{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T04:04:49Z","timestamp":1779163489057,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T00:00:00Z","timestamp":1527552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ICANN"},{"name":"French Ministry of Research project PERSYVAL-Lab","award":["ANR-11-LABX-0025-01"],"award-info":[{"award-number":["ANR-11-LABX-0025-01"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,29]]},"DOI":"10.1145\/3196494.3196548","type":"proceedings-article","created":{"date-parts":[[2018,5,31]],"date-time":"2018-05-31T13:18:28Z","timestamp":1527772708000},"page":"609-623","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":36,"title":["Cybercrime After the Sunrise"],"prefix":"10.1145","author":[{"given":"Maciej","family":"Korczynski","sequence":"first","affiliation":[{"name":"Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG, F-38000 Grenoble, France"}]},{"given":"Maarten","family":"Wullink","sequence":"additional","affiliation":[{"name":"SIDN Labs, Arnhem, Netherlands"}]},{"given":"Samaneh","family":"Tajalizadehkhoob","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"given":"Giovane C. M.","family":"Moura","sequence":"additional","affiliation":[{"name":"SIDN Labs, Arnhem, Netherlands"}]},{"given":"Arman","family":"Noroozian","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"given":"Drew","family":"Bagley","sequence":"additional","affiliation":[{"name":"Secure Domain Foundation \/ CrowdStrike, Sunnyvale, CA, USA"}]},{"given":"Cristian","family":"Hesselman","sequence":"additional","affiliation":[{"name":"SIDN Labs, Arnhem, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"G. Aaron and R. Rasmussen. 2016. Global Phishing Survey: Trends and Domain Name Use in 2016. http:\/\/docs.apwg.org\/reports\/APWG_Global_Phishing_ Report_2015--2016.pdf. (2016).  G. Aaron and R. Rasmussen. 2016. Global Phishing Survey: Trends and Domain Name Use in 2016. http:\/\/docs.apwg.org\/reports\/APWG_Global_Phishing_ Report_2015--2016.pdf. (2016)."},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. of NDSS.","author":"Agten P.","unstructured":"P. Agten , W. Joosen , F. Piessens , and N. Nikiforakis . 2015. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse . In Proc. of NDSS. P. Agten, W. Joosen, F. Piessens, and N. Nikiforakis. 2015. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse. In Proc. of NDSS."},{"key":"e_1_3_2_1_3_1","volume-title":"APWG: Cross-industry Global Group Supporting Tackling the Phishing Menace","author":"APWG.","year":"2017","unstructured":"APWG. 2017 . APWG: Cross-industry Global Group Supporting Tackling the Phishing Menace . http:\/\/antiphishing.org. (2017). APWG. 2017. APWG: Cross-industry Global Group Supporting Tackling the Phishing Menace. http:\/\/antiphishing.org. (2017)."},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. of NDSS'11","author":"Bilge L.","unstructured":"L. Bilge , E. Kirda , C. Kruegel , and M. Balduzzi . 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis .. In Proc. of NDSS'11 . L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi. 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.. In Proc. of NDSS'11."},{"key":"e_1_3_2_1_5_1","unstructured":"D. Chiba T. Yagi M. Akiyama T. Shibahara T. Mori and S. Goto. 2017. DomainProfiler: toward accurate and early discovery of domain names abused in future. International Journal of Information Security (2017) 1--20.  