Mohamed Omar Bennouna Temsamani - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Mohamed Omar Bennouna Temsamani joined AbuseIPDB in November 2024 and has reported 140 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇳🇱 2a01:111:f403:d201::1	28 Mar 2025	We received a phishing email targeting one of our addresses under the rock.ma domain. The message im ... show more We received a phishing email targeting one of our addresses under the rock.ma domain. The message impersonated a procurement officer from "TotalEnergies" and requested a quote for pumps. The sender used a spoofed Outlook address: [email protected]. The email was delivered from the IP address 2a01:111:f403:d201::1, associated with Microsoft's Outlook.com outbound servers. The content and behavior of the message are deceptive, attempting to simulate a legitimate business transaction with malicious intent. Technical Details: Return Path: [email protected] Subject: REQUEST FOR PUMPS DKIM: Pass for outlook.com SPF: Pass for IP 2a01:111:f403:d201::1 Headers indicate the message was sent via AS8PR04CU009.outbound.protection.outlook.com Language & style indicate impersonation of a real company (TotalEnergies), targeting business accounts. Recipient: [email protected] (legitimate email used for business communication) show less	Fraud Orders Phishing Email Spam
🇩🇪 23.88.73.216	28 Mar 2025	A fraudulent email was received at an address under the rock.ma domain. The sender impersonated HSBC ... show more A fraudulent email was received at an address under the rock.ma domain. The sender impersonated HSBC Bank with a fake inward payment notification referencing "[UAP18340882]" and used the domain athensaero.com. This is a clear phishing attempt aimed at deceiving the recipient into believing it is a legitimate financial transaction. Technical Details: From: [email protected] Subject: Inward Payment Notification Ref:[UAP18340882] Message ID: <[email protected]> Sending IP: 23.88.73.216 (passed SPF and DKIM for athensaero.com) ARC and DKIM headers: Present and validated for athensaero.com, but irrelevant to our domain rock.ma, which is being spoofed. False Representation: The email falsely claims to be from HSBC Bank. This is a deliberate impersonation and phishing scam targeting our domain. Full headers are available and confirm that 23.88.73.216 is the origin of the malicious message. show less	Phishing Email Spam
🇩🇪 46.4.78.59	28 Mar 2025	A phishing email was received by [email protected], impersonating a business inquiry. The sender (raf@ ... show more A phishing email was received by [email protected], impersonating a business inquiry. The sender ([email protected]) used a misleading identity (Sebastian Becker) and the reply-to points to a fraudulent Yahoo address ([email protected]). This indicates an attempt to deceive and engage in fraudulent communication. The message passed SPF and DKIM for surpham.mg, but was sent via the IP 46.4.78.59, which does not belong to our domain nor any authorized senders. This constitutes a clear abuse, likely with intent to phish or scam. Technical Details: Return-Path: [email protected] Reply-To: [email protected] Origin IP: 46.4.78.59 (static.59.78.4.46.clients.your-server.de) Subject: "Inquiry" Recipient: [email protected] ARC-Seal / Authentication-Results: spoofing not detected by SPF/DKIM, but the message is not legitimate. Evidence: Email impersonates a business contact. Reply-to address is unrelated and suspicious. Our domain rock.ma has no relation with surpham.mg. show less	Fraud Orders Phishing Email Spam
