# (o)DoH server list (DNS entries).
# See https://jpgpi250.github.io/piholemanual/doc/Block%20DOH%20with%20pfsense.pdf
#
# Last updated: 2024-04-18 16:07:52 (UTC)
# MD5 checksum file available.
#
# SID reservations: https://sidallocation.org/
# GitHub: https://github.com/sidallocation/sidallocation.org
#
# Report issues with this list at https://github.com/jpgpi250/piholemanual/issues
# Use SID Management to disable specific entries.
#
# Terms of Services (ToS)
# By using the datasets, you agree that:
#   The datasets can be used for both, commercial and non-commercial purpose without any limitations (CC0 - No Rights Reserved)
#   Data offered is served as it is on best effort
#   I (jpgpi250) can not be held liable for any false positive or damage caused by the use of the datasets offered.
#
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google"; dns.query; content:"dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-dns.com"; dns.query; content:"cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9.quad9.net"; dns.query; content:"dns9.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns10.quad9.net"; dns.query; content:"dns10.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cleanbrowsing.org"; dns.query; content:"doh.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnsoverhttps.net"; dns.query; content:"dns.dnsoverhttps.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.crypto.sx"; dns.query; content:"doh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.powerdns.org"; dns.query; content:"doh.powerdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 8, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-jp.blahdns.com"; dns.query; content:"doh-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 9, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-over-https.com"; dns.query; content:"dns.dns-over-https.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 10, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.securedns.eu"; dns.query; content:"doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 11, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rubyfish.cn"; dns.query; content:"dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnswarden.com"; dns.query; content:"doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.captnemo.in"; dns.query; content:"doh.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 14, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 15, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaflalo.me"; dns.query; content:"dns.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 16, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nyc.aaflalo.me"; dns.query; content:"dns-nyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 17, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.com"; dns.query; content:"dns.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 18, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.adguard.com"; dns.query; content:"dns-family.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 19, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alekberg.net"; dns.query; content:"dns.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 20, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.alekberg.net"; dns.query; content:"dns2.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 21, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse.alekberg.net"; dns.query; content:"dnsse.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 22, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alidns.com"; dns.query; content:"dns.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 23, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aa.net.uk"; dns.query; content:"dns.aa.net.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 24, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.42l.fr"; dns.query; content:"doh.42l.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 25, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohtrial.att.net"; dns.query; content:"dohtrial.att.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 26, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-fi.blahdns.com"; dns.query; content:"doh-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 27, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-de.blahdns.com"; dns.query; content:"doh-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 28, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-sg.blahdns.com"; dns.query; content:"doh-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 29, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brahma.world"; dns.query; content:"dns.brahma.world"; nocase; fast_pattern; classtype:bad-unknown; sid:27990030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 30, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.canadianshield.cira.ca"; dns.query; content:"private.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 31, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protected.canadianshield.cira.ca"; dns.query; content:"protected.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 32, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.canadianshield.cira.ca"; dns.query; content:"family.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 33, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.opendns.com"; dns.query; content:"doh.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 34, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.familyshield.opendns.com"; dns.query; content:"doh.familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 35, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family-filter-dns.cleanbrowsing.org"; dns.query; content:"family-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 36, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dns.cleanbrowsing.org"; dns.query; content:"adult-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 37, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security-filter-dns.cleanbrowsing.org"; dns.query; content:"security-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 38, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.one.one.one"; dns.query; content:"one.one.one.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 39, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mozilla.cloudflare-dns.com"; dns.query; content:"mozilla.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 40, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflare-dns.com"; dns.query; content:"1dot1dot1dot1.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 41, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.cloudflare-dns.com"; dns.query; content:"dns64.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 42, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflare-dns.com"; dns.query; content:"security.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 43, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflare-dns.com"; dns.query; content:"family.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 44, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xfinity.com"; dns.query; content:"doh.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 45, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.recursive.dnsbycomodo.com"; dns.query; content:"ns1.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 46, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.recursive.dnsbycomodo.com"; dns.query; content:"ns2.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 47, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for commons.host"; dns.query; content:"commons.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27990048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 48, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.containerpi.com"; dns.query; content:"dns.containerpi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 49, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdot.coxlab.net"; dns.query; content:"dohdot.coxlab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 50, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ipv6.crypto.sx"; dns.query; content:"doh-ipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 51, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitale-gesellschaft.ch"; dns.query; content:"dns.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 52, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.li"; dns.query; content:"doh.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 53, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dnscrypt.ca"; dns.query; content:"dns1.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 54, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dnscrypt.ca"; dns.query; content:"dns2.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 55, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforge.de"; dns.query; content:"dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 56, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnshome.de"; dns.query; content:"dns.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 57, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnslify.com"; dns.query; content:"doh.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 58, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.ns.dnslify.com"; dns.query; content:"a.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 59, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.ns.dnslify.com"; dns.query; content:"b.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 60, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.safe.ns.dnslify.com"; dns.query; content:"a.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 61, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.safe.ns.dnslify.com"; dns.query; content:"b.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 62, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.family.ns.dnslify.com"; dns.query; content:"a.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 63, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.family.ns.dnslify.com"; dns.query; content:"b.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 64, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.seby.io"; dns.query; content:"doh.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 65, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-2.seby.io"; dns.query; content:"doh-2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 66, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.sb"; dns.query; content:"doh.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.dyndnsinternetguide.com"; dns.query; content:"resolver1.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 68, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.dyndnsinternetguide.com"; dns.query; content:"resolver2.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 69, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ffmuc.net"; dns.query; content:"doh.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 70, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.applied-privacy.net"; dns.query; content:"doh.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com"; dns.query; content:"dns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 72, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com"; dns.query; content:"i.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 73, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wdns.233py.com"; dns.query; content:"wdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 74, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ndns.233py.com"; dns.query; content:"ndns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 75, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.233py.com"; dns.query; content:"sdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-a.google.com"; dns.query; content:"google-public-dns-a.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 77, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-b.google.com"; dns.query; content:"google-public-dns-b.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 78, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.dns.google"; dns.query; content:"dns64.dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 79, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostux.net"; dns.query; content:"dns.hostux.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 80, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibuki.cgnat.net"; dns.query; content:"ibuki.cgnat.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 81, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibksturm.synology.me"; dns.query; content:"ibksturm.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 82, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jcdns.fun"; dns.query; content:"jcdns.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 83, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.lelux.fi"; dns.query; content:"resolver-eu.lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 84, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.gr"; dns.query; content:"doh.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 85, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrkaran.dev"; dns.query; content:"dns.mrkaran.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 86, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nextdns.io"; dns.query; content:"dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 87, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.any.dns.nixnet.xyz"; dns.query; content:"uncensored.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 88, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.any.dns.nixnet.xyz"; dns.query; content:"adblock.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 89, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lv1.dns.nixnet.xyz"; dns.query; content:"uncensored.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 90, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lv1.dns.nixnet.xyz"; dns.query; content:"adblock.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 91, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.ny1.dns.nixnet.xyz"; dns.query; content:"uncensored.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 92, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.ny1.dns.nixnet.xyz"; dns.query; content:"adblock.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 93, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lux1.dns.nixnet.xyz"; dns.query; content:"uncensored.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 94, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lux1.dns.nixnet.xyz"; dns.query; content:"adblock.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 95, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.opendns.com"; dns.query; content:"resolver1.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 96, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.opendns.com"; dns.query; content:"resolver2.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 97, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1-fs.opendns.com"; dns.query; content:"resolver1-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 98, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2-fs.opendns.com"; dns.query; content:"resolver2-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 99, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.ipv6-sandbox.opendns.com"; dns.query; content:"resolver1.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 100, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.ipv6-sandbox.opendns.com"; dns.query; content:"resolver2.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 101, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oszx.co"; dns.query; content:"dns.oszx.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 102, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumplex.com"; dns.query; content:"dns.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 103, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.centraleu.pi-dns.com"; dns.query; content:"doh.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 104, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.northeu.pi-dns.com"; dns.query; content:"doh.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 105, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westus.pi-dns.com"; dns.query; content:"doh.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 106, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastus.pi-dns.com"; dns.query; content:"doh.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 107, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quad9.net"; dns.query; content:"dns.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 108, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns11.quad9.net"; dns.query; content:"dns11.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 109, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rpz-public-resolver1.rrdns.pch.net"; dns.query; content:"rpz-public-resolver1.rrdns.pch.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 110, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nosec.quad9.net"; dns.query; content:"dns-nosec.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 111, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twnic.tw"; dns.query; content:"dns.twnic.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 112, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v6.rubyfish.cn"; dns.query; content:"v6.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 113, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ea-dns.rubyfish.cn"; dns.query; content:"ea-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 114, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uw-dns.rubyfish.cn"; dns.query; content:"uw-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 115, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-doh.securedns.eu"; dns.query; content:"ads-doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 116, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.doh.dns.snopyta.org"; dns.query; content:"fi.doh.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 117, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.switch.ch"; dns.query; content:"dns.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 118, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiarap.org"; dns.query; content:"doh.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 119, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiar.app"; dns.query; content:"jp.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 120, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiarap.org"; dns.query; content:"jp.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 121, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.t53.de"; dns.query; content:"dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 122, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.appliedprivacy.net"; dns.query; content:"doh.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 123, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.dns.iij.jp"; dns.query; content:"public.dns.iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27990124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 124, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.gridns.xyz"; dns.query; content:"jp.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 125, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flatuslifir.is"; dns.query; content:"dns.flatuslifir.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 126, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odvr.nic.cz"; dns.query; content:"odvr.nic.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 127, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rumpelsepp.org"; dns.query; content:"rumpelsepp.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 128, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ordns.he.net"; dns.query; content:"ordns.he.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 129, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdns.faelix.net"; dns.query; content:"rdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 130, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfree.usableprivacy.net"; dns.query; content:"adfree.usableprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firefox.dns.nextdns.io"; dns.query; content:"firefox.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 132, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 133, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com"; dns.query; content:"doh.dns.apple.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com.a.bdydns.com"; dns.query; content:"i.233py.com.a.bdydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 135, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opencdn.jomodns.com"; dns.query; content:"opencdn.jomodns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 136, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com.cdn.cloudflare.net"; dns.query; content:"dns.233py.com.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 137, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edns.233py.com"; dns.query; content:"edns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 138, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-gcp.aaflalo.me"; dns.query; content:"dns-gcp.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 139, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abmb.win"; dns.query; content:"doh.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 140, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.abmb.win"; dns.query; content:"doh2.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 141, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-unfiltered.adguard.com"; dns.query; content:"dns-unfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 142, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard-dns.com"; dns.query; content:"dns.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 143, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.adguard-dns.com"; dns.query; content:"family.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 144, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.adguard-dns.com"; dns.query; content:"unfiltered.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 145, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nl.ahadns.net"; dns.query; content:"doh.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 146, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.in.ahadns.net"; dns.query; content:"doh.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 147, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.la.ahadns.net"; dns.query; content:"doh.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 148, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ny.ahadns.net"; dns.query; content:"doh.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 149, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pl.ahadns.net"; dns.query; content:"doh.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 150, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.it.ahadns.net"; dns.query; content:"doh.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 151, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.es.ahadns.net"; dns.query; content:"doh.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 152, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.no.ahadns.net"; dns.query; content:"doh.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 153, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.chi.ahadns.net"; dns.query; content:"doh.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 154, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.nl.ahadns.net"; dns.query; content:"dot.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 155, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.in.ahadns.net"; dns.query; content:"dot.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 156, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.la.ahadns.net"; dns.query; content:"dot.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 157, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ny.ahadns.net"; dns.query; content:"dot.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 158, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pl.ahadns.net"; dns.query; content:"dot.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 159, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.it.ahadns.net"; dns.query; content:"dot.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 160, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.es.ahadns.net"; dns.query; content:"dot.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 161, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.no.ahadns.net"; dns.query; content:"dot.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 162, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.chi.ahadns.net"; dns.query; content:"dot.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 163, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl.alekberg.net"; dns.query; content:"dnsnl.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 164, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.applied-privacy.net"; dns.query; content:"dot1.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 165, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.armadillodns.net"; dns.query; content:"doh.armadillodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 166, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.blahdns.com"; dns.query; content:"doh1.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 167, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 168, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.blahdns.com"; dns.query; content:"doh2.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 169, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 170, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-ch.blahdns.com"; dns.query; content:"dot-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 171, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ch.blahdns.com"; dns.query; content:"doh-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 172, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-fi.blahdns.com"; dns.query; content:"dot-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 173, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-de.blahdns.com"; dns.query; content:"dot-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 174, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-jp.blahdns.com"; dns.query; content:"dot-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 175, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-sg.blahdns.com"; dns.query; content:"dot-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 176, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bortzmeyer.fr"; dns.query; content:"doh.bortzmeyer.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 177, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.bravedns.com"; dns.query; content:"free.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 178, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bravedns.com"; dns.query; content:"bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 179, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for canadianshield.cira.ca"; dns.query; content:"canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 180, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudflare.com"; dns.query; content:"dns.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 181, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-gateway.com"; dns.query; content:"cloudflare-gateway.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 182, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cmrg.net"; dns.query; content:"dns.cmrg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 183, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jit.ddns.net"; dns.query; content:"jit.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 184, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decloudus.com"; dns.query; content:"dns.decloudus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 185, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.defaultroutes.de"; dns.query; content:"doh.defaultroutes.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 186, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.developer.li"; dns.query; content:"dns.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 187, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.developer.li"; dns.query; content:"dns2.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 188, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.digitale-gesellschaft.ch"; dns.query; content:"dns1.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 189, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.digitale-gesellschaft.ch"; dns.query; content:"dns2.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 190, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.disconnect.app"; dns.query; content:"doh.disconnect.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 191, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-a.dns.sb"; dns.query; content:"public-dns-a.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 192, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-b.dns.sb"; dns.query; content:"public-dns-b.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 193, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ffmuc.net"; dns.query; content:"dot.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 194, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.faelix.net"; dns.query; content:"pdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 195, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google.com"; dns.query; content:"dns.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 196, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.hdns.io"; dns.query; content:"query.hdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 197, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.i2pd.xyz"; dns.query; content:"opennic.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 198, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dns.lavate.ch"; dns.query; content:"us1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 199, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu1.dns.lavate.ch"; dns.query; content:"eu1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 200, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.org"; dns.query; content:"doh.libredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 201, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr.com"; dns.query; content:"dot.libredns.gr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 202, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr"; dns.query; content:"dot.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 203, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.mydns.network"; dns.query; content:"adblock.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 204, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neutopia.org"; dns.query; content:"dns.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 205, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nextdns.io"; dns.query; content:"dns1.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 206, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nextdns.io"; dns.query; content:"dns2.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 207, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 208, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 209, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 210, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.njal.la"; dns.query; content:"dns.njal.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27990211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 211, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sandbox.opendns.com"; dns.query; content:"doh.sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 212, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.passcloud.xyz"; dns.query; content:"a.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 213, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.passcloud.xyz"; dns.query; content:"i.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 214, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.post-factum.tk"; dns.query; content:"doh.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 215, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns12.quad9.net"; dns.query; content:"dns12.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 216, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns13.quad9.net"; dns.query; content:"dns13.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 217, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryan-palmer.com"; dns.query; content:"dns1.ryan-palmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 218, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.seby.io"; dns.query; content:"dot.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 219, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls.sinodun.com"; dns.query; content:"dnsovertls.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 220, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls1.sinodun.com"; dns.query; content:"dnsovertls1.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 221, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls2.sinodun.com"; dns.query; content:"dnsovertls2.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 222, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls3.sinodun.com"; dns.query; content:"dnsovertls3.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 223, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.dot.dns.snopyta.org"; dns.query; content:"fi.dot.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 224, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.therifleman.name"; dns.query; content:"dns.therifleman.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 225, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tiar.app"; dns.query; content:"dot.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 226, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wugui.zone"; dns.query; content:"dns.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 227, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-asia.wugui.zone"; dns.query; content:"dns-asia.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 228, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gslb2.xfinity.com"; dns.query; content:"doh.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 229, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns1.dismail.de"; dns.query; content:"fdns1.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 230, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns2.dismail.de"; dns.query; content:"fdns2.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 231, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.dk"; dns.query; content:"anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 232, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.dk"; dns.query; content:"deic-lgb.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 233, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.dk"; dns.query; content:"deic-ore.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 234, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.dk"; dns.query; content:"kracon.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 235, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.dk"; dns.query; content:"rgnet-iad.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 236, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.dk"; dns.query; content:"unicast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 237, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.org"; dns.query; content:"anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 238, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.org"; dns.query; content:"deic-lgb.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 239, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.uncensoreddns.org"; dns.query; content:"deic-ore.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 240, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.org"; dns.query; content:"kracon.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 241, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.org"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 242, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.org"; dns.query; content:"unicast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 243, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comss.one"; dns.query; content:"dns.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 244, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.east.comss.one"; dns.query; content:"dns.east.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 245, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh.dnsforfamily.com"; dns.query; content:"dns-doh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 246, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-dot.dnsforfamily.com"; dns.query; content:"dns-dot.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 247, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.dnscepat.id"; dns.query; content:"asia.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 248, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eropa.dnscepat.id"; dns.query; content:"eropa.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 249, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.360.cn"; dns.query; content:"doh.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 250, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.360.cn"; dns.query; content:"dot.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 251, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pub"; dns.query; content:"doh.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 252, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pub"; dns.query; content:"dns.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 253, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pub"; dns.query; content:"dot.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 254, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaitain.restena.lu"; dns.query; content:"kaitain.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 255, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for getdnsapi.net"; dns.query; content:"getdnsapi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 256, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.bitwiseshift.net"; dns.query; content:"dns-tls.bitwiseshift.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 257, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dnsprivacy.at"; dns.query; content:"ns1.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 258, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.dnsprivacy.at"; dns.query; content:"ns2.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 259, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacydns.go6lab.si"; dns.query; content:"privacydns.go6lab.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27990260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 260, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsotls.lab.nic.cl"; dns.query; content:"dnsotls.lab.nic.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 261, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls-dns-u.odvr.dns-oarc.net"; dns.query; content:"tls-dns-u.odvr.dns-oarc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 262, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.centraleu.pi-dns.com"; dns.query; content:"dot.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 263, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.northeu.pi-dns.com"; dns.query; content:"dot.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 264, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.westus.pi-dns.com"; dns.query; content:"dot.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 265, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastus.pi-dns.com"; dns.query; content:"dot.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 266, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastau.pi-dns.com"; dns.query; content:"doh.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 267, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastau.pi-dns.com"; dns.query; content:"dot.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 268, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastas.pi-dns.com"; dns.query; content:"doh.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 269, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastas.pi-dns.com"; dns.query; content:"dot.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 270, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.bravedns.com"; dns.query; content:"basic.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 271, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedns.controld.com"; dns.query; content:"freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 272, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p0.freedns.controld.com"; dns.query; content:"p0.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 273, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p1.freedns.controld.com"; dns.query; content:"p1.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 274, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p2.freedns.controld.com"; dns.query; content:"p2.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 275, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p3.freedns.controld.com"; dns.query; content:"p3.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 276, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.freedns.controld.com"; dns.query; content:"family.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 277, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.freedns.controld.com"; dns.query; content:"uncensored.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 278, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mullvad.net"; dns.query; content:"doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 279, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.doh.mullvad.net"; dns.query; content:"adblock.doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 280, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chrome.cloudflare-dns.com"; dns.query; content:"chrome.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 281, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xfinity.com"; dns.query; content:"dot.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 282, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.cox.net"; dns.query; content:"dot.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 283, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cox.net"; dns.query; content:"doh.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 284, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sb"; dns.query; content:"dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 285, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 8888.google"; dns.query; content:"8888.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 286, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chromium.dns.nextdns.io"; dns.query; content:"chromium.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 287, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.quickline.ch"; dns.query; content:"doh.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 288, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-02.spectrum.com"; dns.query; content:"doh-02.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 289, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-01.spectrum.com"; dns.query; content:"doh-01.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 290, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.icloud.com"; dns.query; content:"mask.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-h2.icloud.com"; dns.query; content:"mask-h2.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 292, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dandelionsprout.asuscomm.com"; dns.query; content:"dandelionsprout.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 293, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.rethinkdns.com"; dns.query; content:"basic.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 294, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for max.rethinkdns.com"; dns.query; content:"max.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 295, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.dns.nextdns.io"; dns.query; content:"anycast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 296, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.gandi.net"; dns.query; content:"dns.api.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 297, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.globus.org"; dns.query; content:"dns.api.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 298, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.integration.globuscs.info"; dns.query; content:"dns.api.integration.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.preview.globus.org"; dns.query; content:"dns.api.preview.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.rackspacecloud.com"; dns.query; content:"dns.api.rackspacecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 301, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.sandbox.globuscs.info"; dns.query; content:"dns.api.sandbox.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 302, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.staging.globuscs.info"; dns.query; content:"dns.api.staging.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.test.globuscs.info"; dns.query; content:"dns.api.test.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.beta.gandi.net"; dns.query; content:"dns.beta.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 305, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudfiction.eu"; dns.query; content:"dns.cloudfiction.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 306, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.islandnet.com"; dns.query; content:"dns.islandnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 308, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.onp.cloud"; dns.query; content:"dns.onp.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 309, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuna.tsinghua.edu.cn"; dns.query; content:"dns.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 313, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.dnswarden.com"; dns.query; content:"doh1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.dnswarden.com"; dns.query; content:"doh2.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 315, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.netweaver.uk"; dns.query; content:"doh.netweaver.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 316, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.com"; dns.query; content:"doh.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 317, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1001.cloudflare-dns.com"; dns.query; content:"1001.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 318, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1111.cloudflare-dns.com"; dns.query; content:"1111.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 319, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.cloudflare-dns.com"; dns.query; content:"azure.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opera.cloudflare-dns.com"; dns.query; content:"opera.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.cloudflare-dns.com"; dns.query; content:"tor.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trr.dns.nextdns.io"; dns.query; content:"trr.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 323, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blahdns.com"; dns.query; content:"doh.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 324, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.abd.ong"; dns.query; content:"adguard.abd.ong"; nocase; fast_pattern; classtype:bad-unknown; sid:27990325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 325, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abraservice.xyz"; dns.query; content:"doh.abraservice.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 326, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for per.adfilter.net"; dns.query; content:"per.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 327, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.adfilter.net"; dns.query; content:"syd.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 328, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfreedns.top"; dns.query; content:"adfreedns.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 329, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adrianlam.com"; dns.query; content:"dns.adrianlam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 330, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz.ahadns.com"; dns.query; content:"blitz.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 331, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alleesph.online"; dns.query; content:"alleesph.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 332, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andrewnw.xyz"; dns.query; content:"dns.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 333, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.anudeep.me"; dns.query; content:"secure.anudeep.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 334, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hypercute.eu"; dns.query; content:"dns.hypercute.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 335, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.artikel10.org"; dns.query; content:"dns.artikel10.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 336, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asterimoon.com"; dns.query; content:"dns.asterimoon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 337, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.avastdns.com"; dns.query; content:"secure.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 338, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awan.ftp.sh"; dns.query; content:"awan.ftp.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 339, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.aws.ketan.dev"; dns.query; content:"pihole.aws.ketan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 340, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.a47.me"; dns.query; content:"dns.a47.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 341, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.baishiyuan.cn"; dns.query; content:"dns.baishiyuan.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 342, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitdefender.net"; dns.query; content:"dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 343, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitservices.io"; dns.query; content:"dns.bitservices.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 344, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blaze-sk.ru"; dns.query; content:"dns.blaze-sk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 345, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blokada.org"; dns.query; content:"dns.blokada.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 346, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bonis.de"; dns.query; content:"adguard.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 347, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stratus.bugz.fr"; dns.query; content:"stratus.bugz.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 348, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.caksono.com"; dns.query; content:"dns.caksono.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 349, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.aaaab3n.moe"; dns.query; content:"doh.aaaab3n.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 350, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for console.carestyle.org"; dns.query; content:"console.carestyle.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 351, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carson-family.com"; dns.query; content:"dns.carson-family.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 352, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carter.me"; dns.query; content:"dns.carter.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 353, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catdns.org"; dns.query; content:"catdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 354, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chadeyron.fr"; dns.query; content:"dns.chadeyron.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 355, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chenu.ch"; dns.query; content:"dns.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 356, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.circl.lu"; dns.query; content:"dns.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 357, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloud88.com.au"; dns.query; content:"dns.cloud88.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27990358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 358, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for voyage-s01.cloudku.technology"; dns.query; content:"voyage-s01.cloudku.technology"; nocase; fast_pattern; classtype:bad-unknown; sid:27990359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 359, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cnetwork.cloud"; dns.query; content:"doh.cnetwork.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 360, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cubedns.com"; dns.query; content:"cubedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 361, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cynthialabs.net"; dns.query; content:"dns.cynthialabs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 362, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daemon.za.net"; dns.query; content:"dns.daemon.za.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 363, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.00dani.me"; dns.query; content:"ns.00dani.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 364, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.data.haus"; dns.query; content:"ns.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27990365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 365, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dekedin.me"; dns.query; content:"dns.dekedin.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 366, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dev-umbrellagov.com"; dns.query; content:"dns.dev-umbrellagov.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 367, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-free.link"; dns.query; content:"dns-free.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 368, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns-ga.de"; dns.query; content:"doh.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 369, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalsize.net"; dns.query; content:"dns.digitalsize.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 370, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.expert"; dns.query; content:"dns.expert"; nocase; fast_pattern; classtype:bad-unknown; sid:27990371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 371, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sb"; dns.query; content:"doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 372, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open.dns0.eu"; dns.query; content:"open.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 373, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.eu"; dns.query; content:"dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 374, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zero.dns0.eu"; dns.query; content:"zero.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 375, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.dns0.eu"; dns.query; content:"kids.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 376, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns4all.eu"; dns.query; content:"doh.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 377, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abe01.dnscry.pt"; dns.query; content:"abe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 378, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ams01.dnscry.pt"; dns.query; content:"ams01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 379, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ord01.dnscry.pt"; dns.query; content:"ord01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 380, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for coe01.dnscry.pt"; dns.query; content:"coe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 381, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt01.dnscry.pt"; dns.query; content:"cvt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 382, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdu01.dnscry.pt"; dns.query; content:"rdu01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 383, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra01.dnscry.pt"; dns.query; content:"fra01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 384, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fjr01.dnscry.pt"; dns.query; content:"fjr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 385, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for llk01.dnscry.pt"; dns.query; content:"llk01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 386, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon01.dnscry.pt"; dns.query; content:"lon01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 387, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax01.dnscry.pt"; dns.query; content:"lax01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 388, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia01.dnscry.pt"; dns.query; content:"mia01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 389, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc01.dnscry.pt"; dns.query; content:"muc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 390, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nyc01.dnscry.pt"; dns.query; content:"nyc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phl01.dnscry.pt"; dns.query; content:"phl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 392, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phx01.dnscry.pt"; dns.query; content:"phx01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 393, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for slc01.dnscry.pt"; dns.query; content:"slc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 394, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trf01.dnscry.pt"; dns.query; content:"trf01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 395, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin01.dnscry.pt"; dns.query; content:"sin01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 396, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sof01.dnscry.pt"; dns.query; content:"sof01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 397, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geg01.dnscry.pt"; dns.query; content:"geg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 398, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sto01.dnscry.pt"; dns.query; content:"sto01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 399, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tll01.dnscry.pt"; dns.query; content:"tll01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 400, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tpa01.dnscry.pt"; dns.query; content:"tpa01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 401, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waw02.dnscry.pt"; dns.query; content:"waw02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 402, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clean.dnsforge.de"; dns.query; content:"clean.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 403, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnslow.me"; dns.query; content:"dnslow.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 404, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 405, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnswebvsn.com"; dns.query; content:"dnswebvsn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 406, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doh.best"; dns.query; content:"dns.doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27990407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 407, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xyz"; dns.query; content:"doh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 408, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3dns.eu"; dns.query; content:"3dns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 409, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dotnet.win"; dns.query; content:"dns.dotnet.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 410, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dukun.de"; dns.query; content:"dukun.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 411, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.apad.pro"; dns.query; content:"doh.apad.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 412, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgy-dns.com"; dns.query; content:"edgy-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 413, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.henek.ovh"; dns.query; content:"dns.henek.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 414, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emiliyan.com"; dns.query; content:"dns.emiliyan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 415, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esnube.es"; dns.query; content:"dns.esnube.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 416, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.extrawdw.net"; dns.query; content:"dns.extrawdw.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 417, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ezyss.id"; dns.query; content:"dns.ezyss.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 418, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.net"; dns.query; content:"dnsvps.familiamv.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 419, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fancyorg.at"; dns.query; content:"dns.fancyorg.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 420, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns0.fdn.fr"; dns.query; content:"ns0.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 421, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.fdn.fr"; dns.query; content:"ns1.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 422, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.flm9.net"; dns.query; content:"dns01.flm9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 423, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.froth.zone"; dns.query; content:"dns.froth.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 424, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fullaccesstointernet.jp.eu.org"; dns.query; content:"dns.fullaccesstointernet.jp.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 425, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gamban.com"; dns.query; content:"dns.gamban.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 426, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freyja.pw"; dns.query; content:"dns.freyja.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 427, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.guard.io"; dns.query; content:"dns.guard.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 428, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.guidocioni.it"; dns.query; content:"dns2.guidocioni.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 429, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-0.gac.edu"; dns.query; content:"cluster-0.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 430, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-1.gac.edu"; dns.query; content:"cluster-1.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 431, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hanniel.tech"; dns.query; content:"hanniel.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 432, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.horcrux.vip"; dns.query; content:"dns.horcrux.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27990433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 433, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.hostme.co.il"; dns.query; content:"ag.hostme.co.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27990434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 434, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doth.huque.com"; dns.query; content:"doth.huque.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 435, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ian.rocks"; dns.query; content:"dns.ian.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27990436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 436, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ikarosalpha.xyz"; dns.query; content:"ikarosalpha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 437, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iki.my.id"; dns.query; content:"dns.iki.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 438, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.immanuelschaffer.de"; dns.query; content:"dns.immanuelschaffer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 439, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.in-berlin.de"; dns.query; content:"dns1.in-berlin.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 440, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.indianets.net"; dns.query; content:"adblock.indianets.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 441, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indybanipal.com"; dns.query; content:"dns.indybanipal.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 442, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlf-doh.inria.fr"; dns.query; content:"qlf-doh.inria.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 443, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aqua.is.my.waifu.cz"; dns.query; content:"aqua.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 444, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diy.itsa.top"; dns.query; content:"diy.itsa.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 445, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jackyes.ovh"; dns.query; content:"jackyes.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 446, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.janl.eu"; dns.query; content:"dns.janl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 447, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hahnjo.de"; dns.query; content:"dns.hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 448, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.justincounts.com"; dns.query; content:"ad.justincounts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 449, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karfamily.net"; dns.query; content:"dns.karfamily.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 450, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keke125.com"; dns.query; content:"dns.keke125.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 451, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kerekes.xyz"; dns.query; content:"dns.kerekes.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 452, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kernel-error.de"; dns.query; content:"dns.kernel-error.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 453, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.avdkishore.dev"; dns.query; content:"adguard.avdkishore.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 454, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.koala.us.to"; dns.query; content:"dns.koala.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27990455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 455, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kooman.org"; dns.query; content:"doh.kooman.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 456, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.konikoni428.com"; dns.query; content:"adguard.konikoni428.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 457, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xray.krnl.eu"; dns.query; content:"xray.krnl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 458, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kugoapps.com"; dns.query; content:"dns.kugoapps.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 459, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kukal.cz"; dns.query; content:"dns.kukal.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 460, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.labnekotest.site"; dns.query; content:"dns.labnekotest.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 461, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lacontrevoie.fr"; dns.query; content:"doh.lacontrevoie.