D. Chiba T. Yagi M. Akiyama T. Shibahara T. Mori and S. Goto. 2017. DomainProfiler: toward accurate and early discovery of domain names abused in future. International Journal of Information Security (2017) 1--20."},{"key":"e_1_3_2_1_6_1","unstructured":"CleanMX. 2017. Spam-Filter Anti-Spam Virenschutz. http:\/\/clean-mx.de. (2017).  CleanMX. 2017. Spam-Filter Anti-Spam Virenschutz. http:\/\/clean-mx.de. (2017)."},{"key":"e_1_3_2_1_7_1","unstructured":"Consumer Trust Competition and Consumer Choice (CCT). 2017. New Sections. Technical Report. https:\/\/www.icann.org\/en\/system\/files\/files\/ cct-rt-draft-recs-new-sections-27nov17-en.pdf  Consumer Trust Competition and Consumer Choice (CCT). 2017. New Sections. Technical Report. https:\/\/www.icann.org\/en\/system\/files\/files\/ cct-rt-draft-recs-new-sections-27nov17-en.pdf"},{"key":"e_1_3_2_1_8_1","volume-title":"Proc. of NDSS.","author":"Dagon D.","unstructured":"D. Dagon , N Provos , C. P. Lee , and W. Lee . 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority . In Proc. of NDSS. D. Dagon, N Provos, C. P. Lee, and W. Lee. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In Proc. of NDSS."},{"key":"e_1_3_2_1_9_1","unstructured":"The Secure Domain Foundation. 2017. https:\/\/securedomain.org\/. (2017).  The Secure Domain Foundation. 2017. https:\/\/securedomain.org\/. (2017)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815696"},{"key":"e_1_3_2_1_11_1","unstructured":"S. Hansmann. 2017. ICANN: Notice of Termination of Accreditation Agreement. https:\/\/www.icann.org\/uploads\/compliance_notice\/attachment\/895\/ serad-to-hansmann-4jan17.pdf. (2017).  S. Hansmann. 2017. ICANN: Notice of Termination of Accreditation Agreement. https:\/\/www.icann.org\/uploads\/compliance_notice\/attachment\/895\/ serad-to-hansmann-4jan17.pdf. (2017)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068842"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_3_2_1_14_1","volume-title":"IANA: Registrar IDs. https:\/\/www.iana.org\/assignments\/ registrar-ids\/registrar-ids.xhtml.","author":"IANA.","year":"2017","unstructured":"IANA. 2017 . IANA: Registrar IDs. https:\/\/www.iana.org\/assignments\/ registrar-ids\/registrar-ids.xhtml. (2017). IANA. 2017. IANA: Registrar IDs. https:\/\/www.iana.org\/assignments\/ registrar-ids\/registrar-ids.xhtml. (2017)."},{"key":"e_1_3_2_1_15_1","volume-title":"New gTLD Program Explanatory Memorandum: Mitigating Malicious Conduct. https:\/\/archive.icann.org\/en\/topics\/new-gtlds\/ mitigating-malicious-conduct-04oct09-en.pdf. (October","author":"NN.","year":"2009","unstructured":"ICA NN. 2009. New gTLD Program Explanatory Memorandum: Mitigating Malicious Conduct. https:\/\/archive.icann.org\/en\/topics\/new-gtlds\/ mitigating-malicious-conduct-04oct09-en.pdf. (October 2009 ). ICANN. 2009. New gTLD Program Explanatory Memorandum: Mitigating Malicious Conduct. https:\/\/archive.icann.org\/en\/topics\/new-gtlds\/ mitigating-malicious-conduct-04oct09-en.pdf. (October 2009)."},{"key":"e_1_3_2_1_16_1","unstructured":"ICANN. 2013. Registrar Accreditation Agreement. (2013). https:\/\/www.icann. org\/resources\/pages\/approved-with-specs-2013-09--17-en#whois-accuracy  ICANN. 2013. Registrar Accreditation Agreement. (2013). https:\/\/www.icann. org\/resources\/pages\/approved-with-specs-2013-09--17-en#whois-accuracy"},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/icannwiki.org\/.madrid. (March","author":"NN.","year":"2015","unstructured":"ICA NN. 2015. .madrid. https:\/\/icannwiki.org\/.madrid. (March 2015 ). ICANN. 