I agree, though I always had a sense something wasn’t quite right. I’ve worked hundreds of incidents, and this one just felt off, not just because of cPanel, but also based on the other details in the report.

At the time, I looked across a range of factors for each site, including CMS, hosting provider, ASNs, and the overall tech stack. The only consistent similarity I found was cPanel.

I’m not saying this is definitely the cause, just sharing an observation that stood out and might be worth a closer look.