PHISH and spammer site not detected?

See: https://www.virustotal.com/nl/url/3efd6f1bbd7ff218a3ee79bd2c10d679f1262cd781c35f048cac4e86f5eebc1b/analysis/139342
and https://www.virustotal.com/nl/file/5cf51fd73e8c35111ed6aa4f625d15b6e56b6c1767c9971b2d0af4b0dd9b6e20/analysis/1393370888/7555/
and http://support.clean-mx.de/clean-mx/phishing.php?descr=YourmailinglistproviderBelgian%20Network%20Solutions&sort=descr%20desc&response=alive
Bitdefender’s TrafficLight blocks and WOT flags: https://www.mywot.com/en/scorecard/ymlp340.net?utm_source=addon&utm_content=popup-donuts

These domains appear to be used in rotation: a group is activated for a period of time, and then replaced by another group. Previous reports at PhishTank show that these domains once resided on other IP addresses, so they may be relocated periodically, possibly to avoid IP filtering: confirmed: http://sameid.net/ip/87.237.13.68/ http://www.google.com/search?q=ymlp*.net+AS8368+site:phishtank.com
quote author = Myxt See delegation issues here: http://dnscheck.pingdom.com/?domain=ymlp340.net On the activities from there: https://www.projecthoneypot.org/ip_87.237.13.68 https://www.virustotal.com/nl/ip-address/87.237.13.68/information/ and recorded spammers ip: http://spam-ip.com/lookup-363100-87.237.13.68.html

pol