{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,16]],"date-time":"2026-07-16T15:22:48Z","timestamp":1784215368104,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":84,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"HORIZON EUROPE Framework Programme","doi-asserted-by":"publisher","award":["101168562"],"award-info":[{"award-number":["101168562"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Agentschap Innoveren en Ondernemen","doi-asserted-by":"publisher","award":["HBC.2023.0718"],"award-info":[{"award-number":["HBC.2023.0718"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690192","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2147-2161","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Characterizing and Mitigating Phishing Attacks at ccTLD Scale"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6632-0221","authenticated-orcid":false,"given":"Giovane C. M.","family":"Moura","sequence":"first","affiliation":[{"name":"SIDN Labs &amp; Delft University of Technology, Arnhem, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2929-2077","authenticated-orcid":false,"given":"Thomas","family":"Daniels","sequence":"additional","affiliation":[{"name":"DNS Belgium &amp; Department of Computer Science, KU Leuven, Leuven, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-2670-5234","authenticated-orcid":false,"given":"Maarten","family":"Bosteels","sequence":"additional","affiliation":[{"name":"DNS Belgium, Leuven, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1941-2759","authenticated-orcid":false,"given":"Sebastian","family":"Castro","sequence":"additional","affiliation":[{"name":".IE Registry, Dublin, Ireland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3771-5451","authenticated-orcid":false,"given":"Moritz","family":"M\u00fcller","sequence":"additional","affiliation":[{"name":"SIDN Labs &amp; University of Twente, Arnhem, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9937-0869","authenticated-orcid":false,"given":"Thymen","family":"Wabeke","sequence":"additional","affiliation":[{"name":"SIDN Labs, Arnhem, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8480-4134","authenticated-orcid":false,"given":"Thijs","family":"van den Hout","sequence":"additional","affiliation":[{"name":"SIDN Labs, Arnhem, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4334-3260","authenticated-orcid":false,"given":"Maciej","family":"Korczy\u0144ski","sequence":"additional","affiliation":[{"name":"Univ. Grenoble Alps, Grenoble, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing. https:\/\/interisle.net\/s\/PhishingLandscape2021.pdf. Accessed","author":"Aaron Greg","year":"2024","unstructured":"Greg Aaron, Lyman Chapin, David Piscitello, and Colin Strutt. 2021. Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing. https:\/\/interisle.net\/s\/PhishingLandscape2021.pdf. Accessed: June 2, 2024."},{"key":"e_1_3_2_1_2_1","volume-title":"APWG Global Phishing Survey: Trends and Domain Name Use","author":"Aaron Greg","year":"2016","unstructured":"Greg Aaron and Rod Rasmussen. 2017. APWG Global Phishing Survey: Trends and Domain Name Use in 2016. https:\/\/docs.apwg.org\/\/reports\/APWG_Global_Phishing_Report_2015--2016.pdf."},{"key":"e_1_3_2_1_3_1","volume-title":"Domain Name Lifetimes: Baseline and Threats. In 6th Network Traffic Measurement and Analysis Conference, TMA","author":"Affinito Antonia","year":"2022","unstructured":"Antonia Affinito, Raffaele Sommese, Gautam Akiwate, Stefan Savage, KC Claffy, Geoffrey M Voelker, Alessio Botta, and Mattijs Jonker. 2022. Domain Name Lifetimes: Baseline and Threats. In 6th Network Traffic Measurement and Analysis Conference, TMA 2022, Enschede, The Netherlands. International Federation for Information Processing (IFIP)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23243"},{"key":"e_1_3_2_1_5_1","unstructured":"Anti-Phishing Working Group. 