{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T00:10:30Z","timestamp":1769731830196,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["210137, 2335798, 2426653, 242778"],"award-info":[{"award-number":["210137, 2335798, 2426653, 242778"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,22]]},"DOI":"10.1145\/3696410.3714710","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:52:18Z","timestamp":1745362338000},"page":"957-968","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-1931-1373","authenticated-orcid":false,"given":"Kyungchan","family":"Lim","sequence":"first","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8713-3863","authenticated-orcid":false,"given":"Kiho","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5268-0413","authenticated-orcid":false,"given":"Fujiao","family":"Ji","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0021-2850","authenticated-orcid":false,"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1605-3866","authenticated-orcid":false,"given":"Hyoungshick","family":"Kim","sequence":"additional","affiliation":[{"name":"Sungkyunkwan University, Suwon, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2024. Blogger: Posts. https:\/\/www.blogger.com\/. (Accessed on 09\/07\/2024)."},{"key":"e_1_3_2_1_2_1","unstructured":"2024. ChromeDriver. https:\/\/chromedriver.chromium.org. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. Contributing rules | Semgrep. https:\/\/semgrep.dev\/docs\/contributing\/contributing-to-semgrep-rules-repository. (Accessed on 05\/15\/2024)."},{"key":"e_1_3_2_1_4_1","unstructured":"2024. Cross Site Scripting (XSS) | OWASP Foundation. https:\/\/owasp.org\/www-community\/attacks\/xss\/. (Accessed on 09\/07\/2024)."},{"key":"e_1_3_2_1_5_1","unstructured":"2024. CWE - CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag. https:\/\/cwe.mitre.org\/data\/definitions\/1004.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_6_1","unstructured":"2024. CWE - CWE-22: Improper Limitation of a Pathname to a Restricted Directory. https:\/\/cwe.mitre.org\/data\/definitions\/22.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_7_1","unstructured":"2024. CWE - CWE-502: Deserialization of Untrusted Data. https:\/\/cwe.mitre.org\/data\/definitions\/502.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_8_1","unstructured":"2024. CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). https:\/\/cwe.mitre.org\/data\/definitions\/79.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_9_1","unstructured":"2024. CWE - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). https:\/\/cwe.mitre.org\/data\/definitions\/89.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_10_1","unstructured":"2024. CWE - CWE-918: Server-Side Request Forgery (SSRF). https:\/\/cwe.mitre.org\/data\/definitions\/918.html. (Accessed on 09\/14\/2024)."},{"key":"e_1_3_2_1_11_1","unstructured":"2024. Fast web fuzzer. https:\/\/github.com\/ffuf\/ffuf (Accessed on 09\/19\/2024)."},{"key":"e_1_3_2_1_12_1","unstructured":"2024. HTTP headers - HTTP | MDN. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers. (Accessed on 09\/07\/2024)."},{"key":"e_1_3_2_1_13_1","unstructured":"2024. IANA Message Headers. https:\/\/www.iana.org\/assignments\/message-headers\/message-headers.xhtml. (Accessed on 09\/19\/2024)."},{"key":"e_1_3_2_1_14_1","unstructured":"2024. PHP. https:\/\/www.php.net\/. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_15_1","unstructured":"2024. publicsuffix\/list: The Public Suffix List. https:\/\/github.com\/publicsuffix\/list?tab=readme-ov-file. (Accessed on 09\/18\/2024)."},{"key":"e_1_3_2_1_16_1","unstructured":"2024. RFC 2616 - Hypertext Transfer Protocol -- HTTP\/1.1. https:\/\/datatracker.ietf .org\/doc\/html\/rfc2616#section-15.1.1. (Accessed on 09\/08\/2024)."},{"key":"e_1_3_2_1_17_1","unstructured":"2024. Semgrep. https:\/\/semgrep.dev\/ (Accessed on 09\/06\/2024)."},{"key":"e_1_3_2_1_18_1","unstructured":"2024. shellray. https:\/\/shellray.com\/. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_19_1","unstructured":"2024. Stegosploit. https:\/\/stegosploit.info\/ (Accessed on 09\/06\/2024)."},{"key":"e_1_3_2_1_20_1","unstructured":"2024. The Apache HTTP Server Project. https:\/\/httpd.apache.org\/. (Accessed on 09\/07\/2024)."},{"key":"e_1_3_2_1_21_1","unstructured":"2024. The APWG eCrime Exchange (eCX). https:\/\/apwg.org\/ecx\/. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_22_1","unstructured":"2024. VirusShare.com. https:\/\/virusshare.com\/. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_23_1","unstructured":"2024. Wix.com. https:\/\/wix.com\/. (Accessed on 09\/07\/2024)."},{"key":"e_1_3_2_1_24_1","volume-title":"Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science","author":"Alkhalil Zainab","year":"2021","unstructured":"Zainab Alkhalil, Chaminda Hewage, Liqaa Nawaf, and Imtiaz Khan. 2021. Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science (2021)."},{"key":"e_1_3_2_1_25_1","unstructured":"Amir Alush Dickson Neoh and Danny Bickson et al. 2024. Fastdup. GitHub.Note: https:\/\/github.com\/visuallayer\/fastdup. (Accessed on 09\/13\/2024)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_7"},{"key":"e_1_3_2_1_27_1","volume-title":"Wayback Machine. https:\/\/web.archive.org\/ [Online","year":"2024","unstructured":"Archive. 