#namecheap appears to have been #breached, with phishing emails sent out through their marketing infrastructure.
The links resolve to accomplish-delivery[.].mysafebridge[.]info, a site which contains obfuscated javascript. URLScan claims it downloads a PDF but this is false.
Scan here https://urlscan.io/result/784fd97a-0b32-438a-a44e-90363899110a/#summary.