{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T15:02:53Z","timestamp":1776956573650,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2210137"],"award-info":[{"award-number":["2210137"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2335798"],"award-info":[{"award-number":["2335798"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["NRF-2021R1A6A1A13044830"],"award-info":[{"award-number":["NRF-2021R1A6A1A13044830"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Institute of Information & communications Technology Planning & Evaluation","award":["2022-0-00411"],"award-info":[{"award-number":["2022-0-00411"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluation","award":["IITP-2024-2020-0-01819"],"award-info":[{"award-number":["IITP-2024-2020-0-01819"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluation","award":["IITP-2023-2021-0-01810"],"award-info":[{"award-number":["IITP-2023-2021-0-01810"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3657013","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"856-872","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Beneath the Phishing Scripts: A Script-Level Analysis of Phishing Kits and Their Impact on Real-World Phishing Websites"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9984-6879","authenticated-orcid":false,"given":"Woonghee","family":"Lee","sequence":"first","affiliation":[{"name":"Korea University, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4823-4194","authenticated-orcid":false,"given":"Junbeom","family":"Hur","sequence":"additional","affiliation":[{"name":"Korea University, Seoul, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, Tennessee, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"1997. cURL - command line tool and library for transferring data with URLs. https:\/\/curl.se\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_2_1","unstructured":"2001. Drupal - Open Source CMS | Drupal.org. https:\/\/www.drupal.org\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_3_1","unstructured":"2001. PHPMailer\/PHPMailer: The classic email sending library for PHP. https:\/\/github.com\/PHPMailer\/PHPMailer (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_4_1","unstructured":"2002. Dolibarr Open Source ERP and CRM - Web suite for business. https:\/\/www.dolibarr.org\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_5_1","unstructured":"2002. LiveChat Official Site - Live Chat & Help Desk Solution. https:\/\/www.livechat.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_6_1","unstructured":"2002. Moodle - Open-source learning platform | Moodle.org. https:\/\/moodle.org\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_7_1","unstructured":"2002. Redis: The open source in-memory data store used by millions of developers as a database cache streaming engine and message broker. https:\/\/redis.io\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_8_1","unstructured":"2003. Anti-Phishing Working Group. eCrime Exchange. https:\/\/apwg.org\/ecx\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_9_1","volume-title":"Phishing Activity Trends Report. https:\/\/apwg.org\/trendsreports\/","year":"2023","unstructured":"2003. Anti-Phishing Working Group., Phishing Activity Trends Report. https:\/\/apwg.org\/trendsreports\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_10_1","unstructured":"2003. Laravel Echo library for beautiful Pusher and Ably integration. https:\/\/github.com\/laravel\/echo (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_11_1","unstructured":"2005. Joomla Content Management System (CMS) - try it! It's free! https:\/\/www.joomla.org\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_12_1","volume-title":"Fast","year":"2023","unstructured":"2005. WordPress.com: Fast, Secure Managed WordPress Hosting. https:\/\/wordpress.com\/\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_13_1","unstructured":"2006. Welcome to CodeIgniter. https:\/\/www.codeigniter.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_14_1","unstructured":"2007. Google Inc. Safe Browsing - Google Safe Browsing. https:\/\/safebrowsing.google.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_15_1","volume-title":"Voice, Video. https:\/\/www.twilio.com\/","year":"2023","unstructured":"2008. Twilio: Communication APIs for SMS, Voice, Video. https:\/\/www.twilio.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_16_1","volume-title":"CSS, and JS library in the world. https:\/\/getbootstrap.com\/\/","year":"2023","unstructured":"2011. Bootstrap \u00b7 The most popular HTML, CSS, and JS library in the world. https:\/\/getbootstrap.com\/\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_17_1","unstructured":"2011. Pusher | Leader In Realtime Technologies. https:\/\/pusher.