[ntp:questions] IP 18.104.22.168 is a shadowserver
cswiger at mac.com
Wed Oct 17 17:49:26 UTC 2012
On Oct 17, 2012, at 10:04 AM, sh3120 wrote:
> Have sites complaining that 22.214.171.124 is showing up on command and control server. After research determined that IP is listed in the NTP.POOL.ORG listing of time servers. Unsure who to report this too to get it off the list.
The mailing list for the NTP pool is <pool at lists.ntp.org>.
Whether a machine has been infected by malware is not related directly to whether it is
serving good time. The NTP pool has a scoring mechanism which will remove that IP if
it no longer provides good time:
[ ...note reply-to: header; also, BCC:ing Ask, in case he decides to remove this IP... ]
> it can b confirmed by going to http://www.threatstop.com/checkip and checking the ip address.
Perhaps try contacting <abuse at indoforum.org> or the netblock owner, per WHOIS:
% whois 126.96.36.199
[ ... ]
OrgAbuseEmail: abuse at staminus.net
OrgTechEmail: support at staminus.net
More information about the questions