Whoa, that's fascinating. So their botnet runs in multiple regions and will auto-switch if one has problems. Makes sense. Seems a bit strange to use China as the primary, though. Unless of course the attacker is based in China? Of the countries you mentioned Lithuania seems a much better choice. They have excellent pipes to EU and North America, and there's no firewall to deal with