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 462, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.levonet.sk"; dns.query; content:"dns.levonet.sk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 463, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lindung.pp.ua"; dns.query; content:"lindung.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 464, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lobbygod.com"; dns.query; content:"dns.lobbygod.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 465, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.londonwebnerd.cloud"; dns.query; content:"adguard.londonwebnerd.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 466, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns1.lonet.org"; dns.query; content:"doh.phdns1.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 467, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns2.lonet.org"; dns.query; content:"doh.phdns2.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 468, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns4.lonet.org"; dns.query; content:"doh.phdns4.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 469, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns5.lonet.org"; dns.query; content:"doh.phdns5.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 470, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mandre.dev"; dns.query; content:"dns.mandre.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 471, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.marschi.de"; dns.query; content:"ag.marschi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 472, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.maskab.com"; dns.query; content:"doh.maskab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 473, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 474, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.doubleangels.com"; dns.query; content:"family.dns.doubleangels.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 475, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.meddy94.de"; dns.query; content:"adguard.meddy94.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 476, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testguard.meexx.de"; dns.query; content:"testguard.meexx.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 477, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for snoke.meganerd.nl"; dns.query; content:"snoke.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 478, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.mtsoln.com"; dns.query; content:"ns.mtsoln.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 479, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mihanentalpo.me"; dns.query; content:"dns.mihanentalpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 480, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nue2.moderateinfra.net"; dns.query; content:"nue2.moderateinfra.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 481, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps1.modr.club"; dns.query; content:"ps1.modr.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27990482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 482, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mullvad.net"; dns.query; content:"dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 483, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.dns.mullvad.net"; dns.query; content:"adblock.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 484, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for base.dns.mullvad.net"; dns.query; content:"base.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 485, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for extended.dns.mullvad.net"; dns.query; content:"extended.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 486, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for all.dns.mullvad.net"; dns.query; content:"all.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 487, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.mullvad.net"; dns.query; content:"family.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 488, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedom.mydns.network"; dns.query; content:"freedom.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 489, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paranoia.mydns.network"; dns.query; content:"paranoia.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 490, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.mydns.network"; dns.query; content:"family.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 491, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.narl.app"; dns.query; content:"dns.narl.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 492, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neilzone.co.uk"; dns.query; content:"dns.neilzone.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 493, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nenam.eu"; dns.query; content:"nenam.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 494, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luigi.nexific.it"; dns.query; content:"doh.luigi.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 495, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lv"; dns.query; content:"doh.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 496, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nic.lv"; dns.query; content:"doh.nic.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 497, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nielsdb.be"; dns.query; content:"dns1.nielsdb.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 498, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.niyawe.de"; dns.query; content:"doh.niyawe.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 499, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.noaddns.com"; dns.query; content:"resolver.noaddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 500, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi1.node15.com"; dns.query; content:"pi1.node15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 501, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nordvpn.com"; dns.query; content:"dns1.nordvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 502, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nordvpn.com"; dns.query; content:"dns2.nordvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 503, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-malwaresec.nordthreatprotection.com"; dns.query; content:"dns-malwaresec.nordthreatprotection.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 504, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-cybersec.nordthreatprotection.com"; dns.query; content:"dns-cybersec.nordthreatprotection.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 505, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.dns.noridev.moe"; dns.query; content:"1.dns.noridev.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 506, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npsolution.it"; dns.query; content:"dns.npsolution.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 507, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ofdoom.net"; dns.query; content:"dns.ofdoom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 508, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oliviertv.co.za"; dns.query; content:"dns.oliviertv.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 509, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ada.openbld.net"; dns.query; content:"ada.openbld.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 510, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ric.openbld.net"; dns.query; content:"ric.openbld.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 511, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fwgw.orangepipc.mywire.org"; dns.query; content:"fwgw.orangepipc.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 512, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paesa.es"; dns.query; content:"dns.paesa.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 513, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ovh.panszelescik.pl"; dns.query; content:"dns-ovh.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 514, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gcp.pathofgrace.com"; dns.query; content:"doh.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 515, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paulo.nom.za"; dns.query; content:"paulo.nom.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 516, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pccoach.nl"; dns.query; content:"dns.pccoach.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 517, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darya.persiannit.net"; dns.query; content:"darya.persiannit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 518, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pesaventofilippo.com"; dns.query; content:"dns.pesaventofilippo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 519, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phillipjberry.net"; dns.query; content:"dns.phillipjberry.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 520, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.pietjacobs.be"; dns.query; content:"dns1.pietjacobs.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 521, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pnh.my.id"; dns.query; content:"dns.pnh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 522, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pooblet.co.za"; dns.query; content:"pooblet.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 523, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pragmasec.nl"; dns.query; content:"dns.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 524, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.prima-solusindo.com"; dns.query; content:"dns2.prima-solusindo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 525, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-privacy.puregeni.us"; dns.query; content:"dns-privacy.puregeni.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27990526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 526, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.qquack.org"; dns.query; content:"ns1.qquack.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 527, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostdare.qtxd.net"; dns.query; content:"hostdare.qtxd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 528, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.quydang.name.vn"; dns.query; content:"adguard.quydang.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 529, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ral9005.org"; dns.query; content:"ns.ral9005.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 530, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.repinger.my.id"; dns.query; content:"dns.repinger.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 531, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnspub.restena.lu"; dns.query; content:"dnspub.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 532, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.retakecs.com"; dns.query; content:"dns.retakecs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 533, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sky.rethinkdns.com"; dns.query; content:"sky.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 534, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rezhajul.io"; dns.query; content:"doh.rezhajul.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 535, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rin.sh"; dns.query; content:"dns.rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 536, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rootlab.top"; dns.query; content:"dns.rootlab.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 537, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rotunneling.net"; dns.query; content:"dns.rotunneling.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 538, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.rslvr.eu"; dns.query; content:"us.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 539, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.rslvr.eu"; dns.query; content:"nl.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 540, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.rslvr.eu"; dns.query; content:"jp.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 541, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.rslvr.eu"; dns.query; content:"hk.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 542, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.rslvr.eu"; dns.query; content:"sg.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 543, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.rslvr.eu"; dns.query; content:"au.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 544, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ruby.ci"; dns.query; content:"adguard.ruby.ci"; nocase; fast_pattern; classtype:bad-unknown; sid:27990545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 545, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rueiliu.space"; dns.query; content:"adg.rueiliu.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 546, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.runsel.id"; dns.query; content:"doh.runsel.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 547, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drs.rustsword.com"; dns.query; content:"drs.rustsword.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 548, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.safesurfer.io"; dns.query; content:"doh.safesurfer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 549, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.saferbfc.org"; dns.query; content:"dns1.saferbfc.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 550, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safeservedns.com"; dns.query; content:"safeservedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 551, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarilouis.com"; dns.query; content:"dns.sarilouis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 552, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.sc-lezhi.com"; dns.query; content:"ns1.sc-lezhi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 553, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schlagheck.berlin"; dns.query; content:"dns.schlagheck.berlin"; nocase; fast_pattern; classtype:bad-unknown; sid:27990554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 554, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sealyserver.com"; dns.query; content:"adguard.sealyserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 555, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.serdcebolit.ru"; dns.query; content:"dns.serdcebolit.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 556, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sheggi.ch"; dns.query; content:"dns.sheggi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 557, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shoupperuser.com"; dns.query; content:"adguard.shoupperuser.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 558, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shutgaming.net"; dns.query; content:"adguard.shutgaming.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 559, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silen.org"; dns.query; content:"dns.silen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 560, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silentlybren.com"; dns.query; content:"dns.silentlybren.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 561, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.eu"; dns.query; content:"dns.skrep.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 562, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.slinkyman.net"; dns.query; content:"dns.slinkyman.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 563, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smartguard.io"; dns.query; content:"dns.smartguard.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 564, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacedns.org"; dns.query; content:"spacedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 565, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spirio.fr"; dns.query; content:"dns.spirio.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 566, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sscw.win"; dns.query; content:"adguard.sscw.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 567, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.strassmair.org"; dns.query; content:"dns.strassmair.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 568, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sukidayo.eu.org"; dns.query; content:"sukidayo.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 569, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sundalandia.pp.ua"; dns.query; content:"sundalandia.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 570, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.sunet.se"; dns.query; content:"resolver.sunet.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27990571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 571, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sunnygyl.com"; dns.query; content:"sunnygyl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 572, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.superstefan.win"; dns.query; content:"dns.superstefan.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 573, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.svoi.dev"; dns.query; content:"dns.svoi.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 574, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.syshero.org"; dns.query; content:"doh.syshero.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 575, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.technicule.info"; dns.query; content:"vpn.technicule.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 576, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.telekom.de"; dns.query; content:"dns.telekom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 577, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thebuckners.org"; dns.query; content:"dns.thebuckners.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 578, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thegoodsource.net"; dns.query; content:"dns.thegoodsource.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 579, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tigrons.ru"; dns.query; content:"tigrons.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 580, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tls-data.de"; dns.query; content:"dns.tls-data.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 581, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for truta.org"; dns.query; content:"truta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 582, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tryk.app"; dns.query; content:"dns.tryk.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 583, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.txq.life"; dns.query; content:"dns.txq.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27990584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 584, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.unstoppable.io"; dns.query; content:"resolver.unstoppable.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 585, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unx.io"; dns.query; content:"dns.unx.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 586, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.valscosmos.com"; dns.query; content:"doh.valscosmos.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 587, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virga.pp.ua"; dns.query; content:"virga.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 588, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vtcuong.site"; dns.query; content:"vtcuong.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 589, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wahr.top"; dns.query; content:"dns.wahr.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 590, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wang.art"; dns.query; content:"dns.wang.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27990591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 591, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warma.me"; dns.query; content:"dns.warma.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 592, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ca.naftalie.net"; dns.query; content:"doh-ca.naftalie.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 593, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wikimedia-dns.org"; dns.query; content:"wikimedia-dns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 594, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xwdmw.xyz"; dns.query; content:"dns.xwdmw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 595, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yarp.lefolgoc.net"; dns.query; content:"yarp.lefolgoc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 596, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yatima.tv"; dns.query; content:"dns.yatima.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 597, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.zburger.top"; dns.query; content:"www.zburger.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 598, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.zpn.me"; dns.query; content:"a.zpn.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 599, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0x55.net"; dns.query; content:"dns.0x55.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 600, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4-the.win"; dns.query; content:"dns.4-the.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 601, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisidns.4ch.my.id"; dns.query; content:"polisidns.4ch.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 602, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.52306.org"; dns.query; content:"dns.52306.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 603, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.9999.sg"; dns.query; content:"dns.9999.sg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 604, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9dns.com"; dns.query; content:"helios.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 605, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohipv6.crypto.sx"; dns.query; content:"dohipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 606, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflaredns.com"; dns.query; content:"security.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 607, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbydoh.limotelu.org"; dns.query; content:"sbydoh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 608, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnlnoads.alekberg.net"; dns.query; content:"dnsnlnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 609, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for common.dot.dns.yandex.net"; dns.query; content:"common.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 610, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflaredns.com"; dns.query; content:"family.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 611, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssenoads.alekberg.net"; dns.query; content:"dnssenoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 612, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dot.dns.yandex.net"; dns.query; content:"family.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 613, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.dnsforfamily.com"; dns.query; content:"dnsdoh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 614, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9dns.com"; dns.query; content:"pluton.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 615, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflaredns.com"; dns.query; content:"1dot1dot1dot1.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 616, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.dot.dns.yandex.net"; dns.query; content:"safe.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 617, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdohnosafesearch.dnsforfamily.com"; dns.query; content:"dnsdohnosafesearch.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 618, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalegesellschaft.ch"; dns.query; content:"dns.digitalegesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 619, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bebasid.com"; dns.query; content:"dns.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 620, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl.adfilter.net"; dns.query; content:"adl.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 621, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryanpalmer.com"; dns.query; content:"dns1.ryanpalmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 622, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wikimediadns.org"; dns.query; content:"wikimediadns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 623, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.tirapan.top"; dns.query; content:"www.tirapan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 624, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsunfiltered.adguard.com"; dns.query; content:"dnsunfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 625, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfamily.adguard.com"; dns.query; content:"dnsfamily.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 626, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9dns.com"; dns.query; content:"kronos.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 627, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ibr.cs.tu-bs.de"; dns.query; content:"doh.ibr.cs.tu-bs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 628, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eieidns.com"; dns.query; content:"doh.eieidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 629, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.de.blahdns.com"; dns.query; content:"doh.de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 630, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bugdns.com"; dns.query; content:"doh.bugdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 631, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datt.pw"; dns.query; content:"doh.datt.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 632, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ntu.ssooss.win"; dns.query; content:"doh.ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 633, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.qis.io"; dns.query; content:"doh.qis.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 634, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.teradns.org"; dns.query; content:"de.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 635, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qual.cuprum.ru"; dns.query; content:"qual.cuprum.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 636, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk01.dns4me.net"; dns.query; content:"uk01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 637, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for minilla.store"; dns.query; content:"minilla.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27990638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 638, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mathewakhil.online"; dns.query; content:"dns.mathewakhil.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 639, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr-sel.doh.sb"; dns.query; content:"kr-sel.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 640, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gclouddns.com"; dns.query; content:"gclouddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 641, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yovbak.com"; dns.query; content:"yovbak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 642, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ginovs.nl"; dns.query; content:"dns.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 643, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mad01.dnscry.pt"; dns.query; content:"mad01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 644, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.swin.pro"; dns.query; content:"dns.swin.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 645, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsc.torgues.net"; dns.query; content:"nsc.torgues.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 646, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for inde.ragnvindr.org"; dns.query; content:"inde.ragnvindr.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 647, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msr177.com"; dns.query; content:"msr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 648, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blog.kimiblock.top"; dns.query; content:"blog.kimiblock.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 649, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.beauty"; dns.query; content:"doh.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27990650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 650, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uplenk.com"; dns.query; content:"dns.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 651, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comeonjames.club"; dns.query; content:"dns.comeonjames.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27990652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 652, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungdnsne.duckdns.org"; dns.query; content:"tungdnsne.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 653, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.198.games"; dns.query; content:"cloud.198.games"; nocase; fast_pattern; classtype:bad-unknown; sid:27990654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 654, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.onedns.cc"; dns.query; content:"secure.onedns.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 655, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cynntex.fun"; dns.query; content:"cynntex.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 656, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haoxuan.xyz"; dns.query; content:"dns.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 657, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.icloud.com"; dns.query; content:"mask-api.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 658, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tesem.dog"; dns.query; content:"dns.tesem.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27990659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 659, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azsopro.net"; dns.query; content:"dns.azsopro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 660, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aerro.in"; dns.query; content:"dns.aerro.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 661, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.imbuffering.com"; dns.query; content:"noads.imbuffering.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 662, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.technochat.in"; dns.query; content:"doh.technochat.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 663, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.888654.xyz"; dns.query; content:"dns.888654.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 664, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.dev"; dns.query; content:"shalenkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 665, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novali.date"; dns.query; content:"dns.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27990666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 666, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mow.doh.sb"; dns.query; content:"ru-mow.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 667, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for naw01.dnscry.pt"; dns.query; content:"naw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 668, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4me.net"; dns.query; content:"dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 669, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datahata.by"; dns.query; content:"doh.datahata.by"; nocase; fast_pattern; classtype:bad-unknown; sid:27990670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 670, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluemood.me"; dns.query; content:"bluemood.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 671, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-push.heytapmobile.com"; dns.query; content:"httpdns-push.heytapmobile.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 672, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.abstergo.it"; dns.query; content:"block.abstergo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 673, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ef67daisuki.club"; dns.query; content:"adguard.ef67daisuki.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27990674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 674, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for your-dns.run"; dns.query; content:"your-dns.run"; nocase; fast_pattern; classtype:bad-unknown; sid:27990675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 675, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.itxe.net"; dns.query; content:"pdns.itxe.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 676, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shuting.idv.tw"; dns.query; content:"adguard.shuting.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 677, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fly.io"; dns.query; content:"fly.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 678, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.internal.hosmatic.com"; dns.query; content:"dns.internal.hosmatic.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 679, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securenet.mhsystems.net"; dns.query; content:"securenet.mhsystems.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 680, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.k3nny.fr"; dns.query; content:"dns.k3nny.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 681, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ender.fr"; dns.query; content:"adguard.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 682, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lars-lehmann.net"; dns.query; content:"dns.lars-lehmann.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 683, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.azoris.ovh"; dns.query; content:"doh.azoris.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 684, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.syaifullah.com"; dns.query; content:"dns.syaifullah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 685, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chocolatezz.xyz"; dns.query; content:"dns.chocolatezz.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 686, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quic.lol"; dns.query; content:"quic.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27990687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 687, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.occ.top"; dns.query; content:"dot.occ.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 688, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mzrme.cn"; dns.query; content:"dns.mzrme.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 689, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wantaquddin.com"; dns.query; content:"wantaquddin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 690, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muxinghe.cn"; dns.query; content:"dns.muxinghe.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 691, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.weixin.qq.com.cn"; dns.query; content:"dns.weixin.qq.com.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 692, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flymc.cc"; dns.query; content:"dns.flymc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 693, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wakgood.net"; dns.query; content:"dns.wakgood.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 694, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goldplate.org"; dns.query; content:"dns.goldplate.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 695, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yunyun.is.my.waifu.cz"; dns.query; content:"yunyun.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 696, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d4d.moe"; dns.query; content:"dns.d4d.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 697, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway.fomichev.cloud"; dns.query; content:"gateway.fomichev.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 698, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.elemental.software"; dns.query; content:"dns.elemental.software"; nocase; fast_pattern; classtype:bad-unknown; sid:27990699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 699, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sink.nolo.ltd"; dns.query; content:"sink.nolo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27990700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 700, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny.teradns.org"; dns.query; content:"ny.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 701, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aquilenet.fr"; dns.query; content:"dns.aquilenet.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 702, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dscloud.me"; dns.query; content:"doh.dscloud.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 703, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh003.280blocker.net"; dns.query; content:"doh003.280blocker.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 704, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at.pzhg.me"; dns.query; content:"at.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 705, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tx.teradns.org"; dns.query; content:"tx.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 706, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.startupstack.tech"; dns.query; content:"dns.startupstack.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 707, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sriedmueadguard.casa"; dns.query; content:"sriedmueadguard.casa"; nocase; fast_pattern; classtype:bad-unknown; sid:27990708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 708, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jnorton.us"; dns.query; content:"adg.jnorton.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27990709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 709, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ams02.dnscry.pt"; dns.query; content:"ams02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 710, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-hkg.doh.sb"; dns.query; content:"hk-hkg.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 711, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kescher.at"; dns.query; content:"dns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 712, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.myon.lu"; dns.query; content:"blackhole.myon.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 713, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justhost.bedro.cloud"; dns.query; content:"justhost.bedro.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 714, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waw01.dnscry.pt"; dns.query; content:"waw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 715, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.teradns.org"; dns.query; content:"uk.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 716, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse-noads.alekberg.net"; dns.query; content:"dnsse-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 717, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orpi.privado.ovh"; dns.query; content:"orpi.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 718, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kss.ovh"; dns.query; content:"adguard.kss.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 719, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.murgi.de"; dns.query; content:"dns.murgi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 720, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafn.is"; dns.query; content:"dns.rafn.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 721, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c.cicitt.ch"; dns.query; content:"c.cicitt.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 722, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.watch"; dns.query; content:"dns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 723, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for everovpn.co"; dns.query; content:"everovpn.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 724, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privatnas.servebeer.com"; dns.query; content:"privatnas.servebeer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 725, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geshido.vpn.geshido.ru"; dns.query; content:"geshido.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 726, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for local.sufly.top"; dns.query; content:"local.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 727, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zzuhacker.cn"; dns.query; content:"dns.zzuhacker.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 728, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.foximao.cn"; dns.query; content:"dns.foximao.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 729, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ikataruto.com"; dns.query; content:"dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 730, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.imaicool.com"; dns.query; content:"dns.imaicool.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 731, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.beliefanx.cn"; dns.query; content:"adguard.beliefanx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 732, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.brianlee.fun"; dns.query; content:"ag.brianlee.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 733, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.irumatech.com"; dns.query; content:"dns1.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 734, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos-system.de"; dns.query; content:"chaos-system.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 735, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kiboko.it"; dns.query; content:"adguard.kiboko.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 736, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for osefcorp.duckdns.org"; dns.query; content:"osefcorp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 737, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wargan.io"; dns.query; content:"dns.wargan.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 738, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-public.ibakerserver.pt"; dns.query; content:"dns-public.ibakerserver.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 739, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.panszelescik.pl"; dns.query; content:"dns.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 740, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawa.tf"; dns.query; content:"dns.kawa.tf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 741, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.neowutran.ovh"; dns.query; content:"doh.neowutran.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 742, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.30x.me"; dns.query; content:"doh.30x.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 743, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic2.i2pd.xyz"; dns.query; content:"opennic2.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 744, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.oms-ctr.ru"; dns.query; content:"adguard.oms-ctr.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 745, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns1.bancuh.com"; dns.query; content:"fr-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 746, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novg.net"; dns.query; content:"dns.novg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 747, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.terra.my.id"; dns.query; content:"id.terra.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 748, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alloxr.info"; dns.query; content:"dns.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 749, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield1.eranext.net"; dns.query; content:"shield1.eranext.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 750, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au02.dns4me.net"; dns.query; content:"au02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 751, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.onedns.net"; dns.query; content:"doh.onedns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 752, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.flodns.net"; dns.query; content:"ns1.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 753, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.flodns.net"; dns.query; content:"ns2.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 754, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.charraud.eu"; dns.query; content:"dns.charraud.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 755, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au01.dns4me.net"; dns.query; content:"au01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 756, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg01.dns4me.net"; dns.query; content:"sg01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 757, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us02.dns4me.net"; dns.query; content:"us02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 758, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us01.dns4me.net"; dns.query; content:"us01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 759, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumpkinvrar.com"; dns.query; content:"dns.pumpkinvrar.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 760, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joaofidelix.com.br"; dns.query; content:"dns.joaofidelix.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 761, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.ooroot.com"; dns.query; content:"tw2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 762, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ceai.com.tw"; dns.query; content:"dns.ceai.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 763, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-dus.doh.sb"; dns.query; content:"de-dus.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 764, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.borjalopez.eu"; dns.query; content:"adblock.borjalopez.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 765, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maybe.icu"; dns.query; content:"dns.maybe.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 766, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jinwoo.dev"; dns.query; content:"dns.jinwoo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 767, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7vpn.com"; dns.query; content:"dns.7vpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 768, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wirimij.nl"; dns.query; content:"adguard.wirimij.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 769, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dtw01.dnscry.pt"; dns.query; content:"dtw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 770, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clearweb.woodbridge.club"; dns.query; content:"clearweb.woodbridge.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27990771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 771, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.detoxifypornblocker.com"; dns.query; content:"doh-primary-pool.detoxifypornblocker.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 772, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ssrahul96.xyz"; dns.query; content:"ag.ssrahul96.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 773, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zougloub.eu"; dns.query; content:"zougloub.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 774, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for korzhov.dev"; dns.query; content:"korzhov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 775, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.interhub.cc"; dns.query; content:"dns.interhub.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 776, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver4.dns.openinternet.io"; dns.query; content:"resolver4.dns.openinternet.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 777, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarak.as"; dns.query; content:"dns.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27990778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 778, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eddi.net"; dns.query; content:"dns.eddi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 779, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tooli.ca"; dns.query; content:"dot.tooli.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 780, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns3.lonet.org"; dns.query; content:"doh.phdns3.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 781, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.milkpie.one"; dns.query; content:"dns.milkpie.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 782, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 783, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.eu.org"; dns.query; content:"arashi.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 784, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vishalk.com"; dns.query; content:"dns.vishalk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 785, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.connect.fail"; dns.query; content:"dns.connect.fail"; nocase; fast_pattern; classtype:bad-unknown; sid:27990786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 786, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.safe.dns.yandex.ru"; dns.query; content:"secondary.safe.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 787, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.yandex.ru"; dns.query; content:"family.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 788, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.dns.yandex.ru"; dns.query; content:"safe.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 789, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scarx.net"; dns.query; content:"dns.scarx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 790, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams.doh.sb"; dns.query; content:"nl-ams.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 791, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sellan.fr"; dns.query; content:"dns.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 792, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muxyuji.ru"; dns.query; content:"muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 793, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst1.absolight.net"; dns.query; content:"res-acst1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 794, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst2.absolight.net"; dns.query; content:"res-acst2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 795, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst3.absolight.net"; dns.query; content:"res-acst3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 796, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.absolight.net"; dns.query; content:"resolver2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 797, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.absolight.net"; dns.query; content:"resolver1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 798, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver3.absolight.net"; dns.query; content:"resolver3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 799, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hottis.de"; dns.query; content:"doh.hottis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 800, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullgate.net"; dns.query; content:"dns.nullgate.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 801, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pates.services.sfr.fr.casepp.sfr.fr"; dns.query; content:"pates.services.sfr.fr.casepp.sfr.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 802, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsec.arnor.org"; dns.query; content:"nsec.arnor.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 803, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zrh1-ns01.monzoon.net"; dns.query; content:"zrh1-ns01.monzoon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 804, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bt.com"; dns.query; content:"doh.bt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 805, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.opennameserver.org"; dns.query; content:"ns3.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 806, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for project-evoex.de"; dns.query; content:"project-evoex.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 807, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns1.m-it.ro"; dns.query; content:"addns1.m-it.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 808, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.enjoymylife.net"; dns.query; content:"home.enjoymylife.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 809, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.tezoi.com"; dns.query; content:"cloud.tezoi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 810, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rayneau.fr"; dns.query; content:"rayneau.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 811, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-home.xaoimoon.fr"; dns.query; content:"adb-home.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 812, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lege.despagne.net"; dns.query; content:"adguard.lege.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 813, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.korzhyk.pp.ua"; dns.query; content:"dns.korzhyk.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 814, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funil.de"; dns.query; content:"doh.funil.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 815, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsenc.com"; dns.query; content:"dnsenc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 816, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole4.hoerli.net"; dns.query; content:"pihole4.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 817, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vie01.dnscry.pt"; dns.query; content:"vie01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 818, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.unasw.eu"; dns.query; content:"www.unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 819, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipoac.nl"; dns.query; content:"ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 820, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo01.dnscry.pt"; dns.query; content:"tyo01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 821, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd01.dnscry.pt"; dns.query; content:"syd01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 822, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ueni.dyndns.org"; dns.query; content:"ueni.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 823, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pyry.me"; dns.query; content:"doh.pyry.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 824, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pukanuragan.ru"; dns.query; content:"www.pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 825, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.siry.de"; dns.query; content:"dns.siry.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 826, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for callies-online.site"; dns.query; content:"callies-online.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 827, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.colorfreedom.org"; dns.query; content:"dns.colorfreedom.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 828, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole3.hoerli.net"; dns.query; content:"pihole3.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 829, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for typaza.com"; dns.query; content:"typaza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 830, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for inpssh.online"; dns.query; content:"inpssh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 831, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yandex.ru"; dns.query; content:"dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 832, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.onlyfriends.info"; dns.query; content:"adguard.onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 833, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole1.hoerli.net"; dns.query; content:"pihole1.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 834, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanmey.de"; dns.query; content:"dns.hanmey.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 835, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.rferee.dev"; dns.query; content:"resolver.rferee.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 836, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lelux.fi"; dns.query; content:"lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 837, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for buc-m2.illmods.com"; dns.query; content:"buc-m2.illmods.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 838, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warpnine.de"; dns.query; content:"dns.warpnine.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 839, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.piekacz.pl"; dns.query; content:"adguard.piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 840, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikeliu.org"; dns.query; content:"dns.mikeliu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 841, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tj.jamesxue.xyz"; dns.query; content:"tj.jamesxue.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 842, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg01.dnscry.pt"; dns.query; content:"hkg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 843, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cryptomize.com"; dns.query; content:"dns.cryptomize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 844, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7sec.com.br"; dns.query; content:"dns.7sec.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 845, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.wriedts.de"; dns.query; content:"home.wriedts.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 846, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailkyb.co"; dns.query; content:"mailkyb.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 847, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testaghome.meshkov.info"; dns.query; content:"testaghome.meshkov.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 848, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.bit-trail.nl"; dns.query; content:"ns3.bit-trail.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 849, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.depieri.net"; dns.query; content:"adguard.depieri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 850, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.5ososea.com"; dns.query; content:"family.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 851, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for echoe1yidzu4ioo5.myfritz.net"; dns.query; content:"echoe1yidzu4ioo5.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 852, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanto.cloud"; dns.query; content:"dns.clanto.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 853, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 854, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sidnlabs.nl"; dns.query; content:"doh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 855, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic1.eth-services.de"; dns.query; content:"opennic1.eth-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 856, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joey01245.nl"; dns.query; content:"dns.joey01245.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 857, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timmes.nl"; dns.query; content:"timmes.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 858, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neubsi.at"; dns.query; content:"dns.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 859, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cube.neubsi.at"; dns.query; content:"cube.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 860, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.truong.fi"; dns.query; content:"dns.truong.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 861, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pope.cnblw.me"; dns.query; content:"pope.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 862, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuchur.pentament.de"; dns.query; content:"fuchur.pentament.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 863, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca01.dns4me.net"; dns.query; content:"ca01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 864, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.tenta.io"; dns.query; content:"opennic.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 865, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iana.tenta.io"; dns.query; content:"iana.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 866, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.23-4.cn"; dns.query; content:"dns.23-4.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 867, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns.meituan.com"; dns.query; content:"httpdns.meituan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 868, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh-yz.russel053.com"; dns.query; content:"agh-yz.russel053.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 869, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nz01.dns4me.net"; dns.query; content:"nz01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 870, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-dns1.bancuh.com"; dns.query; content:"jp-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 871, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antivirus.bebasid.com"; dns.query; content:"antivirus.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 872, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.f97.xyz"; dns.query; content:"dns.f97.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 873, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.max.net.id"; dns.query; content:"doh.max.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 874, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bom01.dnscry.pt"; dns.query; content:"bom01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 875, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2.shabi.icu"; dns.query; content:"d2.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 876, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-nrt.doh.sb"; dns.query; content:"jp-nrt.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 877, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdx01.dnscry.pt"; dns.query; content:"pdx01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 878, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infotek.net.id"; dns.query; content:"doh.infotek.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 879, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tpe01.dnscry.pt"; dns.query; content:"tpe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 880, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gi.co.id"; dns.query; content:"dns.gi.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 881, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pernika.net"; dns.query; content:"dns.pernika.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 882, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for urology.wiki"; dns.query; content:"urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27990883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 883, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chungocoai.name.vn"; dns.query; content:"www.chungocoai.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 884, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ningkelle.id"; dns.query; content:"dns.ningkelle.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 885, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.apigw.online"; dns.query; content:"dns.apigw.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 886, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spil.co.id"; dns.query; content:"dns.spil.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 887, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.teradns.org"; dns.query; content:"sg.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 888, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.apemlegit.my.id"; dns.query; content:"d.apemlegit.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 889, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.morizt.id"; dns.query; content:"doh.morizt.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 890, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4.imkvq.com"; dns.query; content:"dns4.imkvq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 891, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.hunga1k47.com"; dns.query; content:"ads.hunga1k47.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 892, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.futa.gg"; dns.query; content:"doh.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 893, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rokh.biz"; dns.query; content:"adg.rokh.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 894, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.maxfong.cc"; dns.query; content:"www.maxfong.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 895, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hitian.me"; dns.query; content:"hitian.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 896, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.lothuscorp.com.br"; dns.query; content:"dns1.lothuscorp.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 897, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.one"; dns.query; content:"comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 898, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o1.lt"; dns.query; content:"o1.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 899, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.240527.xyz"; dns.query; content:"dns.240527.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 900, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rayanbab.com"; dns.query; content:"dns.rayanbab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 901, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mestdag.fr"; dns.query; content:"dns.mestdag.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 902, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdn.0ms.dev"; dns.query; content:"cdn.0ms.