{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T13:51:45Z","timestamp":1772113905404,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":92,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2106DGX,CNS-1617902,CNS-1617593,CNS-1735396"],"award-info":[{"award-number":["2106DGX,CNS-1617902,CNS-1617593,CNS-1735396"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000190","name":"U.S. Department of Commerce","doi-asserted-by":"publisher","award":["2106DEK, 2106DZD"],"award-info":[{"award-number":["2106DEK, 2106DZD"]}],"id":[{"id":"10.13039\/100000190","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-16-1-2264"],"award-info":[{"award-number":["N00014-16-1-2264"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["2106DTX"],"award-info":[{"award-number":["2106DTX"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134002","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"569-586","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":104,"title":["Hiding in Plain Sight"],"prefix":"10.1145","author":[{"given":"Panagiotis","family":"Kintis","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Najmeh","family":"Miramirkhani","sequence":"additional","affiliation":[{"name":"Stony Brook University, Brookhaven, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Charles","family":"Lever","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yizheng","family":"Chen","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rosa","family":"Romero-G\u00f3mez","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nikolaos","family":"Pitropakis","sequence":"additional","affiliation":[{"name":"London South Bank University, London, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Brookhaven, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manos","family":"Antonakakis","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2008. Combosquatting: The Business of Cybersquatting. In FairWinds Partners LLC."},{"key":"e_1_3_2_2_2_1","unstructured":"2015. Domain Blacklist: driveby. http:\/\/www.blade-defender.org\/ eval-lab\/. (2015)."},{"key":"e_1_3_2_2_3_1","unstructured":"2016. Domain Blacklist: abuse.ch. http:\/\/www.abuse.ch\/. (2016)."},{"key":"e_1_3_2_2_4_1","unstructured":"2016. Domain Blacklist: Blackhole DNS. http:\/\/www.malwaredomains.com\/ wordpress\/?page_id=6. (2016)."},{"key":"e_1_3_2_2_5_1","unstructured":"2016. Domain Blacklist: hphosts. http:\/\/hosts-file.net\/'s=Download. (2016)."},{"key":"e_1_3_2_2_6_1","unstructured":"2016. Domain Blacklist: itmate. http:\/\/vurl.mysteryfcm.co.uk\/. (2016)."},{"key":"e_1_3_2_2_7_1","unstructured":"2016. Domain Blacklist: sagadc. http:\/\/dns-bh.sagadc.org\/. (2016)."},{"key":"e_1_3_2_2_8_1","unstructured":"2016. Domain Blacklist: SANS. https:\/\/isc.sans.edu\/suspicious_domains. html. (2016)."},{"key":"e_1_3_2_2_9_1","unstructured":"2016. Malware Domain List. http:\/\/www.malwaredomainlist.com\/forums\/ index.php?topic=3270.0. (2016)."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"crossref","unstructured":"2017. Certificate Transparency. https:\/\/www.certificate-transparency. org. (2017).","DOI":"10.1515\/popets-2017-0052"},{"key":"e_1_3_2_2_11_1","unstructured":"Josh Aas. 2015. Let's Encrypt: The CA's Role in Fighting Phishing and Malware. https:\/\/letsencrypt.org\/2015\/10\/29\/phishing-and-malware. html. (2015)."},{"key":"e_1_3_2_2_12_1","unstructured":"ACPA 1999. Anticybersquatting Consumer Protection Act (ACPA). http:\/\/www. patents.com\/acpa.htm. (November 1999)."