update-1-b4cd40.ingress-bonde.ewp.live Open in urlscan Pro
63.250.43.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://servicios.salesup.com/comunicaciones/correos/url/eyJkIjoiVVBOSUZZX0VOREIwMSIsInQiOiIwOTM1NzlFRS1FN0U4LTQ1MjUtQTg5RC1GM...
Effective URL:
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
Submission: On September 22 via manual (September 22nd 2022, 1:34:17 am UTC) from IN — Scanned from DE

Summary HTTP 17 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 63.250.43.1, located in United States and belongs to NAMECHEAP-NET, US. The main domain is update-1-b4cd40.ingress-bonde.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 28th 2022. Valid for: a year.

This is the only time update-1-b4cd40.ingress-bonde.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spark (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.213.254.47 34.213.254.47	16509 (AMAZON-02) (AMAZON-02)
2 15	63.250.43.1 63.250.43.1	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	146.171.248.36 146.171.248.36	2570 (TAS-SPARK...) (TAS-SPARK-NZ Spark New Zealand Trading Ltd)
17	3

1 34.213.254.47 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-254-47.us-west-2.compute.amazonaws.com

servicios.salesup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 63.250.43.1 (United States) 2 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-bonde.easywp.com

update-1-b4cd40.ingress-bonde.ewp.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.171.248.36 (Auckland, New Zealand)

ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ)

www.spark.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	ewp.live 2 redirects update-1-b4cd40.ingress-bonde.ewp.live	296 KB
3	spark.co.nz www.spark.co.nz	14 KB
1	salesup.com 1 redirects servicios.salesup.com	511 B
17	3

	Domain	Requested by
15	update-1-b4cd40.ingress-bonde.ewp.live	2 redirects update-1-b4cd40.ingress-bonde.ewp.live
3	www.spark.co.nz	update-1-b4cd40.ingress-bonde.ewp.live
1	servicios.salesup.com	1 redirects
17	3

This site contains links to these domains. Also see Links.

Domain
www.spark.co.nz

Subject Issuer	Validity	Valid
*.ingress-bonde.ewp.live Sectigo RSA Domain Validation Secure Server CA	`2022-06-28` - `2023-06-28`	a year	crt.sh
www.spark.co.nz Entrust Certification Authority - L1K	`2022-06-14` - `2023-07-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
Frame ID: CA23ACD7BA6524AD51D390FAB5BC8325
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Xtramail sign in | Spark NZ

Page URL History Show full URLs

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin HTTP 301
http://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/ HTTP 307
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/ Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

<div class="[^"]*aem-Grid
/etc/designs/

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

309 kB
Transfer

1251 kB
Size

1
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.spark.co.nz/

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/search

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/shop
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/secure/myspark/mysparkhome
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/getmore
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/help
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/5g
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/iot
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/business/shop
Title: Visit

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/secure/myspark/mysparkhome/

Search URL Search Domain Scan URL

URL: https://www.spark.co.nz/rest/v1/access/logout
Title: Sign out

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin HTTP 301
http://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/ HTTP 307
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://servicios.salesup.com/comunicaciones/correos/url/eyJkIjoiVVBOSUZZX0VOREIwMSIsInQiOiIwOTM1NzlFRS1FN0U4LTQ1MjUtQTg5RC1GMUM4NDMyRTI0MjUiLCJ1IjoiaHR0cHM6Ly91cGRhdGUtMS1iNGNkNDAuaW5ncmVzcy1ib25kZS5ld3AubGl2ZS91cGRhdGUvMDIveHRyYS8ifQ== HTTP 302
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/

Request Chain 1

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login HTTP 301
http://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/ HTTP 307
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/
Redirect Chain

https://servicios.salesup.com/comunicaciones/correos/url/eyJkIjoiVVBOSUZZX0VOREIwMSIsInQiOiIwOTM1NzlFRS1FN0U4LTQ1MjUtQTg5RC1GMUM4NDMyRTI0MjUiLCJ1IjoiaHR0cHM6Ly91cGRhdGUtMS1iNGNkNDAuaW5ncmVzcy1ib25k...
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/

