Watering hole attacks are an attack in which a legitimate domain (e.g., a website) is infected and the infection causes the domain to forward visitors to a second, malicious domain. The second, malicious domain hosts an exploit kit which is downloaded to the visitor's device and may be used to steal the credentials of the visitor (e.g., username, password, etc.). New techniques which are able to detect watering hole attacks would be desirable. It would be even more desirable if such detection techniques were able to process large amounts of data in a relatively short amount of time. Typically, security-related detection processes must ingest large amounts of data and it would be desirable if new watering hole attack detection techniques could complete in a relatively short amount of time. In some cases, these detection techniques may also work on detecting other types of attacks, such as bot-net attacks.