{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T17:41:51Z","timestamp":1772905311476,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Office of Naval Research","award":["N00014-20-1-2720"],"award-info":[{"award-number":["N00014-20-1-2720"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CMMI-1842020,CNS-1813974,CNS-1941617,CNS-2126654"],"award-info":[{"award-number":["CMMI-1842020,CNS-1813974,CNS-1941617,CNS-2126654"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484765","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"36-50","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":34,"title":["Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits"],"prefix":"10.1145","author":[{"given":"Brian","family":"Kondracki","sequence":"first","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"given":"Babak Amin","family":"Azad","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"given":"Oleksii","family":"Starov","sequence":"additional","affiliation":[{"name":"Palo Alto Networks, Santa Clara, CA, USA"}]},{"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2021. Amazon Web Services. https:\/\/aws.amazon.com."},{"key":"e_1_3_2_2_2_1","unstructured":"2021. Apache Traffic Server. https:\/\/trafficserver.apache.org."},{"key":"e_1_3_2_2_3_1","unstructured":"2021. Apache Web Server. https:\/\/apache.org."},{"key":"e_1_3_2_2_4_1","unstructured":"2021. Certificate Transparency. https:\/\/certificate-transparency.org."},{"key":"e_1_3_2_2_5_1","unstructured":"2021. CloudFlare. https:\/\/cloudflare.com."},{"key":"e_1_3_2_2_6_1","unstructured":"2021. CredSniper. https:\/\/github.com\/ustayready\/CredSniper."},{"key":"e_1_3_2_2_7_1","unstructured":"2021. Digital Ocean. https:\/\/digitalocean.com."},{"key":"e_1_3_2_2_8_1","unstructured":"2021. Evilginx. https:\/\/github.com\/kgretzky\/evilginx2."},{"key":"e_1_3_2_2_9_1","unstructured":"2021. Facebook Certificate Transparency API. https:\/\/developers.facebook.com\/docs\/certificate-transparency."},{"key":"e_1_3_2_2_10_1","unstructured":"2021. JA3. https:\/\/github.com\/salesforce\/ja3."},{"key":"e_1_3_2_2_11_1","unstructured":"2021. JA3er. https:\/\/ja3er.com."},{"key":"e_1_3_2_2_12_1","unstructured":"2021. Let's Encrypt. https:\/\/letsencrypt.org."},{"key":"e_1_3_2_2_13_1","unstructured":"2021. Linode. https:\/\/linode.com."},{"key":"e_1_3_2_2_14_1","unstructured":"2021. Modlishka. https:\/\/github.com\/drk1wi\/Modlishka."},{"key":"e_1_3_2_2_15_1","unstructured":"2021. Muraena. https:\/\/github.com\/muraenateam\/muraena."},{"key":"e_1_3_2_2_16_1","unstructured":"2021. Necrobrowser. https:\/\/github.com\/muraenateam\/necrobrowser."},{"key":"e_1_3_2_2_17_1","unstructured":"2021. Nginx. https:\/\/nginx.com."},{"key":"e_1_3_2_2_18_1","unstructured":"2021. Openphish. https:\/\/openphish.com."},{"key":"e_1_3_2_2_19_1","unstructured":"2021. Phishtank. https:\/\/phishtank.com."},{"key":"e_1_3_2_2_20_1","unstructured":"2021. Reelphish. https:\/\/github.com\/fireeye\/ReelPhish."},{"key":"e_1_3_2_2_21_1","unstructured":"2021. Selenium. https:\/\/selenium.dev."},{"key":"e_1_3_2_2_22_1","unstructured":"2021. Squid Proxy Server. http:\/\/squid-cache.org."},{"key":"e_1_3_2_2_23_1","unstructured":"2021. TLS Prober. https:\/\/github.com\/WestpointLtd\/tls_prober."},{"key":"e_1_3_2_2_24_1","unstructured":"2021. TOR. https:\/\/torproject.org."},{"key":"e_1_3_2_2_25_1","unstructured":"2021. VirusTotal. https:\/\/virustotal.com."},{"key":"e_1_3_2_2_26_1","unstructured":"2021. VirusTotal Evilginx Analysis Results. https:\/\/www.virustotal.com\/gui\/file\/35636566f7ce11d44c2acf6ce6dca00b730b39710e82000a0e92b4af4a75e52c\/detection."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417233"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.07.067"},{"key":"e_1_3_2_2_29_1","unstructured":"Daniel R Alexander. 2015. Inferring the Presence of Reverse Proxies Through Timing Analysis. Technical Report. Naval Postgraduate School Monterey CA."},{"key":"e_1_3_2_2_30_1","volume-title":"Proceedings of the 10th USENIX Security Symposium (USENIX Security)","volume":"11","author":"Antonakakis Manos","year":"2011","unstructured":"Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, and David Dagon. 2011. Detecting Malware Domains at the Upper DNS Hierarchy.. In Proceedings of the 10th USENIX Security Symposium (USENIX Security), Vol. 11. 1--16."},{"key":"e_1_3_2_2_31_1","unstructured":"APWG. 2017. Global Phishing Survey: Trends and Domain Name Use in 2016. Technical Report."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866434"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66402-6_22"},{"key":"e_1_3_2_2_35_1","volume-title":"22nd USENIX Security Symposium. 605--620","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In 22nd USENIX Security Symposium. 605--620."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.50"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-017-0414-0"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5934995"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2016.7841036"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_10"},{"key":"e_1_3_2_2_44_1","volume-title":"Dr V Prasanna Venkatesan, et al.","author":"Martin Anutthamaa","year":"2011","unstructured":"Anutthamaa Martin, Na Anutthamaa, M Sathyavathy, Marie Manjari Saint Francois, Dr V Prasanna Venkatesan, et al. 2011. A framework for predicting phishing websites using neural networks. arXiv preprint arXiv:1109.1074 (2011)."},{"key":"e_1_3_2_2_45_1","unstructured":"S Matthew and Geoffrey Xie. 2013. Fingerprinting Reverse Proxies Using Timing Analysis of TCP Flows. Technical Report. Naval Postgraduate School Monterey CA."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1460877.1460905"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991093"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241154"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"e_1_3_2_2_52_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security).","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. In Proceedings of the 29th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2010.5462216"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"e_1_3_2_2_55_1","unstructured":"Steve Sheng Brad Wardman Gary Warner Lorrie Cranor Jason Hong and Chengshan Zhang. 2009. An Empirical Analysis of Phishing Blacklists. (2009)."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920263"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3323404"},{"key":"e_1_3_2_2_59_1","unstructured":"Matthew S Weant. 2013. Fingerprinting reverse proxies using timing analysis of TCP flows. Technical Report. Naval Postgraduate School Monterey CA."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04918-2_18"},{"key":"e_1_3_2_2_61_1","volume-title":"Proceedings of the 17th Network and Distributed System Security Symposium (NDSS).","author":"Whittaker Colin","year":"2010","unstructured":"Colin Whittaker, Brian Ryner, and Marria Nazif. 2010. Large-scale automatic classification of phishing pages. In Proceedings of the 17th Network and Distributed System Security Symposium (NDSS)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484765","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484765","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484765","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:51:31Z","timestamp":1763499091000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484765"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":61,"alternative-id":["10.1145\/3460120.3484765","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484765","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}