Likely scam — do not engage
Our AI analyst read the message body and judged it likely to be phishing.
MalwareTips analyst · message material
credential_theftThis email uses a personal iCloud account to send a fake Google activity report containing sensitive personal information.
- The sender uses a personal iCloud address to send what appears to be an official Google/YouTube activity notification.
- The email body contains a massive dump of personal activity history and PII, which is a common tactic in extortion or spear-phishing.
- The subject line is a generic timestamp, which is highly unusual for automated service notifications from major platforms.
- The message infrastructure shows a mismatch between the iCloud sender and the Google-branded content, indicating a lack of authenticity.
Do not click any links or interact with the sender. This is an impersonation attempt; mark the email as phishing and delete it.
Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.
Why this verdict
100 → 33The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 33.
- AI analyst flagged 85% phishing likelihood (credential_theft).ai_phishing_detected-43
- Listed on 1 DNSBL: URIBL.dnsbl_listed-15
- Screenshot OCR + visual pass flagged 40/100 phishing risk: The image shows a mobile application or website displaying personal identifiable information (PII) for an individual, including name, address, and phone number. While not an email, this type of data is frequently used in targeted social engineering and spear-phishing campaigns.screenshot_phishing_visual-12
- Domain publishes strong authentication policy: DMARC p=quarantine · SPF soft-fail.auth_dns_published+9
- AI analyst flagged 40% spam likelihood.ai_spam_detected-6
Display name, domain reputation, and authentication checks for the From address.
Display-name impersonation
NO BRAND CLAIMThe display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.
Brand-lookalike radar
okNo typosquat or homoglyph match against the top 50 phished brands.
Domain age
okwell-known free provider — age check skipped
Signals extracted from the message body, embedded URLs, and uploaded screenshot.
Links extracted from this email
1 shownEach link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.
- www.youtube.com/watch?v=hMaa3o-iAwESuspicion0
Screenshot vision analysis
VISUAL · 40/100The image shows a mobile application or website displaying personal identifiable information (PII) for an individual, including name, address, and phone number. While not an email, this type of data is frequently used in targeted social engineering and spear-phishing campaigns.
- Display of sensitive PII
- Unidentified lookup service
- Potential data broker interface
MX records, deliverability probe, provider classification, and DNS blocklists.
Deliverability
ok- RFC 5322 syntax valid
- 2 MX records publishedmx02.mail.icloud.commx01.mail.icloud.com
- SMTP probe · unknown — SMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)
Provider classification
okHosted on the consumer freemail provider icloud. Not a red flag in itself — billions of legitimate users — but do verify identity through other channels for anything sensitive.
DNS blocklists
okListed by 1 of 3 blocklists:
Breach history for this address and the structural identity of the sending domain.
Breach exposure (HIBP)
okHIBP_API_KEY not configured