Some original threads:
Apparently modern IDS (Intrusion Detection System) platforms make a lot of assumptions about national origin of DNS records. Pretty-much any TLD (Top level Domain) from smaller countries is automatically treated as hostile.
E.g., any DNS query for a domain in Palau (pw) is automatically assumed to be malware.
If you google about the domain, the autosuggestions are wonderful.
Pretty safe bet. Ever intentionally visit a site from Palau?
I remember at RIT in the days before gmail. I forwarded each individual spam message I got at my rit.edu address to the RIT sysadmin to complain.
Once spam started getting bad, I set up rules to auto-block anything that came from an ip address in China or Russia, and that actually kept most of it at bay for years.
I used the spam filter that was built into Thunderbird, and it worked rather well at the time.
I frequent sites with the top level domain of the Federated States of Micronesia though I doubt that counts.