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 903, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dgea.fr"; dns.query; content:"dns.dgea.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 904, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kosan.moe"; dns.query; content:"dns.kosan.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 905, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unerror.network"; dns.query; content:"dns.unerror.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 906, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lista.my.id"; dns.query; content:"dns.lista.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 907, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-ironhide.ultima-thule.ru"; dns.query; content:"adguard-ironhide.ultima-thule.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 908, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crypto.sx"; dns.query; content:"crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 909, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahadns.net"; dns.query; content:"ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 910, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.sntrk.ru"; dns.query; content:"guard.sntrk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 911, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gztech.me"; dns.query; content:"gztech.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 912, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanahira.dev"; dns.query; content:"dns.hanahira.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 913, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ccb-net.it"; dns.query; content:"doh.ccb-net.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 914, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sparshbajaj.me"; dns.query; content:"adguard.sparshbajaj.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 915, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jstockley.com"; dns.query; content:"dns.jstockley.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 916, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for takhtakh.domyah.net"; dns.query; content:"takhtakh.domyah.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 917, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.killtw.im"; dns.query; content:"doh.killtw.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 918, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivnkn.xyz"; dns.query; content:"ivnkn.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 919, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uradoori.org"; dns.query; content:"uradoori.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 920, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.puredns.org"; dns.query; content:"family.puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 921, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforfamily.com"; dns.query; content:"dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 922, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.com"; dns.query; content:"adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 923, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bobstrecansky.com"; dns.query; content:"dns.bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 924, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax02.dnscry.pt"; dns.query; content:"lax02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 925, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bofh.in"; dns.query; content:"dns.bofh.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 926, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ny-alula.heliumcloud.cc"; dns.query; content:"us-ny-alula.heliumcloud.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 927, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca.doh.cloudveil.org"; dns.query; content:"ca.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 928, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.xinfeng16m.top"; dns.query; content:"agh.xinfeng16m.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 929, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tracker.ink"; dns.query; content:"dns.tracker.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27990930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 930, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b612.me"; dns.query; content:"dns.b612.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 931, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.gq"; dns.query; content:"ychen.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27990932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 932, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkname.freecdn.one"; dns.query; content:"hkname.freecdn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 933, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.com"; dns.query; content:"r1bnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 934, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.jsanagustin.net"; dns.query; content:"adguard1.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kamilszczepanski.com"; dns.query; content:"dns.kamilszczepanski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 936, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bonsirven.eu"; dns.query; content:"adguard.bonsirven.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 937, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for area51.mywire.org"; dns.query; content:"area51.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 938, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipv6dns.com"; dns.query; content:"dns.ipv6dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 939, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cwlys.com"; dns.query; content:"dns.cwlys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 940, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jundev.org"; dns.query; content:"dns.jundev.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 941, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ares-taiwan.com"; dns.query; content:"dns.ares-taiwan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 942, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indust.me"; dns.query; content:"dns.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 943, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sitdns.com"; dns.query; content:"dns.sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 944, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield.afixer.app"; dns.query; content:"shield.afixer.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 945, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloudmini.net"; dns.query; content:"adguard.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 946, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ihatemy.live"; dns.query; content:"adguard.ihatemy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27990947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 947, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ihaveacloud.com"; dns.query; content:"dns.ihaveacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 948, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daw.dev"; dns.query; content:"dns.daw.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 949, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkness.is.my.waifu.cz"; dns.query; content:"darkness.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 950, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hujiayucc.cn"; dns.query; content:"dns.hujiayucc.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 951, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.albony.xyz"; dns.query; content:"dns.albony.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 952, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for h.gjrick.tw"; dns.query; content:"h.gjrick.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 953, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.viatech.com.tw"; dns.query; content:"doh.viatech.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 954, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nanopi.cybergroove.net"; dns.query; content:"nanopi.cybergroove.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 955, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.david888.com"; dns.query; content:"dns.david888.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 956, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iucc.ac.il"; dns.query; content:"doh.iucc.ac.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27990957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 957, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacy.plumedns.com"; dns.query; content:"privacy.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 958, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scapetical.com"; dns.query; content:"dns.scapetical.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 959, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stevenz.net"; dns.query; content:"dns.stevenz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 960, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.samutz.com"; dns.query; content:"cloud.samutz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 961, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huyhoangit.net"; dns.query; content:"dns.huyhoangit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 962, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yameenassotally.com"; dns.query; content:"dns.yameenassotally.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 963, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dart.kpsn.org"; dns.query; content:"dart.kpsn.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 964, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.datamatter.co.za"; dns.query; content:"pihole.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 965, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for switch.ch"; dns.query; content:"switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 966, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.tzockt.beer"; dns.query; content:"ad.tzockt.beer"; nocase; fast_pattern; classtype:bad-unknown; sid:27990967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 967, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mainframe.dewed.de"; dns.query; content:"mainframe.dewed.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 968, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-kartoffel.zernico.de"; dns.query; content:"adguard-kartoffel.zernico.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 969, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.jeroenhd.nl"; dns.query; content:"doh.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 970, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ha-dvin.pp.ua"; dns.query; content:"dns.ha-dvin.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 971, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.theres.one"; dns.query; content:"dns.theres.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 972, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchung.hopto.org"; dns.query; content:"keithchung.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 973, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger.dns.qwer.pw"; dns.query; content:"tiger.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 974, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmath.my.id"; dns.query; content:"dns.vmath.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 975, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emby.rasp.tv"; dns.query; content:"emby.rasp.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 976, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.filipccz.eu"; dns.query; content:"dns.filipccz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 977, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for krtekvpn.duckdns.org"; dns.query; content:"krtekvpn.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 978, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ines.zfn.uni-bremen.de"; dns.query; content:"ines.zfn.uni-bremen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 979, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blocker.thethorsens.org"; dns.query; content:"blocker.thethorsens.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 980, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flwagners.com"; dns.query; content:"dns.flwagners.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 981, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole2.hoerli.net"; dns.query; content:"pihole2.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 982, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simplylinux.ch"; dns.query; content:"dns.simplylinux.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 983, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.haringstad.com"; dns.query; content:"resolver-eu.haringstad.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 984, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.dnscrypt.uk"; dns.query; content:"v.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 985, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudns.bosco.ovh"; dns.query; content:"cloudns.bosco.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 986, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lashes-brow.ru"; dns.query; content:"dns.lashes-brow.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 987, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ff0x.ca"; dns.query; content:"ag.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 988, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edison42.dev"; dns.query; content:"dns.edison42.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 989, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuandns.duckdns.org"; dns.query; content:"tuandns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 990, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonssif.com"; dns.query; content:"dns.moonssif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 991, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.mytm.cc"; dns.query; content:"vm.mytm.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 992, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns1.lonet.org"; dns.query; content:"doh.dns1.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 993, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.almir1904.eu"; dns.query; content:"dns.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 994, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns1.bancuh.com"; dns.query; content:"sg-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 995, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wibenson.cloud"; dns.query; content:"dns.wibenson.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 996, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.trust404.win"; dns.query; content:"dns.trust404.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 997, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.toairs.com"; dns.query; content:"d.toairs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 998, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr1.ooroot.com"; dns.query; content:"kr1.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 999, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tienpham.id.vn"; dns.query; content:"tienpham.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1000, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frog.dns.qwer.pw"; dns.query; content:"frog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1001, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr2.ooroot.com"; dns.query; content:"kr2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1002, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.haneulo.com"; dns.query; content:"adguard.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1003, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linkr.ninja"; dns.query; content:"dns.linkr.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27991004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1004, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.porteii.com"; dns.query; content:"dns.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1005, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for esel.stusta.mhn.de"; dns.query; content:"esel.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1006, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muli.stusta.mhn.de"; dns.query; content:"muli.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1007, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1a.ns.ozer.im"; dns.query; content:"1a.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1008, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.klcd.eu"; dns.query; content:"dns1.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1009, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hole.elbschloss.xyz"; dns.query; content:"hole.elbschloss.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1010, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alvosec.com"; dns.query; content:"dns.alvosec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1011, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-blr.doh.sb"; dns.query; content:"in-blr.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1012, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbdns.co.in"; dns.query; content:"sbdns.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1013, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.klcd.eu"; dns.query; content:"dns2.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1014, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.wewitro.net"; dns.query; content:"doh.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1015, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd.doh.sb"; dns.query; content:"au-syd.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1016, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shimul.me"; dns.query; content:"dns.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1017, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.youni.win"; dns.query; content:"dns.youni.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1018, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.dns.qwer.pw"; dns.query; content:"lion.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1019, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ant.dns.qwer.pw"; dns.query; content:"ant.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1020, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dog.dns.qwer.pw"; dns.query; content:"dog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1021, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dotdns.cryptroute.com"; dns.query; content:"dotdns.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1022, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra.doh.sb"; dns.query; content:"de-fra.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1023, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for galileo.math.unipd.it"; dns.query; content:"galileo.math.unipd.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1024, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yul01.dnscry.pt"; dns.query; content:"yul01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1025, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9-dns.com"; dns.query; content:"pluton.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1026, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikrotikrumahan.my.id"; dns.query; content:"dns.mikrotikrumahan.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1027, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funtopia.tv"; dns.query; content:"doh.funtopia.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1028, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aa4.co.uk"; dns.query; content:"adguard.aa4.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1029, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.886886886.xyz"; dns.query; content:"dns.886886886.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1030, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ours.luxe"; dns.query; content:"dns.ours.luxe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1031, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.in"; dns.query; content:"dns.skrep.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1032, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o.rsaikat.com"; dns.query; content:"o.rsaikat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1033, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.354688.xyz"; dns.query; content:"dns.354688.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1034, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hotta.page"; dns.query; content:"dns.hotta.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27991035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1035, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sstomp.nl"; dns.query; content:"dns.sstomp.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1036, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secondary.cloudnx.cloud"; dns.query; content:"dns-secondary.cloudnx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-germany.de"; dns.query; content:"jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1038, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d94.xyz"; dns.query; content:"dns.d94.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1039, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zachitect.com"; dns.query; content:"adguard.zachitect.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1040, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.techeasy.org"; dns.query; content:"dns1.techeasy.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1041, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oraclejp2.chungyu.com"; dns.query; content:"oraclejp2.chungyu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1042, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0ooo.icu"; dns.query; content:"dns.0ooo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1043, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cbio.top"; dns.query; content:"dns2.cbio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1044, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home27.duckdns.org"; dns.query; content:"home27.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1045, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hugo0.moe"; dns.query; content:"dns.hugo0.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1046, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ooroot.com"; dns.query; content:"hk2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1047, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dotls.org"; dns.query; content:"ns1.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1048, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for la.ray0512.win"; dns.query; content:"la.ray0512.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1049, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.pleumkungz.com"; dns.query; content:"secure-dns.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1050, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.vasi.li"; dns.query; content:"tor.vasi.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27991051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1051, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.ooroot.com"; dns.query; content:"jp2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1052, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.huyct.net"; dns.query; content:"ad.huyct.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1053, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.cf"; dns.query; content:"ychen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1054, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.infosec.xyz"; dns.query; content:"dns.infosec.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1055, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.benpro.fr"; dns.query; content:"dns.benpro.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1056, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nhtsky.com"; dns.query; content:"dns.nhtsky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1057, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xenergy.cc"; dns.query; content:"xenergy.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1058, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ttag.dns.nomu.pw"; dns.query; content:"ttag.dns.nomu.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1059, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.shimul.me"; dns.query; content:"do.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1060, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.data.haus"; dns.query; content:"mail.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27991061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1061, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.justinnetworkingsolutions.com"; dns.query; content:"dns.justinnetworkingsolutions.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1062, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sa01.dns4me.net"; dns.query; content:"sa01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1063, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.goodbyegambling.com"; dns.query; content:"doh-primary-pool.goodbyegambling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1064, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huseynov.work"; dns.query; content:"dns.huseynov.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1065, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lvolland.fr"; dns.query; content:"dns.lvolland.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1066, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.space"; dns.query; content:"dns.b33.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1067, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fezgate.ovh"; dns.query; content:"fezgate.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1068, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.cloudflare-dns.com"; dns.query; content:"odoh.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1069, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-fr-psv1.cloudsides.com"; dns.query; content:"dns-fr-psv1.cloudsides.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1070, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moog.sh"; dns.query; content:"dns.moog.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1071, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra1.eyecay.xyz"; dns.query; content:"fra1.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1072, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-sin.doh.sb"; dns.query; content:"sg-sin.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1073, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for easyhandshake.com"; dns.query; content:"easyhandshake.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1074, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnscrypt.uk"; dns.query; content:"doh.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1075, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.dnscrypt.uk"; dns.query; content:"do.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1076, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melalandia.tk"; dns.query; content:"dns.melalandia.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1077, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinnyp.xyz"; dns.query; content:"dns.vinnyp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1078, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gbrossi.com.br"; dns.query; content:"adguard.gbrossi.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1079, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinet.net"; dns.query; content:"dns.hinet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1080, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.molinero.dev"; dns.query; content:"dns.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1081, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orau.lz0724.com"; dns.query; content:"orau.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1082, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.meeo.win"; dns.query; content:"dns.meeo.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1083, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.cola16.app"; dns.query; content:"jpdns.cola16.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1084, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chromeina.top"; dns.query; content:"dns.chromeina.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1085, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aattwwss.duckdns.org"; dns.query; content:"aattwwss.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1086, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.ooroot.com"; dns.query; content:"sg2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1087, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp1.f7b6h9.tk"; dns.query; content:"jp1.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1088, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sev.monster"; dns.query; content:"dns.sev.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27991089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1089, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca02.dns4me.net"; dns.query; content:"ca02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1090, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jnb01.dnscry.pt"; dns.query; content:"jnb01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1091, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.micronets.in"; dns.query; content:"doh.micronets.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1092, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atl01.dnscry.pt"; dns.query; content:"atl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1093, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.ru"; dns.query; content:"comss.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1094, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudseriousshit.com"; dns.query; content:"dns.cloudseriousshit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1095, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ovpn.bond"; dns.query; content:"dns.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27991096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1096, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.futuredns.me"; dns.query; content:"dns.futuredns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1097, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d96.info"; dns.query; content:"dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1098, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xx3210766.live"; dns.query; content:"v2.xx3210766.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27991099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1099, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clientdns3.softcom.net"; dns.query; content:"clientdns3.softcom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1100, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.blissdns.net"; dns.query; content:"us1.blissdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1101, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glorydns.com"; dns.query; content:"dns.glorydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1102, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinokurov.tk"; dns.query; content:"dns.vinokurov.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1103, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiv01.dnscry.pt"; dns.query; content:"kiv01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1104, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privado.ovh"; dns.query; content:"dns.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1105, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockerads.multimediaconcept.fr"; dns.query; content:"blockerads.multimediaconcept.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1106, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vd.i81.ru"; dns.query; content:"vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1107, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shecan.ir"; dns.query; content:"dns.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1108, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pro.shecan.ir"; dns.query; content:"pro.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1109, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsadguard.co.uk"; dns.query; content:"www.dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1110, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jurre-home.duckdns.org"; dns.query; content:"jurre-home.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1111, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keweon.center"; dns.query; content:"dns.keweon.center"; nocase; fast_pattern; classtype:bad-unknown; sid:27991112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1112, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msxnet.ru"; dns.query; content:"dns.msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1113, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opennameserver.org"; dns.query; content:"ns2.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1114, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gustamadh.dynv6.net"; dns.query; content:"gustamadh.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1115, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 5g.o0o.re"; dns.query; content:"5g.o0o.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27991116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1116, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for punono.duckdns.org"; dns.query; content:"punono.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1117, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jfchenier.ca"; dns.query; content:"adguard.jfchenier.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1118, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nas-server.ru"; dns.query; content:"dns.nas-server.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1119, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnssilo.top"; dns.query; content:"dns.dnssilo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1120, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ee-tll.doh.sb"; dns.query; content:"ee-tll.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1121, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk-lon.doh.sb"; dns.query; content:"uk-lon.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1122, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.port53.dk"; dns.query; content:"doh.port53.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1123, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns4.opennameserver.org"; dns.query; content:"ns4.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1124, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abel.waringer-atg.de"; dns.query; content:"abel.waringer-atg.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1125, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l337.site"; dns.query; content:"dns.l337.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1126, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.ray0512.win"; dns.query; content:"jp.ray0512.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1127, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n5.lsasss.com"; dns.query; content:"n5.lsasss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1128, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.furrydns.de"; dns.query; content:"dns.furrydns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1129, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.r0cket.net"; dns.query; content:"resolver.r0cket.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1130, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dus01.dnscry.pt"; dns.query; content:"dus01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bw.i81.ru"; dns.query; content:"dns.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1132, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npe.bz"; dns.query; content:"dns.npe.bz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1133, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karl.one"; dns.query; content:"dns.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grqu.de"; dns.query; content:"dns.grqu.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1135, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.5ososea.com"; dns.query; content:"kids.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1136, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xcom.pro"; dns.query; content:"doh.xcom.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1137, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.saferbfc.org"; dns.query; content:"dns2.saferbfc.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1138, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.totoro.pub"; dns.query; content:"doh.totoro.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27991139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1139, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jambi.undo.it"; dns.query; content:"jambi.undo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1140, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailer.amlegion.org"; dns.query; content:"mailer.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1141, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reckoningslug.name"; dns.query; content:"dns.reckoningslug.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27991142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1142, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iamninja.ru"; dns.query; content:"dns.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1143, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.leenit.kr"; dns.query; content:"adblock.leenit.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1144, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.lov.host"; dns.query; content:"ns.lov.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27991145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1145, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moulticast.net"; dns.query; content:"dns.moulticast.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1146, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.belnet.be"; dns.query; content:"dns.belnet.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1147, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abdullahabas.de"; dns.query; content:"dns.abdullahabas.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1148, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for morbitzer.de"; dns.query; content:"morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1149, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elshad-adgh-dns.ru"; dns.query; content:"elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1150, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.elshad-adgh-dns.ru"; dns.query; content:"www.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1151, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lastentarvike.fi"; dns.query; content:"lastentarvike.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1152, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for megumin.is.my.waifu.cz"; dns.query; content:"megumin.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1153, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams2.doh.sb"; dns.query; content:"nl-ams2.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1154, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chandr1000.net"; dns.query; content:"chandr1000.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1155, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kilabit.info"; dns.query; content:"kilabit.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1156, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1.heronet.nl"; dns.query; content:"ad1.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1157, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.doh.cloudveil.org"; dns.query; content:"us.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1158, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.fltn.us"; dns.query; content:"agh.fltn.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1159, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sby-doh.limotelu.org"; dns.query; content:"sby-doh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1160, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maolaohei.xyz"; dns.query; content:"dns.maolaohei.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1161, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dfw01.dnscry.pt"; dns.query; content:"dfw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1162, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-kix.doh.sb"; dns.query; content:"jp-kix.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1163, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnb09.id"; dns.query; content:"dns.gnb09.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1164, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zfsystem.tech"; dns.query; content:"dns.zfsystem.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1165, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-sc.aliyuncs.com"; dns.query; content:"httpdns-sc.aliyuncs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1166, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infracell.net"; dns.query; content:"doh.infracell.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1167, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iij.jp"; dns.query; content:"iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27991168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1168, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.leadmon.net"; dns.query; content:"adguard1.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1169, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ricko.is"; dns.query; content:"ricko.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27991170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1170, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns22.gkonuralp.com"; dns.query; content:"sdns22.gkonuralp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1171, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wyx.cloud"; dns.query; content:"wyx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1172, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.aadityakushwaha.com"; dns.query; content:"adb.aadityakushwaha.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1173, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudtrust.solutions"; dns.query; content:"dns.cloudtrust.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27991174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1174, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns8.org"; dns.query; content:"dns8.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1175, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9-dns.com"; dns.query; content:"kronos.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1176, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sandbox.opendns.com"; dns.query; content:"sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1177, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for familyshield.opendns.com"; dns.query; content:"familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1178, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opendns.com"; dns.query; content:"dns.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1179, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cleanbrowsing.org"; dns.query; content:"cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1180, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for las01.dnscry.pt"; dns.query; content:"las01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1181, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dyn1.de"; dns.query; content:"dns.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1182, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.atakorah.com"; dns.query; content:"adguardhome.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1183, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.c-dns.com"; dns.query; content:"www.c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1184, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.marto.si"; dns.query; content:"adguard.marto.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27991185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1185, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datacore.ch"; dns.query; content:"doh.datacore.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1186, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dekonix.ru"; dns.query; content:"adguard.dekonix.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1187, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.conne.net"; dns.query; content:"dns1.conne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1188, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for externalmobiel.lekdijk.online"; dns.query; content:"externalmobiel.lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1189, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norvig.dk"; dns.query; content:"dns.norvig.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1190, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.mobik.com"; dns.query; content:"dnstls.mobik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1191, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lgprk.com"; dns.query; content:"dns.lgprk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1192, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zal01.dnscry.pt"; dns.query; content:"zal01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1193, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyc.doh.sb"; dns.query; content:"ca-yyc.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1194, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpsus3.pzhg.me"; dns.query; content:"vpsus3.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1195, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9-dns.com"; dns.query; content:"helios.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1196, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br.servers.legat.ml"; dns.query; content:"br.servers.legat.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1197, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ronc.ru"; dns.query; content:"dns.ronc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1198, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanless.ovh"; dns.query; content:"dns.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1199, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.opennameserver.org"; dns.query; content:"ns1.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1200, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mo0on15.com"; dns.query; content:"dns.mo0on15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1201, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hshh.org"; dns.query; content:"hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1202, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ihctw.synology.me"; dns.query; content:"ihctw.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1203, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.printk.info"; dns.query; content:"agh.printk.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1204, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.boje8.me"; dns.query; content:"doh.boje8.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1205, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.e-utp.net"; dns.query; content:"dnscache.e-utp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1206, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outdoorchair.us"; dns.query; content:"outdoorchair.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1207, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz-setup.ahadns.com"; dns.query; content:"blitz-setup.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1208, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.linzefeng.top"; dns.query; content:"dns2.linzefeng.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1209, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for armorrush.eu.org"; dns.query; content:"armorrush.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1210, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.68360612.xyz"; dns.query; content:"jp.68360612.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1211, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.tru.io"; dns.query; content:"nebula.tru.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1212, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.morbitzer.de"; dns.query; content:"www.morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1213, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nat64.tuxis.nl"; dns.query; content:"nat64.tuxis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1214, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-dot.dnswarden.com"; dns.query; content:"adblock-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1215, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dot.dnswarden.com"; dns.query; content:"adult-filter-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1216, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arapurayil.com"; dns.query; content:"dns.arapurayil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1217, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitgeek.in"; dns.query; content:"dns.bitgeek.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1218, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cfiec.net"; dns.query; content:"dns.cfiec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1219, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnses.alekberg.net"; dns.query; content:"dnses.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1220, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.larsdebruin.net"; dns.query; content:"dns.larsdebruin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1221, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nixnet.xyz"; dns.query; content:"dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1222, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.au.ahadns.net"; dns.query; content:"doh.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1223, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blockerdns.com"; dns.query; content:"doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1224, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pi-dns.com"; dns.query; content:"doh.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1225, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.securedns.eu"; dns.query; content:"dot.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1226, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ecs-doh.dnswarden.com"; dns.query; content:"ecs-doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1227, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jarjar.meganerd.nl"; dns.query; content:"jarjar.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1228, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1229, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored-dot.dnswarden.com"; dns.query; content:"uncensored-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1230, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.dns.seby.io"; dns.query; content:"2.dnscrypt-cert.dns.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1231, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.fe.apple-dns.net"; dns.query; content:"mask-api.fe.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1232, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.umbrella.com"; dns.query; content:"dns.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1233, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-03.spectrum.com"; dns.query; content:"doh-03.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1234, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frguthrie.app"; dns.query; content:"dns.frguthrie.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1235, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-01.hir.app"; dns.query; content:"dns-01.hir.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1236, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nieto.app"; dns.query; content:"dns.nieto.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1237, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.streamvine.app"; dns.query; content:"dns.streamvine.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1238, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for telex.app"; dns.query; content:"telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1239, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh2.telex.app"; dns.query; content:"bwh2.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1240, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.telex.app"; dns.query; content:"sg.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1241, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sh.telex.app"; dns.query; content:"sh.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1242, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.wiqi.app"; dns.query; content:"ad.wiqi.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1243, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.depotthai.army"; dns.query; content:"ns1.depotthai.army"; nocase; fast_pattern; classtype:bad-unknown; sid:27991244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1244, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.art"; dns.query; content:"dnsdoh.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27991245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1245, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yu-dns.art"; dns.query; content:"yu-dns.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27991246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1246, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sarak.as"; dns.query; content:"dns1.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27991247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1247, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sarak.as"; dns.query; content:"dns2.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27991248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1248, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qwqawa.asia"; dns.query; content:"dns.qwqawa.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1249, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shijiu.asia"; dns.query; content:"shijiu.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1250, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timochan.asia"; dns.query; content:"dns.timochan.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1251, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.timochan.asia"; dns.query; content:"dot.timochan.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1252, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tetra.aeins.at"; dns.query; content:"tetra.aeins.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1253, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kloiber.co.at"; dns.query; content:"dns.kloiber.co.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1254, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.kloiber.co.at"; dns.query; content:"dns2.kloiber.co.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1255, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dahamnw.at"; dns.query; content:"dahamnw.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1256, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1257, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netraptor.com.au"; dns.query; content:"dns.netraptor.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1258, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.narrowband.net.au"; dns.query; content:"dns.narrowband.net.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1259, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alb.websy.au"; dns.query; content:"alb.websy.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1260, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xfer.au"; dns.query; content:"xfer.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1261, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.dz.ax"; dns.query; content:"adg.dz.ax"; nocase; fast_pattern; classtype:bad-unknown; sid:27991262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1262, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.znit.net.bd"; dns.query; content:"ns1.znit.net.bd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1263, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcbrdh8v6m.digitallink.be"; dns.query; content:"pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1264, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smartphone-niels.pcbrdh8v6m.digitallink.be"; dns.query; content:"smartphone-niels.pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1265, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smartphone-saskia.pcbrdh8v6m.digitallink.be"; dns.query; content:"smartphone-saskia.pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1266, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rome.digitallink.be"; dns.query; content:"rome.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1267, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.digitallink.be"; dns.query; content:"www.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1268, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fifux.be"; dns.query; content:"dns.fifux.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1269, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.housedenolf.be"; dns.query; content:"dns.housedenolf.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1270, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jimirobaer.be"; dns.query; content:"dns.jimirobaer.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1271, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikou.be"; dns.query; content:"dns.mikou.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1272, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.best"; dns.query; content:"doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1273, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.doh.best"; dns.query; content:"ns1.doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1274, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.doh.best"; dns.query; content:"ns2.doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1275, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for monty.best"; dns.query; content:"monty.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1276, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for appart.yoannchappaz.best"; dns.query; content:"appart.yoannchappaz.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1277, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle001.330k.biz"; dns.query; content:"oracle001.330k.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1278, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aminetwork.biz"; dns.query; content:"adguard.aminetwork.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1279, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for allain.com.br"; dns.query; content:"allain.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1280, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.americasnet.com.br"; dns.query; content:"adguard.americasnet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1281, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kdgnkjho4od8w40.americasnet.com.br"; dns.query; content:"kdgnkjho4od8w40.americasnet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1282, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for destakmateriais.com.br"; dns.query; content:"destakmateriais.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1283, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.gugainfo.com.br"; dns.query; content:"blackhole.gugainfo.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1284, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arrakis.korolyzer.com.br"; dns.query; content:"arrakis.korolyzer.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1285, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.madeconengenharia.com.br"; dns.query; content:"adguard.madeconengenharia.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1286, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oceanprint.com.br"; dns.query; content:"dns.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1287, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.oceanprint.com.br"; dns.query; content:"dns02.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1288, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.adrielso.tec.br"; dns.query; content:"vpn.adrielso.tec.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1289, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-br.leonardo.tec.br"; dns.query; content:"dns-br.leonardo.tec.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1290, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.buzz"; dns.query; content:"doh.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgeworkssystems.ca"; dns.query; content:"dns.edgeworkssystems.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1292, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nukys.ca"; dns.query; content:"doh.nukys.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1293, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.sapib.ca"; dns.query; content:"router.sapib.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1294, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tapawan.ca"; dns.query; content:"dns.tapawan.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1295, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tbnk.ca"; dns.query; content:"dns.tbnk.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1296, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.tbservers.ca"; dns.query; content:"ads.tbservers.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1297, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nydns.omada.cafe"; dns.query; content:"nydns.omada.cafe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1298, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iranet.cam"; dns.query; content:"doh.iranet.cam"; nocase; fast_pattern; classtype:bad-unknown; sid:27991299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1299, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintoun.alves.cc"; dns.query; content:"kintoun.alves.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1300, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dnsovertor.cc"; dns.query; content:"adguard2.dnsovertor.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1301, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnsovertor.cc"; dns.query; content:"doh.dnsovertor.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1302, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dash.flylcc.cc"; dns.query; content:"dash.flylcc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1303, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for life.flylcc.cc"; dns.query; content:"life.flylcc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1304, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v7.frame-one.cc"; dns.query; content:"v7.frame-one.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1305, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v8.frame-one.cc"; dns.query; content:"v8.frame-one.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1306, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funti.cc"; dns.query; content:"funti.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1307, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gmserv.cc"; dns.query; content:"dns.gmserv.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1308, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.hansj.cc"; dns.query; content:"d.hansj.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1309, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.hxhd.cc"; dns.query; content:"d.hxhd.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1310, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.irrelevant.cc"; dns.query; content:"vps.irrelevant.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1311, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jnmj.cc"; dns.query; content:"dns.jnmj.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1312, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bt.luoo.cc"; dns.query; content:"bt.luoo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1313, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maxfong.cc"; dns.query; content:"maxfong.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1314, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nekofish.cc"; dns.query; content:"dns.nekofish.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1315, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.niccoli.cc"; dns.query; content:"dns.niccoli.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1316, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nonomi.cc"; dns.query; content:"dns.nonomi.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1317, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.plop.cc"; dns.query; content:"doh.plop.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1318, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.qdev.cc"; dns.query; content:"v.qdev.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1319, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.r9x.cc"; dns.query; content:"dns.r9x.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1320, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seaotter.cc"; dns.query; content:"dns.seaotter.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1321, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.cc"; dns.query; content:"shalenkov.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1322, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sledge.cc"; dns.query; content:"dns.sledge.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1323, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vlo.cc"; dns.query; content:"dns.vlo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1324, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns140.zhhz.cc"; dns.query; content:"dns140.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1325, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns168.zhhz.cc"; dns.query; content:"dns168.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1326, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for main.zhhz.cc"; dns.query; content:"main.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1327, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ux.go20.cf"; dns.query; content:"ux.go20.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1328, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for service.c698fc0a.cfd"; dns.query; content:"service.c698fc0a.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1329, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for verynew.c698fc0a.cfd"; dns.query; content:"verynew.c698fc0a.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1330, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cqoda.shrub.cfd"; dns.query; content:"cqoda.shrub.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1331, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qoda.shrub.cfd"; dns.query; content:"qoda.shrub.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1332, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zephyrsec.cfd"; dns.query; content:"doh.zephyrsec.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1333, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for raffoz-pve.gotdns.ch"; dns.query; content:"raffoz-pve.gotdns.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1334, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jabertechnologies.ch"; dns.query; content:"adg.jabertechnologies.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1335, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netcup.mismat.ch"; dns.query; content:"netcup.mismat.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1336, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1337, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.quickline.ch"; dns.query; content:"dot.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1338, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-1.trust2it.ch"; dns.query; content:"dns-1.trust2it.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1339, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-2.trust2it.ch"; dns.query; content:"dns-2.trust2it.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1340, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pointless.chat"; dns.query; content:"dns.pointless.chat"; nocase; fast_pattern; classtype:bad-unknown; sid:27991341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1341, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for katherine-dns.newcore.cl"; dns.query; content:"katherine-dns.newcore.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1342, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as17820865.click"; dns.query; content:"as17820865.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1343, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vancrafter.click"; dns.query; content:"dns.vancrafter.