Should this IP be blocked - SURICATA TLS invalid handshake message

See: http://urlquery.net/report.php?id=1415490512063 *
Security headers missing Framing X-Frame-Options Use ‘sameorigin’
missing Transport Strict-Transport-Security Use ‘max-age=31536000; includeSubDomains’
missing Caching Pragma Use ‘no-cache’
missing Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Malware acast flags launched from link from that IP: https://www.virustotal.com/nl/file/c1d018574cda1829c1b4ba9494eeec8b2dcfa5d8f5505f7a255e94431f657dc7/analysis/

Another domain flagged there: http://urlquery.net/report.php?id=1415490250317
htxp://ieslazafra.blogspot.com/ redirects to htxp://ieslazafra.blogspot.ru/ *

Here scorecard research adware resides: http://botcrawl.com/how-to-remove-the-scorecardresearch-virus-pop-up-survey-and-b-scorecardresearch-com-malware-trojan/

  • domains mentioned may have adult content, not suitable to be visited by minors!

polonus

Oh that last site also has this in one of the script codes: htxps://www.blogger.com/navbar.g?targetBlogID flagged as malware here:
https://www.virustotal.com/nl/url/cfc15103e9f97273f18ddebcb9c30b14ac7439d28ae16dc5116e83dea1d950cb/analysis/

pol