That's a good point. That would require some more work to rule out, for instance by doing a whois lookup to see if the domains have the same controlling entity.
Yep, it's a tricky one to sort out. Harder still if the domains are using a whois privacy protection service.
Checking if both domains resolve to the same IP could help establish a link in certain cases (e.g. where the same haproxy load balancer is terminating traffic for both sites).
Maybe also checking if the asset domain contains the string of the main site domain e.g. company.com and companystatic.com or company.com and companyassets.com
Edit: if both sites are served over SSL you could also sniff the cert to see if its the same one in both cases (i.e. they're using one cert and multiple subjectAltName entries).
