2023-11-25 16:00:15 +01:00
title: Netcup phishing
summary: They really think I got my domain from Netcup \*lol\*
date: 2023-11-17T16:35:12+0100
2024-09-29 16:12:19 +02:00
lastmod: 2024-09-29T14:12:19+0000
2023-11-25 16:00:15 +01:00
# categories:
#- spam
# tags:
2023-11-17 16:35:34 +01:00
2024-09-29 16:12:19 +02:00
showBreadcrumbs: true
2023-11-25 16:00:15 +01:00
# showDate: false
# showReadingTime: false
# showWordCount: false
# showPagination: false
2023-11-17 16:35:34 +01:00
2023-11-25 16:00:15 +01:00
# feed_exclude: true
# site_exclude: true
2023-11-17 16:35:34 +01:00
Okay this one is not a "good" one, in terms of a good phishing email, because it
is obviosly a phishing email since I do not have the mentioned product bought at
mentioned company. But the fact that I get constantly emailed these made me finally
post this to the website.
I get them mostly in a pair of two, one to my main domain and one to a subdomain (which
includes the term `noreply` as part of the domainname).
## The mail body
{{< alert >}}
Watch out for the link, as you might see, it gets rendered to a `netcup.de` domain
as HTML, but the source code does look quite a bit different!
{{< /alert >}}
2024-09-29 01:48:06 +02:00
2023-11-17 16:35:34 +01:00
Sehr geehrte/r
2023-11-18 12:15:48 +01:00
Wir möchten Sie heute freundlich daran erinnern, dass die Domain oe7drt.com
Ihrer Firma, mit der dieses E-Mail-Konto verbunden ist, am 17.11.2023 abläuft.
2023-11-17 16:35:34 +01:00
Als verantwortungsbewusster Anbieter ist es uns ein Anliegen, Ihnen rechtzeitig
2023-11-18 12:15:48 +01:00
über diese bevorstehende Verlängerung zu informieren.
2023-11-17 16:35:34 +01:00
2023-11-18 12:15:48 +01:00
über den sicheren Link erneuern https://renew.netcup.de
2023-11-17 16:35:34 +01:00
2023-11-18 12:15:48 +01:00
Wir möchten sicherstellen, dass Ihre Online-Präsenz reibungslos läuft und Ihr
geschäftlicher Erfolg nicht beeinträchtigt wird. Daher empfehlen wir Ihnen
dringend, die Verlängerung Ihrer Domain vor dem Ablaufdatum zu beantragen.
Indem Sie Ihre Domain verlängern, stellen Sie sicher, dass Ihre Webseite
2023-11-17 16:35:34 +01:00
weiterhin erreichbar ist und Ihr E-Mail-Konto aktiv bleibt.
Dein netcup team
netcup GmbH
Managing Directors:
- Oliver Werner
- Alexander Windbichler
Daimlerstr. 25
D-76185 Karlsruhe
Phone: +49 721 / 7540755 - 0
Fax: +49 721 / 7540755 - 9
Commercial register: HRB 705547, Amtsgericht Mannheim
2024-09-29 16:00:55 +02:00
2023-11-17 16:35:34 +01:00
2 Attachment(s) (0.9 KB)
?Download all attachments[SUBMIT] ?Show attachments[SUBMIT]
2024-09-29 01:48:06 +02:00
2023-11-17 16:35:34 +01:00
2024-09-29 01:48:06 +02:00
2024-01-10 17:45:24 +01:00
2023-11-18 12:15:48 +01:00
{{< alert >}}
2024-01-10 17:45:24 +01:00
**Update on Nov 18 2023**
{{< /alert >}}
2023-11-18 12:15:48 +01:00
I'm sorry, this is either a very dumb person (or group) or it is a very funny coincidence.
I got two new mails today in which the **shown URL** was changed to
`www.customercontrolpanel.de`, the link still goes to the italian site (that you will find
further down in this article).
Following only the relevant part is shown.
