On 19 Jul 2020, at 22:38, Chris via mailop wrote:
It is particularly bizarre that it infests one ISP like this. I'm wondering if someone managed to force the infection to do IP reallocations frequently to IP-hop. Cutwail normally has thousands of infected IPs per campaign spread across ISPs.
I have noticed something Cutwail-like (fast-talking starting with bogus HELO name (e.g. ymlf-pc) ) clustering in single-ISP ranges, as if it spread via probing nearby IPs with whatever its infection vector is. No 2020 cases of that which I've noticed, but there's been a general decline in the phylum of fast-talkers from my vantage points this year.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not For Hire (currently) _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop