ScanMalware.com

Security Scan Report: auth-preprod.royalmailrelay.com

Redirected to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639045868115014171.MTViYTE5OTMtNTQxMC00OTZlLWI0MWYtMWQ1YWI3YzM3ZDI5NWNhMTJlZmEtZWZmMS00MWVjLTllZWEtMGJmMWY4ZGY1Yzhi&ui_locales=en-US&mkt=en-US&client-request-id=dcda9f5a-cd72-4f72-b0c4-08a9e9307338&state=S6O-lyGFWO9lpQg7bQd0C3cg1k_hNJjgJgFBjVpmJHwOknizwmjJxrPRkttAIgkYlFWstkEotfBsV7tE1qIVpi_Mgc1O6iUQRkuRB3CCZtgAWLwxAY_A7WDqJkb48j7zH81VB35ZZWXhmO6uHz3NIsqHdQlb0wEmMLLR_zvqqKcXi8wYSgAlvIQmqgw8BlH-YsnQC7ibsXeaT5emvJEs6H8q_siVXJOkzx_RLlSZa3F-UjoTS0gMJYOcJjo-xaF0mqhpjTABJMPzLX7JZ_95-RhjxfFO2cI4fVQ3hwHbJG4&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

Submitted: Jan 21, 2026, 10:06:49 AMCompleted: Jan 21, 2026, 10:07:59 AMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 31 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://auth-preprod.royalmailrelay.com/

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639045868115014171.MTViYTE5OTMtNTQxMC00OTZlLWI0MWYtMWQ1YWI3YzM3ZDI5NWNhMTJlZmEtZWZmMS00MWVjLTllZWEtMGJmMWY4ZGY1Yzhi&ui_locales=en-US&mkt=en-US&client-request-id=dcda9f5a-cd72-4f72-b0c4-08a9e9307338&state=S6O-lyGFWO9lpQg7bQd0C3cg1k_hNJjgJgFBjVpmJHwOknizwmjJxrPRkttAIgkYlFWstkEotfBsV7tE1qIVpi_Mgc1O6iUQRkuRB3CCZtgAWLwxAY_A7WDqJkb48j7zH81VB35ZZWXhmO6uHz3NIsqHdQlb0wEmMLLR_zvqqKcXi8wYSgAlvIQmqgw8BlH-YsnQC7ibsXeaT5emvJEs6H8q_siVXJOkzx_RLlSZa3F-UjoTS0gMJYOcJjo-xaF0mqhpjTABJMPzLX7JZ_95-RhjxfFO2cI4fVQ3hwHbJG4&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating Microsoft login; do not enter credentials and report.

Risk Factors
Brand impersonation on an unranked, unrelated domain
Credential harvesting form (email/password) on suspicious domain
Domain mismatch between displayed brand (Microsoft) and actual host (royalmailrelay.com)
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the commercial generic top-level domain (.com), 'auth-preprod.royalmailrelay.com' is registered and includes subdomain 'auth-preprod'. The registrable portion 'royalmailrelay' spans 14 characters with 6 vowels and 8 consonants. Tokenizing the label suggests three words: royal, mail, relay. Median word length is five characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://auth-preprod.royalmailrelay.com/

Page Load Overview

0.99s
Total Load Time
30
HTTP Requests
5
Domains
469 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
520.190.160.20Netherlands
AS8075
513.107.6.156United States
AS8068MICROSOFT-CORP-MSN-AS-BLOCK
513.107.246.45United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
552.178.17.232NetherlandsUnknown
540.126.32.136NetherlandsUnknown
5172.64.144.130NetherlandsUnknown
306--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C7835BDA7EA32A37878651B5B8B53E06AB3A5E034888CC64F18CCC842FEB71D4537557

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lccxK1A8GLGGWcxT1jqR1pBgiozTEyqU6MVnvnaloMPb9Efii4ytViC:ack1A8RcV1jqR1puiXyS2OyHiC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:84903:K8QmCggASIwBIRKiDEXCyKwDCAACkARJQMwVuQCFACxATwaI6aG4SBOINA1NQQR+h5CPUDBpp0YITdAUgIAIAwIgBCyKBJCZ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#5c2d86

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data