2024-09-29 01:48:06 +02:00
```html {hl_lines=7}
2024-09-29 16:00:55 +02:00
<p>über den sicheren Link erneuern <a
<p>Wir möchten sicherstellen, dass Ihre Online-Präsenz…
2024-09-29 01:48:06 +02:00
2023-11-18 12:15:48 +01:00
2024-09-29 01:48:06 +02:00
2024-01-10 17:45:24 +01:00
{{< alert >}}
**Update on Jan 10 2024**
{{< /alert >}}
Haha another two emails with yet another domainname: `netcupde.com`. Well, the link now
looks like this:
2024-09-29 01:48:06 +02:00
```html {linenos=table}
2024-09-29 16:00:55 +02:00
<p>Erneuern Sie über den sicheren Link:
<a href="https://therapeutelyon.fr" target="_blank"
rel="noopener noreferrer"><strong>https://customerscontrolpanel.<em
style="color: rgb(0, 0, 0); font-style: inherit;
background-color: rgb(255, 255, 102);">
2024-09-29 01:48:06 +02:00
2024-01-10 17:45:24 +01:00
_I added some newlines into the html code, because the code is actually only two lines
in the email but that would make this codeblock a bit harder to read (specially on mobile
These additions of `<em style="...` are the reason for me not initially finding the domain `netcupde.com`
in that email as that would be the first thing that I'd look up in the email sources (see the end
of line 3 and up on line 4).
2024-09-29 01:48:06 +02:00
2024-01-10 17:45:24 +01:00
2024-01-11 13:05:56 +01:00
{{< alert >}}
**Update on Jan 11 2024**
{{< /alert >}}
Another domain comes in quick. I doubt that everyone looks up a domains whois information, but if you
do, don't let them fool you. This one looks very valid, although it is not.
The new domain name I'm talking about is `netcup.eu` and it is also registered at `netcup.de`. The whois
information makes it look very related to each other...
2024-09-29 01:48:06 +02:00
2024-01-11 13:05:56 +01:00
$ whois netcup.eu
% [snip]
% WHOIS netcup.eu
Domain: netcup.eu
Script: LATIN
Visit www.eurid.eu for webbased WHOIS.
Visit www.eurid.eu for webbased WHOIS.
Organisation: netcup GmbH
Language: de
Email: mail@netcup.de
Name: netcup GmbH
Website: www.netcup.de
Name servers:
Please visit www.eurid.eu for more info.
2024-09-29 01:48:06 +02:00
2024-01-11 13:05:56 +01:00
I don't understand, why Netcup does not ban any domainnames on their
nameservers that include the term _netcup_ in their name.
By the way, the new link refers to `bodyplussize.pl`.
{{< alert circle-info >}}
I guess I won't update this post much more, these emails seem to always show the same
boring text and structure.
{{< /alert >}}
2024-09-29 01:48:06 +02:00
2024-01-11 13:05:56 +01:00
2023-11-17 16:35:34 +01:00
## The mail body source (html)
{{< alert "circle-info" >}}
Note the highlighted line (18). There you have the real link that we mentioned
{{< /alert >}}
2024-09-29 01:48:06 +02:00
```html {hl_lines=18}
2023-11-17 16:35:34 +01:00
2024-09-29 16:00:55 +02:00
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="MSHTML 11.00.10570.1001"></head>
2023-11-17 16:35:34 +01:00
2024-09-29 16:00:55 +02:00
<div class="content-message" dojoattachpoint="contentMsgPane">
<div class="text msg-view-text" role="text">
<div class="msg-view-text-cnt" dojoattachpoint="_messageTextCntNode">
<div class="xam_msg_class">
<meta content="text/html">
<p>Sehr geehrte/r</p>
<p>Wir möchten Sie heute freundlich daran erinnern, dass die
Domain <strong>oe7drt.com</strong> Ihrer Firma, mit der dieses
E-Mail-Konto verbunden ist, am <strong>17.11.2023</strong> abläuft. Als
verantwortungsbewusster Anbieter ist es uns ein Anliegen, Ihnen rechtzeitig
über diese bevorstehende Verlängerung zu informieren.</p>
<p>über den sicheren Link erneuern <a href="https://elettrogi.it/" target="_blank" rel="noopener noreferrer"><strong>https://renew.<em style="color: rgb(0, 0, 0); font-style: inherit; background-color: rgb(255, 255, 102);">netcup</em>.de</strong></a></p>
<p>Wir möchten sicherstellen, dass Ihre Online-Präsenz reibungslos läuft und Ihr
geschäftlicher Erfolg nicht beeinträchtigt wird. Daher empfehlen wir Ihnen
dringend, die Verlängerung Ihrer Domain vor dem Ablaufdatum zu beantragen.