0
448 B

696ms
227ms

Document
text/html

63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7209
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
date: Wed, 21 Sep 2022 23:34:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
refresh: 0; url=login
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: HIT
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 168
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Sep 2022 01:34:12 GMT
Location: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/
Server: nginx/1.14.0 (Ubuntu)
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Accept
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2

200

/ Show response
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/
Redirect Chain

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login
http://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/

0
476 B

465ms
465ms

Document
text/html

63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
date: Thu, 22 Sep 2022 01:34:13 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
refresh: 0; url=signin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/
Non-Authoritative-Reason: HSTS

GET
H2

200

Primary Request / Show response
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
Redirect Chain

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin
http://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

47 KB
6 KB

672ms
671ms

Document
text/html

63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

05e18a30e5064daa9aea81a35dcee0a421000283a82917635110da1363b643d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 22 Sep 2022 01:34:14 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
Non-Authoritative-Reason: HSTS

GET
H2 200 main.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/css/ 11 KB
3 KB 1516ms
1512ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/css/main.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

517a5c1e9d79dc3e2e955db753a3998fa8398879ef07f87810b49778300d0923

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 01:34:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: MISS
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Sep 2022 00:07:14 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"632ba732-2daf"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clientlib-all.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/ 838 KB
110 KB 857ms
854ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-all.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

78a7b57266be64b4f61bc374ee77f94070a165d92a881091e3032dc67f951ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
vary: Accept-Encoding
content-length: 111811
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:57 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6327aaa9-d1832"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clientlib-all.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/sparklabs/ 10 KB
3 KB 854ms
851ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/sparklabs/clientlib-all.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

5a33b1b08faa141fe7a21f91a0f8bd26fb72c4f6ab530de586c1890efed6ff77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
vary: Accept-Encoding
content-length: 2232
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6327aaa7-2625"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clientlib-sparkv2.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/ 116 KB
16 KB 1297ms
1294ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-sparkv2.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

0126d18833bce78c620c4005682d31158d1b31f679cdf8b0f9eedd0e6fa978b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
vary: Accept-Encoding
content-length: 15397
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6327aaa7-1cea7"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clientlib-forms.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/spark-responsive/ 7 KB
2 KB 1298ms
1296ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/spark-responsive/clientlib-forms.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
vary: Accept-Encoding
content-length: 1569
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6327aaa7-1c10"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 xtramail-sign-in.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/xtramail/clientlib_xtramail/ 38 KB
7 KB 1296ms
1295ms Stylesheet
text/css 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/xtramail/clientlib_xtramail/xtramail-sign-in.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
vary: Accept-Encoding
content-length: 6241
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6327aaa7-96c2"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 xtramail-delete-account.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/xtramail/clientlib_xtramail/ 0
0 1514ms
1513ms Stylesheet
text/html 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/xtramail/clientlib_xtramail/xtramail-delete-account.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 01:34:15 GMT
content-encoding: gzip
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html
strict-transport-security: max-age=15768000
content-length: 167

GET
H/1.1 200
OK shopping-disabled.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/ 962 B
1 KB 1163ms
290ms Image
image/svg+xml 146.171.248.36
TAS-SPARK-NZ Spar...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/shopping-disabled.svg

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

146.171.248.36 Auckland, New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),

Reverse DNS

Software

Resource Hash

4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Thu, 22 Sep 2022 01:34:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 10 Sep 2017 10:34:17 GMT
Cache-Control: max-age=7200
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-Cnection: close
Content-Security-Policy: frame-ancestors 'self'
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 512

GET
H/1.1 200
OK shopping.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/ 2 KB
2 KB 1170ms
292ms Image
image/svg+xml 146.171.248.36
TAS-SPARK-NZ Spar...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/shopping.svg

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

146.171.248.36 Auckland, New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),

Reverse DNS

Software

Resource Hash

d65da0384164d3caeeee36b2e8b7b5da42e1183d4575725a3bd05213e786ec55

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Thu, 22 Sep 2022 01:34:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 10 Sep 2017 10:34:17 GMT
Cache-Control: max-age=7200
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-Cnection: close
Content-Security-Policy: frame-ancestors 'self'
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 929

GET
H/1.1 200
OK purple.svg
www.spark.co.nz/content/dam/sparkdigital/images/logo/ 34 KB
11 KB 1188ms
298ms Image
image/svg+xml 146.171.248.36
TAS-SPARK-NZ Spar...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spark.co.nz/content/dam/sparkdigital/images/logo/purple.svg