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1344, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.audet.cloud"; dns.query; content:"dns.audet.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1345, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for friend.bedro.cloud"; dns.query; content:"friend.bedro.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1346, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dsns.cloud"; dns.query; content:"adguard.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1347, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dsns.cloud"; dns.query; content:"adguard2.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1348, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gewete.cloud"; dns.query; content:"adguard.gewete.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1349, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h0schi.cloud"; dns.query; content:"dns.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1350, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.h0schi.cloud"; dns.query; content:"dns2.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1351, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaydub.cloud"; dns.query; content:"adguard.jaydub.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1352, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.krol.cloud"; dns.query; content:"dns.krol.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1353, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lilith.cloud"; dns.query; content:"dns.lilith.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1354, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ltse.cloud"; dns.query; content:"dns.ltse.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1355, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mesterdodh.cloud"; dns.query; content:"dns.mesterdodh.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1356, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.cloud"; dns.query; content:"mydns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1357, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neoland.cloud"; dns.query; content:"neoland.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1358, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nexen.cloud"; dns.query; content:"doh.nexen.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1359, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for snafflefang.obn.cloud"; dns.query; content:"snafflefang.obn.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1360, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bc10ef2.online-server.cloud"; dns.query; content:"bc10ef2.online-server.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1361, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for e23aad3.online-server.cloud"; dns.query; content:"e23aad3.online-server.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1362, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stud.cloud"; dns.query; content:"dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1363, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.stud.cloud"; dns.query; content:"www.dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1364, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.thefather.cloud"; dns.query; content:"guard.thefather.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1365, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thore.cloud"; dns.query; content:"dns.thore.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1366, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 4yix.l.time4vps.cloud"; dns.query; content:"4yix.l.time4vps.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1367, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.vietguards.cloud"; dns.query; content:"tls.vietguards.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1368, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zkz.cloud"; dns.query; content:"dns.zkz.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1369, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-dns.zmy.cloud"; dns.query; content:"dot-dns.zmy.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1370, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.clubbase.club"; dns.query; content:"addns.clubbase.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1371, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.evilgame.club"; dns.query; content:"dns.evilgame.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1372, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fsociety.club"; dns.query; content:"dns.fsociety.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1373, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blade.lixd.club"; dns.query; content:"blade.lixd.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1374, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meowless.club"; dns.query; content:"meowless.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1375, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.citystars.cn"; dns.query; content:"dns.citystars.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1376, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ciwer.cn"; dns.query; content:"ns.ciwer.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1377, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gc.cyberbeta.cn"; dns.query; content:"gc.cyberbeta.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1378, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dl4mt.cn"; dns.query; content:"doh.dl4mt.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1379, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fills.cn"; dns.query; content:"dns.fills.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1380, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.guyifei.cn"; dns.query; content:"nas.guyifei.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1381, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ljk.kkizz.cn"; dns.query; content:"ljk.kkizz.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1382, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ali.loveweiqi.cn"; dns.query; content:"ali.loveweiqi.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1383, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gzdns.lyjfy.cn"; dns.query; content:"gzdns.lyjfy.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1384, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myv2ray.cn"; dns.query; content:"myv2ray.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1385, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quantum-age.cn"; dns.query; content:"quantum-age.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1386, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sinuosity.cn"; dns.query; content:"dns.sinuosity.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1387, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tefuir0829.cn"; dns.query; content:"dns.tefuir0829.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1388, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xinwujiang.cn"; dns.query; content:"dns.xinwujiang.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1389, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyjeqhc.cn"; dns.query; content:"dns.yyjeqhc.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1390, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zyzh20021020.cn"; dns.query; content:"dns.zyzh20021020.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c7.0t0.co"; dns.query; content:"c7.0t0.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1392, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bastnet.co"; dns.query; content:"dns.bastnet.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1393, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.canavan.co"; dns.query; content:"dns.canavan.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1394, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.embraced.co"; dns.query; content:"nas.embraced.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1395, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mapor.co"; dns.query; content:"adguard.mapor.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1396, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blokuj.ujwie.co"; dns.query; content:"blokuj.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1397, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nitter.ujwie.co"; dns.query; content:"nitter.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1398, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tipsy.coffee"; dns.query; content:"dns.tipsy.coffee"; nocase; fast_pattern; classtype:bad-unknown; sid:27991399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1399, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.2kil.com"; dns.query; content:"doh.2kil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1400, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2poi.com"; dns.query; content:"dns.2poi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1401, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.58jdl.com"; dns.query; content:"dns.58jdl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1402, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ososea.com"; dns.query; content:"dns.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1403, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.dotted.9l3.com"; dns.query; content:"one.dotted.9l3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1404, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaronplayzgaming.com"; dns.query; content:"dns.aaronplayzgaming.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1405, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abluehope.com"; dns.query; content:"abluehope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1406, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abluehope.com"; dns.query; content:"dns.abluehope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1407, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vn.dns.abpvn.com"; dns.query; content:"vn.dns.abpvn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1408, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahcek.com"; dns.query; content:"ahcek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1409, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahmgam.com"; dns.query; content:"dns.ahmgam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1410, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akr177.com"; dns.query; content:"akr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1411, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for albertocognetti.com"; dns.query; content:"albertocognetti.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1412, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.almanasports.com"; dns.query; content:"adguard.almanasports.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1413, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usa1.altcensored.com"; dns.query; content:"usa1.altcensored.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1414, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oradns.anbitech.com"; dns.query; content:"oradns.anbitech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1415, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andreykiv.com"; dns.query; content:"dns.andreykiv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1416, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.apollohct.com"; dns.query; content:"ag.apollohct.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1417, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fonfrodo.asuscomm.com"; dns.query; content:"fonfrodo.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1418, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marimuttz.asuscomm.com"; dns.query; content:"marimuttz.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1419, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xkariak.asuscomm.com"; dns.query; content:"xkariak.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1420, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.avastdns.com"; dns.query; content:"europe.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1421, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe-west.avastdns.com"; dns.query; content:"europe-west.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1422, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axistechsupport.com"; dns.query; content:"axistechsupport.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1423, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ayarzagoitia.com"; dns.query; content:"dns.ayarzagoitia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1424, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vdsn-nl-2.azatmutq.com"; dns.query; content:"vdsn-nl-2.azatmutq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1425, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vdsn-nl-2.azatmutq.com"; dns.query; content:"www.vdsn-nl-2.azatmutq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1426, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery2.eastasia.cloudapp.azure.com"; dns.query; content:"cattery2.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1427, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nc6d6ofnfu9puwnc.eastasia.cloudapp.azure.com"; dns.query; content:"nc6d6ofnfu9puwnc.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1428, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fatcat22.eastus.cloudapp.azure.com"; dns.query; content:"fatcat22.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1429, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg.eastus.cloudapp.azure.com"; dns.query; content:"sradg.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1430, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg2.eastus.cloudapp.azure.com"; dns.query; content:"sradg2.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1431, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kawpad.southeastasia.cloudapp.azure.com"; dns.query; content:"kawpad.southeastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1432, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1433, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-be-azure.westeurope.cloudapp.azure.com"; dns.query; content:"adguard-be-azure.westeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1434, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bahien.com"; dns.query; content:"dns.bahien.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1435, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscdn.bai0012.com"; dns.query; content:"dnscdn.bai0012.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1436, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns2.bancuh.com"; dns.query; content:"fr-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1437, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns2.bancuh.com"; dns.query; content:"sg-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1438, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for banhmiboyzzz.com"; dns.query; content:"banhmiboyzzz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1439, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for barsipgpt.com"; dns.query; content:"barsipgpt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1440, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batcavenetwork.com"; dns.query; content:"batcavenetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1441, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for internetsehat.bebasid.com"; dns.query; content:"internetsehat.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1442, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for domburg.beruys.com"; dns.query; content:"domburg.beruys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1443, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.biandrestreso.com"; dns.query; content:"adguard.biandrestreso.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1444, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.blogcuahieu.com"; dns.query; content:"adh.blogcuahieu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1445, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluestarnc.com"; dns.query; content:"dns.bluestarnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1446, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bobstrecansky.com"; dns.query; content:"bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1447, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.broaddy.com"; dns.query; content:"agh.broaddy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1448, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agh.broaddy.com"; dns.query; content:"www.agh.broaddy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1449, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2.bsh4.com"; dns.query; content:"dns.2.bsh4.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1450, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bunch-o-nerds.com"; dns.query; content:"bunch-o-nerds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1451, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.carioka.com"; dns.query; content:"unifi.carioka.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1452, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for caycewebsolutions.com"; dns.query; content:"caycewebsolutions.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1453, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chalkychalk.com"; dns.query; content:"dns.chalkychalk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1454, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chaudharyarnav.com"; dns.query; content:"adguard.chaudharyarnav.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1455, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chillstice.com"; dns.query; content:"dns.chillstice.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1456, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.chinghuat.com"; dns.query; content:"adhome.chinghuat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1457, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chenrouter.chironys.com"; dns.query; content:"chenrouter.chironys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1458, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.citrahost.com"; dns.query; content:"dns.citrahost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1459, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cloud-sekeng.com"; dns.query; content:"doh.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1460, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ys.cloud-sekeng.com"; dns.query; content:"ys.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1461, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnspod.clzapp.com"; dns.query; content:"dnspod.clzapp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1462, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cnbeining.com"; dns.query; content:"adguard.cnbeining.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1463, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.confrontingcode.com"; dns.query; content:"dns2.confrontingcode.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1464, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblocker.cpadin.com"; dns.query; content:"adblocker.cpadin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1465, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.destru.crabdance.com"; dns.query; content:"www.destru.crabdance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1466, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrusimha.crabdance.com"; dns.query; content:"nrusimha.crabdance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1467, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard1.cryptroute.com"; dns.query; content:"dns-guard1.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1468, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard2.cryptroute.com"; dns.query; content:"dns-guard2.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1469, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.damir-lukina.com"; dns.query; content:"adguard.damir-lukina.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1470, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notebait.ddnsfree.com"; dns.query; content:"notebait.ddnsfree.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1471, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dedidl.com"; dns.query; content:"dedidl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1472, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dientutronghuong.com"; dns.query; content:"adguard.dientutronghuong.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1473, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitaladapt.com"; dns.query; content:"dns.digitaladapt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1474, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dionperera.com"; dns.query; content:"dns.dionperera.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1475, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for disbish.com"; dns.query; content:"disbish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1476, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia.dns4sec.com"; dns.query; content:"mia.dns4sec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1477, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnscron.com"; dns.query; content:"doh.dnscron.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1478, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.dnscron.com"; dns.query; content:"dot.dnscron.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1479, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-atl.dnsflex.com"; dns.query; content:"doh-lb-atl.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1480, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-br.dnsflex.com"; dns.query; content:"doh-lb-br.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1481, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-ca-tor.dnsflex.com"; dns.query; content:"doh-lb-ca-tor.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1482, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-de.dnsflex.com"; dns.query; content:"doh-lb-de.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1483, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-gb.dnsflex.com"; dns.query; content:"doh-lb-gb.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1484, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-in.dnsflex.com"; dns.query; content:"doh-lb-in.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1485, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-sg.dnsflex.com"; dns.query; content:"doh-lb-sg.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1486, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh-no-safe-search.dnsforfamily.com"; dns.query; content:"dns-doh-no-safe-search.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1487, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doubleangels.com"; dns.query; content:"dns.doubleangels.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1488, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.com"; dns.query; content:"douglaster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1489, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.drnarrow.com"; dns.query; content:"dns.drnarrow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1490, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roucious.dyndns-remote.com"; dns.query; content:"roucious.dyndns-remote.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1491, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rafi.dynns.com"; dns.query; content:"rafi.dynns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1492, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oostelbos.dynu.com"; dns.query; content:"oostelbos.dynu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1493, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saomai.dynu.com"; dns.query; content:"saomai.dynu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1494, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edc-pws.com"; dns.query; content:"dns.edc-pws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1495, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.elhabhab.com"; dns.query; content:"dns.elhabhab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1496, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssec.dns.enginyring.com"; dns.query; content:"dnssec.dns.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1497, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.enginyring.com"; dns.query; content:"dns01.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1498, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.enginyring.com"; dns.query; content:"dns02.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1499, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eoghan-net.com"; dns.query; content:"adguard.eoghan-net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1500, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esegece.com"; dns.query; content:"dns.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1501, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.esegece.com"; dns.query; content:"dns-family.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1502, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for essentiallyjay.com"; dns.query; content:"essentiallyjay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1503, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gsat.familyds.com"; dns.query; content:"gsat.familyds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1504, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsbot.fiedin.com"; dns.query; content:"dnsbot.fiedin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1505, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fly.flymlc.com"; dns.query; content:"fly.flymlc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1506, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.frank-ruan.com"; dns.query; content:"resolver.frank-ruan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1507, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for calm-crown.freemyip.com"; dns.query; content:"calm-crown.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1508, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mkvvpssrv12.freemyip.com"; dns.query; content:"mkvvpssrv12.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1509, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srgaghome.freemyip.com"; dns.query; content:"srgaghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1510, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.srgaghome.freemyip.com"; dns.query; content:"www.srgaghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1511, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuangkhon.com"; dns.query; content:"fuangkhon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1512, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.fuangkhon.com"; dns.query; content:"www.fuangkhon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1513, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.gametechnet.com"; dns.query; content:"d.gametechnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1514, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gattow.com"; dns.query; content:"adguard.gattow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1515, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.georgev22.com"; dns.query; content:"adguard.georgev22.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1516, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lamdtl.giize.com"; dns.query; content:"lamdtl.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1517, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dev.gonnadive.com"; dns.query; content:"dev.gonnadive.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1518, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.gordmo.com"; dns.query; content:"dot.gordmo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1519, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi-dns.gordon81.com"; dns.query; content:"pi-dns.gordon81.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1520, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gosuntrip.com"; dns.query; content:"gosuntrip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1521, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.grantbruneau.com"; dns.query; content:"adguard.grantbruneau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1522, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostedadguard.greatharts.com"; dns.query; content:"hostedadguard.greatharts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1523, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.green1052.com"; dns.query; content:"adguard.green1052.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1524, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.grussenmeyer.com"; dns.query; content:"vps.grussenmeyer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1525, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guanmengkai.com"; dns.query; content:"guanmengkai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1526, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homedns.gumeniuk.com"; dns.query; content:"homedns.gumeniuk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1527, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusald.com"; dns.query; content:"gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1528, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.gusald.com"; dns.query; content:"ad.gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1529, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg-swe.h4nt3r.com"; dns.query; content:"adg-swe.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1530, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.h4nt3r.com"; dns.query; content:"adguard.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1531, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for office.heimtec.com"; dns.query; content:"office.heimtec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1532, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heoyun.com"; dns.query; content:"heoyun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1533, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for android.hfecr.com"; dns.query; content:"android.hfecr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1534, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinytz.com"; dns.query; content:"dns.hinytz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1535, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hopsken.com"; dns.query; content:"dns.hopsken.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1536, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostingim.com"; dns.query; content:"dns.hostingim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1537, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.idsam.com"; dns.query; content:"dns1.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1538, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.idsam.com"; dns.query; content:"dns2.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1539, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.idsam.com"; dns.query; content:"s.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1540, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for erroring.ignorelist.com"; dns.query; content:"erroring.ignorelist.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1541, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.ikhwanto.com"; dns.query; content:"adg.ikhwanto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1542, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.incaseineeditoneday.com"; dns.query; content:"www.incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1543, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-pa.incogdns.com"; dns.query; content:"dns-pa.incogdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1544, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inforlogia.com"; dns.query; content:"dns.inforlogia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1545, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.irumatech.com"; dns.query; content:"dns.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1546, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcosc.com"; dns.query; content:"dns.itcosc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1547, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itwht.com"; dns.query; content:"dns.itwht.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1548, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.janebooom.com"; dns.query; content:"hk.janebooom.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1549, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for snd.jaxif.com"; dns.query; content:"snd.jaxif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1550, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jnprd.com"; dns.query; content:"jnprd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1551, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jnprd.com"; dns.query; content:"dns.jnprd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1552, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.jobytan.com"; dns.query; content:"home.jobytan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1553, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmail.jpginformatica.com"; dns.query; content:"webmail.jpginformatica.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1554, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.juancamos.com"; dns.query; content:"dns.juancamos.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1555, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jupitrdns.com"; dns.query; content:"dns.jupitrdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1556, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp01.just-a-web.com"; dns.query; content:"jp01.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1557, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs02.just-a-web.com"; dns.query; content:"sgs02.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1558, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs03.just-a-web.com"; dns.query; content:"sgs03.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1559, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaandikec.com"; dns.query; content:"kaandikec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1560, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kaandikec.com"; dns.query; content:"dns.kaandikec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1561, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kc2wbx.com"; dns.query; content:"dns.kc2wbx.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1562, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kejinno.com"; dns.query; content:"dns.kejinno.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1563, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keskinnetwork.com"; dns.query; content:"dns.keskinnetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1564, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keskonet.com"; dns.query; content:"dns.keskonet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1565, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for khsan.com"; dns.query; content:"khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1566, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.khsan.com"; dns.query; content:"www.khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1567, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kinopu.com"; dns.query; content:"home.kinopu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1568, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elisabeth.klarsgarden.com"; dns.query; content:"elisabeth.klarsgarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1569, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kongjak.com"; dns.query; content:"dns.kongjak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1570, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.krushkov.com"; dns.query; content:"dns.krushkov.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1571, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kstdownload.com"; dns.query; content:"kstdownload.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1572, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mx1.laoxiao789.com"; dns.query; content:"mx1.laoxiao789.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1573, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for statistics.larryvpn.com"; dns.query; content:"statistics.larryvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1574, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.laurenlaufman.com"; dns.query; content:"adguard.laurenlaufman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1575, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lavir.com"; dns.query; content:"dns.lavir.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1576, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.layjune.com"; dns.query; content:"hk.layjune.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1577, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leecurrylawfirm.com"; dns.query; content:"leecurrylawfirm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1578, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br2.lezainski.com"; dns.query; content:"br2.lezainski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1579, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.lezainski.com"; dns.query; content:"dns2.lezainski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1580, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nd.lgprk.com"; dns.query; content:"nd.lgprk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1581, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lildinosaur.com"; dns.query; content:"dns.lildinosaur.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1582, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lithvik.com"; dns.query; content:"dns.lithvik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1583, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.liudeqin.com"; dns.query; content:"home.liudeqin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1584, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deweerd.loseyourip.com"; dns.query; content:"deweerd.loseyourip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1585, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.loukky.com"; dns.query; content:"ddd.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1586, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd2.loukky.com"; dns.query; content:"ddd2.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1587, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orjp4.lz0724.com"; dns.query; content:"orjp4.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1588, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome2.mail-endpoint.com"; dns.query; content:"adghome2.mail-endpoint.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1589, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malhuda.com"; dns.query; content:"dns.malhuda.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1590, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.mangosysdns.com"; dns.query; content:"hk.mangosysdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1591, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matthias-prost.com"; dns.query; content:"matthias-prost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1592, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.mattmanzi.com"; dns.query; content:"dns1.mattmanzi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1593, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcttechs.com"; dns.query; content:"mcttechs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1594, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.me7878.com"; dns.query; content:"dns.me7878.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1595, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-frankfurt.mii-xms.com"; dns.query; content:"dns-frankfurt.mii-xms.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1596, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-singapore.mii-xms.com"; dns.query; content:"dns-singapore.mii-xms.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1597, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikewaddick.com"; dns.query; content:"mikewaddick.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1598, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.milangeorge.com"; dns.query; content:"dns.milangeorge.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1599, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mmmalia.com"; dns.query; content:"doh.mmmalia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1600, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mo0on15.com"; dns.query; content:"mo0on15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1601, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.mobyds.com"; dns.query; content:"query.mobyds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1602, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home47a.mooo.com"; dns.query; content:"home47a.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1603, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.motazhakim.com"; dns.query; content:"dns.motazhakim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1604, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mr-romero.com"; dns.query; content:"mr-romero.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1605, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as6604t-04.myasustor.com"; dns.query; content:"as6604t-04.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1606, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justfor.myasustor.com"; dns.query; content:"justfor.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1607, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-scheiben34.myasustor.com"; dns.query; content:"nas-scheiben34.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1608, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for walker.mynetgear.com"; dns.query; content:"walker.mynetgear.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1609, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for egshe.myqnapcloud.com"; dns.query; content:"egshe.myqnapcloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1610, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newlibrarian.myqnapcloud.com"; dns.query; content:"newlibrarian.myqnapcloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1611, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nguyendn.com"; dns.query; content:"dns.nguyendn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1612, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.niko-sem.com"; dns.query; content:"adguard.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1613, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnx.niko-sem.com"; dns.query; content:"dnx.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1614, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wd.noimjosh.com"; dns.query; content:"wd.noimjosh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1615, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ax.ns1net.com"; dns.query; content:"ax.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1616, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.ns1net.com"; dns.query; content:"x.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1617, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xx.ns1net.com"; dns.query; content:"xx.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1618, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.com"; dns.query; content:"ns3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1619, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsown.com"; dns.query; content:"nsown.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1620, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nudnud.com"; dns.query; content:"nudnud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1621, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullrecon.com"; dns.query; content:"dns.nullrecon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1622, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.odomail.com"; dns.query; content:"secure.odomail.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1623, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsa.onnonetworks.com"; dns.query; content:"nsa.onnonetworks.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1624, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsb.onnonetworks.com"; dns.query; content:"nsb.onnonetworks.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1625, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ortudns.com"; dns.query; content:"ortudns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1626, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oryxlabs.com"; dns.query; content:"dns.oryxlabs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1627, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.osmenoga.com"; dns.query; content:"dns.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1628, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.oswlinc.com"; dns.query; content:"vpn.oswlinc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1629, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p55k.com"; dns.query; content:"dns.p55k.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1630, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pacificmonster.com"; dns.query; content:"dns.pacificmonster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1631, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paxavemedia.com"; dns.query; content:"dns.paxavemedia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1632, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.periactes.com"; dns.query; content:"dns.periactes.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1633, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.permafrostmiami.com"; dns.query; content:"dns0.permafrostmiami.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1634, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pgnhatrang.com"; dns.query; content:"dns.pgnhatrang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1635, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for philqoo.com"; dns.query; content:"philqoo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1636, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.philqoo.com"; dns.query; content:"dns.philqoo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1637, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pieterdherde.com"; dns.query; content:"dns.pieterdherde.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1638, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaia.plonknet.com"; dns.query; content:"gaia.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1639, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uranus.plonknet.com"; dns.query; content:"uranus.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1640, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muppy.pnamae.com"; dns.query; content:"muppy.pnamae.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1641, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.porteii.com"; dns.query; content:"dns2.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1642, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privatebard.com"; dns.query; content:"privatebard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1643, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.radityaharya.com"; dns.query; content:"dns.radityaharya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1644, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ramansarda.com"; dns.query; content:"dns.ramansarda.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1645, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.renardyre.com"; dns.query; content:"dns.renardyre.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1646, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjaldorau.com"; dns.query; content:"rjaldorau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1647, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rndns.com"; dns.query; content:"rndns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1648, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saya.rnrkurir.com"; dns.query; content:"saya.rnrkurir.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1649, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ususbuntu.rtrdgovt.com"; dns.query; content:"ususbuntu.rtrdgovt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1650, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pns2.sadraidc.com"; dns.query; content:"pns2.sadraidc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1651, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sainte-foie.com"; dns.query; content:"dns.sainte-foie.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1652, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for scottdylewski.com"; dns.query; content:"scottdylewski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1653, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for centerserver.servebeer.com"; dns.query; content:"centerserver.servebeer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1654, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.bugflaed2.shahram-m8.com"; dns.query; content:"skyroom.online.bugflaed2.shahram-m8.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1655, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.cdn41.shahram-m8.com"; dns.query; content:"skyroom.online.cdn41.shahram-m8.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1656, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.cdn40.shahrammedia.com"; dns.query; content:"skyroom.online.cdn40.shahrammedia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1657, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ss.startagegames.com"; dns.query; content:"hk2.ss.startagegames.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1658, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.stealbit.com"; dns.query; content:"adguard.stealbit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1659, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.streamsmoke.com"; dns.query; content:"dns.streamsmoke.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1660, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.stroialliance.com"; dns.query; content:"vpn.stroialliance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1661, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpn.stroialliance.com"; dns.query; content:"www.vpn.stroialliance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1662, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pure.sunnygyl.com"; dns.query; content:"pure.sunnygyl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1663, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1664, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.surfbelow.com"; dns.query; content:"www.surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1665, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.teknoholistik.com"; dns.query; content:"family.dns.teknoholistik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1666, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnselbagre.telnet-isp.com"; dns.query; content:"dnselbagre.telnet-isp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1667, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thefamilypuls.com"; dns.query; content:"thefamilypuls.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1668, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heykan.theworkpc.com"; dns.query; content:"heykan.theworkpc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1669, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.timothy-dev.com"; dns.query; content:"dns1.timothy-dev.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1670, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chronicle14.tplinkdns.com"; dns.query; content:"chronicle14.tplinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1671, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ebpmc.tplinkdns.com"; dns.query; content:"ebpmc.tplinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1672, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hyunos.tplinkdns.com"; dns.query; content:"hyunos.tplinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1673, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuankhaiit.com"; dns.query; content:"dns.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1674, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cn.turngreatwall.com"; dns.query; content:"cn.turngreatwall.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1675, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.varga-da.com"; dns.query; content:"dns.varga-da.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1676, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vegdiabetic.com"; dns.query; content:"dns.vegdiabetic.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1677, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.voidnix.com"; dns.query; content:"adguard.voidnix.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1678, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wellstsai.com"; dns.query; content:"dns.wellstsai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1679, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whatcaniplay.com"; dns.query; content:"whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1680, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.willhotard.com"; dns.query; content:"adguard.willhotard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1681, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wincservices.com"; dns.query; content:"dns.wincservices.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1682, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.wistarip.com"; dns.query; content:"dns3.wistarip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1683, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.woosahdigitalhosted.com"; dns.query; content:"dns01.woosahdigitalhosted.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1684, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.wwhhkg.com"; dns.query; content:"ad.wwhhkg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1685, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xm706v.com"; dns.query; content:"v2.xm706v.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1686, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.youler.com"; dns.query; content:"adguard.youler.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1687, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yumenashyi.com"; dns.query; content:"dns.yumenashyi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1688, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.yuwentian.com"; dns.query; content:"v.yuwentian.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1689, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyaan.com"; dns.query; content:"dns.yyaan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1690, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zalizman.com"; dns.query; content:"zalizman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1691, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zeinima.com"; dns.query; content:"dns.zeinima.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1692, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res.zijji.com"; dns.query; content:"res.zijji.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1693, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zrtechcenter.com"; dns.query; content:"adguard.zrtechcenter.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1694, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unitech.company"; dns.query; content:"dns.unitech.company"; nocase; fast_pattern; classtype:bad-unknown; sid:27991695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1695, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.luan.contact"; dns.query; content:"dns1.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27991696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1696, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.avc.cx"; dns.query; content:"vps.avc.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1697, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.cx"; dns.query; content:"ns3.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1698, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv5.jiripocta.cz"; dns.query; content:"srv5.jiripocta.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1699, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rabmoor.cz"; dns.query; content:"adguard.rabmoor.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1700, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1701, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.qooqle.date"; dns.query; content:"dot.qooqle.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1702, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.19kom.de"; dns.query; content:"guard.19kom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1703, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2t9.de"; dns.query; content:"dns.2t9.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1704, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghs.de"; dns.query; content:"adghs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1705, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.alematho.de"; dns.query; content:"agh.alematho.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1706, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aykanbacaksoy.de"; dns.query; content:"dns.aykanbacaksoy.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1707, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.betamax65.de"; dns.query; content:"adguard.betamax65.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1708, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.bonis.de"; dns.query; content:"adguard1.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1709, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.bonis.de"; dns.query; content:"adguard2.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1710, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.c0ntroller.de"; dns.query; content:"dns.c0ntroller.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1711, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgh.catfluori.de"; dns.query; content:"adgh.catfluori.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1712, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudsrv.charitosnet.de"; dns.query; content:"cloudsrv.charitosnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1713, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for circumitor.de"; dns.query; content:"circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1714, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-asm.circumitor.de"; dns.query; content:"c-asm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1715, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-rm.circumitor.de"; dns.query; content:"c-rm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1716, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fritz-er.circumitor.de"; dns.query; content:"fritz-er.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1717, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fritz-hbh.circumitor.de"; dns.query; content:"fritz-hbh.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1718, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-asm.circumitor.de"; dns.query; content:"m-asm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1719, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-cm.circumitor.de"; dns.query; content:"m-cm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1720, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-rm.circumitor.de"; dns.query; content:"m-rm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1721, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.codarbyte.de"; dns.query; content:"dns.codarbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1722, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.crestfallen.de"; dns.query; content:"adguard.crestfallen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1723, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jakubaws.dd-dns.de"; dns.query; content:"jakubaws.dd-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1724, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-enzel.de"; dns.query; content:"dns-enzel.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1725, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.dns-ga.de"; dns.query; content:"dot.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1726, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.dns-ga.de"; dns.query; content:"secure-dns.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1727, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsforge.de"; dns.query; content:"www.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1728, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bahopir188.dnshome.de"; dns.query; content:"bahopir188.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1729, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr-adguard.de"; dns.query; content:"dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1730, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.dr-adguard.de"; dns.query; content:"server01.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1731, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server03.dr-adguard.de"; dns.query; content:"server03.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1732, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atlantic.dyn1.de"; dns.query; content:"atlantic.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1733, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eccloud.de"; dns.query; content:"eccloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1734, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eccloud.de"; dns.query; content:"www.eccloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1735, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.internal.espresso-tasse.de"; dns.query; content:"dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1736, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for handy-matthias.dns.internal.espresso-tasse.de"; dns.query; content:"handy-matthias.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1737, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for handy-nils.dns.internal.espresso-tasse.de"; dns.query; content:"handy-nils.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1738, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tablet-matthias.dns.internal.espresso-tasse.de"; dns.query; content:"tablet-matthias.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1739, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eumera.de"; dns.query; content:"dns.eumera.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1740, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.exonip.de"; dns.query; content:"dns.exonip.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1741, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.fknw.de"; dns.query; content:"resolve.fknw.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1742, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flukeadopt.de"; dns.query; content:"flukeadopt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1743, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.frece.de"; dns.query; content:"adguard2.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1744, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eime.goip.de"; dns.query; content:"eime.goip.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1745, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for grunwald-marc.de"; dns.query; content:"grunwald-marc.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1746, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.homepeter.de"; dns.query; content:"adguard01.homepeter.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1747, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.jabber-germany.de"; dns.query; content:"www.jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1748, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-server.de"; dns.query; content:"jabber-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1749, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kellerbier-home.de"; dns.query; content:"kellerbier-home.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1750, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kngnet.de"; dns.query; content:"adguard.kngnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1751, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for knight1.de"; dns.query; content:"knight1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1752, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.kul-lippek.de"; dns.query; content:"agh.kul-lippek.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1753, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lietschaend.de"; dns.query; content:"dns.lietschaend.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1754, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.loony-tech.de"; dns.query; content:"dns.loony-tech.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1755, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.masters-of-cloud.de"; dns.query; content:"www.masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1756, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rasp.matthias-iwer.de"; dns.query; content:"rasp.matthias-iwer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1757, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mcasviper.de"; dns.query; content:"doh.mcasviper.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1758, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikatos.de"; dns.query; content:"mikatos.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1759, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muellerstech.de"; dns.query; content:"dns.muellerstech.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1760, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myrusvpn.de"; dns.query; content:"myrusvpn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1761, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mysvc.de"; dns.query; content:"dns.mysvc.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1762, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nhgnet.de"; dns.query; content:"dns2.nhgnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1763, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nj0.de"; dns.query; content:"dns.nj0.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1764, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.nosfe.de"; dns.query; content:"adg.nosfe.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1765, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.odirf.de"; dns.query; content:"dns.odirf.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1766, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.pidns.de"; dns.query; content:"adg.pidns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1767, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for psociety.de"; dns.query; content:"psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1768, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psociety.de"; dns.query; content:"dns.psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1769, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pushedv.de"; dns.query; content:"adguard.pushedv.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1770, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sascha-rabold.de"; dns.query; content:"sascha-rabold.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1771, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schmidt-zoarn.de"; dns.query; content:"dns.schmidt-zoarn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1772, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plex.skin57.de"; dns.query; content:"plex.skin57.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1773, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.solutionsbest.de"; dns.query; content:"ns.solutionsbest.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1774, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.srv-pro.de"; dns.query; content:"resolve.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1775, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.srv-pro.de"; dns.query; content:"resolve2.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1776, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigora2.vuhai.de"; dns.query; content:"bigora2.vuhai.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1777, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vsrv15195.customer.xenway.de"; dns.query; content:"vsrv15195.customer.xenway.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1778, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ygonline.de"; dns.query; content:"dns.ygonline.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1779, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ys4.de"; dns.query; content:"ys4.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1780, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.zitronen-server.de"; dns.query; content:"adguard01.zitronen-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1781, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for net.0ms.dev"; dns.query; content:"net.0ms.