A user of ours(an end user, trying to log in using magic link. I.e. not one of our own auth0 account users.) received an email about suspicious activity
The IP listed in the email was the users IP.
The account-name is ours.
Then the end-user will receive an email to unblock themselves to remedy the blocking if it was a mistake.
If you would like to prevent these messages from appearing again, you can disable the Attack Protection features on your Auth0 Dashboard > Security > Attack Protection settings. But be mindful that this is not recommended and will run the risk of these attacks on your application.
Please let me know if you have any other questions.