Update: My post (and the email I sent to isc.sans.edu) was mentioned here: https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
I found this while analyzing email DMARC records for one of my domains this morning. If your localhost resolution is misconfigured you might be sending some info to a public IP at “220.127.116.11” in Vietnam. Or maybe not? It could be an attempt at fooling spam systems configured for reverse DNS lookups. It’s resolving as a reverse lookup so not sure the security implications around this. Systems that utilize DNS name lookups for security validation should not be trusted.
The APNIC WHOIS records return this: http://wq.apnic.net/static/search.html?searchtext=18.104.22.168&do_search=Search