🇵🇱 54.38.59.202	27 Mar 2025	We received a phishing email sent to our company address at rock.ma, pretending to be a legitimate c ... show more We received a phishing email sent to our company address at rock.ma, pretending to be a legitimate communication related to an order. The sender domain ara.biz.pl is not associated with our organization. The message was sent from IP address 54.38.59.202 and falsely included prior email references to make the message appear part of an ongoing thread. This is a clear case of phishing, attempting to exploit trust in legitimate-looking email threads. Our domain (rock.ma) was not involved in any prior communication with the sender, nor does it have any relation to ara.biz.pl. Technical Summary: Sender: [email protected] IP: 54.38.59.202 Subject: PO MEC25BC00169 // EX2502145-DD From name: Mecafric Import SPF: Pass DKIM: Pass for ara.biz.pl DMARC: Pass ARC Headers: Present, falsely linking to rock.ma Tactic: Email spoofing + fake reply chain + impersonation of a company order show less	Fraud Orders Phishing Email Spam
🇨🇳 211.157.147.133	26 Mar 2025	This email was received by our domain rock.ma and is part of a phishing campaign using a fake identi ... show more This email was received by our domain rock.ma and is part of a phishing campaign using a fake identity ([email protected]) and a spoofed business subject to gain trust. The sender’s IP address 211.157.147.133 is listed in the headers as the origin point, authorized via SPF for exportlamp.com. This is a targeted phishing attempt and constitutes a serious abuse of our email infrastructure. Technical Details: Return-Path: [email protected] Sender IP: 211.157.147.133 Delivered to: [email protected] Subject: Fake supplier proposal — spam content in subject line. SPF: Passed for exportlamp.com Email passed through several suspicious relay chains, including IP 185.14.47.135 Full headers and message metadata indicate suspicious origin and abuse of the mail system. show less	Phishing Email Spam
🇺🇸 198.23.221.49	25 Mar 2025	This report concerns a phishing email sent from IP address 198.23.221.49, impersonating our legitima ... show more This report concerns a phishing email sent from IP address 198.23.221.49, impersonating our legitimate domain rock.ma. The email falsely claims to originate from CMA CGM and was sent to internal and external addresses such as [email protected] and [email protected]. Details: Sender: [email protected] Return-Path: [email protected] (via SRS spoofing) Subject: CMA CGM - Draft BL available for approval - DXB0904751 DKIM: Valid for rock.ma (forged). Invalid for server2096.cc (real sender). DMARC: Failed for server2096.cc SPF: Softfail for domain mismatch show less	Phishing Email Spam
🇺🇸 2607:f8b0:4864:20::1029	25 Mar 2025	An unsolicited phishing email was sent to [email protected] impersonating the company PreSonus, with t ... show more An unsolicited phishing email was sent to [email protected] impersonating the company PreSonus, with the subject “Unpaid Invoice.” The message was sent from [email protected] (legitimate domain), and uses a misleading reply-to: [email protected], indicating a fraudulent intention. The email was routed through Google's mail servers using the IP 2607:f8b0:4864:20::1029. SPF, DKIM, and DMARC all passed for alumni.iastate.edu, suggesting that a legitimate account was compromised and abused to send this phishing attempt. This message includes misleading headers and branding to create urgency and deceive recipients into engaging with fake invoices. Technical details: From: [email protected] Reply-To: [email protected] Subject: Unpaid Invoice To: [email protected] (our company domain) Sending IP: 2607:f8b0:4864:20::1029 Authentication: SPF, DKIM, DMARC = pass (likely compromised account) Content: Fake unpaid invoice warning, impersonation of PreSonus show less	Phishing Email Spam
🇸🇬 8.219.25.25	24 Mar 2025	We received an unsolicited email sent to [email protected] impersonating a legitimate supplier and ref ... show more We received an unsolicited email sent to [email protected] impersonating a legitimate supplier and referencing components for electric guitars (footswitches, potentiometers, etc.). The email appears to originate from [email protected] but uses forged headers to appear trustworthy. The sender is not affiliated with rock.ma and is using deceptive tactics. The domain heoyrvk.com is unrelated to our business, and the content suggests a phishing or scam campaign. Technical Details: Return Path: [email protected] Sender Domain: heoyrvk.com DKIM: Passed for heoyrvk.com SPF: Passed for IP 8.219.25.25 Subject: "To footswitch,9mm and 16mm rotary potentiometer..." Reply-To: [email protected] (different from sender) Fake Unsubscribe Link: Hosted on wpzjx.asia, suspicious and unrelated ARC Headers: Show domain impersonation (rock.ma) X-Filter-Label: Marked as newsletter but unsolicited and misleading show less	Phishing Email Spam
