update older netcup phishing post

content/spam/2023-11-17-netcup-phishing/index.md

@@ -2,7 +2,7 @@
 title: Netcup phishing
 summary: They really think I got my domain from Netcup \*lol\*
 date: 2023-11-17T16:35:12+0100
-lastmod: 2023-11-18T11:50:01+0000
+lastmod: 2024-01-10T16:45:24+0000
 # categories:
 #- spam
 # tags:
@@ -76,13 +76,16 @@ Commercial register: HRB 705547, Amtsgericht Mannheim
 ?[SUBMIT]
 ~~~
 
+***
+
 {{< alert >}}
-**Update on Nov 18 2023**:
+**Update on Nov 18 2023**
+{{< /alert >}}
+
 I'm sorry, this is either a very dumb person (or group) or it is a very funny coincidence.
 I got two new mails today in which the **shown URL** was changed to
 `www.customercontrolpanel.de`, the link still goes to the italian site (that you will find
 further down in this article).
-{{< /alert >}}
 
 Following only the relevant part is shown.
 
@@ -92,6 +95,34 @@ href="https://elettrogi.it/"><strong>https://www.customercontrolpanel.de/?login_
 <p>Wir möchten sicherstellen, dass Ihre Online-Präsenz…
 ~~~
 
+***
+
+{{< alert >}}
+**Update on Jan 10 2024**
+{{< /alert >}}
+
+Haha another two emails with yet another domainname: `netcupde.com`. Well, the link now
+looks like this:
+
+~~~html {linenos=table}
+<p>Erneuern Sie über den sicheren Link:
+  <a href="https://therapeutelyon.fr" target="_blank"
+  rel="noopener noreferrer"><strong>https://customerscontrolpanel.<em
+style="color: rgb(0, 0, 0); font-style: inherit;
+  background-color: rgb(255, 255, 102);">
+  netcup</em>de.com/de/</strong></a></p>
+~~~
+
+_I added some newlines into the html code, because the code is actually only two lines
+in the email but that would make this codeblock a bit harder to read (specially on mobile
+devices)._
+
+These additions of `<em style="...` are the reason for me not initially finding the domain `netcupde.com`
+in that email as that would be the first thing that I'd look up in the email sources (see the end
+of line 3 and up on line 4).
+
+***
+
 ## The mail body source (html)
 
 {{< alert "circle-info" >}}