Comment by johnklos
Can be summarized with: Don't click on links in email.
So is github-scanner.com (and github-scanner.shop) still the same malicious party? It seems to be. Funny that their DNS is hosted by Cloudflare (who, famously, don't host anything, because they think we're all dumb). Cloudflare, who take responsibility for nothing, has no way to report this kind of abuse to them.
The domain which hosts the malware, 2x.si, both uses Cloudflare for DNS and is hosted by Cloudflare. At least it's possible to report this to Cloudflare, even though they rate limit humans and have CAPTCHAs on their abuse reporting forms.
Sigh. Thanks to Cloudflare, it's trivial these days to host phishing and malware.
Cloudflare is way more responsive to abuse requests than 95% of country level DNS registrars. Having experience working with both.