{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:57:56Z","timestamp":1773154676687,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["210137, 2335798, 2426653, 242778"],"award-info":[{"award-number":["210137, 2335798, 2426653, 242778"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,22]]},"DOI":"10.1145\/3696410.3714678","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T23:08:29Z","timestamp":1745363309000},"page":"945-956","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["7 Days Later: Analyzing Phishing-Site Lifespan After Detected"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8713-3863","authenticated-orcid":false,"given":"Kiho","family":"Lee","sequence":"first","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1931-1373","authenticated-orcid":false,"given":"Kyungchan","family":"Lim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1605-3866","authenticated-orcid":false,"given":"Hyoungshick","family":"Kim","sequence":"additional","affiliation":[{"name":"Sungkyunkwan University, Suwon, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0021-2850","authenticated-orcid":false,"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2024. Google Safe Browsing. https:\/\/safebrowsing.google.com\/. (Accessed on 10\/30\/2023)."},{"key":"e_1_3_2_1_2_1","unstructured":"2024. malware-filter. https:\/\/gitlab.com\/malware-filter\/phishing-filter. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. OpenPhish. https:\/\/openphish.com\/. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_4_1","unstructured":"2024. Phishing Army. https:\/\/phishing.army. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_5_1","unstructured":"2024. PhishStats. https:\/\/phishstats.info\/. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_6_1","unstructured":"2024. PhishTank. https:\/\/phishtank.org\/. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_7_1","unstructured":"2024. Phishunt. https:\/\/phishunt.io\/. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_8_1","unstructured":"2024. Public Suffix List. https:\/\/publicsuffix.org\/ (Accessed on 10\/11\/2024)."},{"key":"e_1_3_2_1_9_1","unstructured":"2024. The APWG eCrime Exchange (eCX). https:\/\/apwg.org\/ecx\/. (Accessed on 03\/13\/2024)."},{"key":"e_1_3_2_1_10_1","volume-title":"Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science","author":"Alkhalil Zainab","year":"2021","unstructured":"Zainab Alkhalil, Chaminda Hewage, Liqaa Nawaf, and Imtiaz Khan. 2021. Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science (2021)."},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/apwg.org\/membersdirectory\/ [Online","author":"Directory APWG.","year":"2025","unstructured":"APWG. 2024. APWG | MEMBERS Directory. https:\/\/apwg.org\/membersdirectory\/ [Online; accessed 2025-02-04]."},{"key":"e_1_3_2_1_12_1","unstructured":"Archive. 2024. Inside Safari 3.2's anti-phishing features. https:\/\/web.archive.org\/ web\/20210521014149\/https:\/\/www.macworld.com\/article\/193605\/safari-safebrowsing.html. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_13_1","unstructured":"Berstend. 2024. https:\/\/github.com\/berstend\/puppeteer-extra\/tree\/master\/ packages\/puppeteer-extra-plugin-stealth (Accessed on 03\/13\/2024)."},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. of the Network and Distributed System Security (NDSS).","author":"Bilge Leyla","year":"2011","unstructured":"Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Proc. of the Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030387"},{"key":"e_1_3_2_1_16_1","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA). 2021. Phishing Infrastructure Trends: Use of CDNs and Public Clouds. https:\/\/www.cisa.gov\/."},{"key":"e_1_3_2_1_17_1","unstructured":"CYBSAFE. 2024. The effects of phishing. https:\/\/www.cybsafe.com\/blog\/howcan-phishing-affect-a-business\/. (Accessed on 10\/04\/2024)."},{"key":"e_1_3_2_1_18_1","volume-title":"Proc. of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Dagon David","year":"2008","unstructured":"David Dagon, Niels Provos, Christopher P Lee, and Wenke Lee. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In Proc. of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3538997"},{"key":"e_1_3_2_1_20_1","unstructured":"FBI. 2023. Internet Crime Complaint Center Releases. https:\/\/www.ic3.gov\/ Media\/PDF\/AnnualReport\/2022_IC3Report.pdf. (Accessed on 10\/03\/2024)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.2307\/2340521"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00266"},{"key":"e_1_3_2_1_23_1","unstructured":"Google. 2023. Safe Browsing -- Google Safe Browsing. https:\/\/safebrowsing. google.com\/. (Accessed on 06\/08\/2023)."},{"key":"e_1_3_2_1_24_1","unstructured":"google. 2023. URLs and Hashing Safe Browsing APIs (v4) Google for Developers. https:\/\/developers.google.com\/safe-browsing\/v4\/urls-hashing. (Accessed on 09\/12\/2024)."},{"key":"e_1_3_2_1_25_1","unstructured":"Google. 2024. Puppeteer. https:\/\/pptr.dev\/ (Accessed on 08\/13\/2024)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Holz Thorsten","year":"2008","unstructured":"Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C Freiling. 2008. Measuring and detecting fast-flux service networks. In Proc. of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_28_1","first-page":"1","article-title":"CDN-enabled secure delivery of web content","volume":"14","author":"Huang Cheng","year":"2018","unstructured":"Cheng Huang, Nabil Samaan, and Danny De Vleeschauwer. 