Introducing Associated Domains v2
Reading time: 3 minutes
Today at SecurityTrails we're announcing an upgrade to our Associated Domains API endpoint and functionality inside of SurfaceBrowser™ and Attack Surface Reduction.
Associated Domains was originally introduced a few years ago. The purpose is to footprint a company's infrastructure by finding all domains associated with that company. The primary vectors involved a lot of heuristics around WHOIS data. While WHOIS is not dead by any means, it has left a lot of gaps after GDPR and privacy guard enablement.
We've heard your feedback and have been working on a wonderful new set of features that utilize many other vectors of association and allow us to expand in the future. Based on your feedback, we are now providing the provenance of how we made the association so that you can understand how a domain is related to another. This is available from inside of SurfaceBrowser™ currently.
What's new in Associated Domains v2?
- Major improvements to the algorithm to find false negatives - domains that may have been missed from other methods
- A keen attention to mergers, acquisitions, and subsidiaries
- Providing the provenance at a glance to be able to detail why an association was made
- 10+ additional signals for associations
- Enhanced WHOIS/SSL/Hosting/Nameserver and other infrastructure analysis
From the previous screenshot, you can also notice that ADv2 is now showing why a domain name was associated. Commonly associated reasons you'll find, among others, include:
- SSL organization
- SSL organization name
- WHOIS email
- WHOIS organization
- Parent's organization name
- Parent's organization legal name
Comparing results of ADv1 vs ADv2 for Netflix.com associations
To see these improvements in action, let’s first see how many domains, organizations and TLDs can be found with both versions:
| Version 1 | Version 2 |
|---|---|
| 195 - Domains | 1,049 - Domains |
| 55 - Unique Top Level Domains | 109 - Unique Top Level Domains |
| 6 - Different Organizations | 31 - Different Organizations |
| 436% increase |
That’s an 436% increase in the number of discovered associated domains!
Now let’s try using SurfaceBrowser™ and filtering by ‘Creation by year’, and ‘Expiration by year’.
With v1 we got 184 domains in the summary 'by Creation Year', starting in 1995 as the first registered date. And for the summary 'by Expiration Year', we got 183 results, from 2019 through 2026.
With v2 we got 882 domains, almost 4 times the results, starting in 1992. And reviewing the 'Summary by Expiration year' we got 877, ranging from 2018 to 2026.
Summary
As you can see, the new version of Associated Domains with all of its improvements and features provides evidently more domain associations than the previous one. This will help organizations make their intelligence collection about hostnames easier than before.
All new accounts created after Tuesday, November 16th will have ADv2 enabled by default. Users that had AD enabled on their account prior to this date can contact us to get ADv2 access.
Stay tuned for more product updates in the following weeks.