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1782, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.alex-tools.dev"; dns.query; content:"adguard.alex-tools.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1783, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dizdarevic.dev"; dns.query; content:"adguard.dizdarevic.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1784, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fydne.dev"; dns.query; content:"dns.fydne.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1785, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.herry.dev"; dns.query; content:"adg.herry.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1786, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ictorn.dev"; dns.query; content:"dns.ictorn.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1787, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz2.jammerxd.dev"; dns.query; content:"xyz2.jammerxd.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1788, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz3.jammerxd.dev"; dns.query; content:"xyz3.jammerxd.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1789, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kamrul.dev"; dns.query; content:"adguard.kamrul.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1790, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.dev"; dns.query; content:"adguard.mokocup.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1791, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.passarelli.dev"; dns.query; content:"dns.passarelli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1792, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for servicesgov.dev"; dns.query; content:"servicesgov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1793, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for singy.smartq.dev"; dns.query; content:"singy.smartq.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1794, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.struchkov.dev"; dns.query; content:"dns.struchkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1795, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkhole.uint64.dev"; dns.query; content:"darkhole.uint64.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1796, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.woodyli.dev"; dns.query; content:"dns.woodyli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1797, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xivilay.dev"; dns.query; content:"dns.xivilay.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1798, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zabolotskikh.dev"; dns.query; content:"zabolotskikh.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1799, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zion.dev"; dns.query; content:"dns.zion.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1800, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast2.servers.censurfridns.dk"; dns.query; content:"unicast2.servers.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1801, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nielsenhost.dk"; dns.query; content:"adguard.nielsenhost.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1802, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rasmusminde.dk"; dns.query; content:"doh.rasmusminde.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1803, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.dk"; dns.query; content:"anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1804, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.dk"; dns.query; content:"deic-lgb.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1805, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.dk"; dns.query; content:"kracon.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1806, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.dk"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1807, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.dk"; dns.query; content:"unicast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1808, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.dog"; dns.query; content:"beacon.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27991809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1809, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for btb.dog"; dns.query; content:"btb.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27991810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1810, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.solutics.ec"; dns.query; content:"ns.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27991811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1811, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.abgnetwork.es"; dns.query; content:"vps.abgnetwork.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1812, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doso.es"; dns.query; content:"dns.doso.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1813, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for genscorp.es"; dns.query; content:"genscorp.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1814, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sacarino.es"; dns.query; content:"sacarino.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1815, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sga21.es"; dns.query; content:"sga21.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1816, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titov.es"; dns.query; content:"adguard.titov.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1817, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.11i.eu"; dns.query; content:"1.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1818, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.11i.eu"; dns.query; content:"2.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1819, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3.11i.eu"; dns.query; content:"3.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1820, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.almir1904.eu"; dns.query; content:"dns01.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1821, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.almir1904.eu"; dns.query; content:"dns02.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1822, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns03.almir1904.eu"; dns.query; content:"dns03.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1823, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.almir1904.eu"; dns.query; content:"doh.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1824, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.almir1904.eu"; dns.query; content:"doh2.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1825, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh3.almir1904.eu"; dns.query; content:"doh3.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1826, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.basthorst.eu"; dns.query; content:"home.basthorst.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1827, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.danielnet.eu"; dns.query; content:"dns.danielnet.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1828, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decky.eu"; dns.query; content:"dns.decky.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1829, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.felixf.eu"; dns.query; content:"ag.felixf.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1830, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.i6p.eu"; dns.query; content:"dns.i6p.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1831, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.leadseason.eu"; dns.query; content:"adguard.leadseason.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1832, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydevpn.eu"; dns.query; content:"mydevpn.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1833, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n0.eu"; dns.query; content:"n0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1834, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.orencak.eu"; dns.query; content:"dns.orencak.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1835, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rhscz.eu"; dns.query; content:"dns.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1836, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.rhscz.eu"; dns.query; content:"dns1.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1837, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.rhscz.eu"; dns.query; content:"dns2.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1838, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bg.rslvr.eu"; dns.query; content:"bg.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1839, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sa-sa.eu"; dns.query; content:"doh.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1840, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doq.sa-sa.eu"; dns.query; content:"doq.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1841, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.safko.eu"; dns.query; content:"dns.safko.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1842, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for svg33.eu"; dns.query; content:"svg33.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1843, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.svg33.eu"; dns.query; content:"www.svg33.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1844, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.therman.eu"; dns.query; content:"ads.therman.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1845, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tooizi.eu"; dns.query; content:"dns.tooizi.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1846, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaultguard.eu"; dns.query; content:"dns.vaultguard.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1847, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wallura.eu"; dns.query; content:"adguard.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1848, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsfysdfgiuy.ydns.eu"; dns.query; content:"adsfysdfgiuy.ydns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1849, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sheepdogs.faith"; dns.query; content:"dns.sheepdogs.faith"; nocase; fast_pattern; classtype:bad-unknown; sid:27991850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1850, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.rabot.fi"; dns.query; content:"ns.rabot.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1851, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for barnabech.fr"; dns.query; content:"barnabech.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1852, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.barnabech.fr"; dns.query; content:"www.barnabech.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1853, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.interne.benj-lab.fr"; dns.query; content:"adguard.interne.benj-lab.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1854, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.briac-mlb.fr"; dns.query; content:"dns.briac-mlb.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1855, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fukuda.ccnt.fr"; dns.query; content:"fukuda.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1856, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.ccnt.fr"; dns.query; content:"vpn.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1857, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuripe.ccnt.fr"; dns.query; content:"yuripe.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1858, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.fr.couli.fr"; dns.query; content:"adguardhome.fr.couli.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1859, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jalexx.freeboxos.fr"; dns.query; content:"jalexx.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1860, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.freeboxos.fr"; dns.query; content:"lilibox.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1861, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcornet.freeboxos.fr"; dns.query; content:"pcornet.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1862, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fulgore.fr"; dns.query; content:"dns.fulgore.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1863, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.glbd.fr"; dns.query; content:"adguard.glbd.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1864, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.influa-dev.fr"; dns.query; content:"dns.influa-dev.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1865, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for my.influa-dev.fr"; dns.query; content:"my.influa-dev.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1866, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxjdf.jamesferrand.fr"; dns.query; content:"proxjdf.jamesferrand.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1867, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.koshonsa.fr"; dns.query; content:"adguard.koshonsa.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1868, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for le-mesle.fr"; dns.query; content:"le-mesle.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1869, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglas.mebrak.fr"; dns.query; content:"douglas.mebrak.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1870, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nexashield.fr"; dns.query; content:"nexashield.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1871, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.octoworld.fr"; dns.query; content:"dns.octoworld.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1872, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.patrick-antoine.fr"; dns.query; content:"nas.patrick-antoine.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1873, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bit.psyk.fr"; dns.query; content:"bit.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1874, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psyk.fr"; dns.query; content:"dns.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1875, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qkc.fr"; dns.query; content:"dns.qkc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1876, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.r01.fr"; dns.query; content:"home.r01.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1877, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.req1.fr"; dns.query; content:"dns.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1878, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wg.req1.fr"; dns.query; content:"wg.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1879, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spyrisk.fr"; dns.query; content:"adguard.spyrisk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1880, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.srv-home.fr"; dns.query; content:"dns2.srv-home.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1881, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.streamlas.fr"; dns.query; content:"adguard.streamlas.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1882, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.synhdigital.fr"; dns.query; content:"dns.synhdigital.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1883, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.synhdigital.fr"; dns.query; content:"doh.synhdigital.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1884, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.teaminfo.fr"; dns.query; content:"dns.teaminfo.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1885, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tondns.fr"; dns.query; content:"tondns.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1886, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.victorhachard.fr"; dns.query; content:"dns.victorhachard.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1887, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.visbran.fr"; dns.query; content:"ad.visbran.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1888, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn0109.voodonline.fr"; dns.query; content:"vpn0109.voodonline.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1889, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vrehm.fr"; dns.query; content:"vrehm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1890, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vrehm.fr"; dns.query; content:"adguard.vrehm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1891, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warrior.fr"; dns.query; content:"dns.warrior.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1892, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-wan.xaoimoon.fr"; dns.query; content:"adb-wan.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1893, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zarchbox.fr"; dns.query; content:"dns.zarchbox.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1894, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.a1.1vpn.fun"; dns.query; content:"www.a1.1vpn.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1895, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sweden.1vpn.fun"; dns.query; content:"sweden.1vpn.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1896, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akaboom.fun"; dns.query; content:"akaboom.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1897, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dupatruwi22.fun"; dns.query; content:"dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1898, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dupatruwi22.fun"; dns.query; content:"www.dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1899, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fafr.fun"; dns.query; content:"dns.fafr.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1900, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kekv.fun"; dns.query; content:"kekv.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1901, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.maige.fun"; dns.query; content:"adhome.maige.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1902, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spb1.naum.fun"; dns.query; content:"spb1.naum.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1903, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.spb1.naum.fun"; dns.query; content:"vpn.spb1.naum.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1904, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.spb1.naum.fun"; dns.query; content:"www.spb1.naum.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1905, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcgo.fun"; dns.query; content:"pcgo.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1906, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra.core.access.zznet.fun"; dns.query; content:"fra.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1907, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.core.access.zznet.fun"; dns.query; content:"hkg.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1908, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax.core.access.zznet.fun"; dns.query; content:"lax.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1909, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrt.core.access.zznet.fun"; dns.query; content:"nrt.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1910, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin.core.access.zznet.fun"; dns.query; content:"sin.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1911, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.core.access.zznet.fun"; dns.query; content:"syd.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1912, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tolink.group"; dns.query; content:"dns.tolink.group"; nocase; fast_pattern; classtype:bad-unknown; sid:27991913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1913, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simba.house"; dns.query; content:"dns.simba.house"; nocase; fast_pattern; classtype:bad-unknown; sid:27991914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1914, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivica-vulas.from.hr"; dns.query; content:"ivica-vulas.from.hr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1915, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.c515.icu"; dns.query; content:"dns.c515.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1916, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.shabi.icu"; dns.query; content:"d3.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1917, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-uk.su4ka.icu"; dns.query; content:"dns-uk.su4ka.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1918, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-uk2.su4ka.icu"; dns.query; content:"dns-uk2.su4ka.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1919, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sq.trin.icu"; dns.query; content:"sq.trin.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1920, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twopudding.icu"; dns.query; content:"dns.twopudding.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1921, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.unima.ac.id"; dns.query; content:"adguard1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1922, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.unima.ac.id"; dns.query; content:"adguard2.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1923, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open-resolver1.unima.ac.id"; dns.query; content:"open-resolver1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1924, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.coconut.id"; dns.query; content:"block.coconut.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1925, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lpse.minahasa.go.id"; dns.query; content:"lpse.minahasa.go.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1926, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jakinet.id"; dns.query; content:"adguard.jakinet.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1927, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lancar.id"; dns.query; content:"dns.lancar.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1928, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antarlangit.my.id"; dns.query; content:"antarlangit.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1929, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.artsvr.my.id"; dns.query; content:"doh.artsvr.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1930, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns72.automationhome.my.id"; dns.query; content:"dns72.automationhome.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1931, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.basestation.my.id"; dns.query; content:"dns.basestation.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1932, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for be2aja.my.id"; dns.query; content:"be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1933, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.be2aja.my.id"; dns.query; content:"unifi.be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1934, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bhadrikais.my.id"; dns.query; content:"doh.bhadrikais.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.danayasastore.my.id"; dns.query; content:"dns.danayasastore.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1936, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ali.dn53.my.id"; dns.query; content:"ali.dn53.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1937, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freddys.my.id"; dns.query; content:"dns.freddys.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1938, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for math.netlab.my.id"; dns.query; content:"math.netlab.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1939, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.presencebuggy.my.id"; dns.query; content:"dns.presencebuggy.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1940, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rbs.my.id"; dns.query; content:"dns.rbs.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1941, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh2.server.my.id"; dns.query; content:"agh2.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1942, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgrus.tvmix.my.id"; dns.query; content:"adgrus.tvmix.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1943, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.gms.net.id"; dns.query; content:"dns2.gms.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1944, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homelab2.terabit.net.id"; dns.query; content:"homelab2.terabit.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1945, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.ningkelle.id"; dns.query; content:"family.dns.ningkelle.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1946, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filter.das.sch.id"; dns.query; content:"filter.das.sch.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1947, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.syaifullah.id"; dns.query; content:"dns.syaifullah.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1948, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for web-rated.ie"; dns.query; content:"web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1949, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pg.web-rated.ie"; dns.query; content:"pg.web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1950, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jean.im"; dns.query; content:"dns.jean.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1951, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.oii.im"; dns.query; content:"ddns.oii.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1952, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1b.ns.ozer.im"; dns.query; content:"1b.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1953, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.unp.im"; dns.query; content:"server.unp.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1954, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for y3suyx0cg2lewi2dmn.advaitghaisas.in"; dns.query; content:"y3suyx0cg2lewi2dmn.advaitghaisas.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1955, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rootdns.anir0y.in"; dns.query; content:"rootdns.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1956, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mnml.co.in"; dns.query; content:"dns.mnml.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1957, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.srinivasrao.co.in"; dns.query; content:"dns.srinivasrao.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1958, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.deekshith.in"; dns.query; content:"dns.deekshith.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1959, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fahr.in"; dns.query; content:"dns.fahr.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1960, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agdns.itsud.in"; dns.query; content:"agdns.itsud.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1961, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hermes.kurup.in"; dns.query; content:"hermes.kurup.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1962, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for libye.in"; dns.query; content:"libye.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1963, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for h.ra3.in"; dns.query; content:"h.ra3.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1964, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.shenl.in"; dns.query; content:"query.shenl.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1965, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.x88.in"; dns.query; content:"ads.x88.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1966, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.micro.alloxr.info"; dns.query; content:"dns.micro.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1967, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.baltes.info"; dns.query; content:"adguard.baltes.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1968, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.info"; dns.query; content:"bilidon.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1969, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.bilidon.info"; dns.query; content:"www.bilidon.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1970, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chlaebi.info"; dns.query; content:"www.chlaebi.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1971, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.conana.info"; dns.query; content:"jp.conana.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1972, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for los.conana.info"; dns.query; content:"los.conana.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1973, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.dnsuser.info"; dns.query; content:"bilidon.dnsuser.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1974, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.fastpacefixit.info"; dns.query; content:"adh.fastpacefixit.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1975, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.isteal.info"; dns.query; content:"dns.isteal.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1976, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kekew.info"; dns.query; content:"doh.kekew.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1977, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 7agb96-dns.komeho.info"; dns.query; content:"7agb96-dns.komeho.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1978, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lorc17-dns.komeho.info"; dns.query; content:"lorc17-dns.komeho.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1979, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lmir.info"; dns.query; content:"dns.lmir.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1980, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lova.long-nguyen.info"; dns.query; content:"lova.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1981, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv.long-nguyen.info"; dns.query; content:"lv.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1982, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vani.long-nguyen.info"; dns.query; content:"vani.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1983, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for defsnldns01.sc-hosting.info"; dns.query; content:"defsnldns01.sc-hosting.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1984, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for selsby.info"; dns.query; content:"selsby.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1985, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hee.ink"; dns.query; content:"dns.hee.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1986, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pub.hsuan.ink"; dns.query; content:"pub.hsuan.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1987, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.jtt.ink"; dns.query; content:"b.jtt.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1988, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.aflr.io"; dns.query; content:"blackhole.aflr.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1989, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.ak42.io"; dns.query; content:"vps.ak42.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1990, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.bortus.io"; dns.query; content:"dns2.bortus.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1991, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a5135324.csie.io"; dns.query; content:"a5135324.csie.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1992, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.dedyn.io"; dns.query; content:"adns.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1993, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frank-web.dedyn.io"; dns.query; content:"frank-web.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1994, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k03.dedyn.io"; dns.query; content:"k03.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1995, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for owndns.dedyn.io"; dns.query; content:"owndns.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1996, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-fra.linode.haberl.io"; dns.query; content:"adguard-fra.linode.haberl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1997, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-sg.linode.haberl.io"; dns.query; content:"adguard-sg.linode.haberl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1998, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.luther.io"; dns.query; content:"home.luther.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1999, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mafyuh.io"; dns.query; content:"dns.mafyuh.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2000, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.n23.io"; dns.query; content:"dns.n23.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2001, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps4.scho.io"; dns.query; content:"vps4.scho.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2002, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.supercluster.io"; dns.query; content:"dns.supercluster.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2003, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tcpu.io"; dns.query; content:"adguard.tcpu.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2004, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.vdl.io"; dns.query; content:"noads.vdl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2005, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdn.45lnd.ir"; dns.query; content:"cdn.45lnd.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2006, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ai6.ir"; dns.query; content:"dns.ai6.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2007, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.deghy.ir"; dns.query; content:"de.deghy.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2008, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker-hub.ir"; dns.query; content:"docker-hub.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2009, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.farakaft.ir"; dns.query; content:"dns.farakaft.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2010, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jungle-im.ir"; dns.query; content:"dns.jungle-im.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2011, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kcolspacrm.ir"; dns.query; content:"kcolspacrm.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2012, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keymiagar.ir"; dns.query; content:"keymiagar.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2013, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.midping.ir"; dns.query; content:"dns.midping.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2014, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sbstructure.ir"; dns.query; content:"dns.sbstructure.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2015, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.shecan.ir"; dns.query; content:"free.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2016, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.bruckmoser.it"; dns.query; content:"home.bruckmoser.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2017, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.giorgiooppo.it"; dns.query; content:"dns.giorgiooppo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2018, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flat.loisy.it"; dns.query; content:"flat.loisy.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2019, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-fusion.loisy.it"; dns.query; content:"nas-fusion.loisy.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2020, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.servizimv.it"; dns.query; content:"dns.servizimv.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2021, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.stefanoperna.it"; dns.query; content:"nas.stefanoperna.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2022, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hyperspace.toxopeus.it"; dns.query; content:"hyperspace.toxopeus.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2023, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1-secure.wifire.it"; dns.query; content:"dns1-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2024, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2-secure.wifire.it"; dns.query; content:"dns2-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2025, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--85w848a.jp"; dns.query; content:"xn--85w848a.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2026, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xie.ke"; dns.query; content:"xie.ke"; nocase; fast_pattern; classtype:bad-unknown; sid:27992027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2027, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xie.ke"; dns.query; content:"dns.xie.ke"; nocase; fast_pattern; classtype:bad-unknown; sid:27992028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2028, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for new.gx.edu.kg"; dns.query; content:"new.gx.edu.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27992029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2029, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dhlifeus-micro1.dns.3456.kr"; dns.query; content:"dhlifeus-micro1.dns.3456.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2030, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.kr"; dns.query; content:"ns.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2031, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.kr"; dns.query; content:"ns1.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2032, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.kr"; dns.query; content:"ns2.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2033, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.delage.li"; dns.query; content:"nas.delage.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2034, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hva.li"; dns.query; content:"dns.hva.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2035, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for void-gate.irre.li"; dns.query; content:"void-gate.irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2036, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xcn.li"; dns.query; content:"dns.xcn.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2037, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.himarsman.life"; dns.query; content:"www.himarsman.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27992038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2038, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for solution.w10.life"; dns.query; content:"solution.w10.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27992039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2039, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfreedns.link"; dns.query; content:"adfreedns.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2040, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atsilva.link"; dns.query; content:"atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2041, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.atsilva.link"; dns.query; content:"dns.atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2042, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.filatov.link"; dns.query; content:"vps.filatov.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2043, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guidetoworld.link"; dns.query; content:"guidetoworld.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2044, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.insec.link"; dns.query; content:"doh.insec.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2045, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.link"; dns.query; content:"ns3.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2046, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pmxu.link"; dns.query; content:"dns.pmxu.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2047, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.purah.link"; dns.query; content:"dns.purah.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2048, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.qwqwe.link"; dns.query; content:"adg.qwqwe.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2049, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsin.live"; dns.query; content:"nsin.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2050, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securitate.live"; dns.query; content:"securitate.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2051, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for acomit.lk"; dns.query; content:"acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2052, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.acomit.lk"; dns.query; content:"www.acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2053, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.arian.lol"; dns.query; content:"uk.arian.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2054, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ralfs-dns.dsh.lol"; dns.query; content:"ralfs-dns.dsh.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2055, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.fengli.love"; dns.query; content:"beacon.fengli.love"; nocase; fast_pattern; classtype:bad-unknown; sid:27992056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2056, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.ahua.ltd"; dns.query; content:"hk.ahua.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2057, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahyxluo.ltd"; dns.query; content:"dns.ahyxluo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2058, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andersfarms.ltd"; dns.query; content:"dns.andersfarms.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2059, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.neten.ltd"; dns.query; content:"vpn.neten.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2060, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpns.neten.ltd"; dns.query; content:"vpns.neten.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2061, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2062, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.beliefanx.me"; dns.query; content:"guard.beliefanx.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2063, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.biliun.me"; dns.query; content:"dns.biliun.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2064, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch01adguardho.me"; dns.query; content:"ch01adguardho.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2065, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chriscsc.me"; dns.query; content:"dns.chriscsc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2066, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cnblw.me"; dns.query; content:"dns.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2067, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cornes.me"; dns.query; content:"doh.cornes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2068, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.corpa.me"; dns.query; content:"doh.corpa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.corpa.me"; dns.query; content:"resolve.corpa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2070, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cristianocosta.me"; dns.query; content:"cristianocosta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2071, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.ddns.me"; dns.query; content:"mydns.ddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2072, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emmmmm.me"; dns.query; content:"emmmmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2073, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.g-s-a.me"; dns.query; content:"vpn.g-s-a.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2074, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sm5q237c0.g666gle.me"; dns.query; content:"sm5q237c0.g666gle.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2075, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.geili.me"; dns.query; content:"adg.geili.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2076, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.me"; dns.query; content:"ns.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2077, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.me"; dns.query; content:"ns1.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2078, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.me"; dns.query; content:"ns2.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2079, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.hker.me"; dns.query; content:"jpdns.hker.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2080, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yory2cave.hopto.me"; dns.query; content:"yory2cave.hopto.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2081, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huas.me"; dns.query; content:"dns.huas.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2082, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.johndave.me"; dns.query; content:"adguard.johndave.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2083, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.johnwick.me"; dns.query; content:"ad.johnwick.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2084, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.josephyap.me"; dns.query; content:"agh.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2085, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kostydenis.me"; dns.query; content:"dns.kostydenis.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2086, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.kostydenis.me"; dns.query; content:"dns1.kostydenis.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2087, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mastergad.me"; dns.query; content:"mastergad.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2088, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.myddns.me"; dns.query; content:"adguard-home.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2089, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.me"; dns.query; content:"nilanjan.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2090, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oculta.me"; dns.query; content:"oculta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2091, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privpn.me"; dns.query; content:"privpn.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2092, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redroot.me"; dns.query; content:"dns.redroot.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2093, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.richoux.me"; dns.query; content:"adguard.richoux.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2094, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rjls.me"; dns.query; content:"dns.rjls.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2095, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.root.me"; dns.query; content:"dns.root.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2096, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f1.dns.s3cure.me"; dns.query; content:"f1.dns.s3cure.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2097, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.stevenfamy.me"; dns.query; content:"adguard.stevenfamy.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2098, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bucheli.synology.me"; dns.query; content:"bucheli.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2099, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2100, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serveur-yan.synology.me"; dns.query; content:"serveur-yan.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2101, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for siddeus.synology.me"; dns.query; content:"siddeus.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2102, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for woalongit.synology.me"; dns.query; content:"woalongit.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2103, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tb4.me"; dns.query; content:"dns.tb4.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2104, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timboeh.me"; dns.query; content:"dns.timboeh.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2105, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vinc.me"; dns.query; content:"dns2.vinc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2106, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.wewa.me"; dns.query; content:"dns02.wewa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2107, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xydustc.me"; dns.query; content:"dns.xydustc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2108, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yujular.me"; dns.query; content:"yujular.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2109, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wdnts.ml"; dns.query; content:"dns.wdnts.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2110, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arad.mobi"; dns.query; content:"dns.arad.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27992111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2111, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cxl.moe"; dns.query; content:"dns.cxl.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2112, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for naganohara-yoimiya.momokko.moe"; dns.query; content:"naganohara-yoimiya.momokko.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2113, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dns.noridev.moe"; dns.query; content:"2.dns.noridev.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2114, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ota.moe"; dns.query; content:"adguard.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2115, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.ota.moe"; dns.query; content:"adguard2.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2116, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard3.ota.moe"; dns.query; content:"adguard3.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2117, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard4.ota.moe"; dns.query; content:"adguard4.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2118, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.jazz-gheychi.monster"; dns.query; content:"doh.jazz-gheychi.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27992119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2119, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaguthu.mv"; dns.query; content:"dns.vaguthu.mv"; nocase; fast_pattern; classtype:bad-unknown; sid:27992120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2120, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.1899.com.mx"; dns.query; content:"ns1.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2121, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.1899.com.mx"; dns.query; content:"ns2.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2122, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.securifi.com.my"; dns.query; content:"cloud.securifi.com.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27992123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2123, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bh.wael.name"; dns.query; content:"bh.wael.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2124, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3dcapitaltrust.net"; dns.query; content:"dns.3dcapitaltrust.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2125, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ive.net"; dns.query; content:"dns.5ive.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2126, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv1.8ws.net"; dns.query; content:"arches-srv1.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2127, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv2.8ws.net"; dns.query; content:"arches-srv2.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2128, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outie.8ws.net"; dns.query; content:"outie.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2129, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outiejr.8ws.net"; dns.query; content:"outiejr.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2130, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.airns.net"; dns.query; content:"dns.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl-noads.alekberg.net"; dns.query; content:"dnsnl-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2132, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diskstation.alexpollard.net"; dns.query; content:"diskstation.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2133, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for management.alexpollard.net"; dns.query; content:"management.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.amscenter.net"; dns.query; content:"adguard.amscenter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2135, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for augandnap.arandomdomain.net"; dns.query; content:"augandnap.arandomdomain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2136, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.as203038.net"; dns.query; content:"resolver.as203038.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2137, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon-dns.bitdefender.net"; dns.query; content:"lon-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2138, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brionesserver.net"; dns.query; content:"dns.brionesserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2139, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chancecallahan.net"; dns.query; content:"adguard.chancecallahan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2140, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome.charleschan.net"; dns.query; content:"adghome.charleschan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2141, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-us1.cloudmini.net"; dns.query; content:"adguard-us1.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2142, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-us2.cloudmini.net"; dns.query; content:"adguard-us2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2143, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-vn1.cloudmini.net"; dns.query; content:"adguard-vn1.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2144, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.cloudmini.net"; dns.query; content:"adguard2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2145, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itsec.crolla.net"; dns.query; content:"dns.itsec.crolla.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2146, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cubesworld.net"; dns.query; content:"dns.cubesworld.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2147, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cybrespace.net"; dns.query; content:"dns2.cybrespace.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2148, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cylee.net"; dns.query; content:"cylee.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2149, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.danamas.net"; dns.query; content:"dns.danamas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2150, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for logs.danamas.net"; dns.query; content:"logs.danamas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2151, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.daryllswer.net"; dns.query; content:"pi.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2152, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daverotaquio.net"; dns.query; content:"daverotaquio.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2153, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsfree.ddns.net"; dns.query; content:"adsfree.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2154, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81.ddns.net"; dns.query; content:"an81.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2155, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for archie-vps.ddns.net"; dns.query; content:"archie-vps.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2156, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batshitcrazy.ddns.net"; dns.query; content:"batshitcrazy.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2157, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bovat.ddns.net"; dns.query; content:"bovat.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2158, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for casapi4.ddns.net"; dns.query; content:"casapi4.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2159, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gmf2.ddns.net"; dns.query; content:"gmf2.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2160, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for huynh0201.ddns.net"; dns.query; content:"huynh0201.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2161, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leochen-dns.ddns.net"; dns.query; content:"leochen-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2162, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mzs1.ddns.net"; dns.query; content:"mzs1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2163, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicknarayong.ddns.net"; dns.query; content:"nicknarayong.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2164, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicktruehome.ddns.net"; dns.query; content:"nicktruehome.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2165, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pccoach.ddns.net"; dns.query; content:"pccoach.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2166, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ppmanu.ddns.net"; dns.query; content:"ppmanu.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2167, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pqh.ddns.net"; dns.query; content:"pqh.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2168, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rinqh.ddns.net"; dns.query; content:"rinqh.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2169, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for robertfenyiner.ddns.net"; dns.query; content:"robertfenyiner.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2170, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sarawut.ddns.net"; dns.query; content:"sarawut.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2171, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seanyan.ddns.net"; dns.query; content:"seanyan.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2172, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thamrin.ddns.net"; dns.query; content:"thamrin.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2173, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for towman.ddns.net"; dns.query; content:"towman.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2174, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for travis90x.ddns.net"; dns.query; content:"travis90x.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2175, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trytackle.ddns.net"; dns.query; content:"trytackle.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2176, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wanam.ddns.net"; dns.query; content:"wanam.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2177, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zoopark-vpn.ddns.net"; dns.query; content:"zoopark-vpn.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2178, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rennes.despagne.net"; dns.query; content:"adguard.rennes.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2179, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.isp.dhoho.net"; dns.query; content:"dns.isp.dhoho.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2180, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quangdo92.dynu.net"; dns.query; content:"quangdo92.dynu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2181, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 52bhn.dynv6.net"; dns.query; content:"52bhn.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2182, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nasiron.dynv6.net"; dns.query; content:"nasiron.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2183, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.elecura.net"; dns.query; content:"pdns.elecura.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2184, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.enderblocks.net"; dns.query; content:"dns.enderblocks.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2185, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fanscloud.net"; dns.query; content:"fanscloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2186, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.fanscloud.net"; dns.query; content:"www.fanscloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2187, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for faradns.net"; dns.query; content:"faradns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2188, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fija-web.net"; dns.query; content:"adguard.fija-web.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2189, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hempfoundation.net"; dns.query; content:"dns.hempfoundation.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2190, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isolacje.homeip.net"; dns.query; content:"isolacje.homeip.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2191, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.hosting-cloud.net"; dns.query; content:"resolver1.hosting-cloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2192, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.hosting-cloud.net"; dns.query; content:"resolver2.hosting-cloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2193, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iblockads.net"; dns.query; content:"dns.iblockads.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2194, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green2.jnraptor.net"; dns.query; content:"green2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2195, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green3.jnraptor.net"; dns.query; content:"green3.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2196, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green4.jnraptor.net"; dns.query; content:"green4.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2197, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi4.jnraptor.net"; dns.query; content:"pi4.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2198, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps1.jnraptor.net"; dns.query; content:"vps1.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2199, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps2.jnraptor.net"; dns.query; content:"vps2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2200, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2201, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.just-hosting.net"; dns.query; content:"dns.just-hosting.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2202, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kozich.net"; dns.query; content:"dns.kozich.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2203, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.kreonet.net"; dns.query; content:"adns.kreonet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2204, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-eu.landgame.net"; dns.query; content:"ads-eu.landgame.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2205, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.leadmon.net"; dns.query; content:"adguard2.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2206, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgaurd.lingmont.net"; dns.query; content:"adgaurd.lingmont.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2207, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mega-marimo.net"; dns.query; content:"dns.mega-marimo.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2208, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonwx.net"; dns.query; content:"dns.moonwx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2209, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker.zhczax50pzofm4g4.myfritz.net"; dns.query; content:"docker.zhczax50pzofm4g4.