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23058"},{"key":"e_1_3_2_2_14_1","unstructured":"Alexa. 2016. The Web Information Company. http:\/\/www.alexa.com\/. (2016)."},{"key":"e_1_3_2_2_15_1","unstructured":"AllSlang. 2016. Slang Dictionary - Text Slang & Internet Slang Words. http: \/\/www.noslang.com\/dictionary\/. (2016)."},{"key":"e_1_3_2_2_16_1","unstructured":"AllSlang. 2016. Swear Word List & Curse Filter. http:\/\/www.noswearing.com\/ dictionary. (2016)."},{"key":"e_1_3_2_2_17_1","volume-title":"ScanBox framework -- who's affected, and who's using it? http:\/\/2014.zeronights.org\/assets\/files\/slides\/roaming_tiger_ zeronights_2014.pdf. (July","author":"Anton Cherepanov","year":"2014","unstructured":"Anton Cherepanov. 2014. ScanBox framework -- who's affected, and who's using it? http:\/\/2014.zeronights.org\/assets\/files\/slides\/roaming_tiger_ zeronights_2014.pdf. (July 2014)."},{"key":"e_1_3_2_2_18_1","volume-title":"the Proceedings of 19th USENIX Security Symposium (USENIX Security '10)","author":"Manos Antonakakis Roberto Perdisci","year":"2010","unstructured":"Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. 2010. Building a Dynamic Reputation System for DNS. In the Proceedings of 19th USENIX Security Symposium (USENIX Security '10) ."},{"key":"e_1_3_2_2_19_1","volume-title":"Detecting Malware Domains in the Upper DNS Hierarchy. In the Proceedings of 20th USENIX Security Symposium (USENIX Security '11)","author":"Manos Antonakakis Roberto Perdisci","year":"2011","unstructured":"Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, and David Dagon. 2011. Detecting Malware Domains in the Upper DNS Hierarchy. In the Proceedings of 20th USENIX Security Symposium (USENIX Security '11)."},{"key":"e_1_3_2_2_20_1","volume-title":"the Proceedings of 21th USENIX Security Symposium (USENIX Security '12)","author":"Manos Antonakakis Roberto Perdisci","year":"2012","unstructured":"Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware. In the Proceedings of 21th USENIX Security Symposium (USENIX Security '12)."},{"key":"e_1_3_2_2_21_1","volume-title":"Illuminating the Etumbot APT Backdoor. https:\/\/github.com\/kbandla\/APTnotes\/blob\/master\/2014\/ ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT. pdf. (June","author":"Asert","year":"2014","unstructured":"Asert. 2014. Illuminating the Etumbot APT Backdoor. https:\/\/github.com\/kbandla\/APTnotes\/blob\/master\/2014\/ ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT. pdf. (June 2014)."},{"key":"e_1_3_2_2_22_1","volume-title":"The Four Element Sword Engagement. https:\/\/www. arbornetworks.com\/blog\/asert\/four-element-sword-engagement\/. (April","author":"Asert","year":"2016","unstructured":"Asert. 2016. The Four Element Sword Engagement. https:\/\/www. arbornetworks.com\/blog\/asert\/four-element-sword-engagement\/. (April 2016)."},{"key":"e_1_3_2_2_23_1","volume-title":"Uncovering the Seven Pointed Dagger Discovery of the Trochilus RAT and Other Targeted Threats. https:\/\/goo.gl\/zMbqpA. (January","author":"Asert","year":"2016","unstructured":"Asert. 2016. Uncovering the Seven Pointed Dagger Discovery of the Trochilus RAT and Other Targeted Threats. https:\/\/goo.gl\/zMbqpA. (January 2016)."},{"key":"e_1_3_2_2_24_1","volume-title":"RAID 2016, Paris, France, September 19--21, 2016, Proceedings. 188--208","author":"Rodney Joffe","year":"2016","unstructured":"Athanasios Kountouras and Panagiotis Kintis and Chaz Lever and Yizheng Chen and Yacin Nadji and David Dagon and Manos Antonakakis and Rodney Joffe. 