On Wed, 2 Feb 2022 at 11:05, UDN Tor via tor-relays <tor-relays@lists.torproject.org> wrote:

> Note we believe some of these IPs are part of the Meris or Dvinis
> botnets.  If you are a residential Internet service provider, it is
> possible that your customers' routers themselves have been
> compromised.  You should research the Meris botnet and take
> appropriate actions to have them secure their CPE (customer-premises
> equipment).

This is probably the main reason those reports are being sent.
Meris is a huge botnet using (at least) tens of thousands of compromised routers. 
https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/

Those notices were probably sent automatically to many ISPs hoping some of them would get their customers to fix their routers, and tor exits were probably just not filtered.