WHOIS: identification or correlation?

The report summarizes a case study where researchers successfully correlated a large set of malicious domains attributed to the Prolific Puma operator by leveraging publicly available WHOIS registrant records in the .us TLD; it highlights that .us registry policies (no WHOIS proxy and accessible WHOIS service) made large-scale attribution feasible.