Spammer hosting located here:
https://clt1324614.bmetrack.com/c/l?u=X
-> http://arenabab.space/app/wrap/X
—> https://www.lightutil.com/6NP2CC7/QTXT8SN/?creative_id=X
—> https://www.storiespedia.com/nachrichten-sys/?sub1=X
—-> https://www.vbpol29.com/QFXQ25Q/5WGFT4/?sub1=X
——> https://ss852cctrkflw.com/transaction/click/X
——> https://btclangsapp.com/index.php?id=X
$ dig +short ss852cctrkflw.com
104.21.81.220
172.67.191.100
Spam sample
==================================
Received: from vulkanpartner.com (static.169.65.47.78.clients.your-server.de [78.47.65.169])
by X (Postfix) with ESMTP id X
for <X>; Sat, 10 Apr 2021 X
To: X
Received: by 2002:a05:6520:458c:b029:ef:27d6:f980 with SMTP id X;
Sat, 10 Apr 2021 X
X-Google-Smtp-Source: X
X-Received: by 2002:a17:90b:4b8c:: with SMTP id X.X.X;
Sat, 10 Apr 2021 X
ARC-Seal: X
ARC-Message-Signature: X
ARC-Authentication-Results: X
Received: from mta-81-121.sparkpostmail.com (mta-81-121.sparkpostmail.com. [192.174.81.121])
by mx.google.com with ESMTPS id X
for <X>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sat, 10 Apr 2021 X
Received-SPF: pass (google.com: domain of jira@mail-us.atlassian.net designates 192.174.81.121 as permitted sender) client-ip=192.174.81.121;
Authentication-Results: X
X-MSFBL: X
DKIM-Signature: X
From: «Geld verdienen» <jira@oo9sd.atlassian.net>
Reply-To: <jira@oo9sd.atlassian.net>
Subject: =?UTF-8?Q?[JIRA]_Banken_k=C3=B6nnen_nicht_glauben,_was_passiert?=
Message-ID: <X.5.X@2f8c9f450333>
AtlassianMail-Meta-Transaction-ID: X
AtlassianMail-Meta-Obsolete-ID: X
Received: from X (X [10.106.57.129]) by gmail.com with SMTP id X@gmail.com; Sat, 10 Apr 2021 X
X-Atl-Queueid: X
X-Jira-Fingerprint: X
Auto-Submitted: auto-generated
Precedence: bulk
Delivered-To: X@X
X-Atl-Mail-Meta: X
Date: Sat, 10 Apr 2021 X
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=enmime-X
[…]
==================================