Malicious websites pose a challenging cybersecurity threat. Traditional tools for detecting malicious websites rely heavily on industry-speci c domain knowledge, are maintained by large-scale research operations, and result in a never-ending attacker-defender dynamic. Malicious websites need to balance two opposing requirements to successfully function: escaping malware detection tools while attracting visitors. This fundamental con ict can be leveraged to create a robust and sustainable detection approach based on the extraction, analysis and learning of design attributes for malicious website identi cation.In this paper, we propose a next-generation algorithm for extended design attribute learning that learns and analyzes web page structures, contents, appearances and reputations to detect malicious websites. A large-scale experiment that was conducted on more than 35,000 websites suggests that the proposed algorithm effectively detects more than 83% of all malicious websites while maintaining a low falsepositive rate of 2%. In addition, the proposed method can incorporate user feedback and ag new suspicious websites and thus can be effective against zero-day attacks.