ScanMalware.com

Security Scan Report: auth-preprod.royalmailrelay.com

Redirected to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639049681035411529.NmM2NTBjNTQtNzFhYi00Mjc3LWE0YzEtNDhmNjkyOWJjYzVhMGYyYzIzZWUtNTIwZS00Y2MyLTllMTgtMmJjZGMzMDA0ZDRi&ui_locales=en-US&mkt=en-US&client-request-id=7f68840d-4191-4c19-8812-cdce16eaa0a7&state=CEvFP5KJmvSEbYWoLhzjePDhWpWijW66fqanGMr_BETjZhqSqVndgdO7kaS_r2gnvzVpetAviBKEeGOBbqOdKydTpajvuzgJ_mKLJPDE6TpHQi4VjdhQbAil-su_xam-UTRnyEZ00dTKz7ZcevMOidpUtYEaaPf7CEWY-sTlYRbgxL-2l8lsAftGO5cGn-TfJiGtn2JJiHmGW89MyBabtoT3tPTanMdsAhpBNgP5DCUThitM2RmmexKq4uiPeuVSVYzn63nT1to0JwPU-YrrJRBhXvM6c0aTEyZ1XZ_tjJA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

Submitted: Jan 25, 2026, 8:01:40 PMCompleted: Jan 25, 2026, 8:02:49 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: http://auth-preprod.royalmailrelay.com/

Effective URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=639049681035411529.NmM2NTBjNTQtNzFhYi00Mjc3LWE0YzEtNDhmNjkyOWJjYzVhMGYyYzIzZWUtNTIwZS00Y2MyLTllMTgtMmJjZGMzMDA0ZDRi&ui_locales=en-US&mkt=en-US&client-request-id=7f68840d-4191-4c19-8812-cdce16eaa0a7&state=CEvFP5KJmvSEbYWoLhzjePDhWpWijW66fqanGMr_BETjZhqSqVndgdO7kaS_r2gnvzVpetAviBKEeGOBbqOdKydTpajvuzgJ_mKLJPDE6TpHQi4VjdhQbAil-su_xam-UTRnyEZ00dTKz7ZcevMOidpUtYEaaPf7CEWY-sTlYRbgxL-2l8lsAftGO5cGn-TfJiGtn2JJiHmGW89MyBabtoT3tPTanMdsAhpBNgP5DCUThitM2RmmexKq4uiPeuVSVYzn63nT1to0JwPU-YrrJRBhXvM6c0aTEyZ1XZ_tjJA&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=trueRedirected

AI Security Verdict

High Risk

Confidence: 90%

8
Risk Score

Phishing page impersonating Microsoft login; do not enter credentials.

Risk Factors
Brand impersonation (Microsoft) on an unrelated domain
Credential harvesting form (email + password) on a suspicious domain
Unranked domain presenting as an official Microsoft authentication page
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'auth-preprod.royalmailrelay.com' uses the commercial generic top-level domain (.com) with subdomain 'auth-preprod'. The core label 'royalmailrelay' covers 14 characters split between six vowels and 8 consonants. Splitting it apart reveals three words: royal, mail, relay. Average segment length settles at 5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://auth-preprod.royalmailrelay.com/

Page Load Overview

1.00s
Total Load Time
31
HTTP Requests
6
Domains
469 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:133 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7172.64.144.130United States
AS13335Cloudflare, Inc.
420.50.201.205United States
AS8068
413.107.6.156United States
AS8068Microsoft Corporation
440.126.32.138Netherlands
AS13335
440.126.31.0UnknownUnknown
423.207.210.132UnknownUnknown
413.107.246.44United States
AS8075Microsoft Corporation
317--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T18B836CE57EA3293786CA41B5B8B57E02AF3A59039C48CDA4F18CCA841FEA75D8137143

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jcae8GLGGZbOjRuSRAQQz5A+HY3uREozTEyqU6MVnvnaloMPtnEfii47EEC:Qae8AbOjRNRAQKUCEXyS2a7DC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:86840:JuJyBVEKbpAG8FwkIUUCBKOjUplAKIIEQKDEYCoAyBggKzlxeSQaAoYKKGAQlUoKSBSLNCI4AU3AZUuiAtwgDeC5yELBBIJM

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010393b373f373f
Perceptual Hash:845971764699d96e
Difference Hash:88e4d2d3e5e6e6e6
Wavelet Hash:00003b3b373f373f
Color Hash:#61d22d

Other Hashes

Crop Resistant:88e4d2d3e5e6e6e6

Scan History

Scan history not available

Unable to load historical scan data