Notification for unauthorized access from 176.219.104.1
Hello, We are researchers from Japan working on cyber security at Yokohama National University. Our current research project aims to inform parties who may be relevant to unauthorized accesses that our monitoring system (honeypot) have observed. --- Observed Unauthorized Access --- Date and time: 2020-01-01 22:12:43.657569 UTC Observed IP address: 176.219.104.1 Observed activity: Telnet login attempt --- How we obtained your contact point --- 1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the observed IP address 176.219.104.1 by using passive DNS Database, DNSDB (https://www.dnsdb.info/). 2) We then searched the domain ripe.net in the Email address database (https://hunter.io/search) and obtained this Email address. For evaluating the validity of this contact point, it would be great if you could help our study by answering the questions on our web page or by sending Email to us. - On Web page Please access to our web page (https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html) and answer questions. - By Email Please send your answers to the following questions to ynugr-notify@ynu.ac.jp with your Notification ID: BuzDNF [Questions] Notification ID: BuzDNF Q1. Do you think you are relevant parties of the IP addresses that we have observed unauthorized access from? a) Relevant b) NOT relevant c) Don't know Q2. Do you want to receive notification from us if we observe more unauthorized access from this IP address in the future? a) Yes b) No --- More Detail Information --- If you need further information or if you have any other questions, please contact us ynugr-notify@ynu.ac.jp. Best regards, Security Notification Research Team, Yoshioka Lab Research Center for Information and Physical Security Yokohama National University, Japan Email: ynugr-notify@ynu.ac.jp URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html
Hello, You should reach out to the abuse contact for that netblock; according to WHOIS, that's abuse@vodafone.net.tr. I'm also copying RIPE Atlas Support in this reply in case they feel this deserves further investigation. Cheers, Alex
% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered. % To receive output for a database update, use the "-B" flag.
% Information related to '176.219.32.0 - 176.219.255.255'
% Abuse contact for '176.219.32.0 - 176.219.255.255' is 'abuse-tr@vodafone.com'
inetnum: 176.219.32.0 - 176.219.255.255 netname: VODAFONE-TURKEY-CUSTOMER-IP-POOLS descr: Vodafone Turkey 3G IP Pool country: TR admin-c: VT1712-RIPE admin-c: BTB10-RIPE tech-c: VT1712-RIPE tech-c: BTB10-RIPE status: ASSIGNED PA mnt-by: RTNET-MNT mnt-by: MNT-BORUSAN mnt-lower: RTNET-MNT mnt-routes: RTNET-MNT mnt-routes: MNT-BORUSAN created: 2012-09-12T13:39:57Z last-modified: 2018-11-21T07:41:17Z source: RIPE
role: Borusan Telekom Backbone Group address: Buyukdere Caddesi No:112 address: 34394 Esentepe address: Istanbul - TURKEY phone: +90 212 355 5151 fax-no: +90 212 355 5165 admin-c: YP419-RIPE admin-c: SE4047-RIPE tech-c: YP419-RIPE tech-c: SE4047-RIPE nic-hdl: BTB10-RIPE abuse-mailbox: abuse@vodafone.net.tr mnt-by: MNT-BORUSAN created: 2006-03-08T11:54:46Z last-modified: 2020-01-30T14:50:36Z source: RIPE # Filtered
person: VODAFONE TURKEY address: Vodafone Telekomunikasyon A.S. address: Vodafone Plaza Buyukdere Cad. No:251 address: 34398 Maslak, Istanbul address: TURKEY phone: +90 212 3670000 fax-no: +90 212 3670010 nic-hdl: VT1712-RIPE remarks: Vodafone Turkey IP Management Team created: 2010-04-19T13:03:31Z last-modified: 2017-10-31T10:42:09Z source: RIPE # Filtered mnt-by: RTNET-MNT mnt-by: MNT-BORUSAN
% Information related to '176.219.104.0/21AS8386'
route: 176.219.104.0/21 descr: Vodafone Net DSL Block - ISTANBUL TUZLA FTTH origin: AS8386 mnt-by: MNT-BORUSAN created: 2018-04-10T06:03:32Z last-modified: 2019-01-10T08:00:20Z source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
El 6 febr 2020, a les 7:41, "saito-miori-ck@ynu.jp" <saito-miori-ck@ynu.jp> va escriure: Hello,
We are researchers from Japan working on cyber security at Yokohama National University.