🇨🇳 115.124.21.99	23 Mar 2025	We received an unsolicited commercial email at [email protected] from bpbwdbp.com, advertising KACON f ... show more We received an unsolicited commercial email at [email protected] from bpbwdbp.com, advertising KACON foot switches. Although the email passed SPF, DKIM, and DMARC validations, it was sent without any prior contact, consent, or relationship. The message contains red flags commonly associated with phishing and spam: A misleading Reply-To address ([email protected]) different from the sender. An unsubscribe link pointing to track.ttsi5.com, a suspicious tracking domain. Delivered via Aliyun SMTP infrastructure, often abused in spam operations. Use of bulk mailing software Alimail-Mailagent, suggesting automated spam campaigns. Technical Details: Sender IP: 115.124.21.99 Return-Path: [email protected] Reply-To: [email protected] Subject: Enhance Your Operations with KACON’s Foot Switches Unsubscribe URL: https://track.ttsi5.com/track.php?... DKIM/SPF/DMARC: All passed, likely used to feign legitimacy. show less	Phishing Email Spam
🇳🇱 196.251.92.87	20 Mar 2025	A phishing email was sent to an address under the rock.ma domain, originating from the IP 196.251.92 ... show more A phishing email was sent to an address under the rock.ma domain, originating from the IP 196.251.92.87. The sender spoofed Gmail (gmail.com) as their domain, but SPF failed (softfail). This email is a fraudulent business proposal scam, likely an attempt at financial fraud or advance-fee fraud. The sender, [email protected], is not associated with rock.ma, and their email lacks proper authentication. Technical Details: Return Path: [email protected] Sender Domain: gmail.com (spoofed) SPF: Softfail (gmail.com does not permit 196.251.92.87 to send mail). Reverse DNS Lookup: Failed for 196.251.92.87. Message Type: Business proposal scam. show less	Phishing Email Spam
🇸🇬 8.219.35.51	20 Mar 2025	The email was relayed from IP 8.219.35.51, which passed SPF and DKIM for irhfhex.com, and was sent v ... show more The email was relayed from IP 8.219.35.51, which passed SPF and DKIM for irhfhex.com, and was sent via an Alibaba Cloud Mail Server (out35-51.sg.b.dm.aliyun.com). Technical Details: Return Path: [email protected] Reply-To Address: [email protected] (possible fraud indicator) Sender Domain: irhfhex.com DKIM Signature: Passed for irhfhex.com. SPF: Passed for IP 8.219.35.51. Subject: "Find Your Best Match for a Conceptional Cable Provider" Message Type: Unsolicited spam with potential fraudulent intent. Mail Relay: Sent via Alibaba Cloud Mail Server (out35-51.sg.b.dm.aliyun.com). Unsubscribe Link: Suspicious tracking URL (banxiao.asia), indicating potential malware, phishing, or tracking abuse. show less	Phishing Email Spam
🇩🇪 178.63.99.84	20 Mar 2025	An unsolicited phishing email was sent to an address under the rock.ma domain, attempting to deceive ... show more An unsolicited phishing email was sent to an address under the rock.ma domain, attempting to deceive the recipient into revealing login credentials under the pretense of an expired password. The email was sent from [email protected], falsely claiming to be an IT helpdesk notification. The email was relayed from 178.63.99.84, which passed SPF and DKIM verification for aimsshop.com.np. However, this domain is unrelated to rock.ma, and the email constitutes a clear phishing attempt. Technical Details: Return Path: [email protected] Sender Domain: aimsshop.com.np DKIM Signature: Passed for aimsshop.com.np. SPF: Passed for IP 178.63.99.84. Subject: "ATTENTION: Password key expired! (clients)" Message Type: Fraudulent IT Helpdesk alert attempting to harvest credentials. show less	Phishing Email Spam
