{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T09:37:48Z","timestamp":1774517868429,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":88,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545958","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"446-459","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Content-Agnostic Detection of Phishing Domains using Certificate Transparency and Passive DNS"],"prefix":"10.1145","author":[{"given":"Mashael","family":"AlSabah","sequence":"first","affiliation":[{"name":"Qatar Computing Research Institute, Qatar"}]},{"given":"Mohamed","family":"Nabeel","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Qatar"}]},{"given":"Yazan","family":"Boshmaf","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Qatar"}]},{"given":"Euijin","family":"Choo","sequence":"additional","affiliation":[{"name":"University of Alberta, Canada"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2019. Anti-Phishing Working Group. https:\/\/apwg.org.  2019. Anti-Phishing Working Group. https:\/\/apwg.org."},{"key":"e_1_3_2_1_2_1","volume-title":"CDN Planet CDN List. https:\/\/www.cdnplanet.com\/cdns\/. [Online","year":"2021","unstructured":"2019. CDN Planet CDN List. https:\/\/www.cdnplanet.com\/cdns\/. [Online ; accessed 24-05- 2021 ]. 2019. CDN Planet CDN List. https:\/\/www.cdnplanet.com\/cdns\/. [Online; accessed 24-05-2021]."},{"key":"e_1_3_2_1_3_1","volume-title":"https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed","author":"Transparency Certificate","year":"2022","unstructured":"2019. Certificate Transparency . https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed April 2022 . 2019. Certificate Transparency. https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed April 2022."},{"key":"e_1_3_2_1_4_1","unstructured":"2019. Chrome and Firefox Changes Spark the End of EV Certificates. https:\/\/www.bleepingcomputer.com\/news\/software\/chrome-and-firefox-changes-spark-the-end-of-ev-certificates\/.  2019. Chrome and Firefox Changes Spark the End of EV Certificates. https:\/\/www.bleepingcomputer.com\/news\/software\/chrome-and-firefox-changes-spark-the-end-of-ev-certificates\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2019. Comodo Free SSL Certificate. https:\/\/www.comodo.com\/e-commerce\/ssl-certificates\/free-ssl-certificate.php.  2019. Comodo Free SSL Certificate. https:\/\/www.comodo.com\/e-commerce\/ssl-certificates\/free-ssl-certificate.php."},{"key":"e_1_3_2_1_6_1","unstructured":"2019. Getting Started. https:\/\/letsencrypt.org\/getting-started\/.  2019. Getting Started. https:\/\/letsencrypt.org\/getting-started\/."},{"key":"e_1_3_2_1_7_1","volume-title":"Public Suffix List. https:\/\/publicsuffix.org\/. [Online","year":"2021","unstructured":"2019. Public Suffix List. https:\/\/publicsuffix.org\/. [Online ; accessed 24-05- 2021 ]. 2019. Public Suffix List. https:\/\/publicsuffix.org\/. [Online; accessed 24-05-2021]."},{"key":"e_1_3_2_1_8_1","volume-title":"Phish Report","year":"2019","unstructured":"2019. Wombat Security The State of the Phish Report 2019 . https:\/\/www.wombatsecurity.com\/state-of-the-phish\/. Accessed April 2022. 2019. Wombat Security The State of the Phish Report 2019. https:\/\/www.wombatsecurity.com\/state-of-the-phish\/. Accessed April 2022."},{"key":"e_1_3_2_1_9_1","volume-title":"WPO Foundation CDN List. https:\/\/github.com\/WPO-Foundation\/webpagetest\/blob\/master\/agent\/wpthook\/cdn.h. [Online","year":"2021","unstructured":"2019. WPO Foundation CDN List. https:\/\/github.com\/WPO-Foundation\/webpagetest\/blob\/master\/agent\/wpthook\/cdn.h. [Online ; accessed 24-05- 2021 ]. 