product updates

SecurityTrails Blog · Nov 11 · by Esteban Borges

Introducing Associated Domains v2

Reading time: 3 minutes
Listen to this article

Today at SecurityTrails we’re announcing an upgrade to our Associated Domains API endpoint and functionality inside of SurfaceBrowser™ and Attack Surface Reduction.

Associated Domains was originally introduced a few years ago. The purpose is to footprint a company’s infrastructure by finding all domains associated with that company. The primary vectors involved a lot of heuristics around WHOIS data. While WHOIS is not dead by any means, it has left a lot of gaps after GDPR and privacy guard enablement.

We’ve heard your feedback and have been working on a wonderful new set of features that utilize many other vectors of association and allow us to expand in the future. Based on your feedback, we are now providing the provenance of how we made the association so that you can understand how a domain is related to another. This is available from inside of SurfaceBrowser™ currently.

What’s new in Associated Domains v2?

  • Major improvements to the algorithm to find false negatives - domains that may have been missed from other methods
  • A keen attention to mergers, acquisitions, and subsidiaries
  • Providing the provenance at a glance to be able to detail why an association was made
  • 10+ additional signals for associations
  • Enhanced WHOIS/SSL/Hosting/Nameserver and other infrastructure analysis
Summary by Expiration year

From the previous screenshot, you can also notice that ADv2 is now showing why a domain name was associated. Commonly associated reasons you’ll find, among others, include:

  • SSL organization
  • SSL organization name
  • WHOIS email
  • WHOIS organization
  • Parent’s organization name
  • Parent’s organization legal name

Comparing results of ADv1 vs ADv2 for Netflix.com associations

To see these improvements in action, let’s first see how many domains, organizations and TLDs can be found with both versions:

Version 1 Version 2
195 - Domains 1,049 - Domains
55 - Unique Top Level Domains 109 - Unique Top Level Domains
6 - Different Organizations 31 - Different Organizations
436% increase

That’s an 436% increase in the number of discovered associated domains!

Now let’s try using SurfaceBrowser™ and filtering by ‘Creation by year’, and ‘Expiration by year’.

Associated Domains v2 filtered by year

With v1 we got 184 domains in the summary ‘by Creation Year’, starting in 1995 as the first registered date. And for the summary ‘by Expiration Year’, we got 183 results, from 2019 through 2026.

Associated Domains v21 filtered by year comparison

With v2 we got 882 domains, almost 4 times the results, starting in 1992. And reviewing the ‘Summary by Expiration year’ we got 877, ranging from 2018 to 2026.

Summary

As you can see, the new version of Associated Domains with all of its improvements and features provides evidently more domain associations than the previous one. This will help organizations make their intelligence collection about hostnames easier than before.

All new accounts created after Tuesday, November 16th will have ADv2 enabled by default. Users that had AD enabled on their account prior to this date can contact us to get ADv2 access.

Stay tuned for more product updates in the following weeks.

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.