{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T03:29:21Z","timestamp":1781062161070,"version":"3.54.1"},"reference-count":37,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2016QY05X1002"],"award-info":[{"award-number":["2016QY05X1002"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2022]]},"DOI":"10.1109\/tifs.2022.3169923","type":"journal-article","created":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T19:32:59Z","timestamp":1650655979000},"page":"1725-1740","source":"Crossref","is-referenced-by-count":11,"title":["Hidden Path: Understanding the Intermediary in Malicious Redirections"],"prefix":"10.1109","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4022-3634","authenticated-orcid":false,"given":"Yuwei","family":"Zeng","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhicheng","family":"Liu","sequence":"additional","affiliation":[{"name":"CNCERT\/CC, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xunxun","family":"Chen","sequence":"additional","affiliation":[{"name":"CNCERT\/CC, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tianning","family":"Zang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"ref2","first-page":"1165","article-title":"FANCI: Feature-based automated NXDomain classification and intelligence","volume-title":"Proc. 27th Secur. Symp. (USENIX)","author":"Sch\u00fcppen"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2016.10"},{"key":"ref4","first-page":"491","article-title":"From throw-away traffic to bots: Detecting the rise of dga-based malware","volume-title":"Proc. 21st Secur. Symp. (USENIX)","author":"Antonakakis"},{"key":"ref5","first-page":"1","article-title":"EXPOSURE: Finding malicious domains using passive DNS analysis","volume-title":"Proc. NDSS","author":"Bilge"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23053"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00044"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359817"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_6"},{"key":"ref11","first-page":"1","article-title":"Measuring and detecting fast-flux service networks","volume-title":"Proc. NDSS","author":"Holz"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.36"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2960647"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_9"},{"key":"ref15","first-page":"1","article-title":"A crawler-based study of spyware on the web","volume-title":"Proc. NDSS","volume":"1","author":"Moshchuk"},{"key":"ref16","volume-title":"Alexa Top Sites","year":"2021"},{"key":"ref17","volume-title":"Umbrella Top Sites","year":"2021"},{"key":"ref18","volume-title":"Selenium","year":"2021"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046763"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.50"},{"key":"ref21","volume-title":"IPIP Net","year":"2021"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848047"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.8"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.57"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.17"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355599"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278569"},{"key":"ref29","first-page":"1025","article-title":"WebWitness: Investigating, categorizing, and mitigating malware download paths","volume-title":"Proc. 24th Secur. Symp. (USENIX)","author":"Nelms"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516682"},{"key":"ref31","first-page":"1","article-title":"All your iFRAMEs point to us","volume-title":"Proc. USENIX Secur. Symp.","author":"Mavrommatis"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01704-0_17"},{"key":"ref33","first-page":"977","article-title":"Iframes\/popups are dangerous in mobile webview: Studying and mitigating differential context vulnerabilities","volume-title":"Proc. 28th Secur. Symp. (USENIX)","author":"Yang"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420954"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660369"},{"key":"ref36","first-page":"941","article-title":"All your clicks belong to me: Investigating click interception on the web","volume-title":"Proc. 28th Secur. Symp. (USENIX)","author":"Zhang"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380124"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9652463\/09762296.pdf?arnumber=9762296","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,22]],"date-time":"2024-01-22T21:16:59Z","timestamp":1705958219000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9762296\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"references-count":37,"URL":"https:\/\/doi.org\/10.1109\/tifs.2022.3169923","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]}}}