2016. Enabling Network Security Through Active DNS Datasets. In Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19--21, 2016, Proceedings. 188--208. https:\/\/doi.org\/10. 1007\/978-3-319-45719-2_9"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of NDSS.","author":"Leyla Bilge Engin Kirda","year":"2011","unstructured":"Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPO- SURE: Finding Malicious Domains Using Passive DNS Analysis. In Proceedings of NDSS."},{"key":"e_1_3_2_2_26_1","volume-title":"A Closer Look at MiniDuke. https:\/\/labs.bitdefender. com\/wp-content\/uploads\/downloads\/2013\/04\/MiniDuke_Paper_Final. pdf. (May","author":"Bitdefender","year":"2013","unstructured":"Bitdefender. 2013. A Closer Look at MiniDuke. https:\/\/labs.bitdefender. com\/wp-content\/uploads\/downloads\/2013\/04\/MiniDuke_Paper_Final. pdf. (May 2013)."},{"key":"e_1_3_2_2_27_1","volume-title":"ROCKET KIT TEN: A CAM- PAIGN WITH 9 LIVES","author":"TECHNOLOGIES.","year":"2015","unstructured":"CHECK POINT SOFTWARE TECHNOLOGIES. 2015. ROCKET KIT TEN: A CAM- PAIGN WITH 9 LIVES. http:\/\/blog.checkpoint.com\/wp-content\/uploads\/ 2015\/11\/rocket-kitten-report.pdf. (November 2015)."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_12"},{"key":"e_1_3_2_2_29_1","unstructured":"Jason W Clark and Damon McCoy. 2013. There Are No Free iPads: An Analysis of Survey Scams as a Business.. In LEET."},{"key":"e_1_3_2_2_30_1","volume-title":"OPERATION DUST STORM. https:\/\/www.cylance.com\/ hubfs\/2015_cylance_website\/assets\/operation-dust-storm\/Op_Dust_ Storm_Report.pdf?t=1477417126448. (February","author":"Cylance","year":"2016","unstructured":"Cylance. 2016. OPERATION DUST STORM. https:\/\/www.cylance.com\/ hubfs\/2015_cylance_website\/assets\/operation-dust-storm\/Op_Dust_ Storm_Report.pdf?t=1477417126448. (February 2016)."},{"key":"e_1_3_2_2_31_1","volume-title":"Proceedings of BlackHat Security.","author":"Artem Dinaburg","year":"2011","unstructured":"Artem Dinaburg. 2011. Bitsquatting: DNS Hijacking without Exploitation. In Proceedings of BlackHat Security."},{"key":"e_1_3_2_2_32_1","unstructured":"dmoz. 2016. DMOZ - the Open Directory Project. http:\/\/www.dmoz.org. (2016)."},{"key":"e_1_3_2_2_33_1","volume-title":"Large-scale registration of domains with typographical errors","author":"Edelman Benjamin","year":"2003","unstructured":"Edelman, Benjamin. 2003. Large-scale registration of domains with typographical errors. Harvard University (2003)."},{"key":"e_1_3_2_2_34_1","volume-title":"Turbo Twist: Two 64-bit Derusbi Strains Converge","author":"Fidelis Threat Research Team","year":"2016","unstructured":"Fidelis Threat Research Team. 2016. Turbo Twist: Two 64-bit Derusbi Strains Converge. http:\/\/www.threatgeek.com\/2016\/05\/ turbo-twist-two-64-bit-derusbi-strains-converge.html. (May 2016)."},{"key":"e_1_3_2_2_35_1","volume-title":"OPERATION SAFFRON ROSE. https:\/\/www.fireeye. com\/content\/dam\/fireeye-www\/global\/en\/current-threats\/pdfs\/ rpt-operation-saffron-rose.pdf. (May","author":"FireEye","year":"2013","unstructured":"FireEye. 2013. OPERATION SAFFRON ROSE. https:\/\/www.fireeye. com\/content\/dam\/fireeye-www\/global\/en\/current-threats\/pdfs\/ rpt-operation-saffron-rose.pdf. (May 2013)."},{"key":"e_1_3_2_2_36_1","volume-title":"SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/ global\/en\/current-threats\/pdfs\/rpt-malware-supply-chain.pdf. (No- vember","author":"FireEye","year":"2013","unstructured":"FireEye. 2013. SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/ global\/en\/current-threats\/pdfs\/rpt-malware-supply-chain.pdf. (No- vember 2013)."