{"id":4486,"date":"2023-01-24T13:48:38","date_gmt":"2023-01-24T13:48:38","guid":{"rendered":"https:\/\/osintme.com\/?p=4486"},"modified":"2023-01-25T08:17:02","modified_gmt":"2023-01-25T08:17:02","slug":"new-covid-19-themed-phishing-campaign-in-ireland","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2023\/01\/24\/new-covid-19-themed-phishing-campaign-in-ireland\/","title":{"rendered":"New Covid-19 themed phishing campaign in Ireland"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4486\" class=\"elementor elementor-4486\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5e00876 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5e00876\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-07b6ccd\" data-id=\"07b6ccd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-95e0a3a elementor-widget elementor-widget-text-editor\" data-id=\"95e0a3a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A new phishing campaign was launched against the Irish users, providing an opportunity to review some tools for investigating this kind of activity.<\/p><p>This time the bad actors have crafted a HSE (Health Service Executive) themed phishing page. Victims will receive the malicious link via SMS, from a spoofed mobile number.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-89e41b7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"89e41b7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d69ed9b\" data-id=\"d69ed9b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-63992a2 elementor-widget elementor-widget-image\" data-id=\"63992a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"180\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-covid-OSINT.jpg?fit=300%2C180&amp;ssl=1\" class=\"attachment-medium size-medium wp-image-4489\" alt=\"HSE phishing covid OSINT\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-covid-OSINT.jpg?w=828&amp;ssl=1 828w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-covid-OSINT.jpg?resize=300%2C180&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-covid-OSINT.jpg?resize=768%2C462&amp;ssl=1 768w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-50a19d5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"50a19d5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f0f529e\" data-id=\"f0f529e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-13b1def elementor-widget elementor-widget-text-editor\" data-id=\"13b1def\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Malicious domains are being hosted on IP address 84.32.248.121, which belongs to a Lithuanian hosting service UAB Cherry Servers.<\/p><p>At the time of writing, the following domains registered between the 22nd &#8211; 23rd January were observed:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-14726e4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"14726e4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2eedc9d\" data-id=\"2eedc9d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5b7f1f9 elementor-widget elementor-widget-text-editor\" data-id=\"5b7f1f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>https:\/\/omicron-covid19-pcr-test[.]com<\/li><li>https:\/\/omicron-covid19-pcr-test1[.]com<\/li><li>https:\/\/covid19-pcr-test2[.]com<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-25fe616 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"25fe616\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9999b49\" data-id=\"9999b49\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c6a0613 elementor-widget elementor-widget-text-editor\" data-id=\"c6a0613\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>It appears that the scammers will likely iterate domain names using digits, at least until they are successfully shut down by the hosting provider.<\/p><p>Interestingly, in December 2022 the same IP address was used to host another phishing site &#8211; <a href=\"https:\/\/urlscan.io\/search\/#*%09my.secure-income-verify.info\">previously scanned by URLscan<\/a>:<\/p><ul><li>my.secure-income-verify[.]info<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a74d8a7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a74d8a7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eab071c\" data-id=\"eab071c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ac4227d elementor-widget elementor-widget-heading\" data-id=\"ac4227d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">*<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b37ebc1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b37ebc1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e0aa6b8\" data-id=\"e0aa6b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-349ac4f elementor-widget elementor-widget-text-editor\" data-id=\"349ac4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The fake HSE website is a crude phishing attempt not only due to the modus operandi, but also the execution level and the lack of attention to details.<\/p><p>Blatant capitalisation and spelling errors like &#8220;varient&#8221;, &#8220;apparant&#8221;, &#8220;recieved&#8221; or &#8220;havingg&#8221; should be an early red flag, even if the visual theme of the website might appear deceivingly legitimate.<\/p><p>Also, some of the links that were meant to be hyperlinked don&#8217;t open at all.