2023. eCrime eXchange (eCX). https:\/\/github.com\/APWG\/ecx."},{"key":"e_1_3_2_1_6_1","unstructured":"APWG. 2023. APWG Trends Report Q2 2023. https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q2_2023.pdf Accessed: Jan. 24 2024."},{"key":"e_1_3_2_1_7_1","volume-title":"22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Barron Timothy","year":"2019","unstructured":"Timothy Barron, Najmeh Miramirkhani, and Nick Nikiforakis. 2019. Now You See It, Now You Don't: A Large-scale Analysis of Early Domain Deletions. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). USENIX Association, 383--397."},{"key":"e_1_3_2_1_8_1","volume-title":"Sourena Maroofi, Thymen Wabeke, Cristian Hesselman, Andrzej Duda, and Maciej Korczy'ski.","author":"Bayer Jan","year":"2023","unstructured":"Jan Bayer, Ben Chukwuemeka Benjamin, Sourena Maroofi, Thymen Wabeke, Cristian Hesselman, Andrzej Duda, and Maciej Korczy'ski. 2023. Operational Domain Name Classification: From Automatic Ground Truth Generation to Adaptation to Missing Values. In Passive and Active Measurement. Cham, 564--591."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/www.dnsbelgium.be\/en\/news\/registrant-verification-with-machine-learning (Accessed on","author":"Belgium DNS","year":"2024","unstructured":"DNS Belgium. 2024. .be Registrant verification now also with Machine Learning. https:\/\/www.dnsbelgium.be\/en\/news\/registrant-verification-with-machine-learning (Accessed on: Apr 26 2024)."},{"key":"e_1_3_2_1_10_1","unstructured":"DNS Belgium. 2024. DNS Belgium - Managing .be .vlaanderen and .brussels Domain Names. https:\/\/www.dnsbelgium.be\/en\/ Accessed: 2024-08--29."},{"key":"e_1_3_2_1_11_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Bijmans Hugo","year":"2021","unstructured":"Hugo Bijmans, Tim Booij, Anneke Schwedersky, Aria Nedgabat, and Rolf van Wegberg. 2021. Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3757--3774."},{"key":"e_1_3_2_1_12_1","unstructured":"CENTR. 2024. Domain Registration Statistics. https:\/\/stats.centr.org\/public\/registrations Accessed: 2024-07--18."},{"key":"e_1_3_2_1_13_1","unstructured":"Certificate Transparency. 2024. Working together to detect maliciously or mistakenly issued certificates. https:\/\/certificate.transparency.dev\/ Accessed: 2024-01--21."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66402-6_22"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"L. Daigle. 2004. WHOIS Protocol Specification. RFC 3912. IETF. http:\/\/tools.ietf.org\/rfc\/rfc3912.txt","DOI":"10.17487\/rfc3912"},{"key":"e_1_3_2_1_16_1","volume-title":"Proc. of USENIX Security. 3721--3738","author":"Silva Ravindu De","year":"2021","unstructured":"Ravindu De Silva, Mohamed Nabeel, Charith Elvitigala, Issa Khalil, Ting Yu, and Chamath Keppitiyagama. 2021. Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs. In Proc. of USENIX Security. 3721--3738."},{"key":"e_1_3_2_1_17_1","unstructured":"DENIC eG. 2024. 2022 DENIC Domain Statistics. https:\/\/www.denic.de\/en\/whats-new\/news\/article\/2022-denic-domain-statistics Accessed: 2024-07--18."},{"key":"e_1_3_2_1_18_1","unstructured":"Domain Name Wire. 2024. Verisign Announces .com Price Hike to 10.26. https:\/\/domainnamewire.com\/2024\/02\/08\/verisign-announces-com-price-hike-to-10--26\/ Accessed: 2024-07--22."},{"key":"e_1_3_2_1_19_1","unstructured":"DomainTools. 2024. Domain Count Statistics for TLDs - DomainTools. https:\/\/research.domaintools.com\/statistics\/tld-counts\/ Accessed: 2024-07--18."},{"key":"e_1_3_2_1_20_1","volume-title":"ENISA Threat Landscape","author":"European Union Agency for Cybersecurity. 2023.","year":"2023","unstructured":"European Union Agency for Cybersecurity. 2023. ENISA Threat Landscape 2023. https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2023."},{"key":"e_1_3_2_1_21_1","unstructured":"European Union Agency for Cybersecurity. 2024. Malware Phishing and Ransomware. https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2023."