Funny thing is we get an IDS alert like: "ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related". (Surricata IDS alert example), and read about country risk status on Zulu Zscaler scans for China, Russia, Ukraine, while the by far biggest malware spreading nation on earth, the U.S. of A., is never even mentioned. How about some biased risk rating?
polonus