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2210, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-dub-w-f-2.nashkan.net"; dns.query; content:"ae-dub-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2211, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-dub-w-p-1.nashkan.net"; dns.query; content:"ae-dub-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2212, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-1.nashkan.net"; dns.query; content:"ae-fuj-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2213, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-2.nashkan.net"; dns.query; content:"ae-fuj-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2214, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-3.nashkan.net"; dns.query; content:"ae-fuj-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2215, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-4.nashkan.net"; dns.query; content:"ae-fuj-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2216, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-2.nashkan.net"; dns.query; content:"ae-fuj-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2217, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-3.nashkan.net"; dns.query; content:"ae-fuj-w-p-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2218, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at-wie-w-2.nashkan.net"; dns.query; content:"at-wie-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2219, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at-wie-w-p-1.nashkan.net"; dns.query; content:"at-wie-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2220, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-2.nashkan.net"; dns.query; content:"au-syd-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2221, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-3.nashkan.net"; dns.query; content:"au-syd-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2222, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-p-1.nashkan.net"; dns.query; content:"au-syd-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2223, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-p-2.nashkan.net"; dns.query; content:"au-syd-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2224, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bg-sof-w-3.nashkan.net"; dns.query; content:"bg-sof-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2225, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-bhs-w-2.nashkan.net"; dns.query; content:"ca-bhs-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2226, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch-zur-w-1.nashkan.net"; dns.query; content:"ch-zur-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2227, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-pra-w-1.nashkan.net"; dns.query; content:"cz-pra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2228, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra-w-p-1.nashkan.net"; dns.query; content:"de-fra-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2229, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-2.nashkan.net"; dns.query; content:"de-fsn-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2230, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-f-1.nashkan.net"; dns.query; content:"de-fsn-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2231, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-f-2.nashkan.net"; dns.query; content:"de-fsn-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2232, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-p-1.nashkan.net"; dns.query; content:"de-fsn-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2233, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dk-cop-w-1.nashkan.net"; dns.query; content:"dk-cop-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2234, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-1.nashkan.net"; dns.query; content:"fi-hel-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2235, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-2.nashkan.net"; dns.query; content:"fi-hel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2236, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-f-2.nashkan.net"; dns.query; content:"fi-hel-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2237, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-p-1.nashkan.net"; dns.query; content:"fi-hel-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2238, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-gra-w-f-1.nashkan.net"; dns.query; content:"fr-gra-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2239, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-gra-w-p-1.nashkan.net"; dns.query; content:"fr-gra-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2240, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-par-w-1.nashkan.net"; dns.query; content:"fr-par-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2241, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-sbg-w-4.nashkan.net"; dns.query; content:"fr-sbg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-bir-w-1.nashkan.net"; dns.query; content:"gb-bir-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2243, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-1.nashkan.net"; dns.query; content:"gb-cov-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2244, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-f-1.nashkan.net"; dns.query; content:"gb-cov-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2245, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-p-1.nashkan.net"; dns.query; content:"gb-cov-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2246, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-1.nashkan.net"; dns.query; content:"gb-lon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2247, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-4.nashkan.net"; dns.query; content:"gb-lon-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2248, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-f-1.nashkan.net"; dns.query; content:"gb-lon-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2249, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-p-1.nashkan.net"; dns.query; content:"gb-lon-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2250, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-p-2.nashkan.net"; dns.query; content:"gb-lon-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2251, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-pon-w-1.nashkan.net"; dns.query; content:"id-pon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2252, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ie-dub-w-1.nashkan.net"; dns.query; content:"ie-dub-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2253, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-pal-w-1.nashkan.net"; dns.query; content:"it-pal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2254, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-1.nashkan.net"; dns.query; content:"jp-tyo-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2255, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-p-1.nashkan.net"; dns.query; content:"jp-tyo-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2256, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kz-alm-w-1.nashkan.net"; dns.query; content:"kz-alm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2257, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kz-pav-w-p-1.nashkan.net"; dns.query; content:"kz-pav-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2258, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-2.nashkan.net"; dns.query; content:"lt-vil-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2259, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-3.nashkan.net"; dns.query; content:"lt-vil-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2260, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv-rig-w-2.nashkan.net"; dns.query; content:"lv-rig-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2261, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams-w-3.nashkan.net"; dns.query; content:"nl-ams-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2262, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-dro-w-f-1.nashkan.net"; dns.query; content:"nl-dro-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2263, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-dro-w-p-1.nashkan.net"; dns.query; content:"nl-dro-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2264, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for no-osl-w-1.nashkan.net"; dns.query; content:"no-osl-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2265, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-1.nashkan.net"; dns.query; content:"pl-waw-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2266, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-2.nashkan.net"; dns.query; content:"pl-waw-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2267, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-f-1.nashkan.net"; dns.query; content:"pl-waw-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2268, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-p-1.nashkan.net"; dns.query; content:"pl-waw-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2269, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps-tel-w-2.nashkan.net"; dns.query; content:"ps-tel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2270, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pt-lis-w-1.nashkan.net"; dns.query; content:"pt-lis-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2271, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-2.nashkan.net"; dns.query; content:"ro-buc-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2272, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-f-1.nashkan.net"; dns.query; content:"ro-buc-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2273, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-p-1.nashkan.net"; dns.query; content:"ro-buc-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2274, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-2.nashkan.net"; dns.query; content:"ru-mos-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2275, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-p-1.nashkan.net"; dns.query; content:"ru-mos-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2276, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for se-sto-w-2.nashkan.net"; dns.query; content:"se-sto-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2277, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-1.nashkan.net"; dns.query; content:"sg-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2278, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-5.nashkan.net"; dns.query; content:"sg-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2279, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-f-1.nashkan.net"; dns.query; content:"sg-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2280, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-p-1.nashkan.net"; dns.query; content:"sg-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2281, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sk-bra-w-1.nashkan.net"; dns.query; content:"sk-bra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2282, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr-ist-w-p-2.nashkan.net"; dns.query; content:"tr-ist-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2283, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ua-kyv-w-1.nashkan.net"; dns.query; content:"ua-kyv-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2284, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ash-w-f-1.nashkan.net"; dns.query; content:"us-ash-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2285, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-2.nashkan.net"; dns.query; content:"us-atl-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2286, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-3.nashkan.net"; dns.query; content:"us-chi-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2287, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-4.nashkan.net"; dns.query; content:"us-chi-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2288, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-p-1.nashkan.net"; dns.query; content:"us-chi-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2289, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-3.nashkan.net"; dns.query; content:"us-dal-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2290, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-4.nashkan.net"; dns.query; content:"us-dal-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-1.nashkan.net"; dns.query; content:"us-den-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2292, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-2.nashkan.net"; dns.query; content:"us-den-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2293, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-hil-w-p-1.nashkan.net"; dns.query; content:"us-hil-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2294, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-1.nashkan.net"; dns.query; content:"us-jac-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2295, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-f-1.nashkan.net"; dns.query; content:"us-jac-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2296, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-p-1.nashkan.net"; dns.query; content:"us-jac-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2297, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-kan-w-f-1.nashkan.net"; dns.query; content:"us-kan-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2298, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-kan-w-p-1.nashkan.net"; dns.query; content:"us-kan-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2299, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-4.nashkan.net"; dns.query; content:"us-la-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2300, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-1.nashkan.net"; dns.query; content:"us-nyc-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2301, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-f-1.nashkan.net"; dns.query; content:"us-nyc-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2302, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-saj-w-f-1.nashkan.net"; dns.query; content:"us-saj-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2303, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-saj-w-p-1.nashkan.net"; dns.query; content:"us-saj-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2304, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-5.nashkan.net"; dns.query; content:"us-sea-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2305, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-6.nashkan.net"; dns.query; content:"us-sea-w-6.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2306, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vn-hcm-w-1.nashkan.net"; dns.query; content:"vn-hcm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2307, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netrve.net"; dns.query; content:"dns.netrve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2308, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-03.new-asgard.net"; dns.query; content:"adguard-03.new-asgard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2309, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nghialele.net"; dns.query; content:"dns.nghialele.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2310, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ocedric.net"; dns.query; content:"dns.ocedric.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2311, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.otezz.net"; dns.query; content:"dns.otezz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2312, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for padermail.net"; dns.query; content:"padermail.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2313, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pioko.net"; dns.query; content:"pioko.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2314, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.qbak.net"; dns.query; content:"home.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2315, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ginnungagap.rabenhain.net"; dns.query; content:"ginnungagap.rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2316, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for richardo.net"; dns.query; content:"richardo.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2317, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.richardo.net"; dns.query; content:"www.richardo.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2318, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.risrdg.net"; dns.query; content:"dns.risrdg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2319, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for samsdns1943.net"; dns.query; content:"samsdns1943.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2320, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarakas.net"; dns.query; content:"dns.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2321, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sarakas.net"; dns.query; content:"dns1.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2322, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sarakas.net"; dns.query; content:"dns2.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2323, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.server-on.net"; dns.query; content:"adguard-home.server-on.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2324, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.servergs.net"; dns.query; content:"dns.servergs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2325, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.siudzinski.net"; dns.query; content:"adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2326, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moto.adg.siudzinski.net"; dns.query; content:"moto.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2327, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sams.adg.siudzinski.net"; dns.query; content:"sams.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2328, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.adg.siudzinski.net"; dns.query; content:"test.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2329, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test2.adg.siudzinski.net"; dns.query; content:"test2.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2330, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test3.adg.siudzinski.net"; dns.query; content:"test3.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2331, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test4.adg.siudzinski.net"; dns.query; content:"test4.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2332, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 001.smallnode.net"; dns.query; content:"001.smallnode.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2333, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smvd.net"; dns.query; content:"dns.smvd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2334, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.snow-sugar.net"; dns.query; content:"home.snow-sugar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2335, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myprivityvpn.softether.net"; dns.query; content:"myprivityvpn.softether.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2336, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.som-it.net"; dns.query; content:"adguard.som-it.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2337, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spaceindex.net"; dns.query; content:"adguard.spaceindex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2338, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shieldsup.spearing.net"; dns.query; content:"shieldsup.spearing.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2339, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lajc.sytes.net"; dns.query; content:"lajc.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2340, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vanced.sytes.net"; dns.query; content:"vanced.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2341, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virmamp33.sytes.net"; dns.query; content:"virmamp33.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2342, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.taufner.net"; dns.query; content:"adguard.taufner.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2343, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.techrich.net"; dns.query; content:"vps.techrich.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2344, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.srv.tenete.net"; dns.query; content:"agh.srv.tenete.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2345, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tetnet.net"; dns.query; content:"adguard.tetnet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2346, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tigrex.net"; dns.query; content:"adguard.tigrex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2347, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agathe.tobkar.net"; dns.query; content:"agathe.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2348, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgar.tobkar.net"; dns.query; content:"edgar.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2349, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tomitomix.net"; dns.query; content:"dns.tomitomix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2350, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for net.tt6.net"; dns.query; content:"net.tt6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2351, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc2.v8er.net"; dns.query; content:"cc2.v8er.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2352, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zuhause.webteufel.net"; dns.query; content:"zuhause.webteufel.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2353, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resov.wehao.net"; dns.query; content:"resov.wehao.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2354, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlsh.windyvale.net"; dns.query; content:"tlsh.windyvale.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2355, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.wntrmute.net"; dns.query; content:"ag.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 45-76-84-146.colo.xandodigital.net"; dns.query; content:"45-76-84-146.colo.xandodigital.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2357, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yeralin.net"; dns.query; content:"yeralin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2358, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.network"; dns.query; content:"dns.b33.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2359, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for na.phx.adguard.01.joshseveros.network"; dns.query; content:"na.phx.adguard.01.joshseveros.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2360, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.wyss.network"; dns.query; content:"dns1.wyss.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2361, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for next.miao.ninja"; dns.query; content:"next.miao.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27992362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2362, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4ab.nl"; dns.query; content:"dns.4ab.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2363, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adbl-tslagter.nl"; dns.query; content:"adbl-tslagter.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2364, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bagmeijer.nl"; dns.query; content:"dns.bagmeijer.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2365, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.bit-trails.nl"; dns.query; content:"ns1.bit-trails.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2366, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fam-rodenburg.nl"; dns.query; content:"adguard.fam-rodenburg.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2367, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsupstream02.familieberfelo.nl"; dns.query; content:"dnsupstream02.familieberfelo.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2368, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greppie.nl"; dns.query; content:"greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2369, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for laptop001.greppie.nl"; dns.query; content:"laptop001.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2370, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maikel.greppie.nl"; dns.query; content:"maikel.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2371, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smtp.greppie.nl"; dns.query; content:"smtp.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2372, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.greppie.nl"; dns.query; content:"www.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2373, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.herkhof.nl"; dns.query; content:"dns.herkhof.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2374, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad2.heronet.nl"; dns.query; content:"ad2.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2375, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huizegunsing.nl"; dns.query; content:"dns.huizegunsing.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2376, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.infrapod.nl"; dns.query; content:"adguard.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2377, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.infrapod.nl"; dns.query; content:"adguard01.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2378, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.infrapod.nl"; dns.query; content:"adguard02.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2379, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.dns.infrapod.nl"; dns.query; content:"adguard01.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2380, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.dns.infrapod.nl"; dns.query; content:"adguard02.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2381, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipoac.nl"; dns.query; content:"dns.ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2382, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for samsung.dns.joey01245.nl"; dns.query; content:"samsung.dns.joey01245.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2383, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kriswerry.nl"; dns.query; content:"dns.kriswerry.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2384, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikopono.nl"; dns.query; content:"dns.mikopono.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2385, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rwkdwpwsyv48.mikopono.nl"; dns.query; content:"rwkdwpwsyv48.mikopono.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2386, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adf-114.neta.otrofda.nl"; dns.query; content:"adf-114.neta.otrofda.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2387, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.pragmasec.nl"; dns.query; content:"mail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2388, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for new.pragmasec.nl"; dns.query; content:"new.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2389, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.pragmasec.nl"; dns.query; content:"server.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2390, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmeel.pragmasec.nl"; dns.query; content:"webmeel.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rdekuyper.nl"; dns.query; content:"adguard.rdekuyper.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2392, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.renedis.nl"; dns.query; content:"adblock.renedis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2393, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rowdyengeesje.nl"; dns.query; content:"adguard.rowdyengeesje.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2394, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux.sn0w.nl"; dns.query; content:"lux.sn0w.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2395, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tkhome.nl"; dns.query; content:"dns.tkhome.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2396, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tmdproject.nl"; dns.query; content:"adguard.tmdproject.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2397, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.vboekel.nl"; dns.query; content:"server01.vboekel.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2398, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnhellings.nl"; dns.query; content:"vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2399, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpnhellings.nl"; dns.query; content:"www.vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2400, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.adguard.wessels-net.nl"; dns.query; content:"private.adguard.wessels-net.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2401, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clawsucht.nrw"; dns.query; content:"adguard.clawsucht.nrw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2402, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.nu"; dns.query; content:"anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2403, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.nu"; dns.query; content:"deic-lgb.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2404, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.nu"; dns.query; content:"deic-ore.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2405, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.nu"; dns.query; content:"kracon.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2406, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.nu"; dns.query; content:"rgnet-iad.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2407, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.nu"; dns.query; content:"unicast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2408, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for exns1.exalto.nu"; dns.query; content:"exns1.exalto.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2409, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for no-ad.levcloud.cloudns.nz"; dns.query; content:"no-ad.levcloud.cloudns.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2410, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dhemant.observer"; dns.query; content:"dns.dhemant.observer"; nocase; fast_pattern; classtype:bad-unknown; sid:27992411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2411, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bravoc.one"; dns.query; content:"dns.bravoc.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2412, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dadns.one"; dns.query; content:"dadns.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2413, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dohdns.one"; dns.query; content:"doh.dohdns.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2414, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nlname.freecdn.one"; dns.query; content:"nlname.freecdn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2415, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usname.freecdn.one"; dns.query; content:"usname.freecdn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2416, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.iyn.one"; dns.query; content:"ag.iyn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2417, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.karl.one"; dns.query; content:"server01.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2418, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netcat.one"; dns.query; content:"netcat.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2419, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for z.vipit.one"; dns.query; content:"z.vipit.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2420, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vape.ong"; dns.query; content:"adguard.vape.ong"; nocase; fast_pattern; classtype:bad-unknown; sid:27992421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2421, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abdullahabas.online"; dns.query; content:"dns.abdullahabas.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2422, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.bartoszturek.online"; dns.query; content:"dns2.bartoszturek.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2423, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secureadguarddns.charleslondon.online"; dns.query; content:"secureadguarddns.charleslondon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2424, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudbasesolutions.online"; dns.query; content:"cloudbasesolutions.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2425, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.ddnsddns.online"; dns.query; content:"ddns.ddnsddns.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2426, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.delfini.online"; dns.query; content:"vm.delfini.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2427, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.drivearasaka.online"; dns.query; content:"dns.drivearasaka.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2428, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fresh-waffles.online"; dns.query; content:"adguard.fresh-waffles.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2429, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ingenmannsland.online"; dns.query; content:"ingenmannsland.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2430, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.inpssh.online"; dns.query; content:"www.inpssh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2431, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lekdijk.online"; dns.query; content:"lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2432, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdnssrvagh.online"; dns.query; content:"pdnssrvagh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2433, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pdnssrvagh.online"; dns.query; content:"www.pdnssrvagh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2434, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kx.qing-book.online"; dns.query; content:"kx.qing-book.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2435, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shadowart.online"; dns.query; content:"shadowart.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2436, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for swe3.svoim.online"; dns.query; content:"swe3.svoim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2437, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.try-dns.online"; dns.query; content:"ns.try-dns.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2438, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vadim.online"; dns.query; content:"vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2439, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wangziyun.online"; dns.query; content:"adguard.wangziyun.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2440, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.world-vpn.online"; dns.query; content:"dns.world-vpn.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2441, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--2grr3t07h.online"; dns.query; content:"xn--2grr3t07h.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2442, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zamba.online"; dns.query; content:"adguard.zamba.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2443, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.0w0.ooo"; dns.query; content:"d.0w0.ooo"; nocase; fast_pattern; classtype:bad-unknown; sid:27992444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2444, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3jh.org"; dns.query; content:"dns.3jh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2445, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vir.accesscam.org"; dns.query; content:"vir.accesscam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2446, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.acrobyte.org"; dns.query; content:"adg.acrobyte.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2447, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.acrobyte.org"; dns.query; content:"adguard.acrobyte.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2448, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.auffray.org"; dns.query; content:"dns.auffray.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2449, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jujuba.cafuringa.org"; dns.query; content:"jujuba.cafuringa.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2450, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.olivier-raspberrypi.changeip.org"; dns.query; content:"www.olivier-raspberrypi.changeip.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2451, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.demaks.org"; dns.query; content:"adguard.demaks.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2452, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ext.devkon.org"; dns.query; content:"adguard.ext.devkon.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2453, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscity.org"; dns.query; content:"dnscity.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2454, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.dotls.org"; dns.query; content:"admin.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2455, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drwg.org"; dns.query; content:"drwg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2456, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1guard.duckdns.org"; dns.query; content:"ad1guard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2457, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-larssonshus.duckdns.org"; dns.query; content:"adblock-larssonshus.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2458, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghno80443.duckdns.org"; dns.query; content:"adghno80443.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2459, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardcalpena.duckdns.org"; dns.query; content:"adguardcalpena.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2460, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aezadns.duckdns.org"; dns.query; content:"aezadns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2461, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oneplus-10pro.aezadns.duckdns.org"; dns.query; content:"oneplus-10pro.aezadns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2462, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh2lj.duckdns.org"; dns.query; content:"agh2lj.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2463, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpakalpha.duckdns.org"; dns.query; content:"alpakalpha.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2464, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azagramac.duckdns.org"; dns.query; content:"azagramac.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2465, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for baedns.duckdns.org"; dns.query; content:"baedns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2466, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bughome.duckdns.org"; dns.query; content:"bughome.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2467, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bushmancastle.duckdns.org"; dns.query; content:"bushmancastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2468, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cqd.duckdns.org"; dns.query; content:"cqd.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2469, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.deersg.duckdns.org"; dns.query; content:"adguard.deersg.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2470, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derekcastle.duckdns.org"; dns.query; content:"derekcastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2471, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsaguard1.duckdns.org"; dns.query; content:"dnsaguard1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2472, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dorkanddoodle.duckdns.org"; dns.query; content:"dorkanddoodle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2473, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edbit.duckdns.org"; dns.query; content:"edbit.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2474, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edelgard.duckdns.org"; dns.query; content:"edelgard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2475, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ev-goztepe.duckdns.org"; dns.query; content:"ev-goztepe.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2476, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for germvpnguard.duckdns.org"; dns.query; content:"germvpnguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2477, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goitoi.duckdns.org"; dns.query; content:"goitoi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2478, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hooliganska.duckdns.org"; dns.query; content:"hooliganska.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2479, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iofixdns1.duckdns.org"; dns.query; content:"iofixdns1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2480, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iofixdns2.duckdns.org"; dns.query; content:"iofixdns2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2481, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jmarston.duckdns.org"; dns.query; content:"jmarston.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2482, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jonesboyz.duckdns.org"; dns.query; content:"jonesboyz.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2483, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiwifunke.duckdns.org"; dns.query; content:"kiwifunke.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2484, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kolobok2.duckdns.org"; dns.query; content:"kolobok2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2485, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.duckdns.org"; dns.query; content:"lilibox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2486, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for llull.duckdns.org"; dns.query; content:"llull.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2487, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mavrikk.duckdns.org"; dns.query; content:"mavrikk.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2488, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moaz-adguard.duckdns.org"; dns.query; content:"moaz-adguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2489, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nfti.duckdns.org"; dns.query; content:"nfti.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2490, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ninny.duckdns.org"; dns.query; content:"ninny.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2491, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o--o.duckdns.org"; dns.query; content:"o--o.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2492, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcd96.duckdns.org"; dns.query; content:"pcd96.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2493, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pitchforkwaydns.duckdns.org"; dns.query; content:"pitchforkwaydns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for raspberrydoc.duckdns.org"; dns.query; content:"raspberrydoc.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2495, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rlauu.duckdns.org"; dns.query; content:"rlauu.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2496, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sabeendns1.duckdns.org"; dns.query; content:"sabeendns1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2497, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for schiopuoffice.duckdns.org"; dns.query; content:"schiopuoffice.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2498, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for servad.duckdns.org"; dns.query; content:"servad.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2499, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for site-1.duckdns.org"; dns.query; content:"site-1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2500, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for site-2.duckdns.org"; dns.query; content:"site-2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2501, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for site-3.duckdns.org"; dns.query; content:"site-3.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2502, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for staniranon.duckdns.org"; dns.query; content:"staniranon.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2503, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stuxen.duckdns.org"; dns.query; content:"stuxen.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2504, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiliandns.duckdns.org"; dns.query; content:"tiliandns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2505, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for twbak.duckdns.org"; dns.query; content:"twbak.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2506, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-amgr.duckdns.org"; dns.query; content:"vps-amgr.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2507, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for warrier120.duckdns.org"; dns.query; content:"warrier120.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2508, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for workcavestl.duckdns.org"; dns.query; content:"workcavestl.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2509, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.workcavestl.duckdns.org"; dns.query; content:"www.workcavestl.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2510, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-o-x.duckdns.org"; dns.query; content:"x-o-x.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2511, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x861g.duckdns.org"; dns.query; content:"x861g.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2512, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for youdns.duckdns.org"; dns.query; content:"youdns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2513, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhilkalwakurthy.dyndns.org"; dns.query; content:"akhilkalwakurthy.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2514, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsnacho.dyndns.org"; dns.query; content:"nsnacho.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2515, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.electrotm.org"; dns.query; content:"dns.electrotm.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2516, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adblocker.eu.org"; dns.query; content:"dns.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2517, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.adblocker.eu.org"; dns.query; content:"pi.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2518, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.eu.org"; dns.query; content:"adguard-dns.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2519, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifullife.eu.org"; dns.query; content:"beautifullife.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2520, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifullife.eu.org"; dns.query; content:"www.beautifullife.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2521, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifulthings.eu.org"; dns.query; content:"beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2522, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifulthings.eu.org"; dns.query; content:"www.beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2523, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.bliod.eu.org"; dns.query; content:"jp.dns.bliod.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2524, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clic.eu.org"; dns.query; content:"clic.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2525, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudvoid.eu.org"; dns.query; content:"dns.cloudvoid.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2526, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.dns.eban.eu.org"; dns.query; content:"resolver.dns.eban.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2527, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.greenwood.eu.org"; dns.query; content:"doh.greenwood.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2528, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sweethome.in.eu.org"; dns.query; content:"sweethome.in.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2529, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaiser.int.eu.org"; dns.query; content:"kaiser.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2530, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fullaccesstointernet.jp.eu.org"; dns.query; content:"fullaccesstointernet.jp.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2531, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lululu.eu.org"; dns.query; content:"doh.lululu.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2532, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melashri.eu.org"; dns.query; content:"dns.melashri.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2533, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.minetown.eu.org"; dns.query; content:"adguard.minetown.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2534, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v3.passby.eu.org"; dns.query; content:"v3.passby.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2535, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.eu.org"; dns.query; content:"r1bnc.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2536, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sac.rebl.eu.org"; dns.query; content:"dns.sac.rebl.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2537, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sukidayo.eu.org"; dns.query; content:"www.sukidayo.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2538, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tartanbahn.eu.org"; dns.query; content:"tartanbahn.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2539, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thhbdd.eu.org"; dns.query; content:"dns.thhbdd.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2540, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.tt502.eu.org"; dns.query; content:"sg2.tt502.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2541, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yanggan.eu.org"; dns.query; content:"yanggan.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2542, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aydank.freeddns.org"; dns.query; content:"aydank.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2543, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drandrade21.freeddns.org"; dns.query; content:"drandrade21.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2544, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jonathanaugusto.freeddns.org"; dns.query; content:"jonathanaugusto.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2545, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gambini.org"; dns.query; content:"adguard.gambini.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2546, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.fatucloud.gosprout.org"; dns.query; content:"doh.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2547, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.homeanywhere.org"; dns.query; content:"pi.homeanywhere.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2548, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2wired.hopto.org"; dns.query; content:"2wired.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2549, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchunguat.hopto.org"; dns.query; content:"keithchunguat.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2550, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mypihole.hopto.org"; dns.query; content:"mypihole.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2551, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.hytec.org"; dns.query; content:"hkg.hytec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2552, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ur.hytec.org"; dns.query; content:"ur.hytec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2553, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for josephfamily.org"; dns.query; content:"josephfamily.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2554, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lapan.org"; dns.query; content:"dns.lapan.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2555, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.org"; dns.query; content:"adguard.myddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2556, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ninhs.org"; dns.query; content:"dns.ninhs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2557, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.nnip.org"; dns.query; content:"vpn.nnip.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2558, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nocnik.org"; dns.query; content:"adguard.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2559, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.onlyjsmylord.org"; dns.query; content:"d.onlyjsmylord.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2560, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.owlfarm.org"; dns.query; content:"dns.owlfarm.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2561, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for int.ragnvindr.org"; dns.query; content:"int.ragnvindr.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2562, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.resoft.org"; dns.query; content:"dns.resoft.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2563, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scuola.org"; dns.query; content:"dns.scuola.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2564, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homeguard.sleziona.org"; dns.query; content:"homeguard.sleziona.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn5.talesam.org"; dns.query; content:"dn5.talesam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2566, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.teradns.org"; dns.query; content:"au.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2567, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timedns.org"; dns.query; content:"timedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2568, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.timefine.org"; dns.query; content:"ad.timefine.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2569, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akylah.zapto.org"; dns.query; content:"akylah.zapto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2570, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.crobix.ovh"; dns.query; content:"adguard.crobix.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2571, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvs.ovh"; dns.query; content:"dnsvs.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2572, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eliatofani.ovh"; dns.query; content:"eliatofani.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2573, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spyrodragon76.fleuryk.ovh"; dns.query; content:"spyrodragon76.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2574, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.fleuryk.ovh"; dns.query; content:"vps.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2575, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ablock.fuckit.ovh"; dns.query; content:"ablock.fuckit.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2576, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for johnsson.ovh"; dns.query; content:"johnsson.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2577, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mudryi.ovh"; dns.query; content:"dns.mudryi.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2578, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ouate2phoque.ovh"; dns.query; content:"adguard.ouate2phoque.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2579, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.samonte.ovh"; dns.query; content:"adguard.samonte.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2580, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.searom.ovh"; dns.query; content:"adguard.searom.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2581, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ovh"; dns.query; content:"surt.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2582, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.docker.xnj.ovh"; dns.query; content:"adguard.docker.xnj.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2583, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for borisov.page"; dns.query; content:"borisov.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27992584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2584, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kel.pe"; dns.query; content:"doh.kel.pe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2585, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard0808.cloudns.ph"; dns.query; content:"dns.adguard0808.cloudns.ph"; nocase; fast_pattern; classtype:bad-unknown; sid:27992586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2586, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.graphicpoint.pl"; dns.query; content:"cloud.graphicpoint.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2587, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonanon.pl"; dns.query; content:"nonanon.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2588, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nonanon.pl"; dns.query; content:"www.nonanon.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2589, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.api.org.pl"; dns.query; content:"noads.api.org.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2590, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-ovh.pb2004.pl"; dns.query; content:"vps-ovh.pb2004.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2591, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrzypiec.pl"; dns.query; content:"dns.skrzypiec.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2592, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for szyrzyk.pl"; dns.query; content:"szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2593, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.szyrzyk.pl"; dns.query; content:"www.szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2594, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for domeq.waw.pl"; dns.query; content:"domeq.waw.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2595, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghost.pm"; dns.query; content:"dns.ghost.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27992596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2596, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.ghost.pm"; dns.query; content:"eu.ghost.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27992597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2597, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adampowell.pro"; dns.query; content:"adampowell.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2598, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.energized.pro"; dns.query; content:"dns.energized.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2599, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.lab321.pro"; dns.query; content:"ns1.lab321.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2600, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.app.sabino.pro"; dns.query; content:"adguard.app.sabino.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2601, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.pro"; dns.query; content:"sdns.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2602, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vpcore.pro"; dns.query; content:"dns2.vpcore.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2603, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl01.dnscry.pt"; dns.query; content:"adl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2604, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akl01.dnscry.pt"; dns.query; content:"akl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2605, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bud01.dnscry.pt"; dns.query; content:"bud01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2606, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for den01.dnscry.pt"; dns.query; content:"den01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2607, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eyg01.dnscry.pt"; dns.query; content:"eyg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2608, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fet01.dnscry.pt"; dns.query; content:"fet01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2609, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fnt01.dnscry.pt"; dns.query; content:"fnt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2610, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gva01.dnscry.pt"; dns.query; content:"gva01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hel01.dnscry.pt"; dns.query; content:"hel01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2612, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg02.dnscry.pt"; dns.query; content:"hkg02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2613, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hrk01.dnscry.pt"; dns.query; content:"hrk01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2614, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iev01.dnscry.pt"; dns.query; content:"iev01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2615, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ist01.dnscry.pt"; dns.query; content:"ist01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2616, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkt01.dnscry.pt"; dns.query; content:"jkt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2617, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lim01.dnscry.pt"; dns.query; content:"lim01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2618, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for los01.dnscry.pt"; dns.query; content:"los01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2619, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mci01.dnscry.pt"; dns.query; content:"mci01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2620, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mil01.dnscry.pt"; dns.query; content:"mil01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2621, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mru01.dnscry.pt"; dns.query; content:"mru01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2622, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nue01.dnscry.pt"; dns.query; content:"nue01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2623, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for omr01.dnscry.pt"; dns.query; content:"omr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2624, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ott01.dnscry.pt"; dns.query; content:"ott01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2625, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for par01.dnscry.pt"; dns.query; content:"par01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2626, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ped01.dnscry.pt"; dns.query; content:"ped01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2627, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rix01.dnscry.pt"; dns.query; content:"rix01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2628, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sea01.dnscry.pt"; dns.query; content:"sea01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2629, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin02.dnscry.pt"; dns.query; content:"sin02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2630, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sjc01.dnscry.pt"; dns.query; content:"sjc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2631, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tsm01.dnscry.pt"; dns.query; content:"tsm01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2632, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo02.dnscry.pt"; dns.query; content:"tyo02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2633, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ymq01.dnscry.pt"; dns.query; content:"ymq01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2634, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyz01.dnscry.pt"; dns.query; content:"yyz01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2635, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iteo.pw"; dns.query; content:"dns.iteo.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2636, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kellys.pw"; dns.query; content:"dns.kellys.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2637, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.meetz.pw"; dns.query; content:"doh.meetz.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2638, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for redsea.meetz.pw"; dns.query; content:"redsea.meetz.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2639, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sv3.minhduc.pw"; dns.query; content:"sv3.minhduc.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2640, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for craft.vps.pw"; dns.query; content:"craft.vps.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2641, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.labar.re"; dns.query; content:"dns.labar.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27992642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2642, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gcptw.minko.ren"; dns.query; content:"gcptw.minko.ren"; nocase; fast_pattern; classtype:bad-unknown; sid:27992643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2643, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.linux.repair"; dns.query; content:"ag.linux.repair"; nocase; fast_pattern; classtype:bad-unknown; sid:27992644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2644, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for socolov.home.ro"; dns.query; content:"socolov.home.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2645, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloud.ionutl.ro"; dns.query; content:"dns.cloud.ionutl.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2646, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdata.ro"; dns.query; content:"dns.itdata.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2647, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.venovedo.ro"; dns.query; content:"noads.venovedo.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2648, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vik.ro"; dns.query; content:"vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2649, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vik.ro"; dns.query; content:"adguard.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2650, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vik-ios.adguard.vik.ro"; dns.query; content:"vik-ios.adguard.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2651, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.vik.ro"; dns.query; content:"mail.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2652, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.vik.ro"; dns.query; content:"ns.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2653, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vik-ios.vik.ro"; dns.query; content:"vik-ios.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2654, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vik.ro"; dns.query; content:"www.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2655, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.rocks"; dns.query; content:"nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27992656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2656, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nilanjan.rocks"; dns.query; content:"www.nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27992657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2657, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.onlinetools.rocks"; dns.query; content:"adns.onlinetools.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27992658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2658, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kirov.v6.rocks"; dns.query; content:"kirov.v6.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27992659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2659, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 51576162.ru"; dns.query; content:"51576162.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2660, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-passage.9273082020.ru"; dns.query; content:"de-passage.9273082020.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2661, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abppro.ru"; dns.query; content:"dns.abppro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2662, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for link.altapo.ru"; dns.query; content:"link.altapo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2663, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81dns.ru"; dns.query; content:"an81dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2664, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for angrysky.ru"; dns.query; content:"angrysky.