update older netcup phishing post

main
Dominic Reich 11 months ago
parent 366b2c7b72
commit 14495003d3
Signed by: dominic
GPG Key ID: BC9D6AE1A3BE169A

@ -2,7 +2,7 @@
title: Netcup phishing
summary: They really think I got my domain from Netcup \*lol\*
date: 2023-11-17T16:35:12+0100
lastmod: 2023-11-18T11:50:01+0000
lastmod: 2024-01-10T16:45:24+0000
# categories:
#- spam
# tags:
@ -76,13 +76,16 @@ Commercial register: HRB 705547, Amtsgericht Mannheim
?[SUBMIT]
~~~
***
{{< alert >}}
**Update on Nov 18 2023**:
**Update on Nov 18 2023**
{{< /alert >}}
I'm sorry, this is either a very dumb person (or group) or it is a very funny coincidence.
I got two new mails today in which the **shown URL** was changed to
`www.customercontrolpanel.de`, the link still goes to the italian site (that you will find
further down in this article).
{{< /alert >}}
Following only the relevant part is shown.
@ -92,6 +95,34 @@ href="https://elettrogi.it/"><strong>https://www.customercontrolpanel.de/?login_
<p>Wir möchten sicherstellen, dass Ihre Online-Präsenz…
~~~
***
{{< alert >}}
**Update on Jan 10 2024**
{{< /alert >}}
Haha another two emails with yet another domainname: `netcupde.com`. Well, the link now
looks like this:
~~~html {linenos=table}
<p>Erneuern Sie über den sicheren Link:
<a href="https://therapeutelyon.fr" target="_blank"
rel="noopener noreferrer"><strong>https://customerscontrolpanel.<em
style="color: rgb(0, 0, 0); font-style: inherit;
background-color: rgb(255, 255, 102);">
netcup</em>de.com/de/</strong></a></p>
~~~
_I added some newlines into the html code, because the code is actually only two lines
in the email but that would make this codeblock a bit harder to read (specially on mobile
devices)._
These additions of `<em style="...` are the reason for me not initially finding the domain `netcupde.com`
in that email as that would be the first thing that I'd look up in the email sources (see the end
of line 3 and up on line 4).
***
## The mail body source (html)
{{< alert "circle-info" >}}

Loading…
Cancel
Save