How about not being so stupid as to assume that nation-state level threat actors would be completely unable to register domains in other countries, and that this would obviously be how there well funded scheme is cracked by you, Very Smart Citizen looking at publicly available information?

This would have to be the most braindead take I can imagine: my personal ___domain is a US ___domain and I'm not a US citizen.