Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission.
As a precaution therefore we are listing this IP range in an SBL Advisory for the protection of Spamhaus users until we are able to determine the extent of the problem in this IP range, the exact size of the problematic IP allocation within this IP range, who is operating the domains/hosts/servers in this IP range, and receive a reassurance from the network owner that the IP range does not and will not pose a threat to Spamhaus users.
18.104.22.168.in-addr.arpa. 60 IN PTR smtp73.ptzinfomed.org.
22.214.171.124.in-addr.arpa. 60 IN PTR smtp74.ptzinfomed.org.
126.96.36.199.in-addr.arpa. 60 IN PTR smtp75.ptzinfomed.org.
188.8.131.52.in-addr.arpa. 60 IN PTR smtp76.ptzinfomed.org.
184.108.40.206.in-addr.arpa. 60 IN PTR smtp77.ptzinfomed.org.
220.127.116.11.in-addr.arpa. 60 IN PTR smtp78.ptzinfomed.org.
18.104.22.168.in-addr.arpa. 60 IN PTR smtp79.ptzinfomed.org.
22.214.171.124.in-addr.arpa. 60 IN PTR smtp80.ptzinfomed.org.
126.96.36.199.in-addr.arpa. 60 IN PTR smtp81.ptzinfomed.org.
188.8.131.52.in-addr.arpa. 60 IN PTR smtp82.ptzinfomed.org.
184.108.40.206.in-addr.arpa. 60 IN PTR smtp83.ptzinfomed.org.
220.127.116.11.in-addr.arpa. 60 IN PTR smtp84.ptzinfomed.org.
18.104.22.168.in-addr.arpa. 60 IN PTR smtp85.ptzinfomed.org.
22.214.171.124.in-addr.arpa. 60 IN PTR smtp86.ptzinfomed.org.
126.96.36.199.in-addr.arpa. 60 IN PTR smtp87.ptzinfomed.org.
127.51.135.147.in-addr.arpa. 60 IN PTR smtp88.ptzinfomed.org.
Again, no SWIPs, this is a /28 although in the TXT
ptzinfomed.org descriptive text «v=spf1 a mx a:ptzinfomed.org ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11/27 ip4:18.104.22.168/27 ip4:22.214.171.124/29 ip4:126.96.36.199/29 ip4:188.8.131.52/29 ip4:184.108.40.206/29 ip4:220.127.116.11/27 ip6:2604:2dc0:0200:017c::/64 include:m» «ailgun.org ~all»
it is mentioned as two adjacent /29’s. Even /29’s should have SWIPs according to ARIN policy.
The owner is likely the same as with the other network
Rajesh, Varma OVH-CUST-328814 (NET-147-135-107-128-1) 18.104.22.168 — 22.214.171.124