🇷🇴 86.123.160.225	19 Mar 2025	A phishing email was sent to an address under the rock.ma domain, attempting to deceive the recipien ... show more A phishing email was sent to an address under the rock.ma domain, attempting to deceive the recipient with a fraudulent quote request (Solicitud de cotización). The email appears to originate from icpebn.ro, using the address [email protected], and was sent via the IP 86.123.160.225. The sender uses a misleading identity (Isabella Rodríguez) and an undisclosed recipient list, which is a common tactic in spam and phishing attempts. This unsolicited email could be an attempt to: Collect sensitive business data. Deliver malware through attachments. Deceive the recipient into engaging in fraudulent transactions. show less	Fraud Orders Phishing Email Spam
🇺🇸 172.245.92.232	19 Mar 2025	An unsolicited phishing email was sent to an address under the rock.ma domain, attempting to imperso ... show more An unsolicited phishing email was sent to an address under the rock.ma domain, attempting to impersonate our organization. The email falsely claims that the recipient's email ([email protected]) will be deleted unless they update their service terms. This is a fraudulent attempt to steal credentials via a malicious link. The message was relayed from IP 172.245.92.232, which is associated with the domain snedgird.cc. It failed DKIM authentication for this domain and was flagged by multiple DNS blocklists (Spamhaus SBL, DBL, URIBL), indicating phishing and botnet-related activity. Technical Details: Return Path: [email protected] Sender Domain: snedgird.cc (not associated with rock.ma) DKIM Signature: Failed for snedgird.cc. SPF: Passed for IP 172.245.92.232, indicating the domain was possibly misused. Subject: "[CASE ID: #FGW-hbmwfvrelvi] Update Service Terms to Avoid Termination" Message Type: Fake account suspension notice with a malicious link. show less	Phishing Email Spam
🇧🇬 193.222.96.123	18 Mar 2025	An unsolicited phishing email was sent to an address under the rock.ma domain. The email falsely cla ... show more An unsolicited phishing email was sent to an address under the rock.ma domain. The email falsely claims to be from "Saleh Bin Gadeem" ([email protected]) and contains a fraudulent reference to "PR: 107123", likely to deceive recipients into interacting with an attached or linked malicious file. The message was sent from IP 193.222.96.123, which passed SPF and DKIM for lovong.com, but is suspected to be part of a scam operation. Technical Details: Return Path: [email protected] Sender Domain: lovong.com DKIM Signature: Passed for lovong.com (potential misuse or compromised account). SPF: Passed for IP 193.222.96.123. Subject: "PR: 107123" Message Type: Likely an invoice fraud or malware attachment phishing attempt. Evidence: The email attempts to trick the recipient into opening a malicious attachment. The IP 193.222.96.123 was used for sending the scam email. The domain lovong.com may be compromised or used for fraudulent purposes. show less	Fraud Orders Phishing Email Spam
🇺🇸 13.111.200.109	17 Mar 2025	An email was received by an address under the rock.ma domain, falsely appearing to be from Meta for ... show more An email was received by an address under the rock.ma domain, falsely appearing to be from Meta for Business. The message claims to offer sales tools but was not sent by Meta and constitutes an unauthorized impersonation attempt. The sending domain global.metamail.com is not associated with our organization, and the email was sent from the IP 13.111.200.109, likely as part of a phishing or spam campaign. Technical Details: Return Path: bounce-17_HTML-217919277-188600-515009167-540@bounce.global.metamail.com Sender Domain: global.metamail.com DKIM Signature: Passed for global.metamail.com, but sender impersonation detected. SPF: Passed for IP 13.111.200.109. ARC-Seal Header: Indicates mail relay impersonation. Message Subject: 3 tools to help with omnichannel sales List-Unsubscribe Link: Appears fraudulent, attempting to collect email interactions. show less	Phishing Email Spam
