See: https://www.virustotal.com/nl/url/3efd6f1bbd7ff218a3ee79bd2c10d679f1262cd781c35f048cac4e86f5eebc1b/analysis/139342
and https://www.virustotal.com/nl/file/5cf51fd73e8c35111ed6aa4f625d15b6e56b6c1767c9971b2d0af4b0dd9b6e20/analysis/1393370888/7555/
and http://support.clean-mx.de/clean-mx/phishing.php?descr=YourmailinglistproviderBelgian%20Network%20Solutions&sort=descr%20desc&response=alive
Bitdefender’s TrafficLight blocks and WOT flags: https://www.mywot.com/en/scorecard/ymlp340.net?utm_source=addon&utm_content=popup-donuts
These domains appear to be used in rotation: a group is activated for a period of time, and then replaced by another group. Previous reports at PhishTank show that these domains once resided on other IP addresses, so they may be relocated periodically, possibly to avoid IP filtering: confirmed: http://sameid.net/ip/87.237.13.68/ http://www.google.com/search?q=ymlp*.net+AS8368+site:phishtank.comquote author = Myxt See delegation issues here: http://dnscheck.pingdom.com/?domain=ymlp340.net On the activities from there: https://www.projecthoneypot.org/ip_87.237.13.68 https://www.virustotal.com/nl/ip-address/87.237.13.68/information/ and recorded spammers ip: http://spam-ip.com/lookup-363100-87.237.13.68.html
pol