what if the attack comes from country A too? my understanding is they try to get botnets and residential proxies in large Western countries to avoid being filtered by IP range already.