🇳🇱 62.106.66.213	14 Mar 2025	An unsolicited phishing email was sent to an address under the rock.ma domain. The email is a fraudu ... show more An unsolicited phishing email was sent to an address under the rock.ma domain. The email is a fraudulent financial offer and appears to originate from collinsadelaide.org, using a spoofed or compromised email ([email protected]). The message was relayed from IP 62.106.66.213, which passed SPF and DKIM for collinsadelaide.org, but then attempted to redirect responses to a separate Reply-To address ([email protected]). This is a clear sign of a phishing and scam attempt. Technical Details: Return Path: [email protected] Reply-To Address: [email protected] (indicates a scam attempt) Sender Domain: collinsadelaide.org DKIM Signature: Passed for collinsadelaide.org. SPF: Passed for IP 62.106.66.213. Subject: "Structured Project-FundingJC25" Message Type: Fake financial proposal, likely an advanced fee fraud scam. show less	Phishing Email Spam
🇧🇬 193.222.96.189	13 Mar 2025	An unsolicited spam email was sent to an address under the rock.ma domain, promoting fraudulent proj ... show more An unsolicited spam email was sent to an address under the rock.ma domain, promoting fraudulent project funding offers. The email was sent from [email protected], but the Reply-To field points to [email protected], indicating a likely scam attempt to deceive recipients. The IP 193.222.96.189 is the sender of this spam. Technical Details: Return Path: [email protected] Sender Domain: kibidabi.com Reply-To Address: [email protected] (different from sender) DKIM Signature: Passed for kibidabi.com, meaning the domain's email server is involved in sending this. SPF: Passed for IP 193.222.96.189, showing it is an authorized sender for kibidabi.com. Message Subject: "Project funding Convenience!" show less	Email Spam
🇺🇸 198.23.221.13	13 Mar 2025	A phishing email was received impersonating our domain (rock.ma). The email falsely claims to provid ... show more A phishing email was received impersonating our domain (rock.ma). The email falsely claims to provide a draft Bill of Lading (BL) and attempts to lure recipients into clicking a fraudulent link hosted on ipfs.io. The message was sent via 198.23.221.13, which appears in multiple blocklists (Spamhaus SBL-CSS, URIBL_BLACK, URIBL_DBL_SPAM). Technical Details: Return Path: [email protected] Sender Domain: pvsb-vn.cc DKIM Signature: Failed for pvsb-vn.cc, passed for rock.ma (indicating spoofing). SPF: Softfail for pvsb-vn.cc, pass for rock.ma (indicating spoofing). SpamAssassin Score: 10.5 (Flagged as SPAM) Email Headers Indicate: Phishing attempt using a fraudulent link (ipfs.io) in the body. IP Address 198.23.221.13 is blacklisted for spam and phishing-related activities. Attempts to mislead recipients into clicking a malicious link under the pretense of CMA CGM (shipping company). show less	Phishing Email Spam
🇷🇺 2a06:dd00:1:4:8d7::1	13 Mar 2025	A phishing email was sent to an address under the rock.ma domain, impersonating a Japanese company ( ... show more A phishing email was sent to an address under the rock.ma domain, impersonating a Japanese company (blue-galaxy.co.jp) with a fraudulent invoice request. The email attempted to deceive the recipient into engaging with malicious content. The sending IP 2a06:dd00:1:4:8d7::1 is not authorized by the actual domain, and SPF failed (softfail). Technical Details: Return Path: [email protected] Sender Domain: blue-galaxy.co.jp SPF Result: Softfail (not authorized sender). Reverse DNS: Failed lookup for 2a06:dd00:1:4:8d7::1. Subject: Encoded content likely used to obfuscate intent. show less	Phishing Email Spam
