Hardenize has joined Red Sift! Find out more in our blog post.


Welcome to the Hardenize blog. This is where we will document our journey as we make the Internet a more secure place and have some fun and excitement along the way.

25 Jul

Introducing Related Domain Discovery

by Ivan Ristić

Today we're announcing Related Domain Discovery, our new functionality that uses a variety of big-data sources to automatically discover new domain names connected to the domain names already in customer accounts. With this improvement, we make it even easier for our customers to find and keep an eye on their network and application infrastructure.

When it comes to network surface monitoring, our larger customers often struggle to build a comprehensive list of domain names they own. This may seem a simple task to smaller organizations where all domain names are in the same place, but at scale, it's very difficult. Think very large, distributed, organizations and years of mergers and acquisitions. Building a good list requires a lot of effort; maintaining it even more so.

Our approach is to attack the problem from multiple perspectives. Back in 2019, we built a search engine of all domains and subdomains worldwide. This enables our customers to find any domains that match their brand names or trademarks. (We didn't publish a blog post about it specifically, but we did write about using the search engine to detect phishing domain names.) In 2021 and 2022 we started to add support for third-party integrations, covering the big cloud providers, registrars, CDNs, DNS providers, and CAs. Our goal with this direction is to build the ultimate asset inventory by getting the information directly from the sources.

Finally, with Related Domains, we automatically detect connected domain names by examining the infrastructure that we already know belongs to our customers, then correlating that information with large-scale databases of the world's infrastructure. We find connections and bring them to our customers' attention. This feature can be as simple as finding the organization name from one of the known domain names, then using it to find all other domain names associated with it. Conceptually, it's straightforward, but requires a lot of work behind the scenes, as well as mountains of data.

Here are some of the techniques we use:

  • Domain name registration identities (from WHOIS and RDAP)
  • Domain name email addresses
  • Certificate identities
  • DNS zone information
  • Mail server relationships
  • Nameserver relationships

We spent the last couple of months testing Related Domains with great success. In several situations, we were able to find thousands of domains starting from a single lonesome entry.

A complete solution needs all of the above approaches. With Related Domains, our customers can find all connected domains quickly and easily. With third-party integrations, they can build the definitive asset inventory. With keyword search, they can find what's missed as well as find potentially malicious look-alike domain names.

If you're a customer, this functionality is already enabled on your account. Go to Identity Monitoring under Settings to claim your identities. If you're not a customer, there's never been a better time to get in touch! We'll help you find your related domains as part your onboarding.