|Destination||18.104.22.168 (France)||https (443)||webredir.vip.gandi.net|
- List curated by:
- This IP has definitely been implicated in ransomware attacks and is associated with ransomware infrastructure. However, this is shared hosting:
- Found 999 domains hosted on the same web server as 22.214.171.124. (999 is probably a limitation of the software).
- Going with 'not real' for this IP as it doesn't match the known compromised domains.
- It does a SYN on the port and gets rejected.
- See also:
- The second event, similar issue (shared hosting by Shark Servers):
- root@ubuntu:~# dig soa 126.96.36.199.in-addr.arpa
- 248.112.185.in-addr.arpa. 60 IN SOA ns1.sharkservers.net. info.sharkservers.co.uk. 2016071701 28800 7200 604800 86400
- ns1.sharkservers.net. 913 IN A 188.8.131.52
- Group 19 (third) hit:
- Reverse IP Check (i.e. is this shared hosting):
- User is getting content from gamebench.net.
- gamebench.net appears to have been moved to a new IP (possibly due to being blacklisted)