},{"key":"e_1_3_2_1_22_1","unstructured":"Europol. 2024. International investigation disrupts phishing-as-a-service platform LabHost. https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/international-investigation-disrupts-phishing-service-platform-labhost Accessed: Apr 19 2024."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"R. Fielding and J. Reschke. 2014. Hypertext Transfer Protocol (HTTP\/1.1): Semantics and Content. RFC 7231. IETF. http:\/\/tools.ietf.org\/rfc\/rfc7231.txt","DOI":"10.17487\/rfc7231"},{"key":"e_1_3_2_1_24_1","unstructured":"Google. 2023. Google Safe Browsing. https:\/\/safebrowsing.google.com\/."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068842"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"P. Hoffman A. Sullivan and K. Fujiwara. 2019. DNS Terminology. RFC 8499. IETF. http:\/\/tools.ietf.org\/rfc\/rfc8499.txt","DOI":"10.17487\/RFC8499"},{"key":"e_1_3_2_1_30_1","volume-title":"Spam sees big nosedive as rogue ISP McColo knocked offline. https:\/\/arstechnica.com\/information-technology\/2008\/11\/spam-sees-big-nosedive-as-rogue-isp-mccolo-knocked-offline\/ Accessed","author":"Hruska Joel","year":"2024","unstructured":"Joel Hruska. 2008. Spam sees big nosedive as rogue ISP McColo knocked offline. https:\/\/arstechnica.com\/information-technology\/2008\/11\/spam-sees-big-nosedive-as-rogue-isp-mccolo-knocked-offline\/ Accessed: Jan 31, 2024."},{"key":"e_1_3_2_1_31_1","volume-title":"2016 APWG Symposium on Electronic Crime Research. IEEE, 102--111","author":"Hutchings Alice","unstructured":"Alice Hutchings, Richard Clayton, and Ross J. Anderson. 2016. Taking down websites to prevent crime. In 2016 APWG Symposium on Electronic Crime Research. IEEE, 102--111."},{"key":"e_1_3_2_1_32_1","volume-title":"2013 Registrar Accreditation Agreement. https:\/\/www.icann.org\/resources\/pages\/approved-with-specs-2013-09--17-en Accessed","author":"ICANN.","year":"2024","unstructured":"ICANN. 2013. 2013 Registrar Accreditation Agreement. https:\/\/www.icann.org\/resources\/pages\/approved-with-specs-2013-09--17-en Accessed: Jan 30, 2024."},{"key":"e_1_3_2_1_33_1","volume-title":"Specification 13, and 2013 Registrar Accreditation Agreement (RAA). https:\/\/www.icann.org\/en\/system\/files\/files\/proposed-base-gtld-ra-global-amendment-11sep23-en.pdf Accessed","author":"ICANN.","year":"2024","unstructured":"ICANN. 2023. 2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar Accreditation Agreement (RAA). https:\/\/www.icann.org\/en\/system\/files\/files\/proposed-base-gtld-ra-global-amendment-11sep23-en.pdf Accessed: Jan 30, 2024."},{"key":"e_1_3_2_1_34_1","volume-title":"About gTLD Compliance Program. https:\/\/www.icann.org\/resources\/pages\/compliance-2012-02--25-en [Online","author":"ICANN.","year":"2024","unstructured":"ICANN. 2024. About gTLD Compliance Program. https:\/\/www.icann.org\/resources\/pages\/compliance-2012-02--25-en [Online; accessed 30-January-2024]."},{"key":"e_1_3_2_1_35_1","volume-title":"ccTLDs. https:\/\/www.icann.org\/resources\/pages\/cctlds\/cctlds-en [Online","author":"ICANN.","year":"2024","unstructured":"ICANN. 2024. ccTLDs. https:\/\/www.icann.org\/resources\/pages\/cctlds\/cctlds-en [Online; accessed 30-January-2024]."},{"key":"e_1_3_2_1_36_1","unstructured":"ICANN. 2024. ICANN's Contracted Parties Approve New Obligations to Mitigate DNS Abuse. https:\/\/www.icann.org\/en\/blogs\/details\/icanns-contracted-parties-approve-new-obligations-to-mitigate-dns-abuse-13--12--2023-en [Online; accessed 30-January-2024]."},{"key":"e_1_3_2_1_37_1","unstructured":"IE Domain Registry. 2023. How to register a domain. https:\/\/www.weare.ie\/how-to-register-a-domain\/."},{"key":"e_1_3_2_1_38_1","unstructured":"IE Domain Registry. 2024. We Are IE - The Official Registry for .ie Domain Names. https:\/\/www.weare.ie Accessed: 2024-08--29."