Press Releases

DomainTools Presents “Hotspots of Malicious Domains – Patterns and Trends” 

Seattle, September 12, 2023 – DomainTools, the leader for Internet intelligence, today announced that Aaron Gee-Clough and Tim Helming will be featured presenters for the second consecutive year at the mWISE Conference 2023, being held September 18-20, 2023 at the Marriott Marquis in Washington, DC.  

Mandiant, a part of Google Cloud, has convened mWISE™ (Mandiant Worldwide Information Security Exchange) in support of private and public organizations’ shared mission to combat the threats of today and those on the horizon. The conference is committed to growing a welcoming, vendor neutral community that brings together serious security practitioners from around the globe to learn from each other, share diverse perspectives, and arrive at new insights.

In the session, Gee-Clough, DomainTools senior data engineer and Helming, security evangelist, will present DomainTools’ latest snapshot report on concentrations of malicious activity, specifically phishing, malware, and spam. When cyber threat intel analysts, threat hunters, security controls administrators, or other SOC personnel are assessing the risk associated with traffic flows to or from the protected environment, they often identify certain features of domains as conveying signals of risk. 

For example, many analysts regard the presence of an SSL certificate from an issuer such as Let’s Encrypt as a sign that the domain may be high-risk. Likewise, some top level domains (TLDs) are seen by many security pros as red flags. These judgments are often reliable, especially when coming from seasoned analysts. However, large scale data may not always support common assumptions.

Gee-Clough and Helming will take a deep-dive to examine six features associated with domains: top level domain (TLD), IP Autonomous System (AS), name server AS, country of hosting, SSL certificate issuer, and domain registrar. 

“Within each of these features, we show those values that are associated with overrepresentation of malicious domains. Some of the findings confirm what veteran analysts predict, but other findings may surprise them!” said Helming.

“Hotspots of Malicious Domains – Patterns and Trends” will take place at 9:00am ET on September 18. For the full agenda, visit

About DomainTools

DomainTools is the global leader for Internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape. DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time. Visit to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.  For more information visit and follow us on Twitter and LinkedIn.