As noticed in a tweet from @AlecMuffett, there's a large DDoS attack taking place involving forged packets that appear to come from 126.96.36.199.
I have servers on a variety of networks, and
tcpdump shows traffic "from" 188.8.131.52, destination port 80, at all of them. My points of observation are widespread, so this attack is likely spraying much of the IPv4 space. The volume I'm seeing to any given host is only ~25 packets per second, but reflected traffic could be millions of times that number.
CeraNetworks/CloudRadium, the owner of 184.108.40.206/15, is responding to abuse reports with a statement that 220.127.116.11 is the target and not the source of the DDoS.
Dropping traffic to and from 18.104.22.168 can prevent your system from contributing to the reflection:
[root@host ~]# iptables -I OUTPUT -d 22.214.171.124 -j DROP [root@host ~]# iptables -I INPUT -s 126.96.36.199 -j DROP
...or the equivalent for yo...