sparkmail.azurewebsites.net Open in urlscan Pro
104.41.13.179 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sparkmail.azurewebsites.net/
Effective URL:
https://sparkmail.azurewebsites.net/?session_id=74afcb8e7ad7008b10c24f20c71eb27b&pageid=login
Submission: On April 18 via api (April 18th 2019, 5:41:45 am UTC) from GB

Summary HTTP 90 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 13 domains to perform 90 HTTP transactions. The main IP is 104.41.13.179, located in Campinas, Brazil and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is sparkmail.azurewebsites.net.
TLS certificate: Issued by Microsoft IT TLS CA 4 on December 17th 2017. Valid for: 2 years.

This is the only time sparkmail.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spark (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 72	104.41.13.179 104.41.13.179	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	104.16.246.12 104.16.246.12	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.16.166 172.217.16.166	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
2 3	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.205.226 216.58.205.226	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
90	13

72 104.41.13.179 (Campinas, Brazil) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

sparkmail.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.246.12 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

spark-track.inside-graph.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.166 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f166.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	azurewebsites.net 1 redirects sparkmail.azurewebsites.net	3 MB
4	doubleclick.net 2 redirects ad.doubleclick.net stats.g.doubleclick.net googleads4.g.doubleclick.net	4 KB
3	google.com 2 redirects www.google.com	898 B
3	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	google.de www.google.de	218 B
1	flashtalking.com servedby.flashtalking.com
1	gstatic.com www.gstatic.com	91 KB
1	googletagservices.com www.googletagservices.com	29 KB
1	inside-graph.com spark-track.inside-graph.com	7 KB
1	crazyegg.com script.crazyegg.com	686 B
1	googletagmanager.com www.googletagmanager.com	55 KB
0	spark.co.nz Failed www.spark.co.nz Failed
0	facebook.net Failed connect.facebook.net Failed
90	13

	Domain	Requested by
72	sparkmail.azurewebsites.net	1 redirects sparkmail.azurewebsites.net
3	www.google.com	2 redirects sparkmail.azurewebsites.net
3	www.google-analytics.com	1 redirects www.googletagmanager.com sparkmail.azurewebsites.net
2	www.google.de	sparkmail.azurewebsites.net
2	stats.g.doubleclick.net	2 redirects
1	servedby.flashtalking.com	sparkmail.azurewebsites.net
1	www.gstatic.com	www.google.com
1	googleads4.g.doubleclick.net	sparkmail.azurewebsites.net
1	www.googletagservices.com	ad.doubleclick.net
1	ad.doubleclick.net	www.googletagmanager.com
1	spark-track.inside-graph.com	sparkmail.azurewebsites.net
1	script.crazyegg.com	www.googletagmanager.com
1	www.googletagmanager.com	sparkmail.azurewebsites.net
0	www.spark.co.nz Failed	sparkmail.azurewebsites.net
0	connect.facebook.net Failed	sparkmail.azurewebsites.net
90	15

This site contains no links.

Subject Issuer	Validity	Valid
*.azurewebsites.net Microsoft IT TLS CA 4	`2017-12-17` - `2019-12-17`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
ssl945600.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-20` - `2019-09-18`	9 months	crt.sh
ssl403629.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-11-24` - `2019-06-02`	6 months	crt.sh
*.doubleclick.net Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
servedby.flashtalking.com DigiCert SHA2 Secure Server CA	`2019-02-08` - `2021-02-11`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://sparkmail.azurewebsites.net/?session_id=74afcb8e7ad7008b10c24f20c71eb27b&pageid=login
Frame ID: E4D91BA1362D61BEECDAF5D2AC364E9A
Requests: 86 HTTP requests in this frame

Frame: https://sparkmail.azurewebsites.net/Spark%20Email%20_%20Spark%20NZ_files/dest5.html
Frame ID: 3AEDA0F687910084A8B24C4539921EF7
Requests: 1 HTTP requests in this frame