},{"key":"e_1_3_2_1_39_1","volume-title":"https:\/\/www.icann.org\/ Accessed","author":"Internet Corporation for Assigned Names and Numbers (ICANN). 2024.","year":"2024","unstructured":"Internet Corporation for Assigned Names and Numbers (ICANN). 2024. https:\/\/www.icann.org\/ Accessed: Feb 15, 2024."},{"key":"e_1_3_2_1_40_1","unstructured":"Interpol. 2024. Cybercrimes cross borders and evolve rapidly. https:\/\/www.interpol.int\/en\/Crimes\/Cybercrime."},{"key":"e_1_3_2_1_41_1","volume-title":"Threats in Cyberspace","author":"Japanese National Police Agency. 2022.","year":"2022","unstructured":"Japanese National Police Agency. 2022. Threats in Cyberspace in 2022. https:\/\/www.npa.go.jp\/english\/bureau\/cyber\/document\/threatsincyberspace2022.pdf."},{"key":"e_1_3_2_1_42_1","unstructured":"Joint Cybersecurity Advisory (CSA). 2022. 2022 Top Routinely Exploited Vulnerabilities. https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23--215a."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1093\/jcr\/ucz058"},{"key":"e_1_3_2_1_44_1","volume-title":"Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs","author":"Korczy'ski Maciej","unstructured":"Maciej Korczy'ski, Samaneh Tajalizadehkhoob, Arman Noroozian, Maarten Wullink, Cristian Hesselman, and Michel van Eeten. 2017. Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs. In IEEE EuroS&P. 579--594."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Maciej Korczy'ski Maarten Wullink Samaneh Tajalizadehkhoob Giovane C.M. Moura Arman Noroozian Drew Bagley and Cristian Hesselman. 2018. Cyber-crime After the Sunrise: A Statistical Analysis of DNS Abuse in New gTLDs. In ACM ASIACCS.","DOI":"10.1145\/3196494.3196548"},{"key":"e_1_3_2_1_46_1","volume-title":"Host of Internet Spam Groups Is Cut Off. https:\/\/www.washingtonpost.com\/wp-dyn\/content\/article\/2008\/11\/12\/AR2008111200658.html Accessed on","author":"Krebs Brian","year":"2024","unstructured":"Brian Krebs. 2008. Host of Internet Spam Groups Is Cut Off. https:\/\/www.washingtonpost.com\/wp-dyn\/content\/article\/2008\/11\/12\/AR2008111200658.html Accessed on: April 17, 2024."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"M. Kucherawy and E. Zwicky. 2015. Domain-based Message Authentication Reporting and Conformance (DMARC). RFC 7489. IETF. http:\/\/tools.ietf.org\/rfc\/rfc7489.txt","DOI":"10.17487\/rfc7489"},{"key":"e_1_3_2_1_48_1","unstructured":"SIDN Labs. 2024. Abuse Statistics. https:\/\/stats.sidnlabs.nl\/en\/abuse.html Accessed: 2024-07--19."},{"key":"e_1_3_2_1_49_1","volume-title":"Domain Classifier: Compromised Machines Versus Malicious Registrations. In Web Engineering, Maxim Bakaev, Flavius Frasincar, and In-Young Ko (Eds.)","author":"Page Sophie Le","year":"2019","unstructured":"Sophie Le Page, Guy-Vincent Jourdan, Gregor V. Bochmann, Iosif-Viorel Onut, and Jason Flood. 2019. Domain Classifier: Compromised Machines Versus Malicious Registrations. In Web Engineering, Maxim Bakaev, Flavius Frasincar, and In-Young Ko (Eds.). Springer International Publishing, Cham, 265--279."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"J. Levine. 2010. DNS Blacklists and Whitelists. RFC 5782. IETF. http:\/\/tools.ietf.org\/rfc\/rfc5782.txt","DOI":"10.17487\/rfc5782"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_4"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134049"},{"key":"e_1_3_2_1_53_1","volume-title":"4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 11)","author":"Liu He Lonnie","year":"2011","unstructured":"He Lonnie Liu, Kirill Levchenko, M\u00e1rk F\u00e9legyh\u00e1zi, Christian Kreibich, Gregor Maier, and Geoffrey M Voelker. 2011. On the effects of registrar-level intervention. In 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 11). USENIX Association, Boston, MA, 1--8."},{"key":"e_1_3_2_1_54_1","volume-title":"Marktplaats - De plek om nieuwe en tweedehands spullen te kopen en verkopen (In Dutch). https:\/\/www.marktplaats.nl\/ Accessed","year":"2024","unstructured":"Marktplaats. 