},{"key":"e_1_3_2_2_37_1","unstructured":"FireEye. 2014. Top Words Used in Spear Phishing Attacks. (2014)."},{"key":"e_1_3_2_2_38_1","volume-title":"https:\/\/public.gdatasoftware.com\/Presse\/Publikationen\/ Whitepaper\/EN\/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf . (October","author":"WORK.","year":"2014","unstructured":"G DATA. 2014. OPERATION \"TOOHASH\" HOW TARGETED ATTACKS WORK. https:\/\/public.gdatasoftware.com\/Presse\/Publikationen\/ Whitepaper\/EN\/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf . (October 2014)."},{"key":"e_1_3_2_2_39_1","first-page":"2","article-title":"The homograph attack","volume":"45","author":"Alex Gontmakher","year":"2002","unstructured":"Evgeniy Gabrilovich and Alex Gontmakher. 2002. The homograph attack. Communucations of the ACM 45, 2 (Feb. 2002), 128. https:\/\/doi.org\/10.1145\/ 503124.503156","journal-title":"Communucations of the ACM"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068842"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"e_1_3_2_2_44_1","unstructured":"Holgers Tobias and Watson David E. and Gribble Steven D. 2006. Cutting through the confusion: a measurement study of homograph attacks. In Proceed- ings of the 2006 USENIX Annual Technical Conference. 1. http:\/\/dl.acm.org\/ citation.cfm?id=1267359.1267383"},{"key":"e_1_3_2_2_45_1","unstructured":"INFOSEC CONSORTIUM. 2013. Inside Report -- APT Attacks on Indian Cy- ber Space. http:\/\/ver007.com\/tools\/APTnotes\/2013\/Inside_Report_by_ Infosec_Consortium.pdf. (August 2013)."},{"key":"e_1_3_2_2_46_1","first-page":"1","article-title":"The human factor in phishing","volume":"7","author":"Jakobsson Markus","year":"2007","unstructured":"Jakobsson, Markus. 2007. The human factor in phishing. Privacy & Security of Consumer Information 7, 1 (2007), 1--19.","journal-title":"Privacy & Security of Consumer Information"},{"key":"e_1_3_2_2_47_1","volume-title":"Financial Cryptography and Data Security","author":"Jakobsson Markus","unstructured":"Jakobsson, Markus and Tsow, Alex and Shah, Ankur and Blevis, Eli and Lim, Youn- Kyung. 2007. What instills trust? a qualitative study of phishing. In Financial Cryptography and Data Security. Springer, 356--361."},{"key":"e_1_3_2_2_48_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Chris Kanich","year":"2014","unstructured":"Janos Szurdi and Balazs Kocso and Gabor Cseh and Jonathan Spring and Mark Felegyhazi and Chris Kanich. 2014. The Long \"Taile\" of Typosquatting Domain Names. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX As- sociation, San Diego, CA, 191--206. https:\/\/www.usenix.org\/conference\/ usenixsecurity14\/technical-sessions\/presentation\/szurdi"},{"key":"e_1_3_2_2_49_1","volume-title":"Asruex: Malware Infecting through Shortcut Files","year":"2016","unstructured":"JPCERT\/CC. 2016. Asruex: Malware Infecting through Shortcut Files. http:\/\/blog.jpcert.or.jp\/2016\/06\/ asruex-malware-infecting-through-shortcut-files.html. (June 2016)."},{"key":"e_1_3_2_2_50_1","volume-title":"A TALE OF CLOAK AND THREE DAGGERS. https:\/\/kasperskycontenthub.com\/wp-content\/uploads\/sites\/ 43\/vlpdfs\/icefog.pdf. (September","author":"Kaspersky APT","year":"2013","unstructured":"Kaspersky. 2013. THE \"ICEFOG\" APT: A TALE OF CLOAK AND THREE DAGGERS. https:\/\/kasperskycontenthub.com\/wp-content\/uploads\/sites\/ 43\/vlpdfs\/icefog.pdf. (September 2013)."