Here is a Find Associated Domains sample report:
Allows you to discover domains associated with a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.
The domain names owned by an organization are the starting point for discovering its attack surface. Development, test, backup or less-known applications are usually hosted on different domain names of the organization and they can be easy targets for attackers
This tool can help you to perform an inventory of your domain names, including the resources that you have currently exposed to the Internet. Such an inventory could help you decomission unused resources and decrease your workload.
The results of Find Domains are obtained in real-time and no caching mechanism is used. Even though this is a slower approach, the results are very accurate and up to date.
|Domain Name||Is the target domain name (ex. oracle.com, yahoo.com, etc) which will be searched for associated domains|
|SSL Certificates||Searches Certificate Transparency Logs for certificates having the target domain as alt name.|
|BuiltWith||Searches BuiltWith relationships (e.g. Google Analytics Tags) for potentially related domains.|
|Reverse Whois||Finds the company and contact email of the target domain with a Whois lookup and then does a reverse lookup on them.|
|Include zero weight results||Also show the results with very low weight (e.g. domains found only in expired certificates)|