2019. WPO Foundation CDN List. https:\/\/github.com\/WPO-Foundation\/webpagetest\/blob\/master\/agent\/wpthook\/cdn.h. [Online; accessed 24-05-2021]."},{"key":"e_1_3_2_1_10_1","unstructured":"[\n  10\n  ]  2021. https:\/\/gdpr.eu.  [10] 2021. https:\/\/gdpr.eu."},{"key":"e_1_3_2_1_11_1","unstructured":"2021. CIRCL Passive DNS. https:\/\/www.circl.lu.  2021. CIRCL Passive DNS. https:\/\/www.circl.lu."},{"key":"e_1_3_2_1_12_1","volume-title":"COMODO SSL Analyzer. https:\/\/sslanalyzer.comodoca.com. Accessed","year":"2022","unstructured":"2021. COMODO SSL Analyzer. https:\/\/sslanalyzer.comodoca.com. Accessed April 2022 . 2021. COMODO SSL Analyzer. https:\/\/sslanalyzer.comodoca.com. Accessed April 2022."},{"key":"e_1_3_2_1_13_1","volume-title":"crt.sh Certificate Search. https:\/\/crt.sh. Accessed","year":"2022","unstructured":"2021. crt.sh Certificate Search. https:\/\/crt.sh. Accessed April 2022 . 2021. crt.sh Certificate Search. https:\/\/crt.sh. Accessed April 2022."},{"key":"e_1_3_2_1_14_1","volume-title":"CT Enforcement in Google Chrome. https:\/\/tinyurl.com\/y2nyyjtm. Accessed","year":"2021","unstructured":"2021. CT Enforcement in Google Chrome. https:\/\/tinyurl.com\/y2nyyjtm. Accessed February 2021 . 2021. CT Enforcement in Google Chrome. https:\/\/tinyurl.com\/y2nyyjtm. Accessed February 2021."},{"key":"e_1_3_2_1_15_1","unstructured":"2021. Phishing catcher. https:\/\/github.com\/x0rz\/phishing_catcher.  2021. Phishing catcher. https:\/\/github.com\/x0rz\/phishing_catcher."},{"key":"e_1_3_2_1_16_1","volume-title":"Out of the Net, into the Tank. https:\/\/www.phishtank.com. Accessed","year":"2022","unstructured":"2021. Phishtank. Out of the Net, into the Tank. https:\/\/www.phishtank.com. Accessed April 2022 . 2021. Phishtank. Out of the Net, into the Tank. https:\/\/www.phishtank.com. Accessed April 2022."},{"key":"e_1_3_2_1_17_1","volume-title":"The Domain Block List (DBL). https:\/\/www.spamhaus.org\/dbl\/. Accessed","year":"2022","unstructured":"2021. The Domain Block List (DBL). https:\/\/www.spamhaus.org\/dbl\/. Accessed April 2022 . 2021. The Domain Block List (DBL). https:\/\/www.spamhaus.org\/dbl\/. Accessed April 2022."},{"key":"e_1_3_2_1_18_1","volume-title":"What Services Does Let\u2019s Encrypt Offer?https:\/\/letsencrypt.org\/docs\/faq\/. Accessed","year":"2021","unstructured":"2021. What Services Does Let\u2019s Encrypt Offer?https:\/\/letsencrypt.org\/docs\/faq\/. Accessed May 2021 . 2021. What Services Does Let\u2019s Encrypt Offer?https:\/\/letsencrypt.org\/docs\/faq\/. Accessed May 2021."},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/www.certificate-transparency.org\/. Accessed","author":"Transparency Certificate","year":"2022","unstructured":"2022. Certificate Transparency . https:\/\/www.certificate-transparency.org\/. Accessed April 2022 . 2022. Certificate Transparency. https:\/\/www.certificate-transparency.org\/. Accessed April 2022."},{"key":"e_1_3_2_1_20_1","volume-title":"Facebook Certificate Transparency Tool. https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed","year":"2022","unstructured":"2022. Facebook Certificate Transparency Tool. https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed April 2022 . 2022. Facebook Certificate Transparency Tool. https:\/\/developers.facebook.com\/docs\/certificate-transparency\/. Accessed April 2022."},{"key":"e_1_3_2_1_21_1","volume-title":"Google Safe Browsing: Making the world\u2019s information safely accessible. https:\/\/safebrowsing.google.com. Accessed","year":"2022","unstructured":"2022. Google Safe Browsing: Making the world\u2019s information safely accessible. https:\/\/safebrowsing.google.com. Accessed April 2022 . 2022. Google Safe Browsing: Making the world\u2019s information safely accessible. https:\/\/safebrowsing.google.com. Accessed April 2022."