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-45c1f54 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"45c1f54\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1d2bfee\" data-id=\"1d2bfee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e650254 elementor-widget elementor-widget-image\" data-id=\"e650254\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1024\" height=\"702\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT-2.png?fit=1024%2C702&amp;ssl=1\" class=\"attachment-large size-large wp-image-4497\" alt=\"HSE phishing OSINT 2\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT-2.png?w=1118&amp;ssl=1 1118w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT-2.png?resize=300%2C206&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT-2.png?resize=1024%2C702&amp;ssl=1 1024w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT-2.png?resize=768%2C526&amp;ssl=1 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-77e3fbf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"77e3fbf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d9446ae\" data-id=\"d9446ae\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ec791c4 elementor-widget elementor-widget-image\" data-id=\"ec791c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"980\" height=\"778\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT.png?fit=980%2C778&amp;ssl=1\" class=\"attachment-large size-large wp-image-4490\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT.png?w=980&amp;ssl=1 980w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT.png?resize=300%2C238&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/HSE-phishing-OSINT.png?resize=768%2C610&amp;ssl=1 768w\" sizes=\"(max-width: 980px) 100vw, 980px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c0d5bf5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c0d5bf5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6d91121\" data-id=\"6d91121\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e41ac63 elementor-widget elementor-widget-text-editor\" data-id=\"e41ac63\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>No phishing would be complete with the usual illicitation attempt of your credit card details!<\/p><p>The page actually performs a validation check on whatever card number is entered, making it impossible to proceed if an invalid card number is given.<\/p><p>A handy tool comes to the rescue &#8211; <a href=\"https:\/\/neapay.com\/online-tools\/credit-card-number-generator-validator.html\">Credit Card Generator and validator<\/a> from neaPay &#8211; used legitimally for testing purposes. It allows for generating invalid, non-existing card numbers in a valid format.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-67b888b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"67b888b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-73250d0\" data-id=\"73250d0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a289db2 elementor-widget elementor-widget-image\" data-id=\"a289db2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"740\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phising-HSE-card.png?fit=693%2C740&amp;ssl=1\" class=\"attachment-large size-large wp-image-4498\" alt=\"phising HSE card\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phising-HSE-card.png?w=693&amp;ssl=1 693w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phising-HSE-card.png?resize=281%2C300&amp;ssl=1 281w\" sizes=\"(max-width: 693px) 100vw, 693px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5754fc9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5754fc9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4bbbea5\" data-id=\"4bbbea5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-116d609 elementor-widget elementor-widget-text-editor\" data-id=\"116d609\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Snippet of source code performing the credit card number validation check:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-02a8972 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"02a8972\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-17f0aa1\" data-id=\"17f0aa1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5d6d262 elementor-widget elementor-widget-image\" data-id=\"5d6d262\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"182\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/validation-card-phishing.png?fit=1024%2C182&amp;ssl=1\" class=\"attachment-large size-large wp-image-4507\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/validation-card-phishing.png?w=1094&amp;ssl=1 1094w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/validation-card-phishing.png?resize=300%2C53&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/validation-card-phishing.png?resize=1024%2C182&amp;ssl=1 1024w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/validation-card-phishing.png?resize=768%2C136&amp;ssl=1 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9bc4047 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9bc4047\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d4e36b8\" data-id=\"d4e36b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-60f4ffb elementor-widget elementor-widget-text-editor\" data-id=\"60f4ffb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The credit card details page is followed by a generic, fake 2FA verification prompt. The logic behind this part is to validate the phone number a user provides &#8211; so the scammers actually do send a code to the phone number provided by the prospective victim:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0ac62d7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0ac62d7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-41680ee\" data-id=\"41680ee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52a685e elementor-widget elementor-widget-image\" data-id=\"52a685e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"835\" height=\"464\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-2FA.png?fit=835%2C464&amp;ssl=1\" class=\"attachment-large