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

146.171.248.36 Auckland, New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),

Reverse DNS

Software

Resource Hash

8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Thu, 22 Sep 2022 01:34:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 Mar 2017 03:37:11 GMT
Cache-Control: max-age=7200
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-Cnection: close
Content-Security-Policy: frame-ancestors 'self'
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 10484

GET
H2 404 template-background.css
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/content/dam/telecomcms/css/help/ 0
0 1501ms
1500ms Stylesheet
text/html 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/content/dam/telecomcms/css/help/template-background.css

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/login/signin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 01:34:15 GMT
content-encoding: gzip
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html
strict-transport-security: max-age=15768000
content-length: 167

GET
H2 200 91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-site/fonts/Avenir/ 73 KB
74 KB 207ms
206ms Font
font/woff 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-site/fonts/Avenir/91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

cb5460d12873f565566367d90c804bdcdfad6f80522ce61a8fdb03b1cfc156f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-all.css
Origin: https://update-1-b4cd40.ingress-bonde.ewp.live
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:47 GMT
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
content-length: 75190
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:57 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "6327aaa9-125b6"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: font/woff
access-control-allow-origin: https://update-1-b4cd40.ingress-bonde.ewp.live
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 f26faddb-86cc-4477-a253-1e1287684336.woff
update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-site/fonts/Avenir/ 74 KB
75 KB 206ms
205ms Font
font/woff 63.250.43.1
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-site/fonts/Avenir/f26faddb-86cc-4477-a253-1e1287684336.woff

Requested by

Host: update-1-b4cd40.ingress-bonde.ewp.live
URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.1 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-bonde.easywp.com

Software

nginx /

Resource Hash

1c1bbdd52caac896e0afaf4e56e749b8181fb025bfc7afc16ea8f4f38ca99579

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/onespark/clientlib-all.css
Origin: https://update-1-b4cd40.ingress-bonde.ewp.live
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 23:28:47 GMT
x-content-type-options: nosniff
x-cacheable: YES
age: 7528
x-cache: HIT
content-length: 76214
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Sep 2022 23:32:57 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "6327aaa9-129b6"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: font/woff
access-control-allow-origin: https://update-1-b4cd40.ingress-bonde.ewp.live
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET spark-icon-family.woff
www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.spark.co.nz
URL: https://www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/spark-icon-family.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spark (Telecommunication)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			update-1-b4cd40.ingress-bonde.ewp.live/	1969-12-31 23:59:59	Name: PHPSESSID Value: 69m8itij76iv7h60jdm1s812v1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/content/dam/telecomcms/css/help/template-background.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://update-1-b4cd40.ingress-bonde.ewp.live/update/02/xtra/etc/designs/xtramail/clientlib_xtramail/xtramail-delete-account.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

servicios.salesup.com
update-1-b4cd40.ingress-bonde.ewp.live
www.spark.co.nz
www.spark.co.nz
146.171.248.36
34.213.254.47
63.250.43.1
0126d18833bce78c620c4005682d31158d1b31f679cdf8b0f9eedd0e6fa978b3
05e18a30e5064daa9aea81a35dcee0a421000283a82917635110da1363b643d2
1c1bbdd52caac896e0afaf4e56e749b8181fb025bfc7afc16ea8f4f38ca99579
2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
517a5c1e9d79dc3e2e955db753a3998fa8398879ef07f87810b49778300d0923
5a33b1b08faa141fe7a21f91a0f8bd26fb72c4f6ab530de586c1890efed6ff77
78a7b57266be64b4f61bc374ee77f94070a165d92a881091e3032dc67f951ad3
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
cb5460d12873f565566367d90c804bdcdfad6f80522ce61a8fdb03b1cfc156f5
d65da0384164d3caeeee36b2e8b7b5da42e1183d4575725a3bd05213e786ec55
e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

update-1-b4cd40.ingress-bonde.ewp.live Open in urlscan Pro 63.250.43.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

309 kBTransfer

1251 kBSize

1 Cookies

11 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

update-1-b4cd40.ingress-bonde.ewp.live Open in urlscan Pro
63.250.43.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

309 kB
Transfer

1251 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!