidence)

Category

healthcare medical

(29%)

Domain Information

The domain 'www.spark.co.nz' uses the New Zealand country-code top-level domain (.co.nz) with subdomain 'www'. The core label 'spark' covers 5 characters containing one vowel alongside four consonants. Splitting it apart reveals one word: spark. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.spark.co.nz/cwa/openam/SSORedirect/metaAlias/Xtramail/idp1?SAMLRequest=hZLRa9swEMb%2FFaN3W3bqOlgkAddpIdBtJdlG2cvQlCsVlSVNd667%2FfWTnG5kL%2B2T4O4%2B7vt9uhXKwXjRjfRo9%2FBzBKTsZTAWxdxYszFY4SRqFFYOgIKUOHQfbsWiKIUPjpxyhp1J3lZIRAiknWXZbrtm3xdtu10um7op%2B6u67fvrm7Zatk1X13XVNdcdy75CwDi%2FZlEeRYgj7CyStBRL5aLJy8t8UX0uL0W5FBfVN5ZtI4O2kmbVI5FHwfk0TQV6GZ4K5Qr7m6tJcuchOuSHw6c9HHUARXwAkp3REvk9BTlIbbg%2B%2BoplvbMIaedbdOo0JNQYQnxzPXijlSaW3bigYA55zR6kQUgodzEN%2FQz%2FKt3fcNKycYBwgPCsFXzZ356BwI9kq3iJ%2Fl5ZBjDGWe4d0h7QJxNss0qfIea8wkZ6j6MmyFMxpyms%2BHl7dTqCjxFot71z0fOv5HiQ7%2FCmij7mD%2FOoiIYs6sgdSaKhqQ8gKdJRGIHxzWnl%2F6e2%2BQM%3D&RelayState=https%3A%2F%2Fwebmail.xtra.co.nz%2Findex.cgi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=RMkA%2B1yZaTdxM1riA5%2FeQw%2FNTd0osdrT9rOzM3Evgje4mA%2FyEB1bN%2BI8rrB%2FaJ1WM3YaY7DRl5%2B9i1iCTR0j8wc20phmCKWZyxtituD%2FWO6Q7v31natLtTKzXHm3qfDN%2FA%2BaV9T0d64WN%2B%2BZCDGWAoXruR1Cq56PR1VFRuI71kzXfwGyE7pbJ7UtERBrYIUDWdXOgVo2tohPDWvqrDju3jKRMGmJc0IfxxYIiihB8Drw%2F5DM0oz0Uce94M248QrBG5OmCSbwiQQo1x33SD1Gz8aD7TGyYAgbi9XonKJKvPCt4wZ%2BPXAk%2FGVrbljlMJ%2FGAH%2BYTJCkmD7JxJsgw0Xy1Q%3D%3D

Page Load Overview

35.42s
Total Load Time
20
HTTP Requests
3
Domains
164 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:54%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:54%
Script Type:Latin
Text Length:187 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical29% confidence
Type: spa
Method: ml+structural

All Detected Categories

healthcare medical
29%
technology software
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
866.22.91.48Auckland, Auckland, New Zealand
AS48851Radware Ltd
666.22.91.1Auckland, Auckland, New Zealand
AS48851Radware Ltd
634.160.81.0Kansas City, Missouri, United States
AS396982Google LLC
203--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1F953C7CA1530A24815CEE54EDF6FEEC8101B606BE9B3D5C57AEE8B0C5B8BAD4FD41844

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:irgO/fvJf7WkDNKZoBz7qawqh0QKoZCktWnBo2rTbFDqJuKiv5qwqumMplP3:iJ/VF5r7qa1ZI42rZT0HumMplf

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:66499:EAIAImiVIAWBAAoICAgnRwAYmghghBGIUQEFyEjNSY6UFAIhWhETwAmojOhSQAwERKyRJCQQ8TwEAlTSIkEeCQAVAAAQTkYI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1018181818180000
Perceptual Hash:8dc877227626dc27
Difference Hash:b2b2b2b2b3b34326
Wavelet Hash:18181819191b83c7
Color Hash:#79d279

Other Hashes

Crop Resistant:fa78c2e8b0b28e8e,b2b2b2b2b3b34326

Scan History

Scan history not available

Unable to load historical scan data