},{"key":"e_1_3_2_1_22_1","volume-title":"Mcafee Labs Threat Report","year":"2018","unstructured":"2022. Mcafee Labs Threat Report December 2018 . https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-dec-2018.pdf. Accessed April 2022. 2022. Mcafee Labs Threat Report December 2018. https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-dec-2018.pdf. Accessed April 2022."},{"key":"e_1_3_2_1_23_1","volume-title":"SSL Mate Certspotter. https:\/\/sslmate.com\/certspotter\/. Accessed","year":"2022","unstructured":"2022. SSL Mate Certspotter. https:\/\/sslmate.com\/certspotter\/. Accessed April 2022 . 2022. SSL Mate Certspotter. https:\/\/sslmate.com\/certspotter\/. Accessed April 2022."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"},{"key":"e_1_3_2_1_25_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Acharya Bhupendra","year":"2021","unstructured":"Bhupendra Acharya and Phani Vadrevu . 2021 . PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling . In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 3775\u20133792. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/acharya Bhupendra Acharya and Phani Vadrevu. 2021. PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3775\u20133792. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/acharya"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106328.3106338"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2017.7945048"},{"key":"e_1_3_2_1_28_1","volume-title":"DeepPhish: Simulating Malicious AI. In 2018 APWG Symposium on Electronic Crime Research (eCrime). 1\u20138.","author":"Bahnsen C.","unstructured":"A.\u00a0 C. Bahnsen , U. Torroledo , D. Camacho , and S. Villegas . 2018 . DeepPhish: Simulating Malicious AI. In 2018 APWG Symposium on Electronic Crime Research (eCrime). 1\u20138. A.\u00a0C. Bahnsen, U. Torroledo, D. Camacho, and S. Villegas. 2018. DeepPhish: Simulating Malicious AI. In 2018 APWG Symposium on Electronic Crime Research (eCrime). 1\u20138."},{"key":"e_1_3_2_1_29_1","volume-title":"Using Entropy in Threat Hunting: a Mathematical Search for the Unknown. https:\/\/redcanary.com\/blog\/threat-hunting-entropy\/. Accessed","author":"BEN DOWNING.","year":"2021","unstructured":"BEN DOWNING. 2021. Using Entropy in Threat Hunting: a Mathematical Search for the Unknown. https:\/\/redcanary.com\/blog\/threat-hunting-entropy\/. Accessed February 2021 . BEN DOWNING. 2021. Using Entropy in Threat Hunting: a Mathematical Search for the Unknown. https:\/\/redcanary.com\/blog\/threat-hunting-entropy\/. Accessed February 2021."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"e_1_3_2_1_31_1","volume-title":"Random Forests. Machine Learning 45, 1 (01","author":"Breiman Leo","year":"2001","unstructured":"Leo Breiman . 2001. Random Forests. Machine Learning 45, 1 (01 Oct 2001 ), 5\u201332. Leo Breiman. 2001. Random Forests. Machine Learning 45, 1 (01 Oct 2001), 5\u201332."},{"key":"e_1_3_2_1_32_1","volume-title":"https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.6.pdf. Accessed","author":"Browser Forum CA","year":"2021","unstructured":"CA Browser Forum . 2021. Baseline Requirements . https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.6.pdf. Accessed Jan 2021 . CA Browser Forum. 2021. Baseline Requirements. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.6.pdf. Accessed Jan 2021."},{"key":"e_1_3_2_1_33_1","volume-title":"Object Registry of the CA \/ Browser Forum. https:\/\/cabforum.org\/object-registry\/. Accessed","author":"Browser Forum CA","year":"2022","unstructured":"CA \/ Browser Forum . 2022. Object Registry of the CA \/ Browser Forum. https:\/\/cabforum.org\/object-registry\/. Accessed April 2022 . CA \/ Browser Forum. 