Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How do these surge.sh shipstation scams work?
235 views
Skip to first unread message
Robin Goodfellow
Oct 4, 2021, 10:47:46 PM10/4/21
to
How do these surge.sh shipstation scams work?
I would like to ask if you know more of how these scams are supposed to work
on people like me who get unsolicited texts of the kind I received today.
<https://i.postimg.cc/vm40xVGC/surge01.jpg>
The unsolicited texts are telling me that "A delivery attempt has failed."
From: SHIPSTATI...@e0k0l8z.com
<https://viewer98282.surge.sh/?version=6VJKELTR1MDRVH1>
From: SHIPSTATI...@pd6jci.com
<https://viewer98282.surge.sh/?version=V7WOQN5V52V019J>
And they ask me, via a supplied link, to "Please schedule a re-delivery."
Yeah, right... but... what's the actual scam here?
They're trying _something_ but I don't yet have any clue what.
Do you?
For example, has the payload already been accomplished?
(The phone is Android 11, August 1, 2021 Security Update)
In testing, when I go to the pages (on a Win10 desktop in Opera) it quickly
says "Scanning could not be completed) & then to a "404 page not found".
<https://i.postimg.cc/nz7T0fjk/surge02.jpg>
Surge.sh seems to be some kind of freebie web page (I think).
Do you have any experience with these types of URIs on Windows?
What kind of scam do you think they are running here?
I would like to ask if you know more of how these scams are supposed to work
on people like me who get unsolicited texts of the kind I received today.
<https://i.postimg.cc/vm40xVGC/surge01.jpg>
The unsolicited texts are telling me that "A delivery attempt has failed."
From: SHIPSTATI...@e0k0l8z.com
<https://viewer98282.surge.sh/?version=6VJKELTR1MDRVH1>
From: SHIPSTATI...@pd6jci.com
<https://viewer98282.surge.sh/?version=V7WOQN5V52V019J>
And they ask me, via a supplied link, to "Please schedule a re-delivery."
Yeah, right... but... what's the actual scam here?
They're trying _something_ but I don't yet have any clue what.
Do you?
For example, has the payload already been accomplished?
(The phone is Android 11, August 1, 2021 Security Update)
In testing, when I go to the pages (on a Win10 desktop in Opera) it quickly
says "Scanning could not be completed) & then to a "404 page not found".
<https://i.postimg.cc/nz7T0fjk/surge02.jpg>
Surge.sh seems to be some kind of freebie web page (I think).
Do you have any experience with these types of URIs on Windows?
What kind of scam do you think they are running here?
nospam
Oct 4, 2021, 10:51:46 PM10/4/21
to
In article <sjgecd$nkk$1...@gioia.aioe.org>, Robin Goodfellow
text. it's much better than any explanation could possibly be.
be sure to write a tutorial on what you learn, if anything.
<Ancient...@Heaven.Net> wrote:
>
> I would like to ask if you know more of how these scams are supposed to work
> on people like me who get unsolicited texts of the kind I received today.
> <https://i.postimg.cc/vm40xVGC/surge01.jpg>
by far, the best way to find out how it works is tap on the link in the
>
> I would like to ask if you know more of how these scams are supposed to work
> on people like me who get unsolicited texts of the kind I received today.
> <https://i.postimg.cc/vm40xVGC/surge01.jpg>
text. it's much better than any explanation could possibly be.
be sure to write a tutorial on what you learn, if anything.
Carlos E. R.
Oct 5, 2021, 4:04:14 AM10/5/21
to
On 05/10/2021 04.47, Robin Goodfellow wrote:
> How do these surge.sh shipstation scams work?
>
> I would like to ask if you know more of how these scams are supposed to work
> on people like me who get unsolicited texts of the kind I received today.
> <https://i.postimg.cc/vm40xVGC/surge01.jpg>
That's a sophisticated photo you have made :-)
> How do these surge.sh shipstation scams work?
>
> I would like to ask if you know more of how these scams are supposed to work
> on people like me who get unsolicited texts of the kind I received today.
> <https://i.postimg.cc/vm40xVGC/surge01.jpg>
>
> The unsolicited texts are telling me that "A delivery attempt has failed."
> From: SHIPSTATI...@e0k0l8z.com
> <https://viewer98282.surge.sh/?version=6VJKELTR1MDRVH1>
here they are always a number or a short name.
>
> From: SHIPSTATI...@pd6jci.com
> <https://viewer98282.surge.sh/?version=V7WOQN5V52V019J>
> And they ask me, via a supplied link, to "Please schedule a re-delivery."