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"2012. Selenium. https:\/\/www.selenium.dev\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_19_1","unstructured":"2012. Sendinblue.com - More than Just Email Marketing. https:\/\/www.sendinblue.com\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_20_1","unstructured":"2015. Telegram Bot API. https:\/\/core.telegram.org\/bots\/api (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_21_1","unstructured":"2016. fake-useragent 0.1.11. https:\/\/pypi.org\/project\/fake-useragent\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_22_1","unstructured":"2016. gRPC. https:\/\/grpc.io\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_23_1","unstructured":"2018. Mercure.rocks: Real-time APIs Made Easy. https:\/\/mercure.rocks\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_24_1","unstructured":"2019. Laravel - The PHP Framework For Web Artisans. https:\/\/laravel.com\/\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417233"},{"key":"e_1_3_2_1_26_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Acharya Bhupendra","year":"2021","unstructured":"Bhupendra Acharya and Phani Vadrevu. 2021. {PhishPrint}: evading phishing detection crawlers by prior profiling. In 30th USENIX Security Symposium (USENIX Security 21). 3775--3792."},{"key":"e_1_3_2_1_27_1","volume-title":"PhishAri: Automatic realtime phishing detection on twitter. In 2012 eCrime Researchers Summit","author":"Aggarwal Anupama","unstructured":"Anupama Aggarwal, Ashwin Rajadesingan, and Ponnurangam Kumaraguru. 2012. PhishAri: Automatic realtime phishing detection on twitter. In 2012 eCrime Researchers Summit. IEEE, 1--12."},{"key":"e_1_3_2_1_28_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Bijmans Hugo","year":"2021","unstructured":"Hugo Bijmans, Tim Booij, Anneke Schwedersky, Aria Nedgabat, and Rolf van Wegberg. 2021. Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection. In 30th USENIX Security Symposium (USENIX Security 21). 3757--3774."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866434"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.3390\/sym12101681"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030387"},{"key":"e_1_3_2_1_32_1","first-page":"1","article-title":"There Is No Free Phish: An Analysis of","volume":"8","author":"Cova Marco","year":"2008","unstructured":"Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2008. There Is No Free Phish: An Analysis of\" Free\" and Live Phishing Kits. WOOT 8 (2008), 1--8.","journal-title":"Free\" and Live Phishing Kits. WOOT"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Ian Fette and Alexey Melnikov. 2011. Rfc 6455: The websocket protocol.","DOI":"10.17487\/rfc6455"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2014.6963163"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-017-2531-9"},{"key":"e_1_3_2_1_38_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Ho Grant","year":"2019","unstructured":"Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M Voelker, and David Wagner. 2019. Detecting and characterizing lateral phishing at scale. In 28th USENIX Security Symposium (USENIX Security 19). 1273--1290."},{"key":"e_1_3_2_1_39_1","unstructured":"Microsoft Threat Intelligence. 2021. Catching the big fish: Analyzing a large-scale phishing-as-a-service operation. https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/09\/21\/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation\/ (Accessed: 10.02.2023)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.50"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484765"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","unstructured":"Martijn Koster Gary Illyes Henner Zeller and Lizzi Sassman. 2022. Robots Exclusion Protocol. RFC 9309. 10.17487\/RFC9309","DOI":"10.17487\/RFC9309"},{"key":"e_1_3_2_1_43_1","unstructured":"Luda Lazar. 2018. Our Analysis of 1 019 Phishing Kits. https:\/\/www.imperva.com\/blog\/our-analysis-of-1019-phishing-kits\/"},{"key":"e_1_3_2_1_44_1","volume-title":"USENIX Security Symposium. 3793--3810","author":"Lin Yun","year":"2021","unstructured":"Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong. 2021. Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages.. In USENIX Security Symposium. 3793--3810."},{"key":"e_1_3_2_1_45_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Liu Ruofan","year":"2023","unstructured":"Ruofan Liu, Yun Lin, Yifan Zhang, Penn Han Lee, and Jin Song Dong. 2023. Knowledge Expansion and Counterfactual Interaction for {Reference-Based} Phishing Detection. In 32nd USENIX Security Symposium (USENIX Security 23). 4139--4156."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2006.23"},{"key":"e_1_3_2_1_47_1","unstructured":"Imran Khan Marcel Feller Fahad Iqbal. 