},{"key":"e_1_3_2_2_51_1","volume-title":"CARBANAK APT THE GREAT BANK ROBBERY. https:\/\/ securelist.com\/files\/2015\/02\/Carbanak_APT_eng.pdf. (February","author":"Kaspersky","year":"2015","unstructured":"Kaspersky. 2015. CARBANAK APT THE GREAT BANK ROBBERY. https:\/\/ securelist.com\/files\/2015\/02\/Carbanak_APT_eng.pdf. (February 2015)."},{"key":"e_1_3_2_2_52_1","volume-title":"DARKHOTEL INDICATORS OF COMPROMISE. https:\/\/ securelist.com\/files\/2014\/11\/darkhotelappendixindicators_kl.pdf. (November","author":"Kaspersky Lab","year":"2014","unstructured":"Kaspersky Lab. 2014. DARKHOTEL INDICATORS OF COMPROMISE. https:\/\/ securelist.com\/files\/2014\/11\/darkhotelappendixindicators_kl.pdf. (November 2014)."},{"key":"e_1_3_2_2_53_1","volume-title":"The Epic Turla Operation: Solving some of the mysteries of Snake\/Uroboros. https:\/\/cdn.securelist.com\/files\/2014\/08\/KL_ Epic_Turla_Technical_Appendix_20140806.pdf . (August","author":"Kaspersky Lab","year":"2014","unstructured":"Kaspersky Lab. 2014. The Epic Turla Operation: Solving some of the mysteries of Snake\/Uroboros. https:\/\/cdn.securelist.com\/files\/2014\/08\/KL_ Epic_Turla_Technical_Appendix_20140806.pdf . (August 2014)."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.16"},{"key":"e_1_3_2_2_55_1","first-page":"1","article-title":"On the Spam Campaign Trail","volume":"8","author":"Kreibich Christian","year":"2008","unstructured":"Kreibich, Christian and Kanich, Chris and Levchenko, Kirill and Enright, Brandon and Voelker, Geoffrey M and Paxson, Vern and Savage, Stefan. 2008. On the Spam Campaign Trail. LEET 8, 2008 (2008), 1--9.","journal-title":"LEET"},{"key":"e_1_3_2_2_56_1","unstructured":"Let's Encrypt. 2017. Let's Encrypt -- Free SSL\/TLS Certificates. https: \/\/letsencrypt.org. (2017)."},{"key":"e_1_3_2_2_57_1","unstructured":"Lever Chaz and Walls Robert and Nadji Yacin and Dagon David and McDaniel Patrick and Antonakakis Manos. 2016. Domain-Z: 28 Registrations Later. (2016)."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978387"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"e_1_3_2_2_60_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Marczak William R","year":"2014","unstructured":"Marczak, William R and Scott-Railton, John and Marquis-Boire, Morgan and Paxson, Vern. 2014. When governments hack opponents: A look at actors and technology. In 23rd USENIX Security Symposium (USENIX Security 14). 511--525."},{"key":"e_1_3_2_2_61_1","volume-title":"Microsoft Security Intelligence Report","author":"Microsoft","year":"2015","unstructured":"Microsoft. 2015. Microsoft Security Intelligence Report Volume 19 | January through June, 2015. http:\/\/download.microsoft.com\/download\/ 4\/4\/C\/44CDEF0E-7924-4787-A56A-16261691ACE3\/Microsoft_Security_ Intelligence_Report_Volume_19_English.pdf. (June 2015)."},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23163"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC0882"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC0883"},{"key":"e_1_3_2_2_65_1","volume-title":"Domain names - concepts and facilities. RFC 1034 (INTERNET STANDARD). (Nov","author":"Mockapetris","year":"1987","unstructured":"P.V. Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034 (INTERNET STANDARD). (Nov. 1987). http:\/\/www.ietf.org\/rfc\/rfc1034. txt Updated by RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181, 2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592, 5936."},{"key":"e_1_3_2_2_66_1","volume-title":"Domain names - implementation and specification. RFC 1035 (INTERNET STANDARD). (Nov","author":"Mockapetris","year":"1987","unstructured":"P.V. Mockapetris. 