2022. Object Registry of the CA \/ Browser Forum. https:\/\/cabforum.org\/object-registry\/. Accessed April 2022."},{"key":"e_1_3_2_1_34_1","volume-title":"https:\/\/github.com\/CaliDog\/certstream-python. Accessed","author":"Python CertStream","year":"2022","unstructured":"CaliDog. 2022. CertStream Python . https:\/\/github.com\/CaliDog\/certstream-python. Accessed April 2022 . CaliDog. 2022. CertStream Python. https:\/\/github.com\/CaliDog\/certstream-python. Accessed April 2022."},{"key":"e_1_3_2_1_35_1","volume-title":"See Your Entire Attack Surface in Real Time. https:\/\/censys.io. Accessed","year":"2022","unstructured":"Censys. 2022. See Your Entire Attack Surface in Real Time. https:\/\/censys.io. Accessed April 2022 . Censys. 2022. See Your Entire Attack Surface in Real Time. https:\/\/censys.io. Accessed April 2022."},{"key":"e_1_3_2_1_36_1","volume-title":"EV OID list. https:\/\/chromium.googlesource.com\/chromium\/src\/net\/+\/master\/cert\/ev_root_ca_metadata.cc\/. Accessed","year":"2021","unstructured":"Chromium. 2021. EV OID list. https:\/\/chromium.googlesource.com\/chromium\/src\/net\/+\/master\/cert\/ev_root_ca_metadata.cc\/. Accessed February 2021 . Chromium. 2021. EV OID list. https:\/\/chromium.googlesource.com\/chromium\/src\/net\/+\/master\/cert\/ev_root_ca_metadata.cc\/. Accessed February 2021."},{"key":"e_1_3_2_1_37_1","volume-title":"Beyond the lock icon: Real-time detection of phishing websites using public key certificates. eCrime Researchers Summit, eCrime 2015 (06","author":"Dong Zheng","year":"2015","unstructured":"Zheng Dong , Apu Kapadia , Jim Blythe , and L Camp . 2015. Beyond the lock icon: Real-time detection of phishing websites using public key certificates. eCrime Researchers Summit, eCrime 2015 (06 2015 ). https:\/\/doi.org\/10.1109\/ECRIME.2015.7120795 10.1109\/ECRIME.2015.7120795 Zheng Dong, Apu Kapadia, Jim Blythe, and L Camp. 2015. Beyond the lock icon: Real-time detection of phishing websites using public key certificates. eCrime Researchers Summit, eCrime 2015 (06 2015). https:\/\/doi.org\/10.1109\/ECRIME.2015.7120795"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470111"},{"key":"e_1_3_2_1_39_1","unstructured":"Farsight Security Inc.2022. DNS Database. https:\/\/www.dnsdb.info\/. Accessed April 2022.  Farsight Security Inc.2022. DNS Database. https:\/\/www.dnsdb.info\/. Accessed April 2022."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"J. Gargano and K. Weiss. 1995. Whois and Network Information Lookup Service Whois++. RFC 1834. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc1834.txt.  J. Gargano and K. Weiss. 1995. Whois and Network Information Lookup Service Whois++. RFC 1834. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc1834.txt.","DOI":"10.17487\/rfc1834"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Josef Gustafsson Gustaf Overier Martin\u00a0F. Arlitt and Niklas Carlsson. 2017. A First Look at the CT Landscape: Certificate Transparency Logs in Practice. In PAM.  Josef Gustafsson Gustaf Overier Martin\u00a0F. Arlitt and Niklas Carlsson. 2017. A First Look at the CT Landscape: Certificate Transparency Logs in Practice. In PAM.","DOI":"10.1007\/978-3-319-54328-4_7"},{"key":"e_1_3_2_1_43_1","unstructured":"Ryan Hurst. 2012. How to Tell DV and OV Certificates Apart. http:\/\/unmitigatedrisk.com\/?p=203.  Ryan Hurst. 2012. How to Tell DV and OV Certificates Apart. http:\/\/unmitigatedrisk.com\/?p=203."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176329"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484765"},{"key":"e_1_3_2_1_47_1","volume-title":"When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking. In 2021 APWG Symposium on Electronic Crime Research (eCrime). 