2015. .madrid. https:\/\/icannwiki.org\/.madrid. (March 2015)."},{"key":"e_1_3_2_1_18_1","unstructured":"ICANN. 2016. New gTLD Program Safeguards Against DNS Abuse. https:\/\/newgtlds.icann.org\/en\/reviews\/dns-abuse\/ safeguards-against-dns-abuse-18jul16-en.pdf. (2016).  ICANN. 2016. New gTLD Program Safeguards Against DNS Abuse. https:\/\/newgtlds.icann.org\/en\/reviews\/dns-abuse\/ safeguards-against-dns-abuse-18jul16-en.pdf. (2016)."},{"key":"e_1_3_2_1_19_1","unstructured":"ICANN. 2017. ICANN: .zuerich TLD. https:\/\/icannwiki.org\/.zuerich. (2017).  ICANN. 2017. ICANN: .zuerich TLD. https:\/\/icannwiki.org\/.zuerich. (2017)."},{"key":"e_1_3_2_1_20_1","unstructured":"ICANN. 2017. Internet Corporation for Assigned Names and Numbers (ICANN). https:\/\/www.icann.org. (2017).  ICANN. 2017. Internet Corporation for Assigned Names and Numbers (ICANN). https:\/\/www.icann.org. (2017)."},{"key":"e_1_3_2_1_21_1","unstructured":"ICANN. 2017. Monthly Registry Reports. https:\/\/www.icann.org\/resources\/ pages\/registry-reports. (2017).  ICANN. 2017. Monthly Registry Reports. https:\/\/www.icann.org\/resources\/ pages\/registry-reports. (2017)."},{"key":"e_1_3_2_1_22_1","unstructured":"ICANN. 2017. New gTLD Program. icannwiki.com\/New_gTLD_Program. (2017).  ICANN. 2017. New gTLD Program. icannwiki.com\/New_gTLD_Program. (2017)."},{"key":"e_1_3_2_1_23_1","volume-title":"TLD Startup Information. https:\/\/newgtlds.icann.org\/en\/ program-status\/sunrise-claims-periods. (Retrieved on","author":"NN.","year":"2017","unstructured":"ICA NN. 2017. TLD Startup Information. https:\/\/newgtlds.icann.org\/en\/ program-status\/sunrise-claims-periods. (Retrieved on February 2017 ). ICANN. 2017. TLD Startup Information. https:\/\/newgtlds.icann.org\/en\/ program-status\/sunrise-claims-periods. (Retrieved on February 2017)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897877"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987477"},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. of IEEE Euro SP.","author":"Korczy'ski M.","year":"2017","unstructured":"M. Korczy'ski , S. Tajalizadehkhoob , A. Noroozian , M. Wullink , C. Hesselman , and M. van Eeten . 2017 . Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs . In Proc. of IEEE Euro SP. M. Korczy'ski, S. Tajalizadehkhoob, A. Noroozian, M. Wullink, C. Hesselman, and M. van Eeten. 2017. Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs. In Proc. of IEEE Euro SP."},{"key":"e_1_3_2_1_27_1","unstructured":"M. Korczy'ski M. Wullink S. Tajalizadehkhoob G. C. M. Moura and C. Hesselman. 2017. Statistical Analysis of DNS Abuse in gTLDs Final Report. Technical Report. https:\/\/www.icann.org\/en\/system\/files\/files\/sadag-final-09aug17-en.pdf  M. Korczy'ski M. Wullink S. Tajalizadehkhoob G. C. M. Moura and C. Hesselman. 2017. Statistical Analysis of DNS Abuse in gTLDs Final Report. Technical Report. https:\/\/www.icann.org\/en\/system\/files\/files\/sadag-final-09aug17-en.pdf"},{"key":"e_1_3_2_1_28_1","unstructured":"National Physical Laboratory. 2013. A Study of Whois Privacy and Proxy Service Abuse. gnso.icann.org\/en\/issues\/whois\/pp-abuse-study-20sep13-en.pdf. (2013).  National Physical Laboratory. 2013. A Study of Whois Privacy and Proxy Service Abuse. gnso.icann.org\/en\/issues\/whois\/pp-abuse-study-20sep13-en.pdf. (2013)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987463"},{"key":"e_1_3_2_1_30_1","volume-title":"Proc. of the IEEE S&P. IEEE, 691--706","author":"Lever C.","unstructured":"C. Lever , R. Walls , Y. Nadji , D. Dagon , P. McDaniel , and M. Antonakakis . 