This IP address is originating spam emails with malware-infected attachments, and sending those emails through a server on Hetzner.
Received: from <x> (static.184.108.40.206.clients.your-server.de [220.127.116.11])
Received: from <x> (unknown [18.104.22.168])
Date: Wed, 19 Aug 2020 13:##:## +0000
From: «WeTransfer» <email@example.com>
Subject: You Have Received File Via WeTransfer
You have received files via
2 file, 16.3 MB in total · Will be deleted on 22 August, 2020
[ Get your files ]
NetRange: 22.214.171.124 — 126.96.36.199
CIDR: 188.8.131.52/15, 184.108.40.206/13, 220.127.116.11/11, 18.104.22.168/16, 22.214.171.124/14
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Assignment
Organization: Microsoft Corporation (MSFT)
OrgName: Microsoft Corporation
Address: One Microsoft Way
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * firstname.lastname@example.org.
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * email@example.com.
Comment: For legal and law enforcement-related requests, please contact:
Comment: * firstname.lastname@example.org
Comment: For routing, peering or DNS issues, please
Comment: * IOC@microsoft.com
OrgTechName: Microsoft Routing, Peering, and DNS
OrgAbuseName: Microsoft Abuse Contact