NML_OPER is a RIPE Database maintainer handle that serves as the administrative gatekeeper for the public registry records of NUMLOG S.A.S. (AS199248) and STJ SAS (AS210839), two French internet operators. It has no independent commercial identity or network infrastructure. Its significance lies in the concentration of control: a single credential can alter routing policies, contact details, and IP assignments for multiple autonomous systems, making it a high-impact target for compromise. The evidence base is limited to public WHOIS mirrors, IPinfo, and the official sites of the underlying operators; no private contracts or live router configurations are confirmed. Uncertainty is high because the handle's administrators are unnamed, its organisational home is undocumented, and there is no direct maintainer object page. Key watchpoints include any changes to objects under NML_OPER's purview, staleness of records, and any public attribution of management responsibility.

NML_OPER

NML_OPER is a RIPE Database maintainer handle that governs public registry records for two French network operators, NUMLOG S.A.S. and STJ SAS. It has no independent commercial operations, commercial services, or direct network infrastructure. Its sole function is to authenticate changes to aut-num, inetnum, and route objects in the RIPE registry, making it a concentrated control point for internet number resource records.

Unauthorised access to this handle could corrupt WHOIS data, mislead route security tools, and facilitate infrastructure misrepresentation.

Why It Matters

If credentials for NML_OPER are compromised, an attacker could modify registry records for NUMLOG S.A.S. or STJ SAS, potentially renumbering IP space, adding rogue route objects, or altering contact data to facilitate impersonation. Such changes would corrupt threat intelligence feeds, mislead peering decisions, and erode trust in the RIPE public registry.

Even without compromise, stale or inaccurate records under its control can misdirect network security tools and cause operational blind spots.

What Public Sources Show

NML_OPER is not a company, a legal entity, or a department. It is a RIPE Database maintainer handle—an administrative credential that controls public registry records for two French internet operators. Its authority appears in the maintainer fields of autonomous system numbers AS199248 and AS210839, which belong to NUMLOG S.A.S. and STJ SAS respectively.

Anyone holding this handle’s authentication can update routing policies, contact details, and IP assignments for both networks, making it a concentrated control point.

Why does this matter? RIPE maintainer references are the bedrock of how automated tools attribute internet resources. A compromise of NML_OPER could allow an adversary to alter WHOIS data, inject rogue route objects, or impersonate the operators. Such changes would ripple through RPKI validation, IRR filtering, and BGP monitoring, potentially enabling traffic hijacking and undermining trust in public registry data.

Public sources confirm the handle’s footprint. WHOIS mirrors from IPGeolocation and IPinfo show NML_OPER in the mnt-by and mnt-lower fields of AS199248 and its associated IP range 5.56.40.0/24. The AS210839 record reveals the same handle maintaining STJ SAS objects, with NUMLOG S.A.S. listed as upstream. PeeringDB, the NUMLOG corporate site, and STJ Telecom’s legal notice corroborate the identities and services of the underlying companies.

The operating surface is entirely within the RIPE Database. NML_OPER does not have a directly advertised network, does not originate prefixes, and holds no live router control. Its power is administrative: it can create or modify aut-num, inetnum, and route objects. The handle can also delegate maintenance of subordinate objects, such as sub-allocations, through the mnt-lower mechanism.

Watchpoints centre on record integrity. Any change to an object maintained by NML_OPER—whether a new IP assignment, a modified peering policy, or an updated contact—could signal a legitimate operational move or an account takeover. Stale records are a related risk; if the handle’s owners fail to keep contact and route data current, security tools may generate false positives or miss real threats.

The absence of public documentation for the handle itself magnifies uncertainty.

Uncertainty is the dominant theme. NML_OPER has no independent website, no official registration, and no named administrators. It could be shared by a small team or tied to a legacy script. The evidence supports only registry visibility; it does not prove private peering contracts, customer relationships, or commercial dependencies. Readers should treat the handle as a registry control surface, not as a networked institution.

For analysts tracking French internet infrastructure, NML_OPER is a small but meaningful data point. Monitoring its record modifications, cross-referencing with BGP announcements, and watching for any public attribution of its managers would strengthen the assessment. Until more is known, the handle remains a quiet administrative nexus with outsized influence over the public face of two operators.

Operating Surface

NML_OPER operates as a RIPE maintainer handle associated with French network registry records. It appears in the mnt-by and mnt-lower fields of autonomous system objects AS199248 and AS210839, as well as related inetnum and route objects. The handle allows designated staff to update contact details, routing policies, and IP assignments without granting live network access. It serves as the technical maintainer for NUMLOG S.A.S.

and STJ SAS, both registered in France.

The handle matters because RIPE maintainer references determine who can alter public registry data, and changes to those records can affect how third-party tooling attributes internet resources. Because the handle is the gatekeeper for multiple operator records, a compromise could propagate through RPKI validation, IRR filtering, and BGP monitoring systems.

Tracking NML_OPER helps analysts detect administrative churn, unauthorised record edits, or stale data that could enable route hijacking or false dependency mapping.

Watchpoints

NML_OPER represents a pattern where a single maintainer handle controls multiple operator registries. This concentration of administrative authority magnifies the operational risk from credential loss. Analysts should monitor it as a proxy for the health and integrity of the French operators' public internet presence, even though the handle itself does not move packets.

Watch for new prefix or ASN registrations linked to NML_OPER, changes to contact information in maintained objects, and any stale records that could indicate neglect. Anomalies in BGP announcements from the underlying ASNs should be cross-referenced with registry changes under this handle.

The actual administrators of NML_OPER remain unknown. No public disclosure ties the handle to specific individuals or a departmental function within NUMLOG S.A.S. or STJ SAS. Additionally, there is no direct maintainer object page, so all detail is inferred from references within other RIPE objects.

Sources

• Registry RDAP / WHOIS record - public-source identity and registry context for NML_OPER.
• Registry RDAP / WHOIS record - The AS199248 page mirrors RIPE WHOIS showing NUMLOG S.A.S., AS-NAME NUMLOG, ORG-Ns139-RIPE, mnt-by NML_MNT and NML_OPER, and NML NOC role records maintained by NML_OPER.
• ipinfo.io - The 5.56.40.0/24 page shows NUMLOG-INFRA under AS199248 and RIPE-derived inetnum and route records where NML_OPER appears as maintainer or lower maintainer.
• ipinfo.io - The AS210839 page identifies STJ SAS in France, RIPE registry, stj-telecom.com, 185.224.172.0/24, 256 IPv4 addresses, and AS199248 NUMLOG S.A.S. as peer and upstream.
• Registry RDAP / WHOIS record - The AS210839 WHOIS mirror lists STJ, ORG-SA4766-RIPE, sponsoring ORG-Ns139-RIPE, import and export relationships with AS199248 and AS8218, and STJ organisation records maintained by NML_OPER and NML_MNT.
• numlog.fr - NUMLOG describes itself publicly as an IT operator, dematerialization expert, network and telecom integrator, and provider of interconnection, telecom, and hosting services.
• PeeringDB network profile - PeeringDB lists NUMLOG ASN 199248, AS-NUMLOG, website numlog.fr, Cable/DSL/ISP network type, Europe scope, 8 IPv4 prefixes, RIR status ok, and open peering policy.
• stj-telecom.com - STJ Telecom's legal notice identifies STJ SAS, its Caen RCS registration, ARCEP operator number 14-0340, and VoIP operator positioning.
• radar.cloudflare.com - Cloudflare Radar identifies AS210839 as STJ in France and provides public routing, announced-space, prefix, and connectivity views for the ASN.