1\u201315","author":"Kumar Neeraj","year":"2021","unstructured":"Neeraj Kumar , Sukhada Ghewari , Harshal Tupsamudre , Manish Shukla , and Sachin Lodha . 2021 . When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking. In 2021 APWG Symposium on Electronic Crime Research (eCrime). 1\u201315 . https:\/\/doi.org\/10.1109\/eCrime54498.2021.9738769 10.1109\/eCrime54498.2021.9738769 Neeraj Kumar, Sukhada Ghewari, Harshal Tupsamudre, Manish Shukla, and Sachin Lodha. 2021. When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking. In 2021 APWG Symposium on Electronic Crime Research (eCrime). 1\u201315. https:\/\/doi.org\/10.1109\/eCrime54498.2021.9738769"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Anh Le Athina Markopoulou and Michalis Faloutsos. 2011. PhishDef: URL names say it all. 2011 Proceedings IEEE INFOCOM(2011) 191\u2013195.  Anh Le Athina Markopoulou and Michalis Faloutsos. 2011. PhishDef: URL names say it all. 2011 Proceedings IEEE INFOCOM(2011) 191\u2013195.","DOI":"10.1109\/INFCOM.2011.5934995"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376215"},{"key":"e_1_3_2_1_50_1","volume-title":"Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. In 2016 IEEE Symposium on Security and Privacy (SP). 691\u2013706","author":"Lever C.","year":"2016","unstructured":"C. Lever , R. Walls , Y. Nadji , D. Dagon , P. McDaniel , and M. Antonakakis . 2016 . Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. In 2016 IEEE Symposium on Security and Privacy (SP). 691\u2013706 . https:\/\/doi.org\/10.1109\/SP. 2016 .47 10.1109\/SP.2016.47 C. Lever, R. Walls, Y. Nadji, D. Dagon, P. McDaniel, and M. Antonakakis. 2016. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. In 2016 IEEE Symposium on Security and Privacy (SP). 691\u2013706. https:\/\/doi.org\/10.1109\/SP.2016.47"},{"key":"e_1_3_2_1_51_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Lin Yun","year":"2021","unstructured":"Yun Lin , Ruofan Liu , Dinil\u00a0Mon Divakaran , Jun\u00a0Yang Ng , Qing\u00a0Zhou Chan , Yiwen Lu , Yuxuan Si , Fan Zhang , and Jin\u00a0Song Dong . 2021 . Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages . In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 3793\u20133810. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/lin Yun Lin, Ruofan Liu, Dinil\u00a0Mon Divakaran, Jun\u00a0Yang Ng, Qing\u00a0Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin\u00a0Song Dong. 2021. Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3793\u20133810. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/lin"},{"key":"e_1_3_2_1_52_1","unstructured":"Chaoyi Lu Baojun Liu Yiming Zhang Zhou Li Fenglu Zhang Haixin Duan Y. Liu J. Chen Jinjin Liang Z. Zhang S. Hao and Min Yang. 2021. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. In NDSS.  Chaoyi Lu Baojun Liu Yiming Zhang Zhou Li Fenglu Zhang Haixin Duan Y. Liu J. Chen Jinjin Liang Z. Zhang S. Hao and Min Yang. 2021. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. In NDSS."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"e_1_3_2_1_55_1","volume-title":"http:\/\/www.maxmind.com. Accessed","year":"2022","unstructured":"MaxMind. 2022. GeoLite2 Databases. http:\/\/www.maxmind.com. Accessed April 2022 . MaxMind. 2022. GeoLite2 Databases. http:\/\/www.maxmind.com. Accessed April 2022."},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats","author":"D.","unstructured":"D. \u00a0Kevin McGrath and Minaxi Gupta. 2008. Behind Phishing: An Examination of Phisher Modi Operandi . In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats ( San Francisco, California) (LEET\u201908). USENIX Association, Berkeley, CA, USA, Article 4, 8\u00a0pages. http:\/\/dl.acm.org\/citation.cfm?id=1387709.1387713 D.