🇷🇺 2a06:dd00:20:0:35::1	11 Mar 2025	A phishing email was received targeting rock.ma, claiming to be an inquiry from Elaine inquiry@robee ... show more A phishing email was received targeting rock.ma, claiming to be an inquiry from Elaine [email protected]. The email was sent from IP 2a06:dd00:20:0:35::1 via s1143476.srvape.com. The Reply-To address was changed to [email protected], indicating a likely fraud attempt to redirect replies to the attacker's inbox. Technical Details: Return Path: [email protected] Sender Domain: robeezelectronics.com Reply-To Address: [email protected] (Suspicious redirect) SPF Record: Softfail - robeezelectronics.com does not designate 2a06:dd00:20:0:35::1 as a permitted sender. Reverse DNS Lookup: Failed for 2a06:dd00:20:0:35::1. Message Subject: Inquiry Server Relay: Passed through s1143476.srvape.com. X-Sender-Warning: Reverse DNS lookup failed for 2a06:dd00:20:0:35::1, indicating an anonymized or misconfigured sender. show less	Phishing Email Spam
🇷🇺 2a06:dd00:20:0:35::1	11 Mar 2025	A phishing email was sent to an address under the rock.ma domain, attempting to impersonate a purcha ... show more A phishing email was sent to an address under the rock.ma domain, attempting to impersonate a purchase order follow-up. The email was sent from [email protected] and falsely claims to be a legitimate follow-up message. The SPF check resulted in a softfail, meaning the sender's IP 2a06:dd00:20:0:35::1 is not officially authorized for perabotplastik.com. The reverse DNS lookup for the IP failed, further indicating suspicious activity. Technical Details: Return Path: [email protected] Sender Domain: perabotplastik.com SPF Check: Softfail (unauthorized sender). Reverse DNS: Failed for 2a06:dd00:20:0:35::1. Message Subject: "Re: Follow up purchase order" (attempting to seem like an ongoing business transaction). show less	Phishing Email Spam
🇳🇱 45.137.22.230	10 Mar 2025	A phishing attempt was received at [email protected] from an unauthorized Gmail address (pranay.pnpmma ... show more A phishing attempt was received at [email protected] from an unauthorized Gmail address ([email protected]). The sender pretended to be from a company called Wiprotech Fzc. Technical Indicators: IP Address: 45.137.22.230 (customer-rental.rootlayer.net) Return Path: [email protected] SPF Status: Softfail, meaning the sender’s IP is not authorized to send on behalf of gmail.com. Reverse DNS Lookup: Failed (No valid hostname found). Message Subject: "ENQ019" Attempted Spoofing of Sender Identity. No DKIM or DMARC authentication passed for Gmail. The domain rootlayer.net is associated with hosting services often abused for spam/phishing. show less	Phishing Email Spam
🇬🇷 45.143.132.146	09 Mar 2025	An unsolicited email was sent to an address under the rock.ma domain, attempting to engage in fraudu ... show more An unsolicited email was sent to an address under the rock.ma domain, attempting to engage in fraudulent activity. The email originates from an unauthorized sender and promotes misleading business proposals. The message was sent from the IP 45.143.132.146 and claims to be from uk.clubhousesgolf.com, while using the mailing service msnd15.com, indicating potential abuse of third-party services for spam or phishing. Technical Details: Return Path: [email protected] Sender Domains: uk.clubhousesgolf.com, msnd15.com DKIM Signatures: Passed for msnd15.com and uk.clubhousesgolf.com SPF: Passed for IP 45.143.132.146 ARC-Seal Header: Impersonation and mail relaying detected. Message Subject: "Hi there, could I send you some examples of how this works for local companies?" show less	Phishing Email Spam
🇺🇸 198.20.252.85	08 Mar 2025	A phishing email was sent to an address under the rock.ma domain, impersonating HSBC and requesting ... show more A phishing email was sent to an address under the rock.ma domain, impersonating HSBC and requesting payment verification for a supposed remittance. The fraudulent sender email ([email protected]) passed SPF and DKIM verification, but the message originated from an unauthorized IP: 198.20.252.85. Technical Details: Return Path: [email protected] Sender Domain: lagranjavilla.com Reply-To Address: [email protected] (Fraudulent HSBC Impersonation) DKIM Signature: Passed for lagranjavilla.com. SPF: Passed for IP 198.20.252.85. ARC-Seal Header: Spoofing detected via relays. Message Subject: "Payment Advice - Verification Needed to Release Payment Remittance Copy" show less	Phishing Email Spam