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2665, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aridia.ru"; dns.query; content:"aridia.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2666, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for node3.b4el.ru"; dns.query; content:"node3.b4el.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2667, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.blackrandcrf.ru"; dns.query; content:"dns1.blackrandcrf.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2668, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cpux.ru"; dns.query; content:"cpux.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2669, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cpux.ru"; dns.query; content:"dns.cpux.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2670, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3vy.ru"; dns.query; content:"d3vy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2671, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dehb.ru"; dns.query; content:"adguard.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2672, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for audio.dehb.ru"; dns.query; content:"audio.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2673, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for contacts.dehb.ru"; dns.query; content:"contacts.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2674, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.dehb.ru"; dns.query; content:"nas.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2675, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for note.dehb.ru"; dns.query; content:"note.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2676, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surve.dehb.ru"; dns.query; content:"surve.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2677, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dehb.ru"; dns.query; content:"www.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2678, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.delitarus.ru"; dns.query; content:"dns.delitarus.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2679, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-adguard.ru"; dns.query; content:"dns-adguard.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2680, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for domen-dns.ru"; dns.query; content:"domen-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2681, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.engineer-lib.ru"; dns.query; content:"dns.engineer-lib.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2682, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fihch.ru"; dns.query; content:"adguard.fihch.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2683, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.geets.ru"; dns.query; content:"dns.geets.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2684, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.geshido.ru"; dns.query; content:"vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2685, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roma.vpn.geshido.ru"; dns.query; content:"roma.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2686, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for graveofhope.ru"; dns.query; content:"graveofhope.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2687, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gt500.ru"; dns.query; content:"dns.gt500.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2688, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.helpdesk38.ru"; dns.query; content:"adguard.helpdesk38.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2689, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.henek.ru"; dns.query; content:"dns.henek.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2690, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1552270.hosted-by-vdsina.ru"; dns.query; content:"v1552270.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2691, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i-puppy.ru"; dns.query; content:"i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2692, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.i-puppy.ru"; dns.query; content:"dns2.i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2693, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ec.i-puppy.ru"; dns.query; content:"ec.i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2694, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru.i-puppy.ru"; dns.query; content:"ru.i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2695, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fb.i81.ru"; dns.query; content:"fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2696, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fb.i81.ru"; dns.query; content:"dns.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2697, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hr.i81.ru"; dns.query; content:"hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2698, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.hr.i81.ru"; dns.query; content:"alisa.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2699, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.hr.i81.ru"; dns.query; content:"amigo.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2700, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hr.i81.ru"; dns.query; content:"dns.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2701, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.hr.i81.ru"; dns.query; content:"filya.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2702, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.hr.i81.ru"; dns.query; content:"igor.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2703, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.hr.i81.ru"; dns.query; content:"kotys.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2704, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.hr.i81.ru"; dns.query; content:"lena.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2705, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.hr.i81.ru"; dns.query; content:"luba.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2706, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.hr.i81.ru"; dns.query; content:"olga.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2707, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.hr.i81.ru"; dns.query; content:"vasya.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2708, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.hr.i81.ru"; dns.query; content:"vova.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2709, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.hr.i81.ru"; dns.query; content:"vovale.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2710, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.hr.i81.ru"; dns.query; content:"win10virtual.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2711, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.px.i81.ru"; dns.query; content:"amigo.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2712, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derevnya.px.i81.ru"; dns.query; content:"derevnya.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2713, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.px.i81.ru"; dns.query; content:"home.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2714, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vd.i81.ru"; dns.query; content:"alisa.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2715, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vd.i81.ru"; dns.query; content:"amigo.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2716, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vd.i81.ru"; dns.query; content:"dns.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2717, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.vd.i81.ru"; dns.query; content:"filya.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2718, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vd.i81.ru"; dns.query; content:"igor.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2719, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vd.i81.ru"; dns.query; content:"kotys.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2720, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.vd.i81.ru"; dns.query; content:"lena.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2721, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vd.i81.ru"; dns.query; content:"luba.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2722, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vd.i81.ru"; dns.query; content:"olga.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2723, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.vd.i81.ru"; dns.query; content:"vasya.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2724, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vd.i81.ru"; dns.query; content:"vova.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2725, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.vd.i81.ru"; dns.query; content:"vovale.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2726, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.vd.i81.ru"; dns.query; content:"win10virtual.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2727, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.i81.ru"; dns.query; content:"vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2728, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vpn.i81.ru"; dns.query; content:"alisa.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2729, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vpn.i81.ru"; dns.query; content:"amigo.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2730, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vpn.i81.ru"; dns.query; content:"dns.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2731, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.vpn.i81.ru"; dns.query; content:"filya.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2732, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vpn.i81.ru"; dns.query; content:"igor.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2733, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vpn.i81.ru"; dns.query; content:"kotys.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2734, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.vpn.i81.ru"; dns.query; content:"lena.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2735, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vpn.i81.ru"; dns.query; content:"luba.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2736, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vpn.i81.ru"; dns.query; content:"olga.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2737, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.vpn.i81.ru"; dns.query; content:"vasya.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2738, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vpn.i81.ru"; dns.query; content:"vova.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2739, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.vpn.i81.ru"; dns.query; content:"vovale.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2740, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.vpn.i81.ru"; dns.query; content:"win10virtual.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2741, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sec.iamninja.ru"; dns.query; content:"sec.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2742, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ithg.ru"; dns.query; content:"dns.ithg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2743, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for itlikehell.ru"; dns.query; content:"itlikehell.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2744, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itnetpass.ru"; dns.query; content:"dns.itnetpass.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2745, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fvpn.jarvishome.ru"; dns.query; content:"fvpn.jarvishome.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2746, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.jmarkin.ru"; dns.query; content:"vps.jmarkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2747, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.k-likhachev.ru"; dns.query; content:"adguard.k-likhachev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2748, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kirnet.ru"; dns.query; content:"kirnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2749, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kondrcloud.ru"; dns.query; content:"www.kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2750, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ksedns.ru"; dns.query; content:"ksedns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2751, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.landerbrauver.ru"; dns.query; content:"proxy.landerbrauver.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2752, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.lolg.ru"; dns.query; content:"a.lolg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2753, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for malanser.ru"; dns.query; content:"malanser.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2754, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malanser.ru"; dns.query; content:"dns.malanser.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2755, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mdxl.ru"; dns.query; content:"mdxl.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2756, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.midjrney.ru"; dns.query; content:"vpn.midjrney.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2757, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrfrost475.ru"; dns.query; content:"dns.mrfrost475.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2758, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrzbcli.ru"; dns.query; content:"dns.mrzbcli.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2759, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bacer.msk.ru"; dns.query; content:"bacer.msk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2760, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for door.plasmadancer.ru"; dns.query; content:"door.plasmadancer.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2761, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pukanuragan.ru"; dns.query; content:"pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2762, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wir.rbs-net.ru"; dns.query; content:"wir.rbs-net.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2763, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.rock-review.ru"; dns.query; content:"1.rock-review.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2764, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rshtkdn.ru"; dns.query; content:"dns.rshtkdn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2765, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.sakhwow.ru"; dns.query; content:"vpn.sakhwow.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2766, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdvizhkov.ru"; dns.query; content:"sdvizhkov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2767, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marzban.severvpn.ru"; dns.query; content:"marzban.severvpn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2768, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.sinnpro.ru"; dns.query; content:"adhome.sinnpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2769, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.soloanvill.ru"; dns.query; content:"adguard.soloanvill.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2770, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lomoff.spb.ru"; dns.query; content:"lomoff.spb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2771, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sirota.spb.ru"; dns.query; content:"dns.sirota.spb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2772, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssh-storage.ru"; dns.query; content:"ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2773, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ssh-storage.ru"; dns.query; content:"dot.ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2774, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.systemfall.ru"; dns.query; content:"ad.systemfall.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2775, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.tardishost.ru"; dns.query; content:"dns0.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2776, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.tardishost.ru"; dns.query; content:"dns1.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2777, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.trifanov-online.ru"; dns.query; content:"dns.trifanov-online.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2778, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trovs.ru"; dns.query; content:"trovs.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2779, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.trovs.ru"; dns.query; content:"www.trovs.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2780, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unvpn.ru"; dns.query; content:"dns.unvpn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2781, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vectorsigma.ru"; dns.query; content:"dns.vectorsigma.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2782, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vk09.ru"; dns.query; content:"dns.vk09.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2783, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vladpro.ru"; dns.query; content:"vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2784, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vladpro.ru"; dns.query; content:"dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2785, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.vladpro.ru"; dns.query; content:"family.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2786, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matvey.dns.vladpro.ru"; dns.query; content:"matvey.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2787, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nastya.dns.vladpro.ru"; dns.query; content:"nastya.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2788, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.dns.vladpro.ru"; dns.query; content:"noads.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2789, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vlad.dns.vladpro.ru"; dns.query; content:"vlad.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2790, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmok.ru"; dns.query; content:"vmok.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2791, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.woexp.ru"; dns.query; content:"dns.woexp.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2792, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xorlet.ru"; dns.query; content:"doh.xorlet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2793, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27992794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2794, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27992795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2795, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27992796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2796, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m.myspace.sbs"; dns.query; content:"m.myspace.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27992797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2797, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.netmasc.services"; dns.query; content:"adguard.netmasc.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27992798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2798, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for volkens.services"; dns.query; content:"volkens.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27992799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2799, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaye.sh"; dns.query; content:"adguard.jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2800, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-tw.teng.sh"; dns.query; content:"vpn-tw.teng.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2801, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ayasesayuki.shop"; dns.query; content:"ayasesayuki.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27992802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2802, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.marto.si"; dns.query; content:"www.adguard.marto.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27992803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2803, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.doubleatech.site"; dns.query; content:"agh.doubleatech.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2804, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jcdn.site"; dns.query; content:"dns.jcdn.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2805, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kakoito.site"; dns.query; content:"kakoito.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2806, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lwhjszcnzjhz.site"; dns.query; content:"lwhjszcnzjhz.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2807, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ownplace.site"; dns.query; content:"ownplace.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2808, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.paulopinto.site"; dns.query; content:"ad.paulopinto.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2809, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for personal-dns.site"; dns.query; content:"personal-dns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2810, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.personal-dns.site"; dns.query; content:"www.personal-dns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2811, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.s2.shahramv1.site"; dns.query; content:"s1.s2.shahramv1.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2812, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.srijan.site"; dns.query; content:"dns.srijan.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2813, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strangeservercdn.site"; dns.query; content:"strangeservercdn.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2814, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p3k.sk"; dns.query; content:"dns.p3k.sk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2815, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.solutions"; dns.query; content:"arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2816, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.arashi.solutions"; dns.query; content:"adguard.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2817, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for invidious.arashi.solutions"; dns.query; content:"invidious.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2818, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysterium.arashi.solutions"; dns.query; content:"mysterium.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2819, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s3.arashi.solutions"; dns.query; content:"s3.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2820, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s3-api.arashi.solutions"; dns.query; content:"s3-api.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2821, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm1.arashi.solutions"; dns.query; content:"vm1.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2822, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm2.arashi.solutions"; dns.query; content:"vm2.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2823, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wazuh.arashi.solutions"; dns.query; content:"wazuh.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2824, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lupine.solutions"; dns.query; content:"dns.lupine.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2825, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webteufel-it.solutions"; dns.query; content:"webteufel-it.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2826, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nyx.webteufel-it.solutions"; dns.query; content:"nyx.webteufel-it.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27992827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2827, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.0rz.space"; dns.query; content:"1.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2828, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.0rz.space"; dns.query; content:"2.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2829, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antonyfrompnz.space"; dns.query; content:"antonyfrompnz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2830, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cucaracha.space"; dns.query; content:"dns.cucaracha.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2831, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digiultsparrow.space"; dns.query; content:"dns.digiultsparrow.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2832, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isakula.space"; dns.query; content:"isakula.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2833, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jefe.space"; dns.query; content:"jefe.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2834, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.jpr.space"; dns.query; content:"addns.jpr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2835, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kompot.space"; dns.query; content:"home.kompot.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2836, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vegann.space"; dns.query; content:"adguard.vegann.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2837, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gigabyteperseconde.digiaquabndala.store"; dns.query; content:"gigabyteperseconde.digiaquabndala.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27992838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2838, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for node9.servernode.store"; dns.query; content:"node9.servernode.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27992839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2839, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.titan.stream"; dns.query; content:"dns.titan.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27992840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2840, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.bearbob.studio"; dns.query; content:"vpn.bearbob.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27992841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2841, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jianyi.studio"; dns.query; content:"dns.jianyi.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27992842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2842, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigart.su"; dns.query; content:"bigart.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27992843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2843, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gnn.su"; dns.query; content:"gnn.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27992844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2844, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.srs.su"; dns.query; content:"proxy.srs.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27992845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2845, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stdev.su"; dns.query; content:"dns.stdev.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27992846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2846, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ztv.su"; dns.query; content:"ztv.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27992847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2847, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdfasluqoiwuezcvcv.tech"; dns.query; content:"sdfasluqoiwuezcvcv.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2848, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmisch.tech"; dns.query; content:"dns.vmisch.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2849, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.virtualize.technology"; dns.query; content:"dns.virtualize.technology"; nocase; fast_pattern; classtype:bad-unknown; sid:27992850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2850, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.tk"; dns.query; content:"duyyen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2851, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xz.easyfly.tk"; dns.query; content:"xz.easyfly.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2852, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.magic-pics.tk"; dns.query; content:"guard.magic-pics.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2853, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.roadanywhere.tk"; dns.query; content:"i.roadanywhere.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2854, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smirnov.tk"; dns.query; content:"dns.smirnov.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2855, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcore.us.to"; dns.query; content:"mcore.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27992856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2856, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nashi.us.to"; dns.query; content:"dns.nashi.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27992857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2857, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.downloadacar.today"; dns.query; content:"dns.downloadacar.today"; nocase; fast_pattern; classtype:bad-unknown; sid:27992858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2858, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1ee.top"; dns.query; content:"1ee.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2859, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.1ee.top"; dns.query; content:"www.1ee.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2860, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.51st.top"; dns.query; content:"adh.51st.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2861, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.analyticshopsystemblock.top"; dns.query; content:"dns.analyticshopsystemblock.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2862, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sanjosehy.analyticshopsystemblock.top"; dns.query; content:"sanjosehy.analyticshopsystemblock.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2863, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccyykk.top"; dns.query; content:"ccyykk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2864, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for changesmart2024.top"; dns.query; content:"changesmart2024.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2865, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ocp.cincloud.top"; dns.query; content:"ocp.cincloud.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2866, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cinicollerico.top"; dns.query; content:"adguard.cinicollerico.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2867, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.coriolanus.top"; dns.query; content:"adguard.coriolanus.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2868, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssilo.top"; dns.query; content:"dnssilo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2869, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doserver.top"; dns.query; content:"dns.doserver.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2870, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fggdd.top"; dns.query; content:"fggdd.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2871, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.gdie.top"; dns.query; content:"dns1.gdie.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2872, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for harveyhome.top"; dns.query; content:"harveyhome.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2873, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for op.htyweb.top"; dns.query; content:"op.htyweb.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2874, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lboxtv.top"; dns.query; content:"lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2875, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lboxtv.top"; dns.query; content:"www.lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2876, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linlin00.top"; dns.query; content:"dns.linlin00.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2877, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for to.llzz.top"; dns.query; content:"to.llzz.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2878, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.loliconapp.top"; dns.query; content:"an.loliconapp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2879, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bw.marsgo.top"; dns.query; content:"bw.marsgo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2880, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ukns.milangas2.top"; dns.query; content:"ukns.milangas2.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2881, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mocn.top"; dns.query; content:"dns.mocn.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2882, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moesite.top"; dns.query; content:"dns.moesite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2883, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moonbd.top"; dns.query; content:"moonbd.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2884, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.moonbd.top"; dns.query; content:"www.moonbd.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2885, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.murzyn.top"; dns.query; content:"dns.murzyn.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2886, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lifd.mxcc.top"; dns.query; content:"lifd.mxcc.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2887, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nasalife.top"; dns.query; content:"nasalife.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2888, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery.noddos.top"; dns.query; content:"cattery.noddos.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2889, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery2.noddos.top"; dns.query; content:"cattery2.noddos.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2890, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phucbui.top"; dns.query; content:"phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2891, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phucbui.top"; dns.query; content:"dns.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2892, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.phucbui.top"; dns.query; content:"home.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2893, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seedboxhome.phucbui.top"; dns.query; content:"seedboxhome.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2894, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.pyio.top"; dns.query; content:"ad.pyio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2895, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.ravi.top"; dns.query; content:"hk.ravi.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2896, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sakuraknight2024.top"; dns.query; content:"sakuraknight2024.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2897, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seekfor.top"; dns.query; content:"dns.seekfor.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2898, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ymjx.shimmerl.top"; dns.query; content:"ymjx.shimmerl.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2899, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.srch.top"; dns.query; content:"s1.srch.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2900, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for remote.sufly.top"; dns.query; content:"remote.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2901, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for terminalpower.top"; dns.query; content:"terminalpower.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2902, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.weleven.top"; dns.query; content:"doh.weleven.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2903, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh.why4free.top"; dns.query; content:"bwh.why4free.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2904, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xhol.top"; dns.query; content:"xhol.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2905, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.xiaofuc.top"; dns.query; content:"ddd.xiaofuc.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2906, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yingroad.top"; dns.query; content:"dns.yingroad.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2907, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ykwbai.top"; dns.query; content:"dns.ykwbai.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2908, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyaan.top"; dns.query; content:"dns.yyaan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2909, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zulkas.top"; dns.query; content:"zulkas.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2910, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guardhome.fatihkuyuk.com.tr"; dns.query; content:"guardhome.fatihkuyuk.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2911, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atelier.alica.idv.tw"; dns.query; content:"atelier.alica.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2912, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloud-chen.idv.tw"; dns.query; content:"adguard.cloud-chen.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2913, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cyliu.idv.tw"; dns.query; content:"cyliu.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2914, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dreamworker.idv.tw"; dns.query; content:"dns.dreamworker.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2915, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fc.idv.tw"; dns.query; content:"dns.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2916, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.fc.idv.tw"; dns.query; content:"home.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2917, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.jackyhou.idv.tw"; dns.query; content:"tls.jackyhou.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2918, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qaz.tw"; dns.query; content:"qaz.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2919, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.yps.tw"; dns.query; content:"guard.yps.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2920, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for host94.rheingold.com.ua"; dns.query; content:"host94.rheingold.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2921, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-server.pp.ua"; dns.query; content:"adguard-server.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2922, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.alpo.pp.ua"; dns.query; content:"2.alpo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2923, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for angry.pp.ua"; dns.query; content:"angry.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2924, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gauss.pp.ua"; dns.query; content:"gauss.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2925, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.pp.ua"; dns.query; content:"guard.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2926, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mlxysf.pp.ua"; dns.query; content:"dns.mlxysf.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2927, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opi.pp.ua"; dns.query; content:"ns2.opi.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2928, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pad3w.pp.ua"; dns.query; content:"pad3w.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2929, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for prysiazhniuk.pp.ua"; dns.query; content:"prysiazhniuk.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2930, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.sdu.pp.ua"; dns.query; content:"dns01.sdu.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2931, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syre.pp.ua"; dns.query; content:"syre.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2932, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tarni.pp.ua"; dns.query; content:"tarni.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2933, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.local.v.ua"; dns.query; content:"id.local.v.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2934, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.airmaxcloud.uk"; dns.query; content:"dns.airmaxcloud.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anhphamhn82.uk"; dns.query; content:"anhphamhn82.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2936, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.camn.uk"; dns.query; content:"adguard.camn.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2937, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chaosen3.co.uk"; dns.query; content:"dns.chaosen3.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2938, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.discounthost.co.uk"; dns.query; content:"adguard.discounthost.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2939, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2940, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.lumusimc.co.uk"; dns.query; content:"guard.lumusimc.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2941, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.norvrandt.co.uk"; dns.query; content:"home.norvrandt.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2942, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nzxti5.co.uk"; dns.query; content:"dns.nzxti5.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2943, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.understandingcyber.co.uk"; dns.query; content:"dns1.understandingcyber.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2944, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.walshnet.co.uk"; dns.query; content:"dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2945, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for augne.dns.walshnet.co.uk"; dns.query; content:"augne.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2946, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aviemore.dns.walshnet.co.uk"; dns.query; content:"aviemore.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2947, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bev.dns.walshnet.co.uk"; dns.query; content:"bev.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2948, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dugout.dns.walshnet.co.uk"; dns.query; content:"dugout.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2949, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eamonn.dns.walshnet.co.uk"; dns.query; content:"eamonn.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2950, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eoin.dns.walshnet.co.uk"; dns.query; content:"eoin.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2951, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goshawk22.uk"; dns.query; content:"dns.goshawk22.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2952, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.homedns.uk"; dns.query; content:"admin.homedns.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2953, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hwtwco.uk"; dns.query; content:"dns.hwtwco.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2954, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marcbond.uk"; dns.query; content:"dns.marcbond.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2955, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysuperspace.uk"; dns.query; content:"mysuperspace.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2956, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for teslacoils.org.uk"; dns.query; content:"teslacoils.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2957, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.plaawan.uk"; dns.query; content:"doh.plaawan.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2958, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ple91.uk"; dns.query; content:"dns.ple91.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2959, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.qsos.uk"; dns.query; content:"adguard.qsos.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2960, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zetland.rm-ni.uk"; dns.query; content:"zetland.rm-ni.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2961, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dus.ysbs.uk"; dns.query; content:"dus.ysbs.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2962, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfilter.domotik.us"; dns.query; content:"dnsfilter.domotik.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2963, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.epaphrodit.us"; dns.query; content:"doh.epaphrodit.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2964, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.exitstat.us"; dns.query; content:"dns.exitstat.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2965, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jhangy.us"; dns.query; content:"dns.jhangy.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2966, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strk12-filter.mtbroadband.us"; dns.query; content:"strk12-filter.mtbroadband.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2967, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.palvikt.us"; dns.query; content:"ns.palvikt.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2968, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ro0t.us"; dns.query; content:"adguard.ro0t.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2969, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timkevin.us"; dns.query; content:"dns.timkevin.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2970, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kolyma.uz"; dns.query; content:"dns.kolyma.uz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2971, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nicolas.vip"; dns.query; content:"dns.nicolas.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27992972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2972, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mg.ywdm.vip"; dns.query; content:"mg.ywdm.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27992973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2973, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.aiec.vn"; dns.query; content:"adb.aiec.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2974, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f2-dns.asuzac.com.vn"; dns.query; content:"f2-dns.asuzac.com.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2975, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.nvtai.id.vn"; dns.query; content:"adhome.nvtai.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2976, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.realldz.id.vn"; dns.query; content:"home.realldz.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2977, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rini.id.vn"; dns.query; content:"rini.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2978, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.xiaolingg.io.vn"; dns.query; content:"adguard.xiaolingg.io.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2979, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chungocoai.name.vn"; dns.query; content:"chungocoai.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2980, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.quydang.name.vn"; dns.query; content:"azure.quydang.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2981, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hcm.quydang.name.vn"; dns.query; content:"hcm.quydang.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2982, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyodns.songnguyen.name.vn"; dns.query; content:"tokyodns.songnguyen.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2983, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vaasa.songnguyen.name.vn"; dns.query; content:"vaasa.songnguyen.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2984, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tran.net.vn"; dns.query; content:"tran.net.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2985, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vietdns.vn"; dns.query; content:"dns.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2986, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for larkin.wang"; dns.query; content:"larkin.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27992987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2987, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.res.wang"; dns.query; content:"x.res.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27992988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2988, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wns.watch"; dns.query; content:"dns.wns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2989, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.209.wf"; dns.query; content:"dns.209.wf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2990, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.urology.wiki"; dns.query; content:"www.urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27992991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2991, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for st.flyzhouyc.win"; dns.query; content:"st.flyzhouyc.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2992, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sshub.win"; dns.query; content:"dns.sshub.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.superstefan.win"; dns.query; content:"adguard.superstefan.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2994, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-119.cattery.work"; dns.query; content:"sg-119.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2995, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ord.chriswang.work"; dns.query; content:"dns.ord.chriswang.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2996, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-north.citadelnet.works"; dns.query; content:"adguard-north.citadelnet.works"; nocase; fast_pattern; classtype:bad-unknown; sid:27992997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2997, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.adg.ghostzone.wtf"; dns.query; content:"nl.adg.ghostzone.wtf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2998, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--80aecoigf4aatn.xn--p1ai"; dns.query; content:"xn--80aecoigf4aatn.xn--p1ai"; nocase; fast_pattern; classtype:bad-unknown; sid:27992999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2999, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bing.000036.xyz"; dns.query; content:"bing.000036.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3000, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ss.0001.xyz"; dns.query; content:"ss.0001.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3001, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.010812.xyz"; dns.query; content:"dns.010812.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3002, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.101818.xyz"; dns.query; content:"jp2.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3003, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.101818.xyz"; dns.query; content:"sg.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3004, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.111311.xyz"; dns.query; content:"dns.111311.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3005, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 15101844.xyz"; dns.query; content:"15101844.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3006, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.19790307.xyz"; dns.query; content:"vps.19790307.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3007, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.2011101.xyz"; dns.query; content:"adhome.2011101.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3008, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.257053.xyz"; dns.query; content:"ad.257053.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3009, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.263030.xyz"; dns.query; content:"dns2.263030.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3010, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 317252.xyz"; dns.query; content:"317252.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3011, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.344556.xyz"; dns.query; content:"ad.344556.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3012, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xjpdns.354688.xyz"; dns.query; content:"xjpdns.354688.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3013, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.546413.xyz"; dns.query; content:"adguard2.546413.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3014, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwg.559299366.xyz"; dns.query; content:"bwg.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3015, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.710523.xyz"; dns.query; content:"agh.710523.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3016, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.800801.xyz"; dns.query; content:"ad.800801.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3017, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 959818.xyz"; dns.query; content:"959818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3018, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sk.9727158.xyz"; dns.query; content:"sk.9727158.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3019, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpok.996333.xyz"; dns.query; content:"jpok.996333.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3020, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cld.996969.xyz"; dns.query; content:"cld.996969.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3021, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjdns.ajraspi.xyz"; dns.query; content:"rdjdns.ajraspi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3022, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrewnw.xyz"; dns.query; content:"andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3023, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for git.andrewnw.xyz"; dns.query; content:"git.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3024, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.andrewnw.xyz"; dns.query; content:"mail.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3025, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.andrewnw.xyz"; dns.query; content:"www.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3026, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.axiomos.xyz"; dns.query; content:"dns.axiomos.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3027, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluedns.xyz"; dns.query; content:"bluedns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3028, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chanhome.xyz"; dns.query; content:"adguard.chanhome.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3029, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chno.xyz"; dns.query; content:"chno.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3030, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for connectix.xyz"; dns.query; content:"connectix.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3031, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cretu.xyz"; dns.query; content:"dns.cretu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3032, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-jp0.cyhsu.xyz"; dns.query; content:"dns-jp0.cyhsu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3033, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.doh.xyz"; dns.query; content:"www.doh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3034, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dzkeji.xyz"; dns.query; content:"dns.dzkeji.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3035, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.elashri.xyz"; dns.query; content:"adguard.elashri.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3036, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eximpius.xyz"; dns.query; content:"adguard.eximpius.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3037, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f97.xyz"; dns.query; content:"f97.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3038, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fffly.xyz"; dns.query; content:"fffly.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3039, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agent.frankutils.xyz"; dns.query; content:"agent.frankutils.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3040, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.gosami.xyz"; dns.query; content:"vpn.gosami.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3041, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chicago.gtxvpnpro.xyz"; dns.query; content:"chicago.gtxvpnpro.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3042, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2-1.huwenqiang.xyz"; dns.query; content:"v2-1.huwenqiang.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3043, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ibreeze.xyz"; dns.query; content:"dns.ibreeze.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3044, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for go.icoding168.xyz"; dns.query; content:"go.icoding168.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3045, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ime-ingenierias.xyz"; dns.query; content:"ime-ingenierias.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3046, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.itsnooblk.xyz"; dns.query; content:"ddns.itsnooblk.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3047, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itya.xyz"; dns.query; content:"dns.itya.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3048, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jelebruh.xyz"; dns.query; content:"dns.jelebruh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3049, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ds3617xs.jojo1204.xyz"; dns.query; content:"ds3617xs.jojo1204.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3050, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jwhan99.xyz"; dns.query; content:"adguard.jwhan99.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3051, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lifeym.xyz"; dns.query; content:"dns.lifeym.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3052, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nhmt.xyz"; dns.query; content:"dns.nhmt.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3053, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nickcan.xyz"; dns.query; content:"nickcan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3054, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irgrdns.nullapp.xyz"; dns.query; content:"irgrdns.nullapp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3055, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oasg.xyz"; dns.query; content:"dns.oasg.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3056, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for by.paskam.xyz"; dns.query; content:"by.paskam.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3057, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pmoebi.xyz"; dns.query; content:"adguard.pmoebi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3058, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.postoverall.xyz"; dns.query; content:"ns.postoverall.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3059, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aws.razor1911.xyz"; dns.query; content:"aws.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3060, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.razor1911.xyz"; dns.query; content:"azure.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3061, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sainternet.xyz"; dns.query; content:"dns.sainternet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3062, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.servernation.xyz"; dns.query; content:"adguard.servernation.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3063, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.swh123.xyz"; dns.query; content:"adg.swh123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3064, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.twotigers.xyz"; dns.query; content:"adguard.twotigers.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3065, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for killads.vpms.xyz"; dns.query; content:"killads.vpms.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3066, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.x88x.xyz"; dns.query; content:"adguard.x88x.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3067, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.yuki2th.xyz"; dns.query; content:"adguard.yuki2th.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3068, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.zettawize.xyz"; dns.query; content:"dns1.zettawize.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3069, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns1.zettawize.xyz"; dns.query; content:"www.dns1.zettawize.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3070, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.datamatter.co.za"; dns.query; content:"adg.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3071, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adg.datamatter.co.za"; dns.query; content:"www.adg.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3072, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gn-z11.franscois.co.za"; dns.query; content:"gn-z11.franscois.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3073, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nerdytechgeeks.co.za"; dns.query; content:"dns.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3074, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns02.nerdytechgeeks.co.za"; dns.query; content:"ns02.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3075, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neatdns.ustclug.org"; dns.query; content:"neatdns.ustclug.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3076, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for berd.moe"; dns.query; content:"berd.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27993077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3077, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.controld.com"; dns.query; content:"dns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3078, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.vvvglass.com"; dns.query; content:"a.vvvglass.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3079, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a-bld.sys-adm.in"; dns.query; content:"a-bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3080, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bld.sys-adm.in"; dns.query; content:"bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3081, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chewbacca.meganerd.nl"; dns.query; content:"chewbacca.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3082, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ndo.dev"; dns.query; content:"dns.ndo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3083, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wevpn.com"; dns.query; content:"dns.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3084, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-weblock.wevpn.com"; dns.query; content:"dns-weblock.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3085, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iris.woozeno.eu"; dns.query; content:"iris.woozeno.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3086, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irre.li"; dns.query; content:"irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27993087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3087, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.i-evolve.net"; dns.query; content:"ns1.i-evolve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3088, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hshh.org"; dns.query; content:"ns2.hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3089, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puredns.org"; dns.query; content:"puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3090, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1and1-dns.de"; dns.query; content:"1and1-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3091, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 233py.com"; dns.query; content:"233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3092, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.233py.com"; dns.query; content:"doh.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3093, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns.51top.info"; dns.query; content:"alidns.51top.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3094, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.au.ahadns.net"; dns.query; content:"dot.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3095, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns.com"; dns.query; content:"alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3096, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.alidns.com"; dns.query; content:"doh.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3097, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.alidns.com"; dns.query; content:"doh1.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3098, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.alidns.com"; dns.query; content:"public.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3099, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public2.alidns.com"; dns.query; content:"public2.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3100, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public254.alidns.com"; dns.query; content:"public254.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3101, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public99.alidns.com"; dns.query; content:"public99.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3102, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.amonsul.net"; dns.query; content:"doh.amonsul.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3103, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.appliedprivacy.net"; dns.query; content:"dot1.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3104, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.blahdns.com"; dns.query; content:"2.dnscrypt-cert.