Re: [mailop] [EXTERNAL] Who's on top of the new cluster Comcast is using?

Tue, 26 Aug 2025 12:32:20 -0700 

Grr.. signature on the top, hard to thread this cleanly.. ;)
Lots of examples, and when we say 'new' meaning a new mail cluster being abused by these actors, normally we don't see this kind of activity from it.. but pretty widespread given the alert numbers..
Good you are in the saddle still, and not on holidays.. will respond off list with more details. 

On 2025-08-26 10:55, Brotman, Alex wrote:

Michael,

Eh, you know how to find us/me?  Not sure what you mean by new cluster, though. 
 I think a full set of headers could help here.
-- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Michael Peddemors via mailop Sent: Tuesday, August 26, 2025 1:13 PM To: mailop@mailop.org Subject: [EXTERNAL] [mailop] Who's on top of the new cluster Comcast is using? Noted increase this week from phishing originating from Comcast. This is a well known actor we are tracking.. seems they have found a new vector to use. It's from the: resomta-a2p-647652.sys.comcast.net (example) .. residential mail cluster. Brief Information: Targeting ISPs in North America with sophisticated phishing campaign. .. by resomta-a2p-647652.sys.comcast.net with ESMTPS Note, these are NOT ESMTPSA (authenticated connections) Using IPv6 addresses.. eg. X-Originating-IP: 2605:6440:3008:3000:eb78:2ddc:9a30:e828 NetRange: 2605:6440:: - 2605:644F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF CIDR: 2605:6440::/28 NetName: MAXIHOST-LLC-V6 NetHandle: NET6-2605-6440-1 Parent: NET6-2600 (NET6-2600-1) NetType: Direct Allocation OriginAS: Organization: Latitude.sh (ML-1213) RegDate: 2019-09-09 Updated: 2022-08-30 Ref: https://urldefense.com/v3/__https://rdap.arin.net/registry/ip/2605:6440__;!!CQl3mcHX2A!Be2bSHDjm-XleNJ_fuPc8y9ocbOP3b3N0crDsIT2x0T7h7_jZTVC8IqqjGx2uZh4t-csBKjAfHOyTyMDcXI$ :: OrgName: Latitude.sh OrgId: ML-1213 Address: 3 Germay Dr Unit 4 #4438 City: Wilmington StateProv: DE PostalCode: 19804 Country: US Could someone contact me off list to chat about this actor? 


--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to