2024. Marktplaats - De plek om nieuwe en tweedehands spullen te kopen en verkopen (In Dutch). https:\/\/www.marktplaats.nl\/ Accessed: Jan. 24, 2024."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00045"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"P. Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034. IETF. http:\/\/tools.ietf.org\/rfc\/rfc1034.txt","DOI":"10.17487\/rfc1034"},{"key":"e_1_3_2_1_57_1","volume-title":"Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit. ACM, 1--13.","author":"Moore Tyler","unstructured":"Tyler Moore and Richard Clayton. 2007. Examining the Impact of Website Take-down on Phishing. In Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit. ACM, 1--13."},{"key":"e_1_3_2_1_58_1","volume-title":"The Impact of Incentives on Notice and Take-down","author":"Moore Tyler","unstructured":"Tyler Moore and Richard Clayton. 2009. The Impact of Incentives on Notice and Take-down. Springer, 199--223."},{"key":"e_1_3_2_1_59_1","unstructured":"Giovane C. M. Moura Thomas Daniels Maarten Bosteels Sebastian Castro Moritz M\u00fcller Thymen Wabeke Thijs van den Hout MacIej Korczy'ski and G. Smaragdakis. 2024. Characterizing and Mitigating Phishing Attacks at ccTLD Scale (extended). Vol. EWI-TR-2024--1. Delft University of Technology Faculteit Elektrotechniek Wiskunde en Informatica. https:\/\/research.tudelft.nl\/en\/publications\/characterizing-and-mitigating-phishing-attacks-at-cctld-scale-ext"},{"key":"e_1_3_2_1_60_1","volume-title":"Aggressive use of Batesian mimicry by an ant-like jumping spider. Biology letters 5, 6","author":"Nelson Ximena J","year":"2009","unstructured":"Ximena J Nelson and Robert R Jackson. 2009. Aggressive use of Batesian mimicry by an ant-like jumping spider. Biology letters 5, 6 (2009), 755--757."},{"key":"e_1_3_2_1_61_1","unstructured":"Netcraft. 2024. Cybercrime Detection. https:\/\/www.netcraft.com\/platform\/cybercrime-detection\/ Accessed: 2024-07--18."},{"key":"e_1_3_2_1_62_1","unstructured":"Netcraft. 2024. Netcraft. https:\/\/www.netcraft.com Accessed: 2024-07--18."},{"key":"e_1_3_2_1_63_1","unstructured":"Nominet. 2024. .UK Register Statistics 2024. https:\/\/www.nominet.uk\/news\/reports-statistics\/uk-register-statistics-2024\/ Accessed: 2024-07--18."},{"key":"e_1_3_2_1_64_1","volume-title":"Internationaal phishing netwerk opgerold, vijf arrestaties in Nederland (In Dutch). https:\/\/nos.nl\/artikel\/2517210-internationaal-phishing-netwerk-opgerold-vijf-arrestaties-in-nederland (Accessed on","author":"NOS.","year":"2024","unstructured":"NOS. 2024. Internationaal phishing netwerk opgerold, vijf arrestaties in Nederland (In Dutch). https:\/\/nos.nl\/artikel\/2517210-internationaal-phishing-netwerk-opgerold-vijf-arrestaties-in-nederland (Accessed on: Apr 18 2024)."},{"key":"e_1_3_2_1_65_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 361--377."},{"key":"e_1_3_2_1_66_1","unstructured":"Krebs on Security. 2023. Sued by Meta Freenom Halts Domain Registrations. https:\/\/krebsonsecurity.com\/2023\/03\/sued-by-meta-freenom-halts-domain-registrations\/ Accessed: 2024-07--19."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1515\/9781400840809"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1093\/jcr\/ucz026"},{"key":"e_1_3_2_1_69_1","unstructured":"SIDN. 2024. Abuse Prevention. SIDN. https:\/\/www.sidn.nl\/en\/cybersecurity\/abuse-prevention Accessed: 2024-07--19."},{"key":"e_1_3_2_1_70_1","unstructured":"SIDN. 2024. SIDN - The Foundation for Internet Domain Registration in the Netherlands. https:\/\/sidn.nl\/en Accessed: 2024-08--29."},{"key":"e_1_3_2_1_71_1","volume-title":"SIDN For confidence online. https:\/\/www.sidn.nl\/en\/internet-security\/transparency-report [Accessed on 25th","author":"SIDN.","year":"2024","unstructured":"SIDN. 2024. SIDN For confidence online. https:\/\/www.sidn.nl\/en\/internet-security\/transparency-report [Accessed on 25th April 2024]."