Indem Sie Ihre Domain verlängern, stellen Sie sicher, dass Ihre Webseite
weiterhin erreichbar ist und Ihr E-Mail-Konto aktiv bleibt.</p>
<p>Dein <em style="color: rgb(0, 0, 0); font-style: inherit; background-color: rgb(255, 255, 102);">netcup</em>
<p><em style="color: rgb(0, 0, 0); font-style: inherit; background-color: rgb(255, 255, 102);">netcup</em>
GmbH<br>Managing Directors:<br>- Oliver Werner<br>- Alexander
Windbichler<br>Daimlerstr. 25<br>D-76185 Karlsruhe</p>
<p>Phone: +49 721 / 7540755 - 0<br>Fax: +49 721 / 7540755 - 9</p>
<p>Commercial register: HRB 705547, Amtsgericht Mannheim </p>
<div class="msg-view-quoted-message-button removed" dojoattachpoint="_showQuotedNode"><br></div></div>
<div class="attachments-area-container dijitContentPane collapsed removed all-deleted" id="uiLogic_webmail__view_AttachmentsArea_0" role="group" dir="ltr" dojotype="uiLogic.webmail._view.AttachmentsArea" widgetid="uiLogic_webmail__view_AttachmentsArea_0" region="bottom">
<div class="box" role="attachments-area">
<div class="attachments-download-warp" role="attachments-download-warp" style="display: none;">
<div class="view-attachments-info" role="attachments-info">2 Attachment(s) (0.9
KB)</div><span class="dijit dijitReset dijitInline attachments-download dijitButton" widgetid="dijit_form_Button_42"><span class="dijitReset dijitInline dijitButtonNode" dojoattachevent="ondijitclick:_onButtonClick"><span tabindex="0" class="dijitReset dijitStretch dijitButtonContents" id="dijit_form_Button_42" role="button" aria-labelledby="dijit_form_Button_42_label" style="opacity: 0; user-select: none;" dojoattachpoint="titleNode,focusNode" wairole="button" waistate="labelledby-dijit_form_Button_42_label"><span class="dijitReset dijitInline dijitIcon" dojoattachpoint="iconNode"></span><span class="dijitReset dijitToggleButtonIconChar">?</span><span class="dijitReset dijitInline dijitButtonText" id="dijit_form_Button_42_label" dojoattachpoint="containerNode">Download all
attachments</span></span></span><input class="dijitOffScreen" type="button" dojoattachpoint="valueNode"></span>
<span class="dijit dijitReset dijitInline attachments-show dijitButton" widgetid="dijit_form_Button_44"><span class="dijitReset dijitInline dijitButtonNode" dojoattachevent="ondijitclick:_onButtonClick"><span tabindex="0" class="dijitReset dijitStretch dijitButtonContents" id="dijit_form_Button_44" role="button" aria-labelledby="dijit_form_Button_44_label" style="opacity: 0; user-select: none;" dojoattachpoint="titleNode,focusNode" wairole="button" waistate="labelledby-dijit_form_Button_44_label"><span class="dijitReset dijitInline dijitIcon" dojoattachpoint="iconNode"></span><span class="dijitReset dijitToggleButtonIconChar">?</span><span class="dijitReset dijitInline dijitButtonText" id="dijit_form_Button_44_label" dojoattachpoint="containerNode">Show
attachments</span></span></span><input class="dijitOffScreen" type="button" dojoattachpoint="valueNode"></span>
