Why Avast! not block this phishing page?

hxxp://benefitsfrance.accenture.com/

Re:- hxxps://federation-sts.accenture.com/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fbenefitsfrance.accenture.com%2F&wct=2016-05-27T06%3a14%3a08Z&wctx=0621549f-35c6-4f01-8fcc-c43d0843ad18

V.T:-https://www.virustotal.com/en/url/6926d989aa8e5b72be5b539cb4b8caa3f94120b918f7e7dbd8e88e807e42ca60/analysis/1464329881/

But killmalware&evuln gives it clean.http://evuln.com/tools/malware-scanner/benefitsfrance.accenture.com/

Network
199.200.17.0/24 (AS19613 Fidelity National Financial Inc., US)
Whois
Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

 Domain Name: ACCENTURE.COM
   Registrar: CSC CORPORATE DOMAINS, INC.
   Sponsoring Registrar IANA ID: 299
   Whois Server: whois.corporatedomains.com
   Referral URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
   Name Server: AMRNS1501.ACCENTURE.COM
   Name Server: APANS3501.ACCENTURE.COM
   Name Server: EMENS3501.ACCENTURE.COM
   Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Updated Date: 26-aug-2015
   Creation Date: 29-aug-2000
   Expiration Date: 29-aug-2016
>>> Last update of whois database: Fri, 27 May 2016 06:18:58 GMT <<<

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Domain Name: accenture.com
Domain ID: 33707926_DOMAIN_COM-VRSN
WHOIS Server: whois.corporatedomains.com
Referral URL: www.cscprotectsbrands.com
Updated Date: 2015-08-26T05:17:09Z
Creation Date: 2000-08-29T17:05:35Z
Registry Expiry Date: 2016-08-29T17:05:35Z
Sponsoring Registrar: CSC CORPORATE DOMAINS, INC.
Sponsoring Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: +1.8887802723
Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited
Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited
Registry Registrant ID: 
Registrant Name: Accenture Global Global
Registrant Organization: Accenture Global Services Limited
Registrant Street: 3 Grand Canal Plaza
Registrant City: Dublin
Registrant State/Province: 4
Registrant Postal Code: 82858
Registrant Country: IE
Registrant Phone: +353.16462000
Registrant Phone Ext: 
Registrant Fax: +353.16462020
Registrant Fax Ext: 
Registrant Email: martin.girle@accenture.com
Registry Admin ID: 
Admin Name: Accenture Ltd
Admin Organization: Accenture Ltd
Admin Street: 1950 Stemmons Freeway
Admin City: Dallas
Admin State/Province: TX
Admin Postal Code: 75207
Admin Country: US
Admin Phone: +1.3126930161
Admin Phone Ext: 
Admin Fax: +1.8884672184
Admin Fax Ext: 
Admin Email: DNSAdmin@accenture.com
Registry Tech ID: 
Tech Name: Accenture Ltd
Tech Organization: Accenture Ltd
Tech Street: 1950 Stemmons Freeway
Tech City: Dallas
Tech State/Province: TX
Tech Postal Code: 75207
Tech Country: US
Tech Phone: +1.3126930161
Tech Phone Ext: 
Tech Fax: +1.8884672184
Tech Fax Ext: 
Tech Email: DNSAdmin@accenture.com
Name Server: emens3501.accenture.com
Name Server: apans3501.accenture.com
Name Server: amrns1501.accenture.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-08-26T05:17:09Z <<<

How is this phishing? It is on the same domain that pops up when I google “accenture”, it doesn’t impersonate any other site, it has a valid ssl cert…

Main website is(accenture.com) not hxxp://benefitsfrance.accenture.com/ redirect to hxxps://federation-sts.accenture.com/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fbenefitsfrance.accenture.com%2F&wct=2016-05-27T06%3a14%3a08Z&wctx=0621549f-35c6-4f01-8fcc-c43d0843ad18
This is suspicious for me and also CRDF & CLEAN MX indicated that.

Still the same domain though, right? I don’t think there is a DNS hijack, as all three (main domain and both subdomains) point to similar IPs, and have the same ssl cert.