But it was CBL that saw that big spam spike for AS 22328 CSHS. And CBL did assign a botnet to that: Lethic. For all but two days of CSHS spam shown, CBL assigned Lethic to the total amount of spam from CSHS for that day. That may be because all that CSHS spam is coming from a single computer.
Of course, CBL’s botnet assignments are not perfect, but infosec professionals tell me CBL is about as good as it gets for that, so there’s a good chance this botnet assignment is correct.
The good news is that all of the trio of three-digit spamming medicos decreased their spam and even went to zero during the period shown.
And CSHS spam peaked at the end of January and started back down in February.
Pretty soon there may be once again little or no spam from medical organizations to rank.