<div class="back-panel removed"><span class="dijit dijitReset dijitInline attachments-toggle view-landscape-button viewNextIcon dijitButton" widgetid="dijit_form_Button_43"><span class="dijitReset dijitInline dijitButtonNode" dojoattachevent="ondijitclick:_onButtonClick"><span tabindex="0" title="Hide" class="dijitReset dijitStretch dijitButtonContents" id="dijit_form_Button_43" role="button" aria-labelledby="dijit_form_Button_43_label" style="user-select: none;" dojoattachpoint="titleNode,focusNode" wairole="button" waistate="labelledby-dijit_form_Button_43_label"><span class="dijitReset dijitInline dijitIcon" dojoattachpoint="iconNode"></span><span class="dijitReset dijitToggleButtonIconChar">?</span><span class="dijitReset dijitInline dijitButtonText" id="dijit_form_Button_43_label" dojoattachpoint="containerNode"></span></span></span><input class="dijitOffScreen" type="button" dojoattachpoint="valueNode"></span>
<div class="box" role="attachments"></div></div></div></div></div>
2023-11-17 16:35:34 +01:00
2024-09-29 01:48:06 +02:00
2023-11-17 16:35:34 +01:00
## The mail source
2024-09-29 01:48:06 +02:00
2023-11-17 16:35:34 +01:00
Return-Path: <postmaster@onedk.net>
Received: from compute1.internal (compute1.nyi.internal [])
by sloti44n20 (Cyrus 3.9.0-alpha0-1108-g3a29173c6d-fm-20231031.005-g3a29173c) with LMTPA;
Fri, 17 Nov 2023 08:04:12 -0500
X-Cyrus-Session-Id: sloti44n20-1700226252-3181116-2-9777549396983539035
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-sender-reputation: 0 (email; noauth)
X-Spam-score: 14.5
X-Spam-hits: BAYES_99 3.5, BAYES_999 1.2, DCC_CHECK 1.1, DCC_REPUT_90_94 0.6,
X-Backscatter: NotFound1
2024-09-29 16:00:55 +02:00
2023-11-17 16:35:34 +01:00
X-Spam-source: IP='', Host='v2202311112809242991.luckysrv.de', Country='DE',
FromHeader='net', MailFrom='net'
X-Spam-charsets: html='windows-1252'
X-Resolved-to: dominic@...
X-Delivered-to: dominic@noreply....
X-Mail-from: postmaster@onedk.net
Received: from mx4 ([])
by compute1.internal (LMTPProxy); Fri, 17 Nov 2023 08:04:12 -0500
Received: from mx4.messagingengine.com (localhost [])
by mailmx.nyi.internal (Postfix) with ESMTP id 7FA301F20122
for <dominic@noreply....>; Fri, 17 Nov 2023 08:04:11 -0500 (EST)
Received: from mailmx.nyi.internal (localhost [])
by mx4.messagingengine.com (Authentication Milter) with ESMTP
id 17A016E9B26.8E0F31F2037D;
Fri, 17 Nov 2023 08:04:11 -0500
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm1; t=
1700226251; b=LpZ7c6e8oXo/abJ3c3SIgseAfYAwmkcgCE9cMryacWzUPDXywM
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=mime-version:from:reply-to:to:subject
:content-type:content-transfer-encoding:date:message-id; s=fm1;
t=1700226251; bh=NbXSTJaTKSRZgsx8I0IN3ukxEcOTFS+VrpzkYzr/Un8=; b=
ARC-Authentication-Results: i=1; mx4.messagingengine.com;
x-ptr=pass smtp.helo=v2202311112809242991.luckysrv.de
bimi=skipped (DMARC did not pass);
arc=none (no signatures found);
dkim=invalid (public key: not available, unknown key sha256)
header.d=onedk.net header.i=@onedk.net header.b=tKBKfGAz
header.a=unknown-sha256 header.s=dkim;
dmarc=none policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
(p=none,d=none,d.eval=none) policy.policy-from=p
iprev=pass smtp.remote-ip=
spf=none smtp.mailfrom=postmaster@onedk.net
X-ME-Authentication-Results: mx4.messagingengine.com;
x-aligned-from=pass (Address match);
x-return-mx=pass header.domain=onedk.net policy.is_org=yes
(MX Records found: mx-biz.mail.am0.yahoodns.net,mx-biz.mail.am0.yahoodns.net);
x-return-mx=pass smtp.domain=onedk.net policy.is_org=yes
(MX Records found: mx-biz.mail.am0.yahoodns.net,mx-biz.mail.am0.yahoodns.net);
