Tier · dangerous
Verdict

Likely scam — do not engage

Our AI analyst read the message body and judged it likely to be phishing.

michael.nokleberg@marshall-usa.com
At a glance
Domain 23y oldAI · 85% phishingDNSBL · 1 list
Risk score
57
/ 100
malicious
AI analyst

MalwareTips analyst · message material

credential_theft

Suspicious request for quotation using a generic greeting and a vague reference to an unseen attachment.

Phishing likelihood85%
Spam likelihood40%
Red flags identified
  • The message uses a generic 'Dear Sir/Madam' salutation which is inconsistent with a professional business request from a specific director.
  • The sender's domain is listed on a DNS blocklist (URIBL), indicating it has been associated with suspicious activity.
  • The email contains a vague request to open an attachment for details, a common tactic for delivering malware or credential-harvesting documents.
  • An external sender warning banner is present, suggesting the sender is not a regular contact or the address may be spoofed.
  • The message body contains repetitive text and lacks specific details about the items or services being requested.
What to do

Do not open any attachments or click links in this email. Verify the request through a known, trusted contact channel for Marshall Electronics before taking further action.

Why this verdict

Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.

Why this verdict

10043

The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 43.

  • AI analyst flagged 85% phishing likelihood (credential_theft).
    ai_phishing_detected
    -43
  • Screenshot OCR + visual pass flagged 65/100 phishing risk: The email uses a generic 'Dear Sir/Madam' greeting and a vague request to open an attachment for details, which are common tactics for malware delivery. An external sender warning banner is present, indicating the sender's address may be spoofed or is not a frequent contact.
    screenshot_phishing_visual
    -20
  • Listed on 1 DNSBL: URIBL.
    dnsbl_listed
    -15
  • Domain has been registered for over 23 years.
    domain_longstanding
    +15
  • Domain publishes strong authentication policy: DMARC p=reject · SPF hard-fail.
    dmarc_reject_enforced
    +15
Sender identity

Display name, domain reputation, and authentication checks for the From address.

Display-name impersonation

NO BRAND CLAIM

The display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.

Brand-lookalike radar

ok

No typosquat or homoglyph match against the top 50 phished brands.

Domain age

ok
  • RegisteredFeb 19, 2003long-established (10+ years)
  • Age8533 days
  • RegistrarGoDaddy.com, LLC
Content evidence

Signals extracted from the message body, embedded URLs, and uploaded screenshot.

Phishing-pattern signals

1 signal

Rule-based pattern matches we ran across the message body and OCR text BEFORE the AI analyst. Each is a hint, not a verdict.

  • Uses a generic, impersonal greetinglow
    Dear Sir/Madam, Kindly provide your qu

Links extracted from this email

1 shown

Each link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.

  • www.marshall-usa.com
    Link uses plain HTTP, not HTTPS
    Suspicion
    5

Screenshot vision analysis

VISUAL · 65/100

The email uses a generic 'Dear Sir/Madam' greeting and a vague request to open an attachment for details, which are common tactics for malware delivery. An external sender warning banner is present, indicating the sender's address may be spoofed or is not a frequent contact.

Displayed From
Michael Nokleberg <michael.nokleberg@marshall-usa.com>
Subject
Request for Quotation
Visual red flags
  • External sender warning banner
  • Generic salutation
  • Vague request for quotation
  • Reference to unseen attachment
Detected logos
Marshall
Visible URLs in screenshot
  • http://www.marshall-usa.com/
Infrastructure

MX records, deliverability probe, provider classification, and DNS blocklists.

Deliverability

ok
  • RFC 5322 syntax valid
  • 1 MX record published
    marshallusa-com02b.mail.protection.outlook.com
  • SMTP probe · unknownSMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)

Provider classification

ok

Not on our disposable-provider list and not a recognised consumer freemail (Gmail / Outlook / Yahoo etc.) — likely a custom domain.

DNS blocklists

ok

Listed by 1 of 3 blocklists:

URIBL
Reputation

Breach history for this address and the structural identity of the sending domain.

Breach exposure (HIBP)

ok

HIBP_API_KEY not configured

Sender infrastructure

Domain
marshall-usa.com
Domain age
8533 days · long-established (10+ years)
Provider
custom domain
MX hosts
marshallusa-com02b.mail.protection.outlook.com
MalwareTips never stores the raw address. Every input is SHA-256 hashed before persistence — the URL above IS that hash. We keep the local part, domain, and display name separately so the report can render them; the original raw input is dropped after the scan. If you received this email and are worried, do not click any links and do not reply — verify the sender through a known-good channel.