Hello,

You should reach out to the abuse contact for that netblock; according to WHOIS, that's abuse@vodafone.net.tr.

I'm also copying RIPE Atlas Support in this reply in case they feel this deserves further investigation.

Cheers,
Alex

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '176.219.32.0 - 176.219.255.255'

% Abuse contact for '176.219.32.0 - 176.219.255.255' is 'abuse-tr@vodafone.com'

inetnum:        176.219.32.0 - 176.219.255.255
netname:        VODAFONE-TURKEY-CUSTOMER-IP-POOLS
descr:          Vodafone Turkey 3G IP Pool
country:        TR
admin-c:        VT1712-RIPE
admin-c:        BTB10-RIPE
tech-c:         VT1712-RIPE
tech-c:         BTB10-RIPE
status:         ASSIGNED PA
mnt-by:         RTNET-MNT
mnt-by:         MNT-BORUSAN
mnt-lower:      RTNET-MNT
mnt-routes:     RTNET-MNT
mnt-routes:     MNT-BORUSAN
created:        2012-09-12T13:39:57Z
last-modified:  2018-11-21T07:41:17Z
source:         RIPE

role:           Borusan Telekom Backbone Group
address:        Buyukdere Caddesi No:112
address:        34394 Esentepe
address:        Istanbul - TURKEY
phone:          +90 212 355 5151
fax-no:         +90 212 355 5165
admin-c:        YP419-RIPE
admin-c:        SE4047-RIPE
tech-c:         YP419-RIPE
tech-c:         SE4047-RIPE
nic-hdl:        BTB10-RIPE
abuse-mailbox:  abuse@vodafone.net.tr
mnt-by:         MNT-BORUSAN
created:        2006-03-08T11:54:46Z
last-modified:  2020-01-30T14:50:36Z
source:         RIPE # Filtered

person:         VODAFONE TURKEY
address:        Vodafone Telekomunikasyon A.S.
address:        Vodafone Plaza Buyukdere Cad. No:251
address:        34398 Maslak, Istanbul
address:        TURKEY
phone:          +90 212 3670000
fax-no:         +90 212 3670010
nic-hdl:        VT1712-RIPE
remarks:        Vodafone Turkey IP Management Team
created:        2010-04-19T13:03:31Z
last-modified:  2017-10-31T10:42:09Z
source:         RIPE # Filtered
mnt-by:         RTNET-MNT
mnt-by:         MNT-BORUSAN

% Information related to '176.219.104.0/21AS8386'

route:          176.219.104.0/21
descr:          Vodafone Net DSL Block  - ISTANBUL TUZLA FTTH
origin:         AS8386
mnt-by:         MNT-BORUSAN
created:        2018-04-10T06:03:32Z
last-modified:  2019-01-10T08:00:20Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)


El 6 febr 2020, a les 7:41, "saito-miori-ck@ynu.jp" <saito-miori-ck@ynu.jp> va escriure:



Hello,

 

We are researchers from Japan working on cyber security

at Yokohama National University.

 

Our current research project aims to inform parties

who may be relevant to unauthorized accesses that our

monitoring system (honeypot) have observed.

 

 

--- Observed Unauthorized Access ---

Date and time: 2020-01-01 22:12:43.657569 UTC

Observed IP address: 176.219.104.1

Observed activity: Telnet login attempt

 

 

--- How we obtained your contact point ---

1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the

observed IP address 176.219.104.1 by using passive DNS Database,

DNSDB (https://www.dnsdb.info/).

2) We then searched the domain ripe.net in the Email address

database (https://hunter.io/search) and obtained this Email address.

 

 

For evaluating the validity of this contact point,

it would be great if you could help our study by

answering the questions on our web page or by sending Email to us.

 

- On Web page

Please access to our web page

(https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)

and answer questions.

 

- By Email

Please send your answers to the following questions to

ynugr-notify@ynu.ac.jp

with your Notification ID: BuzDNF

 

 

[Questions]

 

Notification ID: BuzDNF

 

Q1. Do you think you are relevant parties of the IP addresses

that we have observed unauthorized access from?

 

a) Relevant

b) NOT relevant

c) Don't know

 

Q2. Do you want to receive notification from us if we observe

more unauthorized access from this IP address in the future?

 

a) Yes

b) No

 

 

--- More Detail Information ---

If you need further information or if you have any other questions,

please contact us ynugr-notify@ynu.ac.jp.

 

Best regards,

 

Security Notification Research Team, Yoshioka Lab

Research Center for Information and Physical Security

Yokohama National University, Japan

Email: ynugr-notify@ynu.ac.jp

URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html

_______________________________________________
RIPE-Atlas-Ambassadors mailing list
RIPE-Atlas-Ambassadors@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas-ambassadors