},{"key":"e_1_3_2_1_72_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Silva Ravindu De","year":"2021","unstructured":"Ravindu De Silva, Mohamed Nabeel, Charith Elvitigala, Issa Khalil, Ting Yu, and Chamath Keppitiyagama. 2021. Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3721--3738."},{"key":"e_1_3_2_1_73_1","volume-title":"Microsoft Dominates as the Most Impersonated Brand for Phishing Scams in Q2","author":"Software Check Point","year":"2023","unstructured":"Check Point Software. 2023. Microsoft Dominates as the Most Impersonated Brand for Phishing Scams in Q2 2023. https:\/\/www.checkpoint.com\/press-releases\/microsoft-dominates-as-the-most-impersonated-brand-for-phishing-scams-in-q2--2023\/ Accessed: Jan. 24, 2024."},{"key":"e_1_3_2_1_74_1","volume-title":"2022 18th International Conference on Network and Service Management (CNSM). 118--126","author":"Sommese Raffaele","unstructured":"Raffaele Sommese, Mattijs Jonker, Jeroen van der Ham, and Giovane C. M. Moura. 2022. Assessing e-Government DNS Resilience. In 2022 18th International Conference on Network and Service Management (CNSM). 118--126."},{"key":"e_1_3_2_1_75_1","volume-title":"Strengthening trust and safety across the internet | Spamhaus. https:\/\/www.spamhaus.org Accessed","year":"2024","unstructured":"Spamhaus. 2024. Strengthening trust and safety across the internet | Spamhaus. https:\/\/www.spamhaus.org Accessed: April 22, 2024."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1002\/mar.20349"},{"key":"e_1_3_2_1_77_1","volume-title":"Police bust global cyber gang accused of industrial-scale fraud. https:\/\/www.bbc.com\/news\/uk-68838977 Accessed","author":"Symonds Tom","year":"2024","unstructured":"Tom Symonds. 2024. Police bust global cyber gang accused of industrial-scale fraud. https:\/\/www.bbc.com\/news\/uk-68838977 Accessed: Apr 19, 2024."},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133971"},{"key":"e_1_3_2_1_79_1","volume-title":"Internet Crime Complaint Center","author":"US Federal Bureau of Investigation","year":"2023","unstructured":"US Federal Bureau of Investigation, Internet Crime Complaint Center. 2023. Internet Crimer Report. https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2023_IC3Report.pdf."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2427847"},{"key":"e_1_3_2_1_81_1","unstructured":"Verisign. 2024. Zone File. https:\/\/www.verisign.com\/en_US\/channel-resources\/domain-registry-products\/zone-file\/index.xhtml Accessed: 2024-07--18."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2018.8506521"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"crossref","unstructured":"Qinge Xie and Frank Li. 2024. Crawling to the Top: An Empirical Evaluation of Top List Use. In Passive and Active Measurement Philipp Richter Vaibhav Bajpai and Esteban Carisimo (Eds.). Springer Nature Switzerland Cham 277--306.","DOI":"10.1007\/978-3-031-56249-5_12"},{"key":"e_1_3_2_1_84_1","volume-title":"CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. In 2021 IEEE Symposium on Security and Privacy (SP). 1109--1124","author":"Zhang Penghui","year":"2021","unstructured":"Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doup\u00e9, and Gail-Joon Ahn. 2021. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. In 2021 IEEE Symposium on Security and Privacy (SP). 1109--1124."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690192","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690192","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:53:52Z","timestamp":1755842032000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690192"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":84,"alternative-id":["10.1145\/3658644.3690192","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690192","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}