2016. Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains . In Proc. of the IEEE S&P. IEEE, 691--706 . C. Lever, R. Walls, Y. Nadji, D. Dagon, P. McDaniel, and M. Antonakakis. 2016. Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains. In Proc. of the IEEE S&P. IEEE, 691--706."},{"key":"e_1_3_2_1_31_1","unstructured":"H. Liu K. Levchenko M. Felegyhazi C. Kreibich G. Maier G. Voelker and S. Savage. 2011. On the Effects of Registrar-level Intervention. USENIX LEET (2011).   H. Liu K. Levchenko M. Felegyhazi C. Kreibich G. Maier G. Voelker and S. Savage. 2011. On the Effects of Registrar-level Intervention. USENIX LEET (2011)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815693"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"P.V. Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034. (1987).   P.V. Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034. (1987).","DOI":"10.17487\/rfc1034"},{"key":"e_1_3_2_1_34_1","volume-title":"WEIS","author":"Noroozian A.","year":"2017","unstructured":"A. Noroozian , M. Ciere , M. Korczy'ski , S. Tajalizadehkhoob , and M. Eeten . 2017. Inferring the Security Performance of Providers from Noisy and Heterogenous Abuse Datasets . In WEIS 2017 . A. Noroozian, M. Ciere, M. Korczy'ski, S. Tajalizadehkhoob, and M. Eeten. 2017. Inferring the Security Performance of Providers from Noisy and Heterogenous Abuse Datasets. In WEIS 2017."},{"key":"e_1_3_2_1_35_1","unstructured":"A. Noroozian M. Korczy'ski S. Tajalizadehkhoob and M. van Eeten. 2015. Developing Security Reputation Metrics for Hosting Providers. In USENIX CSET.   A. Noroozian M. Korczy'ski S. Tajalizadehkhoob and M. van Eeten. 2015. Developing Security Reputation Metrics for Hosting Providers. In USENIX CSET."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"J. Postel and J.K. Reynolds. 1984. Domain requirements. RFC 920. RFC Editor.   J. Postel and J.K. Reynolds. 1984. Domain requirements. RFC 920. RFC Editor.","DOI":"10.17487\/rfc0920"},{"key":"e_1_3_2_1_37_1","unstructured":"SBW. 2017. StopBadware: DSP. www.stopbadware.org\/data-sharing. (2017).  SBW. 2017. StopBadware: DSP. www.stopbadware.org\/data-sharing. (2017)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_1"},{"key":"e_1_3_2_1_39_1","volume-title":"Proc. USENIX Security.","author":"Soska K.","unstructured":"K. Soska and N. Christin . 2014. Automatically detecting vulnerable websites before they turn malicious . In Proc. USENIX Security. K. Soska and N. Christin. 2014. Automatically detecting vulnerable websites before they turn malicious. In Proc. USENIX Security."},{"key":"e_1_3_2_1_40_1","unstructured":"Spamhaus. 2017. The Domain Block List. https:\/\/www.spamhaus.org\/dbl. (2017).  Spamhaus. 2017. The Domain Block List. https:\/\/www.spamhaus.org\/dbl. (2017)."},{"key":"e_1_3_2_1_41_1","unstructured":"Spamhaus. 2017. The Spamhaus Project. www.spamhaus.org. (2017).  Spamhaus. 2017. The Spamhaus Project. www.spamhaus.org. (2017)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.29"},{"key":"e_1_3_2_1_43_1","unstructured":"StopBadware. 2017. StopBadware: A Nonprofit Anti-malware Organization. https:\/\/www.stopbadware.org. (2017).  StopBadware. 2017. StopBadware: A Nonprofit Anti-malware Organization. https:\/\/www.stopbadware.org. (2017)."},{"key":"e_1_3_2_1_44_1","unstructured":"SURBL. 2017. SURBL - URI reputation data. http:\/\/www.surbl.org. (2017).  SURBL. 