Right. For example, in 2016, Shodan had sneakily infiltrated the NTP.org pool to harvest IPv6 IPs. The methods have obviously gotten more sophisticated and more prevalent since then.
https://netpatterns.blogspot.com/2016/01/the-rising-sophisti...
https://seclists.org/oss-sec/2016/q1/239