Almost certainly a scam
Our AI analyst read the message body and judged it likely to be phishing.
MalwareTips analyst · message material
romance_scamThis is a fake dating profile intro designed to lure clicks to malicious links on suspicious sites.
- Screenshot shows fake dating profile intro, suspicious profile button, and fake company 'LoveConn Inc.' typical of romance scams.
- Suspicious URLs like tessameetxc.ru.com and malformed http://www.= links lead to unrelated domains.
- DNSBL hit on URIBL flags the sender's infrastructure for phishing.
- Visual red flags include poorly OCR'd jumbled text and generic unsubscribe prompt.
- AuthDNS reports SPF hard-fail despite headers claiming pass, indicating spoofing.
- Future date of May 2026 in headers suggests forgery.
Do not click any links or buttons. Delete the email immediately and report it to your email provider as phishing.
Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.
Why this verdict
100 → 15The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 15.
- AI analyst flagged 95% phishing likelihood (romance_scam).ai_phishing_detected-48
- Screenshot OCR + visual pass flagged 100/100 phishing risk: This is an obvious phishing email mimicking a dating site introduction to lure clicks to a malicious profile page. Common scam tactics include flattery, urgency via button, and fake unsubscribe.screenshot_phishing_visual-30
- Listed on 1 DNSBL: URIBL.dnsbl_listed-15
- Domain publishes strong authentication policy: DMARC p=quarantine · SPF hard-fail.spf_hard_fail_policy+11
- AI analyst flagged 20% spam likelihood.ai_spam_detected-3
Display name, domain reputation, and authentication checks for the From address.
Display-name impersonation
NO BRAND CLAIMThe display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.
Brand-lookalike radar
okNo typosquat or homoglyph match against the top 50 phished brands.
Domain age
timeoutRDAP check did not run.
Signals extracted from the message body, embedded URLs, and uploaded screenshot.
Links extracted from this email
5 shownEach link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.
- www.=Link uses plain HTTP, not HTTPSSuspicion5
- www.w3.org/1999/xhtmlLink uses plain HTTP, not HTTPSSuspicion5
- tessameetxc.ru.com/58?s3=Suspicion0
- img.icons8.com/ios/50/000000/star.pngSuspicion0
- tessameetxc.ru.co=Suspicion0
Screenshot vision analysis
VISUAL · 100/100This is an obvious phishing email mimicking a dating site introduction to lure clicks to a malicious profile page. Common scam tactics include flattery, urgency via button, and fake unsubscribe.
- Fake dating profile intro
- Suspicious profile button
- Poorly OCR'd jumbled text
- Generic unsubscribe prompt
- Fake company 'LoveConn Inc.'
- Vague address '14 W Main St.'
MX records, deliverability probe, provider classification, and DNS blocklists.
Deliverability
ok- RFC 5322 syntax valid
- 1 MX record publishedmail.conalot.gob.ve
- SMTP probe · unknown — SMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)
Provider classification
okNot on our disposable-provider list and not a recognised consumer freemail (Gmail / Outlook / Yahoo etc.) — likely a custom domain.
DNS blocklists
okListed by 1 of 3 blocklists:
Breach history for this address and the structural identity of the sending domain.
Breach exposure (HIBP)
okHIBP_API_KEY not configured