Traffic Distribution System (TDS) abuse - What’s hiding behind the veil?

Infoblox provided Spamhaus with a list of 100,000 domains attributed to the Vextrio threat actor, many of which are low-cost TLD registrations (.life, .com, .club, .top) acquired in bulk (about 66,000 at Namesilo and 17,000 at Namecheap). Researchers link these domains to TDS activity; Spamhaus has added them to its Domain Blocklist and is tracking the infrastructure.