size-large wp-image-4499\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-2FA.png?w=835&amp;ssl=1 835w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-2FA.png?resize=300%2C167&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-2FA.png?resize=768%2C427&amp;ssl=1 768w\" sizes=\"(max-width: 835px) 100vw, 835px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e0747b1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e0747b1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1053d9a\" data-id=\"1053d9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-97a06a6 elementor-widget elementor-widget-text-editor\" data-id=\"97a06a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The final step looks like it will be &#8220;processing&#8221; in perpetuity, but in the event of providing an incorrect &#8220;one-time code&#8221; you will see an error message and a request to re-enter the code.<\/p><p>Although I would imagine that at least some people might at this stage get suspicious about this site.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e698653 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e698653\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-227ada1\" data-id=\"227ada1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d9b2a62 elementor-widget elementor-widget-image\" data-id=\"d9b2a62\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"425\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-HSE-osint-3.png?fit=857%2C425&amp;ssl=1\" class=\"attachment-large size-large wp-image-4500\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-HSE-osint-3.png?w=857&amp;ssl=1 857w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-HSE-osint-3.png?resize=300%2C149&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2023\/01\/phishing-HSE-osint-3.png?resize=768%2C381&amp;ssl=1 768w\" sizes=\"(max-width: 857px) 100vw, 857px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-eb678b8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"eb678b8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-96dc349\" data-id=\"96dc349\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-64b67fd elementor-widget elementor-widget-heading\" data-id=\"64b67fd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Malicious site details<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-973e0fc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"973e0fc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a6484d4\" data-id=\"a6484d4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-764e1c8 elementor-widget elementor-widget-text-editor\" data-id=\"764e1c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Hosting provider &#8211; <a href=\"https:\/\/www.infobyip.com\/ip-84.32.248.121.html\">UAB Cherry Servers<\/a><\/li><li>IP address and related domains:<ul><li><a href=\"https:\/\/otx.alienvault.com\/indicator\/ip\/84.32.248.121\">https:\/\/otx.alienvault.com\/indicator\/ip\/84.32.248.121<\/a><\/li><\/ul><\/li><li>IP address reputation check:<ul><li><a href=\"https:\/\/www.talosintelligence.com\/reputation_center\/lookup?search=84.32.248.121\">https:\/\/www.talosintelligence.com\/reputation_center\/lookup?search=84.32.248.121<\/a><\/li><\/ul><\/li><li>Subdomain scan (currently no subdomains detected):<ul><li><a href=\"https:\/\/subdomainfinder.c99.nl\/scans\/2023-01-24\/omicron-covid19-pcr-test1.com\">https:\/\/subdomainfinder.c99.nl\/scans\/2023-01-24\/omicron-covid19-pcr-test1.com<\/a><\/li><\/ul><\/li><li>Virus Total scan:<ul><li><a href=\"https:\/\/www.virustotal.com\/gui\/url\/c380ce426e19d5ab702b5d5cf3e975c710aa8bd1d59b88fe3bdcb22f7c42f41c?nocache=1\">https:\/\/www.virustotal.com\/gui\/url\/c380ce426e19d5ab702b5d5cf3e975c710aa8bd1d59b88fe3bdcb22f7c42f41c?nocache=1<\/a><\/li><\/ul><\/li><li>DNS iteration search:<ul><li><a href=\"https:\/\/dnstwister.report\/search?ed=6f6d6963726f6e2d636f76696431392d7063722d74657374312e636f6d\">https:\/\/dnstwister.report\/search?ed=6f6d6963726f6e2d636f76696431392d7063722d74657374312e636f6d<\/a><\/li><\/ul><\/li><li>SSL certificate serial number: 04:86:6E:2D:66:12:C0:2F:3C:55:91:D7:BE:82:E5:95:23:76<\/li><li>Shodan query for checking it &#8211; <a href=\"https:\/\/www.shodan.io\/search?query=ssl.cert.serial%3A04%3A86%3A6E%3A2D%3A66%3A12%3AC0%3A2F%3A3C%3A55%3A91%3AD7%3ABE%3A82%3AE5%3A95%3A23%3A76\">ssl.cert.serial:<\/a><\/li><li>Certificate fingerprints:<ul><li><strong>SHA256<\/strong> &#8211; A5 86 64 83 95 2F 58 2A FB 6D 76 31 64 6F 09 E5 0E 05 54 CE B3 FE BE AE 63 DB B6 5E 6B 91 35 86<\/li><li><strong>SHA1 <\/strong>&#8211; 89 78 18 EC 55 3C B5 E8 FF 01 E8 11 7F AD 05 43 0D C9 EC 8F<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Another brand new phishing campaign targeting the people of Ireland under the pretence of Covid-19 testing and impersonating the HSE.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[93],"tags":[66,149,135,56,82,144],"class_list":["post-4486","post","type-post","status-publish","format-standard","hentry","category-my-investigations","tag-coronavirus","tag-fraud","tag-hse","tag-ireland","tag-phishing","tag-url"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=4486"}],"version-history":[{"count":31,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4486\/revisions"}],"predecessor-version":[{"id":4525,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/4486\/revisions\/4525"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=4486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=4486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=4486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}