1987. Domain names - implementation and specification. RFC 1035 (INTERNET STANDARD). (Nov. 1987). http:\/\/www.ietf.org\/rfc\/ rfc1035.txt"},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_15"},{"key":"e_1_3_2_2_68_1","volume-title":"Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen.","author":"Nick Nikiforakis","year":"2013","unstructured":"Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2013. Bitsquatting: Exploiting bit-flips for fun, or profit?. In WWW'13. 989--998."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13257-0_17"},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488474"},{"key":"e_1_3_2_2_71_1","volume-title":"ScanBox framework -- who's affected, and who's using it? http:\/\/pwc.blogs.com\/cyber_security_updates\/2014\/10\/ scanbox-framework-whos-affected-and-whos-using-it-1.html.(Octo- ber","year":"2014","unstructured":"pwc. 2014. ScanBox framework -- who's affected, and who's using it? http:\/\/pwc.blogs.com\/cyber_security_updates\/2014\/10\/ scanbox-framework-whos-affected-and-whos-using-it-1.html.(Octo- ber 2014)."},{"key":"e_1_3_2_2_72_1","unstructured":"pwc. 2015. Attacks against Israeli & Palestinian interests. http:\/\/pwc.blogs.com\/cyber_security_updates\/2015\/04\/ attacks-against-israeli-palestinian-interests.html. (April 2015)."},{"key":"e_1_3_2_2_73_1","unstructured":"pwc. 2015. Cyber Threat Operations Sofacy II-- Same Sofacy Different Day. http:\/\/pwc.blogs.com\/files\/cto-tib-20150420-01a.pdf. (April 2015)."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"e_1_3_2_2_75_1","volume-title":"APT28 targets Financial Markets ROOT9B RELEASES ZERO DAY HASHES. https:\/\/www.root9b.com\/sites\/default\/files\/whitepapers\/ R9b_FSOFACY_0.pdf. (May","year":"2015","unstructured":"root9B. 2015. APT28 targets Financial Markets ROOT9B RELEASES ZERO DAY HASHES. https:\/\/www.root9b.com\/sites\/default\/files\/whitepapers\/ R9b_FSOFACY_0.pdf. (May 2015)."},{"key":"e_1_3_2_2_76_1","unstructured":"Ryan Kelly. 2016. PyEnchant a spellchecking library for Python. http: \/\/pythonhosted.org\/pyenchant\/. (2016)."},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958207"},{"key":"e_1_3_2_2_78_1","volume-title":"Secrets of the Comfoo Masters. https:\/\/www.secureworks. com\/research\/secrets-of-the-comfoo-masters. (July","author":"SecureWorks","year":"2013","unstructured":"SecureWorks. 2013. Secrets of the Comfoo Masters. https:\/\/www.secureworks. com\/research\/secrets-of-the-comfoo-masters. (July 2013)."},{"key":"e_1_3_2_2_79_1","volume-title":"Beautiful data: the stories behind elegant data solutions. \" O'Reilly Media","author":"Segaran Toby","unstructured":"Segaran, Toby and Hammerbacher, Jeff. 2009. Beautiful data: the stories behind elegant data solutions. \" O'Reilly Media, Inc.\"."},{"key":"e_1_3_2_2_80_1","volume-title":"Proceedings of the Workshop on the Economics of Information Security (WEIS).","author":"Snyder Peter","year":"2015","unstructured":"Snyder, Peter and Kanich, Chris. 2015. No please, after you: Detecting fraud in affiliate marketing networks. In Proceedings of the Workshop on the Economics of Information Security (WEIS)."},{"key":"e_1_3_2_2_81_1","unstructured":"SOWPODS. 2016. SOWPODS Scrabble Word List. https:\/\/www.wordgamedictionary.com\/sowpods\/. (2016)."},{"key":"e_1_3_2_2_82_1","volume-title":"Comment Crew: Indicators of Compromise. https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_ response\/whitepapers\/comment_crew_indicators_of_compromise.pdf. (February","author":"Symantec","year":"2013","unstructured":"Symantec. 