{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:09:51Z","timestamp":1777338591013,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,24]],"date-time":"2017-10-24T00:00:00Z","timestamp":1508803200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-13-1-0088"],"award-info":[{"award-number":["N00014-13-1-0088"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1618117"],"award-info":[{"award-number":["CNS-1618117"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978387","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T08:46:35Z","timestamp":1477385195000},"page":"1414-1425","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":53,"title":["All Your DNS Records Point to Us"],"prefix":"10.1145","author":[{"given":"Daiping","family":"Liu","sequence":"first","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}]},{"given":"Shuai","family":"Hao","sequence":"additional","affiliation":[{"name":"College of William and Mary, Williamsburg, VA, USA"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Aliyun. https:\/\/www.aliyun.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Amazon EC2. https:\/\/aws.amazon.com\/ec2\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Amazon EC2 and Amazon virtual private cloud. http:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-vpc.html."},{"key":"e_1_3_2_1_4_1","unstructured":"AWS IP address ranges. http:\/\/docs.aws.amazon.com\/general\/latest\/gr\/aws-ip-ranges.html."},{"key":"e_1_3_2_1_5_1","unstructured":"Azure SDK for python. http:\/\/azure-sdk-for-python.readthedocs.io\/en\/latest\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Boto: A python interface to amazon web services. http:\/\/boto.cloudhackers.com\/en\/latest\/."},{"key":"e_1_3_2_1_7_1","unstructured":"CrunchBase. https:\/\/www.crunchbase.com\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Doppelganger domain. https:\/\/en.wikipedia.org\/wiki\/Doppelganger_domain."},{"key":"e_1_3_2_1_9_1","unstructured":"Fishing the AWS IP pool for dangling domains. http:\/\/www.bishopfox.com\/blog\/2015\/10\/fishing-the-aws-ip-pool-for-dangling-domains\/."},{"key":"e_1_3_2_1_10_1","unstructured":"GeoIQ. https:\/\/crunchbase.com\/organization\/fortiusone."},{"key":"e_1_3_2_1_11_1","unstructured":"GoDaddy. https:\/\/www.godaddy.com\/."},{"key":"e_1_3_2_1_12_1","unstructured":"Google Apps. https:\/\/support.google.com\/a\/answer\/112038?hl=en."},{"key":"e_1_3_2_1_13_1","unstructured":"Hostile subdomain takeover. http:\/\/labsdetectify.wpengine.com\/2014\/10\/21\/hostile-subdomain-takeover-using-herokugithubdesk-more\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Implicit MX. http:\/\/tools.ietf.org\/html\/rfc5321#section-5."},{"key":"e_1_3_2_1_15_1","unstructured":"Let's Encrypt. https:\/\/letsencrypt.org\/."},{"key":"e_1_3_2_1_16_1","unstructured":"Mailgun. https:\/\/www.mailgun.com\/."},{"key":"e_1_3_2_1_17_1","unstructured":"Microsoft Azure. https:\/\/azure.microsoft.com\/en-us\/."},{"key":"e_1_3_2_1_18_1","unstructured":"Microsoft Azure datacenter ip ranges. https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=41653."},{"key":"e_1_3_2_1_19_1","unstructured":"Rackspace. https:\/\/www.rackspace.com\/en-us."},{"key":"e_1_3_2_1_20_1","unstructured":"Regions and availability zones. http:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-regions-availability-zones.html."},{"key":"e_1_3_2_1_21_1","unstructured":"Selenium. http:\/\/www.seleniumhq.org\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Shopify. https:\/\/www.shopify.com\/."},{"key":"e_1_3_2_1_23_1","unstructured":"SSL test. https:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=can.travelocity.com."},{"key":"e_1_3_2_1_24_1","unstructured":"Your default VPC and subnets. http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/default-vpc.html."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/1929820.1929844"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362817"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4033"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267591.1267609"},{"key":"e_1_3_2_1_29_1","volume-title":"NDSS","author":"Bilge L.","year":"2011","unstructured":"L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi. EXPOSURE: finding malicious domains using passive DNS analysis. In NDSS, 2011."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2006.31"},{"key":"e_1_3_2_1_31_1","volume-title":"NDSS","author":"Dagon D.","year":"2009","unstructured":"D. Dagon, M. Antonakakis, K. Day, X. Luo, C. P. Lee, and W. Lee. Recursive DNS architectures and vulnerability implications. In NDSS, 2009."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455798"},{"key":"e_1_3_2_1_33_1","volume-title":"NDSS","author":"Dagon D.","year":"2008","unstructured":"D. Dagon, C. Lee, W. Lee, and N. Provos. Corrupted DNS resolution paths: The rise of a malicious resolution authority. In NDSS, 2008."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534818"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855686.1855692"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2015.37"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_16"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2013.6682711"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523662"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267359.1267383"},{"key":"e_1_3_2_1_42_1","volume-title":"NDSS","author":"Jiang J.","year":"2012","unstructured":"J. Jiang, J. Liang, K. Li, J. Li, H. Duan, and J. Wu. Ghost domain name: Revoked yet still resolvable. In NDSS, 2012."},{"key":"e_1_3_2_1_43_1","volume-title":"Blackhat Briefings","author":"Kaminsky D.","year":"2008","unstructured":"D. Kaminsky. It's the end of the cache as we know it. In Blackhat Briefings, 2008."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.16"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_1_46_1","volume-title":"Domain-z: 28 registrations later -- measuring the exploitation of residual trust in domains","author":"Lever C.","year":"2016","unstructured":"C. Lever, R. Walls, Y. Nadji, D. Dagon, P. McDaniel, and M. Antonakakis. Domain-z: 28 registrations later -- measuring the exploitation of residual trust in domains. In IEEE S&P, 2016."},{"key":"e_1_3_2_1_47_1","volume-title":"USENIX Security","author":"Li F.","year":"2016","unstructured":"F. Li, Z. Durumeric, J. Czyz, M. Karami, M. Bailey, D. McCoy, S. Savage, and V. Paxson. You\\textquoterightve got vulnerability: Exploring effective vulnerability notifications. In USENIX Security, 2016."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1553374.1553462"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_3"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015503"},{"key":"e_1_3_2_1_52_1","volume-title":"Wsec DNS: Protecting recursive DNS resolvers from poisoning attacks","author":"Perdisci R.","year":"2009","unstructured":"R. Perdisci, M. Antonakakis, X. Luo, and W. Lee. Wsec DNS: Protecting recursive DNS resolvers from poisoning attacks. In IEEE\/IFIP DSN, 2009."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251086.1251121"},{"key":"e_1_3_2_1_54_1","volume-title":"The cracked cookie jar: HTTP cookie hijacking and the exposure of private information","author":"Sivakorn S.","year":"2016","unstructured":"S. Sivakorn, I. Polakis, and A. Keromytis. The cracked cookie jar: HTTP cookie hijacking and the exposure of private information. In IEEE S&P, 2016."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267591.1267610"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185376.2185387"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831188"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978387","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978387","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978387","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:25:23Z","timestamp":1763457923000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978387"}},"subtitle":["Understanding the Security Threats of Dangling DNS Records"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":58,"alternative-id":["10.1145\/2976749.2978387","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978387","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}