Hello, I'm quite surprised that this mailing list showed up in any database as being responsible in any way for IP addresses. Clarification on why the IP, and the name of RIPE Atlas may have appeared on the radar in the first place: RIPE Atlas is constantly doing "topology measurements" [1], meaning it traceroutes to various targets over time [2]. If the IP mentioned below appeared in this list, it was tracerouted to by one or more RIPE Atlas probes. I believe the best course of action, if you suspect ill behaviour from that particular IP, is to contact the correct abuse address mentioned by others in this thread. Regards, Robert [1] see https://atlas.ripe.net/docs/built-in/ measurements 5051, 5151, 6052, 6152 [2] the list contains basically the ".1" of all routed prefixes seen in BGP. The host name topology4.dyndns.atlas.ripe.net resolves to these IPs in a round-robin fashion. On 2020-01-14 12:47, saito-miori-ck@ynu.jp wrote:
Hello,
We are researchers from Japan working on cyber security
at Yokohama National University.
Our current research project aims to inform parties
who may be relevant to unauthorized accesses that our
monitoring system (honeypot) have observed.
--- Observed Unauthorized Access ---
Date and time: 2020-01-01 22:12:43.657569 UTC
Observed IP address: 176.219.104.1
Observed activity: Telnet login attempt
--- How we obtained your contact point ---
1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the
observed IP address 176.219.104.1 by using passive DNS Database,
DNSDB (https://www.dnsdb.info/).
2) We then searched the domain ripe.net in the Email address
database (https://hunter.io/search) and obtained this Email address.
For evaluating the validity of this contact point,
it would be great if you could help our study by
answering the questions on our web page or by sending Email to us.
- On Web page
Please access to our web page
(https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)
and answer questions.
- By Email
Please send your answers to the following questions to
ynugr-notify@ynu.ac.jp
with your Notification ID: BuzDNF
[Questions]
Notification ID: BuzDNF
Q1. Do you think you are relevant parties of the IP addresses
that we have observed unauthorized access from?
a) Relevant
b) NOT relevant
c) Don't know
Q2. Do you want to receive notification from us if we observe
more unauthorized access from this IP address in the future?
a) Yes
b) No
--- More Detail Information ---
If you need further information or if you have any other questions,
please contact us ynugr-notify@ynu.ac.jp.
Best regards,
Security Notification Research Team, Yoshioka Lab
Research Center for Information and Physical Security
Yokohama National University, Japan
Email: ynugr-notify@ynu.ac.jp
URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html
_______________________________________________ RIPE-Atlas-Ambassadors mailing list RIPE-Atlas-Ambassadors@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas-ambassadors