Frame: https://sparkmail.azurewebsites.net/Spark%20Email%20_%20Spark%20NZ_files/activityi.html
Frame ID: 8B43F70CF335A851CB296C0D49144DB8
Requests: 1 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/container/7487;52295;5663;iframe/?U1=undefined&U2=undefined&U3=undefined&U5=undefined&U10=false&ft_referrer=https%3A//sparkmail.azurewebsites.net/%3Fsession_id%3D74afcb8e7ad7008b10c24f20c71eb27b%26pageid%3Dlogin&ns=&cb=205598.38084574978
Frame ID: 8197EF244810191B8B5D467565DE7DEB
Requests: 1 HTTP requests in this frame

Frame: https://sparkmail.azurewebsites.net/Spark%20Email%20_%20Spark%20NZ_files/a.html
Frame ID: FED93B33888C55A970DD6F7D3987D661
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://sparkmail.azurewebsites.net/ HTTP 302
https://sparkmail.azurewebsites.net/?session_id=74afcb8e7ad7008b10c24f20c71eb27b&pageid=login Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

Page Statistics

90
Requests

93 %
HTTPS

62 %
IPv6

13
Domains

15
Subdomains

13
IPs

3
Countries

2766 kB
Transfer

9875 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sparkmail.azurewebsites.net/ HTTP 302
https://sparkmail.azurewebsites.net/?session_id=74afcb8e7ad7008b10c24f20c71eb27b&pageid=login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-48213762-2&cid=1633009465.1555566070&jid=687566077&gjid=362506267&_gid=1850591820.1555566070&_u=YGBAgEAB~&z=773535783 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-48213762-2&cid=1633009465.1555566070&jid=687566077&_v=j73&z=773535783 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-48213762-2&cid=1633009465.1555566070&jid=687566077&_v=j73&z=773535783&slf_rd=1&random=3065311022

Request Chain 66

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=806328446&t=pageview&_s=1&dl=https%3A%2F%2Fsparkmail.azurewebsites.net%2F%3Fsession_id%3D74afcb8e7ad7008b10c24f20c71eb27b%26pageid%3Dlogin&dr=&ul=en-us&de=UTF-8&dt=Spark%20Email%20%7C%20Spark%20NZ&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGDACEABB~&jid=2113529228&gjid=782898170&cid=1633009465.1555566070&tid=UA-48213762-11&_gid=1850591820.1555566070&_r=1&gtm=2wg430WT5NVL&cd1=%2F&cd3=%2Fcontent%2Ftelecomcms%2Fpersonal%2Fxtramail%2Flogin-content-component-test&cd4=2017-12-01T10%3A54%3A43Z&cd5=xtramail&cd6=xtramail%2Fsignin&z=864116731 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-48213762-11&cid=1633009465.1555566070&jid=2113529228&_gid=1850591820.1555566070&gjid=782898170&_v=j73&z=864116731 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-48213762-11&cid=1633009465.1555566070&jid=2113529228&_v=j73&z=864116731 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-48213762-11&cid=1633009465.1555566070&jid=2113529228&_v=j73&z=864116731&slf_rd=1&random=2671692777

90 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
sparkmail.azurewebsites.net/
Redirect Chain

https://sparkmail.azurewebsites.net/
https://sparkmail.azurewebsites.net/?session_id=74afcb8e7ad7008b10c24f20c71eb27b&pageid=login

87 KB
27 KB

271ms
271ms

Document
text/html

104.41.13.179
Microsoft Corpora...

General

Source	Level	URL Text
console-api	warning	URL: https://sparkmail.azurewebsites.net/Spark%20Email%20_%20Spark%20NZ_files/granite.js(Line 170) Message: CSRF data not available;The data may be unavailable by design, such as during non-authenticated requests: SyntaxError: Unexpected token T in JSON at position 0
console-api	warning	URL: https://sparkmail.azurewebsites.net/Spark%20Email%20_%20Spark%20NZ_files/clientlib-all_002.js(Line 26228) Message: Nothing selected, can't validate, returning nothing.

sparkmail.azurewebsites.net Open in urlscan Pro 104.41.13.179 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

93 %HTTPS

62 %IPv6

13 Domains

15 Subdomains

13 IPs

3 Countries

2766 kBTransfer

9875 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sparkmail.azurewebsites.net Open in urlscan Pro
104.41.13.179 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

93 %
HTTPS

62 %
IPv6

13
Domains

15
Subdomains

13
IPs

3
Countries

2766 kB
Transfer

9875 kB
Size

0
Cookies

90 HTTP transactions
0 data transactions