\u00a0Kevin McGrath and Minaxi Gupta. 2008. Behind Phishing: An Examination of Phisher Modi Operandi. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (San Francisco, California) (LEET\u201908). USENIX Association, Berkeley, CA, USA, Article 4, 8\u00a0pages. http:\/\/dl.acm.org\/citation.cfm?id=1387709.1387713"},{"key":"e_1_3_2_1_57_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019","author":"Meyer Ulrike","year":"2019","unstructured":"Ulrike Meyer and Vincent Drury . 2019 . Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites . In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019 ). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/soups 2019\/presentation\/drury Ulrike Meyer and Vincent Drury. 2019. Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/drury"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Najmeh Miramirkhani Timothy Barron Michael Ferdman and Nick Nikiforakis. 2018. Panning for gold.com: Understanding the Dynamics of Domain Dropcatching. 257\u2013266.  Najmeh Miramirkhani Timothy Barron Michael Ferdman and Nick Nikiforakis. 2018. Panning for gold.com: Understanding the Dynamics of Domain Dropcatching. 257\u2013266.","DOI":"10.1145\/3178876.3186092"},{"key":"e_1_3_2_1_59_1","first-page":"324","article-title":"Harvesting SSL Certificate Data to Identify Web-Fraud","volume":"14","author":"Mishari Mishari\u00a0Al","year":"2012","unstructured":"Mishari\u00a0Al Mishari , Emiliano\u00a0De Cristofaro , Karim M.\u00a0 El Defrawy , and Gene Tsudik . 2012 . Harvesting SSL Certificate Data to Identify Web-Fraud . I. J. Network Security 14 , 6 (2012), 324 \u2013 338 . Mishari\u00a0Al Mishari, Emiliano\u00a0De Cristofaro, Karim M.\u00a0El Defrawy, and Gene Tsudik. 2012. Harvesting SSL Certificate Data to Identify Web-Fraud. I. J. Network Security 14, 6 (2012), 324\u2013338.","journal-title":"I. J. Network Security"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3401897"},{"key":"e_1_3_2_1_61_1","volume-title":"Network Solutions Certification Practice Statement. https:\/\/assets.web.com\/legal\/English\/CertificationPracticeStatement.pdf. Accessed","author":"Solutions Network","year":"2022","unstructured":"Network Solutions , LLC. 2022. Network Solutions Certification Practice Statement. https:\/\/assets.web.com\/legal\/English\/CertificationPracticeStatement.pdf. Accessed April 2022 . Network Solutions, LLC. 2022. Network Solutions Certification Practice Statement. https:\/\/assets.web.com\/legal\/English\/CertificationPracticeStatement.pdf. Accessed April 2022."},{"key":"#cr-split#-e_1_3_2_1_62_1.1","doi-asserted-by":"crossref","unstructured":"Amirreza Niakanlahiji Bei-Tseng Chu and Ehab Al-Shaer. 2018. PhishMon: A Machine Learning Framework for Detecting Phishing Webpages. 220-225. https:\/\/doi.org\/10.1109\/ISI.2018.8587410 10.1109\/ISI.2018.8587410","DOI":"10.1109\/ISI.2018.8587410"},{"key":"#cr-split#-e_1_3_2_1_62_1.2","doi-asserted-by":"crossref","unstructured":"Amirreza Niakanlahiji Bei-Tseng Chu and Ehab Al-Shaer. 2018. PhishMon: A Machine Learning Framework for Detecting Phishing Webpages. 220-225. https:\/\/doi.org\/10.1109\/ISI.2018.8587410","DOI":"10.1109\/ISI.2018.8587410"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_1_64_1","volume-title":"PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Oest Adam","year":"2020","unstructured":"Adam Oest , Yeganeh Safaei , Penghui Zhang , Brad Wardman , Kevin Tyers , Yan Shoshitaishvili , and Adam Doup\u00e9 . 2020 . PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists. In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 379\u2013396. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oest-phishtime Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, and Adam Doup\u00e9. 2020. PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 379\u2013396. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oest-phishtime"},{"key":"e_1_3_2_1_65_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Oest Adam","year":"2020","unstructured":"Adam Oest , Penghui Zhang , Brad Wardman , Eric Nunes , Jakub Burgis , Ali Zand , Kurt Thomas , Adam Doup\u00e9 , and Gail-Joon Ahn . 2020 . Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale . In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 361\u2013377. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oest-sunrise Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 361\u2013377. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oest-sunrise"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks. 45\u201356","author":"Oprea A.","unstructured":"A. Oprea , Z. Li , T.\u00a0 F. Yen , S.\u00a0 H. Chin , and S. Alrwais . 2015. Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data . In Proceedings of the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks. 45\u201356 . A. Oprea, Z. Li, T.\u00a0F. Yen, S.\u00a0H. Chin, and S. Alrwais. 2015. Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data. In Proceedings of the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks. 45\u201356."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355585"},{"key":"e_1_3_2_1_68_1","volume-title":"Induction of decision trees. Machine Learning 1, 1 (01","author":"Quinlan R.","year":"1986","unstructured":"J.\u00a0 R. Quinlan . 1986. Induction of decision trees. Machine Learning 1, 1 (01 Mar 1986 ), 81\u2013106. https:\/\/doi.org\/10.1007\/BF00116251 10.1007\/BF00116251 J.\u00a0R. Quinlan. 1986. Induction of decision trees. Machine Learning 1, 1 (01 Mar 1986), 81\u2013106. https:\/\/doi.org\/10.1007\/BF00116251"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363188"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"crossref","unstructured":"A.\u00a0P.\u00a0E. Rosiello E. Kirda 2. Kruegel and F. Ferrandi. 2007. A Layout-Similarity-Based Approach for Detecting Phishing Pages. In SecureComm. 454\u2013463.  A.\u00a0P.\u00a0E. Rosiello E. Kirda 2. Kruegel and F. Ferrandi. 2007. A Layout-Similarity-Based Approach for Detecting Phishing Pages. In SecureComm. 454\u2013463.","DOI":"10.1109\/SECCOM.2007.4550367"},{"key":"e_1_3_2_1_71_1","volume-title":"Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). 522\u2013531","author":"Sakurai Yuji","year":"2020","unstructured":"Yuji Sakurai , Takuya Watanabe , Tetsuya Okuda , Mitsuaki Akiyama , and Tatsuya Mori . 2020 . Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). 522\u2013531 . https:\/\/doi.org\/10.1109\/EuroSPW51379.2020.00077 10.1109\/EuroSPW51379.2020.00077 Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, and Tatsuya Mori. 2020. Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). 522\u2013531. https:\/\/doi.org\/10.1109\/EuroSPW51379.2020.00077"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278562"},{"key":"e_1_3_2_1_73_1","unstructured":"Quirin Scheitle Oliver Gasser Theodor Nolte Johanna Amann Lexi Brent Georg Carle Ralph Holz Thomas\u00a0C. Schmidt and Matthias W\u00e4hlisch. 2018. The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem. CoRR abs\/1809.08325(2018). arxiv:1809.08325http:\/\/arxiv.org\/abs\/1809.08325  Quirin Scheitle Oliver Gasser Theodor Nolte Johanna Amann Lexi Brent Georg Carle Ralph Holz Thomas\u00a0C. Schmidt and Matthias W\u00e4hlisch. 