x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_256_GCM_SHA384
x-vs=phishing score=607 state=101
Authentication-Results: mx4.messagingengine.com;
x-ptr=pass smtp.helo=v2202311112809242991.luckysrv.de
Authentication-Results: mx4.messagingengine.com;
bimi=skipped (DMARC did not pass)
Authentication-Results: mx4.messagingengine.com;
arc=none (no signatures found)
Authentication-Results: mx4.messagingengine.com;
dkim=invalid (public key: not available, unknown key sha256)
header.d=onedk.net header.i=@onedk.net header.b=tKBKfGAz
header.a=unknown-sha256 header.s=dkim;
dmarc=none policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
(p=none,d=none,d.eval=none) policy.policy-from=p
iprev=pass smtp.remote-ip=
spf=none smtp.mailfrom=postmaster@onedk.net
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvkedrudegtddggeejucetufdoteggodetrfdotf
X-ME-VSScore: 607
X-ME-VSCategory: phishing
X-ME-CSA: none
Received-SPF: none
(onedk.net: No applicable sender policy available)
Received: from v2202311112809242991.luckysrv.de (v2202311112809242991.luckysrv.de [])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx4.messagingengine.com (Postfix) with ESMTPS id 8E0F31F2037D
for <dominic@noreply....>; Fri, 17 Nov 2023 08:03:44 -0500 (EST)
Received: from v2202311112809242991.luckysrv.de (localhost [])
by v2202311112809242991.luckysrv.de (Postfix) with ESMTP id 4SWxs61BzJz48xN
for <dominic@noreply....>; Fri, 17 Nov 2023 14:02:50 +0100 (CET)
Authentication-Results: v2202311112809242991.luckysrv.de (amavis); dkim=pass
reason="pass (just generated, assumed good)" header.d=onedk.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=onedk.net; h=
:subject:to:reply-to:from:mime-version; s=dkim; t=1700226169; x=
1702818170; bh=mEPVMchXmulep+z6c+qm5ufujgLqwDgvxHEmacERCZA=; b=t
X-Virus-Scanned: Debian amavis at v2202311112809242991.luckysrv.de
Received: from v2202311112809242991.luckysrv.de ([])
by v2202311112809242991.luckysrv.de (v2202311112809242991.luckysrv.de []) (amavis, port 10024)
with ESMTP id nPsir9OSICbE for <dominic@noreply....>;
Fri, 17 Nov 2023 14:02:49 +0100 (CET)
Received: from vmi1464682 (localhost [IPv6:::1])
by v2202311112809242991.luckysrv.de (Postfix) with ESMTPS id 4SWxs55N6sz48x5
for <dominic@noreply....>; Fri, 17 Nov 2023 14:02:49 +0100 (CET)
MIME-Version: 1.0
From: "Netcup GmbH" <postmaster@onedk.net>
Reply-To: postmaster@onedk.net
To: dominic@noreply....
Subject: Deaktivierung des E-Mail-Postfachs aufgrund des Ablaufs der Domain oe7drt.com
Content-Type: text/html; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Smart_Send_4_4_2
Date: Fri, 17 Nov 2023 14:02:49 +0100
Message-ID: <5196428650656248899676@vmi1464682>
<head>=0A =0A<meta http-equiv=3D"Content-Type" content=3D"text/html; charse=
t=3Dwindows-1252"> =0A<meta name=3D"GENERATOR" content=3D"MSHTML 11.00.105=
70.1001"></head> =0A<body>=0A<div class=3D"content-message" dojoattachpoint=
=3D"contentMsgPane">=0A<div class=3D"text msg-view-text" role=3D"text">=0A<=
div class=3D"msg-view-text-cnt" dojoattachpoint=3D"_messageTextCntNode">=0A=
<div class=3D"xam_msg_class">=0A<meta content=3D"text/html"> =0A<p>Sehr =
geehrte/r</p>=0A<p><br></p>=0A<p>Wir m=F6chten Sie heute freundlich daran e=
rinnern, dass die =0A Domain <strong>oe7drt.com</strong> Ihrer Fi=