2018. CDN-enabled secure delivery of web content. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM) 14, 3 (2018), 1--20.","journal-title":"ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM)"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453100"},{"key":"e_1_3_2_1_30_1","unstructured":"Mitchell Krog. 2024. Phishing Database. https:\/\/github.com\/mitchellkrogza\/ Phishing. Database. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3657013"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645535"},{"key":"e_1_3_2_1_33_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX Security).","author":"Lin Yun","year":"2021","unstructured":"Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong. 2021. Phishpedia: A hybrid deep learning based approach to visually identify phishing webpages. In Proc. of the USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_34_1","volume-title":"On a test of whether one of two random variables is stochastically larger than the other. The annals of mathematical statistics","author":"Mann Henry B","year":"1947","unstructured":"Henry B Mann and Donald R Whitney. 1947. On a test of whether one of two random variables is stochastically larger than the other. The annals of mathematical statistics (1947), 50--60."},{"key":"e_1_3_2_1_35_1","first-page":"4","article-title":"Behind Phishing: An Examination of Phisher Modi Operandi","volume":"8","author":"McGrath D Kevin","year":"2008","unstructured":"D Kevin McGrath and Minaxi Gupta. 2008. Behind Phishing: An Examination of Phisher Modi Operandi. LEET 8 (2008), 4.","journal-title":"LEET"},{"key":"e_1_3_2_1_36_1","unstructured":"Mozilla. 2023. How does built-in Phishing and Malware Protection work? | Firefox Help. https:\/\/support.mozilla.org\/en-US\/kb\/how-does-phishing-and-malwareprotection-work. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX Security).","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, and Adam Doup\u00e9. 2020. {PhishTime}: Continuous longitudinal measurement of the effectiveness of anti-phishing blacklists. In Proc. of the USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"e_1_3_2_1_40_1","volume-title":"Proc. of the USENIX security symposium (USENIX security).","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In Proc. of the USENIX security symposium (USENIX security)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355585"},{"key":"e_1_3_2_1_42_1","unstructured":"Phoronix. 2023. Development Kicks Off With Safe Browsing Better Flatpak Handling. https:\/\/www.phoronix.com\/news\/Epiphany-3.27.1-Released. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. of the ACM SIGSAC conference on Computer and Communications Security (CCS).","author":"Thomas Kurt","year":"2017","unstructured":"Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, et al. 2017. Data breaches, phishing, or malware? Understanding the risks of stolen credentials. In Proc. of the ACM SIGSAC conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_44_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX Security).","author":"Der Heijden Amber Van","year":"2019","unstructured":"Amber Van Der Heijden and Luca Allodi. 2019. Cognitive triaging of phishing attacks. In Proc. of the USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_45_1","first-page":"41","article-title":"Detecting phishing attacks in the modern web using content delivery networks","volume":"4","author":"Verma Parul","year":"2018","unstructured":"Parul Verma and Kevin P Dyer. 2018. Detecting phishing attacks in the modern web using content delivery networks. Journal of Cybersecurity Research 4, 2 (2018), 41--55.","journal-title":"Journal of Cybersecurity Research"},{"key":"e_1_3_2_1_46_1","volume-title":"October","year":"2024","unstructured":"w3techs. 2024. Usage Statistics and Market Share of Web Servers, October 2024. https:\/\/w3techs.com\/technologies\/overview\/web_server. (Accessed on 10\/14\/2024)."},{"key":"e_1_3_2_1_47_1","volume-title":"Phishing mitigation techniques: A literature survey. arXiv preprint arXiv:2104.06989","author":"Wosah Nmachi Peace","year":"2021","unstructured":"Nmachi Peace Wosah and Thomas Win. 2021. Phishing mitigation techniques: A literature survey. arXiv preprint arXiv:2104.06989 (2021)."},{"key":"e_1_3_2_1_48_1","volume-title":"Cantina a feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC)","author":"Xiang Guang","year":"2011","unstructured":"Guang Xiang, Jason Hong, Carolyn P Rose, and Lorrie Cranor. 2011. Cantina a feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC) (2011)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00021"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559334"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","location":"Sydney NSW Australia","acronym":"WWW '25","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714678","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714678","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:56Z","timestamp":1750295936000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714678"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":50,"alternative-id":["10.1145\/3696410.3714678","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714678","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}