Sh4mefulIP Address: 2a01:111:f403:c107::3 ⚠ IP Confounder
⚠ IP Confounder Detected: Microsoft 365 Exchange Online Protection (EOP)
Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.
Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.
This page shows DMARC authentication failure data for this IP address. Learn more about this data.
Geolocation Information
- Country:
- US United States
- Region:
- Arizona
- City:
- Phoenix
- Coordinates:
- 33.4532, -112.0748
WHOIS Information
- Network Name:
- UK-MICROSOFT-20060601
- Owner:
- ORG-MA42-RIPE
- Reverse DNS:
-
mail-westus3azlp170110003.outbound.protection.outlook.com
Last updated: 2/5/2026
Analysis
This IP was first observed on July 23, 2025 and most recently on March 24, 2026. It has been associated with 71 failed authentication events affecting 300 messages, representing significant volume. The IP belongs to UK-MICROSOFT-20060601 (ORG-MA42-RIPE), a network with activity associated with United States.
Failures Detected from this IP
Showing 1-50 of 71 (failures, affecting 300 messages)| Date ▲ | Messages |
|---|---|
| 7/23/2025 | 1 |
| 7/31/2025 | 1 |
| 8/1/2025 | 1 |
| 8/6/2025 | 1 |
| 9/3/2025 | 1 |
| 9/5/2025 | 3 |
| 9/10/2025 | 2 |
| 9/11/2025 | 1 |
| 9/12/2025 | 10 |
| 9/13/2025 | 5 |
| 9/16/2025 | 5 |
| 9/17/2025 | 3 |
| 9/18/2025 | 4 |
| 9/19/2025 | 14 |
| 9/23/2025 | 1 |
| 9/24/2025 | 27 |
| 9/25/2025 | 4 |
| 9/26/2025 | 26 |
| 9/27/2025 | 3 |
| 9/30/2025 | 4 |
| 10/1/2025 | 12 |
| 10/2/2025 | 15 |
| 10/3/2025 | 10 |
| 10/4/2025 | 4 |
| 10/8/2025 | 8 |
| 10/9/2025 | 12 |
| 10/10/2025 | 5 |
| 10/11/2025 | 4 |
| 10/22/2025 | 3 |
| 10/23/2025 | 3 |
| 10/24/2025 | 9 |
| 10/25/2025 | 1 |
| 11/11/2025 | 1 |
| 11/12/2025 | 1 |
| 11/13/2025 | 3 |
| 11/14/2025 | 2 |
| 11/18/2025 | 1 |
| 11/19/2025 | 5 |
| 11/20/2025 | 9 |
| 11/21/2025 | 9 |
| 12/3/2025 | 6 |
| 12/4/2025 | 2 |
| 12/5/2025 | 3 |
| 12/6/2025 | 3 |
| 12/9/2025 | 1 |
| 12/10/2025 | 5 |
| 12/11/2025 | 2 |
| 12/12/2025 | 1 |
| 12/16/2025 | 1 |
| 12/18/2025 | 3 |
External Reputation Lookups
Look up this IP in external threat intelligence and reputation databases (opens in new tab):