rma, mit der dieses =0A E-Mail-Konto verbunden ist, am <strong>17.11.2023<=
/strong> abl=E4uft. Als =0A verantwortungsbewusster Anbieter ist es uns ei=
n Anliegen, Ihnen rechtzeitig =0A=FCber diese bevorstehende Verl=E4ngerun=
g zu informieren.</p>=0A<p>=FCber den sicheren Link erneuern <a href=3D"htt=
ps://elettrogi.it/" target=3D"_blank" rel=3D"noopener noreferrer"><strong>h=
ttps://renew.<em style=3D"color: rgb(0, 0, 0); font-style: inherit; backgro=
und-color: rgb(255, 255, 102);">netcup</em>.de</strong></a></p>=0A<p>Wir m=
=F6chten sicherstellen, dass Ihre Online-Pr=E4senz reibungslos l=E4uft und =
Ihr =0A gesch=E4ftlicher Erfolg nicht beeintr=E4chtigt wird. Daher empfehle=
n wir Ihnen =0A dringend, die Verl=E4ngerung Ihrer Domain vor dem Ablaufda=
tum zu beantragen. =0AIndem Sie Ihre Domain verl=E4ngern, stellen Sie sic=
her, dass Ihre Webseite =0Aweiterhin erreichbar ist und Ihr E-Mail-Konto =
aktiv bleibt.</p>=0A<p>Dein <em style=3D"color: rgb(0, 0, 0); font-style: i=
nherit; background-color: rgb(255, 255, 102);">netcup</em> =0Ateam</p>=0A<p=
>---------------------------------------------------------</p>=0A<p><em sty=
le=3D"color: rgb(0, 0, 0); font-style: inherit; background-color: rgb(255, =
255, 102);">netcup</em> =0AGmbH<br>Managing Directors:<br>- Oliver Werner<b=
r>- Alexander =0A Windbichler<br>Daimlerstr. 25<br>D-76185 Karlsruhe</p>=
=0A<p>Phone: +49 721 / 7540755 - 0<br>Fax: +49 721 / 7540755 - 9</p>=0A<p><=
br></p>=0A<p>Commercial register: HRB 705547, Amtsgericht Mannheim </p>=0A<=
p>--------------------------------------------------------- =0A<br></p><=
/div></div> =0A<div class=3D"msg-view-quoted-messag=
e-button removed" dojoattachpoint=3D"_showQuotedNode"><br></div></div>=0A<d=
iv class=3D"attachments-area-container dijitContentPane collapsed removed a=
ll-deleted" id=3D"uiLogic_webmail__view_AttachmentsArea_0" role=3D"group" d=
ir=3D"ltr" dojotype=3D"uiLogic.webmail._view.AttachmentsArea" widgetid=3D"u=
iLogic_webmail__view_AttachmentsArea_0" region=3D"bottom">=0A<div>=0A<div c=
lass=3D"box" role=3D"attachments-area">=0A<div class=3D"attachments-downloa=
d-warp" role=3D"attachments-download-warp" style=3D"display: none;">=0A<div=
class=3D"view-attachments-info" role=3D"attachments-info">2 Attachment(s) =
(0.9 =0A KB)</div><span class=3D"dijit dijitReset dijitInline attachments-d=
ownload dijitButton" widgetid=3D"dijit_form_Button_42"><span class=3D"dijit=
Reset dijitInline dijitButtonNode" dojoattachevent=3D"ondijitclick:_onButto=
nClick"><span tabindex=3D"0" class=3D"dijitReset dijitStretch dijitButtonCo=
ntents" id=3D"dijit_form_Button_42" role=3D"button" aria-labelledby=3D"diji=
t_form_Button_42_label" style=3D"opacity: 0; user-select: none;" dojoattach=
point=3D"titleNode,focusNode" wairole=3D"button" waistate=3D"labelledby-dij=
it_form_Button_42_label"><span class=3D"dijitReset dijitInline dijitIcon" d=
ojoattachpoint=3D"iconNode"></span><span class=3D"dijitReset dijitToggleBut=
tonIconChar">=3F</span><span class=3D"dijitReset dijitInline dijitButtonTex=
t" id=3D"dijit_form_Button_42_label" dojoattachpoint=3D"containerNode">Down=
load all =0A attachments</span></span></span><input class=3D"dijitOffScreen=
" type=3D"button" dojoattachpoint=3D"valueNode"></span>=0A <span class=
=3D"dijit dijitReset dijitInline attachments-show dijitButton" widgetid=3D"=