>
> Yeah, right... but... what's the actual scam here?
> They're trying _something_ but I don't yet have any clue what.
> Do you?
can't know for sure, I can just guess.
>
> For example, has the payload already been accomplished?
> In testing, when I go to the pages (on a Win10 desktop in Opera) it quickly
> says "Scanning could not be completed) & then to a "404 page not found".
> <https://i.postimg.cc/nz7T0fjk/surge02.jpg>
Well, probably somebody at the server wised up and removed the page, the
> says "Scanning could not be completed) & then to a "404 page not found".
> <https://i.postimg.cc/nz7T0fjk/surge02.jpg>
part they could. Or something at the bad people server or web page broke
down.
>
> Surge.sh seems to be some kind of freebie web page (I think).
> Do you have any experience with these types of URIs on Windows?
spare user in Linux with less permissions, and I use a text mode browser
that doesn't have script capabilities. Others would use curl, but I'm
not versed on it.
> What kind of scam do you think they are running here?
company so that you would not suspect, then they would ask you to login
and thus get your credentials.
Or they would ask you questions as if trying to verify you are the
destinatary of the package they wanted to deliver, but they are instead
collecting your info, which then they could use for an identity theft.
--
Cheers,
Carlos E.R.
VanguardLH
Oct 5, 2021, 5:40:30 PM10/5/21
to
they hit a valid and monitored e-mail account. The same for mass puking
out to phone numbers to send untargeted and bogus texts. When someone
rings your doorbell, you could get quiet, hide, and they don't know if
you're home or not, but once you answer the door then they know you're
there. Spammers and scammers much prefer using hit lists of active and
monitored e-mail addresses and phone numbers than puking out to random
e-mail addresses and phone numbers. Active and monitored accounts are a
coveted resource to spammers.
Anyone that sends me an MMS message is a spammer. My friends, family,
doctors, pharmacy, and everyone else I know send just regular SMS
messages. It's the spammers that use MMS to me. I report them as spam
and block them (a function in the Google Messages app), and obviously
never open the MMS message. If someone can't send me a message within
160 characters (70 with an emoji - but I don't chat with children
enamored with happy faces), has to use MMS to send images and GIFs, and
a message up to 1600 characters, those are senders I don't want to
contact nor see their glitzy oversized message. To me, texts are short,
and not to be some book for me to wade through with pretty pics or
animations. If they cannot compose their message in a short text, they
should be calling me to have a conversation, or e-mailing me. Every MMS
that I've received has been spam.
Hmm, I wonder: can MMS be disabled on my phone? I can disable automatic
receive of MMS, but I still get the notification blurbs telling me
someone sent me an MMS message prompting me to accept/get or not.
Apparently I cannot block multimedia messages unless I block the sender,
and I'm not filling up my blacklist with every asshole spammer sending
me MMS texts. In the Google Messages app's settings, I already have
"Auto-download MMS" disabled. I'd really prefer to block any and all
MMS messages. If SMS, accept. If MMS, kill.
Robin Goodfellow
Oct 5, 2021, 6:06:01 PM10/5/21
to
VanguardLH <V...@nguard.LH> asked
The funny thing was _only_ MMS was disabled.
I couldn't figure out what I had changed so I called my carrier's technical
support who knew right away what the problem was when I told her that _only_
my MMS suddenly wasn't working. Everything else was working just fine.
On my Android 11 phone those cellular APN settings are found in...
Settings > Connections > Mobile networks > Access point names
In my case, there were multiple available APNs, but only some did MMS.
The reason I messed it up was I was experimenting with making shortcuts to
Android Activities (i.e., public displayed pages within any given app).
You can get there in one tap by making this the target to the shortcut.
PackageName: com.android.settings
ClassName: com.android.settings.Settings$ApnSettingsActivity
Even without a shortcut, you can bring up any page inside any app on your
phone from Windows using the command line and the name of the Activity.
adb am start -n 'com.android.settings/.Settings\$ApnSettingsActivity'
Or, you can do the same from the Android phone itself, without Windows:
am start -n com.android.settings/.Settings$ApnSettingsActivity
Once you know the name of the Activity (which is just a page that shows up
inside any app, including the settings app), then you can call it up on
Android (just as you can with a "shortcut target" to a Windows command).
> Hmm, I wonder: can MMS be disabled on my phone?
Accidentally I once or twice disabled MMS by changing the phone's APN.
