[Someone1234]

It is their IP because they're doing domain forwarding (via HTTP headers). Someone registered a domain with Namecheap and Namecheap offer free web-forwarding (as opposed to setting up normal A records and pointing at a web server directly).

So as they themselves told you, no spam or phishing content is being hosted on a Namecheap server. They could stop forwarding, but since the spammers are paying them to do that (and nothing about the forwarding is inherently illegal in its own right) that is a grey area.

Ultimately why don't you contact the actual host of the sites rather than picking on Namecheap randomly? Seems like domain forwarding is barely involved in the whole thing. You bring up the IP like that is meaningful, if you actually visited the links you'd see that all that IP does it give you a HTTP redirect.

They would be no more or less involved if the client had just used A records or CNAMES.