dijit_form_Button_44"><span class=3D"dijitReset dijitInline dijitButtonNode=
" dojoattachevent=3D"ondijitclick:_onButtonClick"><span tabindex=3D"0" clas=
s=3D"dijitReset dijitStretch dijitButtonContents" id=3D"dijit_form_Button_4=
4" role=3D"button" aria-labelledby=3D"dijit_form_Button_44_label" style=3D"=
opacity: 0; user-select: none;" dojoattachpoint=3D"titleNode,focusNode" wai=
role=3D"button" waistate=3D"labelledby-dijit_form_Button_44_label"><span cl=
ass=3D"dijitReset dijitInline dijitIcon" dojoattachpoint=3D"iconNode"></spa=
n><span class=3D"dijitReset dijitToggleButtonIconChar">=3F</span><span clas=
s=3D"dijitReset dijitInline dijitButtonText" id=3D"dijit_form_Button_44_lab=
el" dojoattachpoint=3D"containerNode">Show =0A attachments</span></span></s=
pan><input class=3D"dijitOffScreen" type=3D"button" dojoattachpoint=3D"valu=
eNode"></span>=0A =0A<div class=3D"back-panel removed"><span class=3D"d=
ijit dijitReset dijitInline attachments-toggle view-landscape-button viewNe=
xtIcon dijitButton" widgetid=3D"dijit_form_Button_43"><span class=3D"dijitR=
eset dijitInline dijitButtonNode" dojoattachevent=3D"ondijitclick:_onButton=
Click"><span tabindex=3D"0" title=3D"Hide" class=3D"dijitReset dijitStretch=
dijitButtonContents" id=3D"dijit_form_Button_43" role=3D"button" aria-labe=
lledby=3D"dijit_form_Button_43_label" style=3D"user-select: none;" dojoatta=
chpoint=3D"titleNode,focusNode" wairole=3D"button" waistate=3D"labelledby-d=
ijit_form_Button_43_label"><span class=3D"dijitReset dijitInline dijitIcon"=
dojoattachpoint=3D"iconNode"></span><span class=3D"dijitReset dijitToggleB=
uttonIconChar">=3F</span><span class=3D"dijitReset dijitInline dijitButtonT=
ext" id=3D"dijit_form_Button_43_label" dojoattachpoint=3D"containerNode"></=
span></span></span><input class=3D"dijitOffScreen" type=3D"button" dojoatta=
chpoint=3D"valueNode"></span>=0A </div></div>=0A<div class=3D"box" role=
2024-09-29 01:48:06 +02:00
2023-11-17 16:35:34 +01:00
{{< alert "bug" >}}
Please ignore the :date: signs in the sourcecode above, the content ist
"emojified" and I have currently no idea how to turn this off...
{{< /alert >}}
## Why is this email invalid?
First of all, the sending host is not a Netcup GmbH server, it's hostname
is `v2202311112809242991.luckysrv.de`. This makes the mail suspicious, but the
main criteria why this email is no valid in no way: my domain `oe7drt.com` is
not managed at Netcup at all. There is just an A and AAAA (and others) record
that points to a root server at Netcup.
2023-11-18 12:50:00 +01:00
{{< alert >}}
**Update on Nov 18 2023**:
Oh, just because I updated the new URL they present you: they also send from a
new hostname: `v2202311110463243091.nicesrv.de` -- well, both domains are
saved on Netcup DNS servers which may indicate something ;-)
{{< /alert >}}
2023-11-17 16:35:34 +01:00
I thought I might share this one as well, because I get about 6-8 emails per day
about my "netcup domain". The fun thing is, one of the domain has a _noreply_ in
the domain name; I use this for several git repositories (like Github does). And
to eliminate any kind of misinterpretation: the domain includes **noreply** --
not **nodeliver**.
2023-11-18 12:50:00 +01:00
## Quite a few huh?

2024-09-29 16:00:55 +02:00