diff --git a/content/spam/2023-11-17-netcup-phishing/index.md b/content/spam/2023-11-17-netcup-phishing/index.md
index 26d2c76..faaaf84 100644
--- a/content/spam/2023-11-17-netcup-phishing/index.md
+++ b/content/spam/2023-11-17-netcup-phishing/index.md
@@ -2,7 +2,7 @@
 title: Netcup phishing
 summary: They really think I got my domain from Netcup \*lol\*
 date: 2023-11-17T16:35:12+0100
-lastmod: 2024-01-10T16:45:24+0000
+lastmod: 2024-01-11T12:05:56+0000
 # categories:
 #- spam
 # tags:
@@ -123,6 +123,60 @@ of line 3 and up on line 4).
 
 ***
 
+{{< alert >}}
+**Update on Jan 11 2024**
+{{< /alert >}}
+
+Another domain comes in quick. I doubt that everyone looks up a domains whois information, but if you
+do, don't let them fool you. This one looks very valid, although it is not.
+
+The new domain name I'm talking about is `netcup.eu` and it is also registered at `netcup.de`. The whois
+information makes it look very related to each other...
+
+~~~console
+$ whois netcup.eu
+% [snip]
+% WHOIS netcup.eu
+Domain: netcup.eu
+Script: LATIN
+
+Registrant:
+        NOT DISCLOSED!
+        Visit www.eurid.eu for webbased WHOIS.
+
+On-site(s):
+        NOT DISCLOSED!
+        Visit www.eurid.eu for webbased WHOIS.
+
+Technical:
+        Organisation: netcup GmbH
+        Language: de
+        Email: mail@netcup.de
+
+Registrar:
+        Name: netcup GmbH
+        Website: www.netcup.de
+
+Name servers:
+        second-dns.netcup.net
+        third-dns.netcup.net
+        root-dns.netcup.net
+
+Please visit www.eurid.eu for more info.
+~~~
+
+I don't understand, why Netcup does not ban any domainnames on their
+nameservers that include the term _netcup_ in their name.
+
+By the way, the new link refers to `bodyplussize.pl`.
+
+{{< alert circle-info >}}
+I guess I won't update this post much more, these emails seem to always show the same
+boring text and structure.
+{{< /alert >}}
+
+***
+
 ## The mail body source (html)
 
 {{< alert "circle-info" >}}