As an example that back what you're saying, I pasted the ip provided by Jörg in my browser.
Here is the html page returned.
Research Scanning Project
This is a scanner of a research scanning project.
If you want to exclude your IPs from scans, please send an e-mail to email@example.com.
Thank you for your appreciation!
This ip scanner is in Germany and it looks legit, but a better investigation is recommended.
The second host provided looks more suspicious.
blah.c6rip779l9hq8g7hluigcg5131oyyyt8e.interactsh.com resolve to
22.214.171.124 which is hosted on DigitalOcean.
Here is the html output:
Interactsh is an open-source solution for out-of-band data extraction. It is a tool designed to detect bugs that cause external interactions. These bugs include, Blind SQLi, Blind CMDi, SSRF, etc.
If you find communications or exchanges with the interactsh.com server in your logs, it is possible that someone has been testing your applications.
You should review the time when these interactions were initiated to identify the person responsible for this testing.
First, it's important to gain visibility and filter the goods from the bads.
The first ip looks legit. The second could be reported to DigitalOcean for investigation. They usually investigate very fast.
You can check for weird network flows patterns. You can also look for that suspicious html file that is crawling on http in clear text on your gears.
At ISP level, visibility is a must and patterns will clearly become easy to identify.
I agree with Karl that perfection is enemy of good.