> Nearly all whois checking resources claim that the pinned IP address is 8.8.8.8, and both PING and TRACERT show this.
This means nothing. I can make any domain and say that the IP address from this domain is 127.0.0.1.
Millions of domains can point to the same IP address, this is not even a scam.
Look in the headers of the letter, from which ip the letter came, and not from which domain.

You need to block not IP=8.8.8.8, but mail from addresses *@intermag.biz.ua
The fact that ping intermag.biz.ua = 8.8.8.8 means nothing and has nothing to do with mail delivery.

This is why most mail servers check the PTR of the sender's mail server.
Don't confuse the A record with the MX record. The MX record will most likely point to a level 4 domain, or maybe no MX record will be indicated at all.
In any case, you need to hard-configure the rules for the mail server, do all the modern checks (dmarc dkim spf).
PS I don’t know how people will condemn me, but I immediately add most of the domains (including *.ua) to the blacklist, I have not seen a single normal sender who has these wonderful domains for sending spam ... and if annoying ones also try to send letters to several recipients of my domain at once by brute force, fail2ban sends them to the bathhouse for a couple of hours.

suppose purely hypothetically - there is no way to block by domain name, only by IP addresses ... The moment itself is interesting - why does Google's public DNS respond when pinging this site?)

What is in the headers of the email? What ip is it sending from? It is advisable to take into account that you can also substitute a fake address there.