The funny thing was _only_ MMS was disabled.
I couldn't figure out what I had changed so I called my carrier's technical
support who knew right away what the problem was when I told her that _only_
my MMS suddenly wasn't working. Everything else was working just fine.
On my Android 11 phone those cellular APN settings are found in...
Settings > Connections > Mobile networks > Access point names
In my case, there were multiple available APNs, but only some did MMS.
The reason I messed it up was I was experimenting with making shortcuts to
Android Activities (i.e., public displayed pages within any given app).
You can get there in one tap by making this the target to the shortcut.
PackageName: com.android.settings
ClassName: com.android.settings.Settings$ApnSettingsActivity
Even without a shortcut, you can bring up any page inside any app on your
phone from Windows using the command line and the name of the Activity.
adb am start -n 'com.android.settings/.Settings\$ApnSettingsActivity'
Or, you can do the same from the Android phone itself, without Windows:
am start -n com.android.settings/.Settings$ApnSettingsActivity
Once you know the name of the Activity (which is just a page that shows up
inside any app, including the settings app), then you can call it up on
Android (just as you can with a "shortcut target" to a Windows command).
Frank Slootweg
Oct 6, 2021, 7:13:48 AM10/6/21
to
VanguardLH <V...@nguard.lh> wrote:
[...]
[About SMS messages (versus MMS messages):]
> If someone can't send me a message within
> 160 characters
Not that it really matters in the context of your comments, but only
a single SMS message is limited to 160 characters. Phones and network
providers support message concatenation since eons, so you can send much
longer messages.
A quick search reveals that the total maximum length of concatenated
messages is normally 918 characters in 153 character chunks. (153
instead of 160, because of the overhead for splitting/concatenation.)
Example reference:
'What is the maximum number of characters in an SMS text message?'
<https://thesmsworks.co.uk/maximum-length-sms-text-message>
[...]
[...]
[About SMS messages (versus MMS messages):]
> If someone can't send me a message within
> 160 characters
a single SMS message is limited to 160 characters. Phones and network
providers support message concatenation since eons, so you can send much
longer messages.
A quick search reveals that the total maximum length of concatenated
messages is normally 918 characters in 153 character chunks. (153
instead of 160, because of the overhead for splitting/concatenation.)
Example reference:
'What is the maximum number of characters in an SMS text message?'
<https://thesmsworks.co.uk/maximum-length-sms-text-message>
[...]
Carlos E. R.
Oct 6, 2021, 8:50:52 AM10/6/21
to
On 05/10/2021 23.40, VanguardLH wrote:
> Robin Goodfellow <Ancient...@Heaven.Net> wrote:
...
All, or almost all, MMS I get are from companies I'm a client of.
Here an MMS has a cost, so they are not that liberal throwing them at
random people. Actually, most of them come from my ISP, which obviously
sends gratis.
--
Cheers,
Carlos E.R.
> Robin Goodfellow <Ancient...@Heaven.Net> wrote:
...
Here an MMS has a cost, so they are not that liberal throwing them at
random people. Actually, most of them come from my ISP, which obviously
sends gratis.
--
Cheers,
Carlos E.R.
VanguardLH
Oct 6, 2021, 5:30:42 PM10/6/21
to
coworkers, bank, pharmacy, clinic, auto shop, grocery store, nor anyone
else I know needs to send a concatenated message up to 918 characters.
They can send using SMS. Some devices may split a message over 160
characters into separate SMS messages, but send them as an MMS message.
MMS smacks of a child enamored with glitz, or of spammers.
I've never got any /good/ texts that were anywhere near 918 characters
long, so 1600 characters for MMS is ridiculous and suspect of
untoward/unwanted/bloated/glitzy content. To me, texting is not
chatting. If you want to prattle, use a chat/conference app. SMS
concatenation and MMS, to me, are workarounds for how to abuse the
original intent of texting. If you want to send long messages, use
e-mail. It still works very well. In fact, e-mailing tends to make
users compose better while texting has lots of typos, missing case and
punctuation, acronyms or abbreviations the sender knows but not you, and
other defects making texts look like they were written by 5-year olds.
Apparently some carriers not only charge for sending MMS, but also
charge for receiving MMS, and MMS is not included in your text quota (so
"unlimited/free" texting may not include MMS) because they're treated as
"picture messages". I'm not paying for someone sending a hugely bloated
text. If you have a long message that you just must send using SMS,
send it in pieces. Just because you send a text doesn't mean you have
to wait for a reply until when you can send another.
0 new messages