In the output of line 85 there two punycoded[1] domain names: xn--g5t518j which is actually 微風 and xn--42cgk1gc8crdb1htg3d which is actually มอไซค์มือสอง.<p>As a result of the encoding, the domain names look junky while perhaps they aren't.<p>[1]: <a href="https://en.wikipedia.org/wiki/Punycode" rel="nofollow">https://en.wikipedia.org/wiki/Punycode</a>
Awesome. Statistics are fun.<p>One little issue is that's assuming techniques like this aren't used to <i>generate</i> the domains, which is not only an obvious 'next step', but thanks to the 'weird' domains and the find-web-online-lol.info type results which look <i>incredibly</i> spammy, is probably already happening and has probably been happening for years (wouldn't surprise me with the amount of spam wielding Markov chain generators out there). That's definitely what I'd do if I was in the position of the VXer, if I was determined to use DNS at all.<p>Wonder if any of those are 'fast-flux'?