Hi Scott, webhostbox.net is a domain name associated with the Endurance International Group <https://en.wikipedia.org/wiki/Endurance_International_Group> (now part of Newfold Digital). HostGator, Bluehost, Site5, and many other older hosting brands are incorporated under the EIG banner. These older hosts often run ancient installs of WordPress, Drupal, and other platforms that are easily exploited by spamming and phishing groups.
The Cloudmark organization is generally responsive to abuse complaints; however, the cloudfilter.net hosts seem to be owned by Amazon Web Services, so your best bet might be to send spam reports to AWS (honestly I'm surprised Proofpoint doesn't use their own IPs for this): # whois.arin.net NetRange: 35.71.64.0 - 35.95.255.255 CIDR: 35.71.64.0/18, 35.71.128.0/17, 35.72.0.0/13, 35.80.0.0/12 NetName: AT-88-Z NetHandle: NET-35-71-64-0-1 Parent: NET35 (NET-35-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2019-04-15 Updated: 2024-02-01 Ref: https://rdap.arin.net/registry/ip/35.71.64.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z Regards, Ken On Tue, Aug 6, 2024 at 6:47 AM Scott Q. via mailop <[email protected]> wrote: > If anyone from CloudMark, or if not, ProofPoint is on the list. Your > client webhostbox.net is Spamming like crazy and getting through your > outbound filters. Literally every day thousands and thousands of phishing > messages. > > Here's another sample > > Received: from omta38.uswest2.a.cloudfilter.net ( > omta38.uswest2.a.cloudfilter.net [35.89.44.37]) > by mx.emailarray.com (Haraka) with ESMTPS id > 0FCEA3A7-F363-4114-AABC-3E17D23B4849.1 > envelope-from <[email protected]> > (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 > verify=FAIL); > Tue, 06 Aug 2024 09:15:04 -0400 > Received: from eig-obgw-6003a.ext.cloudfilter.net ([10.0.30.151]) > by cmsmtp with ESMTPS > id bDoksc7G2umtXbK1mssqkF; Tue, 06 Aug 2024 13:15:02 +0000 > Received: from cp-in-20.webhostbox.net ([216.10.240.60]) > by cmsmtp with ESMTPS > id bK1jsXHUdV2ivbK1ks7EwD; Tue, 06 Aug 2024 13:15:01 +0000 > > > Maybe up the filtering for this particular client of yours ? They appear > to get compromised easily and don't do much about it. > > Thank you! > Scott > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop > -- Ken Simpson CEO, MailChannels <https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website> Facebook <http://bit.ly/2dnoP3K> | Twitter <http://bit.ly/2ehoWni> | LinkedIn <http://bit.ly/2dw87lU> | Help Center <https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center> Our latest case study video: watch here! <https://www.youtube.com/watch?v=psb41xDIL9k>
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
