Spammer hosting located here:
https://tinyurl.com/ygat9k62
-> http://supernewmarket.com
—> https://snackslabs.com/X
—> https://eighttransfer.com/index2.php?id=X&s1=X&s2=X&s3=X&p=X
—> https://draconicdome.com/?X
—-> https://airxdrop.com/click?trvid=X&s2=X&s1=X&s3=X
——> https://www.shrtmpbck.com/X/X/?sub2=X
——> https://fastyslim.de/?oid=X&affid=X&sub1=X&sub2=&sub3=X
$ dig +short www.shrtmpbck.com
34.102.170.20
Spam sample
=========================================
Received: from musta.ch (unknown [194.150.215.76])
by X (Postfix) with ESMTP id X
for <X>; Sat, 19 Jun 2021 X
Received: from smtp.9772080168636769.2.4kbxefUBhxCNwEZ.org (enr2-mrelay-01.dV7y9.dV7y9.org. ) by mx.google.com with ESMTP id X for <X>; Sat, 19 Jun 2021 X
Received-SPF: pass (google.com: domain of DolO_registration@dV7y9.org designates 143.220.15.131 as permitted sender) client-ip=143.220.15.131;
Received: from pdr8-services-05v.prod.quxrvy.org (HELO pdr8-services-05v) () by smtp.quxrvy.org with SMTP; Sat, 19 Jun 2021 X
Received: from pdr8-services-05v.prod.quxrvy.org (ip6-localhost ) by pdr8-services-05v (Postfix) with ESMTP id X for <X>; Sat, 19 Jun 2021 X
Date: Sat, 19 Jun 2021 X
From: » 💎Gesundheits-News » <X>
Sender:no-reply@mg.logomaster.ai
To: X
X-Gm-Message-State: X
Message-ID: <X@pdr8-services-05v.prod.affpartners.com>
Subject: =?UTF-8?B?RGFz8J+MnyBFbmRlIGRlciDDhHJhIGRlcyDDnGJlcmdld2ljaHRzIfCfjbs=?=
Content-Type: text/html; boundary=»X»
Content-Transfer-Encoding: amazonses.com
<!DOCTYPE html PUBLIC «-//W3C//DTD XHTML 1.0 Transitional//EN»>
<html>
<head>
<meta http-equiv=»Content-Type» content=»text/html; charset=utf-8″ />
<title></title>
</head>
<body>
<center>
<a href=»https://tinyurl.com/ygat9k62#XXX» style=»text-decoration:none»></a>
<table width=»700″ style=»color: #000000;»>
[…]
=========================================