2013. Comment Crew: Indicators of Compromise. https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_ response\/whitepapers\/comment_crew_indicators_of_compromise.pdf. (February 2013)."},{"key":"e_1_3_2_2_83_1","unstructured":"Symantec. 2013. Hidden Lynx -- Professional Hackers for Hire. http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_ response\/whitepapers\/hidden_lynx.pdf. (September 2013)."},{"key":"e_1_3_2_2_84_1","volume-title":"A Closer Look at MiniDuke. https:\/\/www.symantec.com\/ connect\/blogs\/indian-organizations-targeted-suckfly-attacks. (May","author":"Symantec","year":"2016","unstructured":"Symantec. 2016. A Closer Look at MiniDuke. https:\/\/www.symantec.com\/ connect\/blogs\/indian-organizations-targeted-suckfly-attacks. (May 2016)."},{"key":"e_1_3_2_2_85_1","volume-title":"http:\/\/la.trendmicro.com\/media\/misc\/lurid-downloader-enfal-report-en.pdf. (September","author":"TrendMicro DOWNLOADER","year":"2011","unstructured":"TrendMicro. 2011. THE \"LURID\" DOWNLOADER. http:\/\/la.trendmicro.com\/media\/misc\/lurid-downloader-enfal-report-en.pdf. (September 2011)."},{"key":"e_1_3_2_2_86_1","unstructured":"TrendMicro. 2014. 2Q Report on Targeted Attack Campaigns. http:\/\/la. trendmicro.com\/media\/misc\/lurid-downloader-enfal-report-en.pdf. (January 2014)."},{"key":"e_1_3_2_2_87_1","unstructured":"TrendMicro. 2016. Looking Into a Cyber-Attack Facilitator in the Netherlands. http:\/\/documents.trendmicro.com\/assets\/appendix_ looking-into-a-cyber-attack-facilitator-in-the-netherlands.pdf. (April 2016)."},{"key":"e_1_3_2_2_88_1","unstructured":"TrendMicro. 2016. Securing Your Journey to the Cloud. http:\/\/www.trendmicro.com\/. (2016)."},{"key":"e_1_3_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23053"},{"key":"e_1_3_2_2_90_1","first-page":"31","article-title":"Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting","volume":"6","author":"Wang Yi-Min","year":"2006","unstructured":"Wang, Yi-Min and Beck, Doug and Wang, Jeffrey and Verbowski, Chad and Daniels, Brad. 2006. Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting. SRUTI 6 (2006), 31--36.","journal-title":"SRUTI"},{"key":"e_1_3_2_2_91_1","volume-title":"Proceedings of FIRST Conference on Computer Security Incident. Hand ling","author":"Weimer","year":"2005","unstructured":"F. Weimer. 2005. Passive DNS Replication. In Proceedings of FIRST Conference on Computer Security Incident. Hand ling, Singapore."},{"key":"e_1_3_2_2_92_1","volume-title":"DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic. In Dependable Systems and Networks (DSN), 2014 44th Annual IEEE\/IFIP International Conference on. 598--609","author":"Lee","year":"2014","unstructured":"Y. Chen and M. Antonakakis and R. Perdisci and Y. Nadji and D. Dagon and W. Lee. 2014. DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic. In Dependable Systems and Networks (DSN), 2014 44th Annual IEEE\/IFIP International Conference on. 598--609. https:\/\/doi.org\/10. 1109\/DSN.2014.61"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134002","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134002","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134002","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134002"}},"subtitle":["A Longitudinal Study of Combosquatting Abuse"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":92,"alternative-id":["10.1145\/3133956.3134002","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134002","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}