To be fair I've traced malicious network attempts from Linode, Digital Ocean, Vultr, Hetzner... pretty much everyone, I assume due to the prevalence of vulnerable wordpress sites becoming part of botnets.
All providers will get abused, the difference is in the response.
Namecheap lost all my 'loyalty' when I started tracing where all the SMS phish sites I was getting were hosted.
Finding out this was Namecheap didn't sour me. Finding out they don't take the sites down quickly enough* to be worth reporting put the wheels in motion to move all my domains off them.
Unfortunately I can no longer find what ticked me off in the first place as search engines are full of blogs writing about their recent email breach.
> Looking specifically at the number of campaigns hosted by NameCheap against its monthly median attack availability, we see that by mid-year the median takedown times were consistently in excess of 60 hours. This undoubtedly made NameCheap an attractive proposition to host phishing and may explain the rise in monthly hosted campaigns that followed for UK government-themed phishing.