2021. We're gonna need a bigger boat: An analysis of recently caught phishing kits. https:\/\/www.nortonlifelock.com\/blogs\/norton-labs\/phishing-kits"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2016.10"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423632"},{"key":"e_1_3_2_1_50_1","volume-title":"Phishing Kits Source Code Similarity Distribution: A Case Study. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 983--994","author":"Merlo Ettore","year":"2022","unstructured":"Ettore Merlo, Mathieu Margier, Guy-Vincent Jourdan, and Iosif-Viorel Onut. 2022. Phishing Kits Source Code Similarity Distribution: A Case Study. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 983--994."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_1_52_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, and Adam Doup\u00e9. 2020. {PhishTime}: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists. In 29th USENIX Security Symposium (USENIX Security 20). 379--396."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"e_1_3_2_1_54_1","volume-title":"29th {USENIX} Security Symposium ({USENIX} Security 20).","author":"Oest Adam","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In 29th {USENIX} Security Symposium ({USENIX} Security 20)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329818"},{"key":"e_1_3_2_1_56_1","unstructured":"Tiago Pereira. 2023. New phishing-as-a-service tool \"Greatness\" already seen in the wild. https:\/\/blog.talosintelligence.com\/new-phishing-as-a-service-tool-greatness-already-seen-in-the-wild\/"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-019-01637-z"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Angelo PE Rosiello Engin Kirda Fabrizio Ferrandi et al. 2007. A layout-similarity-based approach for detecting phishing pages. In 2007 third international conference on security and privacy in communications networks and the workshops-securecomm 2007. IEEE 454--463.","DOI":"10.1109\/SECCOM.2007.4550367"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Peter Saint-Andre. 2011. RFC 6120: extensible messaging and presence protocol (XMPP): core.","DOI":"10.17487\/rfc6120"},{"key":"e_1_3_2_1_60_1","volume-title":"4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 11)","author":"Stone-Gross Brett","year":"2011","unstructured":"Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna. 2011. The Underground Economy of Spam: A Botmaster's Perspective of Coordinating {Large-Scale} Spam Campaigns. In 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 11)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561467"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime57793.2022.10142092"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"key":"e_1_3_2_1_64_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Thomas Kurt","year":"2013","unstructured":"Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson. 2013. {Trafficking} Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. In 22nd USENIX Security Symposium (USENIX Security 13). 195--210."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the Internet Measurement Conference","author":"Tian Ke","year":"2018","unstructured":"Ke Tian, Steve TK Jan, Hang Hu, Danfeng Yao, and Gang Wang. 2018. Needle in a haystack: Tracking down elite phishing domains in the wild. In Proceedings of the Internet Measurement Conference 2018. 429--442."},{"key":"e_1_3_2_1_66_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Tu Huahong","year":"2019","unstructured":"Huahong Tu, Adam Doup\u00e9, Ziming Zhao, and Gail-Joon Ahn. 2019. Users really do answer telephone scams. In 28th USENIX Security Symposium (USENIX Security 19). 1327--1340."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btg005"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"crossref","unstructured":"Suzanne Widup Alex Pinto David Hylender Gabriel Bassett and Philippe langlois. 2021. 2021 Verizon Data Breach Investigations Report.","DOI":"10.1016\/S1361-3723(21)00061-0"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1108\/EL-05-2019-0118"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00021"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559334"}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657013","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3634737.3657013","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3634737.3657013","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:07Z","timestamp":1750290247000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657013"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":71,"alternative-id":["10.1145\/3634737.3657013","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3657013","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}