<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div dir="ltr">Hello,</div><div dir="ltr"> </div><div dir="ltr">You should reach out to the abuse contact for that netblock; according to WHOIS, that's abuse@vodafone.net.tr.</div><div dir="ltr"> </div><div dir="ltr">I'm also copying RIPE Atlas Support in this reply in case they feel this deserves further investigation.</div><div dir="ltr"> </div><div dir="ltr">Cheers,</div><div dir="ltr">Alex</div><div dir="ltr"><div dir="ltr"> </div><div dir="ltr"><pre style="-webkit-text-size-adjust: auto; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><blockquote type="cite">% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '176.219.32.0 - 176.219.255.255' % Abuse contact for '176.219.32.0 - 176.219.255.255' is 'abuse-tr@vodafone.com' inetnum: 176.219.32.0 - 176.219.255.255 netname: VODAFONE-TURKEY-CUSTOMER-IP-POOLS descr: Vodafone Turkey 3G IP Pool country: TR admin-c: VT1712-RIPE admin-c: BTB10-RIPE tech-c: VT1712-RIPE tech-c: BTB10-RIPE status: ASSIGNED PA mnt-by: RTNET-MNT mnt-by: MNT-BORUSAN mnt-lower: RTNET-MNT mnt-routes: RTNET-MNT mnt-routes: MNT-BORUSAN created: 2012-09-12T13:39:57Z last-modified: 2018-11-21T07:41:17Z source: RIPE role: Borusan Telekom Backbone Group address: Buyukdere Caddesi No:112 address: 34394 Esentepe address: Istanbul - TURKEY phone: +90 212 355 5151 fax-no: +90 212 355 5165 admin-c: YP419-RIPE admin-c: SE4047-RIPE tech-c: YP419-RIPE tech-c: SE4047-RIPE nic-hdl: BTB10-RIPE abuse-mailbox: abuse@vodafone.net.tr mnt-by: MNT-BORUSAN created: 2006-03-08T11:54:46Z last-modified: 2020-01-30T14:50:36Z source: RIPE # Filtered person: VODAFONE TURKEY address: Vodafone Telekomunikasyon A.S. address: Vodafone Plaza Buyukdere Cad. No:251 address: 34398 Maslak, Istanbul address: TURKEY phone: +90 212 3670000 fax-no: +90 212 3670010 nic-hdl: VT1712-RIPE remarks: Vodafone Turkey IP Management Team created: 2010-04-19T13:03:31Z last-modified: 2017-10-31T10:42:09Z source: RIPE # Filtered mnt-by: RTNET-MNT mnt-by: MNT-BORUSAN % Information related to '176.219.104.0/21AS8386' route: 176.219.104.0/21 descr: Vodafone Net DSL Block - ISTANBUL TUZLA FTTH origin: AS8386 mnt-by: MNT-BORUSAN created: 2018-04-10T06:03:32Z last-modified: 2019-01-10T08:00:20Z source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)</blockquote></pre></div><div dir="ltr"> </div><div dir="ltr"> </div></div><div dir="ltr"><blockquote type="cite">El 6 febr 2020, a les 7:41, "saito-miori-ck@ynu.jp" <saito-miori-ck@ynu.jp> va escriure: </blockquote></div><blockquote type="cite"><div dir="ltr"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="Generator" content="Microsoft Word 15 (filtered medium)"> <style></style> <div class="WordSection1"> Hello,<o:p></o:p> <o:p> </o:p> We are researchers from Japan working on cyber security<o:p></o:p> at Yokohama National University. <o:p></o:p> <o:p> </o:p> Our current research project aims to inform parties<o:p></o:p> who may be relevant to unauthorized accesses that our<o:p></o:p> monitoring system (honeypot) have observed. <o:p></o:p> <o:p> </o:p> <o:p> </o:p> --- Observed Unauthorized Access ---<o:p></o:p> Date and time: 2020-01-01 22:12:43.657569 UTC<o:p></o:p> Observed IP address: 176.219.104.1<o:p></o:p> Observed activity: Telnet login attempt <o:p></o:p> <o:p> </o:p> <o:p> </o:p> --- How we obtained your contact point ---<o:p></o:p> 1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the<o:p></o:p> observed IP address 176.219.104.1 by using passive DNS Database,<o:p></o:p> DNSDB (https://www.dnsdb.info/).<o:p></o:p> 2) We then searched the domain ripe.net in the Email address<o:p></o:p> database (https://hunter.io/search) and obtained this Email address.<o:p></o:p> <o:p> </o:p> <o:p> </o:p> For evaluating the validity of this contact point,<o:p></o:p> it would be great if you could help our study by<o:p></o:p> answering the questions on our web page or by sending Email to us.<o:p></o:p> <o:p> </o:p> - On Web page<o:p></o:p> Please access to our web page<o:p></o:p> (https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)<o:p></o:p> and answer questions.<o:p></o:p> <o:p> </o:p> - By Email<o:p></o:p> Please send your answers to the following questions to<o:p></o:p> ynugr-notify@ynu.ac.jp<o:p></o:p> with your Notification ID: BuzDNF<o:p></o:p> <o:p> </o:p> <o:p> </o:p> [Questions]<o:p></o:p> <o:p> </o:p> Notification ID: BuzDNF<o:p></o:p> <o:p> </o:p> Q1. Do you think you are relevant parties of the IP addresses<o:p></o:p> that we have observed unauthorized access from?<o:p></o:p> <o:p> </o:p> a) Relevant<o:p></o:p> b) NOT relevant<o:p></o:p> c) Don't know<o:p></o:p> <o:p> </o:p> Q2. Do you want to receive notification from us if we observe<o:p></o:p> more unauthorized access from this IP address in the future?<o:p></o:p> <o:p> </o:p> a) Yes<o:p></o:p> b) No<o:p></o:p> <o:p> </o:p> <o:p> </o:p> --- More Detail Information ---<o:p></o:p> If you need further information or if you have any other questions,<o:p></o:p> please contact us ynugr-notify@ynu.ac.jp.<o:p></o:p> <o:p> </o:p> Best regards,<o:p></o:p> <o:p> </o:p> Security Notification Research Team, Yoshioka Lab<o:p></o:p> Research Center for Information and Physical Security<o:p></o:p> Yokohama National University, Japan<o:p></o:p> Email: ynugr-notify@ynu.ac.jp<o:p></o:p> URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html<o:p></o:p> </div> _______________________________________________ RIPE-Atlas-Ambassadors mailing list RIPE-Atlas-Ambassadors@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas-ambassadors </div></blockquote></div></body></html>