{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T12:17:42Z","timestamp":1768393062630,"version":"3.49.0"},"reference-count":36,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,4]]},"DOI":"10.1109\/ecrime66972.2025.11327823","type":"proceedings-article","created":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T20:56:22Z","timestamp":1768337782000},"page":"1-10","source":"Crossref","is-referenced-by-count":0,"title":["Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications"],"prefix":"10.1109","author":[{"given":"Samuel","family":"Cheadle","sequence":"first","affiliation":[{"name":"Security, Stability, and Resiliency Research, Office of the CTO ICANN"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos H.","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Security, Stability, and Resiliency Research, Office of the CTO ICANN"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Si\u00f4n","family":"Lloyd","sequence":"additional","affiliation":[{"name":"Security, Stability, and Resiliency Research, Office of the CTO ICANN"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Samaneh","family":"Tajalizadehkhoob","sequence":"additional","affiliation":[{"name":"Security, Stability, and Resiliency Research, Office of the CTO ICANN"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"INFERMAL: Inferential analysis of maliciously registered domains","author":"Nosyk","year":"2024"},{"key":"ref2","article-title":"On the potential of proactive domain blacklisting","volume-title":"Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats (LEET)","author":"Felegyhazi"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"ref4","article-title":"Proactive recognition of domain abuse","volume-title":"Thesis","author":"Prins","year":"2020"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359836"},{"key":"ref6","article-title":"Early warning system for newly registered malicious domains : A machine learning and certificate transparency approach","volume-title":"Thesis","author":"Berenschot","year":"2024"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203423"},{"key":"ref8","article-title":"Phishing Landscape 2025: An Annual Study of the Scope and Distribution of Phishing","year":"2025"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.05.005"},{"key":"ref10","article-title":"On the effects of registrar-level intervention","volume-title":"4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 11)","author":"Liu"},{"key":"ref11","first-page":"207","article-title":"Understanding the dark side of domain parking","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Alrwais"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_17"},{"issue":"3","key":"ref13","first-page":"265","article-title":"Apples, oranges and hosting providers: Heterogeneity and security in the hosting market","volume":"3","author":"Tajalizadehkhoob","year":"2017","journal-title":"Journal of Cybersecurity"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196548"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/144179.144301"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/505202.505223"},{"key":"ref17","first-page":"273","article-title":"Building a Dynamic Reputation System for DNS","volume-title":"Proceedings of the 19th USENIX Security Symposium","author":"Antonakakis"},{"key":"ref18","article-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS)","author":"Bilge"},{"key":"ref19","first-page":"513","article-title":"Kopis: detecting Malware Domains at the Upper DNS Hierarchy","volume-title":"Proceedings of the 20th USENIX Security Symposium","author":"Antonakakis"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACDSA59508.2024.10467307"},{"key":"ref21","article-title":"Assessing the risk of new .nl registrations using RegCheck","author":"Wabeke","year":"2023"},{"key":"ref22","article-title":"Domain watch","year":"2025"},{"key":"ref23","article-title":"Bulk Registrations Uncovered: Legitimate Uses vs. Cybercriminal Exploits","year":"2025"},{"key":"ref24","article-title":"FAQ for Implementing the Temporary Specification for gTLD Registration Data","year":"2018"},{"key":"ref25","article-title":"Spamhaus Blocklists"},{"key":"ref26","article-title":"SURBL: URI Reputation Data"},{"key":"ref27","article-title":"Threat Intelligence Services"},{"key":"ref28","article-title":"PhishTank: Join the Fight Against Phishing"},{"key":"ref29","article-title":"urlscan.io - Website Scanning and Threat Intelligence"},{"key":"ref30","article-title":"APWG eCrime Exchange (eCX)"},{"key":"ref31","article-title":"URLhaus: Malware URL Database"},{"key":"ref32","article-title":"What is DNS Abuse?","year":"2020"},{"key":"ref33","first-page":"226","article-title":"A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise","volume-title":"Proceedings of the Second International Conference on Knowledge Discovery and Data Mining","author":"Ester"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"ref35","article-title":"ICANN Domain Metrica: A Measurement Platform -ICANN","year":"2024"},{"key":"ref36","article-title":"This Is a Local Domain: On Amassing Country-Code Top-Level Domains from Public Data","author":"Sommese","year":"2023"}],"event":{"name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","location":"San Diego, CA, USA","start":{"date-parts":[[2025,11,4]]},"end":{"date-parts":[[2025,11,7]]}},"container-title":["2025 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11326688\/11327697\/11327823.pdf?arnumber=11327823","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T07:20:55Z","timestamp":1768375255000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11327823\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,4]]},"references-count":36,"URL":"https:\/\/doi.org\/10.1109\/ecrime66972.2025.11327823","relation":{},"subject":[],"published":{"date-parts":[[2025,11,4]]}}}