[RIPE Atlas Ambassadors] Notification for unauthorized access from 176.219.104.1

Hello,

You should reach out to the abuse contact for that netblock; according to WHOIS, that's abuse at vodafone.net.tr.

I'm also copying RIPE Atlas Support in this reply in case they feel this deserves further investigation.

Cheers,
Alex

> % This is the RIPE Database query service.
> % The objects are in RPSL format.
> %
> % The RIPE Database is subject to Terms and Conditions.
> % See http://www.ripe.net/db/support/db-terms-conditions.pdf
> 
> % Note: this output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
> 
> % Information related to '176.219.32.0 - 176.219.255.255'
> 
> % Abuse contact for '176.219.32.0 - 176.219.255.255' is 'abuse-tr at vodafone.com'
> 
> inetnum:        176.219.32.0 - 176.219.255.255
> netname:        VODAFONE-TURKEY-CUSTOMER-IP-POOLS
> descr:          Vodafone Turkey 3G IP Pool
> country:        TR
> admin-c:        VT1712-RIPE
> admin-c:        BTB10-RIPE
> tech-c:         VT1712-RIPE
> tech-c:         BTB10-RIPE
> status:         ASSIGNED PA
> mnt-by:         RTNET-MNT
> mnt-by:         MNT-BORUSAN
> mnt-lower:      RTNET-MNT
> mnt-routes:     RTNET-MNT
> mnt-routes:     MNT-BORUSAN
> created:        2012-09-12T13:39:57Z
> last-modified:  2018-11-21T07:41:17Z
> source:         RIPE
> 
> role:           Borusan Telekom Backbone Group
> address:        Buyukdere Caddesi No:112
> address:        34394 Esentepe
> address:        Istanbul - TURKEY
> phone:          +90 212 355 5151
> fax-no:         +90 212 355 5165
> admin-c:        YP419-RIPE
> admin-c:        SE4047-RIPE
> tech-c:         YP419-RIPE
> tech-c:         SE4047-RIPE
> nic-hdl:        BTB10-RIPE
> abuse-mailbox:  abuse at vodafone.net.tr
> mnt-by:         MNT-BORUSAN
> created:        2006-03-08T11:54:46Z
> last-modified:  2020-01-30T14:50:36Z
> source:         RIPE # Filtered
> 
> person:         VODAFONE TURKEY
> address:        Vodafone Telekomunikasyon A.S.
> address:        Vodafone Plaza Buyukdere Cad. No:251
> address:        34398 Maslak, Istanbul
> address:        TURKEY
> phone:          +90 212 3670000
> fax-no:         +90 212 3670010
> nic-hdl:        VT1712-RIPE
> remarks:        Vodafone Turkey IP Management Team
> created:        2010-04-19T13:03:31Z
> last-modified:  2017-10-31T10:42:09Z
> source:         RIPE # Filtered
> mnt-by:         RTNET-MNT
> mnt-by:         MNT-BORUSAN
> 
> % Information related to '176.219.104.0/21AS8386'
> 
> route:          176.219.104.0/21
> descr:          Vodafone Net DSL Block  - ISTANBUL TUZLA FTTH
> origin:         AS8386
> mnt-by:         MNT-BORUSAN
> created:        2018-04-10T06:03:32Z
> last-modified:  2019-01-10T08:00:20Z
> source:         RIPE # Filtered
> 
> % This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)



> El 6 febr 2020, a les 7:41, "saito-miori-ck at ynu.jp" <saito-miori-ck at ynu.jp> va escriure:
> 
> Hello,
>  
> We are researchers from Japan working on cyber security
> at Yokohama National University.
>  
> Our current research project aims to inform parties
> who may be relevant to unauthorized accesses that our
> monitoring system (honeypot) have observed.
>  
>  
> --- Observed Unauthorized Access ---
> Date and time: 2020-01-01 22:12:43.657569 UTC
> Observed IP address: 176.219.104.1
> Observed activity: Telnet login attempt
>  
>  
> --- How we obtained your contact point ---
> 1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved from the
> observed IP address 176.219.104.1 by using passive DNS Database,
> DNSDB (https://www.dnsdb.info/).
> 2) We then searched the domain ripe.net in the Email address
> database (https://hunter.io/search) and obtained this Email address.
>  
>  
> For evaluating the validity of this contact point,
> it would be great if you could help our study by
> answering the questions on our web page or by sending Email to us.
>  
> - On Web page
> Please access to our web page
> (https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)
> and answer questions.
>  
> - By Email
> Please send your answers to the following questions to
> ynugr-notify at ynu.ac.jp
> with your Notification ID: BuzDNF
>  
>  
> [Questions]
>  
> Notification ID: BuzDNF
>  
> Q1. Do you think you are relevant parties of the IP addresses
> that we have observed unauthorized access from?
>  
> a) Relevant
> b) NOT relevant
> c) Don't know
>  
> Q2. Do you want to receive notification from us if we observe
> more unauthorized access from this IP address in the future?
>  
> a) Yes
> b) No
>  
>  
> --- More Detail Information ---
> If you need further information or if you have any other questions,
> please contact us ynugr-notify at ynu.ac.jp.
>  
> Best regards,
>  
> Security Notification Research Team, Yoshioka Lab
> Research Center for Information and Physical Security
> Yokohama National University, Japan
> Email: ynugr-notify at ynu.ac.jp
> URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html
> _______________________________________________
> RIPE-Atlas-Ambassadors mailing list
> RIPE-Atlas-Ambassadors at ripe.net
> https://mailman.ripe.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/ripe-atlas-ambassadors/attachments/20200206/82b712db/attachment.html>