2018. The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem. CoRR abs\/1809.08325(2018). arxiv:1809.08325http:\/\/arxiv.org\/abs\/1809.08325"},{"key":"e_1_3_2_1_74_1","volume-title":"march 06","author":"Helme Scott","year":"2017","unstructured":"Scott Helme . march 06 , 2017 . Let\u2019s Encrypt are enabling the bad guys, and why they should. https:\/\/scotthelme.co.uk\/lets-encrypt-are-enabling-the-bad-guys-and-why-they-should\/. Accessed April 2022. Scott Helme. march 06, 2017. Let\u2019s Encrypt are enabling the bad guys, and why they should. https:\/\/scotthelme.co.uk\/lets-encrypt-are-enabling-the-bad-guys-and-why-they-should\/. Accessed April 2022."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3205977.3205992"},{"key":"e_1_3_2_1_76_1","volume-title":"Browser Market Share Worldwide. https:\/\/certs.securetrust.com\/CA\/twcps2_9.pdf. Accessed","author":"GlobalStats Statcounter","year":"2022","unstructured":"Statcounter GlobalStats . 2022. Browser Market Share Worldwide. https:\/\/certs.securetrust.com\/CA\/twcps2_9.pdf. Accessed April 2022 . Statcounter GlobalStats. 2022. Browser Market Share Worldwide. https:\/\/certs.securetrust.com\/CA\/twcps2_9.pdf. Accessed April 2022."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1018628609742"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278569"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278569"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/3270101.3270105"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699115"},{"key":"e_1_3_2_1_82_1","volume-title":"Subsidiary of Google","year":"2022","unstructured":"VirusTotal , Subsidiary of Google . 2022 . VirusTotal \u2013 Free Online Virus, Malware and URL Scanner. https:\/\/www.virustotal.com\/. Accessed April 2022. VirusTotal, Subsidiary of Google. 2022. VirusTotal \u2013 Free Online Virus, Malware and URL Scanner. https:\/\/www.virustotal.com\/. Accessed April 2022."},{"key":"e_1_3_2_1_83_1","volume-title":"Passive DNS Replication. In FIRST Conference on Computer Security Incident. 98","author":"Weimer Florian","year":"2005","unstructured":"Florian Weimer . 2005 . Passive DNS Replication. In FIRST Conference on Computer Security Incident. 98 . Florian Weimer. 2005. Passive DNS Replication. In FIRST Conference on Computer Security Incident. 98."},{"key":"e_1_3_2_1_84_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Wheeler Daniel\u00a0Lowe","year":"2016","unstructured":"Daniel\u00a0Lowe Wheeler . 2016 . zxcvbn: Low-Budget Password Strength Estimation . In 25th USENIX Security Symposium (USENIX Security 16) . USENIX Association, Austin, TX, 157\u2013173. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler Daniel\u00a0Lowe Wheeler. 2016. zxcvbn: Low-Budget Password Strength Estimation. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 157\u2013173. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler"},{"key":"e_1_3_2_1_85_1","unstructured":"Colin Whittaker Brian Ryner and Marria Nazif. 2010. Large-Scale Automatic Classification of Phishing Pages. In NDSS \u201910. http:\/\/www.isoc.org\/isoc\/conferences\/ndss\/10\/pdf\/08.pdf  Colin Whittaker Brian Ryner and Marria Nazif. 2010. Large-Scale Automatic Classification of Phishing Pages. In NDSS \u201910. http:\/\/www.isoc.org\/isoc\/conferences\/ndss\/10\/pdf\/08.pdf"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Limassol Cyprus","acronym":"RAID 2022"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545958","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545958","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:27Z","timestamp":1750188627000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545958"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":88,"alternative-id":["10.1145\/3545948.3545958","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545958","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}