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3105, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for example.doh.blockerdns.com"; dns.query; content:"example.doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3106, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-dns.com"; dns.query; content:"c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3107, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.captnemo.in"; dns.query; content:"2.dnscrypt-cert.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3108, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for api.cloudflareclient.com"; dns.query; content:"api.cloudflareclient.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3109, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflareresolve.com"; dns.query; content:"cloudflareresolve.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3110, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.crypto.sx"; dns.query; content:"odoh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3111, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.shield-2.dnsbycomodo.com"; dns.query; content:"2.dnscrypt-cert.shield-2.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3112, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asia.dnswarden.com"; dns.query; content:"doh.asia.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3113, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eu.dnswarden.com"; dns.query; content:"doh.eu.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3114, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr1.dnswarden.com"; dns.query; content:"fr1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3115, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg1.dnswarden.com"; dns.query; content:"sg1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3116, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.dnswarden.com"; dns.query; content:"doh.us.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3117, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.ffmuc.net"; dns.query; content:"2.dnscrypt-cert.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3118, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iot-dns.com"; dns.query; content:"iot-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3119, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muxyuji.ru"; dns.query; content:"www.muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3120, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dgca.myds.me"; dns.query; content:"dgca.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3121, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edge.nextdns.io"; dns.query; content:"edge.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3122, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.notjakob.com"; dns.query; content:"dns.notjakob.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3123, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.opendns.com"; dns.query; content:"2.dnscrypt-cert.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3124, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westeu.pi-dns.com"; dns.query; content:"doh.westeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3125, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zxcvb.pp.ua"; dns.query; content:"zxcvb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3126, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.quad9.net"; dns.query; content:"2.dnscrypt-cert.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3127, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rethinkdns.com"; dns.query; content:"rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3128, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitdns.com"; dns.query; content:"sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3129, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unasw.eu"; dns.query; content:"unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3130, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.this.web.id"; dns.query; content:"doh.this.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.browser.yandex.net"; dns.query; content:"2.dnscrypt-cert.browser.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3132, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.family.dns.yandex.ru"; dns.query; content:"secondary.family.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3133, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.dns.yandex.ru"; dns.query; content:"secondary.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zburger.top"; dns.query; content:"zburger.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3135, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaytorr.com"; dns.query; content:"dns.aaytorr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3136, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardh.ga"; dns.query; content:"adguardh.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3137, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.adrianion.eu"; dns.query; content:"dns1.adrianion.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3138, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.afastserver.com"; dns.query; content:"dns2.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3139, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aihe.app"; dns.query; content:"aihe.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27993140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3140, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for airmaxcloud.ml"; dns.query; content:"airmaxcloud.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3141, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ambiya.net"; dns.query; content:"adguard.ambiya.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3142, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.amigo-mgn.ru"; dns.query; content:"dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3143, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.anir0y.in"; dns.query; content:"dot.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3144, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anixlab.com"; dns.query; content:"anixlab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3145, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axaxa.fun"; dns.query; content:"axaxa.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27993146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3146, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azcom.dev"; dns.query; content:"dns.azcom.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3147, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcandrade.ml"; dns.query; content:"bcandrade.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3148, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.bielperes.me"; dns.query; content:"mydns.bielperes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3149, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goga7777777.bissnes.org"; dns.query; content:"goga7777777.bissnes.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3150, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bitteeinbyte.de"; dns.query; content:"adguard.bitteeinbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3151, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluemeda.cf"; dns.query; content:"dns.bluemeda.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3152, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brian-hong.tech"; dns.query; content:"dns.brian-hong.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3153, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdzopi.duckdns.org"; dns.query; content:"cdzopi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3154, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cintra.ml"; dns.query; content:"cintra.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3155, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt-ic-us-adns-001.clearviewtechnology.net"; dns.query; content:"cvt-ic-us-adns-001.clearviewtechnology.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3156, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cossxiu.ga"; dns.query; content:"cossxiu.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3157, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d365.in"; dns.query; content:"dns.d365.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3158, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dtness.com"; dns.query; content:"adguard.dtness.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3159, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dessoi.cloud"; dns.query; content:"adguard.dessoi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3160, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.ikataruto.com"; dns.query; content:"jp.dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3161, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apne1.dns.terumi.club"; dns.query; content:"apne1.dns.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27993162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3162, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9999.duckdns.org"; dns.query; content:"dns9999.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3163, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-tr.dnsflex.com"; dns.query; content:"doh-lb-tr.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3164, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.druta.me"; dns.query; content:"dns.druta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3165, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dutchwhite.nl"; dns.query; content:"dns.dutchwhite.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3166, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ellichua.com"; dns.query; content:"dns.ellichua.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3167, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.duckdns.org"; dns.query; content:"eweyo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3168, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.ml"; dns.query; content:"dnsvps.familiamv.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3169, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.familiamichels.com.br"; dns.query; content:"dns.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3170, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.faze.dev"; dns.query; content:"dns.faze.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3171, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for felipefalcao.me"; dns.query; content:"felipefalcao.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3172, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for findmethedns.info"; dns.query; content:"findmethedns.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3173, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.firestrike-services.de"; dns.query; content:"adguard.firestrike-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mipauns.com"; dns.query; content:"dns.mipauns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3175, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.frece.de"; dns.query; content:"adguard.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3176, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ggrbb.xyz"; dns.query; content:"www.ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3177, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.ga"; dns.query; content:"groupy.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3178, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hafidzradhival.my.id"; dns.query; content:"dns.hafidzradhival.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3179, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgns.harriganhome.ga"; dns.query; content:"hgns.harriganhome.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3180, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.dlinkddns.com"; dns.query; content:"home.dlinkddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3181, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns01.ibytex.systems"; dns.query; content:"muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27993182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3182, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for premiumtier-network.instadart.net"; dns.query; content:"premiumtier-network.instadart.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3183, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for intertop.link"; dns.query; content:"intertop.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3184, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.invisv.com"; dns.query; content:"dns.invisv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3185, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdept.pro"; dns.query; content:"dns.itdept.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3186, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.pigs.eu.org"; dns.query; content:"kr.pigs.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3187, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.josephyap.me"; dns.query; content:"adguard.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3188, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jpjb.net"; dns.query; content:"adguard.jpjb.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3189, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jucker.engineering"; dns.query; content:"dns.jucker.engineering"; nocase; fast_pattern; classtype:bad-unknown; sid:27993190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3190, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.kano.sh"; dns.query; content:"jp.kano.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3191, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for karimdns.com"; dns.query; content:"karimdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3192, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kennethhuang.com"; dns.query; content:"kennethhuang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3193, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.korks.tk"; dns.query; content:"adguard.korks.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3194, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kswro.web.id"; dns.query; content:"kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3195, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.kswro.web.id"; dns.query; content:"safe.kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3196, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lspcr.space"; dns.query; content:"adguard.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3197, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lujiacai.top"; dns.query; content:"doh.lujiacai.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3198, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsserver.mailchan.eu"; dns.query; content:"dnsserver.mailchan.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3199, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malwarelul.download"; dns.query; content:"dns.malwarelul.download"; nocase; fast_pattern; classtype:bad-unknown; sid:27993200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3200, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mgiptvpro.ml"; dns.query; content:"dns.mgiptvpro.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3201, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.cf"; dns.query; content:"adguard.mokocup.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3202, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n-wan.dynv6.net"; dns.query; content:"n-wan.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3203, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas1403.duckdns.org"; dns.query; content:"nas1403.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3204, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opnsource.com.au"; dns.query; content:"dns.opnsource.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27993205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3205, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanos.pleumkungz.com"; dns.query; content:"thanos.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3206, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privilab.net"; dns.query; content:"dns.privilab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3207, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.randomaizer.lentel.ru"; dns.query; content:"adguard.randomaizer.lentel.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3208, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.richardapplegate.io"; dns.query; content:"adguard.richardapplegate.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3209, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjmva.com"; dns.query; content:"rjmva.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3210, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.rouga.ch"; dns.query; content:"adguard-dns.rouga.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27993211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3211, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sagutxustech.com"; dns.query; content:"sagutxustech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3212, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgpcloud.duckdns.org"; dns.query; content:"sgpcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3213, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsho.top"; dns.query; content:"dns.lsho.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3214, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stvsk.ml"; dns.query; content:"dns.stvsk.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3215, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surfshark.com"; dns.query; content:"dns.surfshark.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3216, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ml"; dns.query; content:"surt.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3217, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.techcpu.net"; dns.query; content:"dns.techcpu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3218, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tk31z.com"; dns.query; content:"tk31z.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3219, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlz.asia"; dns.query; content:"tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27993220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3220, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for toaster.lol"; dns.query; content:"toaster.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27993221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3221, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-east.tylerwahl.com"; dns.query; content:"dns-east.tylerwahl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3222, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unixfox.duckdns.org"; dns.query; content:"unixfox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3223, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.vendorvista.xyz"; dns.query; content:"securedns.vendorvista.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3224, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpservice.cf"; dns.query; content:"vpservice.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3225, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vvmm.me"; dns.query; content:"vvmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3226, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.vietdns.vn"; dns.query; content:"kids.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3227, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xthwo.duckdns.org"; dns.query; content:"xthwo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3228, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.yazilimatolye.com"; dns.query; content:"lion.yazilimatolye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3229, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.ga"; dns.query; content:"ychen.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3230, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t2c.240130034.xyz"; dns.query; content:"t2c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3231, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n.3363.net"; dns.query; content:"n.3363.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3232, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.marcrnt.de"; dns.query; content:"home.marcrnt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3233, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 180.0rz.space"; dns.query; content:"180.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27997001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2829, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.ffmuc.net"; dns.query; content:"anycast.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 70 194 3118, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps313.brueggus.de"; dns.query; content:"vps313.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 378, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dyn-ip.borjalopez.eu"; dns.query; content:"dyn-ip.borjalopez.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 765, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.dns.mullvad.net"; dns.query; content:"adblock.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 280, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 94 95, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 90 91, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 19a8b89bb6b2491ca5cccbeb0e84a4c4.pacloudflare.com"; dns.query; content:"19a8b89bb6b2491ca5cccbeb0e84a4c4.pacloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 204, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 92 93, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle2.herry.dev"; dns.query; content:"oracle2.herry.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27997010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1786, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.dns.infrapod.nl"; dns.query; content:"adguard01.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2378, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.dns.infrapod.nl"; dns.query; content:"adguard02.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2379, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tg2a7d4.glddns.com"; dns.query; content:"tg2a7d4.glddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1029, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alex-tools.dev"; dns.query; content:"alex-tools.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27997015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1783, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.solutions"; dns.query; content:"arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27997016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2817 2818 2819 2820 2821 2822 2823 2824, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway.baltes.info"; dns.query; content:"gateway.baltes.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1968, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chanhome.xyz"; dns.query; content:"chanhome.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3029, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dpeddi.myddns.com"; dns.query; content:"dpeddi.myddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 850, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for astra.ender.fr"; dns.query; content:"astra.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 682, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.ext.devkon.org"; dns.query; content:"proxy.ext.devkon.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2453, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for montmorot.duckdns.org"; dns.query; content:"montmorot.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2546, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nlb.gbrossi.com.br"; dns.query; content:"nlb.gbrossi.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27997023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1079, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oko.haneulo.com"; dns.query; content:"oko.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1003, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv-revprox-01.atakorah.com"; dns.query; content:"srv-revprox-01.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1183, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.k-likhachev.ru"; dns.query; content:"vpn.k-likhachev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27997026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2748, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimile.despagne.net"; dns.query; content:"mimile.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 813, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimile.despagne.ovh"; dns.query; content:"mimile.despagne.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27997028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 813, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ora1.nocnik.org"; dns.query; content:"ora1.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2559, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onlyfriends.info"; dns.query; content:"onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 833, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piekacz.pl"; dns.query; content:"piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 840, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for servernation.xyz"; dns.query; content:"servernation.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3063, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc210f4a872c.sn.mynetname.net"; dns.query; content:"cc210f4a872c.sn.mynetname.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2098, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.taufner.net"; dns.query; content:"www.taufner.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2343, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vrehm.fr"; dns.query; content:"vrehm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1891, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmd45200.contabo.wallura.eu"; dns.query; content:"vmd45200.contabo.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1848, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker.youler.com"; dns.query; content:"docker.youler.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1687, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sea-ydmaz-docker.southeastasia.cloudapp.azure.com"; dns.query; content:"sea-ydmaz-docker.southeastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1687, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps326.brueggus.de"; dns.query; content:"vps326.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2604, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.felixf.eu"; dns.query; content:"server.felixf.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1830, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heimdall.ff0x.ca"; dns.query; content:"heimdall.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27997041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 988, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freeside.wntrmute.net"; dns.query; content:"freeside.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps329.brueggus.de"; dns.query; content:"vps329.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2605, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps285.brueggus.de"; dns.query; content:"vps285.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 379, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps303.brueggus.de"; dns.query; content:"vps303.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 710, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for internetsehat.bebasid.com"; dns.query; content:"internetsehat.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 872, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps305.brueggus.de"; dns.query; content:"vps305.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1093, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 77980.bodis.com"; dns.query; content:"77980.bodis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1423 1441 3192, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abstergo.it"; dns.query; content:"abstergo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27997050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 673, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kozak.ujwie.co"; dns.query; content:"kozak.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27997051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1397 1398, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps344.brueggus.de"; dns.query; content:"vps344.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 875, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps322.brueggus.de"; dns.query; content:"vps322.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2606, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1194, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hdf084sqbme.sn.mynetname.net"; dns.query; content:"hdf084sqbme.sn.mynetname.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1458, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 87 132 287 323, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.198.games.cdn.dnsv1.com"; dns.query; content:"cloud.198.games.cdn.dnsv1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 654, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mtdkdhs0.slt.sched.tdnsv8.com"; dns.query; content:"mtdkdhs0.slt.sched.tdnsv8.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 654, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kostek.dyndns.org"; dns.query; content:"kostek.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2587, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tezoi.duckdns.org"; dns.query; content:"tezoi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 810, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps225.brueggus.de"; dns.query; content:"vps225.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 381, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tetra.aeins.at"; dns.query; content:"tetra.aeins.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27997062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 860, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps163.brueggus.de"; dns.query; content:"vps163.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 382, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amd1.sjp.loukky.com"; dns.query; content:"amd1.sjp.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1587, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.loukky.com"; dns.query; content:"kr.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1586, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps333.brueggus.de"; dns.query; content:"vps333.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2607, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alexpollard.synology.me"; dns.query; content:"alexpollard.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2133 2134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra-oracle-1.hosts.dada.li"; dns.query; content:"fra-oracle-1.hosts.dada.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27997068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 600, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.steering.nextdns.io"; dns.query; content:"dns1.steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 206, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pietjacobs.be"; dns.query; content:"dns.pietjacobs.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27997070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 521, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv2.bartoszturek.online"; dns.query; content:"srv2.bartoszturek.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27997071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2423, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br2.lezainski.com"; dns.query; content:"br2.lezainski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1580, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.steering.nextdns.io"; dns.query; content:"dns2.steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 207, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2vps.porteii.com"; dns.query; content:"dns2vps.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1642, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.4-the.win"; dns.query; content:"mail.4-the.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27997075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 601, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdn.airns.net"; dns.query; content:"sdn.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.sdn.airns.net"; dns.query; content:"id.sdn.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.id.sdn.airns.net"; dns.query; content:"1.id.sdn.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elsa.airns.net"; dns.query; content:"elsa.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-prod-alb-194669935.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-prod-alb-194669935.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 298, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for integration.dnsteam.globuscs.info"; dns.query; content:"integration.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-integration-alb-618104398.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-integration-alb-618104398.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for preview.dnsteam.globuscs.info"; dns.query; content:"preview.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-preview-alb-541438575.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-preview-alb-541438575.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2bphvjyj895l0.cloudfront.net"; dns.query; content:"d2bphvjyj895l0.cloudfront.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 301, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sandbox-alb-275183166.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-sandbox-alb-275183166.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 302, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for staging.dnsteam.globuscs.info"; dns.query; content:"staging.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-staging-alb-849259019.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-staging-alb-849259019.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.dnsteam.globuscs.info"; dns.query; content:"test.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-test-alb-2081756747.us-east-1.elb.amazonaws.com"; dns.query; content:"dns-test-alb-2081756747.us-east-1.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maison.auffray.org"; dns.query; content:"maison.auffray.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2449, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon-dns.bitdefender.net"; dns.query; content:"lon-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 343, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.chadeyron.fr"; dns.query; content:"home.chadeyron.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 355, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keeflix.chenu.ch"; dns.query; content:"keeflix.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 356, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 357, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pixie.porkbun.com"; dns.query; content:"pixie.porkbun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 697, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de1.danielnet.eu"; dns.query; content:"de1.danielnet.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1828, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webredir.vip.gandi.net"; dns.query; content:"webredir.vip.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 619, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eddi.usgovtrafficmanager.net"; dns.query; content:"eddi.usgovtrafficmanager.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 779, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oci.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oci.oraclecloud.net"; dns.query; content:"dns.eu-frankfurt-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home-server.exonip.de"; dns.query; content:"home-server.exonip.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1741, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gm-dns-01.southcentralus.azurecontainer.io"; dns.query; content:"gm-dns-01.southcentralus.azurecontainer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3170, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-33e5a7f3.vps.ovh.us"; dns.query; content:"vps-33e5a7f3.vps.ovh.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27997104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 427, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fulgore.fr"; dns.query; content:"fulgore.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1863, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for forum.ginovs.nl"; dns.query; content:"forum.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 643, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hahnjo.de"; dns.query; content:"hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 448, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.haoxuan.xyz"; dns.query; content:"proxy.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 657, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hz1.h.indust.me"; dns.query; content:"hz1.h.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 943, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jianyi.studio"; dns.query; content:"jianyi.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27997110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2842, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orasrv.kellys.pw"; dns.query; content:"orasrv.kellys.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27997111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2637, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27997112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 712, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vultr2.kongjak.com"; dns.query; content:"vultr2.kongjak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1570, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1.lifeym.xyz"; dns.query; content:"v1.lifeym.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3052, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dedicated.lvolland.fr"; dns.query; content:"dedicated.lvolland.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1066, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1599, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for banana.991123.xyz"; dns.query; content:"banana.991123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 782, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for argon.molinero.dev"; dns.query; content:"argon.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27997118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1081, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nerdytechgeeks.co.za"; dns.query; content:"nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27997119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3074, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.neutopia.org"; dns.query; content:"dnstls.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 205, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mtdz.duckdns.org"; dns.query; content:"mtdz.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3053, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ninhs-ai.synology.me"; dns.query; content:"ninhs-ai.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2557, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27997124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 666, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.oryxlabs.com"; dns.query; content:"dns1.oryxlabs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1627, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ovh.panszelescik.pl"; dns.query; content:"ovh.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 514 740, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o.o.ovpn.bond"; dns.query; content:"o.o.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27997127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1096, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ovh.panszelescik.pl"; dns.query; content:"dns-ovh.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 740, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-relay.pesaventofilippo.com"; dns.query; content:"vps-relay.pesaventofilippo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 519, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.porteii.com"; dns.query; content:"dnsvps.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1005, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.ddns.bigqy.eu.org"; dns.query; content:"ddns.ddns.bigqy.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2048, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rin.sh"; dns.query; content:"rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27997133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 536, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for q3i6k7j3.stackpathcdn.com"; dns.query; content:"q3i6k7j3.stackpathcdn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lab.sellan.fr"; dns.query; content:"lab.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 792, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lab-1.sellan.fr"; dns.query; content:"lab-1.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 792, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paimon.sev.monster"; dns.query; content:"paimon.sev.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27997137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1089, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for metis.sheggi.ch"; dns.query; content:"metis.sheggi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 557, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r2s.echotrail.net"; dns.query; content:"r2s.echotrail.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1387, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.spirio.fr"; dns.query; content:"server.spirio.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 566, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kk.sshub.win"; dns.query; content:"kk.sshub.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27997141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.strassmair.org"; dns.query; content:"mail.strassmair.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 568, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for streamsmoke.com"; dns.query; content:"streamsmoke.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1660, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for td-doh.dns.t53.de"; dns.query; content:"td-doh.dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 122, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.tuankhaiit.com"; dns.query; content:"home.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1674, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antidns.s.tuna.tsinghua.edu.cn"; dns.query; content:"antidns.s.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27997146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oci.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oci.oraclecloud.net"; dns.query; content:"dns.uk-london-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hsv.uplenk.com"; dns.query; content:"hsv.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 651, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oci.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oci.oraclecloud.net"; dns.query; content:"dns.us-ashburn-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oci.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 313, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oci.oraclecloud.net"; dns.query; content:"dns.us-phoenix-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 313, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vancrafter.click"; dns.query; content:"vancrafter.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27997154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1344, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gandhico2.duckdns.org"; dns.query; content:"gandhico2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1677, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for master.dns.xieke.org"; dns.query; content:"master.dns.xieke.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2028, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usz.xydustc.me"; dns.query; content:"usz.xydustc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2108, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zyzh20021020.cn.cdn.cloudflare.net"; dns.query; content:"dns.zyzh20021020.cn.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 167, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 169, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.apad.pro.cdn.cloudflare.net"; dns.query; content:"doh.apad.pro.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 412, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc210b36bb9e.sn.mynetname.net"; dns.query; content:"cc210b36bb9e.sn.mynetname.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1930, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13 3113 3114 3115 3116 3117, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cname-for-doh.go-behind.one"; dns.query; content:"cname-for-doh.go-behind.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 650 1291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for auto-cn-hk-8000.go-behind.one"; dns.query; content:"auto-cn-hk-8000.go-behind.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 650 1291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gtm-sg-5r538sziu04.go-behind.one"; dns.query; content:"gtm-sg-5r538sziu04.go-behind.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 650 1291, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnto.bhadrikais.my.id"; dns.query; content:"vpnto.bhadrikais.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27997167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b-ipv4.bhadrikais.my.id"; dns.query; content:"b-ipv4.bhadrikais.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27997168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serverrmha1.ddnsku.my.id"; dns.query; content:"serverrmha1.ddnsku.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27997169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1935, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for radia.bortzmeyer.org"; dns.query; content:"radia.bortzmeyer.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 177, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for static.captnemo.in"; dns.query; content:"static.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27997174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 14, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.corpa.me"; dns.query; content:"resolve.corpa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dmtmpb4btyxdz.cloudfront.net"; dns.query; content:"dmtmpb4btyxdz.cloudfront.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069 2070, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for haswell-www.a.guindehi.ch"; dns.query; content:"haswell-www.a.guindehi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1186, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67 2796, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.gcp.pathofgrace.com"; dns.query; content:"pihole.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 515, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rachel.jeroenhd.nl"; dns.query; content:"rachel.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 970, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsauth1.kooman.org"; dns.query; content:"nsauth1.kooman.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 456, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for redsea.meetz.pw"; dns.query; content:"redsea.meetz.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27997187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2638, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myip.pyry.me"; dns.query; content:"myip.pyry.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 824 1600, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mullvad.net"; dns.query; content:"dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 279, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ntu.ssooss.win"; dns.query; content:"ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27997190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 633, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nukys.ca"; dns.query; content:"nukys.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27997191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1293, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ks1.plop.cc"; dns.query; content:"ks1.plop.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27997192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1318, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 288 1338, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us5.wan.hc7z.com"; dns.query; content:"us5.wan.hc7z.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1139, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 45, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dotdown.netlify.app"; dns.query; content:"dotdown.netlify.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27997198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3144, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27997201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 226, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps311.brueggus.de"; dns.query; content:"vps311.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 770, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps183.brueggus.de"; dns.query; content:"vps183.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1131, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe-west.avastdns.com"; dns.query; content:"europe-west.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 338 1421, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps353.brueggus.de"; dns.query; content:"vps353.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2608, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ningkelle.id"; dns.query; content:"dns.ningkelle.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27997207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1946, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 10787578eb1e4b75adfa6b2a4bdea0b5.pacloudflare.com"; dns.query; content:"10787578eb1e4b75adfa6b2a4bdea0b5.pacloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 491, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps327.brueggus.de"; dns.query; content:"vps327.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2609, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps343.brueggus.de"; dns.query; content:"vps343.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 385, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-fusion.loisy.it"; dns.query; content:"nas-fusion.loisy.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27997212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2019, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps337.brueggus.de"; dns.query; content:"vps337.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2610, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps19.brueggus.de"; dns.query; content:"vps19.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 384, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dff029179c4246e385296ea8de0b8eb8.pacloudflare.com"; dns.query; content:"dff029179c4246e385296ea8de0b8eb8.pacloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 489, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuripe.ccnt.fr"; dns.query; content:"yuripe.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1856 1857, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps301.brueggus.de"; dns.query; content:"vps301.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 398, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.geshido.ru"; dns.query; content:"vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27997219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 726 2686, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rabenhain.net"; dns.query; content:"rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2316, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.95997.ip-ns.net"; dns.query; content:"ns1.95997.ip-ns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3150, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps345.brueggus.de"; dns.query; content:"vps345.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps336.brueggus.de"; dns.query; content:"vps336.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2612, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps307.brueggus.de"; dns.query; content:"vps307.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 843, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps352.brueggus.de"; dns.query; content:"vps352.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2613, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marcrnt.ddnss.de"; dns.query; content:"marcrnt.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3233, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qbak.no-ip.eu"; dns.query; content:"qbak.no-ip.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2315, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for md5mtp4y.fbxos.fr"; dns.query; content:"md5mtp4y.fbxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1877, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for longdz.ddns.net"; dns.query; content:"longdz.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2977, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps347.brueggus.de"; dns.query; content:"vps347.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2614, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for inf-wan.vip.meituan.com"; dns.query; content:"inf-wan.vip.meituan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 868, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu-opush-heytapmobile-pubgw-1244993624.eu-west-3.elb.amazonaws.com"; dns.query; content:"eu-opush-heytapmobile-pubgw-1244993624.eu-west-3.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 672, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps346.brueggus.de"; dns.query; content:"vps346.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2615, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps308.brueggus.de"; dns.query; content:"vps308.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2616, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps356.brueggus.de"; dns.query; content:"vps356.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2617, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps23.brueggus.de"; dns.query; content:"vps23.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1091, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for katherine-cloud-ip02.newcore.cl"; dns.query; content:"katherine-cloud-ip02.newcore.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1342, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps222.brueggus.de"; dns.query; content:"vps222.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1104, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps153.brueggus.de"; dns.query; content:"vps153.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1181, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps32.brueggus.de"; dns.query; content:"vps32.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 388, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps304.brueggus.de"; dns.query; content:"vps304.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 925, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps355.brueggus.de"; dns.query; content:"vps355.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2618, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps300.brueggus.de"; dns.query; content:"vps300.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 386, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps298.brueggus.de"; dns.query; content:"vps298.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 387, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps342.brueggus.de"; dns.query; content:"vps342.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2619, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps281.brueggus.de"; dns.query; content:"vps281.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 644, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for new.pragmasec.nl"; dns.query; content:"new.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2388 2391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.fe2.apple-dns.net"; dns.query; content:"mask-api.fe2.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 658, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.apple-dns.net"; dns.query; content:"mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 291 292, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps357.brueggus.de"; dns.query; content:"vps357.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2620, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps258.brueggus.de"; dns.query; content:"vps258.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 389, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps317.brueggus.de"; dns.query; content:"vps317.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2621, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps349.brueggus.de"; dns.query; content:"vps349.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2622, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps214.brueggus.de"; dns.query; content:"vps214.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 390, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for obportus.ddns.net"; dns.query; content:"obportus.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1873, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps299.brueggus.de"; dns.query; content:"vps299.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 668, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f03a0e2fa9f5.sn.mynetname.net"; dns.query; content:"f03a0e2fa9f5.sn.mynetname.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1244, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.kr"; dns.query; content:"ns1.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2078, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.kr"; dns.query; content:"ns2.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2079, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for triton.data.haus"; dns.query; content:"triton.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27997266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 365, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.kr"; dns.query; content:"ns.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2077, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ii.lov.host"; dns.query; content:"ii.lov.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27997268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1145, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps314.brueggus.de"; dns.query; content:"vps314.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2623, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps257.brueggus.de"; dns.query; content:"vps257.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 391, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps359.brueggus.de"; dns.query; content:"vps359.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2624, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps266.brueggus.de"; dns.query; content:"vps266.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 380, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps325.brueggus.de"; dns.query; content:"vps325.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2625, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps354.brueggus.de"; dns.query; content:"vps354.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2626, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 90c3f3bd03394bebaa20741314cef947.pacloudflare.com"; dns.query; content:"90c3f3bd03394bebaa20741314cef947.pacloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 490, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps309.brueggus.de"; dns.query; content:"vps309.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 878, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps335.brueggus.de"; dns.query; content:"vps335.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2627, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps66.brueggus.de"; dns.query; content:"vps66.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 392, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps132.brueggus.de"; dns.query; content:"vps132.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 393, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.jnraptor.com"; dns.query; content:"sg.jnraptor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2198, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv1.web-mx.eu"; dns.query; content:"srv1.web-mx.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 834, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pub.hsuan.ink.eo.dnse0.com"; dns.query; content:"pub.hsuan.ink.eo.dnse0.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1987, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.dsh.lol"; dns.query; content:"ad.dsh.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27997283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2055, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjcloud.duckdns.org"; dns.query; content:"rdjcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3022, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps03.brueggus.de"; dns.query; content:"vps03.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 383, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm01.eban.eu.org"; dns.query; content:"vm01.eban.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2527, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.as203038.net"; dns.query; content:"resolver.as203038.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1130, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bushido.node.rferee.dev"; dns.query; content:"bushido.node.rferee.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27997289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 836, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.cloudflare-eth.com"; dns.query; content:"resolver.cloudflare-eth.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 585, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps348.brueggus.de"; dns.query; content:"vps348.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2628, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for origin.mikopono.nl"; dns.query; content:"origin.mikopono.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2386, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps297.brueggus.de"; dns.query; content:"vps297.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2629, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.avastdns.com"; dns.query; content:"europe.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 338, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.dns-ga.de"; dns.query; content:"dot.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1727, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps190.brueggus.de"; dns.query; content:"vps190.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 396, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps350.brueggus.de"; dns.query; content:"vps350.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2630, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps341.brueggus.de"; dns.query; content:"vps341.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2631, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps310.brueggus.de"; dns.query; content:"vps310.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 394, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps283.brueggus.de"; dns.query; content:"vps283.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 397, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps294.brueggus.de"; dns.query; content:"vps294.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 399, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps216.brueggus.de"; dns.query; content:"vps216.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 822, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 6e47fb7.online-server.cloud"; dns.query; content:"6e47fb7.online-server.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27997308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 477, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps249.brueggus.de"; dns.query; content:"vps249.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 400, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps312.brueggus.de"; dns.query; content:"vps312.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 401, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps119.brueggus.de"; dns.query; content:"vps119.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 880, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps284.brueggus.de"; dns.query; content:"vps284.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 395, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps334.brueggus.de"; dns.query; content:"vps334.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2632, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps226.brueggus.de"; dns.query; content:"vps226.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 821, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps351.brueggus.de"; dns.query; content:"vps351.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2633, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carioka.dyndns.org"; dns.query; content:"carioka.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1452, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps241.brueggus.de"; dns.query; content:"vps241.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 818, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps221.brueggus.de"; dns.query; content:"vps221.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 715, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps302.brueggus.de"; dns.query; content:"vps302.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 402, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrewnw.xyz"; dns.query; content:"andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3026, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.info"; dns.query; content:"bilidon.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1970, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1971, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chungocoai.name.vn"; dns.query; content:"chungocoai.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27997332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 884, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27997333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1110, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforge.de"; dns.query; content:"dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1728, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xyz"; dns.query; content:"doh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3034, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ecs-auto.fanscloud.net"; dns.query; content:"ecs-auto.fanscloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2187, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1756, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.rocks"; dns.query; content:"nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27997338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2657, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for personal-dns.site"; dns.query; content:"personal-dns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27997339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2811, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1665, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unasw.eu"; dns.query; content:"unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 819, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for urology.wiki"; dns.query; content:"urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27997342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2991, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps338.brueggus.de"; dns.query; content:"vps338.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2634, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps217.brueggus.de"; dns.query; content:"vps217.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1025, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps328.brueggus.de"; dns.query; content:"vps328.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2635, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps252.brueggus.de"; dns.query; content:"vps252.brueggus.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1193, updated_at 2024_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sp1wpdybsw1twq1d.myfritz.net"; dns.query; content:"sp1wpdybsw1twq1d.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2353, updated_at 2024_04_18;)