A dataset of phishing kits in the wild.
โ ๏ธ The data are not cleaned thoroughly. It means the data contain FPs.- The data have been collected through 2021/08/29 to 2021/11/07.
- The data only contain unique phishing kits. The uniqueness of kits is assured by a SHA256 hash of a kit.
Probably because of the pandemic, postal/transport services are favorite targets of threat actors nowadays.
15% of phishing kits are deployed in WordPress websites.
WordPress is the most popular CMS in the world and vulnerable WordPress websites are targeted by threat actors to implant something including a phishing kit.
The following government domains are used for hosting phishing kits.
go.id
gov.br
gov.mz
gov.ng
gov.pk
(Especially, Indonesia, which is also known as a source of phishing scammers, has a bad posture. Multiple compromised go.id
web sites have been observed)
It means that a more sophisticated threat actor could implant something more dangerous on there.