Shame on you, stupid spammers.. Sh4meful  DMARC Spoof Detection
๐Ÿฆ‹ Bluesky ๐Ÿ˜ Mastodon

IP Address: 198.154.181.195 โš  IP Confounder

This page shows DMARC authentication failure data for this IP address. Learn more about this data.

Geolocation Information
Country:
US United States
Coordinates:
37.751, -97.822
WHOIS Information
Network Name:
RN-52
CIDR:
198.154.180.0/23
Owner:
Reflexion Networks, Inc.
Org ID:
RN-52
Address:
3 Van de Graaff Drive, Burlington, MA 01803
Reverse DNS:
mfid-usw2.prod.hydra.sophos.com
Last updated: 2/5/2026

Analysis

This IP is classified as a confounder: Sophos/Reflexion Networks. Failures observed from this source are expected artifacts of legitimate mail-handling behavior, typically email forwarding or mailing-list processing, and do not indicate spoofing attempts.

The host is operated by Reflexion Networks, Inc and geolocates to United States. Its presence in DMARC aggregate reports is an artifact of how forwarded mail interacts with SPF and DKIM authentication, not a sign of abuse originating from this address.

Administrators observing this IP in their DMARC aggregate reports should not block or treat it as hostile. This is an enterprise email security appliance. Mail routed through its relay infrastructure may appear in DMARC reports as authentication failures. Coordinate with your security vendor to ensure SPF alignment is maintained through the relay path.

IP Confounder: Sophos/Reflexion Networks

Sophos, specifically part of their Email Security (Gateway/Mailflow) infrastructure. It is part of the hydra.sophos.com domain structure, which handles incoming and outgoing email scanning, and can break SPF and DKIM

Network Topology

Failures Detected from this IP
Showing 1-1 of 1 failures, affecting 1 message
Date โ–ผ Messages
12/11/2025 1
External Reputation Lookups

Look up this IP in external threat intelligence and reputation databases (opens in new tab):

AbuseIPDB Cisco Talos Project Honey Pot GreyNoise VirusTotal Shodan Censys Spamhaus

Nearby IPs

Other IPs in the 198.154.181.0/24 range observed failing DMARC:

198.154.181.198 (3 failures), 198.154.181.199 (2 failures), 198.154.181.204 (2 failures), 198.154.181.202 (2 failures), 198.154.181.197 (1 failure), 198.154.181.200 (1 failure), 198.154.181.203 (1 failure), 198.154.181.205 (1 failure)