2024. Wayback Machine. https:\/\/web.archive.org\/ [Online; accessed 2024-08--30]."},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. of the USENIX security symposium.","author":"Bijmans Hugo","year":"2021","unstructured":"Hugo Bijmans, Tim Booij, Anneke Schwedersky, Aria Nedgabat, and Rolf van Wegberg. 2021. Catching phishers by their bait: Investigating the dutch phishing landscape through phishing kit detection. In Proc. of the USENIX security symposium."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2007.33"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866354"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC.2014.146"},{"key":"e_1_3_2_1_32_1","volume-title":"Proc. of the WOOT","author":"Cova Marco","year":"2008","unstructured":"Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2008. There Is No Free Phish: An Analysis of\" Free\" and Live Phishing Kits. Proc. of the WOOT (2008)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Birhanu Eshete Abeer Alhuzali Maliheh Monshizadeh Phillip A Porras Venkat N Venkatakrishnan and Vinod Yegneswaran. 2015. EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration.. In NDSS.","DOI":"10.14722\/ndss.2015.23237"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS54544.2021.00020"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2017.8002896"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453100"},{"key":"e_1_3_2_1_38_1","volume-title":"Humboldt: A distributed phishing disruption system. In 2009 eCrime Researchers Summit","author":"Knickerbocker Paul","year":"2009","unstructured":"Paul Knickerbocker, Dongting Yu, and Jun Li. 2009. Humboldt: A distributed phishing disruption system. In 2009 eCrime Researchers Summit. IEEE, 1--12."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.23919\/CYCON.2018.8405025"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00079"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645535"},{"key":"e_1_3_2_1_42_1","volume-title":"Proc. of the USENIX Security Symposium.","author":"Lin Yun","year":"2021","unstructured":"Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong. 2021. Phishpedia: A hybrid deep learning based approach to visually identify phishing webpages. In Proc. of the USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","volume-title":"Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List. 7","author":"Liu Ruofan","year":"2019","unstructured":"Ruofan Liu, Yun Lin, Xiwen Teoh, Gongshen Liu, Zhiyong Huang, and Jin Song Dong. 2019. Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List. 7 (2019)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(13)70053-8"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24212-0_12"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186091"},{"key":"e_1_3_2_1_47_1","unstructured":"NVD. 2024. NVD - CVE-2023--25690. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023--25690. (Accessed on 09\/30\/2024)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_1_49_1","volume-title":"Proc. of the USENIX Security Symposium.","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, and Adam Doup\u00e9. 2020. {PhishTime}: Continuous longitudinal measurement of the effectiveness of anti-phishing blacklists. In Proc. of the USENIX Security Symposium."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"e_1_3_2_1_51_1","volume-title":"Proc. of the USENIX Security Symposium.","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In Proc. of the USENIX Security Symposium."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3333883"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23046"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime57793.2022.10142092"},{"key":"e_1_3_2_1_55_1","unstructured":"Tranco. 2024. Tranco. https:\/\/tranco-list.eu\/. (Accessed on 09\/19\/2024)."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Suzanne Widup Alex Pinto David Hylender Gabriel Bassett and Philippe langlois. 2021. Verizon Data Breach Investigations Report.","DOI":"10.1016\/S1361-3723(21)00061-0"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Craig E Wills and Mikhail Mikhailov. 1999. Towards a better understanding of web resources and server responses for improved caching. (1999).","DOI":"10.1016\/S1389-1286(99)00037-7"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2892066"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00021"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","location":"Sydney NSW Australia","acronym":"WWW '25","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714710","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714710","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:57Z","timestamp":1750295937000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714710"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":60,"alternative-id":["10.1145\/3696410.3714710","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714710","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}