Our current research project aims to inform parties who may be relevant to unauthorized accesses that our monitoring system (honeypot) have observed.
--- Observed Unauthorized Access --- Date and time: 2020-01-01 22:12:43.657569 UTC Observed IP address: 176.219.104.1 Observed activity: Telnet login attempt
--- How we obtained your contact point --- 1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the observed IP address 176.219.104.1 by using passive DNS Database, DNSDB (https://www.dnsdb.info/). 2) We then searched the domain ripe.net in the Email address database (https://hunter.io/search) and obtained this Email address.
For evaluating the validity of this contact point, it would be great if you could help our study by answering the questions on our web page or by sending Email to us.
- On Web page Please access to our web page (https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html) and answer questions.
- By Email Please send your answers to the following questions to ynugr-notify@ynu.ac.jp with your Notification ID: BuzDNF
[Questions]
Notification ID: BuzDNF
Q1. Do you think you are relevant parties of the IP addresses that we have observed unauthorized access from?
a) Relevant b) NOT relevant c) Don't know
Q2. Do you want to receive notification from us if we observe more unauthorized access from this IP address in the future?
a) Yes b) No
--- More Detail Information --- If you need further information or if you have any other questions, please contact us ynugr-notify@ynu.ac.jp.
Best regards,
Security Notification Research Team, Yoshioka Lab Research Center for Information and Physical Security Yokohama National University, Japan Email: ynugr-notify@ynu.ac.jp URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html _______________________________________________ RIPE-Atlas-Ambassadors mailing list RIPE-Atlas-Ambassadors@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas-ambassadors
Hello, I'm quite surprised that this mailing list showed up in any database as being responsible in any way for IP addresses. Clarification on why the IP, and the name of RIPE Atlas may have appeared on the radar in the first place: RIPE Atlas is constantly doing "topology measurements" [1], meaning it traceroutes to various targets over time [2]. If the IP mentioned below appeared in this list, it was tracerouted to by one or more RIPE Atlas probes. I believe the best course of action, if you suspect ill behaviour from that particular IP, is to contact the correct abuse address mentioned by others in this thread. Regards, Robert [1] see https://atlas.ripe.net/docs/built-in/ measurements 5051, 5151, 6052, 6152 [2] the list contains basically the ".1" of all routed prefixes seen in BGP. The host name topology4.dyndns.atlas.ripe.net resolves to these IPs in a round-robin fashion. On 2020-01-14 12:47, saito-miori-ck@ynu.jp wrote:
Hello,
We are researchers from Japan working on cyber security
at Yokohama National University.
Our current research project aims to inform parties
who may be relevant to unauthorized accesses that our
monitoring system (honeypot) have observed.
--- Observed Unauthorized Access ---
Date and time: 2020-01-01 22:12:43.657569 UTC
Observed IP address: 176.219.104.1
Observed activity: Telnet login attempt
--- How we obtained your contact point ---
1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the
observed IP address 176.219.104.1 by using passive DNS Database,
DNSDB (https://www.dnsdb.info/).
2) We then searched the domain ripe.net in the Email address
database (https://hunter.io/search) and obtained this Email address.
For evaluating the validity of this contact point,
it would be great if you could help our study by
answering the questions on our web page or by sending Email to us.
- On Web page
Please access to our web page
(https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)
and answer questions.
- By Email
Please send your answers to the following questions to
ynugr-notify@ynu.ac.jp
with your Notification ID: BuzDNF
[Questions]
Notification ID: BuzDNF
Q1. Do you think you are relevant parties of the IP addresses
that we have observed unauthorized access from?
a) Relevant
b) NOT relevant
c) Don't know
Q2. Do you want to receive notification from us if we observe
more unauthorized access from this IP address in the future?
a) Yes
b) No
--- More Detail Information ---
If you need further information or if you have any other questions,
please contact us ynugr-notify@ynu.ac.jp.
Best regards,
Security Notification Research Team, Yoshioka Lab
Research Center for Information and Physical Security
Yokohama National University, Japan
Email: ynugr-notify@ynu.ac.jp
URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html
_______________________________________________ RIPE-Atlas-Ambassadors mailing list RIPE-Atlas-Ambassadors@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas-ambassadors
participants (3)
-
Alex Burke -
Robert Kisteleki -
saito-miori-ck@ynu.jp