Confirmed scam — delete it

Spam email promoting a fake invite from 'Sylvia' to an adult dating site via unrelated mailing service.

Subject·not provided

Body-only scan — sender identity and infrastructure checks are unavailable.Re-scan with sender

At a glance

AI · 30% phishingGeneric Spam5 red flags

Risk score

100

/ 100

malicious

AI analyst

MalwareTips analyst · message material

generic_spam

Spam email promoting a fake invite from 'Sylvia' to an adult dating site via unrelated mailing service.

Phishing likelihood30%

Spam likelihood95%

Red flags identified

Subject announces an unsolicited invite from 'Sylvia' sent from dontreply@mg.admirrormail.net tied to hornyandnaughty.com.
Links point to suspicious hosts like lmb.mail.mailingclouds.com, email.mg.admirrormail.net, hornyandnaughty.com, and wvw.adultsdatenow.com.
Includes an unusual plain HTTP link to www.w3.org/1999/xhtml.
Message date is forged in the future: 7 Apr 2026.
Mailgun variables and Message-ID reference hornyandnaughty.com profiles, indicating mass adult spam.

What to do

Do not click any links or reply. Mark as spam, delete the email, and consider blocking the sender domain.

Why this verdict

Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.

Why this verdict

100 → 0

The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 0.

The pasted address doesn't parse as a valid RFC-5322 email address.
syntax_invalid
-100

URLs in message

Every link extracted from the body, ranked by risk. The highest-leverage signal when sender headers are missing.

Links extracted from this email

5 shown

Each link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.

lmb.mail.mailingclouds.com
/t/p/icDMUqK7p1W-A1=
Host uses multiple subdomains
Suspicion
5
Scan link
email.mg.admirrormail.net
/c/eJzMU0-Tqjgc_DR4=
Host uses multiple subdomains
Suspicion
5
Scan link
www.w3.org
/1999/xhtml
Link uses plain HTTP, not HTTPS
Suspicion
5
Scan link
hornyandnaughty.com
/page/terms/
Suspicion
0
Scan link
wvw.adultsdatenow.com
/mediaservic=
Suspicion
0
Scan link

Unlock more checks

Paste the sender to unlock identity + infrastructure analysis

This scan analysed the message body only. Adding the sender address, a Gmail Name <a@b.com> line, or full headers unlocks:

Display-name impersonation
Spot mismatched names like "PayPal Support" on a random Gmail.
SPF · DKIM · DMARC
See whether the sending server is authorised to use that domain.
Domain age + registrar
Brand-new domains are one of the strongest phish signals.
Breach exposure
How many known data breaches this specific address appears in.
MX + DNSBL reputation
Whether the domain can even receive mail and if it's on any blocklists.

Add sender and re-scan

Your previous paste won't be sent — you'll start a fresh scan with both fields.

Scanned by

Boshman

Scan another

Check a different email address

URL instead?

Check if a link is safe

MalwareTips never stores the raw address. Every input is SHA-256 hashed before persistence — the URL above IS that hash. We keep the local part, domain, and display name separately so the report can render them; the original raw input is dropped after the scan. If you received this email and are worried, do not click any links and do not reply — verify the sender through a known-good channel.