2017. SURBL - URI reputation data. http:\/\/www.surbl.org. (2017)."},{"key":"e_1_3_2_1_45_1","unstructured":"SURBL. 2017. SURBL Lists. http:\/\/www.surbl.org\/lists. (2017).  SURBL. 2017. SURBL Lists. http:\/\/www.surbl.org\/lists. (2017)."},{"key":"e_1_3_2_1_46_1","volume-title":"Proc. of USENIX Security.","author":"Szurdi J.","unstructured":"J. Szurdi , B. Kocso , G. Cseh , J. Spring , M. Felegyhazi , and C. Kanich . 2014. The Long\" Taile\" of Typosquatting Domain Names .. In Proc. of USENIX Security. J. Szurdi, B. Kocso, G. Cseh, J. Spring, M. Felegyhazi, and C. Kanich. 2014. The Long\" Taile\" of Typosquatting Domain Names.. In Proc. of USENIX Security."},{"key":"e_1_3_2_1_47_1","volume-title":"Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse","author":"Tajalizadehkhoob S.","year":"2018","unstructured":"S. Tajalizadehkhoob , R. B\u00f6hme , C. Ga\u00f1\u00e1n , M. Korczy'ski , and M. van Eeten . 2018. Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse . IEEE TOIT ( 2018 ). https:\/\/arxiv.org\/abs\/1702.01624 S. Tajalizadehkhoob, R. B\u00f6hme, C. Ga\u00f1\u00e1n, M. Korczy'ski, and M. van Eeten. 2018. Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse. IEEE TOIT (2018). https:\/\/arxiv.org\/abs\/1702.01624"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133971"},{"key":"e_1_3_2_1_49_1","unstructured":"Domain Tools. 2017. DomainTools: Domain Whois Lookup Whois API &DNS Data Research. http:\/\/www.domaintools.com. (2017).  Domain Tools. 2017. DomainTools: Domain Whois Lookup Whois API &DNS Data Research. http:\/\/www.domaintools.com. (2017)."},{"key":"e_1_3_2_1_50_1","volume-title":"Proc. of NDSS.","author":"Vissers T.","unstructured":"T. Vissers , W. Joosen , and N. Nikiforakis . 2015. Parking Sensors: Analyzing and Detecting Parked Domains .. In Proc. of NDSS. T. Vissers, W. Joosen, and N. Nikiforakis. 2015. Parking Sensors: Analyzing and Detecting Parked Domains.. In Proc. of NDSS."},{"key":"e_1_3_2_1_51_1","volume-title":"Proc. of the RAID. Springer, 472--493","author":"Vissers T.","unstructured":"T. Vissers , J. Spooren , P. Agten , D. Jumpertz , P. Janssen , M. Van Wesemael , F. Piessens , W. Joosen , and L. Desmet . 2017. Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD . In Proc. of the RAID. Springer, 472--493 . T. Vissers, J. Spooren, P. Agten, D. Jumpertz, P. Janssen, M. Van Wesemael, F. Piessens, W. Joosen, and L. Desmet. 2017. Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD. In Proc. of the RAID. Springer, 472--493."},{"key":"e_1_3_2_1_52_1","unstructured":"WhoisXML. 2017. Whois XML API. https:\/\/www.whoisxmlapi.com\/. (2017).  WhoisXML. 2017. Whois XML API. https:\/\/www.whoisxmlapi.com\/. (2017)."}],"event":{"name":"ASIA CCS '18: ACM Asia Conference on Computer and Communications Security","location":"Incheon Republic of Korea","acronym":"ASIA CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196548","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196494.3196548","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:39Z","timestamp":1750208919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196548"}},"subtitle":["A Statistical Analysis of DNS Abuse in New gTLDs"],"short-title":[],"issued":{"date-parts":[[2018,5,29]]},"references-count":52,"alternative-id":["10.1145\/3196494.3196548","10.1145\/3196494"],"URL":"https:\/\/doi.org\/10.1145\/3196494.3196548","relation":{},"subject":[],"published":{"date-parts":[[2018,5,29]]},"assertion":[{"value":"2018-05-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}