Ist das ein Betrugsversuch?

2 Antworten

TechnikTim
25.03.2024, 18:38

99,99% Scam.

QR Code führt zu (Nicht wundern ich habe den Link "kaputt" gemacht):
https://dhi-de.auie *NICHT ÖFFNEN* os. info/getpayment/182821199

Bitte den Link auch nicht aus Neugier öffnen!

Die Domain hat nichts mit DHL zu tun und ist in Russland seit 15.03.2024 registriert. Ich würde da ganz schnell die Finger von lassen:

class name: domain
handle: 20b9d465aaf043629c00ec7cd3815c4b-DONUTS
LDH (letters, digits, hyphens) name: auieos.info
name: 
type: 
port 43 service: 

Entities:
- Handle: 
- Role: administrative
  - Version: 4.0
- Handle: 
- Role: registrant
  - Version: 4.0
  - 
  - Type: adr, Content: Bashkortostan republic RU 
- Handle: 
- Role: technical
  - Version: 4.0
- Handle: 1606
- Role: registrar
- IANA Registrar ID: 1606
  - Version: 4.0
  - Type: fn, Content: Registrar of Domain Names REG.RU LLC

Nameservers:
- Object Classname: nameserver
- LDH Name: donovan.ns.cloudflare.com
- Object Classname: nameserver
- LDH Name: harleigh.ns.cloudflare.com


rdap conformance: 
- rdap_level_0
- icann_rdap_response_profile_0
- icann_rdap_technical_implementation_guide_0

Links:
  - Link: related: https://rdap.reg.com/rdap/domain/auieos.info ()
  - Link: self: https://rdap.donuts.co/rdap/domain/auieos.info ()

Notices:
- Terms of Service: 
  - Description: Access to RDAP information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or, if the record pertains to a TLD not operated by Identity Digital, then the corresponding primary Registry Operator for informational purposes only, and neither Identity Digital nor the Registry Operator guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Identity Digital, a Registrar, or Registry Operator except as reasonably necessary to register domain names or modify existing registrations. When using the RDAP service, please consider the following: the RDAP service is not a replacement for standard EPP commands to the SRS service. RDAP is not considered authoritative for registered domain objects. The RDAP service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the RDAP services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of RDAP service access. Abuse of the RDAP system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the RDAP records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to the data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/ Identity Digital Inc. and, if applicable, the primary Registry Operators reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
  - Link: alternate: https://www.identity.digital/about/policies/rdap-access-policy/ ()
- Status Codes: 
  - Description: For more information on domain status codes, please visit https://icann.org/epp
  - Link: self: https://icann.org/epp ()
- RDDS Inaccuracy Complaint Form: 
  - Description: URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf
  - Link: self: https://www.icann.org/wicf ()

Statuses:
- Status: client transfer prohibited

Events:
  - expiration: 2025-03-15T09:49:29.422Z
  - registration: 2024-03-15T09:49:29.422Z
  - last changed: 2024-03-20T09:49:49.877Z
  - last update of RDAP database: 2024-03-25T17:36:03.552Z
Kanon027  25.03.2024, 22:24

Krass. Könntest du bitte sagen, wie du das gemacht hast und wie sich andere Nutzer vor solchen Scams schützen könnten?

0
TechnikTim  27.03.2024, 12:56
@Kanon027

Das ist einfach eine whois Abfrage.
Da gibt es verschiedene Seiten und Tools für. Ich nutze die hier:
https://www.united-domains.de/whois-suche/

Man muss natürlich den Aufbau einer Url verstehen und auch das Ergebnis der Abfrage interpretieren können. Da gibt es mehrere Artikel im internet, die das erklären.

Für QR-Codes immer einen Scanner verwenden, der Websites anzeigt und nicht direkt öffnet. Die Kamera App vom Handy ist dafür meist unbrauchbar. Gibt auch Webseiten dafür, wenn man nichts installieren will.

0
einandereruser
Nutzer, der sehr aktiv auf gutefrage ist
im Thema Betrug
25.03.2024, 18:35

Korrekt erkannt.

Der QR-Code möchte Dich auf dhl.de/auieos.info umleiten.
Eindeutig KEINE DHL-DOmain.

Stefan86 
Fragesteller
 25.03.2024, 18:37

Danke

0
Stefan86 
Fragesteller
 25.03.2024, 18:48
@einandereruser

Der Nutzer hat den Account schon gelöscht... aber ich war echt am überlegen ob ich was verpasst habe ... Danke Euch❤️

0