Michael, Eh, you know how to find us/me? Not sure what you mean by new cluster, though. I think a full set of headers could help here.
-- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast -----Original Message----- From: mailop <[email protected]> On Behalf Of Michael Peddemors via mailop Sent: Tuesday, August 26, 2025 1:13 PM To: [email protected] Subject: [EXTERNAL] [mailop] Who's on top of the new cluster Comcast is using? Noted increase this week from phishing originating from Comcast. This is a well known actor we are tracking.. seems they have found a new vector to use. It's from the: resomta-a2p-647652.sys.comcast.net (example) .. residential mail cluster. Brief Information: Targeting ISPs in North America with sophisticated phishing campaign. .. by resomta-a2p-647652.sys.comcast.net with ESMTPS Note, these are NOT ESMTPSA (authenticated connections) Using IPv6 addresses.. eg. X-Originating-IP: 2605:6440:3008:3000:eb78:2ddc:9a30:e828 NetRange: 2605:6440:: - 2605:644F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF CIDR: 2605:6440::/28 NetName: MAXIHOST-LLC-V6 NetHandle: NET6-2605-6440-1 Parent: NET6-2600 (NET6-2600-1) NetType: Direct Allocation OriginAS: Organization: Latitude.sh (ML-1213) RegDate: 2019-09-09 Updated: 2022-08-30 Ref: https://urldefense.com/v3/__https://rdap.arin.net/registry/ip/2605:6440__;!!CQl3mcHX2A!Be2bSHDjm-XleNJ_fuPc8y9ocbOP3b3N0crDsIT2x0T7h7_jZTVC8IqqjGx2uZh4t-csBKjAfHOyTyMDcXI$ :: OrgName: Latitude.sh OrgId: ML-1213 Address: 3 Germay Dr Unit 4 #4438 City: Wilmington StateProv: DE PostalCode: 19804 Country: US Could someone contact me off list to chat about this actor? -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at https://urldefense.com/v3/__http://www.linuxmagic.com__;!!CQl3mcHX2A!Be2bSHDjm-XleNJ_fuPc8y9ocbOP3b3N0crDsIT2x0T7h7_jZTVC8IqqjGx2uZh4t-csBKjAfHOyRTFyDmU$ @linuxmagic A Wizard IT Company - For More Info https://urldefense.com/v3/__http://www.wizard.ca__;!!CQl3mcHX2A!Be2bSHDjm-XleNJ_fuPc8y9ocbOP3b3N0crDsIT2x0T7h7_jZTVC8IqqjGx2uZh4t-csBKjAfHOy4mkNGbk$ "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada _______________________________________________ mailop mailing list [email protected] https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!CQl3mcHX2A!Be2bSHDjm-XleNJ_fuPc8y9ocbOP3b3N0crDsIT2x0T7h7_jZTVC8IqqjGx2uZh4t-csBKjAfHOyTyesMMo$ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
