It has been months after Joe Biden and Kamala Harris took office as president and vice president of the U.S., respectively. And since that time, they were naturally featured in most news outlets. What we wanted to know, though, is how all the attention has been affecting the domain registration world.

The Sample

We collated a list of domains and subdomains containing their names a couple of days before they took their oaths of office (25 January 2021). Domains & Subdomains Discovery provided us with a sample comprising:

• 144 domains containing the strings “joe” and “biden”
• 31 subdomains with the strings “joe” and “biden”
• 35 domains containing the strings “kamala” and “harris”
• 10 subdomains with the strings “kamala” and “harris”

Data Analysis and Findings

Running the 179 domains (combined Biden and Harris domains) through a bulk WHOIS lookup revealed that:

• 132 WHOIS records were identified.
• The domains were registered across ten countries.
• Only eight of the domains had non-privacy-protected email addresses.
• Only nine of the domains had identifiable registrants.
• Only 15 of the domains had identifiable registrant organizations.

The domain distribution by registrant country is shown in Chart 1.

A majority of the domains (88 or 67%) were registered in the U.S. The rest of the registrations were scattered across 10 registrant countries.

The bulk WHOIS lookup also revealed that a significant portion of the domains (41 or 31%) were registered in February 2021. The domain registration distribution by creation date is shown in Chart 2.

There does not appear to be a clear domain registration trend (i.e., either a constant increase or decrease) but it may have to do with how much the U.S. president and vice president are being talked about. In February 2021, for instance, the Biden-Harris government finished their first 100 days. That said, public interest and thus news coverage were abuzz as U.S. citizens took an in-depth look at what the duo did so far.

A closer inspection of the identified subdomains’ root domains showed that these web properties were distributed across five countries led by the U.S. accounting for 20 or 69% of the total domain volume (29). Chart 3 shows the registrant country distribution.

Like the Biden and Harris domains, it is probably not surprising to see the U.S. as the top registrant country. It is, however, quite interesting to see Iceland as the second most used registrant country.

While some of the domains associated with the Biden and Harris subdomains could be linked to a cause or news property (e.g., law-themed blog law[.]blog, animal rescue organizational site millionfamilyrescue[.]org, and news site matthew-sharpe[.]net) after being queried on Screenshot Lookup, others seemed somewhat disconnected from a possible political agenda (e.g., show business site filmygolpo[.]com, football news page footballys[.]com, and adult site camsdoc[.]com).

Probably one of the oldest tricks in the threat actor book is to ride on the popularity of celebrities, including politicians. While none of the domains and subdomains are dubbed malicious at this time, a lot of them are still parked and could be abused in the future. Take the subdomain joebidenweb[.]camsdoc[.]com example above, adult site camsdoc[.]com could be using Biden’s name as a lure to get people to access the page.

Without taking a more in-depth look at domains and subdomains that incorporate “hot” topics or names, users may unexpectedly land on dangerous websites.

Interested in getting a list of all the domains and subdomains we uncovered? Or do you just want to know more about doing a similar type of research? Contact us any time to see how we can work together.